DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This is in response to Application 16/658508 filed on October 21, 2019 in which Claims 1-20 are presented for examination.

Status of Claims
Claims 1-20 are pending, of which claims 1-20 are rejected under 103. 


Information Disclosure Statement
The information disclosure statement (IDS) was submitted on October 21, 2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  
The information disclosure statement (IDS) was submitted on November 23, 2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1-7, 14-16 and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Herscovitz (US Patent Application 2009/0204845) in view of Wentworth (US Patent Application 2016/0373408 A1).

Claim 1, Herscovtiz teaches a system (View Herscovitz ¶ 31; system), comprising: a memory that stores instructions (View Herscovitz ¶ 31; memory); and a processor that executes the instructions to perform operations (View Herscovitz ¶ 31; processor), the operations comprising: executing, during a first mode, a set of operations associated with a service to check an integrity of the service (View Herscovitz ¶ 77; integrity check), and determining, during the first mode, whether a failure of the at least one operation in the set of operations has occurred (View Herscovitz ¶ 2, 77; fault analysis/malfunction).  

Herscovitz does not explicitly teach the set of operations are executed based on a minimum level of access to a peripheral that is required for at least one operation in the set of operations to be executed, wherein the minimum level of access is imposed by utilizing a firewall. 

However, Wentworth teaches wherein the set of operations are executed based on a minimum level of access to a peripheral that is required for at least one operation in the set of operations to be executed (View Wentworth ¶ 40, 41; levels of protection), wherein the minimum level of access is imposed by utilizing a firewall (View Wentworth ¶ 40, 41; firewall).

It would have been obvious to one of ordinary skill in the art before the effective filing date to modify Herscovitz with the set of operations are executed based on a minimum level of access to a peripheral that is required for at least one operation in the set of operations to be executed, wherein the minimum level of access is imposed by utilizing a firewall since it is known in the art that a firewall can have different access levels (View Wentworth ¶ 40, 41).  Such modification would have allowed a firewall to be used to determine the level of access.

Claim 14 is the method corresponding to the system of Claim 1 and is therefore rejected under the same reasons set forth in the rejection of Claim 1.

Claim 20 is the computer readable device corresponding to the system of Claim 1 and is therefore rejected under the same reasons set forth in the rejection of Claim 1.

Claim 2, most of the limitations of this claim has been noted in the rejection of Claim 1.  Wentworth further teaches the operations further comprise executing, when the system is in a second mode, the set of operations associated with the service based on a full level of access to the peripheral (View Wentworth ¶ 35, 43, 47; authorized access).  

Claim 3, most of the limitations of this claim has been noted in the rejection of Claim 1.  Herscovitz further teaches the operations further comprise logging each result for each operation in the set of operations after the set of operations is executed (View Herscovitz ¶ 2, 70, 76; log).  

Claim 4, most of the limitations of this claim has been noted in the rejection of Claim 1.  Wentworth further teaches the operations further comprise analyzing each result for each operation in the set of operations (View Herscovitz ¶ 57, 77; fault analysis).  

Claim 5, most of the limitations of this claim has been noted in the rejection of Claim 1.  Wentworth further teaches determining whether a change in expected system behavior associated with the service has occurred (View Herscovitz ¶ 2, 57; suspicious event).  

Claim 15 is the method corresponding to the system of Claim 5 and is therefore rejected under the same reasons set forth in the rejection of Claim 5.

Claim 6, most of the limitations of this claim has been noted in the rejection of Claim 5.  Wentworth further teaches the operations further comprise generating an alert if the change in the expected system behavior has occurred (View Herscovitz ¶ 2, 57, 61, 62, 70; report malfunction/notification of suspicious event).  

Claim 7, most of the limitations of this claim has been noted in the rejection of Claim 1.  Wentworth further teaches the operations further comprise performing an action to correct the failure (View Herscovitz ¶ 2, 68; correct faults/remedial action).  

Claim 19 is the method corresponding to the system of Claim 7 and is therefore rejected under the same reasons set forth in the rejection of Claim 7.

Claim 16, most of the limitations of this claim has been noted in the rejection of Claim 15.  Wentworth further teaches determining a cause of the change in the system behavior (View Herscovitz ¶ 64; root cause).  

Claim 18, most of the limitations of this claim has been noted in the rejection of Claim 14.  Wentworth further teaches determining that the service is operating normally if the failure does not exist (View Herscovitz ¶ 101; monitor test signal).

Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Herscovitz (US Patent Application 2009/0204845) in view of Wentworth (US Patent Application 2016/0373408 A1) and further in view of Tran (US Patent Application 2006/0179147).

Claim 8, most of the limitations of this claim has been noted in the rejection of Claim 1.  The combination of teachings does not explicitly teach enabling an integrity checker of the system to mimic a user.

However, Tran teaches enabling an integrity checker of the system to mimic a user (View Tran ¶ 64; simulate user access).  

It would have been obvious to one of ordinary skill in the art before the effective filing date to modify the combination of teachings with enabling an integrity checker of the system to mimic a user since it is known in the art that a user access can be simulated (View Tran ¶ 64).  Such modification would have allowed user access to be checked.


Claim(s) 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Herscovitz (US Patent Application 2009/0204845) in view of Wentworth (US Patent Application 2016/0373408 A1) and further in view of Lee (US Patent Application 2004/0093520).

Claim 9, most of the limitations of this claim has been noted in the rejection of Claim 1.  The combination of teachings does not explicitly teach contaminating an integrity checker utilized for checking the integrity of the service as if the integrity checker is a user attempting to access the service.

However, Lee teaches contaminating an integrity checker utilized for checking the integrity of the service as if the integrity checker is a user attempting to access the service (View Lee ¶ 37; simulate user authentication).  

It would have been obvious to one of ordinary skill in the art before the effective filing date to modify the combination of teachings with contaminating an integrity checker utilized for checking the integrity of the service as if the integrity checker is a user attempting to access the service since it is known in the art that a user authentication can be simulated (View Lee ¶ 37).  Such modification would have allowed user authentication to be checked.

Claim(s) 10 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Herscovitz (US Patent Application 2009/0204845) in view of Wentworth (US Patent Application 2016/0373408 A1) and further in view of Pedersen (US Patent 8,701,162).


Claim 10, most of the limitations of this claim has been noted in the rejection of Claim 1.  The combination of teachings does not explicitly teach preventing malware from affecting the service.

However, Pedersen teaches preventing malware from affecting the service (View Pedersen Col. 1, Lines 7-24, 33-44; prevent malware).  

It would have been obvious to one of ordinary skill in the art before the effective filing date to modify the combination of teachings with preventing malware from affecting the service since it is known in the art that malware can be prevented (View Pedersen Col. 1, Lines 7-24, 33-44).  Such modification would have allowed malware to be prevented from affecting the system.

Claim 11, most of the limitations of this claim has been noted in the rejection of Claim 1.  The combination of teachings does not explicitly teach removing malware from the service

However, Pedersen teaches removing malware from the service (View Pedersen Col. 1, Lines 7-24, 33-44; remove malware).  

It would have been obvious to one of ordinary skill in the art before the effective filing date to modify the combination of teachings with removing malware from the service since it is known in the art that malware can be removed (View Pedersen Col. 1, Lines 7-24, 33-44).  Such modification would have allowed malware to be removed before affecting the system.

Claim(s) 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Herscovitz (US Patent Application 2009/0204845) in view of Wentworth (US Patent Application 2016/0373408 A1) and further in view of Osburn (US Patent Application 2007/0113062).

Claim 12, most of the limitations of this claim has been noted in the rejection of Claim 1.  The combination of teachings does not explicitly teach determining how malware is affecting the service.

However, Osburn teaches determining how malware is affecting the service (View Osburn ¶ 2; malware affect).  

It would have been obvious to one of ordinary skill in the art before the effective filing date to modify the combination of teachings with determining how malware is affecting the service since it is known in the art that malware can affect a system (View Osburn ¶ 2).  Such modification would have allowed the impact of malware to be determined.

Claim(s) 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Herscovitz (US Patent Application 2009/0204845) in view of Wentworth (US Patent Application 2016/0373408 A1) and further in view of Sapello (US Patent Application 2015/0373046).


Claim 13, most of the limitations of this claim has been noted in the rejection of Claim 1.  The combination of teachings does not explicitly teach utilizing a virtual machine to check the integrity of the service.

However, Sapello teaches utilizing a virtual machine to check the integrity of the service (View Sapello ¶ 37; virtual machine integrity check).

It would have been obvious to one of ordinary skill in the art before the effective filing date to modify the combination of teachings with utilizing a virtual machine to check the integrity of the service since it is known in the art that a virtual machine can be used (View Sapello ¶ 37).  Such modification would have allowed a virtual machine to perform an integrity check.

Claim(s) 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Herscovitz (US Patent Application 2009/0204845) in view of Wentworth (US Patent Application 2016/0373408 A1) and further in view of Bernick (US Patent Application 2006/0020852).

Claim 17, most of the limitations of this claim has been noted in the rejection of Claim 14.  The combination of teachings does not explicitly teach executing a copy of the service.

However, Bernick teaches executing a copy of the service (View Bernick ¶ 25; execute duplicate copies of program).  

It would have been obvious to one of ordinary skill in the art before the effective filing date to modify the combination of teachings with executing a copy of the service since it is known in the art that a duplicate program can be executed (View Bernick ¶ 25).  Such modification would have allowed an integrity check to be performed on a duplicate program.


Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
Thierren et al. (U.S. Patent Application 2004/0093555); teaches integrity checking of a file system.
Herro et al. (U.S. Patent Application 2007/0208551); teaches network simulation.
Chander et al. (U.S. Patent Application 2011/0282800); teaches integrity check via a user interface.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAI E BUTLER whose telephone number is (571)270-3823.  The examiner can normally be reached on 8 am to 4 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Matt Kim can be reached on 571-272-4182.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SARAI E BUTLER/Primary Examiner, Art Unit 2114