DETAILED ACTION
Remarks
This office action is issued in response to communication filed on 1/6/2021 .  Claims 1-20 are pending in this Office Action.  
Notice of Pre-AIA  or AIA  Status
 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Claim Objections
 	Claims 1-3,6,8-10,15-17 and 20 are objected to because of the following informalities:  1-3,6,8-10,15-17 and 20 recite the term "and/or", which is selective language, the examiner suggests using either the "and" term or the "or" term, otherwise the claims should be worded in a clearer fashion to claim both terms. For the purpose of this examination the examiner is selecting the "or" term from this selective language. Appropriate correction is required.
Allowable Subject Matter
	Claims 9-13 and 16-17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


2.	Claim(s) is/are rejected under 35 U.S.C. 102(a)(1)  as being anticipated by Fortier .( US Patent Application Publication 2012/0317645 A1, hereinafter “Fortier”)  

 	As to claim 1, Fortier teaches a method for providing security threat awareness to a user, the method comprising: detecting an open application executing on a client computing device based on an entry in an operating system process table of the client computing device (Fortier par [0037] teaches identifying an application being executed on a computing device); obtaining a security score associated with the open application; and causing a graphical user interface of the client computing device to superimpose a visual indication of the security score over a portion of an output of the open application using a color and/or a numeric value, the visual indication representing at least one of a plurality of security threat levels corresponding to the security score.(Fortier par [0040] teaches the system determines a threat level to assign to the application. The threat level  may include a numerical or  visual score. Fortier par [0042] teaches displaying the determined threat level  to the user through a user interface)  	 	As to claim 4, Fortier teaches the method of claim 1, wherein a plugin software component is associated with the open application, and wherein detecting the open application includes identifying the plugin software component in the operating system process table.(Fortier par [0048] teaches if the application invokes an unexpected API, accesses unauthorized data  or performs other unexpected actions, the system will notice and take action) 	As to claim 5, Fortier teaches the method of claim 1, wherein detecting the open application includes inspecting network packets on a network connection associated with the open application for network activity generated by the open application.(Fortier par [0018] teaches the system focuses on the areas where application interacts externally such as with data and communication channels) 	As to claim 6, Fortier teaches the method of claim 1, wherein the security score is a first security score, the entry is a first entry, the color is a first color, the numeric value is a first numeric value, and the visual indication is a first visual indication, and wherein the method further comprises: detecting an active application executing on a client computing device based on a second entry in the operating system process table, the active application being different from the open application; obtaining a second security score associated with the active application; and causing the graphical user interface to superimpose a second visual indication of the second security score over a portion of an output of the active application and/or the portion of the output of the open application using a second color and/or a second numeric value, the second visual indication representing at least one of the security threat levels corresponding to the second security score. (Fortier par [0040] teaches the system determines a threat level to assign to the application. The threat level  may include a numerical or  visual score. Fortier par [0042] teaches displaying the determined threat level  to the user through a user interface )
 	As to claim 7, Fortier teaches the method of claim 6, wherein detecting the active application is further based on a process activity level associated with the entry in the operating system process table.(Fortier par [0021] teaches the system uses baseline behavior to identify behavior that is out of the ordinary for the application)

 	As to claim 8, Fortier teaches a computer program product including one or more non-transitory machine-readable mediums having instructions encoded thereon that when executed by at least one processor cause a process to be carried out, the process comprising: 
 	detecting an active application executing on a client computing device based on a process activity level associated with an entry in an operating system process table of the client computing device and/or a volume of network traffic associated with the entry; (Fortier par [0037] teaches identifying an application being executed on a computing device)
obtaining a security score associated with the active application; and causing a graphical user interface of the client computing device to superimpose a visual indication of the security score over a portion of an output of the active application using a color and/or a numeric value, the visual indication representing at least one of a plurality of security threat levels corresponding to the security score. .(Fortier par [0040] teaches the system determines a threat level to assign to the application. The threat level  may include a numerical or  visual score. Fortier par [0042] teaches displaying the determined threat level  to the user through a user interface)
 	 	As to claim 15, Fortier teaches a system comprising: a storage; and at least one processor operatively coupled to the storage, the at least one processor configured to execute instructions stored in the storage that when executed cause the at least one processor to carry out a process including detecting an open application executing on a client computing device based on a first entry in an operating system process table of the client computing device; obtaining a first security score associated with the open application ( Fortier par [0030]-[0032] teaches performing static analysis and displaying threat level); detecting an active application executing on the client computing device based on a second entry in the operating system process table; obtaining a second security score associated with the active application; and causing a graphical user interface of the client computing device to superimpose a visual indication of at least one of the first security score and the second security score over a portion of an output of the open application and/or a portion of an output of the active application using a color and/or a numeric value, the visual indication representing at least one of a plurality of security threat levels corresponding to the at least one of the first security score and the second security score. .(Fortier par [0040] teaches the system determines a threat level to assign to the application. The threat level  may include a numerical or  visual score. Fortier par [0042] teaches displaying the determined threat level  to the user through a user interface)  	As to claim 18, Fortier teaches the system of claim 15, wherein a plugin software component is associated with the open application, and wherein detecting the open application includes identifying the plugin software component in the operating system process table. (Fortier par [0048] teaches if the application invokes an unexpected API, accesses unauthorized data  or performs other unexpected actions, the system will notice and take action) 	As to claim 20, Fortier teaches the system of claim 15, wherein detecting the active application is further based on a process activity level associated with the second entry in an operating system process table of the client computing device and/or a volume of network traffic associated with the second entry. (Fortier par [0021] teaches the system uses baseline behavior to identify behavior that is out of the ordinary for the application)


Claim Rejections - 35 USC § 103
3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 2-3  are rejected under 35 U.S.C. 103 as being unpatentable over Fortier.
	
 	As to claim 2, Fortier teaches the method of claim 1, wherein the open application is a first open application, the entry is a first entry, and the security score is a first security score (Fortier par [0030]-[0032] teaches performing static analysis and displaying threat level) , and wherein the method further comprises: detecting a second open application executing on the client computing device based on a second entry in the operating system process table; obtaining a second security score for the second open application ; and calculating an average security score of the first security score and the second security score, and/or a lowest of the first security score and the second security score, wherein the visual indication further represents at least one of the security threat levels corresponding to the average security score or the lowest of the first security score and the second security score. (Fortier par [0037]-[0040] teaches performing dynamic analysis and determining threat level of the application . The threat level may include numerical or visual score. Fortier par [0041] teaches determining the threat level has change. Fortier par [0042] further teaches displaying the determined threat level to the user) 	Fortier fails to expressly teach calculating an average security score of the first security score and the second security score, and/or a lowest of the first security score and the second security score. However, calculating an average security score of the first security score and the second security score, and/or a lowest of the first security score and the second security score is well known in the art and therefore, it would have been obvious to one of ordinary skill in the art before the effective fling date of the claimed invention was make to calculate the average security score to display the threat level in order to allow the user to better protect the user’s computing device from potential harm form malware.(Fortier par [0012])
 	As to claim 3, Fortier teaches the method of claim 2, wherein the color is a first color, the numeric value is a first numeric value, and the visual indication is a first visual indication, and wherein the method further comprises causing the graphical user interface to display a second visual indication of the first security score and/or the second security score using a second color and/or a second numeric value.(Fortier par [0020] teaches score may be numeric, a series of starts , a stop light such as red=bad, yellow=caution, green=ok or any other indication to the user. Fortier par [0040] teaches the system determines a threat level to assign to the application. The threat level  may include a numerical or  visual score. Fortier par [0042] teaches displaying the determined threat level  to the user through a user interface )
 5.	Claims 14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Fortier and further in view of Aziz et al.(US Patent 10,893,059 B1, hereinafter “Aziz”)
 	As to claim 14, Fortier teaches the computer program product of claim 8  but fails to teach wherein detecting the active application includes inspecting network packets on a network connection associated with the active application for network activity generated by the active application.
 	However, Aziz teaches wherein detecting the active application includes inspecting network packets on a network connection associated with the active application for network activity generated by the active application.(Aziz col 9 , lines 32-57 teaches malware detection system may capture objects contained in network traffic using network interface, make copy of the objects , pass the object to appropriate endpoint device and pass the copy of the objects to the static analysis and/or dynamic analysis)
	Fortier and Aziz are analogous art directed toward threat detection and both teachings operate the same as separately as in combination. Since the teachings were analogous art known before the effective filing date of claimed invention, one of ordinary skill would have combined the teaching of  Fortier and Aziz  according to known methods to achieve the claimed invention and  yield predictable results. One would have been motivated to make such combination to  enhance cyber attack detection.(Aziz col 3, lines 15-18)

 	As to claim 19 ,see the above rejection of claim 14.
Conclusion
 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to HIEN DUONG whose telephone number is (571)270-7335. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Bashore can be reached on 571-272-4088. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/HIEN L DUONG/Primary Examiner, Art Unit 2175