Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Arguments
In communications filed on 7/18/2022, claims 1, 3, 4, 8, 10, 11, 15, 17, and 18 are presented for examination. Claims 1, 8, and 15 are independent.
Amended claim(s): 1, 8, and 15.
Applicants’ arguments, see Applicant Arguments/Remarks filed 7/18/22, with respect to claim(s) rejected under prior art have been fully considered and are unpersuasive. Contrary to Applicant’s arguments, secondary reference Ledford provides for the procedure call representing detecting request to execute the portion and generating a patch which can be represented by the second patch, and adding the removed portion to the code; and modifying the software using the second patch (Ledford: Col 16 Lines 35-60). Note reverting, rolling back, or downgrading software to a previous version is a well known and commonly used technique that is used to provide a functioning software. Ledford explicitly discloses “A procedure can be patched back into a load if it was removed from the original load and is required later (e.g. a patch to the load references it)” (Ledford: col.16:58:60). With regards to Applicant’s so called teach away assertion regarding Vaidya, Applicant is reminded “[T]he prior art’s mere disclosure of more than one alternative does not constitute a teaching away from any of these alternatives because such disclosure does not criticize, discredit, or otherwise discourage the solution claimed in the . . . application.” In re Fulton, 391 F.3d 1195, 1201 (Fed. Cir. 2004). Contrary to Applicant’s arguments, Vaidya explicitly discloses keeping old versions of the code as reserve just in case the new patched versions cause an error and the system can patch back the old version in the software (see Vaidya: col. 4:23-36) 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 8 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Vaidya (US 7735078 B1) in view of Schnepper et al. (US 20160321036 A1), hereinafter Schnepper in view of US 20030101330 A1, hereinafter Duesterwald in view of Ledford et al. (US 6247175 B1), hereinafter Ledford.  

Regarding claim 1, Vaidya teaches a method for patching software, the method comprising (Vaidya: Abstract Col 2 Lines 9-24 provides for a method for patching software): 
identifying a portion of code of a software (Vaidya: Col 7 Lines 37-47 provides for identifying which set of code of a software is currently active), the software comprising at least one of: an operating system and an application (Vaidya: Abstract, Fig. 1 Col 2 Lines 60-64 provide for the operating system and application); 
determining whether the portion of the code is being utilized (Vaidya: Col 8 Lines 7-15 provides for determining whether the portion of code is non-function (being utilized)); 
Vaidya does not teach about generating a patch in response to determining that the portion of the code is not being utilized. However, Schnepper teaches this limitation (Schnepper: Abstract [0005] [0006] Fig. 2 provides for modifying code which can be represented by patching software to remove unnecessary or unused software); and 
modifying, the software using the patch, wherein the modifying comprises removing the portion from the code such that the portion cannot be executed (Schnepper: Abstract [0005] [0006] Fig. 2 provide for updating the software using the modified code by removing the unnecessary portion from the code).
Vaidya and Schnepper are both considered to be analogous to the claimed invention because they are in the same field of patching software. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vaidya to incorporate the teachings of Schnepper and provide a patch system for removing unused portion from the code. Doing so would aid in processing efficiency for the host node on which the program executes, resulting in more instances of the software program potentially being able to execute on the same hardware environment, thereby increasing hardware utilization and reducing idle time.
Vaidya and Schnepper do not teach about modifying the software during runtime using a live patch without restarting the software. However, Duesterwald teaches this limitation (Duesterwald: [0059] provides for modifying the software during runtime using live patch without restarting the software).
Vaidya, Schnepper and Duesterwald are all considered to be analogous to the claimed invention because they are in the same field of patching software. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vaidya/ Schnepper to incorporate the teachings of Duesterwald and provide a live patch system for modifying the software during runtime without restarting the software. Doing so would aid in running the live patch without the need to recompile, relink or restart an image. 
Vaidya et al combination does not but in analogous art, Ledford teaches: subsequent to modifying, detecting a request to execute the portion and generating a second patch that adds the removed portion to the code; and modifying, the software using the second patch, wherein the modifying using the second patch comprises adding the removed portion to the code such that the portion can be executed (Ledford: Col 16 Lines 35-60 provides for the procedure call representing detecting request to execute the portion and generating a patch which can be represented by the second patch, and adding the removed portion to the code; and modifying the software using the second patch).
Vaidya, Schnepper, Duesterwald and Ledford are all considered to be analogous to the claimed invention because they are in the same field of patching software. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vaidya/ Schnepper /Duesterwald to incorporate the teachings of Ledford and provide a second live patch system after detecting a request to execute the portion of the code for adding the removed portion to the code and modifying the software during runtime using the second live patch without restarting the software. Doing so would aid in patching back a procedure back into a load if it was removed earlier and is required later without the need to recompile, relink or restart an image.

Regarding claim 8, the claim teaches the same limitations as claim 1 for a system for patching software and is thereby rejected under the same rationale. 

Regarding claim 15, the claim teaches the same limitations as claim 1 for a non-transitory computer readable medium for patching software and is thereby rejected under the same rationale.
 
Claims 3, 4, 10, 11, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Vaidya in view of Schnepper in view of Duesterwald in view of Leford in view of Sidiroglou et al. (U.S. 20080141374 A1), hereinafter Sidiroglou and Araujo et al. (U.S. 20190068640 A1), hereinafter Araujo. 

Regarding claim 3, Vaidya, Schnepper and Duesterwald do not teach about generating a honeypot patch. However, Sidiroglou teaches this limitation of generating a honeypot patch that comprises program code for generating a security event in response to detecting an attempt to exploit a software vulnerability (Sidiroglou: Abstract, Fig. 3, [0005] [0006] [0009] [0021] provide for the honeypot patch to convert a computing system into honeypot system. Fig. 4, [0005] and [0006] provide for indicating an attempt to exploit a software vulnerability);
Vaidya et al and Sidiroglou are all considered to be analogous to the claimed invention because they are in the same field of patching software. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vaidya et al to incorporate the teachings of Sidiroglou and provide a honeypot patch for generating a security event in response to detecting an attempt to exploit a software vulnerability. Doing so would aid it detecting software vulnerabilities using an efficient approach of using honeypot patches. 
Sidiroglou does not teach about using the honeypot patch by replacing the removed portion of the code with the program code of the honeypot patch. However, Araujo teaches this limitation (Araujo: Fig. 1, [0025] provide for modifying the software using the “booby trapped function” that can be represented by the honeypot patch in live processes).
Vaidya et al and Araujo are all considered to be analogous to the claimed invention because they are in the same field of patching software. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vaidya et al to incorporate the teachings of Araujo and provide a honeypot patch to modify the software installed on the computing system by replacing the removed portion of the code with the program code of the honeypot patch during run time without restarting the software. Doing so would aid in blocking the removed portion of the code to be used in the code in future. 

Regarding claim 10, the claim teaches the same limitations as claim 3 for a system for patching software and is thereby rejected under the same rationale. 

Regarding claim 17, the claim teaches the same limitations as claim 3 for a non-transitory computer readable medium for patching software and is thereby rejected under the same rationale. 

Regarding claim 4, Sidiroglou further teaches the method of claim3, wherein the attempt to exploit the software vulnerability comprises an attempt to execute the portion removed from the software (Sidiroglou: Fig. 4, [0005] and [0006] provide for indicating an attempt to exploit a software vulnerability, which can be an attempt to execute the portion removed from the software).
Sidiroglou does not teach about using the honeypot patch by replacing the removed portion of the code with the program code of the honeypot patch. However, Araujo teaches this limitation, wherein the software using the honeypot patch comprises replacing the portion with the program code such that a request to execute the portion instead generates the security event (Araujo: Fig. 1, [0025] provide for modifying the software using the “booby trapped function” that can be represented by the honeypot patch to generate the security event when a request to execute the portion of removed code is processed).

Regarding claim 11, the claim teaches the same limitations as claim 4 for a system for patching software and is thereby rejected under the same rationale. 

Regarding claim 18, the claim teaches the same limitations as claim 4 for a non-transitory computer readable medium for patching software and is thereby rejected under the same rationale. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A ZAIDI whose telephone number is (571)270-5995. The examiner can normally be reached Monday-Thursday: 5:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SYED A ZAIDI/Primary Examiner, Art Unit 2432