DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
The amendment filed 7/12/2022 has been entered. Claims 1, 6, 11, 13, 15-17 are currently amended claims. Claims 2, 7 are previously cancelled claims. Claims 1, 3-6, 8-18 are pending in the application.
The objection to claim 16 due to missing period has been withdrawn in light of applicant’s amendment to the claim. The objection of claims 1, 11, 15 due to informalities is maintained as record, since examiner believes applicant’s argument regarding this objection is not convincing. See below explanation in Claim Objections.
The rejection of claims 13, 17 under 35 USC 112(b) due to insufficient antecedent basis has been withdrawn in light of applicant’s amendment to the claims.
Response to Arguments
The Applicant's arguments, see pages 6-7 of the Remarks filed on 7/12/2022 with respect to claim rejection under 35 USC 103 over prior arts of records, Chen, Anderson and Goodes have been fully considered but asserted not fully persuasive due to following reason and further moot in view of current office action with newly applied prior art. 
First, regarding the teachings of Chen, Goodes on limitations recited in the independent claim 1 (similarly claim 6, 11, 15 respectively), applicant argued,
“At the outset, Chen uses a library of multiple instances of potential obfuscation code, and from that code, at build time randomly selects one to substitute for a particular code segment in the actual program intended to be obfuscated. Even though obfuscation of each segment of actual code re-starts the process to randomly select one substitute obfuscation code for that segment, before moving on to the next segment and repeating, Chen still only inserts one randomly selected obfuscation segment for an original segment. 6Appl. No. 15/841,743 
Amdt. dated July 12, 2022 
Reply to Office action of April 12, 2022Goodes teaches something similar, but at runtime. The method of Goodes uses a library in memory to select sequential strings of randomly selected program segments to build the final executable. The Examiner's obviousness rejection argues that it would be obvious to modify Chen to use Goodes technique of inserting the obfuscated code at run-time. However, this explanation merely rationalizes moving Chen's build time random insertion of code to be at run-time instead of at build-time. But the claims require both; at build time, a number of different obfuscation algorithms are inserted at random locations in the code, and then at run-time the claimed method requires selection from among these algorithms already in the code to perform a particular substitution. Thus, there are two selection/insertion steps being claimed - one at build time and one at run time, but the Examiner's explanation of obviousness has only made a case for one insertion step - either at build time (Chen) or run-time (Chen as modified by Goodes).” (see page 6-7 of the Remarks)

Examiner acknowledges applicant’s prospective however respectively disagrees with applicant. Nowhere in the claim clearly suggests random(ly) insertion of code at build-time and insertion at random from algorithm at run-time, i.e. the claims require both; at build time, a number of different obfuscation algorithms are inserted at random locations in the code, and then at run-time the claimed method requires selection from among these algorithms already in the code to perform a particular substitution, as applicant argued above. Claim 1 recites, “randomly selecting at least one dynamic encoding algorithm at runtime during execution of a program by a processor when the processor performs at least one of encoding, decoding and/or re-encoding a data flow of the program, selection at runtime made randomly from a pool of encoding algorithms injected into the program at build-time”. The claim above only recites “from a pool of encoding algorithms injected into the program at build-time”, i.e. the algorithm injected into the program at build-time, without specifying at random (or randomly), in another words, “randomly” is for “selection at runtime”. In fact, dependent claim 3 (similarly claim 8) recites “wherein the encoding algorithms in the pool are injected into the program at randomly selected locations”. However, this feature is not recited in the independent claims. Therefore, examiner asserts applicant’s argument above is not persuasive.
Applicant further argued,
“Second, the Examiner's explanation of obviousness is self-contradictory. When 
discussing Chen, the Examiner reads a "data element" as being a variable (See page 9 of the rejection citing Chen at par. 0016). This "data element" is just a Boolean operator like an "AND." Then, however, when citing to the secondary reference, Anderson, the rejection inconsistently reads a "data element" not as being a variable, but instead a "value." This type of inconsistency cannot form the basis for a reasoned explanation of obviousness.” (see page 7 of the Remarks)

Examiner respectively disagrees. First, the claim recites “data element” without specifying what is “data element” is. Therefore, data element is interpreted as any variable, value, component, etc. that is related to software, code. Chen teaches a method, apparatus, and article of manufacture to provide secure variables within programming modules, [0015]: One aspect of the present invention is a system for providing secure and opaque type libraries to automatically provide secure variables within a programming module; [0016]: The system includes an OTL selection module, an OTL substitution module, an OTL type library database, a compiler module; and a linker module to create an executable processing module. The OTL selection module randomly selects or generates one of the possible variable obfuscation functions for each declared secure variable. The OTL substitution module substitutes the separate instance of the selected variable obfuscation function for every reference to the declared secure variable. One ordinary skilled in the arts can understand Chen’s variable is referring to a variable that is related to an obfuscation function, not necessary a “Boolean operator” as applicant argued above. Meanwhile, Anderson teaches obfuscating program code to prevent unauthorized access to video, wherein the program code is a value as interpreted as data element, i.e. Anderson teaches transforming program code to obfuscated program code (i.e. not necessary transforming the obfuscation type, or altering a data value without altering a data type associated with said data value).
Examiner acknowledges applicant amended claim 1 (similarly for claims 6, 11, 15) by specifying dynamic encoding algorithm randomly selected at runtime. Upon review, examiner agrees that the cited references, Chen, Goodes, and Anderson does not specifically teaches dynamic encoding algorithm. However, upon updated search, examiner asserts reference Chevallier-Mames teaches this feature. Therefore, applicant further argument (see the third paragraph on page 7) regarding Anderson to be combined in teaching of obfuscation program code is moot since the argument does not apply to the newly applied prior art, Chevallier-Mames incorporated in the current office action presented below.
In summary, examiner asserts applicant’s arguments/concern has been addressed above and the combination of Chen/Anderson/Goodes/Chevallier-Mames teaches all elements of the amended independent claims. Applicant is suggested to further incorporate innovative features into independent claims to advance the case.
Claim Objections
Claims 1, 11, 15 are objected to because of the following informalities:  
Claim 1 line 2-6 recites, “randomly selecting at least one dynamic encoding algorithm at runtime during execution of a program by a processor when the processor performs at least one of encoding, decoding and/or re-encoding a data flow of the program, selection at runtime made randomly from a pool of encoding algorithms injected into the program at build- time, …” which is suggested to read “randomly selecting at least one dynamic encoding algorithm at runtime during execution of a program by a processor when the processor performs at least one of encoding, decoding and/or re-encoding a data flow of the program, the selecting at runtime made randomly from a pool of encoding algorithms injected into the program at build- time, …”. The replacement of “selection” by “the selecting” clarifies the selecting is referring to “randomly selecting at least one dynamic encoding algorithm at runtime” recited earlier in the claim.
Claim 11 lines 1-3 recites “A method comprising: tagging at least one data element when editing source code of a program while at least one of encoding, decoding and/or re-encoding a data flow of the program;” The underlined is not very clear. It appears applicant intends to recite “… while performing at least one of encoding …”, or “… while at least one of encoding … being performed”.
Claim 15 lines 1-3 recites “An apparatus comprising: a processor for editing source code of a program and tagging at least one data element when at least one of encoding, decoding and/or re-encoding a data flow of the program;”. The underlined limitation has same concern as claim 11 set forth above.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 4-6, 9-18 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al (US20040003278A1-IDS by Applicant, hereinafter, "Chen"), in view of Anderson (US20160218872A1, hereinafter, Anderson”), in further view of Goodes et al (US20130014275A1, hereinafter, “Goodes”) and Chevallier-Mames et al (US20140165208A1, hereinafter, “Chevallier-Mames”).
Regarding claim 1, Chen teaches:
A method (Chen, [Abstract] discloses a method, … for providing secure and opaque type libraries to automatically provide secure variables within a programming module) comprising: 
randomly selecting at least one [dynamic] encoding algorithm [at runtime] (see Goodes below for at runtime) during execution of the program (Chen, [0016] The OTL selection module randomly selects or generates one of the possible variable obfuscation functions (i.e. at least one encoding algorithm) for each declared secure variable. And [0049] For example, Secure_Int.sub.--1 may add a random offset to the run-time value of the variable ... For both of these instances, a separate random value parameter may also be selected for each variable to further obfuscate the data contained therein) by a processor when the processor performs at least one of encoding, decoding and/or re-encoding a data flow of the program, selection [at runtime] made randomly from a pool of encoding algorithms (Chen, [0016] The OTL type library database (i.e. pool of obfuscation algorithms) receives queries from the OTL selection module a database to identify possible variable obfuscation functions) injected into the program at build-time (Chen, [0053] … separate insertions of the in-line code for this obfuscation function are needed. See also Fig. 7, and [0055] the substitution module uses an OTL selection module 722 and an OTL parameter module 723 that both utilize a type library database 721 (i.e. injected into the program at build-time)), where the encoding algorithms in the pool each comprise at least one function for encoding, decoding and/or re-encoding the data-flows (Chen, see below for encoding, decoding etc. And [0035] An important application of Time-Varying OTL is authenticated function call. In this model, a function can be annotated as call-by-authentication; parameters passed to this function, as well as the return value, are protected using Time-Varying OTL, which varies from machine to machine and from time to time.  A virus that is injected into a remote client machine will have no easy way to figure out the encoding scheme used at the time…) [by altering a data value without altering a data type associated with said data value]; (see Anderson below for the teaching of limitation in bracket, further see Goodes for the teachings of selection of encoding algorithm at run-time and Chevallier-Mames for the teachings of dynamic encoding algorithm)
While Chen teaches secure data protection by randomly selecting of obfuscation functions from opaque type library but does not explicitly teach by altering a data value without altering a data type associated with said data value, however in the same field of endeavor Anderson teaches:
[where the encoding algorithms in the pool each comprise at least one function for encoding, decoding and/or re-encoding the data-flows] (see Chen’s teachings shown above) by altering a data value without altering a data type associated with said data value (Anderson, discloses obfuscating program code to prevent unauthorized users from accessing video, see [Abstract]. And referring to Fig. 6, and [0089] the next step is to convert the generated randomized branching program for each code element back to assembly language operations and combine these to form program code (obfuscated program code 60), so as to concretely implement the desired level of complexity and unintelligibility in the code itself); Examiner notes the code element of Anderson is interpreted as data value. Obfuscated code of Fig. 6 shows altered code.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Anderson in the method of providing secure variables within a programing module of Chen by altering the program code with obfuscated code. This would have been obvious because the person having ordinary skill in the art would have been motivated to substituting Chen’s variables for calling obfuscation functions with Anderson’s obfuscated codes for the expected benefit of obfuscation of program codes to prevent unauthorized user (hacker) from accessing to the content of the program code (Anderson, [Abstract]).
While the combination of Chen/Anderson teaches secure data protection by randomly selecting of obfuscation functions but does not explicitly teach that the selecting an obfuscation algorithm (at least one encoding algorithm) at runtime during execution of the program, however in the same field of endeavor Goodes teaches:
randomly selecting at least one encoding algorithm at runtime during execution of the program (Goodes, discloses linker or loader to dynamically link and load (i.e. select) software modules from dynamic libraries for security transformation against reverse engineering and tampering attacks to software, see [Abstract] and [0002]. Referring to Fig. 5, and [0047] multiple, diverse instances of software modules (Mod A1, Mod A2, Mod A3 …) can again be separately provisioned in dynamic libraries, such as Dynamic Library A, Dynamic Library B … and the run-time loader 500 again includes a run-time source of entropy 502 and a pseudo-random number generator (PRNG), which controls a diverse module selector 504 to make pseudo-random decisions). 
		Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Goodes in the method of providing secure variables within a programing module of Chen/Anderson by selecting the software modules from different libraries randomly and at runtime at link or load time. This would have been obvious because the person having ordinary skill in the art would have been motivated to randomly select software modules at run-time to transform compiled software modules from dynamic libraries for security transformation against reverse engineering and tampering attacks to software (Goodes, [Abstract], [0002], [0006]).
The combination of Chen/Anderson/Goodes teaches selecting an encoding/obfuscation algorithm at runtime but does not specifically teach dynamic encoding algorithm, however in the same field of endeavor Chevallier-Mames teaches:
		randomly selecting at least one dynamic encoding algorithm at runtime (Chevallier-Mames, [0030] Operating environment 101 may include compiler 127 to compile source code 103 and generate executable 125 with dynamic masking capabilities on static data inside source code 103. Compiler 127 may convert statically masked code data to be dynamically masked code during runtime. And [0036] Rewriting code generation module 109 may provide dynamic obfuscating instructions for statically masked code data identified from intermediate code 117. For example, dynamic obfuscating instructions can allow fresh dynamic masks to be generated during runtime on a per function call basis (e.g. during the same execution), per run (e.g. each execution) basis or other applicable levels of randomness).
		Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Chevallier-Mames in the method of providing secure variables within a programing module of Chen/Anderson/Goodes by using dynamically masked code during runtime. This would have been obvious because the person having ordinary skill in the art would have been motivated to compile source code and generate executable with dynamic masking capabilities on static data inside source code for fast, efficient and effective code transformation (Chevallier-Mames, [Abstract], [0005-0006]).
Chen further teaches: wherein the selected at least one encoding algorithm is associated with at least one tagged data element in the program for encoding, decoding or re-encoding data stored in the tagged data element (Chen, [0016] The OTL selection module randomly selects or generates one of the possible variable obfuscation functions for each declared secure variable (i.e. tagged data element). The OTL substitution module substitutes the separate instance of the selected variable obfuscation function for every reference to the declared secure variable (i.e. encoding, re-encoding). The OTL type library database receives queries from the OTL selection module a database to identify possible variable obfuscation functions applicable for the variable type corresponding to the declared secure variables); 
and wherein: unencoded data is encoded by the selected at least one encoding algorithm when the unencoded data is copied to the tagged data element (Chen, [0047] The main procedure module 303 provides the set of instructions that are performed when the programming module is run. Also [0048] FIG. 4 illustrates a block diagram for a program module using OTL variables calling procedures…The OTL processing of this program module 300 will create a separate instance of a function that will obfuscate the contents of these secure variables. And [0049] In this example, each of the two secure integers will cause a separate instance of a function to be created). Examiner notes: See Fig. 4 section 441 where variable Seccure_int_ 1 is assigned (i.e. copied) to Function; 
encoded data is re-encoded by the selected at least one encoding algorithm when the encoded data is copied from a differently tagged data element to the tagged data element (Chen, [0052] Rather than utilizing the secure functions of FIG. 4, another embodiment of the present invention will substitute the code for the secure function directly into the in-line code (i.e. replaced or copied from a differently tagged data element) of the main procedure section 303. For example, Secure_Int.sub.--1 522 is referenced within Instruction 1 531 and within Instruction m 561);
or encoded data is decoded by the selected at least one encoding algorithm when the encoded data is copied from the tagged data element to an untagged data element (Chen, [0047] The main procedure module 303 provides the set of instructions that are performed when the programming module is run. And [0051] these variables may utilize references to secure functions 441-443 to process the secure variables from a secure state to a plain text state (i.e. decode to untagged data element) for use in the main procedure section 303).

Regarding claim 6, Chen/Anderson/Goodes/Chevallier-Mames combination discloses:
An apparatus (Chen, [Abstract] A system for providing secure and opaque type libraries to automatically provide secure variables within a programming module) comprising: a processor for executing a program (Chen, [0041] With reference to FIG. 2, an exemplary computing system for embodiments of the invention includes a general purpose computing device in the form of a conventional computer system 200, including a processor unit 202); with the rest of limitation substantially similar to claim 1 therefore rejected with the same reason set forth as rejection of claim 1 above.

Regarding claim 11, Chen teaches:
A method implemented by a processor and (Chen, [Abstract] A method, apparatus, and article of manufacture for providing secure and opaque type libraries to automatically provide secure variables within a programming module. See Fig. 2 CPU 202) comprising: 
tagging at least one data element when editing source code of the program (Chen, [0017] The method identifies secure variable declaration statements (i.e. at least one data element) within a source code module, queries a database for identification of possible variable obfuscation functions applicable for the variable type corresponding to the secure variable declaration statement), while at least one of encoding, decoding and/or re-encoding a data flow of the program (Chen, see below for encoding, decoding etc. And [0035] An important application of Time-Varying OTL is authenticated function call.  In this model, a function can be annotated as call-by-authentication; parameters passed to this function, as well as the return value, are protected using Time-Varying OTL, which varies from machine to machine and from time to time. A virus that is injected into a remote client machine will have no easy way to figure out the encoding scheme used at the time…); 
wherein the tagged data element is associated with a [dynamic] encoding algorithm randomly selected [at runtime] during execution of the program (Chen, [0016] The OTL selection module randomly selects or generates one of the possible variable obfuscation functions for each declared secure variable. And [0049] For example, Secure_Int.sub.--1 may add a random offset to the run-time value of the variable ... For both of these instances, a separate random value parameter may also be selected for each variable to further obfuscate the data contained therein) from a pool of encoding algorithms (Chen, [0016] The OTL type library database (i.e. pool of obfuscation (encoding) algorithms) receives queries from the OTL selection module a database to identify possible variable obfuscation functions) injected into the program at build-time (Chen, [0053] … separate insertions of the in-line code for this obfuscation function are needed. See also Fig. 7, and [0055] the substitution module uses an OTL selection module 722 and an OTL parameter module 723 that both utilize a type library database 721 (i.e. injected into the program at build-time)), where the encoding algorithms each comprise at least one function for encoding, decoding or re-encoding data stored in the tagged data element (Chen, [0016] The OTL selection module randomly selects or generates one of the possible variable obfuscation functions for each declared secure variable (i.e. tagged data element). The OTL substitution module substitutes the separate instance of the selected variable obfuscation function for every reference to the declared secure variable (i.e. encoding, re-encoding). The OTL type library database receives queries from the OTL selection module a database to identify possible variable obfuscation functions applicable for the variable type corresponding to the declared secure variables) [by altering a data value without altering a data type associated with said data value]; (see Anderson below for the teaching of limitation in bracket; further see Goodes for the teachings of selecting encoding algorithm at run-time and Chevallier-Mames for the teachings of dynamic encoding algorithm) 
While Chen teaches secure data protection by randomly selecting of obfuscation functions from opaque type library but does not explicitly teach by altering a data value without altering a data type associated with said data value, however in the same field of endeavor Anderson teaches:
encoding, decoding or re-encoding data stored in the tagged data element by altering a data value without altering a data type associated with said data value (Anderson, discloses obfuscating program code to prevent unauthorized users from accessing video, see [Abstract]. And referring to Fig. 6, and [0089] the next step is to convert the generated randomized branching program for each code element back to assembly language operations and combine these to form program code (obfuscated program code 60), so as to concretely implement the desired level of complexity and unintelligibility in the code itself); Examiner notes the code element of Anderson is interpreted as data value. Obfuscated code of Fig. 6 shows altered code.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Anderson in the method of providing secure variables within a programing module of Chen by altering the program code with obfuscated code. This would have been obvious because the person having ordinary skill in the art would have been motivated to substituting Chen’s variables for calling obfuscation functions with Anderson’s obfuscated codes for the expected benefit of obfuscation of program codes to prevent unauthorized user (hacker) from accessing to the content of the program code (Anderson, [Abstract]).
While the combination of Chen/Anderson teaches secure data protection by randomly selection of obfuscation functions from opaque type library but does not explicitly teach that the selecting an obfuscation algorithm (i.e. encoding algorithm) at runtime during execution of the program, however in the same field of endeavor Goodes teaches:
[wherein the tagged data element is associated with a dynamic encoding algorithm] randomly selected at runtime during execution of the program (Goodes, discloses linker or loader to dynamically link and load (i.e. select) software modules from dynamic libraries for security transformation against reverse engineering and tampering attacks to software, see [Abstract] and [0002]. Referring to Fig. 5, and [0047] multiple, diverse instances of software modules (Mod A1, Mod A2, … ;) can again be separately provisioned in dynamic libraries, such as Dynamic Library A, Dynamic Library B and …, and the run-time loader 500 again includes a run-time source of entropy 502 and a pseudo-random number generator (PRNG), which controls a diverse module selector 504 to make pseudo-random decisions). 
		Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Goodes in the method of providing secure variables within a programing module of Chen/Anderson by selecting the software modules from different libraries randomly and at runtime at link or load time. This would have been obvious because the person having ordinary skill in the art would have been motivated to randomly select software modules at run-time to transform compiled software modules from dynamic libraries for security transformation against reverse engineering and tampering attacks to software (Goodes, [Abstract], [0002], [0006]).
The combination of Chen/Anderson/Goodes selecting an encoding/obfuscation algorithm at runtime but does not specifically teach dynamic encoding algorithm, however in the same field of endeavor Chevallier-Mames teaches:
		a dynamic encoding algorithm randomly selected at runtime (Chevallier-Mames, [0030] Operating environment 101 may include compiler 127 to compile source code 103 and generate executable 125 with dynamic masking capabilities on static data inside source code 103. Compiler 127 may convert statically masked code data to be dynamically masked code during runtime. And [0036] Rewriting code generation module 109 may provide dynamic obfuscating instructions for statically masked code data identified from intermediate code 117. For example, dynamic obfuscating instructions can allow fresh dynamic masks to be generated during runtime on a per function call basis (e.g. during the same execution), per run (e.g. each execution) basis or other applicable levels of randomness).
		Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Chevallier-Mames in the method of providing secure variables within a programing module of Chen/Anderson/Goodes by using dynamically masked code during runtime. This would have been obvious because the person having ordinary skill in the art would have been motivated to compile source code and generate executable with dynamic masking capabilities on static data inside source code for fast, efficient and effective code transformation (Chevallier-Mames, [Abstract], [0005-0006]).
Chen further teaches: and wherein: unencoded data is encoded by the encoding algorithm when the unencoded data is copied to the tagged data element (Chen, [0047] The main procedure module 303 provides the set of instructions that are performed when the programming module is run. Also [0048] The OTL processing of this program module 300 will create a separate instance of a function that will obfuscate the contents of these secure variables. And [0049] In this example, each of the two secure integers will cause a separate instance of a function to be created). Examiner notes: See Fig. 4 section 441 where variable Seccure_int_ 1 is assigned (i.e. copied) to Function; 
-15-ARRO1291encoded data is re-encoded by the encoding algorithm when the encoded data is copied from a differently tagged data element to the tagged data element (Chen, [0052] Rather than utilizing the secure functions of FIG. 4, another embodiment of the present invention will substitute the code for the secure function directly into the in-line code (i.e. replaced or copied from a differently tagged data element or re-encoded) of the main procedure section 303. For example, Secure_Int.sub.--1 522 is referenced within Instruction 1 531 and within Instruction m 561); 
or encoded data is decoded by the encoding algorithm when the encoded data is copied from the tagged data element to an untagged data element (Chen, [0047] The main procedure module 303 provides the set of instructions that are performed when the programming module is run. And [0051] these variables may utilize references to secure functions 441-443 to process the secure variables from a secure state to a plain text state (i.e. decode to untagged data element) for use in the main procedure section 303).

As per claim 15, Chen/Anderson/Goodes/Chevallier-Mames combination discloses:
An apparatus (Chen, [Abstract] A system for providing secure and opaque type libraries to automatically provide secure variables within a programming module) comprising: a processor for editing source code of a program and tagging at least one data element (Chen, [0017] The method identifies secure variable declaration statements (i.e. at least one data element) within a source code module, queries a database for identification of possible variable obfuscation functions applicable for the variable type corresponding to the secure variable declaration statement. And Fig. 2, [0041] including a processor unit 202); with the rest of limitation substantially similar to claim 11 therefore rejected with the same reason set forth as rejection of claim 11 above.

Regarding claim 4, similarly claim 9, Chen/Anderson/Goodes/Chevallier-Mames combination further teaches:
The method of claim 1, the apparatus of claim 6, wherein the encoding algorithms in the pool are randomly selected from a library of obfuscation algorithms (Chen, [0016] The OTL type library database receives queries from the OTL selection module a database to identify possible variable obfuscation functions applicable for the variable type corresponding to the declared secure variables. And [0053] For each variable type, a particular instance of an obfuscation function is randomly selected or generated, as are any parameters utilized by the selected function).  

Regarding claim 5, similarly claim 10, Chen/Anderson/Goodes/Chevallier-Mames combination further teaches:
The method of claim 1, the apparatus of claim 6, wherein the differently tagged data element is associated with a different encoding algorithm (Chen, [0033] Thus supporting a full set of operations needs care and switching between different types of homomorphisms in a hidden manner.  Therefore, some sophistication is required to generate obfuscated and individualized operators that are tailored to each protected variable. And [0049] in this example, each of the two secure integers will cause a separate instance of a function to be created.  These functions may be entirely different operations to obfuscate an integer).

Regarding claim 12, similarly claim 16, Chen/Anderson/Goodes/Chevallier-Mames combination further teaches:
The method of claim 11, the apparatus of claim 15, wherein the data element is tagged in the source code of the program (Chen, [0017] The method identifies secure variable declaration statements (i.e. at least one data element) within a source code module, queries a database for identification of possible variable obfuscation functions applicable for the variable type corresponding to the secure variable declaration statement).  

Regarding claim 13, similarly claim 17, Chen/Anderson/Goodes/Chevallier-Mames combination further teaches:
The method of claim 11, the apparatus of claim 15, wherein instructions for invoking the encoding algorithm associated with the tagged variable are generated when a compiler encounters the tagged data element in the source code (Chen, [0017] The method identifies secure variable declaration statements within a source code module, queries a database for identification of possible variable obfuscation functions applicable for the variable type corresponding to the secure variable declaration statement, randomly selects or generates one of the possible variable obfuscation functions returned in response to the database query, creates a separate instance of the selected variable obfuscation function corresponding to the secure variable declaration. And [0030] Each data type directs the compiler to generate an individualized implementation for each protected data object).  

Regarding claim 14, similarly claim 18, Chen/Anderson/Goodes/Chevallier-Mames combination further teaches:
The method of claim 11, the apparatus of claim 15, wherein the data element is tagged with an encoding identifier (Chen, [0048] In this particular example, a set of three secure variables are declared in addition to any other declared variables.  These secure variables include two secure integers, Secure_Int_1 422 and Secure_Int_2 423 (i.e. encoding identifier), and a secure Boolean variable, Secure_Boolean 424.  The OTL processing of this program module 300 will create a separate instance of a function that will obfuscate the contents of these secure variables).

Claims 3, 8 are rejected under 35 U.S.C. 103 as being unpatentable over Chen/Anderson/Goodes/Chevallier-Mames combination as applied above to claim 1, 6 respectively, further in view of Chang et al (US20140237622A1, hereinafter, “Chang”).
Regarding claim 3, similarly claim 8, Chen/Anderson/Goodes/Chevallier-Mames combination teaches:
The method of claim 1, the apparatus of claim 6,
While the combination of Chen/Anderson/Goodes/Chevallier-Mames teaches randomly selecting obfuscation algorithms into the program at runtime but does not explicitly teach randomly selected locations, however in the same field of endeavor Chang teaches: 
wherein the encoding algorithms in the pool are injected into the program at randomly selected locations (Chang, [Abstract] discloses method for protecting a software program from unauthorized modification or exploitation. And [0155] The invocation code of each guard will be injected in a locations selected randomly in the specified ranges. And [0158] By default, the guard processing engine places the guard code in a randomly selected portion of the unused space within a host software program image). 
		Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Chang in the method of providing secure variables within a programing module of Chen/Anderson/Goodes/ Chevallier-Mames by injecting invocation code in randomly selected locations. This would have been obvious because the person having ordinary skill in the art would have been motivated to insert security mechanism into a software program for protection of software program from unauthorized modification or exploitation (Chang, [Abstract], [0155], [0158]).
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
McLachlan et al (US20140115292A1) discloses dynamic obfuscation of heap memory allocations.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL M LEE/Examiner, Art Unit 2436  

/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436