DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 07/15/2022.  Claims 1-2, 6, 10-11, and 15 are amended. Claims 1-18 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 17/000,801.
Examiner Note
Applicant’s amendment to claims 2, and 11 obviates previously raised claim objections.
Terminal Disclaimer


The terminal disclaimer filed on 07/15/2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of U.S. Patent application No. 10554681, 11165811 has been reviewed and is accepted.  The terminal disclaimer has been recorded.
Allowable Subject Matter
Claims 1-18 are allowed.
The following is an examiner’s statement of reasons for allowance:
The invention relates to a system receives binary data and first identification data. The binary data includes hashes of strings of bits, bytes, words or characters. The system receives vulnerability data and second identification data. The system determines a correspondence between the binary data and the vulnerability data based on matching the first identification data with the second identification data. The vulnerability data includes a country of origin for a product identified by the second identification data. The system generates a binaries-to-vulnerabilities database. The system scans target binary data from a target device to find matches between the target binary data and the binary data using the binaries-to-vulnerabilities database. The system determines a known security vulnerability based on the results of the scanning and the correspondence between the binary data and the vulnerability data. The known security vulnerability includes the country of origin for the product in the target device.

The closest relevant prior art made of record are:
Dahlstrom (US2004/0006704) teaches a method for determining security vulnerabilities includes receiving a profile of one or more products used by an organization, the profile including characteristics of each product. The method further includes comparing the characteristics of each product to a plurality of product records, each product record including one or more security vulnerabilities associated with the product record and one or more fixes associated with each security vulnerability. The method further includes determining at least one of the one or more security vulnerabilities for at least one of the one or more products in response to comparing the characteristics of the at least one of the one or more products to the product record.

Hartsook (US9304980) teaches Target files in a search space are scanned to identify which versions of software components are present in the search space. A reference library is populated with indicia such as source code fragments of known versions of software components. A file scanner reads file data used to identify matches between the reference library content and target files, and a version detector determines which match candidates represent unique component versions. Once a component version is identified, a vulnerability module determines based on data in a vulnerabilities database what vulnerabilities are associated with the identified version, and a license module identifies which if any licensing schemes are applicable to the identified version. In one embodiment a report is automatically produced providing an indication of all matched files, their versions, vulnerabilities, and licensing scheme.
Leone(US8474004) teaches a system includes at least one telecommunications terminal having data processing capabilities, the telecommunications terminal being susceptible of having installed thereon software applications, wherein each software application has associated therewith a respective indicator adapted to indicate a level of security of the software application, the level of security being susceptible of varying in time; a software agent executed by the at least one telecommunications terminal, the software agent being adapted to conditionally allow the installation of software applications on the telecommunications terminal based on the respective level of security; a server in communications relationship with the software agent, the server being adapted to dynamically calculate the level of security of the software applications, and to communicate to the software agent the calculated level of security of the software applications to be installed on the telecommunications terminal.
Codreanu (US8813222) teaches in some embodiments, a malware detecting system is configured to conduct an iterative, collaborative scan of a target object (computer file or process), comprising a server-side scan and a client-side scan, and to assess the malware status of the target object according to the results of the client-side and server-side scans. The client-side scan comprises computationally-intensive operations such as virtual-environment emulation, decryption and data compression methods, while the server-side scan comprises database-intensive operations such as hash lookups. The information exchanged between client and server systems may be limited to relatively-compact data, such as hashes, which may amount to a few bytes per target object. Exemplary methods and systems described herein allow storing malware signature databases on the server side, thus reducing the burden of frequently delivering data-heavy signature updates to large numbers of customers, without requiring the server side to perform computationally-intensive scanning tasks for large numbers of customers
Carback(US2015/0363294) Systems, methods, and computer program products are provided for identifying software files, flaws in code, and program fragments by obtaining a software file, determining a plurality of artifacts, accessing a database which stores a plurality of reference artifacts for reference software files, comparing at least one of the artifacts to at least one of the reference artifacts stored in the database, and identifying the software file by identifying the reference software file having the reference artifacts that correspond to the plurality of artifacts. Certain embodiments can also automatically provide updated versions of files, patches to be applied, or repaired blocks of code to replace flawed blocks. Example embodiments can accept a wide variety of file types, including source code and binary files and can analyze source code or convert files to an intermediate representation (IR) and analyze the IR.
  Grieco (US2016/0232358) teaches Presented herein are vulnerability assessment techniques for highlighting an organization's information technology (IT) infrastructure security vulnerabilities. For example, a vulnerability assessment system obtains application metadata for each of a plurality of executable applications observed at one or more devices forming part of an organization's IT infrastructure. The application metadata includes unique software identifiers for each of the plurality of executable applications. The vulnerability assessment system obtains global security risk metadata for executable applications observed at the one or more devices. The vulnerability assessment system maps one or more unique software identifiers in the application metadata to global security risk metadata that corresponds to applications identified by the one or more unique software identifiers, thereby generating a vulnerable application dataset.
Saxena (US2011/0321164) teaches a method and system for adaptive vulnerability scanning (AVS) of an application is provided. The adaptive vulnerability scanning of an application assists in identifying new vulnerabilities dynamically. The endpoints of an application are scanned using a predefined set of rules. Subsequently, one or more possible vulnerabilities are presented. The vulnerabilities are analyzed and predefined rules are modified. The steps of scanning the application and modification of rules are iteratively repeated till the adaptive vulnerability scanning capability is achieved. A neural network is used for training the adaptive vulnerability scanner. This neural network is made to learn some rules based on predefined set of rules while undergoing the training phase. At least one weight in neural networks is altered while imparting the self-learning capability.
Reguly (US10158660) teaches Apparatus and methods are disclosed for performing dynamic vulnerability correlation suitable for use in enterprise information technology (IT) environments, including vulnerability filtering, patch correlation, and vulnerability paring. According to one disclosed embodiment, a method of vulnerability filtering includes attempting to execute vulnerability scanning rules according to a specified order in a rule hierarchy, and depending on the type of the rule hierarchy and on whether the attempt was successful, not executing additional rules in the rule hierarchy. In another disclosed embodiment, a method of patch correlation includes executing vulnerability scanning rules based on a correlation association including, if a particular vulnerability is detected, then not executing other correlated scanning rules for a particular software patch. In another disclosed embodiment, a method of vulnerability paring includes defining a plurality of patch milestones for a software product and scanning a target computer for vulnerabilities associated with a current installed patch.
Brake (US2013/0312102) teaches verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.
McClintock (US9923916) teaches adaptive methods and systems are provided to scan websites/Web applications for vulnerabilities. The methods and systems identify a reference string in a first response web page and an authorized context in which the reference string appears. The first response web page is generated at least in part based on the reference string. An escape attempt input is determined based on the reference string and authorized context, and the escape attempt input is present to the website. The methods and systems identify an escape attempt input in a second response web page and a candidate context in which the escape attempt input appears, wherein the second response web page is generated at least in part based on the escape attempt input. The methods and systems determine when the escape attempt input appears in an un-authorized context in the second response web page. The adaptive methods and systems herein, efficiently identify website vulnerabilities, and thus may be run frequently, thereby resulting in improved security without excessively drawing upon website resources.
Xie (US2012/0304244) teaches a zero-day attack, also sometimes referred to as a zero-hour attack or day zero attack, is a malware threat or attack that attempts to exploit vulnerabilities (e.g., in an operating-system, application software, security software, and/or other aspects of a computing/network platform) that are new and/or previously unidentified or unknown to others or the software developer. Zero-day exploits generally refer to software that exploits a security hold to carry out an attack. Zero-day exploits are used or shared by hackers or attackers before the developer of the target software/platform is aware of the vulnerability and/or prior to the target software/platform provider providing a fix to the vulnerability (e.g., distributing an update to patch the security hole) and/or prior to security providers providing an update that can detect the malware (e.g., distributing a signature and/or a heuristic that can detect the attack(s) attempting to exploit the vulnerability.


However, none of closest prior arts mentioned above teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims 1. For example, none of the cited prior art, alone or in combination, teaches or suggest the steps of “determining, by the computerized system, correspondence between the product binary data and the product vulnerability data based on matching the first product identification data with the second product identification data, wherein the product vulnerability data includes a country of origin for a product identified by the second product identification data; generating, by the computerized system, a binaries-to-vulnerabilities database based on the determined correspondence between the product binary data and the product vulnerability data” in view of other limitations of claim 1 and steps or elements as recited in the independent claim 10. For example, none of the cited prior art, alone or in combination, teaches or suggest the steps of “receiving, by the computerized system, product country of origin data and second product identification data that correspond to each other; determining, by the computerized system, correspondence between the product binary data and the product country of origin data based on matching the first product identification data with the second product identification data; generating, by the computerized system, a binaries-to-country of origin database based on the determined correspondence between the product binary data and the product country of origin data; scanning, by the computerized system using the binaries-to-country of origin database, target binary data from a target device to find matches between the target binary data and the product binary data; and determining, by the computerized system, a country of origin for a product of the target device based on results of the scanning and the correspondence between the product binary data and the product country of origin data” in view of other limitations of claim 10.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496