DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted by applicant dated 04/16/2021 has been considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-2 and 4-7 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-2, 4-6 and 10-13 of USPN 11,003,775 (Appl. No: 16/128474). Although the claims at issue are not identical, they are not patentably distinct from each other. (see Claim-Comparison Table below for independent claim 1 of the instant application against Claims 1, 5, 11-12 of 11,003,775).
Claim
Application#17,233,236
Claim
USPN # 11,003,775
1
A computer-implemented method for ransomware detection. the method comprising:
1
A computer-implemented method for ransomware detection, comprising:
1
based on first events initiated by a computational entity in a computer system detecting one or more instances of the computational entity engaging in one or more first behaviors associated with one or more storage resources of the computer system;

1
based on first events initiated by a computational entity in a computer system, the computational entity comprising a plurality of related computational units, detecting one or more instances of the computational entity engaging in one or more first behaviors associated with one or more storage resources of the computer system;
1
assigning at least one potential ransomware category to the computational entity based on the detected instances of the first behaviors; 

1
assigning at least one potential ransomware category to the computational entity based on the detected instances of the first behaviors;
1
based on the assigning of the at least one potential ransomware category, determining whether the computational entity comprises a plurality of related computational units;

1
initiating one or more protection actions to protect the one or more storage resources against one or more modification operations, based on second events initiated by the computational entity, detecting one or more instances of the computational entity engaging in one or more second behaviors corresponding to the potential ransomware category, the one or more second behaviors comprising attempts by one or more computational units of the plurality of related computational units to access the one or more storage resources;
1
upon determining that the computational entity comprises the plurality of related computational units, identifying an effective actor within the plurality of related computational units at least by traversing a hierarchy of the plurality of related computational units and identifying a computational unit in the hierarchy, that is neither an operating system (OS) component nor a verified application, as the effective actor;

5
traversing a hierarchy of the plurality of related computational units to detect the one or more computational units and identifying a related computational unit that is not part of an operating system and is not a known verified application; and updating the ransomware category based on the identifying

1
assigning a threat score to the computational entity based on the assigned potential ransom are category and the effective actor; 

11
assigning a threat score to the computational entity based on the assigned potential ransomware category, the assigned potential ransomware subcategory, and/or the detected instances of the second behaviors.
1
determining whether the assigned threat score exceeds a threshold score associated with a protection policy; and 
upon the assigned threat score exceeding the threshold score, applying the protection policy to the computational entity to protect the computer system.  

12
determining whether the assigned threat score exceeds a threshold score associated with the assigned potential ransomware subcategory, and if so, initiating a mitigation action associated with the assigned potential ransomware subcategory.


Claims 2 and 4-7 of the instant application is equivalent in scope with Claims 2, 4, 6, 10 and 13 of USPN 11,003,775.

Claim Objections
Claim 8 is objected to because of the following informalities:  the claim recites “applying the protection policy to the identified computational entity to protect the computer system”.  It is suggested to amend to “applying the protection policy to the computational entity to protect the computer system”.

Claim 15 is objected to because of the following informalities:  the claim recites “apply the protection policy to the identified computational entity to protect the computer system”.  It is suggested to amend to “apply the protection policy to the computational entity to protect the computer system”.
Appropriate corrections are required.
Allowable Subject Matter
Claims 1-20 would be allowable if a terminal disclaimer is timely filed, and if rewritten or amended to overcome the claim objections, set forth in this Office action.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959. The examiner can normally be reached M-F 8am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HENRY TSANG/Primary Examiner, Art Unit 2495