DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to an application filed 02/15/2021. This application claims benefit of a Provisional Application No. 62/764,689, filed 08/15/2018, wherein claims 1 – 20 are pending and ready for examination.  

                                      Information Disclosure Statement 
The information disclosure statement (IDS) submitted on 02/15/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claims 1,7, and 13 recites the limitation " the stack space" in replacing one or more instructions including the size of the stack space with the randomized stack size.  There is insufficient antecedent basis for this limitation in the claim.  The Examiner assumes the claimed size of the stack space is the size originally requested but as claimed the replacement is not positively to the size originally requested. Claims depending from Claims 1, 7, and 13 are likewise rejected by virtue of their dependency.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-3, 7-9, 13-15, and 19 are rejected under 35 U.S.C. 102(2) as being anticipated by Guidry; Michael, US 20160357958 A1, December 8, 2016 hereafter referred to as Guidry.

         As to claim 1, Guidry teaches a method of defending against stack-based cybersecurity attacks - Guidry [0110] … a process for heap and/or stack protection is provided by padding memory allocations on the heap and/or stack. Heap allocation sizes are increased to provide padding as well as to produce unexpected memory sizes so that an attempted attack through an exploit, for example, will fail by hooking a heap allocation function. The stack size can additionally or alternatively be increased by modifying an application's assembly code to increase the stack size of functions that have static (stack) memory to provide unpredictable memory sizes to break or otherwise mitigate exploits. Here, the claimed ‘method’ is taught by Guidry as ‘process’ whereas the claimed ‘defending’ is taught by Guidry as ‘stack protection’.  The claimed ‘cybersecurity attacks’ was taught by Guidry as ‘exploits’ and further illustrated at decision block 846’ of Figure 16) that exploit vulnerabilities in buffer overflows of a stack register included as part of a random access memory (RAM) configured for storing local variables of a function included in a program binary - Guidry [0107 and 0109] since at ‘107 … the original assembly code 602 of a process or application is provided in a memory such as memory 82 including a RAM or ROM since at ‘109 The stack tracking agent tracks memory allocations on the stack for potential exploits relating to the corresponding application or process. The checking agent is added to assembly code to monitor and check for potential exploits relating to overwrites of memory.  Here, the claimed ‘vulnerabilities’ is taught by Guidry as ‘potential exploits’ because the attack has not occurred but is prone to an attack due to an overflow.  The claimed ‘stack register’ is taught by Guidry as ‘memory allocation’ because the register resides in memory with an allocated address range, per Guidry at [0062].  The claimed ‘variables of a function’ is taught by Guidry as ‘corresponding applications’ because the stack memory maps to applications whereby applications are functions and specific variables.  The claimed ‘buffer overflows’ is taught by Guidry as ‘overwrites’ whereas the claimed ‘binary’ is taught by Guidry as ‘assembly code’) comprising:
              generating a random number offset – Guidry [0114] … The pad can be a random size in one example. For example a page size of one page to four pages or another arbitrary number of pages can be used in one example… The increase in space is automatic and can be by a certain amount or a randomly generated amount across the entire system for each application.  Here, the claimed ‘generating’ is taught by Guidry as ‘randomly generated’ whereas the claimed ‘offset’ is taught by Guidry as ‘pad’ because is additional address space added to the original assembly code either before or after);
            determining a size of the stack space originally requested by the program binary – Guidry [0117] … At step 808 the patching agent inserts code into the application to increase the size of the stack allocations for memory stack instructions. The patching agent accesses these instructions via assembly code and modifies the assembly code to increase the memory stack allocations.  Here, the claimed ‘determining’ is taught by Guidry as ‘accesses these instructions’ as the patching agent refers to assembly level instructions of the application to determine the ajusted stack size);
           generating a randomized stack size by adding the random number offset to the
size of the stack space originally requested by the program binary – Guidry [0104] The heap can have randomized amounts of padding that are appended behind each memory allocation.  Here, the claimed ‘generating’ is taught by Guidry as ‘appended’ because additional memory is added to the stack. The claimed ‘random number offset’ is taught by Guidry as ‘randomized amounts’ and the claimed ‘offset’ is taught by Guidry as ‘padding’ because the pad is based on the additional space added by the HeapCreate command.  The claimed ‘size of the stack’ is taught by Guidry as ‘memory allocation’ because the original stack size was the memory allocated to the heap);
           replacing one or more instructions including the size of the stack space with the randomized stack size – Guidry [0104] … The heap can have randomized amounts of padding that are appended behind each memory allocation. This can be performed by manipulating HeapCreate( ) for heaps other than the processes global heap, and may by performed by faking sizes by HeapQueryInf).).  Here, the claimed ‘replacing one or more instructions’ is taught by Guidry as ‘faking sizes’ because the QueryInf command increases the size of the instruction code set associated with the Heap.  The claimed ‘randomized stack size’ is taught by Guidry as ‘randomized amounts of padding’);
            upon entry of program flow into the function, allocating stack space on the stack
register in accordance with the randomized stack size - Guidry [0122] At step 820, a function is called that includes a dynamic memory allocation. The function at 820 will have been modified previously by the patching agent as shown in FIG. 14. The modified code may include a heap tracking agent. At step 822 the heap tracking agent inserts a pad before the buffer of the dynamic heap memory allocation.  Here, the claimed ‘upon entry of program flow’ is taught by Guidry as ‘function is called’ which enters the function into the operational flow of the program.  The claimed ‘allocating stack space’ is taught by Guidry as ‘agent inserts a pad’ with adds memory space to the stack for code tracking.  The claimed ‘randomized stack size’ is taught by 
Guidry as ‘dynamic memory allocation’ as previously taught by Guidry at [0104] as randomized padding and
            upon exit of program flow into the function, de-allocating the allocated stack
space - Guidry [0117] … the patching agent may examine the function for “sub esp, X” instructions which are used to decrease the stack and give space for function variables as well as the add “esp, X” instruction which will fix the stack space for whenever there is a return to the caller.  Here, the claimed ‘upon exit of program flow’ is taught by Guidry as ‘return to caller’.  The claimed ‘de-allocating’ is taught by Guidry as ‘decrease the stack’ which is accomplished using the function sub esp, X. The claimed ‘allocated stack space’ is taught by Guidry as ‘fix the stack space’ which is accomplished using the function add esp, X referenced by the return).

           As to claim 2, Guidry teaches the method of claim 1, wherein the one or more instructions are setup instructions associated with creating the stack space for the function – Guidry [0044]  In return-oriented programming (ROP), exploits are generated by manipulating a call stack to cause execution of individual machine-level instructions. Sequences of these low-level commands are executed in what are commonly referred to as gadgets. Many functions, in C/C++ and other languages, begin with an instruction such as “Push ebp.” Here, the claimed ‘setup instructions’ is taught by Guidry as ‘Push ebp’ because the command initializes memory allocations in a Heap.  Guidry defines the stack as within the Heap as further taught by Guidry at [0062]).

         As to claim 3, Guidry teaches the method of claim 1, wherein the one or more instructions are cleanup instructions associated with returning the allocated stack space for the functions back to the stack - Guidry [0044] … These functions generally end with an instruction such as “Pop epb” followed by “Ret”. Here, the claimed ‘cleanup instructions’ is taught by Guidry as ‘Pop epb” followed by Ret’ since popping removes any non-registered memory space from the stack thereby rendering the stack back to its size since at ‘132 …If the data that is being written will cause a memory overflow, the code is blocked at step 888. For example, if there is a heap overflow the data will overwrite flink/blink so that when the memory gets deallocated, the checking agent can force the function to write a NULL byte at a specific location.  Here, the claimed ‘cleanup instructions’ is taught by Guidry as ‘memory gets deallocated’).  

As to claim 7, Guidry teaches a non-transitory computer-readable storage medium having stored thereon instructions for defending against stack-based cybersecurity attacks – Guidry [0107] … Computer readable storage media may be implemented in any method or technology for non-transitory storage of information such as computer readable instructions, data structures, program modules or other data) that exploit vulnerabilities in buffer overflows of a stack register included as part of a random access memory (RAM) configured for storing local variables of a function included in a program binary - Guidry [0107 and 0109] since at ‘107 … the original assembly code 602 of a process or application is provided in a memory such as memory 82 including a RAM or ROM since at ‘109 The stack tracking agent tracks memory allocations on the stack for potential exploits relating to the corresponding application or process. The checking agent is added to assembly code to monitor and check for potential exploits relating to overwrites of memory.  Here, the claimed ‘vulnerabilities’ is taught by Guidry as ‘potential exploits’ because the attack has not occurred but is prone to an attack due to an overflow.  The claimed ‘stack register’ is taught by Guidry as ‘memory allocation’ because the register resides in memory with an allocated address range, per Guidry at [0062].  The claimed ‘variables of a function’ is taught by Guidry as ‘corresponding applications’ because the stack memory maps to applications whereby applications are functions and specific variables.  The claimed ‘buffer overflows’ is taught by Guidry as ‘overwrites’ whereas the claimed ‘binary’ is taught by Guidry as ‘assembly code’) comprising:
              generating a random number offset – Guidry [0114] … The pad can be a random size in one example. For example a page size of one page to four pages or another arbitrary number of pages can be used in one example… The increase in space is automatic and can be by a certain amount or a randomly generated amount across the entire system for each application.  Here, the claimed ‘generating’ is taught by Guidry as ‘randomly generated’ whereas the claimed ‘offset’ is taught by Guidry as ‘pad’ because is additional address space added to the original assembly code either before or after);
            determining a size of the stack space originally requested by the program binary – Guidry [0117] … At step 808 the patching agent inserts code into the application to increase the size of the stack allocations for memory stack instructions. The patching agent accesses these instructions via assembly code and modifies the assembly code to increase the memory stack allocations.  Here, the claimed ‘determining’ is taught by Guidry as ‘accesses these instructions’ as the patching agent refers to assembly level instructions of the application to determine the ajusted stack size);
           generating a randomized stack size by adding the random number offset to the
size of the stack space originally requested by the program binary – Guidry [0104] The heap can have randomized amounts of padding that are appended behind each memory allocation.  Here, the claimed ‘generating’ is taught by Guidry as ‘appended’ because additional memory is added to the stack. The claimed ‘random number offset’ is taught by Guidry as ‘randomized amounts’ and the claimed ‘offset’ is taught by Guidry as ‘padding’ because the pad is based on the additional space added by the HeapCreate command.  The claimed ‘size of the stack’ is taught by Guidry as ‘memory allocation’ because the original stack size was the memory allocated to the heap);
           replacing one or more instructions including the size of the stack space with the randomized stack size – Guidry [0104] … The heap can have randomized amounts of padding that are appended behind each memory allocation. This can be performed by manipulating HeapCreate( ) for heaps other than the processes global heap, and may by performed by faking sizes by HeapQueryInf).).  Here, the claimed ‘replacing one or more instructions’ is taught by Guidry as ‘faking sizes’ because the QueryInf command increases the size of the instruction code set associated with the Heap.  The claimed ‘randomized stack size’ is taught by Guidry as ‘randomized amounts of padding’);
            upon entry of program flow into the function, allocating stack space on the stack
register in accordance with the randomized stack size - Guidry [0122] At step 820, a function is called that includes a dynamic memory allocation. The function at 820 will have been modified previously by the patching agent as shown in FIG. 14. The modified code may include a heap tracking agent. At step 822 the heap tracking agent inserts a pad before the buffer of the dynamic heap memory allocation.  Here, the claimed ‘upon entry of program flow’ is taught by Guidry as ‘function is called’ which enters the function into the operational flow of the program.  The claimed ‘allocating stack space’ is taught by Guidry as ‘agent inserts a pad’ with adds memory space to the stack for code tracking.  The claimed ‘randomized stack size’ is taught by 
Guidry as ‘dynamic memory allocation’ as previously taught by Guidry at [0104] as randomized padding and
            upon exit of program flow into the function, de-allocating the allocated stack
space - Guidry [0117] … the patching agent may examine the function for “sub esp, X” instructions which are used to decrease the stack and give space for function variables as well as the add “esp, X” instruction which will fix the stack space for whenever there is a return to the caller. By identifying each of these instructions the patching agent modifies both stack allocations related to these instructions.  Here, the claimed ‘upon exit of program flow’ is taught by Guidry as ‘de-allocating’ is taught by Guidry as ‘sub esp,X’ which is a command that decreases the stack size). 

           As to claim 8, Guidry teaches the non-transitory computer-readable storage medium of claim 7, wherein the one or more instructions are setup instructions associated with creating the stack space for the function – Guidry [0044]  In return-oriented programming (ROP), exploits are generated by manipulating a call stack to cause execution of individual machine-level instructions. Sequences of these low-level commands are executed in what are commonly referred to as gadgets. Many functions, in C/C++ and other languages, begin with an instruction such as “Push ebp.” Here, the claimed ‘setup instructions’ is taught by Guidry as ‘Push ebp’ because the command initializes memory allocations in a Heap.  Guidry defines the stack as within the Heap as further taught by Guidry at [0062]).
.

              As to claim 9, Guidry teaches the non-transitory computer-readable storage medium of claim 7, wherein the one or more instructions are cleanup instructions associated with returning the allocated stack space for the functions back to the stack - Guidry [0044] … These functions generally end with an instruction such as “Pop epb” followed by “Ret”. Here, the claimed ‘cleanup instructions’ is taught by Guidry as ‘Pop epb” followed by Ret’ since popping removes any non-registered memory space from the stack thereby rendering the stack back to its size since at ‘132 …If the data that is being written will cause a memory overflow, the code is blocked at step 888. For example, if there is a heap overflow the data will overwrite flink/blink so that when the memory gets deallocated, the checking agent can force the function to write a NULL byte at a specific location.  Here, the claimed ‘cleanup instructions’ is taught by Guidry as ‘memory gets deallocated’).

             As to claim 13, Guidry teaches an apparatus - Guidry [0005] FIG. 1 is a simplified block diagram of a computing device that can be used to implement various embodiments of the disclosed technology.  Here, the claimed ‘apparatus’ is taught by Guidry as ‘computing device’) for defending against stack-based cybersecurity attacks - Guidry [0110] … a process for heap and/or stack protection is provided by padding memory allocations on the heap and/or stack. Heap allocation sizes are increased to provide padding as well as to produce unexpected memory sizes so that an attempted attack through an exploit, for example, will fail by hooking a heap allocation function. The stack size can additionally or alternatively be increased by modifying an application's assembly code to increase the stack size of functions that have static (stack) memory to provide unpredictable memory sizes to break or otherwise mitigate exploits. Here, the claimed ‘defending’ is taught by Guidry as ‘stack protection’.  The claimed ‘cybersecurity attacks’ was taught by Guidry as ‘exploits’ and further illustrated at decision block 846’ of Figure 16) that exploit vulnerabilities in buffer overflows of a stack register included as part of a random access memory (RAM) configured for storing local variables of a function included in a program binary - Guidry [0107 and 0109] since at ‘107 … the original assembly code 602 of a process or application is provided in a memory such as memory 82 including a RAM or ROM since at ‘109 The stack tracking agent tracks memory allocations on the stack for potential exploits relating to the corresponding application or process. The checking agent is added to assembly code to monitor and check for potential exploits relating to overwrites of memory.  Here, the claimed ‘vulnerabilities’ is taught by Guidry as ‘potential exploits’ because the attack has not occurred but is prone to an attack due to an overflow.  The claimed ‘stack register’ is taught by Guidry as ‘memory allocation’ because the register resides in memory with an allocated address range, per Guidry at [0062].  The claimed ‘variables of a function’ is taught by Guidry as ‘corresponding applications’ because the stack memory maps to applications whereby applications are functions and specific variables.  The claimed ‘buffer overflows’ is taught by Guidry as ‘overwrites’ whereas the claimed ‘binary’ is taught by Guidry as ‘assembly code’) comprising:
              generating a random number offset – Guidry [0114] … The pad can be a random size in one example. For example a page size of one page to four pages or another arbitrary number of pages can be used in one example… The increase in space is automatic and can be by a certain amount or a randomly generated amount across the entire system for each application.  Here, the claimed ‘generating’ is taught by Guidry as ‘randomly generated’ whereas the claimed ‘offset’ is taught by Guidry as ‘pad’ because is additional address space added to the original assembly code either before or after);
            determining a size of the stack space originally requested by the program binary – Guidry [0117] … At step 808 the patching agent inserts code into the application to increase the size of the stack allocations for memory stack instructions. The patching agent accesses these instructions via assembly code and modifies the assembly code to increase the memory stack allocations.  Here, the claimed ‘determining’ is taught by Guidry as ‘accesses these instructions’ as the patching agent refers to assembly level instructions of the application to determine the ajusted stack size);
           generating a randomized stack size by adding the random number offset to the
size of the stack space originally requested by the program binary – Guidry [0104] The heap can have randomized amounts of padding that are appended behind each memory allocation.  Here, the claimed ‘generating’ is taught by Guidry as ‘appended’ because additional memory is added to the stack. The claimed ‘random number offset’ is taught by Guidry as ‘randomized amounts’ and the claimed ‘offset’ is taught by Guidry as ‘padding’ because the pad is based on the additional space added by the HeapCreate command.  The claimed ‘size of the stack’ is taught by Guidry as ‘memory allocation’ because the original stack size was the memory allocated to the heap);
           replacing one or more instructions including the size of the stack space with the randomized stack size – Guidry [0104] … The heap can have randomized amounts of padding that are appended behind each memory allocation. This can be performed by manipulating HeapCreate( ) for heaps other than the processes global heap, and may by performed by faking sizes by HeapQueryInf).).  Here, the claimed ‘replacing one or more instructions’ is taught by Guidry as ‘faking sizes’ because the QueryInf command increases the size of the instruction code set associated with the Heap.  The claimed ‘randomized stack size’ is taught by Guidry as ‘randomized amounts of padding’);
            upon entry of program flow into the function, allocating stack space on the stack
register in accordance with the randomized stack size - Guidry [0122] At step 820, a function is called that includes a dynamic memory allocation. The function at 820 will have been modified previously by the patching agent as shown in FIG. 14. The modified code may include a heap tracking agent. At step 822 the heap tracking agent inserts a pad before the buffer of the dynamic heap memory allocation.  Here, the claimed ‘upon entry of program flow’ is taught by Guidry as ‘function is called’ which enters the function into the operational flow of the program.  The claimed ‘allocating stack space’ is taught by Guidry as ‘agent inserts a pad’ with adds memory space to the stack for code tracking.  The claimed ‘randomized stack size’ is taught by 
Guidry as ‘dynamic memory allocation’ as previously taught by Guidry at [0104] as randomized padding and
            upon exit of program flow into the function, de-allocating the allocated stack
space - Guidry [0117] … the patching agent may examine the function for “sub esp, X” instructions which are used to decrease the stack and give space for function variables as well as the add “esp, X” instruction which will fix the stack space for whenever there is a return to the caller. By identifying each of these instructions the patching agent modifies both stack allocations related to these instructions.  Here, the claimed ‘upon exit of program flow’ is taught by Guidry as ‘de-allocating’ is taught by Guidry as ‘sub esp,X’ which is a command that decreases the stack size).

           As to claim 14, Guidry teaches the apparatus of claim 13, wherein the one or more instructions are setup instructions associated with creating the stack space for the function – Guidry [0044]  In return-oriented programming (ROP), exploits are generated by manipulating a call stack to cause execution of individual machine-level instructions. Sequences of these low-level commands are executed in what are commonly referred to as gadgets. Many functions, in C/C++ and other languages, begin with an instruction such as “Push ebp.” Here, the claimed ‘setup instructions’ is taught by Guidry as ‘Push ebp’ because the command initializes memory allocations in a Heap.  Guidry defines the stack as within the Heap as further taught by Guidry at [0062]).

             As to claim 15, the Guidry teaches the apparatus of claim 13, wherein the one or more instructions are cleanup instructions associated with returning the allocated stack space for the functions back to the stack - Guidry [0044] … These functions generally end with an instruction such as “Pop epb” followed by “Ret”. Here, the claimed ‘cleanup instructions’ is taught by Guidry as ‘Pop epb” followed by Ret’ since popping removes any non-registered memory space from the stack thereby rendering the stack back to its size since at ‘132 …If the data that is being written will cause a memory overflow, the code is blocked at step 888. For example, if there is a heap overflow the data will overwrite flink/blink so that when the memory gets deallocated, the checking agent can force the function to write a NULL byte at a specific location.  Here, the claimed ‘cleanup instructions’ is taught by Guidry as ‘memory gets deallocated’).  

                As to claim 19, Guidry teaches the apparatus of claim 13, wherein the random number offset is produced by a random number generator – Guidry [0104] The heap can have randomized amounts of padding that are appended behind each memory allocation.  Here, the claimed ‘generating’ is taught by Guidry as ‘appended’ because additional memory is added to the stack. The claimed ‘random number offset’ is taught by Guidry as ‘randomized amounts’ and the claimed ‘offset’ is taught by Guidry as ‘padding’ because the pad is based on the additional space added by the HeapCreate command).


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 4-5, 10-11, and 16 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Guidry; Michael, US 20160357958 A1, December 8, 2016 hereafter referred to as Guidry in view of Radigan; James J et al., US 20160321045 A1, November 3, 2016, hereafter referred to as Radigan.

           As to claim 4, Guidry teaches the method of claim 2.  GUIDRY DOES NOT TEACH wherein the setup instructions are included in a prologue of the function - Guidry [0127] ... HOWEVER, IN AN ANALOGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR RADIGAN TEACHES wherein the setup instructions are included in a prologue of the function – Radigan [0204] FIG. 10 shows an example of the stack layout where a function A calls a non-leaf function B. Function A's prolog has already allocated space for all the register and stack parameters required by B at the bottom of the stack. Here, the claimed ‘setup instructions’ is taught by Radigan as ‘the register and stack parameters’ since the instructions initializes the stack space.  The claimed ‘prologue of the function’ is taught by Radigan as ‘Function A’s prolog’ which carries the setup instructions for stack space allocation.  The Examiner construes terms ‘prolog and prologue’ as both English terms, one American and the other British. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Guidry’s patching agent logic with Radigan setup instructions.  Placing Guidry’s sub esp X variable in Radigan’s prologue avoids excessive search execution thereby increasing security).  

         As to claim 5, Guidry teaches the method of claim 3.  GUIDRY DOES NOT TEACH wherein the cleanup instructions are included in an epilogue of the function, HOWEVER, IN AN ANALOGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR RADIGAN TEACHES wherein the cleanup instructions are included in an epilogue of the function – Radigan [0149] … Insert a “done” label after the debug break in the default which should be right before the epilogue.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Guidry’s patching agent logic to look for cleanup up instructions in the epilog.  Guidry is not explicit how where the agent finds the call back instructions for deallocation.  Radigan solves this by providing cleanup instructions in the epilogue of the function thereby avoiding any search execution to locate the add esp. X which increases efficiency for application protection).     

           As to claim 10, Guidry teaches the non-transitory computer-readable storage medium of claim 8. GUIDRY DOES NOT TEACH wherein the setup instructions are included in a prologue,  HOWEVER, IN AN ANALOGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR RADIGAN TEACHES wherein the setup instructions are included in a prologue of the function –– Radigan [0204] FIG. 10 shows an example of the stack layout where a function A calls a non-leaf function B. Function A's prolog has already allocated space for all the register and stack parameters required by B at the bottom of the stack. Here, the claimed ‘setup instructions’ is taught by Radigan as ‘the register and stack parameters’ since the instructions initializes the stack space.  The claimed ‘prologue of the function’ is taught by Radigan as ‘Function A’s prolog’ which carries the setup instructions for stack space allocation.  The Examiner construes terms ‘prolog and prologue’ as both English terms, one American and the other British.  The rationale to combine the Guidry with Radigan in claim 4 applies here in claim 10).

           As to claim 11, Guidry teaches the non-transitory computer-readable storage medium of claim 9. GUIDRY DOES NOT TEACH wherein the cleanup instructions are included in an epilogue of the function, HOWEVER, IN AN ANALOGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR RADIGAN TEACHES wherein the cleanup instructions are included in an epilogue of the function) – Radigan [0149] … Insert a “done” label after the debug break in the default which should be right before the epilogue. Here, the claimed ‘cleanup’ is taught by Radigan as ‘debug break’ a process to eliminate any defects or errors whereas the claimed ‘epilog of the function’ is taught by Guidry as ‘epilogue’ as the debugging is directed to the code/function under review.  The rationale for Guidry to consider the features of Radigan in claim 5 apply here in claim 11).

             As to claim 16, Guidry teaches the apparatus of claim 14. GUIDRY DOES NOT TEACH wherein the setup instructions are included in a prologue of the function, HOWEVER, IN AN ANALOGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR RADIGAN TEACHES wherein the setup instructions are included in a prologue of the function - Guidry [0127] ... HOWEVER, IN AN ANALOGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR RADIGAN TEACHES wherein the setup instructions are included in a prologue of the function – Radigan [0204] FIG. 10 shows an example of the stack layout where a function A calls a non-leaf function B. Function A's prolog has already allocated space for all the register and stack parameters required by B at the bottom of the stack. Here, the claimed ‘setup instructions’ is taught by Radigan as ‘the register and stack parameters’ since the instructions initializes the stack space.  The claimed ‘prologue of the function’ is taught by Radigan as ‘Function A’s prolog’ which carries the setup instructions for stack space allocation.  The Examiner construes terms ‘prolog and prologue’ as both English terms, one American and the other British.  The rationale to combine the Guidry with Radigan in claim 4 applies here in claim 16).

            As to claim 17, Guidry teaches the apparatus of claim 15. GUIDRY DOES NOT TEACH wherein the cleanup instructions are included in an epilogue of the function, HOWEVER IN AN ANALOGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR RADIGAN TEACHES wherein the cleanup instructions are included in an epilogue of the function) – Radigan [0149] … Insert a “done” label after the debug break in the default which should be right before the epilogue. Here, the claimed ‘cleanup’ is taught by Radigan as ‘debug break’ a process to eliminate any defects or errors whereas the claimed ‘epilog of the function’ is taught by Guidry as ‘epilogue’ as the debugging is directed to the code/function under review.  The rationale for Guidry to consider the features of Radigan in claim 5 apply here in claim 17).

Claims 6, 12, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Guidry in view of Yahav; Eran et al, US 20180285101 A1, October 4, 2018, hereafter referred to as Yahav.

             As to claim 6, Guidry teaches the method of claim 1.  GUIDRY DOES NOT TEACH wherein the program binary is standalone code devoid of the source code HOWVER IN AN ANALOGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR YAHAV TEACHES wherein the program binary is standalone code devoid of the source code - Yahav [0018] … the first binary record and/or the second binary record are stripped binaries comprising no debugging information. The stripped binary records may include no debugging information thus making it difficult to trace the source code from which the binary record(s) originates, Here, the claimed ‘program binary’ is taught by Yahav as ‘first binary record’.  The claimed ‘devoid’ is taught by Yahav as ‘no debugging information’.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a template feature.  Guidry lacks the ability to create standalone code as structure but Yahav provides Guidry template procedures providing different functionality from a single structure which makes Guidry system more responsive a more various kinds of attacks).       

           As to claim 12, Guidry teaches the non-transitory computer-readable storage medium of claim 7.  GUIDRY DOES NOT TEACH wherein the program binary is standalone code devoid of the source code HOWVER IN AN ANALOGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR YAHAV TEACHES wherein the program binary is standalone code devoid of the source code - Yahav [0018] … the first binary record and/or the second binary record are stripped binaries comprising no debugging information. The stripped binary records may include no debugging information thus making it difficult to trace the source code from which the binary record(s) originates, Here, the claimed ‘program binary’ is taught by Yahav as ‘first binary record’.  The claimed ‘devoid’ is taught by Yahav as ‘no debugging information’.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a template feature.  Guidry lacks the ability to create standalone code as structure but Yahav provides Guidry template procedures providing different functionality from a single structure which makes Guidry system more responsive a more various kinds of attacks).               

           As to claim 18, Guidry teaches the apparatus of claim 13. GUIDRY DOES NOT TEACH wherein the program binary is standalone code devoid of the source code HOWVER IN AN ANALOGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR YAHAV TEACHES wherein the program binary is standalone code devoid of the source code - Yahav [0018] … the first binary record and/or the second binary record are stripped binaries comprising no debugging information. The stripped binary records may include no debugging information thus making it difficult to trace the source code from which the binary record(s) originates, Here, the claimed ‘program binary’ is taught by Yahav as ‘first binary record’.  The claimed ‘devoid’ is taught by Yahav as ‘no debugging information’.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a template feature.  Guidry lacks the ability to create standalone code as structure but Yahav provides Guidry template procedures providing different functionality from a single structure which makes Guidry system more responsive a more various kinds of attacks).    
   
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Guidry, in view of Mun; Johnathan US 20150317135 A1, November 5, 2015, hereafter referred to as Mun.

            As to claim 20, Guidry teaches the apparatus of claim 19.  GUIDRY DOES NOT TEACH wherein a seed of the random number generator is a user-specified value HOWEVER IN AN ANALOGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR MUN TEACHES wherein a seed of the random number generator is a user-specified value – Mun [0038] …  The ROV Evaluator can also allow the end-user to input a random seed 120 value as a starting point for the random number generator. Here, the claimed ‘seed’ is taught by Mun as ‘random seed 120 value’ which is a value selected as use input.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Guidry’s Computer System Security with a random number generator seeded by the user.  Guidry teaches the use of randomly inserting stack verifications but not how randomness is provided.  Mun gives Guidry a random number generator with the ability for user input thereby increasing the user support and participation for computer security). 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 7:00 a.m. to 3:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 249108/01/2022