DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to the correspondence filed on 08/04/21.  Claims 1-8 are still pending and have been considered below.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1-8 recite the limitation "the computer application software" throughout the claims.  There is insufficient antecedent basis for this limitation in the claims.  Examiner notes that the preceding claim language appears to establish at least two separate and distinct instances of “computer application software” (see lines 1 and 2 of Claim 1); thus, render the claims indefinite in that it is unclear as to which one the limitation should be in reference to.
Claim 5 recites the limitation "the virus" in line 5.  There is insufficient antecedent basis for this limitation in the claim.  Examiner notes that the preceding claim language appears to establish a first instance of a “system virus” in addition to two separate and distinct instances of a “virus” (see line 18 of Claim 1; and lines 3 and 4 of Claim 5); thus, renders the claim indefinite in that it is unclear as to which one the limitation should be in reference to.
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claims 6-8 are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.
Examiner notes that Claims 6-8 are directed to a method of using the device of Claim 1 and do not appear to necessarily require all the limitations of the claim upon which it depends; thus, Claims 6-8 fail to specify a further limitation on the subject matter of Claim 1 to which it refers because Claims 6-8 are completely outside the scope of Claim 1.  Pfizer, Inc. v. Ranxbaxy Labs. Ltd., 457 F.3d 1284, 1292 (Fed. Cir. 2006).
Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-5 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claimed invention is directed to a “device” merely comprising various software modules and/or databases; thus, is directed to software and/or signals per se.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 4 and 6-8 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Oliphant et al. (2016/0088010).
Claim 1:  Oliphant et al. discloses a device for repairing a security vulnerability of computer application software, comprising: 
vulnerability repairing software, computer application software and computer system software, wherein the vulnerability repairing software comprises a main control module, a software vulnerability repairing module, a software vulnerability scanning module, a system virus repairing module, a system virus scanning module, a software vulnerability definition central database and a system virus definition central database(security server performs various security-related functions to detect and remediate vulnerabilities on client devices…IDS is enabled to access the anti-vulnerability logic engine/platform and attempts to identify malicious code by signatures at host client level) [page 2, paragraph 0019 | page 6, paragraph 0079 | pages 7-8, paragraphs 0099-0100]; and
wherein the main control module, the software vulnerability repairing module, the software vulnerability scanning module, the system virus repairing module, the system virus scanning module, the software vulnerability definition central database and the system virus definition central database interact information with the computer application software and the computer system software(acquirers real-time status information from each client using client-side software) [page 4, paragraphs 0046-0048];
the main control module sends a notification to the software vulnerability scanning module and the system virus scanning module, respectively(server automatically configures and deploys agents to manage and enforce security policies) [page 10, paragraphs 0140 & 0144 | page 11, paragraph 0150];
the software vulnerability scanning module scans the computer application software for a security vulnerability and sends a scanning result to the software vulnerability definition central database for comparison, and the software vulnerability repairing module sends, according to the comparison, a repair command to repair the computer application software(query client agent or device’s OS/firmware and deploy appropriate remediation for any identified vulnerabilities) [page 7, paragraphs 0093-0094 | page 6, paragraph 0068]; and 
the system virus scanning module scans the computer system software for a system virus and sends a scanning result to the system virus definition central database for comparison, and the system virus repairing module sends a virus-killing command according to the comparison(IDS attempts to identify malicious code/viruses by signature comparisons and remediate/mitigate any detected vulnerabilities) [page 6, paragraph 0079 | pages 7-8, paragraphs 0099-0100].
Claim 4:  Oliphant et al. discloses the device for repairing the security vulnerability of the computer application software of claim 1, wherein the software vulnerability repairing module repairs the computer application software security vulnerability, and the software vulnerability repairing module comprises a repair program central download module, a repair program central cache module and a proxy module(obtains regular updates from vulnerability and remediation database to deploy to clients) [page 2, paragraph 0019 | page 11, paragraph 0150]; the proxy module sends a download command to the repair program central download module, and the repair program central download module is configured to determine whether there is a repair program for the vulnerability in the repair program central cache module; when there is a repair program for the vulnerability, the repair program is read out and sent to the proxy module; when there is no repair program, a repair program is acquired from the software vulnerability definition central database and sent to the proxy module, to find out and repair the security vulnerability of the computer application software(apply selected preferred type of remediation if available; and if not available, apply the selected fallback type) [page 4, paragraph 0038].
Claim 6:  Oliphant et al. discloses a method for repairing a security vulnerability of computer application software using the device for repairing the security vulnerability of the computer application software of claim 1, comprising two implementation modes: I. the main control module of the vulnerability repairing software automatically scans the computer application software for a security vulnerability and the computer system software for a system virus regularly, and sends, according to a scanning result, a command to the software vulnerability repairing module and the system virus repairing module to repair the security vulnerability of the computer application software and the system virus of the computer system software(process automated by server/central management) [page 10, paragraphs 0140 & 0144 | page 11, paragraph 0150]; II. a user automatically controls the vulnerability repairing software to scan the computer application software for a security vulnerability and the computer system software for a system virus, and sends, according to a scanning result, a command to the software vulnerability repairing module and the system virus repairing module to repair the security vulnerability of the computer application software and the system virus of the computer system software(administrator/user selects the options for identifying/remediating vulnerabilities) [page 3, paragraph 0030 | page 4, paragraphs 0038-0039].
Claim 7:  Oliphant et al. discloses the method for repairing the security vulnerability of the computer application software of claim 6, wherein the mode I comprises following steps: a. the main control module of the vulnerability repairing software automatically sends a scanning notification to the software vulnerability scanning module and the system virus scanning module [page 10, paragraphs 0140 & 0144 | page 11, paragraph 0150], the software vulnerability scanning module scans the computer application software for a security vulnerability, and the system virus scanning module scans the computer system software for a system virus, and then the software vulnerability scanning module and the system virus scanning module send a scanning result back to the main control module, respectively(identifying vulnerabilities by monitoring information collected from the client…identifying malicious code) [page 6, paragraph 0079 | pages 7-8, paragraphs 0099-0100]; b. the main control module sends the scanning result to the software vulnerability definition central database and the system virus definition central database respectively for comparison and processes the scanning result(compares against vulnerability database and/or signatures) [page 7, paragraphs 0093-0094 | page 6, paragraphs 0068 & 0079 | pages 7-8, paragraphs 0099-0100]; c. when there is a security vulnerability, the main control module sends a vulnerability repair command to the software vulnerability repairing module to repair the security vulnerability of the computer application software; and when there is a system virus, the main control module sends a virus killing command to the system virus repairing module to deal with the system virus of the computer system software(deploy remediations for any identified vulnerabilities) [page 7, paragraphs 0093-0094 | page 6, paragraphs 0068 & 0079 | pages 7-8, paragraphs 0099-0100].
Claim 8:  Oliphant et al. discloses the method for repairing the security vulnerability of the computer application software of claim 6, wherein the mode II comprises following steps: a. the user controls the main control module of the vulnerability repairing software to send a scanning notification to the software vulnerability scanning module and the system virus scanning module [page 10, paragraphs 0140 & 0144 | page 11, paragraph 0150]; the software vulnerability scanning module and the system virus scanning module respectively scan the computer application software for a security vulnerability and the computer system software for a system virus, and send a scanning result back to the main control module [page 6, paragraph 0079 | pages 7-8, paragraphs 0099-0100]; b. the main control module sends the scanning result to the software vulnerability definition central database and the system virus definition central database respectively for comparison and processes the scanning result; c. when there is a security vulnerability, the main control module sends a vulnerability repair command to the software vulnerability repairing module to repair the security vulnerability of the computer application software [page 7, paragraphs 0093-0094 | page 6, paragraphs 0068 & 0079 | pages 7-8, paragraphs 0099-0100]; and when there is a system virus, the main control module sends a virus killing command to the system virus repairing module to deal with the system virus of the computer system software [page 7, paragraphs 0093-0094 | page 6, paragraphs 0068 & 0079 | pages 7-8, paragraphs 0099-0100].

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 2 and 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Oliphant et al. (2016/0088010) in view of Burke et al. (2021/0194891).
Claim 2:  Oliphant et al. discloses the device for repairing the security vulnerability of the computer application software of claim 1, but does not explicitly disclose wherein the software vulnerability repairing module comprises a repair code, and when the software security vulnerability is a Java layer vulnerability, the repair code comprises a bytecode compiled by a program written in Java language for repairing the security vulnerability and running in a Java virtual machine, or a machine instruction compiled by a bytecode; and when the software security vulnerability is a Native layer vulnerability, the repair code comprises a machine instruction compiled by a program written in C/C++ language for repairing the security vulnerability.
However, Burke et al. discloses a similar invention [page 1, paragraph 0012] and further discloses wherein the software vulnerability repairing module comprises a repair code(remediation means implemented by executable instructions) [page 8, paragraph 0062], and when the software security vulnerability is a Java layer vulnerability, the repair code comprises a bytecode compiled by a program written in Java language for repairing the security vulnerability and running in a Java virtual machine, or a machine instruction compiled by a bytecode(machine readable instructions may be implemented using any language, such as executable Java code and/or compiled binary code); and when the software security vulnerability is a Native layer vulnerability, the repair code comprises a machine instruction compiled by a program written in C/C++ language for repairing the security vulnerability(pre-complied programing language such as C) [page 3, paragraph 0023 | page 6, paragraphs 0067-0068 | pages 11-12, paragraph 0083].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Oliphant et al. with the additional features of Burke et al., in order to better detect malicious executable object code even when buried within large portions of benign text, as suggested by Burke et al. [page 4, paragraph 0025].
Claim 3:  Oliphant et al. discloses the device for repairing the security vulnerability of the computer application software of claim 1, but does not explicitly disclose wherein the main control module compiles the computer application software and the computer system software into a language code text, and acquires, according to the language code text, a data structure of the computer application software and the computer system software; and the software vulnerability scanning module and the system virus scanning module scan the data structure.
However, Burke et al. discloses a similar invention [page 1, paragraph 0012] and further discloses wherein the main control module compiles the computer application software and the computer system software into a language code text, and acquires, according to the language code text, a data structure of the computer application software and the computer system software(pre-compiled programming languages and/or compiled executable code) [page 3, paragraph 0023 | page 6, paragraphs 0067-0068]; and the software vulnerability scanning module and the system virus scanning module scan the data structure(language analyzer and code analyzer determines similarity scores by inspecting non-executable and/or executable source code) [pages 11-12, paragraph 0083].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Oliphant et al. with the additional features of Burke et al., in order to better detect malicious executable object code even when buried within large portions of benign text, as suggested by Burke et al. [page 4, paragraph 0025].

Allowable Subject Matter
Claim 5 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Bettini et al. (2013/0227636).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD ZEE whose telephone number is (571)270-1686. The examiner can normally be reached Monday-Friday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/EDWARD ZEE/Primary Examiner, Art Unit 2435