DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Allowable Subject Matter
Claims 6 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 7-18, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Rosa (Pub. No. US 20180101678) in view of Alagna et al (Pub. No. US 2008/0209561).

As per claim 1, Rosa discloses a system for suspending a computing device suspected of being infected by a malicious code, comprising: a memory operable to store a software instruction that is executed when a kill switch button is triggered to initiate a suspension procedure, wherein: the suspension procedure is initiated when a computing device is suspected of being infected by a malicious code, and when the malicious code is executed, the computing device becomes vulnerable to security threats comprising an unauthorized access to the memory (…a user of user associated computing device comprises a memory…may be infected with malware by opening an email attachment which triggers the installation of files (e.g. disguised as normal) containing malware ransomware on computer….see par. 27…to prevent data store from being comprised, once malware is suspected of infecting computing device, USB Hub physically disconnects the transmission…when malware is detected, the computing device and the USB hub is powered off (e.g. through toggling or pressing a switch or button…see par. 36)…see par. 29, 54); a processor, operably coupled with the memory, configured to: receive, from a user, a triggering signal to initiate the suspension procedure (…when the application returns a “file not found” signal, the operator triggers the anti-virus software to run a check…if “No Go” is displayed, the operator ceases the work session…see par. 68); capture one or more states of one or more instructions that are being executed by the processor (…a threshold may be programmed, in order to establish a cut off between an active an inactive state of an input reflecting transmittal of data…see par. 47), wherein the one or more instructions comprise the malicious code; prioritize an operation of the kill switch button over the one or more instructions that are being executed by the processor such that the one or more instructions comprising the malicious code are suppressed (…ransomware reaches the data storage medium when the anti-virus software fails to recognize the encryption activity underway, the anti-virus gives a false “OK” signal to the operator and/or the operator physically initiates the fingerprint authentication process without seeing, the “NO GO” warning signal from the anti-virus software…USB Hub places the air gap switch in an open state, e.g. that requires power cycling…see par. 61-62, 68); terminate network connections of the computing device such that the computing device is disconnected from other devices (see par. 27-29). Rosa does not explicitly disclose send one or more notification signals to one or more servers managing a user account associated with the user currently logged in at the computing device, indicating that the computing device is suspected of having been infected by the malicious code; in response to sending the one or more notification signals to the one or more servers, the user account is suspended. However Alagna discloses send one or more notification signals to one or more servers managing a user account associated with the user currently logged in at the computing device, indicating that the computing device is suspected of having been infected by the malicious code; in response to sending the one or more notification signals to the one or more servers, the user account is suspended (….when the anti-Trojan program executes, the program detects any Trojans on the user’s computer…if a Trojan is found, the user can be notified that a Trojan was discovered and the user’s online transaction session can be terminated…see par. see par. 74-79). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Alagna in Rosa for including the above limitations because one ordinary skill in the art would recognize it would further enhance the security of online transactions by removing the malicious code which would reduce or eliminate the ability of hackers to perform online Theft…see Alagna, par. 12-13.



As per claims 8, 15, Rosa discloses a method for suspending a computing device suspected of being infected by a malicious code, comprising: receiving, from a user, a triggering signal to initiate a suspension procedure, wherein: the suspension procedure is initiated when a computing device is suspected of being infected by a malicious code, and when the malicious code is executed, the computing device becomes vulnerable to security threats comprising an unauthorized access to a memory associated with the computing device (…when the application returns a “file not found” signal, the operator triggers the anti-virus software to run a check…if “No Go” is displayed, the operator ceases the work session…see par. 68… a user of user associated computing device comprises a memory…may be infected with malware by opening an email attachment which triggers the installation of files (e.g. disguised as normal) containing malware ransomware on computer….see par. 27…to prevent data store from being comprised, once malware is suspected of infecting computing device, USB Hub physically disconnects the transmission…when malware is detected, the computing device and the USB hub is powered off (e.g. through toggling or pressing a switch or button…see par. 36); capturing one or more states of one or more instructions that are being executed by a processor associated with the computing device (…a threshold may be programmed, in order to establish a cut off between an active an inactive state of an input reflecting transmittal of data…see par. 47), wherein the one or more instructions comprise the malicious code; prioritizing an operation of a kill switch button over the one or more instructions that are being executed by the processor such that the one or more instructions comprising the malicious code are suppressed (…ransomware reaches the data storage medium when the anti-virus software fails to recognize the encryption activity underway, the anti-virus gives a false “OK” signal to the operator and/or the operator physically initiates the fingerprint authentication process without seeing, the “NO GO” warning signal from the anti-virus software…USB Hub places the air gap switch in an open state, e.g. that requires power cycling…see par. 61-62, 68); terminating network connections of the computing device such that the computing device is disconnected from other devices (see par. 27-29). Rosa does not explicitly disclose sending one or more notification signals to one or more servers managing a user account associated with the user currently logged in at the computing device, indicating that the computing device is suspected of having been infected by the malicious code; in response to sending the one or more notification signals to the one or more servers, the user account is suspended. However Alagna discloses sending one or more notification signals to one or more servers managing a user account associated with the user currently logged in at the computing device, indicating that the computing device is suspected of having been infected by the malicious code; in response to sending the one or more notification signals to the one or more servers, the user account is suspended (….when the anti-Trojan program executes, the program detects any Trojans on the user’s computer…if a Trojan is found, the user can be notified that a Trojan was discovered and the user’s online transaction session can be terminated…see par. see par. 74-79). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Alagna in Rosa for including the above limitations because one ordinary skill in the art would recognize it would further enhance the security of online transactions by removing the malicious code which would reduce or eliminate the ability of hackers to perform online Theft…see Alagna, par. 12-13.

 

As per claims 2, 9, 16, the combination of Rosa and Alagna discloses wherein the kill switch button comprises at least one of a physical button (Rosa: see par. 36), a software button, and a virtual button.


As per claims 3, 10, 17, the combination of Rosa and Alagna discloses wherein the processor is further configured to halt an operation of the memory such that communications between the memory and the processor are suspended (Rosa: see par. 29).


As per claims 4, 11, 18, the combination of Rosa and Alagna discloses wherein the processor is further configured to suspend communications between one or more devices and one or more corresponding ports of the computing device, wherein the one or more devices are connected to the one or more corresponding ports (Rosa: see par. 29-33).


As per claim 7, the combination of Rosa and Alagna discloses wherein capturing the one or more states of the one or more instructions that are being executed by the processor comprises capturing each particular state of each instruction from the one or more instructions during an execution of an instruction cycle of each instruction (Rosa: see par. 75-82).


As per claim 12, the combination of Rosa and Alagna discloses wherein sending the one or more notification signals to the one or more servers comprises at least one of: sending a first notification signal to a first server managing a first user account associated with the user currently logged in at the computing device (Alagna: see par. 74-79); sending a second notification signal to a second server managing a second user account associated with the user currently logged in at the computing device; and sending a third notification signal to a third server managing security threat investigations to determine a source of the malicious code. The motivation for claim 12 is the same motivation as in claim 8 above.


As per claims 13, 20, the combination of Rosa and Alagna discloses wherein in response to sending the one or more notification signals to the one or more servers, privileges associated with the user account are revoked (Alagna: see par. 85-86). The motivation for claims 13, 20 is the same motivation as in claims 8 and 15 above.


As per claim 14, the combination of Rosa and Alagna discloses wherein in response to sending the one or more notification signals to the one or more servers, an investigation to determine a source of the malicious code is initiated (Alagna: see par. 40). The motivation for claim 14 is the same motivation as in claim 8 above.




Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Rosa (Pub. No. US 20180101678) in view of Alagna et al (Pub. No. US 2008/0209561) as applied to claim 1 above, and further in view of Field et al (Pub. No. US 2019/0007204).

As per claim 5, the combination of Rosa and Alagna does not explicitly disclose wherein processor is further configured to encrypt the memory with an encryption key such that the memory is inaccessible without being decrypted with a decryption key. However Field discloses wherein processor is further configured to encrypt the memory with an encryption key such that the memory is inaccessible without being decrypted with a decryption key (…the client’s data is encrypted…either stored locally or on a cloud storage…if a malicious person access a storage device containing the encrypted data, the data is inaccessible…because the decryption key is not ascertainable by the malicious person…see par. 75). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Field in the combination of Rosa and Alagna for including the above limitations because one ordinary skill in the art would recognize it would further improve security of stored data by encrypting data and by maintaining the decryption keys separately from the encrypted data…see par. 7-8.





Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to isolating a computing device suspected of being infected by a malicious code.

Kaneko (Pub. No. US 2004/0193896); “Controlling Computer Program, Controlling Apparatus, and Controlling Method for Detecting Infection by Computer Virus”;
-Teaches applying the process of running program status scan to computer whose application is limited…to efficiently remove or isolate computer viruses or programs infected by computer viruses…see par. 86.



Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499