DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
1.  This is in response to the communications filed on 14 April 2022.
2.  Claims 1-10 are pending in the application.
3.  Claims 1-10 have been rejected.
Information Disclosure Statement
4.  The examiner has considered the information disclosure statement (IDS) filed on 20 August 2021 and 20 October 2021.
Claim Objections
5.  Claims 2, 3 and 7 are objected to because of the following informalities:  misspelling.  In claims 2 and 7, the term “OS” has been misspelled as “OK”.  In dependent claim 3, the word “cause” has been misspelled as “case”.  Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
6.  Claims 1 and 6 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chawla et al US 2013/0055347 A1 (hereinafter Chawla) in view of van den Berg et al US 2012/0030758 A1 (hereinafter Berg).
As to claim 1, Chawla discloses an apparatus for increasing security of a computing device, that apparatus comprising: 
at least one processor (i.e. validation processor) [0019]; 
at least one non-transitory memory device storing instructions thereon which, when executed by the at least one processor, cause the at least one processor to (i.e. memory) [0021]: 
embed a first secured software agent within an OS kernel of the device (i.e. embedded programs 406, 408 and 410) [0062], , and wherein the secured software agent is configured to limit access to the OS kernel to provide protection of applications and resources (i.e. deny access to the OS kernel) [0087].  
Chawla does not teach that the first secured software agent is one of plural secured software agents generated by diverse code portion combinations to thereby have the same functionality but be structurally and semantically different.
Berg teaches that the first secured software agent is one of plural secured software agents generated by diverse code portion combinations to thereby have the same functionality but be structurally and semantically different (i.e. creating functionally and structurally diverse equivalent copies of software executables) [abstract].
Therefore, it would have been obvious at the time the invention was made to have modified Chawla so that the first secured software agent would have been one of plural secured software agents generated by diverse code portion combinations to thereby have the same functionality but be structurally and semantically different.
It would have been obvious at the time the invention was made to have modified Chawla by the teaching of Berg because it helps block malicious code and to filter out unwanted pieces of code [0016].
As to claim 6, Chawla discloses a secured software agents embedded within an OS kernel of the device for increasing security of a computing device, the secured software agent comprising code for causing the computing device to: 
limit access to the OS kernel to provide protection of applications and resources (i.e. deny access) [0087]; and 
wherein the secured software agent is one of multiple other secure software agents (i.e. embedded programs 406, 408 and 410) [0062].  
Chawla does not teach the secure software agents are created from diverse code portion combinations to thereby have the same functionality but be structurally and semantically different from each other.
Berg teaches the secure software agents are created from diverse code portion combinations to thereby have the same functionality but be structurally and semantically different from each other (i.e. creating functionally and structurally diverse equivalent copies of software executables) [abstract].
Therefore, it would have been obvious at the time the invention was made to have modified Chawla so that the secure software agents would have been created from diverse code portion combinations to thereby have the same functionality but be structurally and semantically different from each other.
It would have been obvious at the time the invention was made to have modified Chawla by the teaching of Berg because it helps block malicious code and to filter out unwanted pieces of code [0016].
7.  Claims 2 and 7 rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chawla et al US 2013/0055347 A1 (hereinafter Chawla) and van den Berg et al US 2012/0030758 A1 (hereinafter Berg) as applied to claims 1 and 6 above, and further in view of Swoboda US 2006/0259828 A1.
As to claim 2, the Chawla-Berg combination does not teach the apparatus of claim 1, wherein access to the OS kernel is limited by receiving a request to modify to a debug functionality request of the OK kernel and preventing access to the OK Kernel based at least in part that the request is not a valid request.  
Swoboda teaches that access to the OS kernel is limited by receiving a request to modify to a debug functionality request (i.e. authenticating a request to debug an application) [0048] of the OK kernel and preventing access to the OK Kernel based at least in part that the request is not a valid request (i.e. denying a request to debug) [0051].
Therefore, it would have been obvious at the time the invention was made to have modified the Chawla-Berg combination so that access to the OS kernel would have been limited by receiving a request to modify to a debug functionality request of the OK kernel and preventing access to the OK Kernel based at least in part that the request was not a valid request.
It would have been obvious at the time the invention was made to have modified the Chawla-Berg combination by the teaching of Swoboda because it prevents giving a malicious user access to secure portions of a computer system that might otherwise be protected from unauthorized access during non-debug and non-test modes of operation [0002].
As to claim 7, the Chawla-Berg combination does not teach the secured software agent of claim 6, wherein access to the OS kernel is limited by receiving a request to modify to a debug functionality request of the OK kernel and preventing access to the OK Kernel based at least in part that the request is not a valid request. 
Swoboda teaches that access to the OS kernel is limited by receiving a request to modify to a debug functionality request (i.e. authenticating a request to debug an application) [0048] of the OK kernel and preventing access to the OK Kernel based at least in part that the request is not a valid request (i.e. denying a request to debug) [0051].
Therefore, it would have been obvious at the time the invention was made to have modified the Chawla-Berg combination so that access to the OS kernel would have been limited by receiving a request to modify to a debug functionality request of the OK kernel and preventing access to the OK Kernel based at least in part that the request was not a valid request.
It would have been obvious at the time the invention was made to have modified the Chawla-Berg combination by the teaching of Swoboda because it prevents giving a malicious user access to secure portions of a computer system that might otherwise be protected from unauthorized access during non-debug and non-test modes of operation [0002].
8.  Claims 3 and 8 rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chawla et al US 2013/0055347 A1 (hereinafter Chawla) and van den Berg et al US 2012/0030758 A1 (hereinafter Berg) as applied to claims 1 and 6 above, and further in view of Brinskelle U.S. Patent No. 8,683,052 B1.
As to claim 3, the Chawla-Berg combination does not teach the apparatus of claim 1, wherein the instructions further cause the processor to embed a second secured software agent of the plural secured software agents within an OS of at least one of a different instantiation of the device, a device of a different type than the device, a device sold in a different geographic region than the device, or a device on a different operator network than the device.  
Brinskelle teaches the instructions further cause the processor to embed a second secured software agent of the plural secured software agents within an OS of at least one of a different instantiation of the device, a device of a different type than the device, a device sold in a different geographic region than the device, or a device on a different operator network than the device (i.e. a security agent can be on a media or CD so that it may be put on different devices) [column 27, lines 12-29].  
Therefore, it would have been obvious at the time the invention was made to have modified the Chawla-Berg combination so that the instructions further caused the processor to embed a second secured software agent of the plural secured software agents within an OS of at least one of a different instantiation of the device, a device of a different type than the device, a device sold in a different geographic region than the device, or a device on a different operator network than the device.  
It would have been obvious at the time the invention was made to have modified the Chawla-Berg combination by the teaching of Brinskelle because it helps analyze risks to provide guidance to online communications [column 5, lines 27-31].
As to claim 8, the Chawla-Berg combination does not teach the secured software agent of claim 6, wherein at least one of the other secured software agents is embedded in an OS of at least one of a different instantiation of the device, a device of a different type than the device, a device sold in a different geographic region than the device, or a device on a different operator network than the device.
Brinskelle teaches the instructions further cause the processor to embed a second secured software agent of the plural secured software agents within an OS of at least one of a different instantiation of the device, a device of a different type than the device, a device sold in a different geographic region than the device, or a device on a different operator network than the device (i.e. a security agent can be on a media or CD so that it may be put on different devices) [column 27, lines 12-29].  
Therefore, it would have been obvious at the time the invention was made to have modified the Chawla-Berg combination so that the instructions further caused the processor to embed a second secured software agent of the plural secured software agents within an OS of at least one of a different instantiation of the device, a device of a different type than the device, a device sold in a different geographic region than the device, or a device on a different operator network than the device.  
It would have been obvious at the time the invention was made to have modified the Chawla-Berg combination by the teaching of Brinskelle because it helps analyze risks to provide guidance to online communications [column 5, lines 27-31].
9.  Claims 4 and 9 rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chawla et al US 2013/0055347 A1 (hereinafter Chawla) and van den Berg et al US 2012/0030758 A1 (hereinafter Berg) as applied to claims 1 and 5 above, and further in view of Gleichauf US 2010/0257599 A1.
As to claim 4, the Chawla-Berg combination does not teach the detect an attack on the first secured software agent.  The Chawla-Berg combination does not teach analyze the attack.  The Chawla-Berg combination does not teach replace the first secured software agent with a second secured software agent that is one of the plural secured software agents, wherein the second secured software agent incorporates a new functionality designed to prevent the attack.  
Gleichauf teaches detect an attack on the first secured software agent (i.e. detecting a significant anomaly or problem) [0074].  Gleichauf teaches analyze the attack [0074].  Gleichauf teaches replace the first secured software agent with a second secured software agent that is one of the plural secured software agents, wherein the second secured software agent incorporates a new functionality designed to prevent the attack [0079].  
Therefore, it would have been obvious at the time the invention was made to have modified the Chawla-Berg combination so that an attack would have been detected on the first secured software agent.  The attack would have been analyzed.  The first secured software agent would have been replaced with a second secured software agent that is one of the plural secured software agents, wherein the second secured software agent would have been incorporated a new functionality designed to prevent the attack.  
It would have been obvious at the time the invention was made to have modified the Chawla-Berg combination by the teaching of Gleichauf because it helps reduce the workload on network elements and also provides multiple layers of security to compensate for potential failure at a single layer [0010].
As to claim 9, the Chawla-Berg combination does not teach detect an attack on the first secured software agent.  The Chawla-Berg combination does not teach analyze the attack.  The Chawla-Berg combination does not teach replace the secured software agent with one of the other secured software agents, wherein the one of the other secured software agents incorporates a new functionality designed to prevent the attack.  
Gleichauf teaches detect an attack on the first secured software agent (i.e. detecting a significant anomaly or problem) [0074].  Gleichauf teaches analyze the attack [0074].  Gleichauf teaches replace the first secured software agent with a second secured software agent that is one of the plural secured software agents, wherein the second secured software agent incorporates a new functionality designed to prevent the attack [0079].  
Therefore, it would have been obvious at the time the invention was made to have modified the Chawla-Berg combination so that an attack would have been detected on the first secured software agent.  The attack would have been analyzed.  The first secured software agent would have been replaced with a second secured software agent that is one of the plural secured software agents, wherein the second secured software agent would have been incorporated a new functionality designed to prevent the attack.  
It would have been obvious at the time the invention was made to have modified the Chawla-Berg combination by the teaching of Gleichauf because it helps reduce the workload on network elements and also provides multiple layers of security to compensate for potential failure at a single layer [0010].
10.  Claims 5 and 10 rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Chawla et al US 2013/0055347 A1 (hereinafter Chawla) and van den Berg et al US 2012/0030758 A1 (hereinafter Berg) as applied to claims 1 and 5 above, and further in view of Paris et al US 2012/0311341 A1 (hereinafter Paris).
As to claim 5, the Chawla-Berg combination does not teach insert one or more upcalls at points in the OS kernel where a user-level system call from an application would result in access to an internal OS kernel object.  The Chawla-Berg combination does not teach receive, from the OS kernel, via at least one of the one or more upcalls, a request to modify or debug functionality of the application.  The Chawla-Berg combination does not teach determine whether the request is a valid request.  The Chawla-Berg combination does not teach limit access to the OS kernel based at least in part on a determination that the request is not a valid request.  
Paris teaches insert one or more upcalls at points in the OS kernel where a user-level system call from an application would result in access to an internal OS kernel object (i.e. upcall in user space) [0027].  Paris teaches receive, from the OS kernel, via at least one of the one or more upcalls, a request to modify or debug functionality of the application (i.e. event request) [0037].  Paris teaches determine whether the request is a valid request (i.e. permit request) [0034].  Paris teaches limit access to the OS kernel based at least in part on a determination that the request is not a valid request (i.e. deny request) [0034].  
Therefore, it would have been obvious at the time the invention was made to have modified the Chawla-Berg combination so that one or more upcalls would have been inserted at points in the OS kernel where a user-level system call from an application would have resulted in access to an internal OS kernel object.  A request to modify or debug functionality of the application would have been received from the OS kernel, via at least one of the one or more upcalls.  It would have been determined whether the request was a valid request.  Access to the OS kernel would have been limited based at least in part on a determination that the request was not a valid request.  
It would have been obvious at the time the invention was made to have modified the Chawla-Berg combination by the teaching of Paris because it provides sufficient administrative access to system administrators, while providing control over which kernel modules can be loaded into a kernel of the operating system [0004].
As to claim 10, the Chawla-Berg combination does not teach insert one or more upcalls at points in the OS kernel where a user-level system call from an application would result in access to an internal OS kernel object.  The Chawla-Berg combination does not teach receive, from the OS kernel, via at least one of the one or more upcalls, a request to modify or debug functionality of the application.  The Chawla-Berg combination does not teach determine whether the request is a valid request.  The Chawla-Berg combination does not teach limit access to the OS kernel based at least in part on a determination that the request is not a valid request.  
Paris teaches insert one or more upcalls at points in the OS kernel where a user-level system call from an application would result in access to an internal OS kernel object (i.e. upcall in user space) [0027].  Paris teaches receive, from the OS kernel, via at least one of the one or more upcalls, a request to modify or debug functionality of the application (i.e. event request) [0037].  Paris teaches determine whether the request is a valid request (i.e. permit request) [0034].  Paris teaches limit access to the OS kernel based at least in part on a determination that the request is not a valid request (i.e. deny request) [0034].  
Therefore, it would have been obvious at the time the invention was made to have modified the Chawla-Berg combination so that one or more upcalls would have been inserted at points in the OS kernel where a user-level system call from an application would have resulted in access to an internal OS kernel object.  A request to modify or debug functionality of the application would have been received from the OS kernel, via at least one of the one or more upcalls.  It would have been determined whether the request was a valid request.  Access to the OS kernel would have been limited based at least in part on a determination that the request was not a valid request.  
It would have been obvious at the time the invention was made to have modified the Chawla-Berg combination by the teaching of Paris because it provides sufficient administrative access to system administrators, while providing control over which kernel modules can be loaded into a kernel of the operating system [0004].
Relevant Prior Art
11.  The following references have been considered relevant by the examiner:
A.  Crosetto et al US 2013/0159977 A1 directed to a kernel driver to insert traces into an open system kernel using exiting kernel probe application-programming interfaces and copies these events to an existing logging module for transfer to user space [abstract].
B.  Lee et al US 2010/0095370 A1 directed to a packet capturing method using a kernel probe, which is for capturing traffic generated only by a specific application [abstract].
C.  Arndt et al US 2008/0141251 A1 directed to binding a process to a selected node of a multi-node system [abstract].
Conclusion
12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARAVIND K MOORTHY whose telephone number is (571)272-3793. The examiner can normally be reached M-F 5:00-3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ARAVIND K MOORTHY/            Primary Examiner, Art Unit 2492