Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to the communication filed on 8/16/2022.
Response to Arguments
Applicant's arguments filed 8/16/2022 have been fully considered but they are not persuasive. 
The applicants’ arguments appear to simply allege that VanderLeest does not teach the limitations of the claims, because certain particular words are not found in the specification of VanderLeest.  The applicants have ignored the breadth of the claim limitations and the words therein, and have further ignored the meaning of the teachings of VanderLeest.
The applicants have not redefined any of the contested language, and as such the claims have been given their broadest reasonable interpretation.
The applicants allege that VanderLeest does not disclose “auditing the control flow information” because the specification does not use such exact language.  The allegation is not persuasive.  Auditing simply means systematically reviewing or assessing something.  VanderLeest teaches many forms of auditing throughout, including “control flow analysis” which meets the scope of “auditing control flow information”.  As such, this allegation is not persuasive.
The applicants allege that VanderLeest does not disclose “to-be-audited information”.  Validation of control flow information falls within the scope of this language, which is taught by VanderLeest.  As such, the examiner does not find the allegation persuasive.
The applicants allege that VanderLeest does not disclose “a tracer configured to collect to-be-audited information during execution of a program”.  VanderLeest teaches many different mechanisms which detect, during execution of a program, an access attempt that requires validation, initiate an interrupt to pause execution and to trigger the validation analysis routines to determine whether or not the attempted access can be allowed.  At the least, simply viewing the instruction being attempted along with the data required by the instruction, falls within the scope of “collecting”.  The claim does not require storing the information anywhere.  The claim also does not require passing the collected information.  As such, even this broad interpretation meets the claim language.  As such, the examiner does not find the argument persuasive.  Furthermore, the monitoring mechanism views each instruction and when detects that the instruction requires further analysis, the monitoring mechanism interrupts the execution of the instruction such that the instruction is not executed and instead is analyzed.  This causes the instruction to be “collected”.  The instruction being analyzed after the interrupt is triggered requires that the instruction is maintained somewhere.  This also falls within the scope of the language.  
The applicants allege that VanderLeest does not disclose “control flow information”.  VanderLeest very clearly teaches performing control flow analysis, as pointed out by the applicants.  This control flow analysis is performed on, at least, the instruction of which execution is currently paused.  This instruction, at least, is information.  The system of VanderLeest performs control flow analysis on the instruction, which falls within the scope of the contested language.
The applicants’ remaining allegations appear to depend upon the already shown to be unpersuasive allegations addressed above, and as such are also unpersuasive.
Because the examiner does not find the applicants’ allegations persuasive, the examiner has maintained the rejections in view of VanderLeest, as shown below. 
All objections and rejections not set forth below have been withdrawn.
Claims 1-5, 7-14, and 16-20 have been examined.  Claims 6 and 15 are withdrawn.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 2, 7, 8, 10, 11, and 16-19 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by VanderLeest (US Patent Application Publication Number 2019/0073473).

Regarding claim 1, VanderLeest disclosed a computer system including a first domain and a second domain deployed in the computer system (VanderLeest Fig. 6, for example), the computer system comprising: 
a tracer (VanderLeest Paragraphs 0054-0063 for example); 
a memory storing computer readable instructions (VanderLeest Paragraph 0044 for example); and 
a processor in communication with the tracer and the memory (VanderLeest Paragraph 0044 for example), the processor is configured to: 
execute the computer readable instructions (VanderLeest Paragraph 0044 for example); 
start the tracer (VanderLeest Paragraphs 0054-0063 for example); and 
execute a program in the first domain (VanderLeest Paragraphs 0054-0063 for example); 
the tracer is configured to collect to-be-audited information during execution of the program, the to-be-audited information comprising control flow information of the program (VanderLeest Paragraphs 0019, and 0054-0063 for example); and 
the processor is further configured to execute the computer readable instructions to: 
obtain the to-be-audited information in the second domain (VanderLeest Paragraphs 0064-0069 for example); 
audit the to-be-audited information according to an audit rule (VanderLeest Paragraphs 0064-0069 for example); and 
determine that the audit succeeds when the to-be-audited information matches the audit rule (VanderLeest Paragraphs 0064-0069 for example).

Regarding claims 10 and 16, VanderLeest disclosed a security control method for a computer system in which a first domain and a second domain are deployed (VanderLeest Fig. 6, for example), the security control method comprising: obtaining to-be-audited information in the second domain using a tracer when a program in the first domain is executed, the to-be-audited information comprising control flow information of the program (VanderLeest Paragraphs 0051, and 0054-0063 for example); and auditing, in the second domain, the to-be-audited information according to an audit rule (VanderLeest Paragraphs 0064-0069 for example); and determining that the audit succeeds and allowing access to the second domain when the to-be-audited information matches the audit rule (VanderLeest Paragraphs 0064-0069 for example).
Regarding claims 2, 11, and 18, VanderLeest disclosed that the to-be-audited information further comprises data flow information of the program (VanderLeest Paragraph 0051 for example).
Regarding claim 7, VanderLeest disclosed that at least some components of the tracer are deployed in the second domain through hardware division, or the at least some components of the tracer are deployed in the second domain through software permission management, and the second domain is more secure than the first domain (VanderLeest Paragraph 0028 for example).
Regarding claims 8 and 19, VanderLeest disclosed that the audit rule is obtained using a machine learning method (VanderLeest Paragraph 0046 for example).
Regarding claim 17, VanderLeest disclosed that the first domain and the second domain are respectively an insecure world and a secure world (VanderLeest Paragraph 0069 for example).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 3, 9, 12, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over VanderLeest.

Regarding claims 3 and 12,  while VanderLeest taught execution of the tracer and after starting execution of the tracer performing the audit, VanderLeest did not explicitly teach that the processor is further configured to: review the tracer when the processor is in the second domain before performing the audit; and perform the audit after the review succeeds.
However, it was well known in the art before the effective filing date of the invention for processors interacting with both hardware and software modules to perform authentication and/or integrity verification thereof prior to interacting with or executing the modules.  As such, it would have been obvious to the person having ordinary skill in the art before the effective filing date of the invention to have employed the well-known features in the system of VanderLeest by having the processor authenticate and/or verify the integrity of the monitoring mechanisms.  This would have been obvious because the person having ordinary skill in the art would have been motivated to ensure that the monitoring mechanisms had not been tampered with, and can be trusted.
Regarding claims 9 and 20, while VanderLeest taught the system including ROM, VanderLeest did not explicitly teach that the program is stored in a read-only storage area of the memory.
However, storing programs in ROM (e.g. CD-ROM) was well known before the effective filing date of the invention and as such it would have been obvious to the person having ordinary skill in the art to have done so in the system of VanderLeest.  This would have been obvious because the person having ordinary skill in the art would have been motivated to provide a traditional means for providing the applications to the computer in a predictable manner.
Allowable Subject Matter
Claims 4, 5, 13, and 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Claims 1, 2, 7-12, and 16-20 have been rejected.  Claims 4, 5, 13, and 14 are objected to.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 2018/0330101 taught a system for performing static control and data flow analysis on a program before executing the program.
US 9,253,209 taught a system in which information flaws and data accesses are tracked on a device at runtime to enable access control decisions to be performed based on a policy.  The tracking and enforcing was implemented by a trusted platform module.
CN 104134038 taught a system in which programs are analyzed by analyzing the control flow to determine control flow integrity of the program.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW T HENNING whose telephone number is (571)272-3790. The examiner can normally be reached Monday- Thursday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MATTHEW T HENNING/            Primary Examiner, Art Unit 2491