Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
2.    NO restrictions warranted at initial time of filing for patent.

Information Disclosure Statement
3.    The information disclosure statement (IDS) submitted on 03/15/2022, the submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Oath/Declaration
4.    Applicant’s Oath was filed on 04/23/2021.

Drawings
5.    Applicant’s drawings filed on 05/20/2021 has been inspected and is in compliance with MPEP 608.01.
Specification
6.    Applicant’s specification filed on 04/23/2021 has been inspected and is in compliance with MPEP 608.02.
Claim Objections
8.    NO objections warranted at initial time of filing for patent.

Remarks
9.	Examiner request Applicant review relevant prior art under the conclusion of this office action.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

10.	Claims 1, 2, 4-7, 9-13, 14-16, and 17-20 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by U.S. Patent No. 11,321,481 hereinafter Salehpour.

As per claim 1, Salehpour discloses:
A method of identifying anomalous system permissions in applications in a computing environment (Col. 1 lines 28-30 “A method for determining to grant or deny a permission request for an application running on an endpoint is provided.”), comprising: 
generating a statistical model at least in part from application permissions granted across a plurality of application types (Col. 6 Lines 4-10 “As noted above, the monitored permission requests and user responses as well as context information where applicable for different applications are transmitted to the permission request manager 101. The permission request manager 101 amalgamates this empirical data concerning permission requests and user responses, for example storing the empirical data collected from the plurality of clients 103 in the permissions database 303 .” Col. 7 Lines 18-26 “For a specific permission request of a specific application, a large number of user responses may be collected over time from different ones of the plurality of client devices 103. This collected empirical data indicating the granting or denial of specific permissions requested by applications on the endpoint client devices may be transmitted by the client agents 109 to empirical data collecting module 401 of the permission request manager 101. The data aggregating module 403 aggregates this collected empirical data.” Col. 7 Lines 27-42 “ The data analyzing module 405 analyzes the aggregated empirical data to determine whether specific permissions pertain to core functionalities and/or key features of given applications. Different techniques (e.g., different forms of statistical analysis) may be used by the data analyzing module 405 to analyze the aggregated empirical data. For instance, by using a statistics tool, the approval or rejection rate can be determined for a specific permission request for an application. Collected additional context information is also analyzed, such as under what specific circumstances permission requests for applications were granted or denied. Based on the approval/rejection rates (e.g., whether the percentage or rate of approvals exceeds a given threshold), the data analyzing module 405 may determine whether given permissions pertain to core functionalities and/or key features of given applications.”); 
identifying one or more of the application permissions granted across a plurality of application types as potentially dangerous permissions (Col. 10 Lines 5-21 “Under certain circumstances, based on the empirical data, it may be found that an application has a statistically significant disparity in the rejection rate for a specific permission. In this scenario, the permission for the specific application may be then considered to be: 1) not required for the application's core functionality (e.g., for a social network communication application, a request for phone state permission purely for tracking purpose, which is not valuable to a user 307 and can be omitted without loss of the functionality), 2) required for a feature of an application but the feature is not a key feature of the application (e.g., a permission request for a contact list for contacting purpose, which is not a key feature of a navigation application), 3) dangerous permission, as the request tries to deceive a user to provide permission so as to conduct dishonest activities (e.g., collecting sensitive information including bank credentials, credit card numbers, etc.).”); 
and determining, using the generated statistical model, whether a target application has at least one potentially dangerous permission that is not statistically likely for a target application type of the target application (Col. 10 Lines 23-25 “ After the data analysis and the determination whether a permission pertains to core functionality and/or key feature(s) of an application, a directive may be generated for a subsequently received same permission request..” Col. 10 Lines 40-50 “ In some implementations, the permission request manager 101 may generate a directive taking into consideration of the context information of the prompted request. In one example, if the context information indicates that a permission request is prompted when a user is accessing one specific feature of an application. However, the permission request is not required for that specific feature, but pertains to another feature of the application, the generated directive may still advise the permission request to be rejected even the requested permission pertains to the other feature(s) of the application.”).

As per claim 2, Salehpour discloses:
The method of identifying anomalous system permissions in applications in a computing environment of claim 1, further comprising indicating to a user the determination of whether a target application has at least one potentially dangerous permission that is not statistically likely (Col. 10 Lines 40-50).

As per claim 4, Salehpour discloses:
The method of identifying anomalous system permissions in applications in a computing environment of claim 2, wherein indicating to a user the determination of whether a target application has at least one potentially dangerous permission that is not statistically likely comprises providing an explanation indicating one or more statistically unlikely dangerous permissions for the target application  (Col. 10 Lines 40-50) and (Col. 11 Line 7-19).

As per claim 5, Salehpour discloses:
The method of identifying anomalous system permissions in applications in a computing environment of claim 1, wherein determination of whether a dangerous permission is statistically likely for a target application type of a target application comprises determining whether a threshold probability of the dangerous permission being present in the target application type is met or exceeded (Col. 6 Lines 24-56 and Col. 7 Lines 27-42).
As per claim 6, Salehpour discloses:
The method of identifying anomalous system permissions in applications in a computing environment of claim 1, wherein generating a statistical model comprises observing the presence or absence of the plurality of application permissions in the plurality of application types (Col. 7 Line 18-42).

As per claim 7, Salehpour discloses:
The method of identifying anomalous system permissions in applications in a computing environment of claim 1, wherein generating a statistical model comprises observing the top or most likely requested permissions for the plurality of application types (Col. 7 Line 18-42).

As per claim 9, Salehpour discloses:
The method of identifying anomalous system permissions in applications in a computing environment of claim 1, wherein the target application type of the target application comprises a determined application type, the determined application type determined by using the statistical model to evaluate application permissions of the target application (Col. 6 Lines 24-56, Col. 7 Line 18-42 and Col. 10 Lines 5-21).

As per claim 10, Salehpour discloses:
The method of identifying anomalous system permissions in applications in a computing environment of claim 9, further comprising using the statistical model to determine whether the determined application type of the target application differs from a claimed application type of the target application (Col. 6 Lines 24-56, Col. 7 Line 18-42 and Col. 10 Lines 5-21).

As per claim 11, Salehpour discloses:
The method of identifying anomalous system permissions in applications in a computing environment of claim 9, wherein determining the determined application type by using the statistical model to evaluate application permissions of the target application comprises determining one or more application types that are most statistically similar to the target application based on the generated statistical model of application permissions in application types (Col. 1 Lines 48-60, Col. 10 Lines 23-39).

As per claim 12, the implementation of the method of claim will execute the computing device of claim 12. The claim is analyzed with respect to claim 1. 

As per claim 13, the claim is analyzed with respect to claim 2.

As per claim 15, the claim is analyzed with respect to claim 5.

As per claim 16, the claim is analyzed with respect to claim 7.

As per claim 18, the claim is analyzed with respect to claim 9.

As per claim 19, the claim is analyzed with respect to claim 10.

As per claim 20, the claim is analyzed with respect to claim 11.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
11.	Claims 3 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Salehpour in view of U.S. Publication No. 20200110873 hereinafter Rosendahl.

As per claim 3, Salehpour discloses:
The method of identifying anomalous system permissions in applications in a computing environment of claim 2, wherein indicating to a user the determination of whether a target application has at least one potentially dangerous permission that is not statistically likely  (Col. 10 Lines 40-50) comprises indicating a metric or score indicating the degree of statistically unlikely dangerous permissions for the target application.
Salehpour does not discloses:
indicating a metric or score indicating the degree of statistically unlikely dangerous permissions for the target application

Rosendahl discloses:
indicating a metric or score indicating the degree of statistically unlikely dangerous permissions for the target application (para 0015 “The threat level analyzer further probes for one or more threats within a host of the container service. The threat level analyzer generates a threat level assessment score based on results from the probing of the one or more threats of the application container and the one or more threats of the host, and generates a report for presentation in a user interface including the threat level assessment score and a list of threats discovered from the probe of the application container and the host. A report is transmitted by the threat level analyzer to a client device of a user for presentation in the user interface.”)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to method for determining to grant or deny a permission request for an application running on an endpoint is provided of Salehpour to include the indicating a metric or score indicating the degree of statistically unlikely dangerous permissions for the target application, as taught by Rosendahl.
The motivation would have been to include pertinent information in a report for proper assessment of applications.

As per claim 14, the claim is analyzed with respect to claims 3 and 4.

12.	Claims 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Salehpour in view of U.S. Publication No. 20170364576 hereinafter Chesla.

As per claim 8, Salehpour discloses:
The method of identifying anomalous system permissions in applications in a computing environment of claim 1, wherein generating a statistical model comprises calculating score for the plurality of application permissions in the plurality of application types (Col. 7 Line 18-42)

	Salehpour does not disclose:
calculating a term frequency-inverse document frequency (TF-IDF) score 

	Chesla discloses:
calculating a term frequency-inverse document frequency (TF-IDF) score (para 0040 “In an embodiment, the value is computed based on the appearance of indicative terms in the normalized string. That is, the value is proportional to a level of appearance of the term in the rule. The values in the vector can be either numeric or binary values. The numeric values can be computed, for example, by using a term-frequency (TF) method, a term-frequency inverse document frequency (TF-IDF) method, and the like. Such methods compute a numerical statistic intended to reflect how important a term is in a snippet of text. In order to provide an accurate classification, the frequency of only indicative terms in the normalized string is computed. The indicative terms, and their index in the vector, are designated in the threat vocabulary database 105.”)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to method for determining to grant or deny a permission request for an application running on an endpoint is provided of Salehpour to include t calculating a term frequency-inverse document frequency (TF-IDF) score, as taught by Chesla.
The motivation would have been to classify and analyzed data comprehensively in order proper assessment of rules.

As per claim 17, the claim is analyzed with respect to claim 8.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Publication No. 20140199663 discloses on paragraph 0091 “For example, the system may include one or more executable programming instructions that serve as dangerous program sensors, instructing the processor to monitor incoming data and identify or report any signatures of programs downloaded by the user that are known to be or otherwise indicative of vulnerability to one or more threat scenarios. Examples could include instructions to identify dangerous mobile apps installed by a user on his smartphone, such as by accessing a database or known apps or analyzing certain properties of the app. Dangerous apps may be identified as apps that require dangerous permissions or dangerous combinations of permissions (e.g. an app requesting access to a user's contacts list and to phone call functionality, an app reporting the user's location when it does not require it), or apps that are unknown to the system. The system can could also include a sensor to monitor incoming data or processing actions to identify that the user has caused, installed, downloaded or acquired software requiring that the user opens up sensitive ports on his computing device, a sensor to identify that the user has caused, installed, downloaded or acquired software known to have vulnerabilities, or that the user has caused, installed, downloaded or acquired a software client associated with risky usage scenarios (e.g. peer-to-peer client software).”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/Primary Examiner, Art Unit 2499