DETAILED ACTION
This Office Action is in response to Application filed on 29 July 2020.
Claims 1-13 are pending.  The claims have been considered and examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 12 and 13 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter.

Claim 12 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim does not fall within at least one of the four categories of patent eligible subject matter because the broadest reasonable interpretation of the “computer program product” encompasses signals per se. The specification discloses that “a computer program product embodied in one or more computer readable mediums” and “the computer readable medium maybe a computer readable signal medium” (See page 15, lines 22-28). A claim whose BRI covers both statutory and non-statutory embodiments embraces subject matter that is not eligible for patent protection and therefore is directed to non-statutory subject matter. See MPEP 2106.03(II). It is suggested that claim 12 be amended to recite “a computer program product comprising a non-transitory computer-readable storage medium storing instructions which” to overcome this rejection. 
Accordingly, Claim 12 fails to recite statutory subject matter under 35 U.S.C. 101.

Claim 13 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim does not fall within at least one of the four categories of patent eligible subject matter because the broadest reasonable interpretation of the “computer-readable medium” encompasses signals per se. The specification discloses that “the computer readable medium maybe a computer readable signal medium” (See page 15, lines 26-28). A claim whose BRI covers both statutory and non-statutory embodiments embraces subject matter that is not eligible for patent protection and therefore is directed to non-statutory subject matter. See MPEP 2106.03(II). It is suggested that claim 13 be amended to recite “A non-transitory computer-readable storage medium storing instructions which” to overcome this rejection. 
Accordingly, Claim 13 fails to recite statutory subject matter under 35 U.S.C. 101. 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-7, 10-13 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Patne et al., U.S. Patent App. Pub. 2015/0373036, hereinafter referred to as “Patne”.

Referring to claim 1, Patne discloses a method of monitoring activity of a computing device, the activity including software execution in a processing core of the monitored computing device (See paragraphs 0004 and 0060). - A computer-implemented method of monitoring execution of computer program instructions in a microprocessor of a digital system, comprising: 
Patne discloses monitoring including collecting information in real-time and the monitored activity is from a side-channel (See paragraphs 0004, 0040, and 0057). Patne discloses monitoring activity is used to generating a behavior vector (See paragraph 0004). - receiving a plurality of data items representing real-time measurements of side- channel information emanating from and correlated to the execution of computer program instructions in the monitored digital system, each one of the plurality of data items being sampled in a timed relationship or correlated to each other and forming a value of a corresponding dimension of a side-channel information vector; 
Patne discloses the generated behavior vector to a classifier model and have a first and second family of classifier models (See paragraphs 0004 and 0006). - receiving, for two or more of the corresponding dimensions of the side-channel information vector, classifiers that assign a received side-channel vector to one of two classes; 
Patne discloses a computed probability of the behavior and the classifier having a high degree of confidence about the activity (See paragraphs 0121 and 0128). - classifying the received side-channel information vector in accordance with respective received classifiers, wherein an orthogonal distance of the side-channel information vector from a corresponding classifier indicates an associated probability or confidence value of the respective classification; 
Patne discloses repeating and classifying more behaviors until the behavior is classified with a high degree of confidence (See paragraph 0121). - generating a combined probability or confidence value for the side-channel information vector from individual classifications and associated probability or confidence values; and 
Patne discloses the computing device responding to an attack that is determined by the monitoring of the side-channel (See paragraph 0028). - outputting a signal if a combined probability or confidence value of a side- channel information vector indicates affiliation to a selected one of the two classes with a predetermined probability.

Referring to claim 2, Patne discloses a weighted average applied to the collected behavior information (See paragraph 0120). - The computer-implemented method of claim 1, wherein generating a combined probability or confidence value for the side-channel information vector comprises: averaging the individual classifications in a weighted manner that takes the respective probability or confidence value into consideration, or averaging the individual classifications in a weighted manner that takes the respective probability or confidence value into consideration, and further takes an additional weight into consideration that depends on a general reliability, significance or informative value of the respective classifier.

Referring to claim 3, Patne discloses detecting activities and function (See paragraph 0071). - The computer-implemented method of claim 1, wherein the monitoring is executed conditional upon at least one of receiving a corresponding trigger signal and upon the digital system executing one or more of a selected number of predetermined functions.
	
Referring to claim 4, Patne discloses monitoring system continuously monitoring activity of the computing device (See paragraph 0040). - The computer-implemented method of claim 3, wherein the corresponding trigger signal is provided by the monitored digital system, by activating or invoking an entity external to the monitored digital system, or generated by a monitoring entity of the system through continuous monitoring of a reduced set of side-channel information.

Referring to claim 5, Patne discloses applying machine learning to the classifier models (See paragraph 0006). - The computer-implemented method of claim 1, further comprising at least one of: updating or adjusting one or more of the classifiers in a dedicated learning mode, wherein in a learning mode the monitored system is subjected to a plurality of defined operations and corresponding control flows, each of which falling into one of two classes; and 
Patne discloses adjusting the classifier models using changed factors based on the information received (See paragraph 0079). - updating or adjusting one or more of the classifiers by using side-channel information vectors classified, during operating the system, as indicating an abnormal control flow or compromised system integrity, but which are re-classified as normal control flow or intact system integrity through subsequent additional system and/or user input. 

Referring to claim 6, Patne discloses collecting and storing the information over a period of time (See paragraph 0056). - The computer-implemented method of claim 1, further including: storing selected side-channel information vectors for a predetermined time period.

Referring to claim 7, Patne discloses the classifier model testing the computing device (See paragraph 0044). - The computer-implemented method of claim 1, further comprising: a self-test phase for a monitoring entity which is entered upon starting the digital system and/or repeatedly entered upon receiving a corresponding signal.

Referring to claim 10, Patne discloses a computing device with monitoring system (See paragraph 0004 and 0035). Patne discloses the device including processor and memory (See paragraph 0032). Patne discloses the device including sensors, displays, user interface, and communication components (See paragraphs 0053 and 0064). Patne discloses the device including a processor executing instructions to perform the monitoring (See paragraph 0010). - A digital system comprising one or more microprocessors and associated memory, communication and or user interfaces, sensors and actuators, the system further comprising: at least one microprocessor configured to: 
Patne discloses monitoring including collecting information in real-time and the monitored activity is from a side-channel (See paragraphs 0004, 0040, and 0057). Patne discloses monitoring activity is used to generating a behavior vector (See paragraph 0004). - receive a plurality of data items representing real-time measurements of side-channel information emanating from and correlated to the execution of computer program instructions in the monitored digital system, each one of the plurality of data items being sampled in a timed relationship or correlated to each other and forming a value of a corresponding dimension of a side-channel information vector; 
Patne discloses the generated behavior vector to a classifier model and have a first and second family of classifier models (See paragraphs 0004 and 0006). - receive, for two or more of the corresponding dimensions of the side- channel information vector, classifiers that assign a received side-channel vector to one of two classes; 
Patne discloses a computed probability of the behavior and the classifier having a high degree of confidence about the activity (See paragraphs 0121 and 0128). - classify the received side-channel information vector in accordance with respective received classifiers, wherein an orthogonal distance of the side-channel information vector from a corresponding classifier indicates an associated probability or confidence value of the respective classification; 
Patne discloses repeating and classifying more behaviors until the behavior is classified with a high degree of confidence (See paragraph 0121). - generate a combined probability or confidence value for the side-channel information vector from individual classifications and associated probability or confidence values; and 
Patne discloses the computing device responding to an attack that is determined by the monitoring of the side-channel (See paragraph 0028). - output a signal if a combined probability or confidence value of a side- channel information vector indicates affiliation to a selected one of the two classes with a predetermined probability.

Referring to claim 11, Patne discloses a computing device as part of a vehicle (See paragraph 0069). - A vehicle comprising: 
Patne discloses a computing device with monitoring system (See paragraph 0004 and 0035). Patne discloses the device including processor and memory (See paragraph 0032). Patne discloses the device including sensors, displays, user interface, and communication components (See paragraphs 0053 and 0064). Patne discloses the device including a processor executing instructions to perform the monitoring (See paragraph 0010). - a digital system comprising one or more microprocessors and associated memory, communication and or user interfaces, sensors and actuators, the system further comprising: at least one microprocessor configured to: 
Patne discloses monitoring including collecting information in real-time and the monitored activity is from a side-channel (See paragraphs 0004, 0040, and 0057). Patne discloses monitoring activity is used to generating a behavior vector (See paragraph 0004). - receive a plurality of data items representing real-time measurements of side-channel information emanating from and correlated to the execution of computer program instructions in the monitored digital system, each one of the plurality of data items being sampled in a timed relationship or correlated to each other and forming a value of a corresponding dimension of a side-channel information vector; 
Patne discloses the generated behavior vector to a classifier model and have a first and second family of classifier models (See paragraphs 0004 and 0006). - receive, for two or more of the corresponding dimensions of the side- channel information vector, classifiers that assign a received side-channel vector to one of two classes; 
Patne discloses a computed probability of the behavior and the classifier having a high degree of confidence about the activity (See paragraphs 0121 and 0128). - classify the received side-channel information vector in accordance with respective received classifiers, wherein an orthogonal distance of the side-channel information vector from a corresponding classifier indicates an associated probability or confidence value of the respective classification; 
Patne discloses repeating and classifying more behaviors until the behavior is classified with a high degree of confidence (See paragraph 0121). - generate a combined probability or confidence value for the side-channel information vector from individual classifications and associated probability or confidence values; and 
Patne discloses the computing device responding to an attack that is determined by the monitoring of the side-channel (See paragraph 0028). - output a signal if a combined probability or confidence value of a side- channel information vector indicates affiliation to a selected one of the two classes with a predetermined probability.

Referring to claim 12, Patne discloses a computer program product including software on a storage medium and executable by a processor (See paragraph 0140). - A computer program product comprising instructions which, when the program is executed by a computer, cause the computer to: 
Patne discloses monitoring including collecting information in real-time and the monitored activity is from a side-channel (See paragraphs 0004, 0040, and 0057). Patne discloses monitoring activity is used to generating a behavior vector (See paragraph 0004). - receive a plurality of data items representing real-time measurements of side-channel information emanating from and correlated to the execution of computer program instructions in the monitored digital system, each one of the plurality of data items being sampled in a timed relationship or correlated to each other and forming a value of a corresponding dimension of a side-channel information vector; 
Patne discloses the generated behavior vector to a classifier model and have a first and second family of classifier models (See paragraphs 0004 and 0006). - receive, for two or more of the corresponding dimensions of the side- channel information vector, classifiers that assign a received side-channel vector to one of two classes; 
Patne discloses a computed probability of the behavior and the classifier having a high degree of confidence about the activity (See paragraphs 0121 and 0128). - classify the received side-channel information vector in accordance with respective received classifiers, wherein an orthogonal distance of the side-channel information vector from a corresponding classifier indicates an associated probability or confidence value of the respective classification; 
Patne discloses repeating and classifying more behaviors until the behavior is classified with a high degree of confidence (See paragraph 0121). - generate a combined probability or confidence value for the side-channel information vector from individual classifications and associated probability or confidence values; and 
Patne discloses the computing device responding to an attack that is determined by the monitoring of the side-channel (See paragraph 0028). - output a signal if a combined probability or confidence value of a side- channel information vector indicates affiliation to a selected one of the two classes with a predetermined probability.

Referring to claim 13, Patne discloses a computer readable medium storing instructions to be executed by a processor (See paragraph 0140). - A computer-readable medium comprising instructions which, when executed by a computer, cause the computer to: 
Patne discloses monitoring including collecting information in real-time and the monitored activity is from a side-channel (See paragraphs 0004, 0040, and 0057). Patne discloses monitoring activity is used to generating a behavior vector (See paragraph 0004). - receive a plurality of data items representing real-time measurements of side-channel information emanating from and correlated to the execution of computer program instructions in the monitored digital system, each one of the plurality of data items being sampled in a timed relationship or correlated to each other and forming a value of a corresponding dimension of a side-channel information vector; 
Patne discloses the generated behavior vector to a classifier model and have a first and second family of classifier models (See paragraphs 0004 and 0006). - receive, for two or more of the corresponding dimensions of the side- channel information vector, classifiers that assign a received side-channel vector to one of two classes; 
Patne discloses a computed probability of the behavior and the classifier having a high degree of confidence about the activity (See paragraphs 0121 and 0128). - classify the received side-channel information vector in accordance with respective received classifiers, wherein an orthogonal distance of the side-channel information vector from a corresponding classifier indicates an associated probability or confidence value of the respective classification; 
Patne discloses repeating and classifying more behaviors until the behavior is classified with a high degree of confidence (See paragraph 0121). - generate a combined probability or confidence value for the side-channel information vector from individual classifications and associated probability or confidence values; and 
Patne discloses the computing device responding to an attack that is determined by the monitoring of the side-channel (See paragraph 0028). - output a signal if a combined probability or confidence value of a side- channel information vector indicates affiliation to a selected one of the two classes with a predetermined probability.

Allowable Subject Matter
Claims 8 and 9 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

U.S. Patent 10,872,149 to Alexander et al.
- Anomaly detection based on side-channel emanations
U.S. Patent App. Pub. 2019/0147162 to Mejbah Ul Alam et al.
- method for detecting side-channel attacks

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH D MANOSKEY whose telephone number is (571)272-3648. The examiner can normally be reached M-F 7:30am to 4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bryce Bonzo can be reached on 571-272-3655. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JOSEPH D MANOSKEY/Primary Examiner, Art Unit 2113                                                                                                                                                                                                        November 2, 2022