DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1-20 are pending and have been examined.

Claim Rejections - 35 USC § 102
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

4.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


5.	Claims 1, 4, 5, 8, 10, 11, 14, 15, 18, and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Yang et al., International Patent CN 109871681 A. Yang teaches:

	As for claim 1, a method for distributed system security [0009], comprising:
	receiving, by proactive analyzer executed by a processor of a computing device a first item of executable code ([0005]: code distribution channel, [0006]: code analyzer, [0009]: dynamically loading codes through hot patch technology);
	calculating, by the proactive analyzer, a hash of the first item of executable code ([0012]: client calculates hash of the code);
 	comparing, by the proactive analyzer, the calculated hash to a database of hashes ([0012]: hash of the code is compared to a white list and a black list); 
	determining, by the proactive analyzer, that the calculated hash does not match any hash in the database of hashes ([0012]: if the code doesn’t match an entry in the white list or black list is considered as an unknown file); 
	responsive to the determination that the calculated hash does not match any hash in the database of hashes, applying, by the proactive analyzer, a first security policy to the first item of executable code, triggering of the first policy indicating that the first item of executable code should be blocked from execution ([0037]: if a match is found in the blacklist, the client will block loading and execution of the binary file will be interrupted, reading on a first security policy) 
	determining, by the proactive analyzer, that the first item of executable code does not trigger the first security policy ([0037]: hash of the binary file is compared to a blacklist)
	executing, by the computing device, the first item of executable code ([0037]: the hash is compared to a whitelist, if a match is found, the code is loaded and executed), 
	responsive to the determination that the first item of executable code does not trigger the first security policy; intercepting, by a reactive analyzer executed by the processor, a request initiated by the first item of executable code during execution; determining, by the reactive analyzer, that the request matches a second security policy ([0037]-[0045]: if no match is found for the hash in the blacklist or white list, the code is subjected to static and dynamic analysis in a virtual environment where a control flow graph is constructed where the invocation targets of reflective calls are recorded and analyzed via taint analysis for any violation of a user privacy security policy, reading on a second security policy).
	and responsive to the determination that the request matches the second security policy, blocking the request, by the reactive analyzer ([0064]: the unknown code is blocked from execution, stored in an isolation area, and the user is advised to try again later). 

	As for claim 4, the method of claim 1, further comprising: receiving, by the proactive analyzer, a second item of executable code; comparing, by the proactive analyzer, a calculated hash of the second item of executable code to the database of hashes; and executing, by the computing device, the second item of executable code, responsive to a determination that the calculated hash of the second item of executable code matches a hash in the database of hashes ([0009]: dynamic loading of external codes).

	As for claim 5, the method of claim 1, wherein applying the first security policy to the first item of executable code comprises comparing, by the proactive analyzer, the first item of executable code to one or more predetermined regular expressions ([0012]: hash of the code is compared to a white list and a black list comprised of previously calculated hashes of known code).

	As for claim 8, the method of claim 1, wherein determining that the request matches the second security policy further comprises determining, by the reactive analyzer, that the request corresponds to a secure data source ([0037]-[0045]: if no match is found for the hash in the blacklist or white list, the code is subjected to static and dynamic analysis in a virtual environment where a control flow graph is constructed where the invocation targets of reflective calls are recorded and analyzed via taint analysis for any violation of a user privacy security policy, reading on a second security policy).

	As for claim 10, the method of claim 1, wherein blocking the request further comprises discarding the request, by the reactive analyzer ([0064]: the unknown code is blocked from execution, stored in an isolation area, and the user is advised to try again later).

	Claims 11, 14, 15, 18, and 20 are drawn to the system that corresponds to the method of claims 1, 4, 5, 8, and 10 and are thereby rejected on the same basis as the method claims.

Claim Rejections - 35 USC § 103
6.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


8.	The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

9.	Claims 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Yang and Intraware: International Patent KR 101383010 B1

	As for claim 2, Yang teaches the method of claim 1, wherein receiving the first item of executable code further comprises: receiving, by the proactive analyzer, executable code comprising the first item of executable code; calculating, by the proactive analyzer, a hash of the compressed archive of executable code; comparing, by the proactive analyzer, the calculated hash of the compressed archive of executable code to the database of hashes ([0012]: hash of the code is compared to a white list and a black list comprised of previously calculated hashes of known code).
	Intraware teaches the additional feature not taught by Yang wherein the executable code is in the form of a hash of a compressed archive ([0003]: hash of a portion of a compressed executable is compared to a whitelist). Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have incorporated this feature into the invention of Yang. It would have been desirable to do so since this feature would permit Yang’s system to use a hash of an already compressed files and thereby reduce processing time in generating a hash to use as a comparison.

	As for claim 12, this claim is drawn to the system that corresponds to claim 2 and is rejected on the same basis as that claim.

Allowable Subject Matter
10.	Claims 3, 6, 7, 9, 13, 16, 17 and 19 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
11.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Paul E. Callahan whose telephone number is (571) 272-3869.  The examiner presently works a part-time schedule and can normally be reached from 9am to 5pm on the first Monday and Tuesday and the second Thursday and Friday of the USPTO bi-week schedule.
The examiner’s email address is: Paul.Callahan1@USPTO.GOV
If attempts to reach the examiner by telephone are unsuccessful, the Examiner's supervisor, Kristine Kincaid, can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is: (571) 273-8300.
          Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/PAUL E CALLAHAN/Examiner, Art Unit