Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

DETAILED ACTION
Claims 1-20 are pending in this office action. 

Priority
Priority is claimed to US Provisional application # 62/945,315 filed 12/09/2019.


Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 12/08/2020 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kjar (US 11,184,379 B1), in view of Fanton et al. (US 2006/0150256 A1, Fanton hereinafter).
For claim 1, Kjar teaches a method of protecting an execution environment from malicious code elements, the method comprising: storing a set of code elements, each code element being executable using an application (col.1 lines 29-30; col. 2 lines 8-10, 58-63; col. 6 lines 39-44 - new rules are stored comprising various code (content) elements including content features; col. 4 line 64 - col. 5 line 9 - rules defining code elements of certain types that are executable, wherein new safe or benign code elements are stored in the whitelist database);
receiving a file; determining whether the file contains an embedded code element (col. 1 line 65 - col. 2 line 1; col. 7 line 59 - col. 8 line 4 - code extraction from file contents of the received file being scrutinized for embedded executable code such as macros and such);
in response to the file containing an embedded code element, authenticating the embedded code element based on the stored set of code elements to determine whether the embedded code element is trustworthy (col. 5 lines 31-41; col. 8 line 66 - col. 9 line 20 - whitelisting of trusted/benign executable code elements, and authenticating the embedded code element based on the whitelist data).
Although Kjar discloses that upon determining the first and second code containing contents that match the malicious behavior rules, transmitting, by the server, the electronic files to a malware repository, and removing files with malicious code elements, or in other words making them not available, otherwise allowing access to the file (Kjar - col. 2 lines 36-39; col. 4 lines 52-60; col. 13 lines 50-53), and it is also very well-known in the art to mitigate, via actions, with regards to unsafe or malicious file/code and provide access to safe files, wherein safe files are made available for further use or access as would be an obvious thing to do, Kjar does not appear to explicitly disclose however Fanton discloses in response to an authentication result that the embedded code element is trustworthy, enabling access to the file (para 0018, 0031, 0047, 0052 - trustworthy or approved files/modules are allowed for further access and execution).
Based on Kjar in view of Fanton, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Fanton in the system of Kjar, in order to incorporate secure access to a file after ensuring benign state of the file, thereby reducing or preventing malicious code execution and improving system security.

For claim 2, Kjar in view of Fanton discloses the claimed subject matter as discussed above. Kjar further discloses wherein the stored set of code elements comprises a plurality of trustworthy code elements generated from one or more trusted files (col.1 lines 29-30; col. 2 lines 8-10, 58-63; col. 6 lines 39-44 - new rules are stored comprising various code (content) elements including content features based on files that are safe or trusted for execution because of ensuring of code elements that are trusted to be safe or non-malicious; col. 4 line 64 - col. 5 line 9 - rules defining code elements of certain types that are executable, wherein new code elements that are considered to be safe or benign are stored in the whitelist database).

For claim 3, Kjar in view of Fanton discloses the claimed subject matter as discussed above in the method of claim 2. Kjar does not appear to explicitly disclose, however Fanton further discloses wherein the one or more trusted files are associated with one or more trusted sources (Fanton - para 0050, 0114-0116 - trusted sources are the ones that provide input to whitelist including the code or file).

For claim 4, Kjar in view of Fanton discloses the claimed subject matter as discussed above in the method of claim 3. Kjar does not appear to explicitly disclose, however Fanton further discloses wherein the one or more trusted sources are approved or designated based on user input (Fanton - para 0114-0116 - whitelist editing wherein an admin or user input approves an entry indicating approval of entry by the respective source).

For claim 5, Kjar in view of Fanton discloses the claimed subject matter as discussed above. Kjar further discloses wherein the stored set of code elements includes a plurality of code elements, each code element of the stored set having a trustworthiness score meeting a trustworthiness threshold (col. 8 lines 59-65; col. 10 line 65 - col. 11 line 7 - risk levels as scores, associated with files comprising code elements, indicating scores associated with those elements that determine trustworthiness of files based on thresholds).

For claim 6, Kjar in view of Fanton discloses the claimed subject matter as discussed above in the method of claim 5. Kjar further teaches wherein the trustworthiness score for a corresponding one of the code elements is based on a storage period of the corresponding code element (col. 11 lines 36-59 - number of times the alerts are received indicative of longer storage time and thereby leading to determining of code element or malicious or benign considering false positives, and wherein the level of risk is considered - col. 10 line 65 - col. 11 line 7 - risk levels as scores, associated with files comprising code elements).

For claim 7, Kjar in view of Fanton discloses the claimed subject matter as discussed above in the method of claim 5. Kjar further teaches wherein the trustworthiness threshold is adjustable (col. 10 line 65 - col. 11 line 7; col. 11 lines 36-59 - adjustable thresholds by the admin user).

For claim 8, Kjar in view of Fanton discloses the claimed subject matter as discussed above. Kjar further teaches wherein the authenticating comprises: comparing the embedded code element with at least one code element in the stored set of code elements; and authenticating the embedded code element based on a result of the comparison (col. 2 lines 40-62 - matching of embedded code element features or patterns with the stored data; col. 4 line 61 - col. 5 line 1; col. 5 lines 31-41; col. 8 line 66 - col. 9 line 20; col. 11 lines 47-51 - whitelisting of trusted/benign executable code elements, and authenticating the embedded code element based on the whitelist data pattern matching).

For claim 9, Kjar in view of Fanton discloses the claimed subject matter as discussed above in the method of claim 8. Kjar further teaches calculating a similarity score between the embedded code element with each of the at least one code element in the stored set of code elements; and in response to a similarity score between the embedded code element and a first code element in the stored set of code element meeting a preset threshold, determining that the embedded code element is trustworthy (col. 8 lines 59-65; col. 9 lines 42-48; col. 11 lines 21-59 - similar code elements or files considered for matching and risk levels determination, wherein the risk levels pertain to various factors such as pattern matching wherein similarity requirement may be exact match for score as threshold required, or may be set as desired as an ordinary but obvious variation).

For claim 10, Kjar in view of Fanton discloses the claimed subject matter as discussed above. Kjar further teaches updating the stored set of code elements based on the embedded code element; and authenticating another embedded code element based on the updated stored set of code elements (col. 4 line 61 - col. 5 line 1; col. 5 lines 31-41; col. 8 line 66 - col. 9 line 20; col. 11 lines 47-51 - whitelisting of trusted/benign executable code elements wherein the stored data is updated based on new discoveries, and authenticating the embedded code element based on the whitelist data pattern matching; col. 2 lines 40-62 - matching of embedded code element features or patterns with the stored data).

For claim 11, Kjar in view of Fanton discloses the claimed subject matter as discussed above in the method of claim 10. Kjar further teaches wherein the updating comprises: in response to an authentication result that the embedded code element is trustworthy, adding the embedded code element to the stored set of code elements; or replacing a code element in the stored set of code element with the trustworthy embedded code element (col. 5 lines 31-41; col. 8 line 66 - col. 9 line 20 - whitelisting of trusted/benign executable code elements, and authenticating the embedded code element based on the whitelist data; col. 6 lines 39-44; col. 11 lines 21-59 - adding new patterns or updating based on benign or trustworthy code elements that are authenticated).

For claim 12, Kjar in view of Fanton discloses the claimed subject matter as discussed above. Kjar further teaches in response to an authentication result that the embedded code element is not trustworthy, disabling access to the file (col. 2 lines 36-39; col. 4 lines 52-60; col. 13 lines 50-53 - upon determining the first and second code containing contents that match the malicious behavior rules, transmitting, by the server, the electronic files to a malware repository, and removing files with malicious code elements, or in other words making them not available, i.e. disabling access to the file as a mitigation act very well-known in the art, with regards to unsafe or malicious file/code).

For claim 13, Kjar in view of Fanton discloses the claimed subject matter as discussed above in the method of claim 12. Kjar teaches code cleanup (col. 4 lines 49-52), implying creation of modified file. Kjar in view of Fanton further discloses removing the embedded code element from the file and creating a modified file with the embedded code element removed; and enabling access to the modified file (Fanton - para 0018, 0031, 0047, 0052 - trustworthy or approved files/modules are removed from further access and execution).

For claim 14, Kjar in view of Fanton discloses the claimed subject matter as discussed above. Kjar does not appear to explicitly disclose, however Fanton further discloses determining a source of the file; and authenticating the source of the file (Fanton - para 0050, 0114-0116 - trusted sources are the ones that provide input to whitelist including the code or file and act as authenticated elements).

For claim 15, Kjar in view of Fanton discloses the claimed subject matter as discussed above in the method of claim 14. Kjar does not appear to explicitly disclose, however Fanton further discloses wherein authenticating the source of the file comprises: transmitting the source of the file to a recipient device; receiving an instruction from the recipient device, the instruction indicating whether the file is from a trusted source; and controlling access to the file based on the instruction (Fanton - para 0050, 0114-0116 - trusted sources are the ones that provide input to whitelist including the code or file and act as authenticated elements, wherein the global whitelist may be provided by a source external to the organization, enterprise or individual end user or group of end users whose code modules are whitelisted, and wherein a trusted service provider may maintain a global whitelist and allow local copies of the global whitelist to be stored on computer systems associated with a registered user of the trusted service provider; thus this indicates authenticated source, verified by an admin according to instructions and storing on the recipient device; the file access is provided based on the whitelist verification).

For claim 16, Kjar in view of Fanton discloses the claimed subject matter as discussed above in the method of claim 14. Kjar does not appear to explicitly disclose, however Fanton further discloses wherein authenticating the source of the file comprises: comparing the source of the file against one or more sources in a stored list of file sources; and authenticating the source of the file based on a result of the comparison (Fanton - para 0050, 0052, 0114-0116 - trusted sources are the ones that provide input to whitelist including the code or file and act as authenticated elements, wherein the global whitelist may be provided by a source external to the organization, enterprise or individual end user or group of end users whose code modules are whitelisted, or in other words, the sources are listed as legit approved sources, and the file access is provided based on the whitelist verification).

For claim 17, Kjar in view of Fanton discloses the claimed subject matter as discussed above in the method of claim 16. Kjar does not appear to explicitly disclose, however Fanton further discloses wherein the stored list of file sources comprises a list of one or more trusted file sources, the method further comprising: in response to the source of the file matching a source in the stored list of file sources, determining that the file is from a trusted source; and enabling access to the file (para 0050, 0052, 0067, 0070, 0114-0116 - trusted sources are the ones that provide input to whitelist including the code or file and act as authenticated elements, wherein the global whitelist may be provided by a source external to the organization, enterprise or individual end user or group of end users whose code modules are whitelisted, or in other words, the sources are listed as legit approved sources, and the file access is provided based on the whitelist verification; para 0018, 0031, 0047, 0052 - trustworthy or approved files/modules are allowed for further access and execution).

For claim 18, Kjar in view of Fanton discloses the claimed subject matter as discussed above in the method of claim 16. Kjar discloses untrusted code elements and comparing against the same, determining that the file is untrusted; and disabling access to the file (col. 7 lines 4-12; col. 13 lines 54-65 - untrusted code sources are checked for; col. 2 lines 36-39; col. 4 lines 52-60; col. 13 lines 50-53 - upon determining the first and second code containing contents that match the malicious behavior rules, transmitting, by the server, the electronic files to a malware repository, and removing files with malicious code elements, or in other words making them not available, i.e. disabling access to the file as a mitigation act very well-known in the art, with regards to unsafe or malicious file/code).  Kjar does not appear to explicitly disclose, however Fanton further discloses wherein the stored list of file sources comprises a list of one or more untrusted file sources, the method further comprises: in response to the source of the file matching a source in the stored list of file sources, enabling access (para 0050, 0052, 0067, 0070, 0114-0116 - trusted sources are the ones that provide input to whitelist including the code or file and act as authenticated elements, wherein the global whitelist may be provided by a source external to the organization, enterprise or individual end user or group of end users whose code modules are whitelisted, or in other words, the sources are untrusted if not associated with the whitelist provided, and the file access is allowed or denied based on the whitelist verification).

As to claim 19, the claim limitations are similar to those of claim 1, except claim 19 is drawn to a non-transitory computer-readable medium comprising instructions that when executed by a processor (Kjar - Fig. 1; col. 3 line 65 - col. 4 line 65) perform the method of claim 1. Therefore claim 19 is rejected according to claim 1 as above.

As to claim 20, the claim limitations are similar to those of claim 1, except claim 20 is drawn to a system for protecting an execution environment from malicious code elements, the system comprising: a memory device storing a set of instructions; and a processor configured to execute the set of instructions (Kjar - Fig. 1; col. 3 line 65 - col. 4 line 65) to perform the method of claim 1. Therefore claim 20 is rejected according to claim 1 as above.


    
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached on Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433