DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/11/2022 and 03/19/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-6 and 11-16 are rejected under 35 U.S.C. 103 as being unpatentable over Pang et al. (CN110990058, hereinafter Pang, IDS reference) in view of Liu et al. (WO 2020/252529, hereinafter Liu) and NOONAN et al. (Pub. No.: US 2018/0189042).
Regarding claim 1: Pang discloses A file vulnerability detection method comprising:
translating a binary file into an intermediate file (Pang - [page 3, Line 17-18]: aiming at the binary program code, obtaining an intermediate code through disassembling);
analyzing the intermediate file to obtain multiple functions to be tested (Pang - [page 3, Line 17-18]: carrying out standardization and standardization processing on the intermediate code; counting the semantic features of the functions);
establishing function characteristic data of each of the functions to be tested (Pang - [page 4, Line 42-43]: normalizing and standardizing an intermediate code obtained by decompiling to reduce the difference of semantic feature statistics; then, counting the semantic features of the functions);
However Pang doesn’t explicitly teach, but Liu discloses:
comparing correlations between the function characteristic data of each of the functions to be tested and at least one pair of characteristic data with vulnerability of at least one vulnerability function and characteristic data without vulnerability of the at least one vulnerability function in a vulnerability database based on a characteristic model, to determine whether each of the functions to be tested corresponding to each function characteristic data has a vulnerability (Liu - [0046]: all token representations produced by output layer 75 are fed into a pre-trained classifier 300. The pre-trained classifier 300 (i.e. the software vulnerability classifier) is a feedforward neural network that determine whether a particular function of the input machine code 11 is considered vulnerable or not vulnerable ), 
wherein the characteristic data with vulnerability has the vulnerability, and the characteristic data without vulnerability does not have the vulnerability (Liu - [0015]: A final layer of the prediction model may be a prediction layer configured to generate the predicted label on existence or non-existence of a software vulnerability. [0054]: Referring to Fig. 4, the five most representative features from the non-vulnerable function are different from the vulnerable functions are depicted).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Pang with Liu so that determination of a vulnerable or non-vulnerable function is determined based on a pretrained classifier. The modification would have allowed the system to determine a function vulnerability.
However, the combination of Pang and Liu doesn’t explicitly teach but NOONAN discloses:
wherein the characteristic model has information representing multiple back-end binary files generated by multiple back-end platforms (NOONAN - [0093]: Certain example embodiments are built on GrammaTech's machine-code analysis tool CodeSurfer® for Binaries. CodeSurfer® performs common program analyses on binaries for multiple CPU architectures, including x86, x86-64, and ARM. [0094]: CodeSurfer® achieves platform independence through TSL),  
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Pang and Liu with NOONAN so that the cross-platform binary codes can be analyzed for vulnerability. The modification would have allowed the system to process cross platform binaries. 
Regarding claim 2: Pang as modified discloses wherein the back-end platforms comprise a first back-end platform and a second back-end platform, and the first back-end platform is different from the second back-end platform (NOONAN - [0001]: CodeSurfer® performs common program analyses on binaries for multiple CPU architectures, including x86, x86-64, and ARM).
NOONAN is combined with Pang and Liu herein for similar obviousness reasons and motivation as stated for claim 1.
Regarding claim 3: Pang as modified discloses wherein the first back-end platform is one of x86 platform, PowerPC platform, ARM platform and MIPS platform, and the second back-end platform is another of x86 platform, PowerPC platform, ARM platform and MIPS platform (NOONAN - [0104]: by leveraging the multi-platform disassembly capabilities of CodeSurfer®, the type reconstruction can operate on x86, x86-64, and ARM code).
NOONAN is combined with Pang and Liu herein for similar obviousness reasons and motivation as stated for claim 1.
Regarding claim 4: Pang as modified discloses wherein the back-end binary files comprise a first back-end binary file and a second back-end binary file, the first back-end binary file is from the first back-end platform, and the second back-end binary file is from the second back-end platform (NOONAN - [0104]: The process for type reconstruction 100 can be implemented on one or more computers in order to determine the type information for variables, constants etc., that are used in an input binary file which may be an executable file of one or more programs).
NOONAN is combined with Pang and Liu herein for similar obviousness reasons and motivation as stated for claim 1.
Regarding claim 5: Pang as modified discloses wherein the binary file is from another of x86 platform, PowerPC platform, ARM platform and MIPS platform which is different from the first back-end platform and the second back-end platform (NOONAN - [0105]: 32-bit x86 binaries for both Linux and Windows, compiled with a variety of gcc and Microsoft Visual C/C++ versions may be used as input).
NOONAN is combined with Pang and Liu herein for similar obviousness reasons and motivation as stated for claim 1.
Regarding claim 6: Pang as modified discloses wherein the step of establishing function characteristic data of each of the functions to be tested further comprises:
establishing an attributed control flow graph (ACFG) of each of the functions to be tested (Pang - [page 3, Line 36-37]: a function control flow chart is extracted, and vectorization is carried out on the data basic blocks through the function semantic feature statistics to obtain a function control flow attribute chart).
Regarding claims 11-16: Claims are directed to apparatus/system claims and do not teach or further define over the limitations recited in claims 1-6. Therefore, claims 11-16 are also rejected for similar reasons set forth in claims 1-6. 

Allowable Subject Matter
Claims 7-10 and 17-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The reason for allowance will be furnished upon allowance of the application.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Smith (Patent No.: US 10,275,601) - Flaw Attribution And Correlation
Kelekar (Pub. No.: US 2013/0167240) - Method and apparatus for detecting events pertaining to potential change in vulnerability status
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437