DETAILED ACTION

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 13 December 2022 has been entered.
By the above submission, Claims 1, 4, 5, 11, 14, 17, 19, and 20 have been amended.  No claims have been added or canceled.  Claims 1-20 are currently pending in the present application.

Response to Amendment

Applicant states that a replacement drawing for Figure 1 has been submitted (page 2 of the present response); however, no amended drawings have been received. 
The amendments to the specification do not clearly comply with the requirement of 37 CFR 1.121(b)(1)(i) which requires an instruction which unambiguously identifies the location to replace a paragraph and/or the requirement of 37 CFR 1.121(b)(1)(ii) which requires that replacement paragraphs include markings showing all changes relative to the previous version of the paragraph.  The version of paragraph 0054 submitted in the present amendment (pages 8-9 of the present response) does not clearly reflect or correspond to the previous version of the paragraph.  Applicant is required to resubmit the amendments to the specification in a manner fully compliant with 37 CFR 1.121(b).

Response to Arguments

Applicant's arguments regarding the outstanding rejection under 35 U.S.C. 103 fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.  Applicant provides no explanation or evidence in support of the assertion that the reference do not teach certain aspects of the claims as amended.  Additionally, Applicant's arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made.  Further, they do not show how the amendments avoid such references or objections.  However, Applicant’s arguments with respect to the rejection of Claims 1-20 under 35 U.S.C. 103 (pages 23-24 of the present response) have been considered but are moot in view of the new grounds of rejection set forth below.
Applicant's arguments filed 13 December 2022 have been fully considered but they are not persuasive.
Regarding the objection to Figure 1 as requiring a prior art label, although Applicant states that Figure 1 is amended (pages 17-18 of the present response), no amended drawing has been received.
Regarding the rejection of Claims 1-20 under 35 U.S.C. 112(a) for failure to comply with the written description requirement, and with particular reference to independent Claims 1, 14, and 19, Applicant newly argues that paragraphs 0064-0065 provide support for the limitations at issue (pages 18-20 of the present response).  However, while Applicant provides various portions of the paragraphs in bold, Applicant does not explain how the cited portions support the limitation that “the second instance is validated and comprises a different version than the first instance”.  While there appears to be support for the “different version” portion of this limitation, and the cited paragraphs generally describe validating an application, neither these paragraphs nor other portions of the specification clearly mentions or discusses the second instance already having been validated.  Therefore, there is not clear written description of the claimed subject matter in the specification.
Regarding the rejection of Claims 1-20 under 35 U.S.C. 112(b) as indefinite, and with particular reference to independent Claims 1, 14, and 19, Applicant asserts that the claim element of “the difference in security capabilities of the first and second instances of the application being at or above a threshold level” satisfies 35 U.S.C. 112(b) with no further explanation (see pages 20-22 of the present response, citing paragraphs 0037 and 0058 of the specification).  It is not clear what Applicant is relying on to state that the limitation is definite given that the cited paragraphs do not mention any security capabilities or a difference in security capabilities.  The cited paragraphs only discuss thresholds for determining whether applications are to be considered instances of each other.  The cited paragraphs do not address the substance of the rejection, namely that it is not clear how the difference in security capabilities could be quantified such that it could be determined whether the difference is above or below a threshold level.  A capability is qualitative, and the specification has not clearly explained how to quantify a capability in order to calculate a difference that could be compared to a threshold value.  There is no description in paragraphs 0037 or 0058 or elsewhere in the specification of how to calculate a difference in security capabilities as a number that could be compared to a threshold.
With reference to Claim 10, Applicant asserts that the claim satisfies 35 U.S.C. 112(b) with no further explanation (see pages 22-23 of the present response, citing paragraph 0067 of the specification).  It is not clear what Applicant is relying on to state that the limitation is definite.  It is not clear how a signature for a second instance would use properties of a different third instance to update a signature of the second instance, and Applicant has not explained this.
Therefore, for the reasons detailed above, the Examiner maintains the rejections as set forth below.

Drawings

The objection to Figure 1 as requiring a prior art label is NOT withdrawn, because it has not been addressed and no amended drawing has been received.
Figure 1 should be designated by a legend such as --Prior Art-- because only that which is old is illustrated.  See MPEP § 608.02(g).  Corrected drawings in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. The replacement sheet(s) should be labeled “Replacement Sheet” in the page header (as per 37 CFR 1.84(c)) so as not to obstruct any portion of the drawing figures. If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification

The objection to the disclosure for informalities is NOT withdrawn, because not all issues have been addressed and/or because the amendments have raised new issues, as detailed below.  As noted above, Applicant is required to resubmit the amendments to the specification in a manner fully compliant with 37 CFR 1.121(b).  The objection to the specification for failure to provide proper antecedent basis for the claimed subject matter is NOT withdrawn for the reasons detailed above with respect to the rejection under 35 U.S.C. 112(a).
The disclosure is objected to because of the following informalities:  
The specification includes minor grammatical and other errors.  For example, in paragraph 0032, lines 4-6 (see page 5 of the present response), the phrase “interactions between” is not in parallel structure with the other list items of “accessing of, publishing of, downloading of, execution of”.  In paragraph 0054, line 17, in the phrase “can include, but not limited to”, it appears that “are” should be inserted before “not limited”.
Appropriate correction is required.  Applicant’s cooperation is again requested in correcting any other errors of which applicant may become aware in the specification.
The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Correction of the following is required:  Independent Claims 1, 14, and 19 were previously amended to recite “wherein the second instance is validated and comprises a different version than the first instance”.  However, although the specification describes the first and second instances having different versions, there appears to be no mention in the specification of the second instance being validated.  Therefore, there is not clear antecedent basis for the claimed subject matter in the specification.  For further detail, see below with reference to the rejection under 35 U.S.C. 112(a) for failure to comply with the written description requirement..

 Claim Rejections - 35 USC § 101

The rejection of Claims 14-18 under 35 U.S.C. 101 is withdrawn in light of the amendments limiting the server to hardware processors, which precludes the claims from encompassing software per se.


Claim Rejections - 35 USC § 112

The rejections of Claims 1-20 under 35 U.S.C. 112(a) for failure to comply with the written description requirement and under 35 U.S.C. 112(b) as indefinite are NOT withdrawn for the reasons detailed above, and because not all issues have been addressed and/or the amendments have raised new issues, as detailed below.
The following is a quotation of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Independent Claims 1, 14, and 19 were previously amended to recite “wherein the second instance is validated and comprises a different version than the first instance”.  However, although the specification describes the first and second instances having different versions, there appears to be no mention in the specification of the second instance being validated.  Although Applicant cites paragraphs 0064-0065 for support for the amended claims (see page 24 of the present response), there is no mention in these paragraphs of the second instance being validated.  Although these paragraphs generally disclose a process of validating the application more generally, they do not disclose that the second instance was already validated.  Therefore, there is not clear written description of the claimed subject matter in the specification.
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.

The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “identifying… security capabilities of the first instance and a second instance of the application based on: i) properties of the first and second instances of the application” wherein “at least one of the properties corresponds to memory usage, bandwidth usage, or processor usage during execution of the first and second instances of the application” (in step b).  It is not clear how a property such as memory usage, bandwidth usage, or processor usage would identify a security capability of an application.  The claim further recites “determining… a difference in security capabilities of the first and second instances of the application” (in step c) and providing application data “in response to the difference in security capabilities of the first and second instances of the application being at or above a threshold level” (in step d).  It is not clear how the difference in security capabilities would be quantified such that it could be determined whether the difference is above or below a threshold level.  A capability is qualitative, and the specification has not clearly explained how to quantify a capability in order to calculate a difference that could be compared to a threshold value.  The above ambiguities render the claim indefinite.
Claim 10 recites “updating… a second application signature for the second instance of the application with the one or more different properties” in lines 7-8.  However, because the one or more different properties are of the third instance, it is not clear how a signature for the second instance would use these properties of the third instance.
Claim 11 recites “the API” in line 5.  However, Claim 1 recites a plurality of APIs and Claim 11 recites an additional API different from the plurality of APIs.  It is not clear to which of these plural APIs this limitation is intended to refer.
Claim 14 recites identifying “security capabilities of the first instance and a second instance of the application based on: i) properties of the first and second instances of the application” wherein “at least one of the properties corresponds to memory usage, bandwidth usage, or processor usage during execution of the first and second instances of the application” in lines 5-10.  It is not clear how a property such as memory usage, bandwidth usage, or processor usage would identify a security capability of an application.  The claim further recites determining “a difference in security capabilities of the first and second instances of the application” in lines 11-12 and providing application data “in response to the difference in security capabilities of the first and second instances of the application being at or above a threshold level” in lines 16-17.  It is not clear how the difference in security capabilities would be quantified such that it could be determined whether the difference is above or below a threshold level.  A capability is qualitative, and the specification has not clearly explained how to quantify a capability in order to calculate a difference that could be compared to a threshold value.  The above ambiguities render the claim indefinite.
Claim 19 recites identifying “security capabilities of the first instance and a second instance of the application based on: i) properties of the first and second instances of the application” wherein “at least one of the properties corresponds to memory usage, bandwidth usage, or processor usage during execution of the first and second instances of the application” in lines 5-10.  It is not clear how a property such as memory usage, bandwidth usage, or processor usage would identify a security capability of an application.  The claim further recites determining “a difference in security capabilities of the first and second instances of the application” in lines 11-12 and providing application data “in response to the difference in security capabilities of the first and second instances of the application being at or above a threshold level” in lines 16-17.  It is not clear how the difference in security capabilities would be quantified such that it could be determined whether the difference is above or below a threshold level.  A capability is qualitative, and the specification has not clearly explained how to quantify a capability in order to calculate a difference that could be compared to a threshold value.  The above ambiguities render the claim indefinite.
Claim 20 recites updating “a second signature corresponding to the second instance of the application with the one or more different properties” in lines 8-9.   However, because the one or more different properties are of the third instance, it is not clear how a signature for the second instance would use the properties of the third instance. 
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Oberheide et al, US Patent 9455988, in view of Callaghan et al, US Patent 10397230, and Chesla, US Patent 9565204.
In reference to Claim 1, Oberheide discloses a method that includes a server receiving application data from a plurality of data sources, where the data corresponds to a first instance of an application executable on a mobile device (Figure 13, first instance; column 15, lines 2-5); identifying security capabilities of the first instance and a second instance of the application based on properties of the first and second instances and APIs corresponding to the first and second instances (column 17, lines 40-41; column 8, lines 1-8); determining a difference in security capabilities indicating a vulnerability and providing application data from the data sources to the application in response to the difference being at or above a threshold (see Figure 13, comparison match condition; see also column 15, line 47-column 18, line 49, describing steps S140-S160).  However, Oberheide does not explicitly disclose that the second instance is validated.
Callaghan discloses a method that includes receiving application data and identifying differences between first and second instances (versions) of an application, where the second instance is validated (see column 23, line 12-column 24, line 62, noting particularly column 23, lines 42-63, where one version of an application is compared to an authentic, i.e. validated, version of the application).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Oberheide to include the validated version of the application as taught by Callaghan, in order to detect compromises and protect from executing corrupted software (see Callaghan, column 23, line 64-column 24, line 19; see also column 3, lines 32-46).
However, neither Oberheide nor Callaghan explicitly discloses that properties include memory usage, bandwidth usage, or processor usage.  Chesla discloses a method that includes identifying security capabilities based on a property that includes memory usage, bandwidth usage, or processor usage (see column 13, line 25-column 14, line 22; especially column 13, lines 39-40, detecting unusual behavior based on bandwidth).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the method of Oberheide and Callaghan to include monitoring memory usage, bandwidth usage, or processor usage, in order to assist in automatically detecting and mitigating incoming threats (see Chesla, column 2, lines 43-48).
In reference to Claim 2, Oberheide, Callaghan, and Chesla further disclose identifying static application data corresponding to the first instance of the application from a package or file (see Oberheide, column12, lines 39-40).
In reference to Claim 3, Oberheide, Callaghan, and Chesla further disclose injecting a monitoring module and transmitting dynamic application data during execution (see Oberheide, column 15, lines 25-29).
In reference to Claims 4 and 5, Oberheide, Callaghan, and Chesla further disclose generating an application signature using the application data and comparing the first application signature to a second application signature (Oberheide, column 4, line 64-column 5, line 3; see also Callaghan, column 23, lines 42-63).
In reference to Claim 6, Oberheide, Callaghan, and Chesla further disclose comparing properties of the first and second instances (see Oberheide, Figure 13, comparison match condition; see also Callaghan, column 23, lines 42-63).
In reference to Claim 7, Oberheide, Callaghan, and Chesla further disclose assigning weight values to properties and using a signature and the weight values (see Oberheide, column 16, lines 6-24; column 7, lines 59-60).
In reference to Claim 8, Oberheide, Callaghan, and Chesla further disclose determining differences between the properties of the first and second instances and generating a validation report indicating the differences (see Oberheide, column 15, lines 47-54).
In reference to Claim 9, Oberheide, Callaghan, and Chesla further disclose identifying malicious logic and preventing access to the application (see Oberheide, Figure 13, comparison match condition).
In reference to Claim 10, Oberheide, Callaghan, and Chesla further disclose identifying an updated version of the first instance and updating the signatures (see Oberheide, column 10, lines 52-54).
In reference to Claims 11-13, Oberheide, Callaghan, and Chesla further disclose identifying APIs and generating profiles based on the APIs (Oberheide, column 8, lines 1-17).

Claims 14-18 are directed to systems having functionality corresponding to the methods of Claims 1, 3-6, and 9, and are rejected by a similar rationale, mutatis mutandis.
Claims 19 and 20 are directed to software implementations of the methods of Claims 1 and 10, and are rejected by a similar rationale.

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Munson et al, US Patent 6681331, discloses a system for detecting intrusions based on anomalies in usage compared to a profile.
Ramsey et al, US Patent 8621618, discloses a behavior analyzer that monitors bandwidth to identify anomalous behavior.
Basak et al, US Patent 11455392, discloses a method for detecting anomalous memory access patterns.
Wetterwald et al, US Patent Application Publication 2019/0349392, discloses a device for attack detection which uses CPU usage and memory consumption to detect anomalies.
Nishimura, US Patent Application Publication 2020/0128029, discloses a system that detects attacks based on CPU and memory usage monitoring.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:30am-6:00pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Zachary A. Davis/Primary Examiner, Art Unit 2492