DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This is a Non-Final Office Action in response to the communication filed on October 25, 2021.
Claims 22-50 have been examined.


Drawings
The drawings filed on October 25, 2021 are acceptable for examination proceedings.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on October 25, 2021 and January 18, 2022 were filed after the mailing date of the application 17/509876 on October 25, 2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 21-28, 30-38, 40-48, and 50 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1-20 of U.S. Patent No. ‘611. Although the conflicting claims are not identical, they are not patentably distinct from each other because all the limitations of claims 21-28, 30-38, 40-48, and 50 of this instant application are found in claims 1-20 of the patent No. ‘611. Therefore, claims 21-28, 30-38, 40-48, and 50 of this instant application are anticipated by claims 1-20 of Patent ‘611, because all the limitation of broader genus claims of this instant application are contained in the narrower species claims of Patent ‘611.

Application No.17/509876
Patent No.  11,157,611
21. A method comprising compiling a file, wherein compiling the file comprises: 
identifying a function in the file; 










evaluating a stack overflow risk associated with the function; and 



updating the function to incorporate stack cookie protection based on the stack overflow risk, resulting in an updated function.
11. A method comprising:

 identifying a first function and a second function in a compiled binary file; 
assigning a first classification to the first function; assigning a second classification to the second function; 
determining that the first function requires stack cookie protection as a result of the first function being assigned the first classification; 
determining that the second function does not require stack cookie protection as a result of the second function being assigned the second classification; determining, based on a binary static analysis of the first function, that the first function does not incorporate stack cookie protection; 
updating the first function to incorporate stack cookie protection, resulting in an updated first function; and 
compiling source code with the updated first function, resulting in an updated compiled binary file.
22. The method of claim 21, wherein the compiling the file comprises: assigning a classification to the function; and evaluating the stack overflow risk associated with the function based on the classification assigned to the function.
assigning a first classification to the first function; assigning a second classification to the second function; determining that the first function requires stack cookie protection as a result of the first function being assigned the first classification; [para of claim 11]
23. The method of claim 22, wherein the compiling the file comprises determining to update the function to incorporate the stack cookie protection based on the classification assigned to the function and a setting indicating that the stack cookie protection is to be provided for functions assigned the classification.
updating the first function to incorporate stack cookie protection, resulting in an updated first function; [Para of claim 11]
24. The method of claim 22, wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local character array.
12. The method of claim 11, wherein the first classification is assigned to the first function as a result of determining that the first function has a local character array.
25. The method of claim 22, wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local variable address appearing on a right hand side of an assignment or function argument.
13. The method of claim 11, wherein the first classification is assigned to the first function as a result of determining that the first function has a local variable address appearing on a right hand side of an assignment or function argument.
26. The method of claim 22, wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local variable that is an array.
14. The method of claim 11, wherein the first classification is assigned to the first function as a result of determining that the first function has a local variable in an array or union containing an array.
27. The method of claim 22, wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local variable that is a union containing an array.
14. The method of claim 11, wherein the first classification is assigned to the first function as a result of determining that the first function has a local variable in an array or union containing an array.
28. The method of claim 22, wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function uses register local variables.
19. The computer of claim 18, wherein the first classification is assigned to the first function as a result of determining one of: the first function has a local character array; the first function has a local variable address appearing on a right hand side of an assignment or function argument; the first function has a local variable in an array or union containing an array; and the first function uses register local variables.
29. The method of claim 21, comprising, based on the evaluating the stack overflow risk associated with the function, updating a risk assessment file to indicate that the function should be updated to incorporate the stack cookie protection.

30. The method of claim 21, comprising, following the updating the function to incorporate the stack cookie protection, updating a security report for the file to indicate that the function utilizes stack cookie protection.
20. The computer of claim 18, wherein the second classification is assigned to the second function as a result of determining one of: the second function is not vulnerable to stack overflow; and the second function contains a stack protection attribute.
31. A computer, comprising: a memory; and a processor programmed to execute instructions stored in the memory to compile a file, wherein compiling the file comprises: identifying a function in the file; evaluating a stack overflow risk associated with the function; and updating the function to incorporate stack cookie protection based on the stack overflow risk, resulting in an updated function.
1. A computer comprising: a memory; and a processor programmed to execute instructions stored in the memory, the instructions including identifying a function in a compiled binary file, assigning one of a plurality of classifications to the function, determining that the function requires stack cookie protection based at least in part on the classification assigned to the function, determining, based on a binary static analysis of the function, that the function does not incorporate stack cookie protection, updating the function to incorporate stack cookie protection, resulting in an updated function, and compiling source code with the updated function, resulting in an updated compiled binary file.
41. One or more non-transitory computer-readable media containing instructions which, when executed, cause a computing device to perform operations comprising: compiling a file, wherein compiling the file comprises: identifying a function in the file; evaluating a stack overflow risk associated with the function; and updating the function to incorporate stack cookie protection based on the stack overflow risk, resulting in an updated function.
18. A computer comprising: a memory; and a processor programmed to execute instructions stored in the memory, the instructions including identifying a first function and a second function in a compiled binary file, assigning a first classification to the first function, assigning a second classification to the second function, determining that the first function requires stack cookie protection as a result of the first function being assigned the first classification, determining that the second function does not require stack cookie protection as a result of the second function being assigned the second classification, determining, based on a binary static analysis of the first function, that the first function does not incorporate stack cookie protection, updating the first function to incorporate stack cookie protection, resulting in an updated first function, and compiling source code with the updated first function, resulting in an updated compiled binary file.


Claims 1-20 of Patent No. ‘611 contain every element of claims 21-28, 30-38, 40-48, and 50 of the instant application and thus anticipate the claims of the instant application. Claims of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting. A later application/patent claim is not patentably distinct from an earlier claim if the later claim anticipated by the earlier claim.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001).
 Accordingly, absent a terminal disclaimer, claims 21-28, 30-38, 40-48, and 50 were properly rejected under the doctrine of obviousness-type double patenting.” (In re Goodman (CA FC) 29 USPQ2d 2010 (12/3/1993).



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 21-23, 29-33, 39-43, and 49-50 are rejected under 35 U.S.C. 103 as being unpatentable over Ripoll et al. (U.S. Patent Application Publication No.: US 2016/0028767 A1 / or “Ripoll” hereinafter [provided by applicant]) in view of Cowan et al. (NPL: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks /or “Cowan” hereinafter [provided by applicant]).

Regarding claim 21, Ripoll discloses “A method comprising compiling a file, 
wherein compiling the file comprises” (Para 0002: invention relates to electrical computers and digital processing systems for stack based buffer-overflow-type security attacks):
 “identifying a function in the file” (Para 0065-71 and Fig. 6-11: different types of functions are disclosed);
“evaluating a stack overflow risk associated with the function” (Para 0065-71 and Fig. 6-11: different types of functions are disclosed and determined where a function canary i.e., “cookie” protection is required by updating or not updating the function canary); 
[and updating the function to incorporate stack cookie protection based on the stack overflow risk, resulting in an updated function].
	But Ripolli fails to specially disclose determining whether the cookie protection exist if not then updating the function to include cookie protection and compiling the source code with the updated cookie protection. 
However, Cowan discloses “and updating the function to incorporate stack cookie protection based on the stack overflow risk, resulting in an updated function” (Cowan, Section 3.1: lines 31-35: additional instruction is added to the function prologue and epilogue i.e., “updating the function”).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of determining whether the cookie protection exist if not then updating the function to include cookie protection and compiling the source code with the updated cookie protection of Cowan to the Method for Preventing Information Leaks on the Stack Smashing Protector Technique of Ripoll in order to compile programs changes with StackGuard and the ordinary person skilled in the art would have been motivated to combine to make the program safe from buffer overflow attack (Cowan, Section: Introduction, Para 6).

Regarding claim 22, in view of claim 21, Ripoll discloses “wherein the compiling the file comprises: assigning a classification to the function; and evaluating the stack overflow risk associated with the function based on the classification assigned to the function” (Para 0065-71 and Fig. 6-11: different types of functions are disclosed and determined where a function canary i.e., “cookie” protection is required by updating or not updating the function canary),

Regarding claim 23, in view of claim 22, Ripoll in view of Cowan disclose “wherein the compiling the file comprises determining to update the function to incorporate the stack cookie protection based on the classification assigned to the function and a setting indicating that the stack cookie protection is to be provided for functions assigned the classification” (Cowan, Section 3.1: lines 31-35:27-31, the changes are compiled. See also, Abstract: 12-18, StackGruad recompiles privileged programs i.e., changes to functions).

Regarding claim 29, in view of claim 21, Ripoll discloses “comprising, based on the evaluating the stack overflow risk associated with the function, updating a risk assessment file to indicate that the function should be updated to incorporate the stack cookie protection” (Para 0066: a type 2 function “…destination function of the non-local-jump 702 can be any function 704 which none of its return-reachable 705 functions check the frame-canary value. Therefore, the functions that check the old frame-canary 701, 706 must not return 708, 707”. Therefore, does not require cookie protection).

Regarding claim 30, in view of claim 21, Ripoll discloses “comprising, following the updating the function to incorporate the stack cookie protection, updating a security report for the file to indicate that the function utilizes stack cookie protection” (Para 0066: a type 2 function “…destination function of the non-local-jump 702 can be any function 704 which none of its return-reachable 705 functions check the frame-canary value. Therefore, the functions that check the old frame-canary 701, 706 must not return 708, 707”. Therefore, does not require cookie protection).
Regarding claim 31, Ripoll discloses “A computer, comprising” (Para 0002: invention relates to electrical computers and digital processing systems for stack based buffer-overflow-type security attacks):
“a memory; and a processor programmed to execute instructions stored in the memory to compile a file, wherein compiling the file comprises” (Para 0069: processor and saving in memory are disclosed): 
“identifying a function in the file; evaluating a stack overflow risk associated with the function; 
and updating the function to incorporate stack cookie protection based on the stack overflow risk, resulting in an updated function” (See rejection of claim 21).

Regarding claim 32, in view of claim 31, Ripoll discloses “wherein the compiling the file comprises: assigning a classification to the function; and evaluating the stack overflow risk associated with the function based on the classification assigned to the function” (See rejection of claim 22).
Regarding claim 33, in view of claim 32, Ripoll in view of Cowan disclose “wherein the compiling the file comprises determining to update the function to incorporate the stack cookie protection based on the classification assigned to the function and a setting indicating that the stack cookie protection is to be provided for functions assigned the classification” (See rejection of claim 23).
Regarding claim 39, in view of claim 31, Ripoll discloses “wherein the processor is programmed to execute instructions stored in the memory to, based on the evaluating the stack overflow risk associated with the function, update a risk assessment file to indicate that the function should be updated to incorporate the stack cookie protection” (See rejection of claim 29).

Regarding claim 40, in view of claim 31, Ripoll discloses “wherein the processor is programmed to execute instructions stored in the memory to, following the updating the function to incorporate the stack cookie protection, update a security report for the file to indicate that the function utilizes stack cookie protection” (See rejection of claim 30).

Regarding claim 41, Ripoll discloses “One or more non-transitory computer-readable media containing instructions which, when executed, cause a computing device to perform operations comprising” (Para 0069: processor and saving in memory are disclosed): 
“compiling a file, wherein compiling the file comprises:
 identifying a function in the file; evaluating a stack overflow risk associated with the function; and 
updating the function to incorporate stack cookie protection based on the stack overflow risk, resulting in an updated function” (See rejection of claim 21).

Regarding claim 42, in view of claim 41, Ripoll discloses “wherein the compiling the file comprises: assigning a classification to the function; and evaluating the stack overflow risk associated with the function based on the classification assigned to the function” (See rejection of claim 22).

Regarding claim 43, in view of claim 42, Ripoll in view of Cowan disclose “wherein the compiling the file comprises determining to update the function to incorporate the stack cookie protection based on the classification assigned to the function and a setting indicating that the stack cookie protection is to be provided for functions assigned the classification” (See rejection of claim 23).

Regarding claim 49, in view of claim 41, Ripoll discloses “containing instructions which, when executed, cause the computing device to perform operations comprising: based on the evaluating the stack overflow risk associated with the function, updating a risk assessment file to indicate that the function should be updated to incorporate the stack cookie protection” (See rejection of claim 29).

Regarding claim 50, in view of claim 41, Ripoll discloses “containing instructions which, when executed, cause the computing device to perform operations comprising: following the updating the function to incorporate the stack cookie protection, updating a security report for the file to indicate that the function utilizes stack cookie protection” (See rejection of claim 30).


Claims 24-28, 34-38, and 44-48 are rejected under 35 U.S.C. 103 as being unpatentable over Ripoll in view of Cowan and in further view of Chambers et al. (U.S. Patent No.: US 6,427,234 B1 / or “Chambers” hereinafter [provided by applicant]).

Regarding claim 24, in view of claim 21, Ripoll discloses classification of functions requiring canary manipulation (Para 0065-0071).
Cowan discloses determining whether the cookie protection exist if not then updating the function to include cookie protection and compiling the source code with the updated cookie protection (Cowan, Section 3.1).
But Ripoll and Cowan fail to specially disclose identifying function as a result of “determining that the function has a local character array”.  
However, Chambers discloses “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local character array” (Chambers, Col 19:26-57, a procedure of first type is assigned local variables).
	It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of identifying function as a result of “determining that the function has a local character array” of Chambers to the System of Ripoll and Cowan to create a system where by identifying local variable it is can be used to “…index into the run-time specializer's Caches…” and the ordinary person skilled in the art would have been motivated to combine to “…computes the appropriate caching policy for each static variable” (Chambers: Col 17:11-32).

Regarding claim 25, in view of claim 22, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local variable address appearing on a right hand side of an assignment or function argument” (Chambers, Col 19:26-57, a procedure of first type is assigned local variables) [See claim 5 for motivation].

Regarding claim 26, in view of claim 22, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local variable that is an array” (Chambers, Col 19:26-57, a procedure of first type is assigned local variables) [See claim 5 for motivation].

Regarding claim 27, in view of claim 22, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local variable that is a union containing an array” (Chambers, Col 19:26-57, a procedure of first type is assigned local variables) [See claim 5 for motivation].

Regarding claim 28, in view of claim 22, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function uses register local variables” (Chambers, Col 19:26-57, a procedure of first type is assigned local variables) [See claim 5 for motivation].
Regarding claim 34, in view of claim 32, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local character array” (See rejection of claim 24).

Regarding claim 35, in view of claim 32, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local variable address appearing on a right hand side of an assignment or function argument” (See rejection of claim 25).

Regarding claim 36, in view of claim 32, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local variable that is an array” (See rejection of claim 26).

Regarding claim 37, in view of claim 32, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local variable that is a union containing an array” (See rejection of claim 27).



Regarding claim 38, in view of claim 32, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function uses register local variables” (See rejection of claim 28).

Regarding claim 44, in view of claim 42, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local character array” (See rejection of claim 24).

Regarding claim 45, in view of claim 42, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local variable address appearing on a right hand side of an assignment or function argument” (See rejection of claim 25).

Regarding claim 46, in view of claim 42, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local variable that is an array” (See rejection of claim 26).



Regarding claim 47, in view of claim 42, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function has a local variable that is a union containing an array” (See rejection of claim 27).

Regarding claim 48, in view of claim 42, Ripoll in view of Cowan in further view of Chambers disclose “wherein the compiling the file comprises assigning the classification to the function responsive to a determination that the function uses register local variables” (See rejection of claim 28).

Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Pike et al. (US 8,819,822 A1) discloses: 
Other possible filtering techniques include checking to see if code at the suspected address looks "reasonable." Based on one possible definition of "reasonableness," we could check the first several bytes at an address, which corresponds to a potentially dangerous interpretation of a scanned subsequence, for consistency with entries in a table of byte sequences that tend to be at or near the tops of functions. The table could be fixed or dynamic. Other definitions of "reasonableness" could be based on decoding instruction(s) and/or control/data flow analysis” (Col 8:22-31).

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/MICHAEL R VAUGHAN/Primary Examiner, Art Unit 2431