000001
`
`Symantec 1016
`IPR of U.S. Pat. No. 8,141,154
`
`
`
`Symantec 1016
`IPR of U.S. Pat. No. 8,141,154
`
`
`
`IN THE SPECIFICATION:
`
`Please amend the specification as follows.
`
`[0026]
`
`Downloadables may be inter alia in the form of source
`
`code, such as JavaScript, or in the form of eermalieel compiled code, such
`
`as Java applets, that is de-compiled in order to derive its source code.
`
`[0035]
`
`At step 230 a determination is made whether or not
`
`suspicious computer operations have been detected in the downloadable.
`
`If not, then the downloadable is deemed safe and is forwarded to its
`
`destination at step 240. Otherwise, if one or more suspicious computer
`
`operations have been detected, then at step 250 monitoring program
`
`code is appended to the original downloadable. Referring to the example
`
`above, the monitoring code includes lines 11 —— 36, and has two functions;
`
`namely, %&k makeVulnObjDict[arr) and checkAcx(acxId).
`
`[0036]
`
`At line 21 the function malee¥a+PrB+et{—)
`
`makeVulnObjDict() is called with array parameter VulnAcxStruct[], to
`
`build a dictionary, Vuln__Obj_Dict, of potentially malicious function calls.
`
`As seen at lines 6 —- 9, VulnAcxStruct[] is an array of three—element
`
`arrays, each three—element array corresponding to a potentially malicious
`
`function. For purposes of clarity, only one three—element array is defined
`
`in lines 6 — 9, corresponding to the method setRequestHeader() of object
`
`Msxml2.XMLHTTP, but it will be appreciated by those skilled in the art that
`
`additional three—element arrays may be defined. The first element of the
`
`three—element array in VulnAcxStruct[] is the name of the object
`
`containing the potentially malicious function; i.e. “Msxml2.XMLHTl'P”.
`
`OOOOO2
`DMSLIBRARYO I -1 6946874.}
`
`000002
`
`
`
`The second element of this array is the name of the suspicious method,
`
`setRequestHeader(), together with the function to be used for input
`
`validation of the method; namely,
`
`function()
`{
`
`allow =
`
`[“GET", “POST”, “HEAD", “DELETE", “PUT”,
`“CONNECT”, “OPTIONS”];
`for (i in allow){
`if (arguments[O]==allow[i] return;
`
`} a
`
`lert(“maliciousl”)
`
`} T
`
`hus to validate input parameters for the method setRequestHeader(),
`
`the input parameter is matched against six expected non-malicious
`
`parameter values GET, POST, HEAD, DELETE, PUT, CONNECT and
`
`OPTIONS.
`
`If no match is found then an alert is made.
`
`It will be
`
`appreciated by those skilled in the art that the function given above is but
`
`one of many methods for validating input parameters. Other such
`
`methods to validate input parameters and to issue a notification when
`
`input parameters are not validated, are also within the scope of the
`
`present invention.
`
`[0042]
`
`At step 280 a determination is made whether or not the
`
`input parameters to each of the suspicious computer operations have
`
`been validated.
`
`If so, then the downloadable is deemed safe and is
`
`forwarded to its destination at step 240. Otherwise, the downloadable is
`
`deemed suspicious, an alert is made, and various preventive actions may
`
`be taken. One such action, at step 291, is simply not to forward the
`
`downloadable to the destination computer. Another such action, at step
`
`292, is to neutralize the input parameters that were not validated, by
`
`replacing them with valid input parameters, and then forwarding the
`
`000003
`DMSLIBRARYO1-169468741
`
`000003
`
`
`
`remedied downioadabie to the destination eemputers computer. Another
`
`such action, at step 293, is to consult a computer security policy to
`
`determine whether or not to forward the downloadable to the destination
`
`computer, based on the suspicious computer operations that were
`
`detected.
`
`[0045]
`
`Subsequent to step 350 the modified downioadabie is
`
`executed. At step 355 suspicious computer operations are identified at
`
`run—time. Step 355 may be performed by referencing a structure, such
`
`as the VuinAcxStruct[] structure in the example Javascript, that lists pre-
`
`designated suspicious computer operations. Alternatively, step 355 may
`
`be performed by referencing strueture a structure that lists pre-
`
`designated safe—ee-mpu-ter non—ma|icious computer operations.
`
`[0048]
`
`At step 380 a determination is made whether or not the
`
`input parameters to each of the suspicious computer operations have
`
`been validated.
`
`If so, then the downloadable is deemed safe and is
`
`forwarded to its destination at step 340. Otherwise, the downloadable is
`
`deemed malicious, an alert is made, and various preventive actions may
`
`be taken. One such action, at step 391, is simply not to forward the
`
`downloadable to the destination computer. Another such action, at step
`
`392, is to neutralize the input parameters that were not validated, by
`
`replacing them with valid input parameters, and then forwarding the
`
`remedied downioadabie to the destination eemputers computer. Another
`
`such action, at step 393, is to consult a computer security policy to
`
`determine whether or not to forward the downloadable to the destination
`
`computer, based on the suspicious computer operations that were
`
`detected.
`
`OOOOO4
`DMSLIBRARY01-1 6946874. l
`
`000004
`
`
`
`INTHEDRAMHNGS:
`
`Please replace FIG. 2 with the attached replacement
`
`sheet. FIG. 2 has been amended to insert the word “TO” in box 250.
`
`Please replace FIG. 3 with the attached replacement
`
`sheet. FIG. 3 has been amended to insert the word “TO” in box 350.
`
`The amendments to FIGS. 2 and 3 are shown as mark
`
`ups in the attached annotated sheets.
`
`OOOOO5
`DMSLIBRARY01—l6946874. 1
`
`000005
`
`
`
`IN THE CLAIMS:
`
`Please cancel claims 13 — 15, 25, 32 — 34, 41, 49, 55
`
`and 56 without prejudice.
`
`Please substitute the following claims for the pending
`
`claims with the same number.
`
`1. (currently amended)
`
`A computer—based method for identifying
`
`suspicious downloadables, comprising:
`
`receiving, by a computer, a downloadable;
`
`accessing, by the computer, a list of computer operations and
`
`corresponding validator functions for validating input parameters for the
`
`computer operations;
`
`scanning, by the computer, the downloadable to identify
`
`suspieieus computer operations therein from the list within the
`
`downloadable; and
`
`if at least one suspieieus computer operation from the list is
`
`identified by said scanning, then[[:]]
`
`.I.
`
`H
`
`.
`
`.
`
`.
`
`.
`
`I
`
`appending, by the computer, monitoring program
`
`code to the downloadable thereby generating a modified downloadable,
`
`wherein the monitoring program code includes pFegram—+nst-ruetiens t_h_e
`
`at least one appropriate validator function for validating input parameters
`
`for the suspieieus at least one identified computer eperat-iens operation,
`
`during run—time of the modified downloadable.
`
`OOOOO6
`DMSLIBRARY01-16946874.}
`
`000006
`
`
`
`2. (currently amended)
`
`The method of claim 1 wherein the
`
`
`
`least one appropriate validator function indicate if their the input
`
`parameters of the at least one identified computer operation are not
`
`successfully validated.
`
`3. (currently amended)
`
`The method of claim 2 wherein the
`
`wb% at least one appropriate validator function
`
`ihelieate invoke an alert if their LIE input parameters of the at least one
`
`identified computer operation are not successfully validated l9y—{~rwekihg
`
`an—alert.
`
`4. (currently amended)
`
`The method of claim 2 wherein the
`
`
`
`t least one a ro riate validator functioni
`
`{~riel+eate generate a warning text message if their tile input parameters of
`
`the at least one identified computer operation are not successfully
`
`validated
`
`5. (currently amended)
`
`The method of claim 1 wherein the
`
`monitoring program code further includes program instructions for
`
`replacing invalid input parameters with valid input parameters in the
`
`5'H'5fi'l'E‘l'6'H5 at least one identified computer operations operation.
`
`6. (currently amended)
`
`The method of claim 1 further
`
`comprising executing, by the computer, the modified downloadable.
`
`OOOOO7
`DMSLIBRARYO1~169/46874.1
`
`000007
`
`
`
`7. (currently amended)
`
`The method of claim 6 wherein said
`
`executing comprises executing, by the computer, the modified
`
`downloadable in a secure environment.
`
`8. (currently amended)
`
`The method of claim 1 wherein said
`
`receiving comprises receiving, by the computer, the downloadable in
`
`transit to an intended destination computer, the method further
`
`comprising transmitting, by the computer, the meelified downloadable to
`
`the destination computer.
`
`9. (currently amended)
`
`The method of claim 1 wherein said
`
`receiving comprises receiving, by the computer, the downloadable in
`
`transit to an intended destination computer, the method further
`
`comprising preventing, by the computer, the downloadable from
`
`executing on the destination computer if me
`
`monitoring program code indicates that an input parameter to at least
`
`one identified computer operation is not valid.
`
`10. (currently amended)
`
`The method of claim 1 wherein said
`
`receiving comprises receiving, by the computer, the downloadable in
`
`transit to an intended destination computer, the method further
`
`comprising consulting, by the computer, a security policy to determine
`
`whether to forward the downloadable to the destination computer if said
`
`the monitoring program code indicates that an input
`
`parameter to at least one identified computer operation is not valid.
`
`11. (currently amended)
`
`The method of claim 1 wherein said
`
`the at least one
`
`OOOOO8
`DMSLIBRARY01-16946874.}
`
`000008
`
`
`
`appropriate validator function compares actual input parameters to the
`
`suspieieus at least one identified computer eperaieiens operation with at
`
`least one descriptor of valid input parameters for the suspieieus at least
`
`one identified computer operations operation.
`
`12. (currently amended)
`
`The method of claim 1 wherein said
`
`the at least one
`
`appropriate validator function compares actual input parameters to the
`
`suspieieus at least one identified computer operations with at least one
`
`descriptor of invalid input parameters for the suspieieus at least one
`
`identified computer eperatiens operation.
`
`13 — 15. (cancelled)
`
`16. (original)
`
`The method of claim 1 wherein the downloadable is
`
`Javascript program code.
`
`17. (original)
`
`The method of claim 1 wherein the downloadable is
`
`VBScript program code.
`
`18. (currently amended)
`
`The method of claim 1 wherein the
`
`downloadable is Flash object compiled program code, the method further
`
`comprising de—compiling, by the computer, the Flash object compiled
`
`program code to derive source code therefrom.
`
`19. (currently amended)
`
`The method of claim 1 wherein the
`
`downloadable is applet program code, the method further comprising de-
`
`OOOOO9
`DMSLIBRARYO1-169468741
`
`000009
`
`
`
`compiling, by the computer, the applet program code to derive source
`
`code therefrom.
`
`20. (currently amended)
`
`A computer security system, comprising:
`
`a receiver for receiving a downloadable;
`
`a scanner, coupled with said receiver, for scanning the
`
`downloadable to identify suspieieus computer operations therein, from a
`
`list of computer operations and corresponding validator functions for
`
`validating input parameters for the computer operations;
`
`a code modifier, coupled with said scanner, %He
`
`
`
`for appending monitoring program code to the downloadable thereby
`
`generating a modified downloadable, if at least one suspieieus computer
`
`operation from the list is identified by said scanner; and
`
`a processor, coupled with said code modifier, for executing
`
`p the modified downloadable,
`
`wherein the monitoring program code includes
`
`wHam the at least one appropriate validator function
`
`for validating input parameters for the suspieieus identified at least one
`
`computer operations operation, during run—time of the modified
`
`downloadable.
`
`21. (currently amended)
`
`The security system of claim 20 wherein
`
`the
`
`at least one appropriate validator function indicate if their t_h_e_ input
`
`parameters of the at least one identified computer operation are not
`
`successfully validated.
`
`000010
`DMSLIBRARYOI-16946874.]
`
`000010
`
`
`
`22. (currently amended)
`
`The security system of claim 21 wherein
`
`the wmm% at least one appropriate validator
`
`function iaelieate invoke an alert if their Lh_e input parameters of the at
`
`least one identified computer operation are not successfully validated by
`
`23. (currently amended)
`
`The security system of claim 21 wherein
`
`thew at least one appropriate validator
`
`function iaelieate generate a warning text message iftheir _t_h_§ input
`
`parameters of the at least one identified computer operation are not
`
`successfully validated
`
`24. (currently amended)
`
`The security system of claim 20 wherein
`
`the monitoring program code further includes program instructions fer
`
` 6F to replace invalid input parameters with valid input
`
`parameters in the saspieieus at least one identified computer eperatiens
`
`operation.
`
`25. (canceled)
`
`26. (original)
`
`The security system of claim 25 wherein said
`
`processor executes the modified downloadable in a secure environment.
`
`27. (currently amended)
`
`The security system of claim 20 wherein
`
`said receiver receives the downloadable in transit to an intended
`
`destination computer, the system further comprising a transmitter for
`
`transmitting the meelif-ied downloadable to the destination computer.
`
`00001 1
`DMSLIBRARYO1-16946874.}
`
`000011
`
`
`
`28. (currently amended)
`
`The security system of claim 20 wherein
`
`said receiver receives the downloadable in transit to an intended
`
`destination computer, and wherein said processor prevents the
`
`downloadable from executing on the destination computer if said
`
`code indicates that an input parameter to at least one identified computer
`
`operation is not valid.
`
`the monitoring program
`
`29. (currently amended)
`
`The security system of claim 20 wherein
`
`said receiver receives the downloadable in transit to an intended
`
`destination computer, and wherein said processor consults a security
`
`policy to determine whether to forward the downloadable to the
`
`destination computer if the monitoring program code
`
`indicates that an input parameter to at least one identified computer
`
`operation is not valid.
`
`30. (currently amended)
`
`The security system of claim 20 wherein
`
` p
`
` at least one appropriate validator function
`
`compares actual input parameters to the saspieieus at least one identified
`
`computer epei=atieH=s operation with at least one descriptor of valid input
`
`parameters for the saspieieas at least one identified computer eperatiens
`
`operation.
`
`31. (currently amended)
`
`The security system of claim 20 wherein
`
`
`
`praeesseateeempare at least one appropriate validator function
`
`compares actual input parameters to the saspieieus at least one identified
`
`OOOO12
`DMSLIBRARYOI-169468741
`
`000012
`
`
`
`computer erperatieas operation with at least one descriptor of invalid input
`
`parameters for the sespieieus at least one identified computer epeeatiens
`
`operation.
`
`32 - 34. (canceled)
`
`35. (original)
`
`The security system of claim 20 wherein the
`
`downloadable is Javascript program code.
`
`36. (original)
`
`The security system of claim 20 wherein the
`
`downloadable is VBScript program code.
`
`37. (original)
`
`The security system of claim 20 wherein the
`
`downloadable is Flash object compiled program code, and wherein said
`
`scanner de-compiles the program code to derive source code therefrom.
`
`38. (original)
`
`The security system of claim 20 wherein the
`
`downloadable is applet compiled program code, and wherein said scanner
`
`de-compiles the program code to derive source code therefrom.
`
`39. (currently amended)
`
`A computer—based method for identifying
`
`suspicious downloadables, comprising:
`
`receiving, by a computer, a downloadable;
`
`accessing, by the computer, a list of computer operations and
`
`corresponding validator functions for validating input parameters for the
`
`computer operations; and
`
`000013
`DMSLIBRARYO1-16946874. 1
`
`000013
`
`
`
`appending, by the computer, monitoring program code to the
`
`downloadable , wherein the
`
`monitoring program code includes :
`
`program instructions for identifying suspieieus
`
`computer operations from the list within the downloadable during run-
`
`time of the downloadable;
`
`
`
`and
`
`appropriate validator functions for validating input
`
`parameters for the suspieieus identified computer operations during run-
`
`time of the downloadable.
`
`40. (currently amended)
`
`The method of claim 39 wherein the
`
`
`
`appropriate validator functions indicate if their th_e input parameters Lg
`
`the identified computer operations are not successfully validated.
`
`41. (cancelled)
`
`42. (currently amended)
`
`The method of claim 39 wherein said
`
`receiving comprises receiving, by the computer, the downloadable in
`
`transit to an intended destination computer, the method further
`
`comprising transmitting, by the computer, the modified downloadable to
`
`the destination computerif the monitoring
`
`program code indicates that the input parameters to the identified
`
`computer operations are valid.
`
`OOOO14
`DMSLIBRARY01-16946874.!
`
`000014
`
`
`
`43. (original)
`
`The method of claim 39 wherein the downloadable is
`
`Javascript program code.
`
`44. (original)
`
`The method of claim 39 wherein the downloadable is
`
`VBScript program code.
`
`45. (currently amended)
`
`The method of claim 39 wherein the
`
`downloadable is Flash object compiled program code, the method further
`
`comprising de—compiling, by the computer, the Flash object compiled
`
`program code to derive source code therefrom.
`
`46. (currently amended)
`
`The method of claim 39 wherein the
`
`downloadable is applet program code, the method further comprising de-
`
`compiling, by the computer, the applet program code to derive source
`
`code therefrom.
`
`47. (currently amended)
`
`A computer security system, comprising:
`
`a receiver for receiving a downloadable;
`
`a code modifier, coupled with said scanner, for appending
`
`monitoring program code to the downloadable ’el=+ea=elay—geneFating—a
`
` ; and
`
`a processor, coupled with said code modifier, for executing
`
`we the downloadable,
`
`wherein the monitoring program code includes e%4%
`
` :
`
`program instructions for said processor to identify
`
`suspieieus computer operations during run—time of the downloadable,
`
`OOOO15
`DMSLIBRARY01-169468741
`
`000015
`
`
`
`from a list of computer qperations and corresponding validator functions
`
`for validating input parameters for the computer operations;
`
`
`
`appropriate validator functions to validate input
`
`parameters for the sespieiees identified computer operations during FH-F}
`
`time run-time of the downloadable.
`
`48. (currently amended)
`
`The security system of claim 47 wherein
`
`the
`
`'
`
`'
`
`'
`
`’
`
` appropriate validator functions indicate if their
`
`the input parameters to the identified computer operations are not
`
`successfully validated.
`
`49. (cancelled)
`
`50. (currently amended)
`
`The computer security system of claim
`
`47 wherein said receiver receives the downloadable in transit to an
`
`intended destination computer, the system further comprising a
`
`transmitter for transmitting the medified downloadable to the destination
`
`computerif the monitoring program
`
`code indicates that the input parameters for the suspieieus identified
`
`computer operations are valid.
`
`51. (original)
`
`The computer security system of claim 47 wherein
`
`the downloadable is JavaScript program code.
`
`000016
`DMSLIBRARY01-16946874.}
`
`000016
`
`
`
`52. (original)
`
`The computer security system of claim 47 wherein
`
`the downloadable is VBScript program code.
`
`53. (original)
`
`The computer security system of claim 47 wherein
`
`the downloadable is Flash object compiled program code, and further
`
`comprising a de-compiler for de-compiling the Flash object compiled
`
`program code to derive source code therefrom.
`
`54. (original)
`
`The computer security system of claim 47 wherein
`
`the downloadable is applet program code, and further comprising a de-
`
`compiler for de-compiling the applet program code to derive source code
`
`therefrom.
`
`55 — 56. (cancelled)
`
`OOOO17
`DMSLIBRARYO1-169468741
`
`000017
`
`
`
`REMARKS
`
`Applicants have carefully studied the outstanding Office
`
`Action. The present amendment is intended to place the application in
`
`condition for allowance and is believed to overcome all of the objections
`
`and rejections made by the Examiner. Favorable reconsideration and
`
`allowance of the application are respectfully requested.
`
`Applicants have cancelled claims 13 — 15, 25, 32 — 34,
`
`41, 49, 55 and 56, and amended claims 1 — 12, 18 - 24, 27 — 31, 39,
`
`40, 42, 45 — 48 and 50 to more properly claim the present invention.
`
`No new matter has been introduced, and support for the claim
`
`amendments is provided hereinbelow. Claims 1 — 12, 16 — 24, 26 — 31,
`
`35 — 40, 42 — 48 and 50 - 54 are presented for examination.
`
`Claim Rejections - 35 U.S.C. §101
`
`On page 2 of the Office Action, the Examiner has
`
`rejected claims 1 — 19 and 39 — 46 under 35 U.S.C. §101 as being
`
`directed to non-statutory subject matter. Applicants have amended the
`
`claims accordingly.
`
`Claim Rejections - 35 U.S.C. §102
`
`On pages 3 — 21 of the Office Action, the Examiner has
`
`rejected claims 1 — 56 under 35 U.S.C. §102(b) as being anticipated by
`
`Gruzman et al., U.S. Publication No. 2007/0136811 A1 ("Gruzman").
`
`Applicants have cancelled claims 13 — 15, 25, 32 — 34, 41, 49, 55 and
`
`56 without acquiescence to the Examiners’ reasons for rejection, and
`
`respectfully submit that rejection of these claims is this rendered moot.
`
`OOOO18
`DMSLIBRARYOI-16946874.}
`
`000018
`
`
`
`The rejection of claims 1 - 12, 16 ~— 24, 26 — 31, 35 —— 40, 42 — 48 and
`
`50 — 54 is discussed in detail hereinbelow.
`
`Brief Discussion of Prior Art
`
`Gruzman describes protection of client computers
`
`against dynamically generated malicious code hidden within content
`
`downloaded from the Internet, including malicious code that is generated
`
`at run-time while a client computer is evaluating input of a function call in
`
`the downloaded content (Gruzman/ paragraph 0019). Gruzman replaces
`
`function calls in the downloaded content with substitute function calls,
`
`which pass their inputs at run—time to a content inspector. The content
`
`inspector sends an indicator to the client computer, as to whether or not
`
`it is safe for the client computer to invoke a function call (Gruzman/ FIG.
`
`3 and 5).
`
`Response to Examiner's Arguments
`
`Aspects of the claimed invention concern protection of
`
`client computers against malicious code that is disguised within one or
`
`more input parameters of object methods there are generally safe
`
`(subject specification/ paragraphs 0008 - 0010). A gateway computer
`
`modifies a downloadable by appending program code that includes input
`
`validator functions for validating input parameters of object methods
`
`(subject specification/ paragraphs 0035 — 0037). When the gateway
`
`computer, while executing the downloadable, encounters a specific
`
`method call from a list of object methods, it invokes the corresponding
`
`input validator function to analyze the specific input of the specific
`
`method and to determine whether or not it is safe for the client computer
`
`OOOO19
`DMSLIBRARYO1-16946874.}
`
`000019
`
`
`
`to invoke the specific method with the specific input (subject
`
`specification/ paragraphs 0040 and 0041).
`
`In order to further clarify the claimed invention vis-a-vis
`
`the cited prior art, applicants have amended the claims to include the
`
`limitation of a list of computer operations and input parameters validator
`
`functions therefor, and the limitation of appending at least one validator
`
`function to a downloadable, for validating input parameters to computer
`
`operations during run-time. The prior art fails to disclose these
`
`limitations.
`
`The rejections of claims 1 — 12, 16 —- 24, 26 — 31, 35
`
`—— 40, 42 —- 48 and 50 — 54 on pages 3 —- 21 of the Office Action will now
`
`be dealt with specifically.
`
`As to amended independent method claim 1, applicants
`
`respectfully submit that the limitations in claim 1 of
`
`“accessing, by the computer,
`
`a
`
`list of computer
`
`operations and corresponding validator functions for validating input
`
`parameters for the computer operations”, and
`
`“appending, by the computer, monitoring program code
`
`to the downloadable thereby generating a modified downloadable,
`
`wherein the monitoring program code includes
`
`the at
`
`least one
`
`appropriate validator function for validating input parameters for the at
`
`least one identified computer operation, during run-time of the modified
`
`down/oadable”
`
`are neither shown nor suggested in Gruzman.
`
`In rejecting dependent clam 5, the Examiner has cited
`
`Gruzman as disclosing replacing function calls with substitute function
`
`calls. Applicants respectfully submit that this is different than the claimed
`
`000020
`DMSLIBRARYO I -1 6946874.]
`
`000020
`
`
`
`replacing of input parameters with valid input parameters for the same
`
`computer operation.
`
`In rejecting dependent claim 11, the Examiner has cited
`
`Gruzman, paragraphs 0068, 0085, 0086 and 0099 as describing
`
`comparing actual input parameters for a computer operation to a
`
`descriptor of valid input parameters for the computer operation.
`
`Applicants respectfully submit that the cited paragraphs of Gruzman
`
`relate to comparing a security profile with a security policy, but Gruzman
`
`fails to disclose comparing actual input parameters with a descriptor of
`
`valid input parameters. E.g., GET, POST, HEAD, DELETE, PUT, CONNECT
`
`and OPTIONS are valid input parameters for the method
`
`setRequestHeader() (subject specification/ paragraph 0036). Moreover,
`
`actual input parameters do not comprise a “security profile”, and a
`
`descriptor of valid input parameters does not comprise a “security policy”,
`
`as these terms are defined in paragraph 0045 of Gruzman.
`
`Similarly, in rejecting dependent claim 12, the Examiner
`
`has cited Gruzman, paragraphs 0068, 0085, 0086 and 0099 as describing
`
`comparing actual input parameters for a computer operation to a
`
`descriptor of invalid input parameters for the computer operation.
`
`Applicants respectfully submit that the cited paragraphs of Gruzman
`
`relate to comparing a security profile with a security policy, but Gruzman
`
`fails to disclose comparing actual input parameters with a descriptor of
`
`invalid input parameters.
`
`Because claims 2 — 12 and 16 — 19 depend from claim
`
`1 and include additional features, applicants respectfully submit that
`
`claims 2 —- 12 and 16 — 19 are not anticipated or rendered obvious by
`
`Gruzman.
`
`OOOO21
`DMSLIBRARY01-16946874.]
`
`000021
`
`
`
`Accordingly claims 1 — 12 and 16 — 19 are deemed to
`
`be allowable.
`
`As to amended independent system claim 20, applicants
`
`respectfully submit that the limitations in claim 20 of
`
`“a scanner, coupled with said receiver, for scanning the
`
`downloadable to identify computer operations therein,
`
`from a list of
`
`computer operations and corresponding va/idator functions for validating
`
`input parameters for the computer operations”, and
`
`“a code modifier, coupled with said scanner, for
`
`appending monitoring program code to the downloadable wherein the
`
`monitoring program code includes the at least one appropriate validator
`
`function for validating input parameters for the identified at least one
`
`computer operation, during run—time of the modified downloadab/e”
`
`are neither shown nor suggested in Gruzman.
`
`In rejecting dependent clam 24, the Examiner has cited
`
`Gruzman as disclosing replacing function calls with substitute function
`
`ga_ll_s. Applicants respectfully submit that this is different than the claimed
`
`replacing of input parameters with valid input parameters for the same
`
`computer operation.
`
`In rejecting dependent claim 30, the Examiner has cited
`
`Gruzman, paragraphs 0068, 0085, 0086 and 0099 as describing
`
`comparing actual input parameters for a computer operation to a
`
`descriptor of valid input parameters for the computer operation.
`
`Applicants respectfully submit that the cited paragraphs of Gruzman
`
`relate to comparing a security profile with a security policy, but Gruzman
`
`fails to disclose comparing actual input parameters with a descriptor of
`
`valid input parameters.
`
`OOOO22
`DMSLIBRARYO 1 -1 6946874.1
`
`000022
`
`
`
`Similarly, in rejecting dependent claim 31, the Examiner
`
`has cited Gruzman, paragraphs 0068, 0085, 0086 and 0099 as describing
`
`comparing actual input parameters for a computer operation to a
`
`descriptor of invalid input parameters for the computer operation.
`
`Applicants respectfully submit that the cited paragraphs of Gruzman
`
`relate to comparing a security profile with a security policy, but Gruzman
`
`fails to disclose comparing actual input parameters with a descriptor of
`
`invalid input parameters.
`
`Because claims 21 —— 24, 26 —— 31 and 35 — 38 depend
`
`from claim 20 and include additional features, applicants respectfully
`
`submit that claims 21 —— 24, 26 —— 31 and 35 — 38 are not anticipated or
`
`rendered obvious by Gruzman.
`
`Accordingly claims 20 —— 24, 26 -— 31 and 35 — 38 are
`
`deemed to be allowable.
`
`As to amended independent method claim 39,
`
`applicants respectfully submit that the limitations in claim 39 of
`
`“accessing, by the computer,
`
`a
`
`/ist of computer
`
`operations and corresponding va/idator functions for validating input
`
`parameters for the computer operations”, and
`
`“appending, by the computer, monitoring program code
`
`to the downloadable, wherein the monitoring program code includes
`
`appropriate va/idator functions for validating input parameters for the
`
`identified computer operations during run—time of the downloadable’’
`
`are neither shown nor suggested in Gruzman.
`
`Because claims 40 and 42 - 46 depend from claim 39
`
`and include additional features, applicants respectfully submit that claims
`
`40 and 42 — 46 are not anticipated or rendered obvious by Gruzman.
`
`OOOO23
`DMSLIBRARY01-169468741
`
`000023
`
`
`
`Accordingly claims 39, 40 and 42 ~ 46 are deemed to
`
`be allowable.
`
`As to amended independent system claim 47, applicants
`
`respectfully submit that the limitation in claim 47 of
`
`“a code modifier, coupled with said scanner, for appending
`
`monitoring program code to the downloadable wherein the monitoring
`
`program code includes: program instructions for said processor to identify
`
`computer operations during run—time of the downloadable, from a list of
`
`computer operations and corresponding validator functions for validating
`
`input parameters for the computer operations; and appropriate validator
`
`functions to validate input parameters for the identified computer
`
`operations during run—time of the downloadable ”
`
`is neither shown nor suggested in Gruzman.
`
`Because claims 48 and 50 — 54 depend from claim 47
`
`and include additional features, applicants respectfully submit that claims
`
`48 and 50 — 54 are not anticipated or rendered obvious by Gruzman.
`
`Accordingly claims 47, 48 and 50 — 54 are deemed to
`
`be allowable.
`
`Support for Amended Claims in Original Specification
`
`Independent method claim 1 has been amended to
`
`include the limitation of accessing a list of computer operations and
`
`corresponding validator functions for validating input parameters for the
`
`computer operations.
`
`This
`
`limitation is
`
`supported in
`
`the original
`
`specification at least by paragraphs 0036 and 0037, and by lines 6 — 9 of
`
`the example source code on page 9.
`
`Specifically, VulnAcxStruct[]
`
`includes a list of object methods and function definitions for validator
`
`OOOO24
`DMSLIBRARYOI-169468741
`
`000024
`
`
`
`functions, such as the validator function in paragraph 0036 for the object
`
`method setRequestHeader().
`
`Independent method claim 1 has also been amended to
`
`include the limitation that
`
`the appended monitoring program code
`
`includes the at least one appropriate validator function for validating input
`
`parameters for the at least one identified computer operation, during run-
`
`time of the modified downloadable. This limitation is supported in the
`
`original specification at least by paragraph 0035, by lines 11 — 36 of the
`
`example source code on page 9, and by step 250 of FIG. 2.
`
`Independent system claim 20 has been amended to
`
`include the limitation that the scanner identifies computer operations
`
`within the downloadable from a
`
`list of computer operations and
`
`corresponding validator functions for validating input parameters for the
`
`computer operations.
`
`This
`
`limitation is
`
`supported in
`
`the original
`
`specification at least by paragraphs 0036 and 0037, and by lines 6 — 9 of
`
`the example source code on page 9.
`
`Independent system claim 20 has also been amended
`
`to include the limitation that the appended monitoring program code
`
`includes at least one appropriate validator function for validating input
`
`parameters for the identified at least one computer operation, during run-
`
`time of the modified downloadable. This limitation is supported in the
`
`original specification at least by paragraph 0035, by lines 11 — 36 of the
`
`example source code on page 9, and by step 250 of FIG. 2.
`
`Independent method claim 39 has been amended to
`
`include the limitation of accessing a list of computer operations and
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
