`
`Symantec 1013
`IPR of U.S. Pat. No. 8,677,494
`
`
`
`IN THE SPECIFICATION:
`
`Please amend the specification as follows.
`
`[0026]
`
`Downloadables may be inter alia in the form of source
`
`code, such as JavaScript, or in the form of eermalieel compiled code, such
`
`as Java applets, that is de-compiled in order to derive its source code.
`
`[0035]
`
`At step 230 a determination is made whether or not
`
`suspicious computer operations have been detected in the downloadable.
`
`If not, then the downloadable is deemed safe and is forwarded to its
`
`destination at step 240. Otherwise, if one or more suspicious computer
`
`operations have been detected, then at step 250 monitoring program
`
`code is appended to the original downloadable. Referring to the example
`
`above, the monitoring code includes lines 11 —— 36, and has two functions;
`
`namely, %&k makeVulnObjDict[arr) and checkAcx(acxId).
`
`[0036]
`
`At line 21 the function malee¥a+PrB+et{—)
`
`makeVulnObjDict() is called with array parameter VulnAcxStruct[], to
`
`build a dictionary, Vuln__Obj_Dict, of potentially malicious function calls.
`
`As seen at lines 6 —- 9, VulnAcxStruct[] is an array of three—element
`
`arrays, each three—element array corresponding to a potentially malicious
`
`function. For purposes of clarity, only one three—element array is defined
`
`in lines 6 — 9, corresponding to the method setRequestHeader() of object
`
`Msxml2.XMLHTTP, but it will be appreciated by those skilled in the art that
`
`additional three—element arrays may be defined. The first element of the
`
`three—element array in VulnAcxStruct[] is the name of the object
`
`containing the potentially malicious function; i.e. “Msxml2.XMLHTl'P”.
`
`OOOOO2
`DMSLIBRARYO I -1 6946874.}
`
`000002
`
`
`
`The second element of this array is the name of the suspicious method,
`
`setRequestHeader(), together with the function to be used for input
`
`validation of the method; namely,
`
`function()
`{
`
`allow =
`
`[“GET", “POST”, “HEAD", “DELETE", “PUT”,
`“CONNECT”, “OPTIONS”];
`for (i in allow){
`if (arguments[O]==allow[i] return;
`
`} a
`
`lert(“maliciousl”)
`
`} T
`
`hus to validate input parameters for the method setRequestHeader(),
`
`the input parameter is matched against six expected non-malicious
`
`parameter values GET, POST, HEAD, DELETE, PUT, CONNECT and
`
`OPTIONS.
`
`If no match is found then an alert is made.
`
`It will be
`
`appreciated by those skilled in the art that the function given above is but
`
`one of many methods for validating input parameters. Other such
`
`methods to validate input parameters and to issue a notification when
`
`input parameters are not validated, are also within the scope of the
`
`present invention.
`
`[0042]
`
`At step 280 a determination is made whether or not the
`
`input parameters to each of the suspicious computer operations have
`
`been validated.
`
`If so, then the downloadable is deemed safe and is
`
`forwarded to its destination at step 240. Otherwise, the downloadable is
`
`deemed suspicious, an alert is made, and various preventive actions may
`
`be taken. One such action, at step 291, is simply not to forward the
`
`downloadable to the destination computer. Another such action, at step
`
`292, is to neutralize the input parameters that were not validated, by
`
`replacing them with valid input parameters, and then forwarding the
`
`000003
`DMSLIBRARYO1-169468741
`
`000003
`
`
`
`remedied downioadabie to the destination eemputers computer. Another
`
`such action, at step 293, is to consult a computer security policy to
`
`determine whether or not to forward the downloadable to the destination
`
`computer, based on the suspicious computer operations that were
`
`detected.
`
`[0045]
`
`Subsequent to step 350 the modified downioadabie is
`
`executed. At step 355 suspicious computer operations are identified at
`
`run—time. Step 355 may be performed by referencing a structure, such
`
`as the VuinAcxStruct[] structure in the example Javascript, that lists pre-
`
`designated suspicious computer operations. Alternatively, step 355 may
`
`be performed by referencing strueture a structure that lists pre-
`
`designated safe—ee-mpu-ter non—ma|icious computer operations.
`
`[0048]
`
`At step 380 a determination is made whether or not the
`
`input parameters to each of the suspicious computer operations have
`
`been validated.
`
`If so, then the downloadable is deemed safe and is
`
`forwarded to its destination at step 340. Otherwise, the downloadable is
`
`deemed malicious, an alert is made, and various preventive actions may
`
`be taken. One such action, at step 391, is simply not to forward the
`
`downloadable to the destination computer. Another such action, at step
`
`392, is to neutralize the input parameters that were not validated, by
`
`replacing them with valid input parameters, and then forwarding the
`
`remedied downioadabie to the destination eemputers computer. Another
`
`such action, at step 393, is to consult a computer security policy to
`
`determine whether or not to forward the downloadable to the destination
`
`computer, based on the suspicious computer operations that were
`
`detected.
`
`OOOOO4
`DMSLIBRARY01-1 6946874. l
`
`000004
`
`
`
`INTHEDRAMHNGS:
`
`Please replace FIG. 2 with the attached replacement
`
`sheet. FIG. 2 has been amended to insert the word “TO” in box 250.
`
`Please replace FIG. 3 with the attached replacement
`
`sheet. FIG. 3 has been amended to insert the word “TO” in box 350.
`
`The amendments to FIGS. 2 and 3 are shown as mark
`
`ups in the attached annotated sheets.
`
`OOOOO5
`DMSLIBRARY01—l6946874. 1
`
`000005
`
`
`
`IN THE CLAIMS:
`
`Please cancel claims 13 — 15, 25, 32 — 34, 41, 49, 55
`
`and 56 without prejudice.
`
`Please substitute the following claims for the pending
`
`claims with the same number.
`
`1. (currently amended)
`
`A computer—based method for identifying
`
`suspicious downloadables, comprising:
`
`receiving, by a computer, a downloadable;
`
`accessing, by the computer, a list of computer operations and
`
`corresponding validator functions for validating input parameters for the
`
`computer operations;
`
`scanning, by the computer, the downloadable to identify
`
`suspieieus computer operations therein from the list within the
`
`downloadable; and
`
`if at least one suspieieus computer operation from the list is
`
`identified by said scanning, then[[:]]
`
`.I.
`
`H
`
`.
`
`.
`
`.
`
`.
`
`I
`
`appending, by the computer, monitoring program
`
`code to the downloadable thereby generating a modified downloadable,
`
`wherein the monitoring program code includes pFegram—+nst-ruetiens t_h_e
`
`at least one appropriate validator function for validating input parameters
`
`for the suspieieus at least one identified computer eperat-iens operation,
`
`during run—time of the modified downloadable.
`
`OOOOO6
`DMSLIBRARY01-16946874.}
`
`000006
`
`
`
`2. (currently amended)
`
`The method of claim 1 wherein the
`
`
`
`least one appropriate validator function indicate if their the input
`
`parameters of the at least one identified computer operation are not
`
`successfully validated.
`
`3. (currently amended)
`
`The method of claim 2 wherein the
`
`wb% at least one appropriate validator function
`
`ihelieate invoke an alert if their LIE input parameters of the at least one
`
`identified computer operation are not successfully validated l9y—{~rwekihg
`
`an—alert.
`
`4. (currently amended)
`
`The method of claim 2 wherein the
`
`
`
`t least one a ro riate validator functioni
`
`{~riel+eate generate a warning text message if their tile input parameters of
`
`the at least one identified computer operation are not successfully
`
`validated
`
`5. (currently amended)
`
`The method of claim 1 wherein the
`
`monitoring program code further includes program instructions for
`
`replacing invalid input parameters with valid input parameters in the
`
`5'H'5fi'l'E‘l'6'H5 at least one identified computer operations operation.
`
`6. (currently amended)
`
`The method of claim 1 further
`
`comprising executing, by the computer, the modified downloadable.
`
`OOOOO7
`DMSLIBRARYO1~169/46874.1
`
`000007
`
`
`
`7. (currently amended)
`
`The method of claim 6 wherein said
`
`executing comprises executing, by the computer, the modified
`
`downloadable in a secure environment.
`
`8. (currently amended)
`
`The method of claim 1 wherein said
`
`receiving comprises receiving, by the computer, the downloadable in
`
`transit to an intended destination computer, the method further
`
`comprising transmitting, by the computer, the meelified downloadable to
`
`the destination computer.
`
`9. (currently amended)
`
`The method of claim 1 wherein said
`
`receiving comprises receiving, by the computer, the downloadable in
`
`transit to an intended destination computer, the method further
`
`comprising preventing, by the computer, the downloadable from
`
`executing on the destination computer if me
`
`monitoring program code indicates that an input parameter to at least
`
`one identified computer operation is not valid.
`
`10. (currently amended)
`
`The method of claim 1 wherein said
`
`receiving comprises receiving, by the computer, the downloadable in
`
`transit to an intended destination computer, the method further
`
`comprising consulting, by the computer, a security policy to determine
`
`whether to forward the downloadable to the destination computer if said
`
`the monitoring program code indicates that an input
`
`parameter to at least one identified computer operation is not valid.
`
`11. (currently amended)
`
`The method of claim 1 wherein said
`
`the at least one
`
`OOOOO8
`DMSLIBRARY01-16946874.}
`
`000008
`
`
`
`appropriate validator function compares actual input parameters to the
`
`suspieieus at least one identified computer eperaieiens operation with at
`
`least one descriptor of valid input parameters for the suspieieus at least
`
`one identified computer operations operation.
`
`12. (currently amended)
`
`The method of claim 1 wherein said
`
`the at least one
`
`appropriate validator function compares actual input parameters to the
`
`suspieieus at least one identified computer operations with at least one
`
`descriptor of invalid input parameters for the suspieieus at least one
`
`identified computer eperatiens operation.
`
`13 — 15. (cancelled)
`
`16. (original)
`
`The method of claim 1 wherein the downloadable is
`
`Javascript program code.
`
`17. (original)
`
`The method of claim 1 wherein the downloadable is
`
`VBScript program code.
`
`18. (currently amended)
`
`The method of claim 1 wherein the
`
`downloadable is Flash object compiled program code, the method further
`
`comprising de—compiling, by the computer, the Flash object compiled
`
`program code to derive source code therefrom.
`
`19. (currently amended)
`
`The method of claim 1 wherein the
`
`downloadable is applet program code, the method further comprising de-
`
`OOOOO9
`DMSLIBRARYO1-169468741
`
`000009
`
`
`
`compiling, by the computer, the applet program code to derive source
`
`code therefrom.
`
`20. (currently amended)
`
`A computer security system, comprising:
`
`a receiver for receiving a downloadable;
`
`a scanner, coupled with said receiver, for scanning the
`
`downloadable to identify suspieieus computer operations therein, from a
`
`list of computer operations and corresponding validator functions for
`
`validating input parameters for the computer operations;
`
`a code modifier, coupled with said scanner, %He
`
`
`
`for appending monitoring program code to the downloadable thereby
`
`generating a modified downloadable, if at least one suspieieus computer
`
`operation from the list is identified by said scanner; and
`
`a processor, coupled with said code modifier, for executing
`
`p the modified downloadable,
`
`wherein the monitoring program code includes
`
`wHam the at least one appropriate validator function
`
`for validating input parameters for the suspieieus identified at least one
`
`computer operations operation, during run—time of the modified
`
`downloadable.
`
`21. (currently amended)
`
`The security system of claim 20 wherein
`
`the
`
`at least one appropriate validator function indicate if their t_h_e_ input
`
`parameters of the at least one identified computer operation are not
`
`successfully validated.
`
`000010
`DMSLIBRARYOI-16946874.]
`
`000010
`
`
`
`22. (currently amended)
`
`The security system of claim 21 wherein
`
`the wmm% at least one appropriate validator
`
`function iaelieate invoke an alert if their Lh_e input parameters of the at
`
`least one identified computer operation are not successfully validated by
`
`23. (currently amended)
`
`The security system of claim 21 wherein
`
`thew at least one appropriate validator
`
`function iaelieate generate a warning text message iftheir _t_h_§ input
`
`parameters of the at least one identified computer operation are not
`
`successfully validated
`
`24. (currently amended)
`
`The security system of claim 20 wherein
`
`the monitoring program code further includes program instructions fer
`
` 6F to replace invalid input parameters with valid input
`
`parameters in the saspieieus at least one identified computer eperatiens
`
`operation.
`
`25. (canceled)
`
`26. (original)
`
`The security system of claim 25 wherein said
`
`processor executes the modified downloadable in a secure environment.
`
`27. (currently amended)
`
`The security system of claim 20 wherein
`
`said receiver receives the downloadable in transit to an intended
`
`destination computer, the system further comprising a transmitter for
`
`transmitting the meelif-ied downloadable to the destination computer.
`
`00001 1
`DMSLIBRARYO1-16946874.}
`
`000011
`
`
`
`28. (currently amended)
`
`The security system of claim 20 wherein
`
`said receiver receives the downloadable in transit to an intended
`
`destination computer, and wherein said processor prevents the
`
`downloadable from executing on the destination computer if said
`
`code indicates that an input parameter to at least one identified computer
`
`operation is not valid.
`
`the monitoring program
`
`29. (currently amended)
`
`The security system of claim 20 wherein
`
`said receiver receives the downloadable in transit to an intended
`
`destination computer, and wherein said processor consults a security
`
`policy to determine whether to forward the downloadable to the
`
`destination computer if the monitoring program code
`
`indicates that an input parameter to at least one identified computer
`
`operation is not valid.
`
`30. (currently amended)
`
`The security system of claim 20 wherein
`
` p
`
` at least one appropriate validator function
`
`compares actual input parameters to the saspieieus at least one identified
`
`computer epei=atieH=s operation with at least one descriptor of valid input
`
`parameters for the saspieieas at least one identified computer eperatiens
`
`operation.
`
`31. (currently amended)
`
`The security system of claim 20 wherein
`
`
`
`praeesseateeempare at least one appropriate validator function
`
`compares actual input parameters to the saspieieus at least one identified
`
`OOOO12
`DMSLIBRARYOI-169468741
`
`000012
`
`
`
`computer erperatieas operation with at least one descriptor of invalid input
`
`parameters for the sespieieus at least one identified computer epeeatiens
`
`operation.
`
`32 - 34. (canceled)
`
`35. (original)
`
`The security system of claim 20 wherein the
`
`downloadable is Javascript program code.
`
`36. (original)
`
`The security system of claim 20 wherein the
`
`downloadable is VBScript program code.
`
`37. (original)
`
`The security system of claim 20 wherein the
`
`downloadable is Flash object compiled program code, and wherein said
`
`scanner de-compiles the program code to derive source code therefrom.
`
`38. (original)
`
`The security system of claim 20 wherein the
`
`downloadable is applet compiled program code, and wherein said scanner
`
`de-compiles the program code to derive source code therefrom.
`
`39. (currently amended)
`
`A computer—based method for identifying
`
`suspicious downloadables, comprising:
`
`receiving, by a computer, a downloadable;
`
`accessing, by the computer, a list of computer operations and
`
`corresponding validator functions for validating input parameters for the
`
`computer operations; and
`
`000013
`DMSLIBRARYO1-16946874. 1
`
`000013
`
`
`
`appending, by the computer, monitoring program code to the
`
`downloadable , wherein the
`
`monitoring program code includes :
`
`program instructions for identifying suspieieus
`
`computer operations from the list within the downloadable during run-
`
`time of the downloadable;
`
`
`
`and
`
`appropriate validator functions for validating input
`
`parameters for the suspieieus identified computer operations during run-
`
`time of the downloadable.
`
`40. (currently amended)
`
`The method of claim 39 wherein the
`
`
`
`appropriate validator functions indicate if their th_e input parameters Lg
`
`the identified computer operations are not successfully validated.
`
`41. (cancelled)
`
`42. (currently amended)
`
`The method of claim 39 wherein said
`
`receiving comprises receiving, by the computer, the downloadable in
`
`transit to an intended destination computer, the method further
`
`comprising transmitting, by the computer, the modified downloadable to
`
`the destination computerif the monitoring
`
`program code indicates that the input parameters to the identified
`
`computer operations are valid.
`
`OOOO14
`DMSLIBRARY01-16946874.!
`
`000014
`
`
`
`43. (original)
`
`The method of claim 39 wherein the downloadable is
`
`Javascript program code.
`
`44. (original)
`
`The method of claim 39 wherein the downloadable is
`
`VBScript program code.
`
`45. (currently amended)
`
`The method of claim 39 wherein the
`
`downloadable is Flash object compiled program code, the method further
`
`comprising de—compiling, by the computer, the Flash object compiled
`
`program code to derive source code therefrom.
`
`46. (currently amended)
`
`The method of claim 39 wherein the
`
`downloadable is applet program code, the method further comprising de-
`
`compiling, by the computer, the applet program code to derive source
`
`code therefrom.
`
`47. (currently amended)
`
`A computer security system, comprising:
`
`a receiver for receiving a downloadable;
`
`a code modifier, coupled with said scanner, for appending
`
`monitoring program code to the downloadable ’el=+ea=elay—geneFating—a
`
` ; and
`
`a processor, coupled with said code modifier, for executing
`
`we the downloadable,
`
`wherein the monitoring program code includes e%4%
`
` :
`
`program instructions for said processor to identify
`
`suspieieus computer operations during run—time of the downloadable,
`
`OOOO15
`DMSLIBRARY01-169468741
`
`000015
`
`
`
`from a list of computer qperations and corresponding validator functions
`
`for validating input parameters for the computer operations;
`
`
`
`appropriate validator functions to validate input
`
`parameters for the sespieiees identified computer operations during FH-F}
`
`time run-time of the downloadable.
`
`48. (currently amended)
`
`The security system of claim 47 wherein
`
`the
`
`'
`
`'
`
`'
`
`’
`
` appropriate validator functions indicate if their
`
`the input parameters to the identified computer operations are not
`
`successfully validated.
`
`49. (cancelled)
`
`50. (currently amended)
`
`The computer security system of claim
`
`47 wherein said receiver receives the downloadable in transit to an
`
`intended destination computer, the system further comprising a
`
`transmitter for transmitting the medified downloadable to the destination
`
`computerif the monitoring program
`
`code indicates that the input parameters for the suspieieus identified
`
`computer operations are valid.
`
`51. (original)
`
`The computer security system of claim 47 wherein
`
`the downloadable is JavaScript program code.
`
`000016
`DMSLIBRARY01-16946874.}
`
`000016
`
`
`
`52. (original)
`
`The computer security system of claim 47 wherein
`
`the downloadable is VBScript program code.
`
`53. (original)
`
`The computer security system of claim 47 wherein
`
`the downloadable is Flash object compiled program code, and further
`
`comprising a de-compiler for de-compiling the Flash object compiled
`
`program code to derive source code therefrom.
`
`54. (original)
`
`The computer security system of claim 47 wherein
`
`the downloadable is applet program code, and further comprising a de-
`
`compiler for de-compiling the applet program code to derive source code
`
`therefrom.
`
`55 — 56. (cancelled)
`
`OOOO17
`DMSLIBRARYO1-169468741
`
`000017
`
`
`
`REMARKS
`
`Applicants have carefully studied the outstanding Office
`
`Action. The present amendment is intended to place the application in
`
`condition for allowance and is believed to overcome all of the objections
`
`and rejections made by the Examiner. Favorable reconsideration and
`
`allowance of the application are respectfully requested.
`
`Applicants have cancelled claims 13 — 15, 25, 32 — 34,
`
`41, 49, 55 and 56, and amended claims 1 — 12, 18 - 24, 27 — 31, 39,
`
`40, 42, 45 — 48 and 50 to more properly claim the present invention.
`
`No new matter has been introduced, and support for the claim
`
`amendments is provided hereinbelow. Claims 1 — 12, 16 — 24, 26 — 31,
`
`35 — 40, 42 — 48 and 50 - 54 are presented for examination.
`
`Claim Rejections - 35 U.S.C. §101
`
`On page 2 of the Office Action, the Examiner has
`
`rejected claims 1 — 19 and 39 — 46 under 35 U.S.C. §101 as being
`
`directed to non-statutory subject matter. Applicants have amended the
`
`claims accordingly.
`
`Claim Rejections - 35 U.S.C. §102
`
`On pages 3 — 21 of the Office Action, the Examiner has
`
`rejected claims 1 — 56 under 35 U.S.C. §102(b) as being anticipated by
`
`Gruzman et al., U.S. Publication No. 2007/0136811 A1 ("Gruzman").
`
`Applicants have cancelled claims 13 — 15, 25, 32 — 34, 41, 49, 55 and
`
`56 without acquiescence to the Examiners’ reasons for rejection, and
`
`respectfully submit that rejection of these claims is this rendered moot.
`
`OOOO18
`DMSLIBRARYOI-16946874.}
`
`000018
`
`
`
`The rejection of claims 1 - 12, 16 ~— 24, 26 — 31, 35 —— 40, 42 — 48 and
`
`50 — 54 is discussed in detail hereinbelow.
`
`Brief Discussion of Prior Art
`
`Gruzman describes protection of client computers
`
`against dynamically generated malicious code hidden within content
`
`downloaded from the Internet, including malicious code that is generated
`
`at run-time while a client computer is evaluating input of a function call in
`
`the downloaded content (Gruzman/ paragraph 0019). Gruzman replaces
`
`function calls in the downloaded content with substitute function calls,
`
`which pass their inputs at run—time to a content inspector. The content
`
`inspector sends an indicator to the client computer, as to whether or not
`
`it is safe for the client computer to invoke a function call (Gruzman/ FIG.
`
`3 and 5).
`
`Response to Examiner's Arguments
`
`Aspects of the claimed invention concern protection of
`
`client computers against malicious code that is disguised within one or
`
`more input parameters of object methods there are generally safe
`
`(subject specification/ paragraphs 0008 - 0010). A gateway computer
`
`modifies a downloadable by appending program code that includes input
`
`validator functions for validating input parameters of object methods
`
`(subject specification/ paragraphs 0035 — 0037). When the gateway
`
`computer, while executing the downloadable, encounters a specific
`
`method call from a list of object methods, it invokes the corresponding
`
`input validator function to analyze the specific input of the specific
`
`method and to determine whether or not it is safe for the client computer
`
`OOOO19
`DMSLIBRARYO1-16946874.}
`
`000019
`
`
`
`to invoke the specific method with the specific input (subject
`
`specification/ paragraphs 0040 and 0041).
`
`In order to further clarify the claimed invention vis-a-vis
`
`the cited prior art, applicants have amended the claims to include the
`
`limitation of a list of computer operations and input parameters validator
`
`functions therefor, and the limitation of appending at least one validator
`
`function to a downloadable, for validating input parameters to computer
`
`operations during run-time. The prior art fails to disclose these
`
`limitations.
`
`The rejections of claims 1 — 12, 16 —- 24, 26 — 31, 35
`
`—— 40, 42 —- 48 and 50 — 54 on pages 3 —- 21 of the Office Action will now
`
`be dealt with specifically.
`
`As to amended independent method claim 1, applicants
`
`respectfully submit that the limitations in claim 1 of
`
`“accessing, by the computer,
`
`a
`
`list of computer
`
`operations and corresponding validator functions for validating input
`
`parameters for the computer operations”, and
`
`“appending, by the computer, monitoring program code
`
`to the downloadable thereby generating a modified downloadable,
`
`wherein the monitoring program code includes
`
`the at
`
`least one
`
`appropriate validator function for validating input parameters for the at
`
`least one identified computer operation, during run-time of the modified
`
`down/oadable”
`
`are neither shown nor suggested in Gruzman.
`
`In rejecting dependent clam 5, the Examiner has cited
`
`Gruzman as disclosing replacing function calls with substitute function
`
`calls. Applicants respectfully submit that this is different than the claimed
`
`000020
`DMSLIBRARYO I -1 6946874.]
`
`000020
`
`
`
`replacing of input parameters with valid input parameters for the same
`
`computer operation.
`
`In rejecting dependent claim 11, the Examiner has cited
`
`Gruzman, paragraphs 0068, 0085, 0086 and 0099 as describing
`
`comparing actual input parameters for a computer operation to a
`
`descriptor of valid input parameters for the computer operation.
`
`Applicants respectfully submit that the cited paragraphs of Gruzman
`
`relate to comparing a security profile with a security policy, but Gruzman
`
`fails to disclose comparing actual input parameters with a descriptor of
`
`valid input parameters. E.g., GET, POST, HEAD, DELETE, PUT, CONNECT
`
`and OPTIONS are valid input parameters for the method
`
`setRequestHeader() (subject specification/ paragraph 0036). Moreover,
`
`actual input parameters do not comprise a “security profile”, and a
`
`descriptor of valid input parameters does not comprise a “security policy”,
`
`as these terms are defined in paragraph 0045 of Gruzman.
`
`Similarly, in rejecting dependent claim 12, the Examiner
`
`has cited Gruzman, paragraphs 0068, 0085, 0086 and 0099 as describing
`
`comparing actual input parameters for a computer operation to a
`
`descriptor of invalid input parameters for the computer operation.
`
`Applicants respectfully submit that the cited paragraphs of Gruzman
`
`relate to comparing a security profile with a security policy, but Gruzman
`
`fails to disclose comparing actual input parameters with a descriptor of
`
`invalid input parameters.
`
`Because claims 2 — 12 and 16 — 19 depend from claim
`
`1 and include additional features, applicants respectfully submit that
`
`claims 2 —- 12 and 16 — 19 are not anticipated or rendered obvious by
`
`Gruzman.
`
`OOOO21
`DMSLIBRARY01-16946874.]
`
`000021
`
`
`
`Accordingly claims 1 — 12 and 16 — 19 are deemed to
`
`be allowable.
`
`As to amended independent system claim 20, applicants
`
`respectfully submit that the limitations in claim 20 of
`
`“a scanner, coupled with said receiver, for scanning the
`
`downloadable to identify computer operations therein,
`
`from a list of
`
`computer operations and corresponding va/idator functions for validating
`
`input parameters for the computer operations”, and
`
`“a code modifier, coupled with said scanner, for
`
`appending monitoring program code to the downloadable wherein the
`
`monitoring program code includes the at least one appropriate validator
`
`function for validating input parameters for the identified at least one
`
`computer operation, during run—time of the modified downloadab/e”
`
`are neither shown nor suggested in Gruzman.
`
`In rejecting dependent clam 24, the Examiner has cited
`
`Gruzman as disclosing replacing function calls with substitute function
`
`ga_ll_s. Applicants respectfully submit that this is different than the claimed
`
`replacing of input parameters with valid input parameters for the same
`
`computer operation.
`
`In rejecting dependent claim 30, the Examiner has cited
`
`Gruzman, paragraphs 0068, 0085, 0086 and 0099 as describing
`
`comparing actual input parameters for a computer operation to a
`
`descriptor of valid input parameters for the computer operation.
`
`Applicants respectfully submit that the cited paragraphs of Gruzman
`
`relate to comparing a security profile with a security policy, but Gruzman
`
`fails to disclose comparing actual input parameters with a descriptor of
`
`valid input parameters.
`
`OOOO22
`DMSLIBRARYO 1 -1 6946874.1
`
`000022
`
`
`
`Similarly, in rejecting dependent claim 31, the Examiner
`
`has cited Gruzman, paragraphs 0068, 0085, 0086 and 0099 as describing
`
`comparing actual input parameters for a computer operation to a
`
`descriptor of invalid input parameters for the computer operation.
`
`Applicants respectfully submit that the cited paragraphs of Gruzman
`
`relate to comparing a security profile with a security policy, but Gruzman
`
`fails to disclose comparing actual input parameters with a descriptor of
`
`invalid input parameters.
`
`Because claims 21 —— 24, 26 —— 31 and 35 — 38 depend
`
`from claim 20 and include additional features, applicants respectfully
`
`submit that claims 21 —— 24, 26 —— 31 and 35 — 38 are not anticipated or
`
`rendered obvious by Gruzman.
`
`Accordingly claims 20 —— 24, 26 -— 31 and 35 — 38 are
`
`deemed to be allowable.
`
`As to amended independent method claim 39,
`
`applicants respectfully submit that the limitations in claim 39 of
`
`“accessing, by the computer,
`
`a
`
`/ist of computer
`
`operations and corresponding va/idator functions for validating input
`
`parameters for the computer operations”, and
`
`“appending, by the computer, monitoring program code
`
`to the downloadable, wherein the monitoring program code includes
`
`appropriate va/idator functions for validating input parameters for the
`
`identified computer operations during run—time of the downloadable’’
`
`are neither shown nor suggested in Gruzman.
`
`Because claims 40 and 42 - 46 depend from claim 39
`
`and include additional features, applicants respectfully submit that claims
`
`40 and 42 — 46 are not anticipated or rendered obvious by Gruzman.
`
`OOOO23
`DMSLIBRARY01-169468741
`
`000023
`
`
`
`Accordingly claims 39, 40 and 42 ~ 46 are deemed to
`
`be allowable.
`
`As to amended independent system claim 47, applicants
`
`respectfully submit that the limitation in claim 47 of
`
`“a code modifier, coupled with said scanner, for appending
`
`monitoring program code to the downloadable wherein the monitoring
`
`program code includes: program instructions for said processor to identify
`
`computer operations during run—time of the downloadable, from a list of
`
`computer operations and corresponding validator functions for validating
`
`input parameters for the computer operations; and appropriate validator
`
`functions to validate input parameters for the identified computer
`
`operations during run—time of the downloadable ”
`
`is neither shown nor suggested in Gruzman.
`
`Because claims 48 and 50 — 54 depend from claim 47
`
`and include additional features, applicants respectfully submit that claims
`
`48 and 50 — 54 are not anticipated or rendered obvious by Gruzman.
`
`Accordingly claims 47, 48 and 50 — 54 are deemed to
`
`be allowable.
`
`Support for Amended Claims in Original Specification
`
`Independent method claim 1 has been amended to
`
`include the limitation of accessing a list of computer operations and
`
`corresponding validator functions for validating input parameters for the
`
`computer operations.
`
`This
`
`limitation is
`
`supported in
`
`the original
`
`specification at least by paragraphs 0036 and 0037, and by lines 6 — 9 of
`
`the example source code on page 9.
`
`Specifically, VulnAcxStruct[]
`
`includes a list of object methods and function definitions for validator
`
`OOOO24
`DMSLIBRARYOI-169468741
`
`000024
`
`
`
`functions, such as the validator function in paragraph 0036 for the object
`
`method setRequestHeader().
`
`Independent method claim 1 has also been amended to
`
`include the limitation that
`
`the appended monitoring program code
`
`includes the at least one appropriate validator function for validating input
`
`parameters for the at least one identified computer operation, during run-
`
`time of the modified downloadable. This limitation is supported in the
`
`original specification at least by paragraph 0035, by lines 11 — 36 of the
`
`example source code on page 9, and by step 250 of FIG. 2.
`
`Independent system claim 20 has been amended to
`
`include the limitation that the scanner identifies computer operations
`
`within the downloadable from a
`
`list of computer operations and
`
`corresponding validator functions for validating input parameters for the
`
`computer operations.
`
`This
`
`limitation is
`
`supported in
`
`the original
`
`specification at least by paragraphs 0036 and 0037, and by lines 6 — 9 of
`
`the example source code on page 9.
`
`Independent system claim 20 has also been amended
`
`to include the limitation that the appended monitoring program code
`
`includes at least one appropriate validator function for validating input
`
`parameters for the identified at least one computer operation, during run-
`
`time of the modified downloadable. This limitation is supported in the
`
`original specification at least by paragraph 0035, by lines 11 — 36 of the
`
`example source code on page 9, and by step 250 of FIG. 2.
`
`Independent method claim 39 has been amended to
`
`include the limitation of accessing a list of computer operations and
`