Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/27/2021 has been entered. This action is made Non-Final.
 
Status of claims
This office action is in response to claims filed on 01/27/2021
Claims 1-20 are pending and rejected; claims 1, 13 and 20 are independent claims

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/27/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments
Applicant's arguments filed 01/27/2021 have been fully considered but they are moot because of new grounds of rejection. 


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: First, 


Claim 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Wasiq et al. US 10,409,995 B1 (hereinafter Wasiq) in view of Sultan et al. US Pub. No. 2016/0373481 A1 (hereinafter Sultan).

Wasiq teaches:
As to claim 1. A method comprising: 
creating a designated graph representation of a designated application stored in a memory module (see Wasiq Figs. 1-3, ¶¶11-12), the designated graph representation including a plurality of nodes and a plurality of edges connecting the nodes (see Wasiq Fig. 3 and  ¶¶11-13, the services represented as nodes in the graph and the edges representing communication paths between services), each of the nodes representing a computer programming code statement associated with the designated application (see Fig. 3, ¶¶11-13, the term "graph" refers to the discrete mathematical structure of a set of related objects ( nodes) linked by edges), one or more of the nodes representing a logical flow control statement associated with the designated application (see Figs. 1-3 and ¶¶16, 36,  program code, the term "graph" refers to the discrete mathematical structure of a set of related objects ( nodes) linked by edges),  each of the edges representing a logical linkage between a respective two or more computer programming code statements associated with the designated application (see Figs. 1-3 and ¶¶16, 36,  program code, the term "graph" refers to the discrete mathematical structure of a set of related objects ( nodes) linked by edges); 
 (see Wasiq Fig. 5 ¶¶18, 62-66, the monitor 106 would detect the configuration change and make a determination whether the security review 112 is warranted)
when it is determined that the designated application constitutes a security risk, transmitting a message from a communications interface to prevent the designated application from being executed (see Wasiq Fig. 5 and ¶¶27, 30, 51, 55, a threshold is dynamically determined (e.g., the system of the present disclosure may dynamically calculate a threshold such that security reviews are performed according to a specified frequency). In some embodiments, the threshold can be set by security personnel of a computing resource service provider. In some embodiments, thresholds are set individually for each end-to-end path tracked)
Wasiq does not explicitly teach the following however Sultan teaches:
determining via a processor whether the designated application constitutes a security risk by comparing the designated graph representation with a plurality of comparison graph representations, a designated subset of the comparison graph representations each representing a respective portion of computer programming code identified as malicious, each of the comparison graph representations being associated with a respective comparison application, each comparison involving identifying one or differences between nodes and edges in the designated graph representation and nodes and edges in the comparison graph representation (see Sultan ¶54, graph may be generated as having nodes representing resources (e.g., software libraries, services of a computing resource service provider, network addresses and ports, processors of a virtual machine, software processes, etc.) and edges representing relationship (e.g., software library dependency, network connection, etc.) between those nodes;¶¶19 96, analysis of the data may include walking each node/edge in the graph and determining, at each node, whether and what potential security risks exist; ¶100, analysis of the graph may include comparing the current generated graph to a previously generated graph to identify any differences, which may indicate potential vulnerabilities).

Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing end-to-end change tracking for triggering website security disclosed by Wasiq to include the threat detection and mitigation through run-time introspection and instrumentation, as thought by Sultan, in order to compare differences between nodes and edges in the designated graph representation and 
As to claim 2, the combination of Wasiq and Sultan teaches, the method, wherein the comparison applications include two or more prior versions of the designated application (see Wasiq ¶16, repository 104 may be configured to maintain a historical record (e.g., version control) of the data objects stored within, and may include functionality for rolling back to previous versions of the data object and/or retrieving particular versions of data objects). 

As to claim 3, the combination of Wasiq and Sultan teaches, the method, wherein determining whether the designated application constitutes a security risk comprises determining whether the designated graph representation includes one or more statements not present in the comparison graph representations corresponding with the prior versions of the designated application (see Wasiq Fig. 4, ¶¶11, 68, the detection may be performed in various ways, such as a notification received from the repository 660, polling the repository 660 for the most recent version of the source code and comparing that version with a last recent version known by the monitor 640) . 

As to claim 4, the combination of Wasiq and Sultan teaches, the method, wherein each of the comparison applications are stored within a storage repository within an on-demand computing services environment, the on-demand computing services environment providing computing services to a plurality of client organizations (see Wasiq Fig. 1 and ¶29, the techniques may be applied to an organization's enterprise software that is made of a collection of computer programs that are not necessarily web/browser-based). 

wherein determining whether the designated application constitutes a security risk comprises determining whether the designated graph representation includes one or more nodes corresponding with respective computer programming code statements to transmit information outside the on-demand computing services system (see Wasiq Figs. 4-3 and ¶¶36, 46, the term "graph" refers to the discrete mathematical structure of a set of related objects (nodes) linked by edges. The end-to-end call graph 300 may be determined in various ways. For example, the computing resource service provider that hosts the services may have a service (recording service) that follows every "hop" on the call path to record the service caller and callee). 

As to 6, the combination of Wasiq and Sultan teaches, the method, wherein determining whether the designated application constitutes a security risk comprises determining whether the designated graph representation includes one or more nodes corresponding with respective computer programming code statements to update information stored within the on-demand computing services system (see Wasiq Fig. 4 and ¶47, the service A 404A and the service D 404D have both been updated since the last security review associated with the frontend 402) . 

As to claim 7, the combination of Wasiq and Sultan teaches, the method, wherein determining whether the designated application constitutes a security risk comprises determining whether the designated graph representation includes one or more nodes corresponding with respective computer programming code statements to update information retrieved from the on-demand computing services system (see Wasiq ¶47, the code churn weight computed for the change to the service A 404A, based on factors that could include size of the change, sensitivity classification of the data handled by the service A 404A) . 

wherein determining whether the designated application constitutes a security risk comprises determining whether the designated graph representation includes one or more statements not present in the comparison graph representations corresponding with the comparison applications see Wasiq ¶12, a monitoring component of the system of the present disclosure monitors a repository for changes to code of services represented by nodes in the end-to-end request call graph). 

As to claim 9, the combination of Wasiq and Sultan teaches, the method, wherein the designated application is authored by one of the client organizations (see Wasiq ¶117, application server 708 can include any appropriate hardware, software, and firmware for integrating with the data store 710 as needed to execute aspects of one or more applications for the electronic client device 702). 

As to claim 10, the combination of Wasiq and Sultan teaches, the method, wherein the designated application is authored by a third-party software developer to the on-demand computing services environment (see Wasiq ¶122, These devices also can include other electronic devices, such as dummy terminals, thin -clients, gaming systems, and other devices capable of communicating via a network). 

As to claim 11, the combination of Wasiq and Sultan teaches, the method, wherein each of the comparison applications is configured to access information stored within a multi-tenant database in the on-demand computing services environment, the multi-tenant database storing information associated with the plurality of client organizations (see Sultan ¶78, the customer 604 may be an individual that utilizes the services of the computing resource service provider 602 to deliver content to a working group located remotely. As shown in FIG. 6, the customer 604 may communicate with the computing resource service provider 602 through a network 606, whereby the network 606 may be a communication network, such as the Internet, an intranet or an Internet service provider (ISP) network 

As to claim 12, the combination of Wasiq and Sultan teaches the method recited in claim 1, wherein the comparison applications are accessible via an application exchange, the application exchange providing applications for purchase via a network (see Sultan ¶79, the computing resource service provider 602 may provide various computing resource services to its customers). 
As to independent claim 13, this claim directed to a computer device executing the method of claim 1; therefore it is rejected along similar rationale.
As to independent claim 20, this claim directed to one or more non-transitory computer readable media having instructions stored thereon for performing the method of claim 1; therefore it is rejected along similar rationale.
As to dependent claims 14-19, this claims contain substantially similar subject matter as claim 2-7; therefore they are rejected along the same rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478.  The examiner can normally be reached on Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NEGA WOLDEMARIAM/Examiner, Art Unit 2433           

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433