DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/03/2020 has been entered.
 
Response to Amendment
3. 	This communication is in response to the amendment filed on 12/03/2020. The Examiner has acknowledged the amended Claims 1, 13 and 15. Claim 14 has been cancelled and new Claim 19 has been added. Claims 1-13 and 15-19 are pending and Claims 1-13 and 15-19 are rejected.

Response to Arguments
4.	Applicant's Arguments (Remarks) filed 12/03/2020 have been fully considered but they are not persuasive and/or now moot in view of the new ground of rejection necessitated by applicant's amendment. 

5.	The rejection of Claim 14 under 35 U.S.C. 112 (b) has been withdrawn in view of cancellation of Claim 14.
maintained. Applicant’s arguments [REMARKS: Pages 7-10] have been fully considered, but they are not persuasive. Further, newly added Claim 19 is also rejected based on being directed to an abstract idea.
Applicant argues “the identified abstract idea must be one of the above groupings.1 Although not clear for Claim 15, the Final Office Action states that claim 1 “covers performance of the limitation in the mind but for the recitation of generic computer components.” and As an initial matter, the graphical user interface clearly cannot be a mental process. The mental process includes an observation, evaluation, judgment, opinion, but does not and cannot include a graphical user interface as claimed.”
However, Examiner respectfully disagrees. Examiner has clearly identified the limitations in the final office action that “extracting a plurality of software objects…, finding relationships between the extracted software objects….” and “identifying an entry point…”, are processes that, under their broadest reasonable interpretation, covers performance of the limitation in the mind. Further, producing a display using graphical user interface does not integrate the abstract idea into a practical application, and the examiner has evaluated displaying using a graphical user interface and finds it nothing more than insignificant extra-solution activity. Merely using a computer as a tool to perform an abstract idea does not integrate the abstract idea into a practical application.
Applicant further argues “the extent the claims are found to recite a judicial exception, these claims each integrate any abstract idea into a practical application. For example, Claim 1 recites extraction of software objects that are stored, database creation, and a graphical user interface; and Claim 15 recites worker modules, queues, memory storage locations, and a computer platform for extraction of software objects that are stored and database creation. These additional elements represent “a particular machine or manufacturer that is integral to the claim.”

Applicant further argues “Applicant disagrees as to the conventionality of such elements. However, whether or not those elements are conventional is expressly removed from the analysis:
Because revised Step 2A does not evaluate whether an additional element is well understood,
routine, conventional activity, examiners are reminded that a claim that includes conventional elements may still integrate an exception into a practical application, thereby satisfying the subject matter eligibility requirement of Section 101." 2019 PEG, p.55.”
Although conventionality is no longer part of the analysis under Step 2A, even if the above
example recited elements were considered conventional, they still act to integrate any potential
exception into a practical application.
The examiner disagrees. However, the 2019 PEG does not change the Step 2B analysis, which still evaluates whether the additional elements are unconventional or otherwise more than not significantly more than well-understood, routine, conventional activities in the field (Please refer to the 101 rejection below for detailed analysis).

7. 	The claim interpretation (i.e. Claim 15) has been maintained. Applicant’s arguments have been considered but they are not persuasive. 
Applicant argues “Final Office Action states "the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier." This mere statement does not meet the rebuttable presumption that must be overcome. There is no rationale as to why this claim language would be interpreted under 112(f).”
The examiner respectfully disagrees. Claim 15 recites modules (i.e. worker modules) to perform functions (i.e. worker modules to extract a plurality of software objects). However, the “modules” recited in the claim are generic placeholders (i.e. non-structural terms)  and are not modified by sufficient structure (i.e. “worker” module does not provide a sufficient structure and not a well-known structure in the art network security and/or have no specific structural meaning for performing the claimed function). Therefore, the claim interpretation is maintained. 

8.       	The rejections of Claims 1-13 and 15-18 under 35 U.S.C. 103 have been maintained. The rejection of Claim 14 has been withdrawn in view of cancellation of Claim 14. Applicant’s arguments [REMARKS: Pages 10-12] have been fully considered, but they are not persuasive, and/or moot in view of the new ground of rejection necessitated by Applicant's amendment. 

However, the examiner respectfully disagrees. Brodie discloses the processor divides the source code into security-related components and security-non-related components (Brodie: ¶ [0043]), blocks are divided into blocks including lower risk changes 102 and higher risk changes 104…, For blocks representing changes to code…, distance between block 102, 104 may indicate relation between the changes. For example, overlapping blocks may indicate that the changes are directly related to each other (Brodie: ¶ [0034]), the security metrics can include a quantity of security-related defects, a quantity of defects, a quantity of code changes, or any combination thereof…, enable previously unknown security risks to be detected and resolved before they become widely known. Furthermore, the techniques provide insight to, and inform, designers, developers, and security analysts on new patterns that may have been previously unrecognized or unseen in the vastness of a code (Brodie: ¶ [0014], also see Fig. 2), highlight connected higher risk changes 104 along the chain 202 for closer inspection..., rather than just analyzing individual changes for security risks, a reviewer may then determine whether a feature may be exploited at each higher risk 104 change along the chain 202…, the visual representation 200 may enable a reviewer to check for security risks stemming from a chain of higher risk changes 104 (Brodie: ¶ [0039]). Brodie further discloses the processor may generate one or more visual representations including one or more recommendations (Brodie: ¶ [0045]), the processor generates a visual representation comprising a highlighted area of concern…, the visual representation may depict potential problems from a non-security point of view…, the processor can modify testing of applications by removing portions of  Therefore, a PHOSITA would have understood Brodie discloses the features that the applicant is arguing about.
Applicant further argues “The combination of Brodie and Nakajima fail to disclose
or render obvious the claimed cross-referencing of end-user activities as claimed.”  and The combination of Brodie and Nakajima fail to disclose or render obvious the claimed end-user activity as claimed.”
However, the examiner respectfully disagrees. It is noted that Brodie discloses visual representation 200 of FIG. 2 indicates problem clustering and potential hidden workflow issues and risks, from a security point of view. For example, the representation 200 may take into account additional information that may affect whether an alert actually indicates a weakness, such as control and data flow…, a reviewer may then determine whether a feature may be exploited at each higher risk 104 change along the chain 202…, the visual representation 200 may enable a reviewer to check for security risks stemming from a chain of higher risk changes (Brodie: ¶ [0039]), the processor may also detect that a threshold number of security defects is exceeded at the security-nonrelated components. In some examples, based on the results of the comparison, the processor may generate one or more visual representations including one or more recommendations (Brodie: ¶ [0045]), compare the security metrics of the security related components with the security metrics of the security non-related components…,the techniques provide insight to, and inform, designers, developers, and security analysts on new patterns that may have been previously unrecognized or unseen in the vastness of a code and previously unrelated dimensions of data (Brodie: ¶ [0014]). Therefore, a PHOSITA would have understood that Brodie discloses the feature applicant is arguing about.

However, the examiner disagrees. In response to applicant’s argument that the references fail to show certain features of applicant's invention, it is noted that the features upon which applicant relies (i.e., “extract end user activity executed by the identified entry point”) are not recited in Claim 19.  
Applicant’ arguments with respect to dependent claims are based on their dependency on respective independent claims and therefore found unpersuasive for the same reasons discussed above.

Claim Objections
9.	Claim 19 is objected to because of the following informalities:  
In Claim 19 , the preamble recites “The entry point finder claim 15,” (emphasis added)  should read as “The entry point finder of claim 15,”(emphasis added). 
Appropriate correction is required.
			
Claim Rejections - 35 USC § 101
10.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



11.	Claim(s) 1-19 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to mental processes (which is an abstract idea) without significantly more. The limitations “extracting a plurality of software objects…, finding relationships between the extracted software mutatis mutandis.
This judicial exception is not integrated into a practical application. In particular, the additional elements recited in the independent claims–i.e. “storing the extracted…, creating a database…, and producing graphical display” are nothing more than insignificant extra-solution activities. See MPEP 2106.05(g) (“An example of post-solution activity is an element that is not integrated into the claim as a whole, e.g., a printer that is used to output a report of fraudulent transactions”). Further, the computer system is recited at a high-level of generality (i.e., as a generic computer system performing a generic computer functions storing and creating a database) such that it amounts to no more than mere instructions to apply the exception using a generic computer component. In addition, claim does not define any special way of producing graphical display of the created relationships among objects.  The claimed invention merely display information (recited at a high level of generality, for example, See Applicant’s disclosure Pub. No: US 2019/0050579 A1, ¶ 
Furthermore, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception.  As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a generic computer component to perform the “extracting a plurality of software objects…, finding relationships between the extracted software objects….” and “identifying an entry point…” functions amounts to no more than mere instructions to apply the exception using a generic computer component.
Dependent claim(s) 2-13, and 16-18 are rejected under 35 U.S.C. § 101 based upon consideration of all of the relevant factors with respect to the claims as a whole.  The claims are held to be ineligible subject matter at least for the reasons presented above with respect to Claims 1 and 15, respectively, because the additional limitations are subject to the same defects of Claims 1 and 15.  Claims 2-4 and 16-18 do not define any special graphical representation as the result of the finding relationships. The claimed invention merely provides graphical information connecting nodes based on the relationship (recited at a high level of generality) as also discussed also with respect to independent claims. Moreover, the functions of extracting software objects and generate a Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015) (Storing and retrieving information in memory are conventional and well-known limitations involving a computer) (See MPEP 2106.05(d)); As noted above, the combination of these elements merely defines performing these functions by a generic computer component(s). Further in Claims 5-13, the additional limitations further recite mental steps and/or well-understood (See MPEP 2106.05(d)) and/or insignificant extra-solution activities. See Subject Matter Eligibility Guidance, 84 Fed. Reg. 4 (2019-01-07); MPEP 2106.05(f) as discussed above (i.e. querying, receiving, storing, selecting, extracting, reading, determining, creating, graphical representation). In addition, newly added claim 19 further recites another mental step “i.e. determine a vulnerability based on the end user activity” and is not patent eligible. Therefore, Claims are directed an abstract idea without significantly more and are not patent eligible.

Claim Interpretation
12.	The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

13.	The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 

14.	This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: extract, with one or more of the worker modules, a plurality of software objects…in claim 15.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


Claim Rejections - 35 USC § 103
15.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



16.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

17.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

s 1-5 and 10-13 and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over BRODIE et al. (US 2018/0198814 A1, hereinafter Brodie) in view of NAKAJIMA et al. (US 2017/0286692 A1, hereinafter Nakajima). 

	
Regarding Claim 1,
Brodie discloses a computer-based method of analyzing a business-critical application computer system to find relationships among software objects associated with the business-critical application computer system (Brodie: ¶ [0003] method can include receiving, via a processor, a source code and history information…, method can include comparing, via the processor, the security metrics of the security-related components with the security metrics of the security-non-related components, ¶ [0041] identify security risks in code using a security metric comparison), the method comprising: 
extracting a plurality of software objects from the business-critical application computer system (Brodie: ¶ [0003] dividing, via the processor, the source code into security-related components and security-non-related components, ¶ [0042] a processor receives source code and history information. For example, the history information can include a version control history or a defect history, or both, ¶ [0043] the processor divides the source code into security-related components and security-non-related components); 
finding relationships between the extracted software objects that are stored in the computer-based search platform (Brodie: ¶ [0003], ¶ [0034] visual representation 100 includes blocks representing changes to code…, distance between block 102, 104 may indicate relation between the changes. For example, overlapping blocks may indicate that the changes are directly related to each other. In some examples, higher risk changes 104 may indicate high severity and high quantity of defects found, or high quantity or volume of changes to code, ¶ [0045] the processor compares the security metrics of the security-related components with the security metrics of the security-non-related components, ¶ [0045], ¶ [0052]); and 
creating a database that represents the extracted software objects and the relationships between the extracted software objects (Brodie: ¶ [0034] visual representation 100 includes
blocks representing changes to code…, distance between block 102, 104 may indicate
relation between the changes. For example, overlapping blocks may indicate that the changes are directly related to each other. In some examples, higher risk changes 104 may
indicate high severity and high quantity of defects found, or high quantity or volume of changes to code, ¶ [0036], See Fig. 3);
producing a graphical user interface for the created database that displays each respective of the extracted software objects as a single node and displays one or more of the relationships as one or more connectors between the nodes that correspond to the related software objects (Brodie: ¶ [0067] mark a code element that includes a known vulnerability as a security-related component, ¶ [0038] the visual representation 200 includes a detected chain 202 of relationships between higher risk changes 104, ¶ [0039] highlight connected higher risk changes 104 along the chain 202 for closer inspection, ¶ [0034] visual representation 100 includes blocks representing changes to code…, distance between block 102, 104 may indicate relation between the changes. For example, overlapping blocks may indicate that the changes are directly related to each other. In some examples, higher risk changes 104 may indicate high severity and high quantity of defects found, or high quantity or volume of changes to code, ¶ [0039] highlight connected higher risk changes 104 along the chain 202 for closer inspection..., rather than just analyzing individual changes for security risks, the visual representation 200 may enable a reviewer to check for security risks stemming from a chain of higher risk changes 104., See Fig. 2); 
(Brodie: ¶ [0037] visual representation identifying security risks in code from a security point of view. The system visual representation can be generated by any suitable computing device, such as the computing device, ¶ [0043] the processor divides the source code into security-related components and security-non-related components, ¶ [0034] blocks are divided into blocks including lower risk changes 102 and
higher risk changes 104…, For blocks representing changes to code…, distance between block 102, 104 may indicate relation between the changes. For example, overlapping blocks may indicate that the changes are directly related to each other, ¶ [0039] the visual
representation 200 may enable a reviewer to check for security risks stemming from a chain of higher risk changes, ¶ [0062] computer readable program instructions may execute entirely on the user's computer, partly on the user's compute, ¶ [0014] enable previously unknown security risks to be detected and resolved before they become widely known. Furthermore, the techniques provide insight to, and inform, designers, developers, and security analysts on new patterns that may have been previously unrecognized or unseen in the vastness of a code, ¶ [0066], See Fig. 2), wherein the extracted software objects and the relationships that cannot be accessed by the end user are not identified as an entry point (Brodie:   ¶ [0043] the processor divides the source code into security-related components and security-non-related components, ¶ [0014] the processor may divide the source code into security-related components and security-non-related components by marking code elements as security-related components based on one or more static detectors of known vulnerabilities, based on a received list of security-related code areas to be marked
as security-related components, based on the defect history, or based on an affected components analysis, ¶ [0014], ¶ [0052]); and 
cross-referencing end-user activities against the identified entry point for determining vulnerabilities (Brodie: ¶ [0039] visual representation 200 of FIG. 2 indicates problem clustering and potential hidden workflow issues and risks, from a security point of view. For example, the representation 200 may take into account additional information that may affect whether an alert actually indicates a weakness, such as control and data flow…, a reviewer may then determine whether a feature may be exploited at each higher risk 104 change along the chain 202…, the visual representation 200 may enable a reviewer to check for security risks stemming from a chain of higher risk changes, ¶ [0045] the processor may also detect that a threshold number of security defects is exceeded at the security-nonrelated
components. In some examples, based on the results of the comparison, the processor may generate one or more visual representations including one or more recommendations, also see ¶ [0014] compare the security metrics of the security related components with the security metrics of the security non-related components…,the techniques provide insight to, and inform, designers, developers, and security analysts on new patterns that may have been previously unrecognized or unseen in the vastness of a code and previously unrelated
dimensions of data, ¶ [0052]).
However, it is noted that Brodie does not explicitly disclose storing the extracted software objects in a computer-based search platform; 
creating a database that represents the extracted software objects and the relationships between the extracted software objects; and 
 for the created database that displays each respective of the extracted software objects as a single node and displays one or more of the relationships as one or more connectors between the nodes that correspond to the related software objects.
However, Nakajima from a same or similar field of endeavor discloses the vulnerability finding device 10 has: a vulnerability related database (DB) 11; a vulnerability extracting unit 12; a disassembling unit 13; a normalization processing unit 14; a matching unit 15; and a vulnerability candidate DB 16. Each of these components is connected to be able to input and output signals and data unidirectionally or bidirectionally (Nakajima: ¶ [0019], also see ¶ [0045]), information on the code clone obtained as a result of the matching, and causes the information to be stored in the vulnerability candidate DB 16 (Nakajima: ¶ [0022]), and may calculate, upon the matching, a similarity indicating how similar the program code (matching source) of the vulnerable part and the program code (matching destination) of the inspection target software S1 are (Nakajima: ¶ [0037]), and extracted information is stored in the vulnerability candidate DB 16 (Nakajima: ¶ [0032]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Nakajima in the teachings of Brodie. A person having ordinary skill in the art would have been motivated to do so to enable finding vulnerability in software, for which a source code is difficult to be obtained or used (for example, privately owned software, or software set with exclusive rights) (Nakajima: ¶ [0042]).

Regarding Claim 2,
Claim 2 is dependent on Claim 1, and the combination of Brodie and Nakajima discloses all the limitations of Claim 1. Brodie further discloses wherein the software objects are elements of the business-critical application computer system whose graphical representation as nodes connected to (Brodie: ¶ [0034] visual representation 100 includes blocks representing changes to code…, distance between block 102, 104 may indicate relation between the changes. For example, overlapping blocks may indicate that the changes are directly related to each other. In some examples, higher risk changes 104 may indicate high severity and high quantity of defects found, or high quantity or volume of changes to code, ¶ [0039] rather than just analyzing individual changes for security risks, the visual representation 200 may enable a reviewer to check for security risks stemming from a chain of higher risk changes 104., ¶ [0052] a code element that includes a known vulnerability can be marked as a security-related component, ¶ [0067], See Fig. 2).

Regarding Claim 3,
Claim 3 is dependent on Claim 2, and the combination of Brodie and Nakajima discloses all the limitations of Claim 2. Brodie further discloses wherein each respective one of the elements of the business-critical application computer system is a unique piece of code, a software file, or other aspect of the business-critical application computer system (Brodie: ¶ [0014] the processor may divide the source code into security-related components and security-non-related components by marking code elements as security-related components based on one or more static detectors of known vulnerabilities…, a code element can include a directory, a file, a function, a class, and the like. The processor may also calculate security metrics for each of the security-related components and each of the security-non-related components, ¶ [0043] directories, files, functions, and classes related to known vulnerabilities or security-related codes areas or security related defects can be marked as security-related components). 
Regarding Claim 4,
Claim 4 is dependent on Claim 1, and the combination of Brodie and Nakajima discloses all the limitations of Claim 1. Brodie further discloses wherein the graphical user interface displays the extracted software objects as elements of the business-critical application computer system (Brodie: ¶ [0043] the processor divides the source code into security-related components and security-non-related components, ¶ [0046] generates a visual representation comprising a highlighted area of concern based on the comparison…, may depict potential security risks from security point of view…, changes to security-related components may be labeled as higher risk and changes to security-non-related components may be labeled as lower risk. ¶ [0051] display device 414 may include a display screen that is a built-in component of the computing device 400. The display device, ¶ [0052] a code element that includes a known vulnerability can be marked as a security-related component, also see ¶ [0034, 0036-0037]).

Regarding Claim 5,
Claim 5 is dependent on Claim 1, and the combination of Brodie and Nakajima discloses all the limitations of Claim 1. Brodie further discloses wherein some of the software objects include source code from the business-critical application computer system, and other some of the software objects do not include source code from the business-critical application computer system (Brodie: ¶ [0014] a code element can include a directory, a file, a function, a class, and the like. The processor may also calculate security metrics for each of the security-related components and each of the security-non-related components, ¶ [0043] directories, files, functions, and classes related to known vulnerabilities or security-related codes areas or security related defects can be marked as security-related components).
 …, if a source code of the software, in which vulnerability is present, is obtainable, the vulnerability extracting unit 12 comprehensively compiles the source codes (Nakajima: ¶ [0026]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Nakajima in the teachings of Brodie. A person having ordinary skill in the art would have been motivated to do so to enable finding vulnerability in software, for which a source code is difficult to be obtained or used (for example, privately owned software, or software set with exclusive rights) (Nakajima: ¶ [0042]).

Regarding Claim 10,
Claim 10 is dependent on Claim 5, and the combination of Brodie and Nakajima discloses all the limitations of Claim 5. However, Brodie does not explicitly disclose wherein extracting the software objects that do not include source code comprises: pushing the software objects that do not include source code to queues, each of which is for a particular type of software object that does not include source code. 
However, Nakajima further discloses if a software developer is unable to obtain a source code of the software, in which vulnerability is present, and only an executable file in a binary format (program code) is present, as illustrated with a solid lined arrow Y1 in FIG. 2, without compilation being executed, a program code Pl of a vulnerable part is extracted (Nakajima: ¶ [0026]), and extracted information is stored in the vulnerability candidate DB 16 (Nakajima: ¶ [0032], also see ¶ [0046]).
(Nakajima: ¶ [0042]).

Regarding Claim 11,
Claim 11 is dependent on Claim 1, and the combination of Brodie and Nakajima discloses all the limitations of Claim 1. However, Brodie does not explicitly disclose wherein storing the extracted software objects in a computer-based search platform comprises: reading, with one or more search platform uploaders, source code from a computer-based memory storage, based on the location information in a queue, reading, with the one or more search platform uploaders, non-source code-based objects from one or more software object queues; and 
storing what the one or more search platform uploaders read into the search platform with an intelligent structure. 
However, Nakajima further discloses if a software developer is unable to obtain a source code of the software, in which vulnerability is present, and only an executable file in a binary format (program code) is present, as illustrated with a solid lined arrow Y1 in FIG. 2, without compilation being executed, a program code Pl of a vulnerable part is extracted …, if a source code of the software, in which vulnerability is present, is obtainable, the vulnerability extracting unit 12 comprehensively compiles the source codes (Nakajima: ¶ [0026]), performing abstraction of a part (for example, a type of a register, a values of a memory address of an access destination, or a variable parameter, such as an immediate value) that changes according to a compilation environment, from parts (parameters) included in program codes (Nakajima: ¶ [0029]), and the extracted information  (Nakajima: ¶ [0032]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Nakajima in the teachings of Brodie. A person having ordinary skill in the art would have been motivated to do so to enable finding vulnerability in software, for which a source code is difficult to be obtained or used (for example, privately owned software, or software set with exclusive rights) (Nakajima: ¶ [0042]).

Regarding Claim 12,
Claim 12 is dependent on Claim 1, and the combination of Brodie and Nakajima discloses all the limitations of Claim 1. Brodie further discloses wherein finding relationships between the extracted software objects that are stored in the computer-based search platform comprises: for software objects that have source code: reading each statement of the source code (Brodie: ¶ [0043] the processor may mark code elements corresponding to a security-related defect as a security-related components and mark code elements modified to fix security-related defects as a security-related components); and determining whether any statements in the source code define a relationship between any of the software objects (Brodie: ¶ [0044] calculates security metrics for each of the security-related components and each of the security-non-related components based on the history information, ¶ [0045] compares the security metrics of the security-related components with the security metrics of the security-non-related components, also see ¶ [0046]). 

However, Nakajima further discloses if a software developer is unable to obtain a source code of the software, in which vulnerability is present, and only an executable file in a binary format (program code) is present, as illustrated with a solid lined arrow Y1 in FIG. 2, without compilation being executed, a program code Pl of a vulnerable part is extracted (Nakajima: ¶ [0026]), (Nakajima: ¶ [0029]), and performs matching (collation) between a program code 12b of the vulnerable part after the normalization and a program code 13b of the inspection target software Sl after the normalization, and finds a code clone of the program code 12b, the code clone included in the program code 13b (Nakajima: ¶ [0022]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Nakajima in the teachings of Brodie. A person having ordinary skill in the art would have been motivated to do so to enable finding vulnerability in software, for which a source code is difficult to be obtained or used (for example, privately owned software, or software set with exclusive rights) (Nakajima: ¶ [0042]).

Regarding Claim 13,
Claim 13 is dependent on Claim 1, and the combination of Brodie and Nakajima discloses all the limitations of Claim 1. Brodie further discloses the graphical user interface is the database created and comprises a graph database to facilitate visualization of the software objects of the business-critical application computer system and their respective relationships to one another (Brodie: ¶ [0038] the visual representation 200 includes a detected chain 202 of relationships between higher risk changes 104, ¶ [0014] a code element can include a directory, a file, a function, a class, and the like. The processor may also calculate security metrics for each of the security-related components and each of the security-non-related components, ¶ [0034] visual representation 100 includes blocks representing changes to code…, distance between block 102, 104 may indicate relation between the changes. For example, overlapping blocks may indicate that the changes are directly related to each other. In some examples, higher risk changes 104 may indicate high severity and high quantity of defects found, or high quantity or volume of changes to code, ¶ [0043] directories, files, functions, and classes related to known vulnerabilities or security-related codes areas or security related defects can be marked as security-related components, also see Fig. 2). 

Regarding Claim 15,
Brodie discloses an entry point finder (EPF) comprising (Brodie: ¶ [0002] system can include a processor to receive a source code and history information): a plurality of worker modules (Brodie: ¶ [0052] the storage device may include a receiver module 424, a divider module 426, a metric calculator module 428, a comparer module 430, and a generator module 432. In some examples, one or more of the modules 424-436 may be implemented in an application or a service), a plurality of computer-based memory storage locations, wherein each one of the computer-based memory storage locations is communicatively coupled to a corresponding one or more of the worker modules (Brodie: ¶ [0049],¶ [0052], and See Fig. 4); and in combination with Nakajima discloses and a plurality of queues, wherein each one of the queues is communicatively coupled to a corresponding one or more of the worker modules (Brodie: ¶ [0049],¶ [0052],¶ [0060], and See Fig. 4, Nakajima: ¶ [0030], Fig. 1 , Fig. 5), a computer-based search platform communicatively coupled to at least one of the worker modules (Brodie: ¶ [0002] system can include a processor to receive a source code and history information, Nakajima: ¶ [0030] the vulnerability finding device, Fig. 1), extract end user activity executed by the identified entry point (Brodie: ¶ [0039] visual representation 200 of FIG. 2 indicates problem clustering and potential hidden workflow issues and risks, from a security point of view…, a reviewer may then determine whether a feature may be exploited at each higher risk 104 change along the chain 202…, the visual representation 200 may enable a reviewer to check for security risks stemming from a chain of higher risk changes, ¶ [0045] the processor may generate one or more visual representations including one or more recommendations, ¶ [0046] the processor generates a visual representation comprising a highlighted area of concern…, the visual representation may depict potential problems from a non-security point of view…, the processor can modify testing of applications by removing portions of source code for testing that do not have security metrics above a threshold value), and discloses, in combination with Nakajima, all the limitations of Claim 15 as discussed in Claim 1. Therefore, Claim 15 is rejected using the same rationales as discussed in Claim 1.

Regarding Claim 16,
Claim 16 is dependent on Claim 15, and the combination of Brodie and Nakajima discloses all the limitations of Claim 15. Brodie further discloses wherein the entry point finder is configured to display each respective of the extracted software objects as a single node and display one or more of the relationships as one or more connectors between the nodes that correspond to the related software objects (Brodie: ¶ [0067] mark a code element that includes a known vulnerability as a security-related component, ¶ [0039] highlight connected higher risk changes 104 along the chain 202 for closer inspection, ¶ [0034] visual representation 100 includes blocks representing changes to code…, distance between block 102, 104 may indicate relation between the changes. For example, overlapping blocks may indicate that the changes are directly related to each other. In some examples, higher risk changes 104 may indicate high severity and high quantity of defects found, or high quantity or volume of changes to code, ¶ [0039] highlight connected higher risk changes 104 along the chain 202 for closer inspection..., rather than just analyzing individual changes for security risks, the visual representation 200 may enable a reviewer to check for security risks stemming from a chain of higher risk changes 104., See Fig. 2), wherein the software objects are elements of the business-critical application computer system whose graphical representation as the nodes connected to one another based on the relationships between the corresponding elements is based on a particular goal of the analysis (Brodie: ¶ [0034] visual representation 100 includes blocks representing changes to code…, distance between block 102, 104 may indicate relation between the changes. For example, overlapping blocks may indicate that the changes are directly related to each other. In some examples, higher risk changes 104 may indicate high severity and high quantity of defects found, or high quantity or volume of changes to code, ¶ [0039] rather than just analyzing individual changes for security risks, the visual representation 200 may enable a reviewer to check for security risks stemming from a chain of higher risk changes 104., ¶ [0052] a code element that includes a known vulnerability can be marked as a security-related component, ¶ [0067], See Fig. 2).

Regarding Claim 17,
Claim 17 is dependent on Claim 16, and the combination of Brodie and Nakajima discloses all the limitations of Claim 16. The combination of Brodie and Nakajima discloses all the limitations of Claim 17 as discussed in Claim 3. Therefore, Claim 17 is rejected using the same rationales. 

Regarding Claim 18,
Claim 18 is dependent on Claim 16, and the combination of Brodie and Nakajima discloses all the limitations of Claim 16. Brodie further discloses wherein the database is configured to facilitate a graphical display that shows: each respective software object as a single node in the graph database (Brodie: ¶ [0067] mark a code element that includes a known vulnerability as a security-related component, ¶ [0039] highlight connected higher risk changes 104 along the chain 202 for closer inspection, ¶ [0034] visual representation 100 includes blocks representing changes to code, See Fig. 2); and one or more relationships between the software objects by one or more connectors between the nodes that correspond to the related software objects (Brodie: ¶ [0034] visual representation 100 includes blocks representing changes to code…, distance between block 102, 104 may indicate relation between the changes. For example, overlapping blocks may indicate that the changes are directly related to each other. In some examples, higher risk changes 104 may indicate high severity and high quantity of defects found, or high quantity or volume of changes to code, ¶ [0039] highlight connected higher risk changes 104 along the chain 202 for closer inspection..., rather than just analyzing individual changes for security risks, the visual representation 200 may enable a reviewer to check for security risks stemming from a chain of higher risk changes 104., See Fig. 2).

Regarding Claim 19, 
Claim 19 is dependent on Claim 15, and the combination of Brodie and Nakajima discloses all the limitations of Claim 15. Brodie further discloses wherein the entry point finder is further configured to determine a vulnerability based on the end user activity (Brodie: ¶ [0014] compare the security metrics of the security related components with the security metrics of the security non-related components…,the techniques provide insight to, and inform, designers, developers, and security analysts on new patterns that may have been previously unrecognized or unseen in the vastness of a code and previously unrelated dimensions of data, ¶ [0039] visual representation 200 of FIG. 2 indicates problem clustering and potential hidden workflow issues and risks, from a security point of view…, a reviewer may then determine whether a feature may be exploited at each higher risk 104 change along the chain 202…, the visual representation 200 may enable a reviewer to check for security risks stemming from a chain of higher risk changes).

19.	Claims 6 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over BRODIE et al. (US 2018/0198814 A1, hereinafter Brodie) in view of NAKAJIMA et al. (US 2017/0286692 A1, hereinafter Nakajima) and further in view of Lanier (US 2017/0060961 Al, hereinafter Lanier).

Regarding Claim 6,
Claim 6 is dependent on Claim 5, and the combination of Brodie and Nakajima discloses all the limitations of Claim 5. However, it is noted that the combination of Brodie and Nakajima does not explicitly disclose wherein extracting the software objects that include source code comprises: 
querying the business-critical application computer system for names of packages associated with the business-critical application computer system; 
receiving a list of package names associated with the business-critical application computer system in response to the query; and 
storing the list of package names in a first queue. 
However, Lanier from a same or similar field of endeavor discloses OEM product label may be found by electronically querying the piece of equipment; the equipment may respond with a  (Lanier: ¶ [0023]), and once the manufacturer and/or OEM product has been identified, the OEM product label is translated (408) using, for example, the translator 332 into a company product label and/or internal name via use of the look-up table. In various embodiments, the company product label and internal name are stored together in the same look-up table; in other embodiments, each is maintained in separate look-up tables…, Any look-up table ( or similar structure) and arrangement thereof is within the scope of the embodiments (Lanier: ¶ [0029]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Lanier in the combined teachings of Brodie and Nakajima. A person having ordinary skill in the art would have been motivated to do so because the company product label and/or internal name is used to identify a replacement product for the associated product so that the correct replacement product may be used to replace the product associated with the OEM product label in the event of its failure or malfunctioning (Lanier: ¶ [0030]).

Regarding Claim 7,
Claim 7 is dependent on Claim 6, and the combination of Brodie, Nakajima and Lanier discloses all the limitations of Claim 6. However, it is noted that the combination of Brodie and Nakajima does not explicitly disclose wherein extracting the software objects that include source code further comprises: selecting one package name from the first queue.
However, Lanier further discloses product-support data file is parsed (402) using, for example, the parser 328, to detect a product having an OEM product label associated with a plurality of different OEM products. In one embodiment, this detection is performed by applying the OEM (Lanier: ¶ [0024]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Lanier in the combined teachings of Brodie and Nakajima. A person having ordinary skill in the art would have been motivated to do so because the company product label and/or internal name is used to identify a replacement product for the associated product so that the correct replacement product may be used to replace the product associated with the OEM product label in the event of its failure or malfunctioning (Lanier: ¶ [0030]).
Brodie further discloses extracting, with a particular one of a plurality of extractors, the source code associated with the selected package name from the business-critical application computer system (Brodie: ¶ [0042] receives source code and history information. For example, the history information can include a version control history or a defect history, or both, ¶ [0003] dividing, via the processor, the source code into security-related components and security-non-related components, ¶ [0043] the processor divides the source code into security-related components and security-non-related components).

20.	Claims 8 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over BRODIE et al. (US 2018/0198814 A1, hereinafter Brodie) in view of NAKAJIMA et al. (US 2017/0286692 A1, hereinafter Nakajima) in view of Lanier (US 2017/0060961 Al, hereinafter Lanier) and further in view of Xie et al. (US 8,635,204 B1, hereinafter Xie).


Regarding Claim 8,
Claim 8 is dependent on Claim 7, and the combination of Brodie, Nakajima and Lanier   discloses all the limitations of Claim 7. However, it is noted that Brodie, Nakajima and Lanier does not explicitly disclose saving a compressed version of the extracted source code at a first computer-based memory location; and 
pushing the location of the stored compressed version of the extracted source code to a second queue. 
However, Xie from a same or similar field of endeavor discloses that system is able to reliably and efficiently retrieve software projects (e.g., Java projects) from a repository (e.g., the Sourceforge repository) and manage the retrieved projects (Xie: [Col. 5 Lines: 50-55]), crawler 520 may be initially configured with the location of the project directory 510 and the number of threads to be created. After this preliminary operation, the crawler 520 starts browsing the given directory and constructs a project index which contains all the projects found in the directory. These projects may be compressed with Gzip, Zip and Tar and, therefore, the crawler 520 is able to deal with these different archiving techniques in order to decompress them (Xie: [Col. 11 Lines: 13-21]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Xie in the combined teachings of Brodie, Nakajima and Lanier. A person having ordinary skill in the art would have been motivated to do so because structures which host source code data may include repositories and they may be located on a network-connected server that can receive requests from millions of users (Xie: [Col. 5 Lines: 13-15]), the repositories may store huge amounts of software projects containing source codes, and therefore there is a need to compress data to save space.


Regarding Claim 9,
Claim 9 is dependent on Claim 7, and the combination of Brodie, Nakajima and Lanier     discloses all the limitations of Claim 7. However, it is noted that Brodie, Nakajima and Lanier does not explicitly disclose saving a decompressed version of the extracted source code at a second computer-based memory location; and 
pushing the location of the stored decompressed version of the extracted source code to a third queue. 
However, Xie further discloses that system is able to reliably and efficiently retrieve software projects (e.g., Java projects) from a repository (e.g., the Sourceforge repository) and manage the retrieved projects (Xie: [Col. 5 Lines: 50-55]), the system goes through all of the retrieved projects and extracts the related source code and detects their different versions. the server 110 retrieves software projects from the repository 130 and stores the retrieved software projects on the storage device 120…, the server 110 also may store the retrieved software projects in the database 140 or may store references to locations of the retrieved software projects in the database 140 (Xie: [Col. 5 lines 67, Col. 6 Lines: 18-21]), and projects may be compressed with Gzip, Zip and Tar and, therefore, the crawler 520 is able to deal with these different archiving techniques in order to decompress them (Xie: [Col. 11 Lines: 18-21]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Xie in the combined teachings of Brodie, Nakajima and Lanier. A person having ordinary skill in the art would have been motivated to do so because structures which host source code data may include repositories and they may be located on a network-connected server that can receive requests from millions of users (Xie: [Col. 5 Lines: 13-15]), and therefore the repositories may store huge amounts of software projects containing source codes thus there is a need to compress data to save space.
Conclusion
21.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US-9965633-B2
US-20160335366-A1
US-9176729-B2
US-8359655-B1
US-20150213268-A1
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMEERA WICKRAMASURIYA whose telephone number is (571)272-1507.  The examiner can normally be reached on MON-FRI 8AM-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W. KIM can be reached on (571)272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like 
	
/SAMEERA WICKRAMASURIYA/
Examiner, Art Unit 2494

                                                                                                                                                                                               /ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        2-16-2021