DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Preliminary Amendment filed 26 August 2019 has been received and considered.
Claims 1-24 are pending.
This Action is Non-Final.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11 September 2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-8 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because based on the guidance provided by the Official Gazette on Subject Matter Eligibility of Computer Readable Media (see 1351 OG 212) the claimed medium can include both transitory (i.e. non-statutory) media and non-transitory (i.e. statutory) media.  While the Specification (see paragraph [0066]) discusses what a “computer readable medium” can be, this amounts to a mere example as it discloses what the medium “may” be, and therefore the medium 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-24 are rejected under 35 U.S.C. 103 as being unpatentable over Kim et al. (US 20160359875) in view of Sahita et al. (US 20170185774).
As per claims 1, 9, and 17, Kim et al. discloses a device, method, and medium with instructions configured to:
hook a layer used by a scripting language executable by a browser; record at runtime scripting language execution events caused by execution of a script in the scripting language (see paragraph [0057] where the script code is hooked to allow the later use, i.e. recording, of names and input metadata of the hooked code; where JavaScript is a language executable by a browser); 
transform the recorded scripting language execution events into an execution trace (see paragraphs [0057]-[0058] generating the call trace); and 

While Kim et al. generally discloses the hooking of a scripting language that is executed (see paragraph p0057]), but fails to explicitly disclose the hooking of a runtime layer scripting language.
However, Sahita et al. teaches hooking a runtime layer used by a scripting language (see paragraphs [0028]-[0033] and [0035]-[0036]).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to hook a runtime layer of the Kim et al. system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to monitor dynamically generated code.
As per claims 2, 10, and 18, the modified Kim et al. and Sahita et al. system discloses to inform a security software of the vulnerabilities (see Sahita et al. paragraphs [0030] and [0040]-[0043]).
As per claims 3, 11, and 19, the modified Kim et al. and Sahita et al. system discloses to inject code in the scripting language into scripts executed by the runtime layer (see Sahita et al. paragraphs [0028] and [0032]-[0033]).
As per claims 4, 12, and 20, the modified Kim et al. and Sahita et al. system discloses to provide information about the vulnerabilities to the security software (see Sahita et al. paragraph [0043]), but fails to explicitly disclose the use of an API for the providing of information.  However, Official Notice is taken that a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to include an API for providing information to the security software of the modified Kim et al. and Sahita et al. system in order to provide a uniform and consistent manner of communicating with the security software.
As per claims 5, 13, and 21, the modified Kim et al. and Sahita et al. system discloses to employ a browser plugin interface to perform file-based analysis of vulnerabilities in the script (see Sahita et al. paragraph [0023] providing an add-on to the browser for performing the steps).

As per claims 7, 15, and 23, the modified Kim et al. and Sahita et al. system discloses to compare information in the execution trace to a database of known scripting language vulnerabilities (see Kim et al. paragraphs [0059]-[0060]).
As per claims 8, 16, and 24, the modified Kim et al. and Sahita et al. system discloses to update the database of known scripting language vulnerabilities (see Kim et al. paragraphs [0069]-[0070]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: the remaining references put forth on the PTO-892 form are directed to analyzing scripts for malware/vulnerabilities.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J PYZOCHA whose telephone number is (571)272-3875.  The examiner can normally be reached on Monday-Thursday 7:30am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on (571) 270-3618.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/Michael Pyzocha/               Primary Examiner, Art Unit 2419