DETAILED ACTION
The instant application having Application No. 16/803044 filed on February 27, 2020 is presented for examination by the examiner.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Oath/Declaration
The applicant’s oath/declaration has been reviewed by the examiner and is found to conform to the requirements prescribed in 37 C.F.R. 1.63.

Information Disclosure Statement
As required by M.P.E.P. 609(C), the applicant’s submission of the Information Disclosure Statement is acknowledged by the examiner and the cited references have been considered in the examination of the claims now pending. As required by M.P.E.P. 609(C), a copy of the PTOL-1449 initialed and dated by the examiner is attached to the instant office action.

Drawings
The applicant’s drawings submitted are acceptable for examination purposes.

Examiner Comments
Claim 15 recites a computer program product comprising a “computer readable storage medium”. Paragraph 57 of the specification recites a “computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire”. Therefore, the examiner considers the computer program product as falling under the statutory class of 35 U.S.C. 101. See MPEP § 2106(I).

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10614224, claims 1-10 of U.S. Patent No. 10650149, and claims 1-20 of U.S. Patent 10956580. Although the claims at issue are not identical, they are not patentably distinct from each other because they are all drawn towards using static program analysis to analyze a mathematical model of a computer program to determine if the data flow has a path to a protected node that does not go through a security node first where the security node comprises an authorization node and an authentication node.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Berg et al. (US 2013/0031622 A1) hereinafter referred to as Berg.

As per claims 1, 8, and 15, Berg discloses A system, comprising: 
(Berg, paragraph 74, teaches a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory).); 
a processor that executes the computer executable components stored in the memory, wherein the computer executable components comprise (Berg, paragraph 79, teaches that these computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine.): 
a security evaluation component that evaluates a security protocol of a computer program product to determine whether data flows provide a path to a protected node that does not proceed through security nodes in an order corresponding to the security protocol, wherein the security nodes comprise an authorization node that checks an authorization of an entity to access the protected data object and an authentication node that checks an authentication of the entity (Berg, Figures 1, 4, 11, and associated texts in paragraphs 27-30, 41-44, 70-73, teaches generating a call graph of a program and performing a static analysis of the program by analyzing the paths that the program takes to determine if each path to a secure resource requires a verification i.e. proceeding through a security node. Berg, paragraphs 28-29, teaches that the verification includes a permissions check to ensure that the client has the correct permissions to access the secure resource. Berg, paragraphs 4 and 37, further teaches that the verification also includes an authentication. Berg, para [0028], a pathway through the software program that provides for verification includes edges 1, 2, 3, 4, 5, and 6. In this path, Client.main( ) calls (edge 1) method m1 ( ), which then calls (edge 2) checkPermission( ), which verifies that Client.main( ) is allowed to access the resource 110 (i.e. protected node). The checkPermission( ) reports (edge 3) the verification(i.e. determination is made as whether any of the data flows providing the access to the protected node) back to method ml( ), which then accesses the secure resource 110 via (edge 4) getResource( ) (i.e. security node). The method getResource( ) returns (edge 5) to m1( ), which returns (edge 6)(i.e. security node). to Client.main( ), e.g., with data from the secure resource 110. It is noted that the method getResource( ) may also be considered to be a secure resource, as once this method is accessed, the secure resource 110 may be accessed. Para [0041], FIG. 4, an exemplary flowchart 400 is shown for verification of software program access to secure resources for computer systems, and performing such verification as a service to a customer. In block 410, a software program 360 is received from a customer. Additional constraints, such as the input 210 (e.g., remote interface names 210-2, secure resources 210-3, and verification checkers 210-4 (i.e. security protocol)) may also be received. In block 420, using a static analysis, a software program is analyzed (e.g., by verification and analysis tool 230 (i.e. a security evaluation component)) to determine whether the software program 360 accesses a secure resource 210-3 for a computer system 300 without verification that the secure resource 210-3 can be accessed by the software program 360. Para [0035], the static analysis tool 220 generates a call graph 280, a point-to graph 240.  Para [0046], in FIGS. 5 and 6, the objects (and their methods) bean1.m1( ) and bean2.m2( ) are the secure resources 210-3, and the verification and analysis tool 230(i.e. a security evaluation component) is to analyze the software program 360 corresponding to the call graph 500 (i.e. mathematical model ) to ensure that verification occurs for each access to the objects bean1.m1( ) and bean2.m2( ).  Here verification and analysis tool 230 evaluates whether verification checks are missing or not of the computer program by using static analysis Also here (edge 4) getResource( ), (edge 6) are mapped to security nodes, and a determination is made as whether any of the data flows providing the access to the protected node is made when the method getResource() is be considered to be a secure resource, as once this method is accessed, the secure resource 110 may be accessed.)

As per claims 2 and 9, Berg discloses wherein the computer program product provides runtime environment protocol information employed by an operating system to execute one or more additional computer program products (Berg, para [0072-0073],If there is no access to secure resources without verification (block 1120=NO), the verification and analysis tool 230 can optionally report (e.g., to an operating system or to a user) that the software program can be executed on the computer system (block 1125). Block 1125 therefore may report to a user, via user interface 390 that the software program has been analyzed and appears safe for execution. The software program is then allowed (e.g., by the operating system or by the verification and analysis tool 230) to execute on the computer system (block 1130).)

(Berg, Figures 1, 4, 11, and associated texts in paragraphs 27-30, 41-44, 70-73, teaches generating a call graph of a program and performing a static analysis of the program by analyzing the paths that the program takes to determine if each path to a secure resource requires a verification i.e. proceeding through a security node. Berg, paragraphs 28-29, teaches that the verification includes a permissions check to ensure that the client has the correct permissions to access the secure resource. Berg, paragraphs 4 and 37, further teaches that the verification also includes an authentication. Berg, paragraph 37, teaches verification checkers (i.e. security protocol) can include authentication checkers 260-1 and authorization checkers 260-2. An authentication checker 260-1 can determine whether the entity is the entity it says it is, such as by comparing a provided user identification and password with a list of user identifications and passwords. Authorization checkers 260-2 can determine, e.g., whether an entity is allowed to access (i.e. authorized) the secure resource 210-3, such as by comparing a name of a subject requesting access to a secure resource 210-3 with a list of names allowed to access the secure resource 210-3.) 

As per claims 4, 11, and 17, Berg discloses wherein the security protocol comprises an authentication procedure that verifies an identity of an entity initiating any of the data flows (Berg, Figures 1, 4, 11, and associated texts in paragraphs 27-30, 41-44, 70-73, teaches generating a call graph of a program and performing a static analysis of the program by analyzing the paths that the program takes to determine if each path to a secure resource requires a verification i.e. proceeding through a security node. Berg, paragraphs 28-29, teaches that the verification includes a permissions check to ensure that the client has the correct permissions to access the secure resource. Berg, paragraphs 4 and 37, further teaches that the verification also includes an authentication. Berg, paragraph 37, teaches verification checkers (i.e. security protocol) can include authentication checkers 260-1 and authorization checkers 260-2. An authentication checker 260-1 can determine whether the entity is the entity it says it is, such as by comparing a provided user identification and password with a list of user identifications and passwords. Authorization checkers 260-2 can determine, e.g., whether an entity is allowed to access the secure resource 210-3, such as by comparing a name of a subject requesting access to a secure resource 210-3 with a list of names allowed to access the secure resource 210-3.)  

As per claims 5, 12, and 20, Berg discloses further comprising: a report component that generates output information regarding whether any of the data flows provides the access to the protected node (Berg, Figures 1, 4, 11, and associated texts in paragraphs 27-30, 41-44, 70-73, teaches generating a call graph of a program and performing a static analysis of the program by analyzing the paths that the program takes to determine if each path to a secure resource requires a verification i.e. proceeding through a security node. Berg, paragraphs 28-29, teaches that the verification includes a permissions check to ensure that the client has the correct permissions to access the secure resource. Berg, paragraphs 4 and 37, further teaches that the verification also includes an authentication. Berg, Figure 4 and associated texts such as paragraphs 41-44 as well as paragraph 73, teaches analyzing the program to determine if verifications are missing or invalid and outputting the result of the analysis where the report can identify “a potential problem: there may exist a path that leads to the protected resource without a verification check”.)

As per claims 6, 13, and 18, Berg discloses further comprising: a notification component configured to generate a notification, wherein the notification comprises information indicating the computer program product has a security access control issue associated with the protected data object (Berg, Figures 1, 4, 11, and associated texts in paragraphs 27-30, 41-44, 70-73, teaches generating a call graph of a program and performing a static analysis of the program by analyzing the paths that the program takes to determine if each path to a secure resource requires a verification i.e. proceeding through a security node. Berg, paragraphs 28-29, teaches that the verification includes a permissions check to ensure that the client has the correct permissions to access the secure resource. Berg, paragraphs 4 and 37, further teaches that the verification also includes an authentication. Berg, Figure 4 and associated texts such as paragraphs 41-44 as well as paragraph 73, teaches analyzing the program to determine if verifications are missing or invalid and outputting the result of the analysis where the report can identify “a potential problem: there may exist a path that leads to the protected resource without a verification check”.)

As per claims 7, 14, and 19, Berg discloses further comprising: a notification component configured to generate a notification, wherein the notification comprises information identifying an amount of the data flows that provides the access to the protected node without proceeding through the one or more security nodes corresponding to the security protocol (Berg, Figures 1, 4, 11, and associated texts in paragraphs 27-30, 41-44, 70-73, teaches generating a call graph of a program and performing a static analysis of the program by analyzing the paths that the program takes to determine if each path to a secure resource requires a verification i.e. proceeding through a security node. Berg, paragraphs 28-29, teaches that the verification includes a permissions check to ensure that the client has the correct permissions to access the secure resource. Berg, paragraphs 4 and 37, further teaches that the verification also includes an authentication. Berg, Figure 4 and associated texts such as paragraphs 41-44 as well as paragraph 73, teaches analyzing the program to determine if verifications are missing or invalid and outputting the result of the analysis where the report can identify “a potential problem: there may exist a path that leads to the protected resource without a verification check”. Berg, Figure 10B, teaches outputting the analysis results and listing each verification problem which would identify the amount/number of verification problems.)

Related Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure includes:
O’Neil (US 9171168) – teaches analyzing an application for missing or inconsistent authorization.
Chess (US 2005/0273854) – teaches static program analysis to detect security vulnerabilities.
Lockhart (US 2008/0209567) – teaches static program analysis.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B KING whose telephone number is (571)270-7310.  The examiner can normally be reached on Monday-Friday 10AM-6PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 5712728878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/John B King/
Primary Examiner, Art Unit 2498