DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendment filed on 03/19/2021 has been entered and fully considered.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an electronic communication with David Rosenblitt (Registration Number 69,323) on April 15, 2021.

Please replace the claims as follows: 

(Currently Amended) A method, comprising:   
dividing source code into trusted and untrusted components; 
identifying, by performing a static analysis of the source code without executing the source code, a first dynamic invocation in a first component of the source code, wherein the first component is one of the untrusted components, wherein the first dynamic invocation corresponds to an architectural specification of the source code; 

identifying, by the static analysis and using the first signature and first metadata comprising an identifier of a second component of the source code, a first target for the first dynamic invocation, wherein the first target is comprised by the second component of the source code;  
determining, by the static analysis, that the first target comprises a second signature that matches the first signature by determining that the first target implements the architectural specification; and 
in response to determining that the first target comprises a second signature that matches the first signature, adding, by the static analysis, to a call graph generated statically from the source code, an edge from the first dynamic invocation to the first target.

3. (Canceled) 

9. (Currently Amended) A system, comprising: 
a repository configured to store source code, first metadata comprising an identifier of a second component of the source code, and a call graph generated statically from the source code;  
a memory coupled to a processor; 
a code splitter, executing on the processor and using the memory, configured to divide the source code into trusted and untrusted components; and 	
a static rewriter, executing on the processor and using the memory, configured to: 
identify, by performing a static analysis of the source code without executing the source code, a first dynamic invocation in a first component of the source code, wherein the first component is one of the untrusted components, wherein the first dynamic invocation corresponds to an architectural specification of the source code; 
extract, by the static analysis and from the first dynamic invocation, a first signature comprising a series of parameters each having a type; 

determine, by the static analysis, that the first target comprises a second signature that matches the first signature by determining that the first target implements the architectural specification; and
in response to determining that the first target comprises a second signature that matches the first signature, add, by the static analysis, to the call graph, an edge from the first dynamic invocation to the first target.

11. (Canceled) 
16. (Currently Amended) A non-transitory computer readable medium comprising instructions that, when executed by a processor, perform:  
dividing source code into trusted and untrusted components;
identifying, by performing a static analysis of the source code without executing the source code, a first dynamic invocation in a first component of the source code, wherein the first component is one of the untrusted components, wherein the first dynamic invocation corresponds to an architectural specification of the source code; 
extracting, by the static analysis and from the first dynamic invocation, a first signature comprising a series of parameters each having a type;
identifying, by the static analysis and using the first signature and first metadata comprising an identifier of a second component of the source code, a first target for the first dynamic invocation, wherein the first target is comprised by the second component of the source code;  
determining, by the static analysis, that the first target comprises a second signature that matches the first signature by determining that the first target implements the architectural specification; and
in response to determining that the first target comprises a second signature that matches the first signature, adding, by the static analysis, to a call graph generated statically from the source code, an edge from the first dynamic invocation to the first target. 



Allowable Subject Matter
Claims 1-2, 4-6, 8-10, 12-14, 16-17 and 19-20 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:  In interpreting the currently amended claims, in light of the specification as well arguments presented in the responses to the Office actions, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.

Sharifi, U.S. Pat. Number 10,032,031 B1, discloses a method to detect unknown software vulnerabilities and system compromises. A trusted code may be modified so that the untrusted code is invoked by way of a process wrapper that performs a proxy function. For example, the import statement in the trusted code may be changed to point to the process wrapper, thereby removing the untrusted code from the scope of the trusted code.

McClintock, U.S. Pat. Number 10,489,375 B1, discloses data flow analysis functionality may generate one or more call graphs for each data flow. The call graph may represent the flow of requests from service to service and may identify service dependencies. The call graph may identify the services that handle the data that matches the pattern, and the call graph may depict the flow of requests involving the data that matches the pattern.

Newly cited reference, Munoz, U.S. Pub. Number 2017/0220806 A1, discloses a static analysis rule can include a condition for applying the result of the rule. The condition can be based on a 

Newly cited reference, Wang, U.S. Pub. Number 2017/0337123 A1, discloses static analysis of the computer program, the security analysis application analyses the computer model represented by the control flow call-graph, to determine whether there are potential paths, during execution of the computer program. One such path is indicated in the call-graph by an edge. This path generally is undesirable, and may indicate a security vulnerability in the computer program. 

Although, the combination of all the references above discloses a methods and systems which trusted code may be modified so that the untrusted code is invoked and using call graph to identify the services that handle the data that matches the pattern and determine whether there are potential paths, during execution of the computer program which indicate a security vulnerability in the computer program.
What is missing is a teaching, motivation, or suggestion to a first dynamic invocation in a first component of the source code, wherein the first component is one of the untrusted components, wherein the first dynamic invocation corresponds to an architectural specification of the source code; identifying, by the static analysis and using the first signature and first metadata comprising an identifier of a second component of the source code, a first target for the first dynamic invocation and determining, by the static analysis, that the first target , without the usage of impermissible hindsight reasoning.
	Thus the prior art, when taken individually or in combination, does not fairly teach or suggest the limitations as a whole set forth in claims 1, 9, and 16, and thus these claims are considered allowable. The dependent claims which further limit claims 1, 9, and 16 are also allowed by virtue of their dependency.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708.  The examiner can normally be reached on M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VU V TRAN/Examiner, Art Unit 2491                                                                                                    


/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491