Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
1.	This Office Action is in response to the application filed on 8/22/2019.
Information Disclosure Statement
2.	The information disclosure statements (IDS) submitted on 8/22/19 & 3/10/21 were filed after the mailing date of the instant application. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections – 35 USC 101
3.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

4.	Claims 1-8 are rejected under 35 U.S.C. 101 because the claim language is drawn to software, per se. Regarding claim 1, the claimed processor may be implemented as software because neither the applicant’s claim language or specification disclose that the claimed processor is explicitly drawn to physical structure, such as hardware or other type of physically-implemented device. Although par [0219] and other passages within the applicant’s disclosure provides several potential types of structure that the processor may be drawn to, such as a 




Claim Rejections – 35 USC 103
5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office Action:
A patent may not be obtained through the invention is not identically disclosed or described as set forth in of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

6.	Claims 1-23 are rejected under 35 USC 103 as being unpatentable over Friedrich et al (US 2020/0151041) in view of Genevski et al (US 2014/0013315).
Regarding claim 1, Friedrich et al teaches a computer system for security of components, comprising:
at least one processor (fig. 1, ‘102) configured to: 
for a new version of a component (par [0004], lines 1-5, “incremental version”), determine, based on a dataset of release events over time, a historical behavioral analysis (par [0006], lines 1-5, which discloses an error record generated based on previous error records corresponding to a legacy version of an application) of (i) a project that is released with prior versions of the component (par [0004], lines 13-16, which discloses identifying anomalies of an incremented software version by comparing performance metrics associated with a new, incremented application version with performance metrics associated with the legacy versions of the application), and/or (ii) historical committer behavior of a committer that committed the new version of the component, and/or (iii) historical behavior of a publisher of the project, wherein the release event dataset includes event data collected over time regarding open source project, committers, and repository; and
determine whether the new version of the component presents an unusual risk profile, based on the historical behavioral analysis (fig. 1, ‘128,  fig. 2, ‘202/’206/’208, & par [0007], lines 1-5, which disclose generating an error record associated with anomalies detected in the incremented application version).
Genevski et al further teaches facilitating delayed consumption of the new version of the component in response to determining that the new version of the component presents the unusual risk profile (par [0026], lines 9-13, [0053], lines 1-5 & [0056], lines 11-17, which disclose isolating and preventing full use of an updated software version, rolling back deployment and quarantining an updated/“new” software version until errors and anomalies are no longer detected upon the “next” version being tested).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result of improving upon preventing decreased network performance corresponding to delays of updated software deployment by deploying updated software versions to expecting users, but isolating and not allowing full utilization of the new software version until the software version has been cleared any anomalous conditions or errors (as disclosed in par [0026], lines 9-12 and par [0058] of Genevski et al), which would reduce the amount of time 
Regarding claim 2, Friedrich et al teaches wherein the processor is further configured to determine a profile of the new version of the component (fig. 5, ‘502, par [0007], lines 1-5, and par [0014], lines 1-5, which disclose generating an error record of the incremental application version).
Regarding claim 3, Friedrich et al teaches wherein the processor is further configured to determine whether the new version presents the unusual risk in response to a publish event incorporating the new version of the component (par [0018], lines 1-6, which discloses detecting anomalies in an incremental application release).
Regarding claim 4, Friedrich et al teaches wherein the publish event is a commit, or a release (par [0018], lines 1-5, “incremental application release”).
Regarding claim 5, Genevski et al further teaches wherein the processor is further configured to, on a periodic basis, monitor to discover existence of the new version in a software repository (par [0040], lines 6-9), and determine whether the new version that exists presents the unusual risk responsive to discovering the existence of the new version ([0056], lines 11-17, “error or anomalies”).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et  within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 1.
Regarding claim 6, Genevski et al further teaches wherein the processor is further configured to perform adaptive access control which facilitates delayed consumption of the new version which is determined to present the unusual risk profile (par [0026], lines 9-13, [0053], lines 1-5 & [0056], lines 11-17, which disclose only providing a receiving user with only partial use of an updated software version while quarantining an updated/“new” software version until errors and anomalies are no longer detected upon the “next” version being tested).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 1.
Regarding claim 7, Genevski et al further teaches wherein the processor is further configured to, in response to determining that the new version of the component presents the unusual risk profile, block, quarantine (par [0009]), or flag use of the new version.
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 1.

Regarding claim 8 Friedrich et al teaches wherein the processor is further configured to determine whether the new version of the component presents the unusual risk based on a classification change of the new version of the component (par [0005], lines 1-5, which discloses performing anomaly detection on the updated/incremental application versions in comparison to the legacy version of the application). 
Genevski et al further teaches wherein the classification change includes one or both of a source code differential classification and a dependency change classification (par [0019], lines 5-15).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 1.
Regarding claim 9, Friedrich et al teaches a computer-implemented method for providing security of components, comprising:
determining, by a processor (fig. 1, ‘102), for a new version of a component (par [0004], lines 1-5, “incremental version”), determine, based on a dataset of release events over time, a historical behavioral analysis (par [0006], lines 1-5, which discloses an error record generated based on previous error records corresponding to a legacy version of an application) of (i) a project that is released with prior versions of the component (par [0004], lines 13-16, which discloses identifying anomalies of an incremented software version by comparing performance metrics associated with a new, incremented application version with performance metrics associated with the legacy versions of the application), and/or (ii) historical committer behavior and/or (iii) historical behavior of a publisher of the project, wherein the release event dataset includes event data collected over time regarding open source project, committers, and repository; and
determine, by the processor, whether the new version of the component presents an unusual risk profile, based on the historical behavioral analysis (fig. 1, ‘128,  fig. 2, ‘202/’206/’208, & par [0007], lines 1-5, which disclose generating an error record associated with anomalies detected in the incremented application version).
Genevski et al further teaches facilitating, by the processor, delayed consumption of the new version of the component in response to determining that the new version of the component presents the unusual risk profile (par [0026], lines 9-13, [0053], lines 1-5 & [0056], lines 11-17, which disclose isolating and preventing full use of an updated software version, rolling back deployment and quarantining an updated/“new” software version until errors and anomalies are no longer detected upon the “next” version being tested).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result of improving upon preventing decreased network performance corresponding to delays of updated software deployment by deploying updated software versions to expecting users, but isolating and not allowing full utilization of the new software version until the software version has been cleared any anomalous conditions or errors (as disclosed in par [0026], lines 9-12 and par [0058] of Genevski et al), which would reduce the amount of time users within the software deployment environment Friedrich et al spend waiting on updated 
Regarding claim 10, Friedrich et al teaches determining, by the processor, a profile of the new version of the component (fig. 5, ‘502, par [0007], lines 1-5, and par [0014], lines 1-5, which disclose generating an error record of the incremental application version).
Regarding claim 11, Friedrich et al teaches wherein the determining, by the processor, whether the new version presents the unusual risk is performed in response to a publish event incorporating the new version of the component (par [0018], lines 1-6, which discloses detecting anomalies in an incremental application release).
Regarding claim 12, Friedrich et al teaches wherein the publish event that triggers the determining the unusual risk is a commit, or a release (par [0018], lines 1-5, “incremental application release”).
Regarding claim 13, Genevski et al further teaches monitoring, by the processor, on a periodic basis, to discover existence of the new version in a software repository (par [0040], lines 6-9), and determine whether the new version that exists presents the unusual risk responsive to discovering the existence of the new version ([0056], lines 11-17, “error or anomalies”).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 9.
Regarding claim 14, Genevski et al further teaches performing, by the processor, adaptive access control which facilitates delayed consumption of the new version which is determined to present the unusual risk profile (par [0026], lines 9-13, [0053], lines 1-5 & [0056], lines 11-17, which disclose only providing a receiving user with only partial use of an updated software version while quarantining an updated/“new” software version until errors and anomalies are no longer detected upon the “next” version being tested).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 9.
Regarding claim 15, Genevski et al further teaches, by the processor, in response to determining that the new version of the component presents the unusual risk profile, blocking, quarantining (par [0009]), or flagging use of the new version.
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 9.
Regarding claim 16, Friedrich et al teaches, by the processor, determining whether the new version of the component presents the unusual risk based on a classification change of the new version of the component (par [0005], lines 1-5, which discloses performing anomaly detection on the updated/incremental application versions in comparison to the legacy version of the application). 
Genevski et al further teaches wherein the classification change includes one or both of a source code differential classification and a dependency change classification (par [0019], lines 5-15).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 9.
Regarding claim 17, Friedrich et al teaches a non-transitory computer-readable medium (par [0051], lines 1-3) comprising instructions for execution by a computer, the instructions including a computer-implemented method for providing security of components, the instructions for implementing: 
determining, for a new version of a component (par [0004], lines 1-5, “incremental version”), based on a dataset of release events over time, a historical behavioral analysis (par [0006], lines 1-5, which discloses an error record generated based on previous error records corresponding to a legacy version of an application) of (i) a project that is released with prior versions of the component (par [0004], lines 13-16, which discloses identifying anomalies of an incremented software version by comparing performance metrics associated with a new, incremented application version with performance metrics associated with the legacy versions of the application), and/or (ii) historical committer behavior of a committer that committed the new version of the component, and/or (iii) historical behavior of a publisher of the project, 
determining whether the new version of the component presents an unusual risk profile, based on the historical behavioral analysis (fig. 1, ‘128,  fig. 2, ‘202/’206/’208, & par [0007], lines 1-5, which disclose generating an error record associated with anomalies detected in the incremented application version).
Genevski et al further teaches facilitating delayed consumption of the new version of the component in response to determining that the new version of the component presents the unusual risk profile (par [0026], lines 9-13, [0053], lines 1-5 & [0056], lines 11-17, which disclose isolating and preventing full use of an updated software version, rolling back deployment and quarantining an updated/“new” software version until errors and anomalies are no longer detected upon the “next” version being tested).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result of improving upon preventing decreased network performance corresponding to delays of updated software deployment by deploying updated software versions to expecting users, but isolating and not allowing full utilization of the new software version until the software version has been cleared any anomalous conditions or errors (as disclosed in par [0026], lines 9-12 and par [0058] of Genevski et al), which would reduce the amount of time users within the software deployment environment Friedrich et al spend waiting on updated software release to be deployed to their computing platforms, while also preventing the receiving 
Regarding claim 18, Friedrich et al teaches determining a profile of the new version of the component (fig. 5, ‘502, par [0007], lines 1-5, and par [0014], lines 1-5, which disclose generating an error record of the incremental application version).
Regarding claim 19, Friedrich et al teaches wherein the determining whether the new version presents the unusual risk is performed in response to a publish event incorporating the new version of the component (par [0018], lines 1-6, which discloses detecting anomalies in an incremental application release).
Regarding claim 20, Friedrich et al teaches wherein the publish event that triggers the determining the unusual risk is a commit, or a release (par [0018], lines 1-5, “incremental application release”).
Regarding claim 21, Genevski et al further teaches monitoring, on a periodic basis, to discover existence of the new version in a software repository (par [0040], lines 6-9), and determine whether the new version that exists presents the unusual risk responsive to discovering the existence of the new version ([0056], lines 11-17, “error or anomalies”).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 17.
Regarding claim 22, Genevski et al further teaches performing adaptive access control which facilitates delayed consumption of the new version which is determined to present the unusual risk profile (par [0026], lines 9-13, [0053], lines 1-5 & [0056], lines 11-17, which disclose only providing a receiving user with only partial use of an updated software version while quarantining an updated/“new” software version until errors and anomalies are no longer detected upon the “next” version being tested).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 17.
Regarding claim 23, Friedrich et al teaches determining whether the new version of the component presents the unusual risk based on a classification change of the new version of the component (par [0005], lines 1-5, which discloses performing anomaly detection on the updated/incremental application versions in comparison to the legacy version of the application). 
Genevski et al further teaches wherein the classification change includes one or both of a source code differential classification and a dependency change classification (par [0019], lines 5-15).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 17.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Randy A. Scott whose telephone number is (571) 272-3797. The examiner can normally be reached on Monday-Thursday 7:30 am-5:00 pm, second Fridays 7:30 am-4pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/RANDY A SCOTT/Primary Examiner, Art Unit 2439                                                                                                                                                                                                        20210524