Notice of Pre-AIA  or AIA  Status
1.	The present application is being examined under the pre-AIA  first to invent provisions. 
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. 
Applicant's submission filed on 19 May 2021 has been entered.  Claims 21, 31 and 41 have been amended.  Claims 21-50 are pending, of which claim 21, claim 31 and claim 41 are in independent form.  
Response to Argument
3.	a.	The Office will maintain the double rejection between the instant application and the patent 10,379,993, and between the instant application ant the patent 9,569,334.
	b.	Applicant's arguments with respect to claims 21-23, 31-33 and 41-43 have been considered but are moot in view of the new ground(s) of rejection.  Claims 24-30, 34-40 and 44-50 are objected.

Status of Claims
4.	 Claims 21-50 are pending, of which claim 21, claim 31 and claim 41 are in independent form.
Remarks


Allowable Subject Matter
6.	Claims 24-30, 34-40 and 44-50 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

7.	Claims 21-23, 31-33 and 41-43 rejected under 35 U.S.C. 103(a) as being unpatentable over Siman, US 20100083240, (hereinafter Siman), and further in view of Pistoia, US 20120192161, (hereinafter Pistoia – IDS or records), 

Claim 21 is rejected, Siman teaches a method comprising: 
obtaining, by a processor, source code(Siman, US 20100083240, fig. 2, component 16 - Source Code and paragraph [0063], Source code 16 constitutes the principle input to the SCA engine 22. The source code 16 is passed to classification module 26. Current versions of the SCA engine 22 are capable of scanning source code written in Java, C#, .NET, and server-side scripting languages JSP (Java Server Page) language, and ASPX (Active Server Page Framework).); 
generating a representation of the source code, the representation including a plurality of nodes(Siman, fig. 2, component 36 - AST module, component 48 – CFG module and paragraph [0064-0066], The SCA engine 22 can scan programs developed in environments that trans-form source code into intermediate representations, using known decompilation techniques. For example both the .NET.TM. framework and Java platform work by transforming source code into an intermediate language, rather than machine code, Recognition by the SCA engine 22 that the source code 16 is received in an intermediate representation invokes the decompiler 28, which transforms the intermediate code into a higher level representation that is capable of being analyzed in the SCA engine 22.  Fig. 2 and paragraph [[0067], Continuing to refer to FIG. 2, in layer 30 the classified and optionally decompiled source code is processed in the parser 32, where it is decomposed into individual tokens, The tokens are then passed into layer 34, and arranged, according to the grammar of the particular language, into an abstract syntax tree (AST) in AST module 36. This step is conventional. For example, the tool ANTLR, Each node of a control flow graph produced by the SCA engine 22 represents a single statement. Furthermore, in most cases, when a single statement contains several expressions, each expression is represented by its own node. Reference is now made to FIG. 4, which is a control flow graph 90 that represents a single source code statement, a "for" statement, in accordance with a disclosed embodiment of the invention. The control flow graph 90 illustrates how the components of the statement are elaborated into a plurality of nodes.); 
traversing the representation of the source code on a node-by-node basis to identify one or more potential vulnerabilities(Siman, fig. 8 and paragraph [0104], If the determination at decision step 128 is negative, then a node-by -node traversal begins. The traversal order corresponds approximately to a breadth-first traversal of the original control flow graph. In a strict sense, a breadth-first search applies to a hierarchical tree structure. As the control flow graph may not be a hierarchical tree, the search initially solves parent nodes first and then proceeds from the parents in a breadth-first manner. Control proceeds to step 130. A duplicated node is selected.  .  Paragraph [0229-0230], The following vulnerabilities and issues can be detected, as well as others not listed: unvalidated input; persistent attack; least privilege; logical flaws; pages without graphical user interface (GUI) access; display of confidential information; I/O from virtual directory; data validation issues; broken access control; protection methodology; and source sensitive wizard.  Paragraph [0247-0248], When the sequence beginning with step 298 (FIG. 16) is performed, edges 324, 326 are found to connect category [1] node 328 with category [3] nodes, and are therefore reported as unsafe. It is concluded that category [1] node 328 constitutes a security vulnerability.); 
in response to traversing the representation of the source code, identifying the one or more potential vulnerabilities(Siman, paragraph [0228], Referring again to FIG. 2, layers of the SCA engine 22 described above provide an infrastructure for code querying. The following sections describe application of these layers for detection of code vulnerabilities.  Paragraph [0229-0230], The following vulnerabilities and issues can be detected, as well as others not listed: unvalidated input; persistent attack; least privilege; logical flaws; pages without graphical user interface (GUI) access; display of confidential information; I/O from virtual directory; data validation issues; broken access control; protection methodology; and source sensitive wizard.  Paragraph [0247-0248], When the sequence beginning with step 298 (FIG. 16) is performed, edges 324, 326 are found to connect category [1] node 328 with category [3] nodes, and are therefore reported as unsafe. Edge 320 is not reported as being unsafe. It is concluded that category [1] node 328 constitutes a security vulnerability. As shown in Table 3, modifications of this technique allow vulnerabilities involving several types of injections to be discovered. Table 3 illustrates categorization of node types relating to respective forms of injection.); and 
outputting the one or more potential vulnerabilities(siman, paragraph [0229-0230], The following vulnerabilities and issues can be detected, as well as others not listed: unvalidated input; persistent attack; least privilege; logical flaws; pages without graphical user interface (GUI) access; display of confidential information; I/O from virtual directory; data validation issues; broken access control; protection methodology; and source sensitive wizard.  Paragraph [0259-0266], outputting vulnerabilities, violate the business logic, a logical vulnerabilities, security vulnerabilities ).
The Office would like to use prior art Pistoia to back up Siman to further teach limitation
outputting the one or more potential vulnerabilities (Pistoia, US 20120192161, paragraph [0025], The system of FIG. 1 and method of FIG. 2, and particularly the interaction between primary and secondary agents, may be illustrated in the context of exemplary Java.TM. source code as shown in FIG. 3, where the type of static analysis being performed is taint analysis, where untrusted values are tracked to determine whether they flow into security-sensitive program points. In the example shown in FIG. 3, the values read from the `args` array are untrusted, and the creation of a new file on the file system, accomplished by the call to `new File( . . . )`, is a security-sensitive operation. In accordance with the present invention, a primary agent is assigned to track `args`. The primary agent encounters the flow `args[0]--->fileName`, and then determines that `fileName` flows into the first (and only) formal argument of `tempDirPrefix( . . . )`. At this point, the primary agent checks whether a summary exists of the flow across the site. If no summary is available, the primary agent suspends its analysis and submits a request for `tempDirPrefix( . . . )` to be summarized assuming its first formal argument is tainted. A secondary agent is then assigned to generate the summary, resulting in the flow `arg--->return`, where `return` denotes the return value from the call. The primary agent continues its analysis using the summary, proceeds to track `tempFilePath`, and observes that the latter variable flows into the `File` constructor, at which point a vulnerability is flagged.). 
It would have been obvious to one ordinary skill in the art at the time the invention was made to use Pistoia's teaching into Siman's invention because incorporating Pistoia 's teaching would enhance Siman to identify common source code structure, regardless of naming conventions used by individual programmers.  A catalog including elemental design patterns and constructs is accessed after converting source code file into fact set in mathematical notation. The design patterns and constructs are independent of source semantic tags. The rules in the notation usable by inference engine are accessed to identify relationships between source code constructs as suggested by Pistoia (paragraphs [0021-0027]).
Claim 22 is rejected for the reasons set forth hereinabove for claim 21, Siman and Pistoia teach the method of claim 21, wherein the traversing further comprising: 
selecting an entry point into the representation of the source code(Pistoia, Fig. 1, component 100 - STATIC ANALYZER, component 102 - PRIMARY AGENT MANAGER, and paragraph [0019-0020], Reference is now made to FIG. 1 which is a conceptual illustration of a system for distributed static analysis of computer software applications in accordance with an embodiment of the present invention. In the system of FIG. 1, a static analyzer 100 is configured to statically analyze the instructions of a computer software application in accordance with conventional techniques, such as where the instructions are in the form of source code or byte code. For each entry point in the computer software application identified by static analyzer 100, a primary agent manager 102 assigns a primary agent to begin statically analyzing the computer software application from the entry point and with respect thereto. An entry point is preferably an interaction interface exposed by the computer software application to sources of interaction that are external to the computer software application.  Siman, fig. 15 and paragraph [0220], Node 262 is an entry point to some function in the source code. Paragraph [0230-0231], entry points.); 
traversing the representation of the source code at the entry point(Pistoia, Fig. 1, component 100 - STATIC ANALYZER, component 102 - PRIMARY AGENT MANAGER, and paragraph [0019-0020], Reference is now made to FIG. 1 which is a conceptual illustration of a system for distributed static analysis of computer software applications in accordance with an embodiment of the present invention. In the system of FIG. 1, a static analyzer 100 is configured to statically analyze the instructions of a computer software application in accordance with conventional techniques, such as where the instructions are in the form of source code or byte code. For each entry point in the computer software application identified by static analyzer 100, a primary agent manager 102 assigns a primary agent to begin statically analyzing the computer software application from the entry point and with respect thereto. An entry point is preferably an interaction interface exposed by the computer software application to sources of interaction that are external to the computer software application.   Siman, fig. 15 and paragraph [0220], Node 262 is an entry point to some function in the source code. Paragraph [0230-0231], entry points.
); 
monitoring history of the traverse(Pistoia, fig. 2 and paragraph [0024-0025], When a primary agent encounters a call site (204), such as a reference to a method, the primary agent checks whether a static analysis summary of the external method/procedure/function exists (206). If the summary exists, such as where the summary was previously requested, generated, and retained, the summary is provided to the primary agent which proceeds with its analysis using the summary (214).  Siman, paragraph [0158], Next, at step 222 a node of the control flow graph is selected. A depth first traversal with respect to solved parent nodes traversal is suitable for traversing the control flow graph.  Fig. 15 and paragraph [0214-0220], Referring first to graph 246, a first traversal during a search operation or closure computation follows a path from node 262 (a) to node 264 (e). Most of the graph is shown unmarked. However, during a first traversal node 262 has been reached. Node 262 is an entry point to some function in the source code. Edge 252 has been painted "red" in accordance with Rule 11. In preparation for marking a matched section when a return from the function occurs, a property "red" is pushed onto a stack. Paragraph [0221-0222], Referring next to graph 248, the traversal passes through a section bounded by node 266 and node 268. These nodes indicate invocation and return from another function. At node 266, a property "blue" is pushed onto the stack.); 
continuing traversing the representation of the source code based at least in part on the history of the traverse(Pistoia, Fig. 2, and paragraph [0024], If the summary does not exist, the primary agent preferably suspends its analysis (208) and issues a request for a static analysis summary of the external method/procedure/function (210), such as by placing the request on a designated queue of requests for static analysis summaries. When making the request, the A secondary agent is assigned to statically analyze the called external method/procedure/function as per the request, and produce an analysis summary thereof in accordance with conventional techniques (212). The summary is provided to the requesting primary agent which proceeds with its analysis using the summary (214). The results of the static analysis performed using the method of FIG. 2 may be presented to a user in accordance with conventional techniques via a computer-controlled output device such as a printer or computer monitor.  Paragraph [0025], In accordance with the present invention, a primary agent is assigned to track `args`. The primary agent encounters the flow `args[0]--->fileName`, and then determines that `fileName` flows into the first (and only) formal argument of `tempDirPrefix( . . . )`. At this point, the primary agent checks whether a summary exists of the flow across the site… The primary agent continues its analysis using the summary, proceeds to track `tempFilePath`, and observes that the latter variable flows into the `File` constructor, at which point a vulnerability is flagged.   Siman, paragraph [0158], Next, at step 222 a node of the control flow graph is selected. A depth first traversal with respect to solved parent nodes traversal is suitable for traversing the control flow graph.  Fig. 15 and paragraph [0214-0220], Referring first to graph 246, a first traversal during a search operation or closure computation follows a path from node 262 (a) to node 264 (e). Most of the graph is shown unmarked. However, during a first traversal node 262 has been reached. Node 262 is an entry point to some function in the source code. Edge 252 has been painted "red" in accordance with Rule 11. In preparation for marking a matched section when a 
in response to identifying the one or more potential vulnerabilities, storing an indication of the one or more potential vulnerabilities(Pistoia, paragraph [0023-0025], Any of the elements shown in FIG. 1 are preferably executed by or otherwise made accessible to a computer 114 such as by implementing any of the elements in computer hardware and/or in computer software embodied in a physically-tangible, non-transitory, computer-readable medium in accordance with conventional techniques. The results of the static analysis performed by the system of FIG. 1 may be presented by static analyzer 100 to a user in accordance with conventional techniques via a computer-controlled output device such as a printer or computer monitor of computer 114.  Siman, paragraph [0019-0021], report the security vulnerability.).  
Claim 23 is rejected for the reasons set forth hereinabove for claim 21, Siman and Pistoia teach the method of claim 21, wherein the traversing further comprising: 
selecting an entry point of the representation of the source code, wherein the entry point is a first method body( Pistoia, paragraph [0019]For each entry point in the computer software application identified by static analyzer 100, a primary agent manager 102 assigns a primary agent to begin statically analyzing the computer software application from the entry point and with respect thereto. An entry point is preferably an interaction interface exposed by the computer software application to sources of interaction that are external to the computer software application. Primary Siman, fig. 15 and paragraph [0220], Node 262 is an entry point to some function in the source code. Paragraph [0230-0231], entry points.); 
pushing metadata associated with the entry point to a stack, wherein the metadata is a reference to a class declaration of the first method body((Pistoia, Fig. 2, component 214 – PROVIDE SUMMARY TO PRIMARY AGENT, and paragraph [0021-0025], A secondary agent manager 110 assigns a secondary agent to statically analyze the called external method/procedure/function and produce an analysis summary thereof in accordance with conventional techniques. Secondary agent manager 110 may assign multiple secondary agents to statically analyze the computer software application concurrently.  Siman, paragraph [0158], Next, at step 222 a node of the control flow graph is selected. A depth first traversal with respect to solved parent nodes traversal is suitable for traversing the control flow graph.  Fig. 15 and paragraph [0214-0220], Referring first to graph 246, a first traversal during a search operation or closure computation follows a path from node 262 (a) to node 264 (e). Most of the graph is shown unmarked. However, during a first traversal node 262 has been reached. Node 262 is an entry point to some function in the source code. Edge 252 has been painted "red" in accordance with Rule 11. In preparation for marking a matched section when a return from the function occurs, a property "red" is pushed onto a stack. Paragraph [0221-0222], Referring next to graph 248, the traversal passes through a section 
traversing the first method body of the representation of the source code(Pistoia, paragraph [0024], Reference is now made to FIG. 2 which is a flowchart illustration of an exemplary method of operation of the system of FIG. 1 in accordance with an embodiment of the present invention. In the method of FIG. 2, static analysis is performed on the instructions of a computer software application in accordance with conventional techniques, such as where the instructions are in the form of source code or byte code (200). For each entry point in the computer software application identified during the static analysis, a primary agent is assigned to begin statically analyzing the computer software application from the entry point and with respect thereto (202).  Siman, paragraph [0158], Next, at step 222 a node of the control flow graph is selected. A depth first traversal with respect to solved parent nodes traversal is suitable for traversing the control flow graph.  Fig. 15 and paragraph [0214-0220], Referring first to graph 246, a first traversal during a search operation or closure computation follows a path from node 262 (a) to node 264 (e). Most of the graph is shown unmarked. However, during a first traversal node 262 has been reached. Node 262 is an entry point to some function in the source code. Edge 252 has been painted "red" in accordance with Rule 11. In preparation for marking a matched section when a return from the function occurs, a property "red" is pushed onto a stack. Paragraph [0221-0222], Referring next to graph 248, the traversal passes through a section bounded by node 266 and node 268. These nodes indicate invocation and return from another function. At node 266, a property "blue" is pushed onto the stack.);
identifying the one or more potential vulnerabilities(Pistoia, paragraph [0022], When checking for an existing summary or making the request for a summary, the primary agent preferably specifies an abstraction of concrete values for each argument required by the call site, where an abstraction is computed based on the characteristics of the call site and the state of the computer software application when the call site is reached, where the state is determined as part of the static analysis performed by the primary agent. For example, if the call is to a method `foo( )` that takes an argument of type `int`, and the static analysis abstraction of `int` is `odd` or `even`, then the request may be for a summary of the behavior of `foo( )` given an `odd` integer if the current state indicates that the argument will most likely be odd.  Paragraph [0025], `. The primary agent encounters the flow `args[0]--->fileName`, and then determines that `fileName` flows into the first (and only) formal argument of `tempDirPrefix( . . . )`. At this point, the primary agent checks whether a summary exists of the flow across the site. If no summary is available, the primary agent suspends its analysis and submits a request for `tempDirPrefix( . . . )` to be summarized assuming its first formal argument is tainted. A secondary agent is then assigned to generate the summary, resulting in the flow `arg--->return`, where `return` denotes the return value from the call. The primary agent continues its analysis using the summary, proceeds to track `tempFilePath`, and observes that the latter variable flows into the `File` constructor, at which point a vulnerability is flagged. Siman, paragraph [0229-0230], The following vulnerabilities and issues can be detected, as well as others not listed: unvalidated input; persistent attack; least privilege; logical flaws; pages without graphical user interface (GUI) access; display of confidential information; I/O from virtual directory; data validation issues; broken access control; protection methodology; and source sensitive wizard.  Paragraph [0259-0266], outputting vulnerabilities, violate the business logic, a logical vulnerabilities, security vulnerabilities.); and 
in response to identifying a first method invocation in the first method body, determining a first concrete implementation of the first method invocation to traverse (Pistoia, fig. 2 and paragraph [0024], A secondary agent is assigned to statically analyze the called external method/procedure/function as per the request, and produce an analysis summary thereof in accordance with conventional techniques (212). The summary is provided to the requesting primary agent which proceeds with its analysis using the summary (214).  Siman, fig. 14 and paragraph [0195], Reference is now made to FIG. 14, which diagrammatically illustrates stub replacement in a control flow graph, in accordance with a disclosed embodiment of the invention, based on source code 239. After expanding the parameters, relevant nodes of one single method control flow graph are linked to the prolog of another single method control flow graph. A similar link is established from the epilog to return values. In FIG. 14, the calling function, func1( ) is shown as a column of nodes 238 on the left, and the invoked function, func2( ) as a column of nodes 240 on the right. Edges 242, 244 link the functions at the points of invocation and return, respectively. As noted above, colors of such links are assigned by the CDG+DFG module 60 (FIG. 2) for convenience of the operator. The linking process may be iterated to create large, application-encompassing graphs, such as a system dependence graph.). 
 As per claim 31, this is the system claim to method claim 21. Therefore, it is rejected for the same reasons as above.
As per claim 32, this is the system claim to method claim 22. Therefore, it is rejected for the same reasons as above.
As per claim 33, this is the system claim to method claim 23. Therefore, it is rejected for the same reasons as above.

As per claim 41, this is the medium claim to method claim 21. Therefore, it is rejected for the same reasons as above.
As per claim 42, this is the medium claim to method claim 22. Therefore, it is rejected for the same reasons as above.
As per claim 43, this is the medium claim to method claim 23. Therefore, it is rejected for the same reasons as above.

Conclusion
8.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUY KHUONG THANH NGUYEN whose telephone number is (571)270-7139 and fax number (571)270-7139.  The examiner can normally be reached on M-F 8 to 5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DUY KHUONG T NGUYEN/           Primary Examiner, Art Unit 2199