DETAILED ACTION
Claims 1-20 are allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Diedra Ritcherson (Reg. No. 55574) on June 17, 2021.
The application has been amended as follows: 

1. (Currently Amended) A system, comprising: 
a memory that stores computer executable components; 
a processor that executes the computer executable components stored in the memory, wherein the computer executable components comprise: 
a security evaluation component that evaluates a security protocol of a computer program product to determine whether data flows provide a path to a protected node that does not proceed through security nodes in an order corresponding to the security node 

3. (Currently Amended) The system of claim 1, wherein the security protocol comprises an authorization procedure that ensures an entity initiating any of the data flows is authorized to receive the access to the protected node 

6. (Currently Amended) The system of claim 1, further comprising: a notification component configured to generate a notification, wherein the notification comprises information indicating the computer program product has a security access control issue associated with the protected node 

8. (Currently Amended) A computer-implemented method, comprising: evaluating, by a device operatively coupled to a processor, a security protocol of a computer program product to determine whether data flows provide a path to a protected node that does not proceed through security nodes in an order corresponding to the security protocol, wherein the security nodes comprise an authorization node that checks an authorization of an entity to access the protected node 

10. (Currently Amended) The computer-implemented method of claim 8, wherein the security protocol comprises an authorization procedure that ensures an entity initiating any of the data flows is authorized to receive the access to the protected node 

13. (Currently Amended) The computer-implemented method of claim 8, further comprising: generating, by the device, a notification, wherein the notification comprises information indicating the computer program product has a security access control issue associated with the protected node 

15. (Currently Amended) A computer program product that facilitates identification of security access control violations associated with a second computer program product, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to: evaluates a security protocol of a computer program product to determine whether data flows provide a path to a protected node that does not proceed through security nodes in an order corresponding to the security protocol, wherein the security nodes comprise an authorization node that checks an authorization of an entity to access the protected node 

16. (Currently Amended) The computer program product of claim 15, wherein the security protocol comprises an authorization procedure that ensures an entity initiating any of the data flows is 416/803,044authorized to receive the access to the protected node 

18. (Currently Amended) The computer program product of claim 15, wherein the program instructions are further executable by the processor to cause the processor to: generate a notification, wherein the notification comprises information indicating the computer program product has a security access control issue associated with the protected node 

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: The primary reason for the allowance of the claims is the inclusion of the limitation, inter alia, “a security evaluation component that evaluates a security protocol of a computer program product to determine whether data flows provide a path to a protected node that does not proceed through security nodes in an order corresponding to the security protocol, wherein the security nodes comprise an authorization node that checks an authorization of an entity to access the protected node and an authentication node that checks an 
The following is considered to be the closest prior art of record:
Berg (US 20130031622) – teaches generating a call graph of a program and performing a static analysis on the program to analyze the paths that the program takes to determine if each path to a secure resource requires a verification.
O’Neil (US 9171168) – teaches analyzing an application for missing or inconsistent authorization.
Chess (US 2005/0273854) – teaches static program analysis to detect security vulnerabilities.
Lockhart (US 2008/0209567) – teaches static program analysis.
Nicol (US 2008/0301765) – teaches checking authorization to access a protected object.
Artzi (US 2012/0131670) – teaches static analysis to generate a mathematical model of a program.
Sharma (US 2016/0180096) – teaches static analysis of a computer program.
However, the concept of analyzing a computer program to determine if data flows provide a path to a protected node without going through a set of security nodes in the specific order of going through an authentication node before going through an authorization node as claimed cannot be found in the prior art of record.
None of the prior art of record, either taken by itself or in any combination, would have reasonably anticipated or made obvious the invention of the present application at or before the time it was effectively filed. The concepts and features, as claimed, are considered to be a non-obvious combination of limitations not taught in the prior art. Therefore, claims 1-20 are considered to be allowable.
According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary.”
The amendments submitted on May 30, 2021 in combination with the above Examiner Amendment has overcome the current prior art rejections. Also, the Terminal Disclaimer submitted on June 16, 2021 has overcome the previous Double Patenting rejection. Therefore, all of the previous rejections have been removed and the current claims are in condition for allowance.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B KING whose telephone number is (571)270-7310.  The examiner can normally be reached on Monday-Friday 10AM-6PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 5712728878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/John B King/
Primary Examiner, Art Unit 2498