DETAILED ACTION
This Office Action is in response to Applicants Application filed on December 11, 2019.  Claims 1-7 have been canceled.  Applicants newly added claims 8-25.  Newly added claims 8-25 are pending and presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/11/19 and 5/6/20 has been considered by the examiner.

Claim Objections
Claim 1, 24 and 25 are objected to because of the following informalities:  the acronym for HTTP and URL needs to be spelled out before user.  Appropriate correction is required.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 8-25 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  The first limitation of the claim “to extract, from among parameters included in an HTTP request transmitted to a transition destination UL by a first account of privilege, a fixed parameter which has a same value as a parameter included in an HTTP request transmitted to the transition destination URL by a second account of the privilege authority.  It is unclear what a fixed parameter is in comparison to only one parameter when a plurality of parameters are extracted from the HTTP request.  It is also unclear what a transition destination URL is.  This limitation will be interpreted as comparing a parameter that is the same from multiple HTTP requests from different privilege accounts of the same user.  The second limitation when the fixed parameter is extracted is included in a parameter in an HTTP request to the transition destination by a URL by an account of general authority, and when a value differs from a value of an account of the privileged authority, to output the HTTP request in which the value of the account of the privileged authority is set to the fixed parameter.  It is unclear as to how the fixed parameter that was extracted in an HTTP request from the privilege account is now included in an HTTP request from account of general authority.  There is a condition of when a value differs from a value of an account of a privileged authority however, there is no mention of values in the previous limitation and is unclear what the value is referring to.  Is the value being compared to the first or second account of the privilege authority to determine when there is a difference?  The limitation also states to output the HTTP request however it is unclear as to which HTTP request is being outputted since several HTTP requests have been mention before this feature.  The Examiner will interpret the value as the value of the parameter and the 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 8-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Joen in view of Sharma et al (hereinafter, “Sharma”, U.S. Pub. No. 2017/0063916).
As per claims 8, 24 and 25, Joen discloses a security diagnosis device and method comprising:
processing circuitry (paragraph 0068):
to extract, from among parameters included in an HTTP request transmitted to a transition destination URL, a fixed parameter which has a same value as a parameter 
when the fixed parameter extracted is included in a parameter in an HTTP request to the transition destination URL, and when a value differs from a value of an account of the privileged authority, to output the HTTP request in which the value of the account of the privileged authority is set to the fixed parameter (paragraphs 0027 and 0030);
to transmit the HTTP request to the transition destination URL b, and receives an HTTP response (paragraph 0042); and
to determine vulnerability of the transition destination URL, based on the HTTP response (paragraph 0042).
However, Joen does not explicitly disclose:
a first account of privileged authority, a second account of privileged and account of a general authority.
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority, a second account of privileged and account of a general authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.
As per claim 9, Joen discloses:
wherein, when the fixed parameter extracted is not included in the parameter in the HTTP request to the transition destination URL, the processing circuitry adds to the 
However, Joen does not explicitly disclose:
a first account of privileged authority.
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.
As per claim 10, Joen discloses:
wherein the processing circuitry extracts, from among the parameters included in the HTTP request transmitted to the transition destination URL (paragraph 0027), a changeable parameter which has a different value from the parameter included in the HTTP request transmitted to the transition destination URL by the second account; and wherein, when transition to the transition destination URL does not occur, the processing circuitry sets the value of the parameter in the HTTP request to the transition destination URL by the value of the changeable parameter extracted in the HTTP request to the transition destination URL, and outputs the HTTP request to which the value is set (paragraphs 0046 and 0047).
However, Joen does not explicitly disclose:
a first account of privileged authority and general authority account.

a first account of privileged authority and account of a general authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.
As per claims 11, Joen discloses:
wherein the processing circuitry extracts, from among the parameters included in the HTTP request transmitted to the transition destination URL, a changeable parameter which has a different value from the parameter included in the HTTP request transmitted to the transition destination URL (paragraphs 0027 and 0030); and
wherein, when transition to the transition destination URL does not occur, the processing circuitry sets the value of the parameter in the HTTP request to the transition destination URL to the value of the changeable parameter extracted in the HTTP request to the transition destination URL, and outputs the HTTP request to which the value is set (paragraphs 0042 and 0051).
However, Joen does not explicitly disclose:
a first account of privileged authority and general authority account.
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority and account of a general authority (paragraph 0022).

As per claim 12, Joen discloses:
wherein, regarding the fixed parameter which has the same value as the parameter included in the HTTP request transmitted to the transition destination URL, among the parameters included in the HTTP request transmitted to the transition destination URL when values of the fixed parameter included in HTTP requests transmitted from the first account to the transition destination URL for a plurality of times are different, the processing circuitry extracts the fixed parameter as a transitional parameter uniquely indicating a page in combination with the transition destination URL (paragraphs 0040 and 0042).
However, Joen does not explicitly disclose:
a second account .
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority and account of a general authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.
As per claim 13
wherein, regarding the fixed parameter which has the same value as the parameter included in the HTTP request transmitted to the transition destination URL, among the parameters included in the HTTP request transmitted to the transition destination URL by the first account, when values of the fixed parameter included in HTTP requests transmitted from the first account to the transition destination URL for a plurality of times are different, the processing circuitry extracts the fixed parameter as a transitional parameter uniquely indicating a page in combination with the transition destination URL (paragraphs 0051 and 0059).
However, Joen does not explicitly disclose:
a first account of privileged authority and general authority account.
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority and account of a general authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.
As per claim 14, Joen discloses:
wherein, regarding the fixed parameter which has the same value as the parameter included in the HTTP request transmitted to the transition destination URL, among the parameters included in the HTTP request transmitted to the transition destination URL, when values of the fixed parameter included in HTTP requests transmitted from the first account to the transition destination URL for a plurality of times are different, the 
However, Joen does not explicitly disclose:
a first account and second account.
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority and account of a general authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.
As per claim 15, Joen discloses:
wherein, regarding the fixed parameter which has the same value as the parameter included in the HTTP request transmitted to the transition destination URL by the second account, among the parameters included in the HTTP request transmitted to the transition destination URL when values of the fixed parameter included in HTTP requests transmitted from the first account to the transition destination URL for a plurality of times are different, the processing circuitry extracts the fixed parameter as a transitional parameter uniquely indicating a page in combination with the transition destination URL (paragraphs 0051 and 0059).
However, Joen does not explicitly disclose:
a first account.

a first account of privileged authority and account of a general authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.
As per claim 16, Joen discloses:
the processing circuitry to implement crawling on an inputted URL and store in a transitional data database, the transition destination URL, a parameter included in an HTTP request transmitted to the transition destination URL, an HTTP response received from the transition destination URL which has transmitted the HTTP request, associating with each other; and the processing circuitry to output the transition destination URL as a diagnostic target, based on the transition destination URLs store in the transitional data database and the stored parameter (paragraph 0058).
However, Joen does not explicitly disclose:
a first account of privileged authority and general authority account.
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority and account of a general authority (paragraph 0022).

As per claim 17, Joen discloses:
the processing circuitry to implement crawling on an inputted URL and store in a transitional data database, the transition destination URL, a parameter included in an HTTP request transmitted to the transition destination URL, an HTTP response received from the transition destination URL which has transmitted the HTTP request, associating with each other (paragraph 0058); and
the processing circuitry to output the transition destination URL as a diagnostic target, based on the transition destination URLs stored in the transitional data database and the stored parameter (paragraphs 0059 and 0060).
However, Joen does not explicitly disclose:
a first account of privileged authority and general authority account.
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority and account of a general authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.
As per claim 18
the processing circuitry to implement crawling on an inputted URL and store in a transitional data database, the transition destination URL, a parameter included in an HTTP request transmitted to the transition destination URL, an HTTP response received from the transition destination URL which has transmitted the HTTP request, associating with each other (paragraph 0058); and
the processing circuitry to output the transition destination URL as a diagnostic target, based on the transition destination URLs stored in the transitional data database and the stored parameter (paragraphs 0059 and 0060).
However, Joen does not explicitly disclose:
a first account of privileged authority and general authority account.
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority and account of a general authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.
As per claim 19, Joen discloses:
the processing circuitry to implement crawling on an inputted URL and store in a transitional data database, the transition destination URL, a parameter included in an HTTP request transmitted to the transition destination URL, an HTTP response received from the transition destination URL and which has transmitted the HTTP request, associating with each other (paragraph 0058); and
the processing circuitry to output the transition destination URL as a diagnostic target, based on the transition destination URLs stored in the transitional data database and the stored parameter (paragraphs 0059 and 0060).
However, Joen does not explicitly disclose:
a first account of privileged authority and general authority account.
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority and account of a general authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.
As per claim 20, Joen discloses:
the processing circuitry to implement crawling on an inputted URL and store in a transitional data database, the transition destination URL, a parameter included in an HTTP request transmitted to the transition destination URL, an HTTP response received from the transition destination URL and which has transmitted the HTTP request, associating with each other (paragraph 0058); and
the processing circuitry to output the transition destination URL as a diagnostic target,
based on the transition destination URLs os stored in the transitional data database and the stored parameter (paragraphs 0059 and 0060).
However, Joen does not explicitly disclose:
a first account of privileged authority and general authority account.

a first account of privileged authority and account of a general authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.
As per claim 21, Joen discloses:
the processing circuitry to implement crawling on an inputted URL, and store in a transitional data database, the transition destination URL, a parameter included in an HTTP request transmitted to the transition destination URL, an HTTP response received from the transition destination URL  which has transmitted the HTTP request, associating with each other  (paragraphs 0058); and
the processing circuitry to output the transition destination URL as a diagnostic target, based on the transition destination URLs is stored in the transitional data database and the stored parameter (paragraphs 0059 and 0060).
However, Joen does not explicitly disclose:
a first account of privileged authority and general authority account.
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority and account of a general authority (paragraph 0022).

As per claim 22, Joen discloses:
the processing circuitry to implement crawling on an inputted URL, and store in a transitional data database, the transition destination URL, a parameter included in an HTTP request transmitted to the transition destination URL, an HTTP response received from the transition destination URL which has transmitted the HTTP request, associating with each other (paragraphs 0058); and
the processing circuitry to output the transition destination URL as a diagnostic target,
based on the transition destination URLs stored in the transitional data database and the stored parameter (paragraphs 0059 and 0060).
However, Joen does not explicitly disclose:
a first account of privileged authority and general authority account.
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority and account of a general authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.
As per claim 23
the processing circuitry to implement crawling on an inputted URL, and store in a transitional data database, the transition destination URL, a parameter included in an HTTP request transmitted to the transition destination URL, an HTTP response received from the transition destination URL and which has transmitted the HTTP request, associating with each other (paragraphs 0040 and 0041); and
the processing circuitry to output the transition destination URL as a diagnostic target, based on the transition destination URLs stored in the transitional data database and the stored parameter (paragraphs 0058).
However, Joen does not explicitly disclose:
a first account of privileged authority and general authority account.
Sharma discloses a system and method for authority automatically identifying broken authentication and other related vulnerabilities in a web services comprising:
a first account of privileged authority and account of a general authority (paragraph 0022).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of filing to modify Joen by analyzing multiple accounts to identify the parameters of request and responses to determine vulnerabilities.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LASHONDA T JACOBS whose telephone number is (571)272-4004.  The examiner can normally be reached on M-F 8:30 am - 5:00 pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ario Etienne can be reached on 571-272-4001.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/LASHONDA T JACOBS/Primary Examiner, Art Unit 2457                                                                                                                                                                                                        



ltj
August 13, 2021