Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This communication is in response to the Applicant’s communication filed on 06/25/2020 in which Claims 1-20 are presented for examination.

Drawings
The applicant’s drawings submitted on 06/25/2020 are acceptable for examination purposes. 
Double Patenting
The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Claims 1-20 are rejected on the ground of nonstatutory obvious-type double patenting as being unpatentable over claims 1-18 of US patent No. 10,740,470. This is a double patenting rejection since the conflicting claims have been patented.
Claims 1-20 recite similar limitations as claims 1-18 of US No. 10,740,470 follows: 
       Instant application
    US Application No. 10,740,470
    Claim 1. A method for application security profiling comprising of: " extracting a code property graph from at least a subset of a code base; " generating a code profile from the code property graph, wherein generating the code profile occurs prior to a compilation of the code base; and " applying the code 

Claim 2. The method of claim 1, wherein extracting the code property graph comprises of initially extracting an abstract syntax tree subcomponent, control flow graph subcomponent, and a data flow graph subcomponent from the code base; and extracting a code property graph from the subcomponents.  

Claim 3. The method of claim 1, wherein extracting a code property graph further comprises of maintaining the code property graph with changes to the code base.  

Claim 4. The method of claim 1, further comprises of creating a code policy, wherein the policy is a formal specification for generating a code 

Claim 19.
Claim 1. A method for application security profiling comprising of: creating a code policy, wherein the policy is a formal specification for generating a code profile; extracting a code property graph from at least a subset of a code base, wherein extracting the code property graph comprises of: extracting an 



Claim 17.


The table above shows that, although the corresponding claims are directed to different statutory categories, the US patent No. 10,740,470 implemented on a computer would render the claims in the instant application obvious. 
	It is clearly obvious that the (US No. 10,740,470) substantially discloses the subject matter of claim 1, 2, 3 and 4 of the instant Application.
The Applicant merely broadens the scope of the instant application by deleting a few elements from the (US No 10,740,470).
This is an obviousness-type double patenting rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness 
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Keynes US 20130031531 A1, in view of Kaneshiro US 5950003 A in further view of Spoon US 9652358 B1.
As to claim 1, Keynes discloses a method for application security profiling comprising of: " extracting a code property graph from at least a subset of a code base (Keynes Fig. 2, Pa. [0070]) [The static analysis may generate a control flow graph (CFG) and identify a program property related to the source code based on the control flow graph (CFG)]; generating a code profile from the code property graph (Keynes [0031]) [the model generator (105) includes functionality to generate a CFG model of source code. The CFG depicts one or more potential execution paths of the source code and may include one or more graph nodes connected by one or more directed graph edges]
It is noted that Keynes does not appear explicitly disclose wherein generating the code profile occurs prior to a compilation of the code base.
Hover, Kaneshiro discloses wherein generating the code profile occurs prior to a compilation of the code base (Kaneshiro Col. 4 Lines 38-45) [profile instrumentation method according to the present invention, the original source code information of a program is collected by the profile initialization processing before the optimizing transformation by the compilation]
 (Kaneshiro col. 1 lines 7-11)
Furthermore, it is noted that the combination of Keynes and Kaneshiro does not appear explicitly disclose applying the code profile, comprising of identifying sections of interest within the code base.  
However, Spoon discloses applying the code profile, comprising of identifying sections of interest within the code base (Spoon Col. 1 Lines 13-20) [A characteristic segment of source code is a segment of source code having a particular attribute of interest. Static analysis systems can generate analysis results that include data specifying where, in the code base, the characteristic segments of source code occur]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by Spoon to the code programing of Keynes and Kaneshiro would have yield predictable results and resulted in an improved system, namely, a system that would analyze computer software source code without executing the source code as a computer software program (Spoon col. 1 lines 7-11)
As to claim 3, Keynes discloses wherein extracting a code property graph further comprises of maintaining the code property graph with changes to the code base (Keynes Pa. [0105]) [The predicate expression of graph edge 510.fwdarw.515 is propagated upward and is then modified based on the source code statement on line 6 of the source code (in the basic block of the destination node (510)]

As to claim 4, Keynes discloses further comprises of creating a code policy, wherein the policy is a formal specification for generating a code profile (Keynes [0073]) [the program property definition includes rules, values, and logic necessary for analysis of a CFG in order to identify a specified program property type]; and wherein generating a code profile further comprises of generating the code profile from the code based graph and the policy (Keynes [0031]) [the model generator (105) includes functionality to generate a CFG model of source code. The CFG depicts one or more potential execution paths of the source code and may include one or more graph nodes connected by one or more directed graph edges]

As to claim 5, the combination of Keynes, Kaneshiro and Spoon discloses wherein creating the code policy comprises of receiving user input specifying at least a portion of the code policy (Spoon Col. 1 Lines 13-20) [A characteristic segment of source code is a segment of source code having a particular attribute of interest. Static analysis systems can generate analysis results that include data specifying where, in the code base, the characteristic segments of source code occur]
(Spoon col. 1 lines 7-11)
As to claim 6, Keynes discloses wherein creating the code policy comprises of iteratively applying an application security profiling method to the code base (Keynes [0021]) [author of the source code, and/or any authorized entity in accordance with one or more pre-defined security credentials]

As to claim 7, Keynes discloses wherein iteratively applying the method comprises of applying the method to lower level dependencies of the code base (Keynes [0103]) [the static analysis tool propagates the FALSE predicate expression value from the lower graph edge (i.e., the edge connecting graph nodes 525 and 520)]

As to claim 8, Keynes discloses wherein generating the code profile comprises of classifying data types and functions (Keynes [0018]) [Source code may be a fully functional program and/or a subset of a program such as a function, class, library, statement, instruction, user-defined type, and/or any code segment. Source code may reference one or more outside classes, objects, files, libraries (e.g., a dynamically linked library) and/or application programming interfaces (APIs)]

As to claim 9, Keynes discloses wherein classifying data types comprises of classifying sensitive data (Keynes [0039]) [A flow value is a path-sensitive value representing the state of one or more program objects, values, properties, elements, and/or attributes corresponding to a potential program property at a given location in the CFG]

As to claim 10, the combination of Keynes, Kaneshiro and Spoon discloses wherein classifying data types comprises of classifying attacker controlled data and unvalidated user data (Keynes [0021]) [any authorized entity in accordance with one or more pre-defined security credentials]

As to claim 11, Keynes discloses wherein generating the code profile further comprises of traversing the code profile graph and identifying flows between various points of the code base (Keynes [0041]) [The current graph edge may be selected in accordance with the traversal method and may be connected to one or more traversed graph nodes and/or graph edges of the CFG. For example, if all directed graph edges below a given graph edge are traversed, the given graph edge may be selected]

As to claims 12-13, Keynes discloses wherein extracting a code property graph further comprises of extracting a code property graph from a subset of multiple code bases; wherein generating a code profile further comprises of generating a code profile for a subset of multiple code bases (Keynes [0079]) [according to the type of program property being identified, the traversal of the CFG may cover only a subset of the CFG.]

.  As to claim 14, Keynes discloses wherein extracting a code property graph further comprises parallelizing computation of the code property graph across multiple computational nodes (Keynes [0070]) [While the various steps in the flowchart are presented and described sequentially, one of ordinary skill will appreciate that some or all of the steps may be executed in different orders and some or all of the steps may be executed in parallel]

As to claim 15, the combination of Keynes, Kaneshiro and Spoon discloses wherein applying the code profile occurs prior to application runtime (Keynes [0017]) [The static analysis tool (100) may be an application subroutine, a software module, a library, a job and/or any type of software component in accordance with one or more embodiments of the invention disclosed herein]

As to claim 16, Keynes discloses wherein applying the code profile further comprises of generating a code profile report (Keynes [0031]) [the model generator (105) includes functionality to generate a CFG model of source code. The CFG depicts one or more potential execution paths of the source code and may include one or more graph nodes connected by one or more directed graph edges]

As to claims 17-18, the combination of Keynes, Kaneshiro and Spoon discloses wherein applying the code profile further comprises of augmenting the development process of the code base by implementing code specific recommendations from the code profile; wherein applying the code profile further comprises of implementing a dynamic code-specific runtime agent (Kaneshiro Abstract) [This method is used to collect profile data (e.g. the execution time, iteration count, etc., of a specific portion of a program) during the execution thereof so as to grasp the behavior of the program]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by Kaneshiro to the code programing of Keynes would have yield predictable results and resulted in an improved system, namely, a system that would measure the execution time, iteration count of a specific portion of a program during its execution and for collecting the measured values as profile data so as to grasp of the behavior of the program (Kaneshiro col. 1 lines 7-11)
As to claim 20, the combination of Keynes, Kaneshiro and Spoon discloses further comprising of obtaining a code policy, a formal specification for generating the code profile, wherein generating the code profile further comprises of implementing the (Kaneshiro Abstract) [This method is used to collect profile data (e.g. the execution time, iteration count, etc., of a specific portion of a program) during the execution thereof so as to grasp the behavior of the program]
Thus, before the effective filing date of the claimed invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by Kaneshiro to the code programing of Keynes would have yield predictable results and resulted in an improved system, namely, a system that would measure the execution time, iteration count of a specific portion of a program during its execution and for collecting the measured values as profile data so as to grasp of the behavior of the program (Kaneshiro col. 1 lines 7-11)

Allowable Subject Matter
Claims 2 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EVANS DESROSIERS whose telephone number is (571)270-5438.  The examiner can normally be reached on Monday -Thursday 7:00 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B. Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/EVANS DESROSIERS/Primary Examiner, Art Unit 2491