DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the communication filed on August 18, 2021 in response to Final Office Action.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/18/2021 has been entered.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Andrew D. Raymond on 24 November 2021.
The application has been amended as follows: 

Examiner amends claim 12 as follows:
implemented by a processor and memory, the method comprising:
receiving a binary file; 
identifying a first version-specific fingerprint associated with a first version of a dependency code component; 
searching, within dependency code of the binary file, for the first version of the dependency code component based on the first version-specific fingerprint, wherein the binary file contains a second version of the dependency code component, wherein a second version- specific fingerprint associated with the second version of the dependency code component differs from the first version-specific fingerprint; 
filtering cleared dependency code from the dependency code of the binary file to separate the cleared dependency code from custom code and altered dependency code in the dependency code of the binary file, wherein the cleared dependency code is code that has already passed a security evaluation, wherein the altered dependency code includes the second version of the dependency code component; and 
evaluating, by the processor, the custom code and the altered dependency code in the dependency code of the binary file for a security risk.


Allowable Subject Matter
Claims 1-6, 9-16, and 19-20 are allowed.
 The following is an examiner’s statement of reasons for allowance: 
Regarding independent claims 1, and 12:
The primary prior art applied in the Final Office action Tamir Shavro (U.S. 2018/0060224 A1) discloses matching of code segment using a signature of the code segment (Para 0026), when the application code segment does match a public code segment from the index, the code segment is assigned to a secondary test group of code segments” i.e., “cleared dependency code” (Para 0031: 5-7), different code segments have different signatures and (Para 0030);  public code i.e., “dependency code” and private code i.e., “custom code” are separated and performed different tests (Para 0019, and  Para 0007); and  when a code segment does not match a public code segment from the index, the code segment is assigned to a primary test group of code segments i.e., the “altered dependency code” and “when the application code segment does match a public code segment from the index, the code segment is assigned to a secondary test group of code segments” i.e., “cleared dependency code” (Para 0031). Finally, Shavro determines security vulnerabilities of the code segment that do not corresponds to the public code i.e., “custom code”; and Para 0031: the primary test group of code segments i.e., the “altered dependency code” goes through a more comprehensive set of tests (Para 0032).

The secondary prior art used in the final office Kang et al. (U.S. Patent Application Publication No.: US 2018/0129812 A1) discloses filtering out the “cleared dependency code” i.e., the “secondary test group of code segments” from a binary file in order to separate the “private code” i.e., the “custom code” and the “altered dependency code” i.e., the “primary test group of code segments” (Para 0112, 0124).

A previously cited prior art Bezzi et al. (US 2018/0157486 A1) discloses “…analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component….” (Bezzi, Abstract). 

A newly found prior art Juergen Weigert (US 8307351 B2) discloses:	
A system and method is provided for performing code provenance review in a software due diligence system. In particular, performing code provenance review may include sub-dividing source code under review and third-party source into logical fragments using a language-independent text fracturing algorithm. For example, the fracturing algorithm may include a set of heuristic rules that account for variations in coding style to create logical fragments that are as large as possible without being independently copyrightable. Unique fingerprints may then be generated for the logical fragments using a fingerprint algorithm that features arithmetic computation. As such, potentially related source code may be identified if sub-dividing the source code under review and the third-party source code produces one or more logical fragments that have identical fingerprints (Abstract).

filtering cleared dependency code from the dependency code of the binary file to separate the cleared dependency code from custom code and altered dependency code in the dependency code of the binary file, wherein the cleared dependency code is code that has already passed a security evaluation, wherein the altered dependency code includes the second version of the dependency code component…” along with other limitations independent claims 1, and 12.
For this reason, the specific claim limitations recited in the independent claims 1, and 12 taken as whole are allowed.
The dependent claims 2-6, 9-11, and 13-16, 19-20 which are dependent on the above independent claims 1, and 12 being further limiting to the independent claim, definite and enabled by the specification are also allowed.
	 Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/SAMSON B LEMMA/Primary Examiner, Art Unit 2498