DETAILED ACTION

1. 	This Office Action is in response to an amendment filed on Oct. 25, 2021. Claims 1, 3, 5-6, 11, 15 and 16 are amended. Therefore, Claims 1-20 are presented for examination. Now claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Response to Applicant’s Arguments
3.	Objection to claim 3 is moot in view of applicant amendment of the claim.
4.	Applicant arguments are moot in view of modify/new ground of rejection rendered below since they are based on newly added limitation that has changed the scope of the claim from “generating at a client” to “transmitting to a client”.
Furthermore, Examiner refer Applicant to the following MPEP citations when responding to an office action:
¶ 7.37.11    Unpersuasive Argument: General Allegation of Patentability

¶ 7.37.12    Unpersuasive Argument: Novelty Not Clearly Pointed Out
Applicant’s arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections.
¶ 7.37.13    Unpersuasive Argument: Arguing Against References Individually
In response to applicant’s arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

Claim Rejections - 35 USC § 102
5.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

6.	Claims 1-3, 5-13, and 15-20 are rejected under 35 U.S.C. 102 (a) (2) as being anticipated by Mahaffey et al. US 2016/0099963 hereinafter “Mahaffey” Published Apr. 07 2016.

Regarding claim 1, Mahaffey teaches: A method of rendering a security event in software application execution in a server computing device communicatively coupled to a plurality of client computing devices across a communication network (Mahaffey, first see FIG. 54 where clients 5465 communicatively coupled server 5405 across a communication network 5447 where rendering security event in software application, then see abstract along with ¶ [0178-0190]), the method comprising: 
receiving, at a memory of the server computing device, a waiver parameter specification identifying at least one waiver parameter in association with at least one recipient client device of the plurality of client computing devices, the at least one waiver parameter based at least in part on detecting a security violation event in accordance with a set of predetermined security policy violation during the software application execution (Mahaffey discloses the device state (waver parameter specification identifying) is sent to server 911 that is associated with security event of device 901, see ¶ [0140], and continues in ¶ [0190] that the state of device 901 is associated with particular software application that reads on applicant’s limitations; see also FIG. 37 and related texts; FIG. 42 disclose detection based on security policy on item 4203 and determination based on 4206, 4207 and 4208 for data based on security policy identification in item 4203; FIG. 36C disclose different models are set for analyzing gathering data which equate to applicant “predetermined security policy”);
during concurrent execution, in a processor of the server computing device, of object code of the software application, generating at least one waiver task automaton that monitors for the at least one waiver parameter in accordance with the security violation event (Mahaffey, first see ¶ [0148] that event or events generated will be processed in order to determine if actions need to be taken, then see ¶ [0190], that discloses the state of device 901 is a function of installed security software application where having access to a specific server 911 or remote software component 915 that monitoring activities on the mobile device 901 where communication from the device 901 must go through server 911  and continues ¶ [0192] based on security state information stored on server 911 for ; and 
transmitting, based on the monitoring, to a client interface of the at least one recipient communication device, a waiver notification interface during the concurrent execution (FIG. 36A disclose how notification 3606 transmitted to client (receive notification 3607) and action taken 3609 based on  notification (waiver); Mahaffey in ¶ [0201] discloses that “the server 911 may provide access to the security state of a device 901 through an API over a protocol such as HTTP”, and continues in ¶ [0228] that , “The common API may facilitate this communication and allow access or calling within the system … These functions include but are not limited to a XML parser or generator, the software configuration for the mobile device, an anti-virus engine, an attack prevention engine, an anti-spam engine, a data protection system, a registration/ authentication system, a logging or reporting system, a server communications system, data-type extensions, a memory manager or a database system (see FIG. 20)” and then see FIG.s 36A-38 items 3809, 3811, 3817, 3819, 3821, and 3823 and related text along with ¶ [0348] discloses that the server sends notification to mobile device through interface in accordance with data object execution), the waiver notification interface presenting an option to create a new waiver from the set of security policy violations (FIG. 42 disclose gathering data on item 4201 (transmitted or received data), item 4205 disclose analyses of data based on security policy in item 4203 and decision made on item 4213 or 4211 to either block or allow access; FIG. 36A disclose how notification 3606 transmitted to client (receive notification 3607) and action taken 3609 based on  notification (waiver) which equate to applicant “new waiver” since every data gathering and analysis of data yield to a notification and a waiver, for example FIG. 42 has three level of determine data (decision making process) and waiver notification generation).

Regarding claim 2, Mahaffey discloses all the limitations of claim 1. Further Mahaffey teaches: wherein the software application comprises an enterprise software application (Mahaffey, see ¶ [0476], “the data object, and trust ratings for the data object. One will appreciate that the above assessment data may be provided as an input into to server 3551. For example, a network operator or enterprise may operate a server that produces assessment data and feeds it data back to a master server. In another example, users may determine assessment data and provide it to server 3551 via an interface such as a web application”; also see FIG. 64 and related texts along with ¶¶ [0555, 0570, and 0849-0850]).

Regarding claim 3, Mahaffey discloses all the limitations of claim 1. Further Mahaffey teaches: wherein the waiver notification interface is generated upon the waiver parameter exceeding a threshold value of the waiver parameter as established in the specification or varies from a prior waiver parameter value in a prior execution of the software application (Mahaffey discloses threshold value for many different scenarios and since applicant’s limitations are so broad and does not specify what waver parameter, therefore the indicated paragraph reads on applicant’s limitations but there are so many other paragraphs that can read on applicant’s limitations, first see ¶ [0056], then see ¶ [0357], “a policy that specifies the threshold limit for network usage is a rate of 100 megabytes per day. If the behavioral data indicates that the application's network usage is above this threshold limit then the application can be flagged as adversely affecting the network or having the potential to adversely affect the network”). 

Regarding claim 5, Mahaffey discloses all the limitations of claim 3. Further Mahaffey teaches: wherein the client interface of the at least one recipient client device is configured to render at least one of: the new waiver, a modification to the waiver parameter, and an acknowledgement action for enactment thereon (Mahaffey, first see FIG. 41 and related texts along with ¶ [0422], “server 3551 requests the additional information for the data object from the second mobile ck 4133)”; also see ¶ [0590]; (FIG. 42 disclose gathering data on item 4201 (transmitted or received data), item 4205 disclose analyses of data based on security policy in item 4203 and decision made on item 4213 or 4211 to either block or allow access; FIG. 36A disclose how notification 3606 transmitted to client (receive notification 3607) and action taken 3609 based on  notification (waiver) which equate to applicant “new waiver” since every data gathering and analysis of data yield to a notification and a waiver, for example FIG. 42 has three level of determine data (decision making process) and waiver notification generation).). 

Regarding claim 6, Mahaffey discloses all the limitations of claim 1. Further Mahaffey teaches: wherein the new waiver relates to an anticipated security policy violation (Mahaffey, see ¶ [0590-0591], “the device receives an assessment from server 3551 indicating that the application is acceptable but software on the device gathers behavioral data that shows that the application violates policy (e.g., the application attempts to acquire the user's location), the device may undertake pre-configured remediation actions such as removing the application. The device may also transmit this behavioral data to server 3551 and indicate the policy violation”; “the device may undertake. The device may also transmit this behavioral data to server 3551 and indicate the policy violation pre-configured remediation actions such as removing the application”; FIG. 42 disclose gathering data on item 4201 (transmitted or received data), item 4205 disclose analyses of data based on security policy in item 4203 and decision made on item 4213 or 4211 to either block or allow access; FIG. 36A disclose how notification 3606 transmitted to client (receive notification 3607) and action taken 3609 based on  notification (waiver) which equate to applicant “new waiver” since every data gathering and analysis of data yield to a notification and a waiver, for example FIG. 42 has three level of determine data (decision making process) and waiver notification generation).


Regarding claim 7, Mahaffey discloses all the limitations of claim 6. Further Mahaffey teaches: wherein the recipient client device comprises at least one of a laptop computing device, a workstation computing device and a mobile computing device (Mahaffey, first see FIGs. 9-10 item 901 and related texts, then see ¶ [0176], “As used herein, the term "mobile communications device" refers to mobile phones, PDAs and smartphones, but excludes laptop computers, notebook computers or sub-notebook computers. In the present application, mobile communications device may also be referred to as "handset," "device," "mobile client" or "client." Specifically, mobile communications devices include devices for which voice communications are a primary function, but may offer data or other wireless Internet access capabilities, including Bluetooth, infrared, or wireless Internet access”). 

Regarding claim 8, Mahaffey teaches all the limitations of claim 7. Mahaffey further teaches: transmitting the waiver to a memory of the server computing device, wherein the memory maintains a record of waivers and modifications thereto (Mahaffey, see ¶¶ [0368 and 0507], “combinations of these is saved or stored on server 3551 (or at a storage location accessible by the server) so that the data can be accessed at a later time … The information may be saved or stored in nonvolatile memory or other persistent storage medium ( e.g., hard disk, optical disc, flash memory, and so forth)”; and continues in ¶ [0507], “the device may first check this list to see if the data object is present. If the object is present, the device does not re-scan the object. After scanning a file and determining it to be desirable, the device places an identifier for the data object in the list. Example identifiers include a file name, filesystem node identifier, or operating system specific data object handle. In an embodiment, the mobile communication saves this list of data objects to non-volatile storage so that  

Regarding claim 9, Mahaffey discloses all the limitations of claim 1. Further Mahaffey teaches: wherein the waiver task automaton is defined by script code that includes data relating to the at least one waiver parameter and a threshold value associated with the at least one waiver parameter (Mahaffey, first see FIG. 53 and related texts along with ¶¶ [0141 and 0147], “the local security component on the mobile device can identify security events by analyzing files or data stored on the device, messages such as function or system calls between components on the device, or network data flowing into or out of the device for security events. The security events can include finding possible threats such as exploits, suspicious network traffic, viruses, malware, SMS message or phone call spam, suspicious system or function calls, authentication failures, etc”, then see ¶¶ [0656 and 0696], “URL may reference a server that will perform actions, such as automatically removing applications identified as malware from an application market when the URL is requested. The server may be implemented in a variety of ways, including a PHP script or a Java, Ruby, or Python application server”, “the system compares the sequence of computer calls each app program can make. If the sequences are similar enough (e.g., there is a high degree of similarity), the system may decide that the two apps are similar”). 

Regarding claim 10, Mahaffey discloses all the limitations of claim 9. Further Mahaffey teaches: wherein the script code further includes data pertaining to the at least one recipient communication device, and the monitoring comprises at least one application program interface (API) call to the software application during the concurrent execution (Mahaffey, first see ¶ [0355], “The monitoring program at the client transmits to the server behavioral data based on the monitoring of the one or more application programs at the client”, and then see ¶¶ [0426-0450 and 0474], “behavioral data include information about network connections caused by the data object (e.g., server names, source/destination addresses and ports, duration of connection, connection protocols, amount of data transmitted and received, total number of connections, frequency of connections, and network interface information for the connection, DNS requests made), behavior of the data object when run (e.g., system calls, API calls, libraries used, inter-process communication calls, number of SMS messages transmitted, number of email messages sent, information about user interfaces displayed, URLs accessed), overhead caused by the data object (e.g., battery used, CPU time used, network data transmitted, storage used, memory used)”, “server 3551 performs analysis of a data object's content to determine what APs on a device the data object utilizes. In an embodiment, the API analysis may include a search of the data object for data sequences indicating API calls; an analysis of specific library, function, class, or other import data structures in the data object; an analysis of dynamic linker calls; an analysis of calls to local or remote services; static analysis of the data object; dynamic analysis of the data object; and analysis of behavioral data reported by one or more devices”). 

Regarding claim 11, this claim defines a device claim that corresponds to method claim 1. Therefore, claim 11 is rejected with the same rational as in the rejection of claim 1. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 12, this claim defines a device claim that corresponds to method claim 2. Therefore, claim 12 is rejected with the same rational as in the rejection of claim 2. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 13, this claim defines a device claim that corresponds to method claim 3. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 3. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 15, this claim defines a device claim that corresponds to method claim 5. Therefore, claim 15 is rejected with the same rational as in the rejection of claim 5. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 16, this claim defines a device claim that corresponds to method claim 6. Therefore, claim 16 is rejected with the same rational as in the rejection of claim 6. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 17, this claim defines a device claim that corresponds to method claim 7. Therefore, claim 17 is rejected with the same rational as in the rejection of claim 7.  

Regarding claim 18, this claim defines a device claim that corresponds to method claim 8. Therefore, claim 18 is rejected with the same rational as in the rejection of claim 8. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 19, this claim defines a device claim that corresponds to method claim 9. Therefore, claim 19 is rejected with the same rational as in the rejection of claim 9. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 20, this claim defines a device claim that corresponds to method claim 10. Therefore, claim 20 is rejected with the same rational as in the rejection of claim 20. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Claim Rejections - 35 USC § 103
7.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the 
8.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


9.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
10.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

11.	Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Mahaffey et al. US 2016/0099963 hereinafter “Mahaffey” Published Apr. 07 2016 in view of Macy et al. U.S. 2013/0283336 hereinafter “Macy” Published Oct. 24, 2013.

Regarding claim 4, Mahaffey discloses all the limitations of claim 3. Further Mahaffey teaches threshold value as it is disclosed in previous claim but does not disclose key security performance indicator
However Macy teaches: wherein the threshold value pertains to at least one of an industry security benchmark value, and a security performance indicator (security KPI) value (Macy, see ¶¶ [0004 and 0025], “includes an automated processing device tool that generates an overall cyber security Key Performance Indicator (KPI) value for an automated system from a hierarchy of determined KPI's by combining: (i) a Procedures and Protocols KPI determined from values”).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Mahaffey with the teaching of Macy because the use of Macy’s idea (Macy, see ¶ [0001]) could provide Mahaffey (Mahaffey, see abstract) the ability to include an automated processing device tool that generates security key performance indicator (KPI) value for control access in order to determine such access control from values, “includes an automated processing device tool that generates an overall cyber security Key Performance Indicator (KPI) value for an automated system from a hierarchy of determined KPI's” (Macy, ¶ [0004]).

Regarding claim 14, this claim defines a device claim that corresponds to method claim 4. Therefore, claim 14 is rejected with the same rational as in the rejection of claim 4. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Examiner note:
12.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.
Conclusion
13.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Oliver Michael Hausler U.S. 2060230282 disclose managing access permission dynamically in a network setting based on data analysis.
Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALIL NAGHDALI whose telephone number is (571) 272-9884.  The examiner can normally be reached on M-F 8-5.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's acting supervisor, KRISTINE KINCAID can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.
/KHALIL NAGHDALI/
Primary Examiner, Art Unit 2437