Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Claims 1 and 6 have been amended.
	Claims 2-4, 7, and 9 have been previously presented.
	Claims 5, 8, and 10 are original claims.
	Claim 11 has been canceled.
	Claims 1-10 are pending.

Response to Arguments
	Applicant’s arguments on pages 11-19, filed on 6/30/21, have been fully considered but they are not persuasive. Applicant notes, on page 11, that claims 1 and 6 have been amended and claims 1-10 are presently pending. 	
	Applicant’s arguments are fully considered, but are unpersuasive.
	Specifically, Applicant argues:
	35 U.S.C. 103 Rejections:
	Applicant notes, on page 12, that claims 1-10 have been rejected under 35 U.S.C § 103 as being anticipated by Weigert (U.S. Patent Publication No. 20100241469) (hereinafter referred to as "Weigert") in view of Sahoo et al (U.S. Patent Publication No. 20130254744) (hereinafter referred to as "Sahoo"). 
	Applicant argues, on page 12, that the that the scope of categorizing the OSS components in the product into categories of strong copyleft, weak copyleft, permissive is not obvious in view of WEIGERT since WEIGERT merely recite GPL, MPL and does 
	As discussed on page 51, Weigert was not relied upon as teaching or suggesting OSS components having a strong, permissive, or weak copyleft license. Sahoo discloses: 
	[One of the modules of the auto-license compatibility verifier is the receiving module which is configured for receiving required software components along with their licensing information that are used in the developed or conceptualized software solution. The licensing information may include different categories of the software licenses such as strong copyleft license, weak copyleft license or permissive license (0023)]
	Applicant argues, on page 13, that WEIGERT discloses usage type as version identifier, a classification path, a complex license list, choice license, clause license, clause identifier. However, Applicant submits that the license usage type in the claimed subject matter refers to snippets, file or a library. Applicant also argues, on page 13, that the reference to snippets in Weigert and the scope and purpose of usage type i.e., snippets, file, library referred in the claimed subject matter is different from snippets in Weigert, and the scope of usage type of the OSS components as one of snippets, file, library (one of library-executable, library- binary type) is unlike version identifier, classification path, clause identifiers, snippets in WEIGERT since (1) WEIGERT does not identify usage type of snippets, file, library (static library, dynamic library) for the OSS components that are categorized as weak copyleft license, permissive license, and 
	Weigert discloses no reference to version identifier, a classification path, a complex license list, choice license, clause license, and a clause identifier as a usage type. Regarding Applicant’s assertion that Weigert discloses usage type as version identifier, a classification path, a complex license list, choice license, clause license, clause identifier, the Examiner notes the instant application describes, “attributes including OSS component name, OSS component version, OSS component home page URL, OSS component license type, OSS component license URL, OSS component attribution note, license usage type, commercial distribution permission, OSS component compile permission, license compatibility with The OSS component license type associated with the other OSS components comprised in the product or compatibility with proprietary license,” (see instant specification at 0031; see also 0010). The Examiner asserts that Weigert, much like the instant specification, merely considers a version identifier, a classification path, a complex license list, choice license, clause license, and a clause identifier as attributes of OSS components which may be used to compare OSS components.
	Weigert discloses: [software development organizations often employ a common code base that can include hundreds or thousands of packages used in the development of various software products, with many of the packages potentially containing open source or being subject to various open source licenses. Furthermore, the packages in the code base can often further contain hundreds, thousands, or even millions of source files that may be subject to different open source licenses. Ensuring license compliance and compatibility for all of the software in a given product can be very difficult, as open source software typically originates from one or more upstream repositories or other sources that are beyond the control of the development organization (0003); The unpacking engine may recursively unpack source code files as deeply as possible, while also deriving metadata describing the unpacked files (0015); If the source file or other component includes a code transformation (e.g., an object file, a library component, etc.), the code transformation may receive a license distance based on the nature of the transformation (0110); the compatibility of different open source licenses may not always be clearly discernable, as a given package may often several different software components (e.g., libraries, main application, test suites, etc.), yet different open source licenses may vary in whether they permit or prohibit the use of different or incompatible licenses for the various components (0003); the unpacking engine 115 may determine a file type for each unpacked file based on the metadata or other information derived for the unpacked source files... code-based binaries (typically .dll and .exe files) may be identified as likely including or referencing source code (0073); an operation 440 may include determining whether the selected file is a binary file (0126); identifying whether the binary file is a code-based or non -code binary (0127)]
	As such, Weigert discloses that software packages may comprise millions of source files that may be subject to different open source licenses and notes ensuring license compliance and compatibility for all of the software in a given product can be very difficult. Weigert discloses unpacking source code files as deeply as possible while also deriving metadata describing the unpacked file, and determining a file type for each 
	Particularly regarding Applicant’s argument as related to the disclosure of snippets by Weigert, the Examiner notes Weigert describes snippets in the context of scanning source code, applying rules, identifying potential undocumented source code usage (0132-1035, 0142), generating fingerprints based on fragments, and identifying potentially undocumented source code if the fingerprint generated for any of the source code under review matches the fingerprint generated any of the third -party source code (0149).
	Regarding Applicant’s argument, on pages 13-14, that Weigert does not define snippets as Snip, file as Fil, library (Comps or Compd) and also determine if the component is modified, the Examiner notes the substance of Applicant’s argument is directed to aspects of the amended claim limitations. The Examiner notes the cited prior art was not relied upon for teaching the amended aspects of the pending claims, but was cited to teach the claims as previously filed. Applicant is referred to the rejections of 
	Regarding Applicant’s arguments, on page 14, that the scope of the adaptive learning disclosed by the instant specification is different from the adaptive learning disclosed by Weigert, the Examiner notes the claims are reviewed under the broadest reasonable interpretation of the claims, and the Court has cautioned against reading limitations into a claim from the preferred embodiment (MPEP 2111.01).
	Regarding Applicant’s arguments, on pages 14-16, regarding determining based on final attributes, the OSS components that are complaint are either compiled with the proprietary component, or not compiled with the proprietary component but are part of the final deliverable, Applicant argues that Weigert does not disclose the limitations in the same context as disclosed by the instant specification. As noted above, the claims are reviewed under the broadest reasonable interpretation. 
	Regarding Applicant’s arguments, on page 16, that Sahoo does not focus on defining an OSS usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library(Compd), and determining if a component is modified, wherein when the OSS usage type is snippet (Snip) for the OSS component then the associated attribute is modification:The process of Sahoo is focused on verifying the compatibility among software components and dynamically mapping the licensing information of the software components which are used in the software solution with respect to the already stored licensing information which are stored in the database, the Examiner notes the substance of Applicant’s argument is directed to aspects of the amended claim limitations. The Examiner notes the cited prior art was 
	Regarding Applicant’s arguments, on page 16, that Sahoo does not discuss that matching is based on attributes associated with the OSS components, verifying the compatibility among software components is contextually different from unidentified components in terms of its scope i.e. OSS components of the product under consideration having no match or having a match but characterized by one or more missing attributes that are identified as unidentified components, and that Sahoo does not disclose using a customized database and defining usage of the OSS components, the Examiner notes prior art disclosing a limitation in a contextually different manner from the disclosure of the instant specification may still teach the broadest reasonable interpretation of the limitations. Additionally, the Examiner notes using a customized database is not claimed, and Weigert is cited as teaching matching based on attributes associated with the OSS components.
	Weigert discloses: software due diligence review includes the need to ensure compliance and compatibility within individual components (0004), generating a fingerprint for the received source file and matching the source file to a database or other repository (0018), matching keywords identified in a source file to relevant text patterns (0071, 0113, 0152, 0161); a report may be generated for the source file to provide information relating to matching licenses (0019); a binary scan engine that can 
	Regarding Applicant’s arguments, on page 17, that the claimed subject matter also provides a technical solution of periodically comparing unidentified components with the OSS components in a first OSS database to identify new matches, while the Examiner disagrees with Applicant’s assertion of providing a technical solution, the Examiner notes providing a technical solution does not distinguish the claimed invention from prior art that teaches the claim limitations.
	Regarding Applicant’s argument, on page 17, that the prior art does not implicitly or explicitly disclose or even suggest the feature of defining an OSS usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library(Compd), and determining if a component is modified, wherein when the OSS usage type is snippet (Snip) for the OSS component then the associated attribute is modification;" as disclosed by the amended claim 1, the Examiner notes the substance of Applicant’s argument is directed to aspects of the amended claim limitations. The Examiner notes the cited prior art was not relied upon for teaching the amended aspects of the pending claims, but was cited to teach the claims as previously filed. Applicant is referred to the rejections of the pending claims under 35 USC 103, below, for a complete discussion of the pending claims.
	Applicant’s arguments have been fully considered, but are not persuasive.

Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
	Regarding claim 1, claim 1 comprises:
	“identifying a license usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the license usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary type; 
	defining an OSS usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library(Compd), and determining if a component is modified, wherein when the OSS usage type is snippet (Snip) for the OSS component then the associated attribute is modification;
	...performing an OSS compliance analyses for the one or more OSS components in the product based on the usage type,”
	The claim is unclear in that the claim has been amended to define two different scopes for the usage type of the OSS components (a license usage type and an OSS usage type), then recites performing a function based on, “the usage type,” which indicates the claim is directed to a single usage type. It is unclear if the license usage usage type,” and, “license usage type,” interchangeably (see instant specification at 0005, 0006, 0007, 0010, 0011, 0027). 
	 In order to advance compact prosecution, the Examiner interprets the limitations as comprising a single usage type associated with the OSS components, wherein the usage type is one of a snippet, a file or a library, and wherein the library is further identified as one of a library-executable, a library-binary type, a static library (Comps), or a dynamic library (Compd). 
	Regarding claim 6, the discussion above applies to claim 6, as well.
The claims are unclear in that a person of ordinary skill in the art would not be able to interpret the metes and bounds of the claims so as to understand how to avoid infringement.
Claims 1-10are rejected due to their dependency from claim 1. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.
Ascertaining the differences between the prior art and the claims at issue.
Resolving the level of ordinary skill in the pertinent art.
Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-10 are rejected under 35 U.S.C. 103 as being unpatentable over Weigert, U.S. patent Application Publication 20100241469 in view of Sahoo, U.S. patent Application Publication 20130254744.
Claims 1 and 6 are substantially similar, and will be addressed together. Substantially similar limitations of dependent claims will be addressed together, as indicated.
	NOTE: The claim interpretation discussed in the Claim Interpretation section, above, applies here as well.
	Regarding claims 1 and 6, 
	Weigert — which is directed to a system and method for automating software due diligence — discloses:
	(Claim 1) A processor implemented method comprising: 
	(Claim 6) A system comprising: one or more data storage devices (102) operatively coupled to one or more hardware processors (104) and configured to store instructions configured for execution by the one or more hardware processors to:
	(Claims 1 and 6) receiving a product embedded with one or more Open Source Software (OSS) components; 
	[open source software typically originates from one or more upstream repositories or other sources that are beyond the control of the development organization…the compatibility of different open source licenses may not always be clearly discernable, as a given package may often several different software components (e.g., libraries, main application, test suites, etc.) (0003; see also 0001-0007); A method for performing software due diligence review, comprising: receiving software subject to due diligence review (claim 1)]
	comparing each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) 	to identify one or more matches therebetween based on attributes associated thereof; categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) [based on the licenses associated with the software components]; 
	[performing software due diligence review, and in particular to using a binary scan engine, parallel pattern matching, and other components to review software for compliance and compatibility with open source license requirements, export regulations, and other issues pertaining to software due diligence (0003); a binary scan engine that can extract information from one or more binary objects. For example, whenever a package or other binary file passes through the build system, the build system may create debug information that can be used to troubleshoot later crashes or other problems for the software. As such, the binary scan engine may search the debug match one or more source files to binary objects and otherwise identify dependencies of the binary objects (0013); the system for automating software due diligence may include a license database that stores information describing various software licenses. The licenses may be described in the license database according to a condensed license description syntax, which may contain a limited number of verifiable attributes to provide precision and lack of redundancy in describing known software licenses (0009); the system may include a fingerprinting module for calculating a unique file fingerprint for binaries and/or unpacked source files under review. The unique file fingerprint for each binary and/or unpacked file may be compared to existing file fingerprints to determine whether the associated software has already been reviewed (0016; see also 0150-0153 discussing generating a fingerprint for the received source file, matching the source file to a database or other repository, and failing to match the source file)]
	identifying a license usage type for the one or more OSS components in the product [...], wherein the license usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary type; defining an OSS usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library (Compd), and 
NOTE: As discussed in the rejections under 35 USC 112(b), the claims are unclear in that the claims have been amended to define two different scopes for the usage type of the OSS components (a license usage type and an OSS usage type), then recites performing a function based on, “the usage type,” which indicates the claim is directed to a single usage type. It is unclear if the license usage type and the OSS usage type are separate, distinct elements, or if they are the same element with a slightly different wording. The Examiner notes the specification appears to use, “usage type,” and, “license usage type,” interchangeably (see instant specification at 0005, 0006, 0007, 0010, 0011, 0027).  In order to advance compact prosecution, the Examiner interprets the limitations as comprising a single usage type associated with the OSS 
	
	Weigert discloses:
	[packages in the code base can often further contain hundreds, thousands, or even millions of source files that may be subject to different open source licenses (0003); the system may include an unpacking engine configured to expose plain text information for source code packages or other types of archives provided for review. The unpacking engine may recursively unpack source code files as deeply as possible, while also deriving metadata describing the unpacked files (e.g., package name, version, release, etc.). For example, the unpacking engine may support unpacking for source code packages...a plurality of source files...unpack the software until the software has been fully unpacked. The unpacked source files may then be sorted and post-processed to expose plain text information (0015); the unpacking engine 115 may determine a file type for each unpacked file based on the metadata or other information derived for the unpacked source files... code-based binaries (typically .dll and .exe files) may be identified as likely including or referencing source code (0073); The source files may generally include code-based binary files, non-code binary files, source code files, or various other types of files (0071); an operation 440 may include determining whether the selected file is a code-based binary file (typically a .dll or .exe file) or non-code binary file (0126-0127); the unpacking engine 115 may determine a file type for each unpacked file based on the metadata or other information derived for the unpacked source files…the unpacking engine 115 may sort the leftover binary files into code-based and non-code binaries (0073, 0127); a given package may contain several different software components (e.g., libraries, main application, test suites, etc.), yet different open source licenses may vary in whether they permit or prohibit the use of different or incompatible licenses for the various components (0003); object files or static library components and less closely related to shared libraries (0110)] Weigert discloses that software packages may comprise millions of source files that may be subject to different open source licenses and notes ensuring license compliance and compatibility for all of the software in a given product can be very difficult. Weigert discloses unpacking source code files as deeply as possible while also deriving metadata describing the unpacked file, and determining a file type for each unpacked file, and notes files may be libraries, binary files, and dll. fnd exe. files.
	Additionally, Weigert describes snippets in the context of scanning source code, applying rules, identifying potential undocumented source code usage (0132-1035, 0142), generating fingerprints based on fragments, and identifying potentially undocumented source code if the fingerprint generated for any of the source code under review matches the fingerprint generated any of the third -party source code (0149).
	determining if a component is modified, wherein when the OSS usage type is snippet (Snip) for the OSS component then the associated attribute is modification; 
	[The code provenance engine 135 may further use a text fracturing module 150 to fracture or otherwise sub-divide the known open source into one or more blocks and/or sub-blocks that are as large as possible without being independently copyrightable (i.e., if the blocks and/or sub-blocks are independently copyrightable, relatively insubstantial modifications may cause the lack of proper documentation to 
	Additionally, Weigert notes that individual clauses may be added to a license and the meaning of a clause or a license may be modified (0051, 0053), describes cases where the modify operator has been used to add additional permissions or to counteract obligation clauses in a license (0052), and notes some complex licenses may have an “Equivalents” attribute that identifies alternative expressions for the same license and that clauses may be added or rescinded (0053)] The Examiner interprets the disclosure as comprising determining if a component is modified. 
	The Examiner notes the language of, “wherein when the OSS usage type is snippet (Snip) for the OSS component then the associated attribute is modification,” is simply a statement of fact describing a component that has been modified. If a 
	AMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 3 Filing Date: 06/28/2018identifying as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute; 
	[the code provenance engine 135 may be configured to determine whether software actually includes undocumented and/or improperly documented source code (particularly when the software is identified as closed source or proprietary) (0094; see also 0020, 0034); after the list of logical fragments has been generated in operation 530, the individual fragments may be further analyzed to identify potentially undocumented source code (0142); see also 0150-0153 discussing generating a fingerprint for the received source file, matching the source file to a database or other repository, and failing to match the source file); In cases where a report indicates that the batch mode review only achieved partial coverage for a reviewed package, a manual review may be required to achieve full coverage (0066); Questionable cases may be excluded from being listed among the inclusions (0046)] As such, the Examiner asserts the disclosure teaches or suggests AMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 7identifying as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute.

	periodically comparing the one or more unidentified components with the OSS components in the first OSS database (DB1) to identify one or more new matches based on continual updation of OSS components available in the public domain; updating a second OSS database (DB2) comprising at least some of the one or more OSS components in the product having the one or more new matches, wherein the one or more new matches, the one or more unidentified components are categorized as at least one or more proprietary components and OSS components being previously available in the public domain;
	[unmatched keywords may identify new relevant (or irrelevant) text patterns, which may be used to create new text patterns based on how certain keywords appear within source code (e.g., a dialogue window may present context surrounding the unmatched keyword, wherein the context may be edited to create a new text pattern to cover the unmatched keyword) (0018; see also 0150); The fingerprints may then be recorded in a database or another suitable repository in an operation 560, and a subsequent operation 565 may include identifying potentially undocumented source code if the fingerprint generated for any of the source code under review matches the fingerprint generated any of the third-party source code (0016, 0149); the list of logical fragments generated in operation 530 may be recorded in a manner suitable for subsequent analysis (e.g., in a fingerprint database) (0016, 0141); if any new keywords and/or text patterns have been added since the prior review, the source file may be searched again (0152); the code provenance engine may determine whether software identified as closed source (or proprietary) actually includes 
	performing an OSS compliance analyses for the one or more OSS components in the product based on the usage type, the attributes associated thereof comprised in the second OSS database (DB2) and one or more pre-defined rules, 
	[the license description syntax may include one or more attributes for describing the various software licenses in the license database 185b. In particular, a given software license described in the license database 185b may be associated with some or all of the following attributes of the license description syntax: (0036); the software diligence engine 110 may be configured to review one or more source code packages for various compliance issues (0070); the unpacking engine 115 may be configured to recursively unpack source code files as deeply as possible, and further to derive metadata describing the unpacked source files (e.g., package name, version, release, etc.) (0071); the code provenance engine may use a set of rules (0021-0022); one or more rules to govern remediation of any compliance issues, construct workflows to manage the remediation, or otherwise finalize the due diligence review process (0023); one or more rules may define default operator precedence conditions as related to a combination of license schemes (0050-0051); implement package-specific rules or policies to govern remediation of any issues (e.g., notifying the developer of the potential issue, restricting use based on the severity of the issue, etc.). Relevant rules and/or policies may also be attached to database entries associated with remediated software in order to 
	wherein the attributes are stored in the second OSS database (DB2) in a pre-defined format that facilitates in faster retrieval of information from the second OSS database (DB2)... determining, the one or more OSS components that are selected for a final deliverable based on the final attribute, wherein each of the one or more OSS components that are compliant are either compiled with the proprietary component, or not compiled with the proprietary component but are part of the final deliverable.  
	[the system for automating software due diligence may include a license database that stores information describing various software licenses. The licenses may be described in the license database according to a condensed license description syntax, which may contain a limited number of verifiable attributes to provide precision and lack of redundancy in describing known software licenses (0009); a report may be generated for the source file to provide information relating to matching licenses, a risk level, a distribution status, and/or other information relevant to compatibility and compliance with one or more software due diligence issues (0019; see also 0163-0164); the report may identify a risk level, distribution status, and/or matching licenses (0173); The license review system 105 may then check for permissions and obligations associated with various attributes of the declared open source licenses, contradictions or relaxations with regard to other license declarations, or other information associated with open source licenses (0058; see also 0101); the compliance reports may also include an indication of whether the software component includes multiple licenses or inter-package relationships (0023)]
	generating a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein; 
	[one or more reports may be constructed for the package based on the batch review performed (0113); reports stored in the reports database 185a may expose a degree to which a particular package was covered during the batch mode review of the package (0066); a report may be generated for the source file to provide information relating to matching licenses, a risk level, a distribution status, and/or other information relevant to compatibility and compliance with one or more software due diligence issues (0019; see also 0035, 0059, 0065-0066, 0114); If the software under review includes one or more open source licenses or other relevant legal language, the system may check for permissions and obligations associated with attributes of the open source licenses or other legal language to draw inferences regarding potential compliance problems (0008; see also 0002-0008, 0032, 0058, 0097-0098, 0113, 0120, 0173);
	adaptively learning the one or more OSS components and the attributes associated thereof comprised in the comprehensive report (R5) and updating the second OSS database (DB2); AMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 4
	[the license review system 105 may associate each reviewed file, package, binary object, or other software component with a reference to the corresponding report (0059); the software diligence engine 110 may generally be configured to manage various aspects of searching the plain text information to locate any text interactively learned patterns identified as relevant to due diligence review (e.g., patterns stored in the license database 185b that correspond to known open source licenses, cryptography, patent or copyright usages, etc.) (0075); ; the interactive process constructing a report for reviewed software may be used to expand the information contained in the license database 185b to ensure that subsequent batch mode reviews will have full coverage for the same or related versions of the package (e.g., uncovered patterns in a given package may be analyzed and associated with a description in the license database 185b, whereby the patterns may be available in subsequent batch mode runs) (0066; see also 0076, 0111, 0116-0119); compliance officers or other authorized reviewers may add new rules, modify or remove existing rules, or otherwise tailor the methodology for determining license distance based on learned experience or other factors(0111; see also 0066-0067)]
	Weigert does not appear to explicitly recite components having a strong, permissive, or weak copyleft license.
	However, Sahoo — which is directed to a system and method for verifying compatibility among software components, more particularly open source software — discloses (while additional portions of the claim limitations are included to provide context and support the motivation and rationale to combine the cited prior art, note the portion in italics is what has not explicitly been addressed): 
	receiving a product embedded with one or more Open Source Software (OSS) components...categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft license; identifying a license usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, 
	[The present invention generally relates to a system and method for verifying compatibility among software components, more particularly open source software (0001); One of the modules of the auto-license compatibility verifier is the receiving module which is configured for receiving required software components along with their licensing information that are used in the developed or conceptualized software solution. The licensing information may include different categories of the software licenses such as strong copyleft license, weak copyleft license or permissive license or the licensing information may also include version of the software components and its license type and version number such as GNU General Public License (GPL), GNU Lesser General Public License (LGPL), Berkeley Software Distribution License (BSD) etc. After receiving the required software components, a categorizing module upon execution of the processor is configured for categorizing the received software components based on their licensing information. Upon categorization of the software components, a mapping module, one of the processor-executable module of said computer-implemented system is further configured for mapping the licensing information of the received and thereafter categorized software components with respect to the previously stored licensing information which is stored in the database for ensuring the compatibility of the software components among them, wherein the database is stored in the memory of the said computer-implemented system (0023; see also 0007-0010, 0017);
	While the Examiner asserts Weigert teaches the broadest reasonable interpretation of the limitations discussed above, additionally and alternatively, Sahoo further discloses:
	determining if a component is modified...	generating a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein; determining, the one or more OSS components that are selected for a final deliverable based on the final attribute, wherein each of the one or more OSS components that are compliant are either compiled with the proprietary component, or not compiled with the proprietary component but are part of the final deliverable.  
	[Sahoo describes a report generated for a described scenario in Table 1 regarding a solution (0049) 

    PNG
    media_image1.png
    308
    333
    media_image1.png
    Greyscale

	The Examiner interprets the referenced, “solution,” as a final deliverable. The report describes license obligations, whether source code is modified or not modified, describes the solution as comprising a dynamically linked library, and notes the open source software as being modified, distribution permission, and permission to compile OSS components along with the solution.
	Weigert teaches a system and method for automating software due diligence. Sahoo teaches a system and method for verifying compatibility among software components, more particularly open source software. As such, each of the cited prior art are in the field of Applicant’s endeavor and/or are reasonably pertinent to the particular problem with which Applicant was concerned.
Weigert and Sahoo is that Weigert does not appear to explicitly recite components having a strong, permissive, or weak copyleft license.
	The functionalities of the elements of the cited prior art do not interfere with each other and the results would be predictable in that applying the teachings of Sahoo to Weigert would simply incorporate the known methods of verifying compatibility among software components, more particularly open source software as taught by Sahoo with the known methods for automating software due diligence as taught by Weigert in order to enable mapping of licensing information of the received and thereafter categorized software components with respect to the previously stored licensing information which is stored in the database for ensuring the compatibility of the software components among them, wherein the database is stored in the memory of the said computer-implemented system (0023; see also 0007-0010, 0017), dynamically verify the compatibility of different software components such as open source software which are used in a software solution (Sahoo 0005), and enable dynamic verification of compatibility among software components by tracing licensing information of said software components relative to the previously stored licensing information in a database (Sahoo 0006).
	Since the functionalities of the elements of the system and method disclosed by Weigert and the functionalities of the elements of the system and method disclosed by Sahoo do not interfere with each other, the results of the combination would be predictable. One would further expect that this combination would be performed with a reasonable expectation of success.
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features of verifying  Sahoo) with the system and method for automating software due diligence (as taught by Weigert) in order to enable mapping of licensing information of the received and thereafter categorized software components with respect to the previously stored licensing information which is stored in the database for ensuring the compatibility of the software components among them, wherein the database is stored in the memory of the said computer-implemented system (0023; see also 0007-0010, 0017), dynamically verify the compatibility of different software components such as open source software which are used in a software solution (Sahoo 0005), and enable dynamic verification of compatibility among software components by tracing licensing information of said software components relative to the previously stored licensing information in a database (Sahoo 0006).

	Regarding claims 2 and 7, the combination of Weigert and Sahoo teaches the limitations of claims 1 and 6.
	Weigert further discloses:
	wherein the attributes stored in the second OSS database (DB2) in the pre-defined format include OSS component name, OSS component version, OSS component home page URL, OSS component license type, OSS component license URL, OSS component attribution note, the usage type, commercial distribution permission, OSS component compile permission, license compatibility with the OSS component license type associated with other OSS components comprised in the product or compatibility with proprietary license.  
	[the system for automating software due diligence may be used to track licenses, risk levels, distribution status, and other compliance issues for software subject to due diligence review. In particular, the system may be used to review software to identify references to known open source licenses, external licenses, end user license agreements, other software licenses, and/or cryptographic algorithms that may present issues for export controls or regulations (e.g., using cross-references to software known to have export defects). If the software under review includes one or more open source licenses or other relevant legal language, the system may check for permissions and obligations associated with attributes of the open source licenses or other legal language to draw inferences regarding potential compliance problems (0008; see also 0002-0008, 0032, 0058, 0097-0098, 0173); The license review system 105 may then check for permissions and obligations associated with various attributes of the declared open source licenses, contradictions or relaxations with regard to other license declarations, or other information associated with open source licenses (0058; see also 0101); a license database 185b may be configured to store information that describes various software licenses, and a reports database 185a may be configured to store information that describes results of software due diligence review. In one implementation, the licenses may be described in the license database 185b according to a condensed license description syntax, which may contain a limited number of verifiable attributes for known software licenses. The license description syntax may be designed to provide precision and lack of redundancy in the description of software licenses. In particular, a given entry in the license uniquely describe one version of a software license, even for licenses that may have multiple names known to be in circulation (e.g., because of the existence of multiple sources and/or authors for the license)… the reports database 185a and/or the license database 185b may be established as a global license database (or library) (0035; see also 0015); the license description syntax may include one or more attributes for describing the various software licenses in the license database 185b. In particular, a given software license described in the license database 185b may be associated with some or all of the following attributes of the license description syntax: (0036); Full Name: Provides a descriptive and distinct full name for the license, as drafted by the initial author, which may further include a version number and/or timestamp (0037); Short Name: Provides a truncated name for the license, which may be condensed for practical human usage, while also being distinct across the entire namespace. Each short name contains a name element, and each short name further contains a version identifier and/or a descriptive identifier (0038); Name Element (0039); Version Identifier (0040); Descriptive Identifiers (0041); Full Text List: Provides known Uniform Resource Locators (URLs), expected to be persistent, which contain the full text of the license (0042); Alias List (0043); Classification Path: Provides a hierarchical path for classifying or otherwise organizing various software licenses (0044); Integer Identifier: Provides a numeric integer for uniquely identifying the license (0045); Inclusions List (0046); Complex License List: Provides a list of licenses considered synonymous, equivalents of, or otherwise related to the license being described, wherein each complex license is expressed using one or more elements of the license description Complex licenses may include choice licenses (e.g., dual licenses, triple licenses, etc.), mixed licenses, modified licenses, or other interactions among a plurality of licenses (0047); Choice Licenses: Require a user to choose at least one license from a given list that includes a plurality of licenses (0048); Mixed Licenses: Require a user to concurrently comply with the terms of a plurality of licenses (0049); Aggregation Classes: Combinations of choice license schemes (e.g., dual licenses, triple licenses, etc.) and/or mixed license schemes can often exist for a given package (0050); Additions, Exclusions, or Modifications: The logical AND operator may be used to add individual clauses to a license, or to add individual licenses to a license class…modify the meaning of a clause or a license (e.g., to add additional permissions or to counteract obligations or other terms associated with a particular license) (0051); Clause Identifiers: Individual clauses may be identified using a clause identifier…add additional permissions or to counteract obligation clauses in a license (0052); Equivalents: Various complex licenses may be well known in their own right (e.g., when complex licenses are prominent enough to have a set of known attributes or characteristics). Thus, some complex licenses may have an "Equivalents" attribute that identifies alternative expressions for the same license (0053); Public Comments: Provides cross-references to public reviews and comments for a license, which may originate from a newsgroup, a web page, a mailing list, a blog, or another public forum or source (0054); Additional Attributes: Provides extensibility where additional attributes may be defined to describe the license… The additional attributes may be defined as Boolean variables to provide a simple binary setting (e.g., Y/N, 1/0, etc.), and in one implementation, the setting for the attributes may optionally be permitted to permissions on distribution of the package, or otherwise finalize the due diligence review for the package (0115); the report may identify a risk level, distribution status, and/or matching licenses, among other things, thereby providing various types of information that can be used to ensure compatibility and compliance for software subject to due diligence review (0173); in addition to being reviewed for keywords and text strings that indicate references to one or more licenses in the license database 185b, the license review system 105 may include a code provenance engine 135 configured to review software for undocumented and/or improperly documented source code. For example, open source components may typically carry prominent copyright and/or license information, and may liberally point to sources of borrowed code, while closed source (or proprietary) components do not. As such, because the absence of relevant keywords or text patterns in a source file may not necessarily indicate that the source file is free of software due diligence issues, the code provenance engine 135 may be configured to determine whether software actually includes undocumented and/or improperly documented source code (particularly when the software is identified as closed source or proprietary) (0094; see also 0020, 0034)]
	The Examiner notes the limitation comprises a list of generic attributes associated with OSS components and asserts the cited prior art teaches or suggests the limitations.
Sahoo as related to claim 1 applies here, as well. Sahoo describes a report generated for a described scenario in Table 1 regarding a solution (0049). The report describes license obligations, whether source code is modified or not modified, describes the solution as comprising a dynamically linked library, and notes the open source software as being modified, distribution permission, and permission to compile OSS components along with the solution.
		
	Regarding claims 3 and 8, the combination of Weigert and Sahoo teaches the limitations of claims 2 and 7.
	The Examiner notes claim 1 and claim 6 comprise categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft license, identifying as one or more unidentified components, and generating a comprehensive report (R5) based on the OSS compliance analyses. Claims 3 and 8 generating four reports. Claims 3 and 8 do not comprise elements not previously addressed. The Examiner asserts the comprehensive report based on the OSS compliance analysis may be interpreted as comprising the four separate reports referenced. 
	Weigert further discloses:
	further comprising generating one or more reports comprising: a first report (R1) pertaining to the one or more unidentified components; a second report (R2) pertaining to the one or more OSS components in the product having the strong copyleft license; a third report (R3) pertaining to the one or more OSS components in the product having the weak copyleft license; and a fourth report (R4) pertaining to the one or more OSS components in the product having the permissive license.  
	[one or more reports may be constructed for the package based on the batch review performed (0113); a report may be generated for the source file to provide information relating to matching licenses, a risk level, a distribution status, and/or other information relevant to compatibility and compliance with one or more software due diligence issues (0019; see also 0035, 0059, 0065)]
	The Examiner notes the limitations are recited in a manner in which the motivation and rationale discussed for claims 1 and 6 applies here, as well.

	Regarding claims 4 and 9, the combination of Weigert and Sahoo teaches the limitations of claims 3 and 8. The Examiner notes claims 1 and 6 comprise, one or more pre-defined rules. Claims 4 and 9 simply provide examples of predefined rules. 
	Weigert further discloses:
	wherein the one or more pre-defined rules comprise: 
	rejecting an OSS component if associated with the strong copy left license; 
	approving an OSS component for inclusion in the second OSS database (DB2) if associated with the weak copy left license and the usage type is one of the library not compiled with the product or the file not compiled with the product; 
	rejecting an OSS component if associated with the weak copy left license and the usage type is one of the library compiled with the product or the file compiled with the product; 
	rejecting an OSS component if associated with the weak copy left license and the usage type is the snippet; and 
	approving an OSS component for inclusion in the second OSS database (DB2) if associated with the permissive license and the usage is one of the library, the snippet or the file.  
	[the system may create a compliance report after software has been subject to due diligence review, including license review and/or export review. The compliance report may be attached to appropriate entries in the package database, and may indicate a level of risk that a particular software package or portion thereof may raise. Compliance officers or other authorized reviewers may then analyze the reports to determine how to handle distribution of the software, define one or more rules to govern remediation of any compliance issues, construct workflows to manage the remediation, or otherwise finalize the due diligence review process (0065); the reports constructed in operation 220 may include a risk level that provides a metric for any software due diligence issues that may have been identified in operation 215. If the risk level for a reviewed package does not exceed a predetermined product-specific threshold, the package may receive a status of "production" in an operation 240, thereby allowing the package to be distributed. If the risk level exceeds the threshold, however, distribution of the package may be blocked (0114)] The Examiner interprets packages receiving a status of “production” or 
	Weigert describes defining one or more rules to apply based on a compliance report after software has been subject to due diligence review, including license review and/or export review indicating a level of risk that a particular software package or portion thereof may raise, and provides examples of risk levels that provide a metric for any software due diligence issues that may have been identified and examples of  packages receiving a status of “production” or being blocked based on rules associated with risk thresholds. Weigert describes rules based on risk levels and metrics.
	Additionally, Weigert notes exemplary rules and license distances reflect relative importance and reliability of various factors relating to license declarations and component relationships, the reliability of these and other factors may be considered somewhat subjective and amenable to modification...compliance officers or other authorized reviewers may add new rules, modify or remove existing rules, or otherwise tailor the methodology for determining license distance based on learned experience or other factors (0111).
	The Examiner asserts it would be obvious to one of ordinary skill in the art to generate one or more predefined rules as related to accepting or rejecting an OSS component based on an analysis of OSS component issues.

	Regarding claims 5 and 10, the combination of Weigert and Sahoo teaches the limitations of claims 4 and 9. The Examiner notes claim 1 and claim 6 comprise generating a comprehensive report (R5) based on the OSS compliance analyses. The  
	Weigert further discloses:
	wherein generating the comprehensive report (R5) comprises: 
	combining the first report (R1), the second report (R2), the third report (R3) and the fourth report (R4); and 
	computing the final attribute wherein the final attribute is "Y" or "N" for each of the one or more OSS components in the product based on the one or more pre-defined rules corresponding to approving or rejecting of the OSS component respectively and wherein a AMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 6"Y" for all of the one or more OSS components in the product is indicative of compliance with the attributes of each of the one or more OSS components comprised therein.  
	[Additional Attributes: Provides extensibility where additional attributes may be defined to describe the license… The additional attributes may be defined as Boolean variables to provide a simple binary setting (e.g., Y/N, 1/0, etc.), and in one implementation, the setting for the attributes may optionally be permitted to remain undefined. In one implementation, additional attributes may be phrased as questions that can be answered from the license text (0035, 0055; see also 0015, 0023, 0059, 0060, 0066, 0113)]
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LANCE WILLIAM WHITE whose telephone number is (469)295-9109. The examiner can normally be reached Monday-Friday 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sarah Monfeldt can be reached on 571-270-1833. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, 





/L.W.W./Examiner, Art Unit 3689                                                                                                                                                                                                        
/RICHARD W. CRANDALL/Examiner, Art Unit 3689