Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
This Action is in response to the amendments and remarks filed on 28 January, 2022.
Claims 1-20 are pending. 
Claims 1, 4, 9, 12, 17 and 20 have been amended.
Response to Arguments
35 USC § 102
Regarding claim 1, Applicant argues that “…Zhu provides for identifying a series of API calls by monitoring an initialization phase…In contrast, claim 1 provides for identifying sequences of API requests to an API provider…”. Examiner does not find the argument persuasive. The examiner is obligated to give the claims their broadest reasonable interpretation consistent with applicant’s specification, and as one of ordinary skill in the art. Examiner finds that claim 1, as it stands, does not define or limit an API provider such that an API provider cannot be reasonably interpreted as the API ecosystem, as taught by Zhu figs.1-3, and [0030]. Given the breadth of the term “API provider”, examiner finds that the cited portions of Zhu provide for such an element. Based on such, examiner ultimately finds Applicant’s argument unpersuasive.
Regarding amended claim limitation of claim 1, Applicant argues that, 
“Determining whether a specific API request is performed constantly or randomly is neither equivalent nor suggestive to determining rates for sequences of API requests. Specifically, while Zhu monitors whether a specific API request is performed constantly, Zhu fails to identify multiple rates associated with sequences of API requests. Accordingly, the prior art fails to teach or suggest "identifying rates of use for the sequences of API requests based on the API request information" and "identifying one or more API path trends in the API requests based on the identified sequences and the rates of use," as recited by claim 1.”
Examiner finds the argument persuasive and the limitation is addressed in the instant office action under claim rejections. Similar arguments are provided with reference to claim 4 and accordingly addressed under claim rejection. 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-7, 9-15 and 17-18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Zhu et al (US 2015/0128156).

Regarding claim 1, Zhu teaches a method comprising: 
obtaining application programming interface (API) request information associated with API requests to an API provider, wherein the API request information comprises API function identifiers associated with the API requests (figs.1-3, [0030] provides “The API monitor 134 may be any component that monitors API usage in the API ecosystem 106 and collects API call data 146. The API call data 146 may, inter alia, identify programmatic procedures, parameters passed to programmatic procedures, and an order in which the programmatic procedures were called.”…wherein call data is interpreted as function identifiers); 
identifying sequences of API requests based on the API request information ([0030] provides “In some examples, the API call data 146 may identify a series of programmatic procedures in the API that were invoked at an interface over time. For example, the API call data 146 may identify API Name 1, API Name 2, and API Name 3 indicating that API Name 1 was invoked at the interface first, then API Name 2 was invoked at the interface, and finally API Name 3 was invoked at the interface.”…wherein series provides for sequence); 
identifying rates of use for the sequences of API requests based on the API request information ([0043] provides “The API usage information transmitted to the API monitor 134 may be transmitted at a selected frequency. The frequency may be selected so that gathering the API usage information is light-weight and does not impart significant overhead on the performance of the applications 114, the API management gateway 110 or any other component of the API ecosystem 106. A determination of what metrics to collect in the API usage information and/or the API call data 146 may also be determined. The frequency at which the API usage information is collected may determine how much overhead is imposed on the API analytics system 100. If sampled at a high frequency, a substantial amount of data for analytics may be collected. However, sampling at the high frequency may cause non-negligible overhead. On the other hand, collecting data at a low frequency may lead to inaccurate analysis due to lack of data. For example, a change in the monitoring data may be missed that could be an important indicator for API performance. The sampling frequency may be determined through experiments and may be a parameter which can be adjusted”; wherein frequency is interpreted provide for rate as the gathered API usage information will reflect the rate);
identifying one or more API path trends in the API requests based on the identified sequences and the rates of use ([0031-0033] provides “The pattern recognition module 136 may be a component that identifies API usage patterns 142 in the API call data 145 monitored by the API monitor 134…The API usage patterns 142 may identify a structure of API calls that generalizes a behavior of a series of API calls that are performed as a result of users or scripts completing a use case and/or a set of functionalities…the usage identification module 140 may determine a similarity between the API call data 146 gathered during the activity identification phase and the API usage patterns 142 determined during the initialization phase.”…wherein usage pattern provides for path trends; [0043]); 
and generating a summary of the one or more API path trends ([0049] provides “The API usage patterns 142 that are frequent may be identified (230) from the API call data 146 by the pattern recognition module 136 using a Deterministic Finite Automation (DFA) graph.”…wherein a graph is interpreted as a graphical summarization of the usage patterns).

Regarding claim 2, Zhu has taught the method of claim 1, wherein the API request information further indicates an API user associated with each of the API requests ([0042] provides “Each of the API requests 120 may include a context 152, such as an API key, a session identifier, a user identifier, a transaction identifier and/or any other object that provides context for the API request or otherwise identifies the API request.”).

Regarding claim 3, Zhu has taught the method of claim 1, wherein the API request information comprises at least headers associated with the API requests ([0042] provides “Each of the API requests 120 may include a context 152, such as an API key, a session identifier, a user identifier, a transaction identifier and/or any other object that provides context for the API request or otherwise identifies the API request.”).

Regarding claim 4, Zhu has taught the method of claim 1, wherein the API requests correspond to first period, wherein identifying the rates of use for the sequences of API requests comprises identifying a first rate of use of a sequence in the identified sequences ([0043]), and wherein identifying the one or more API path trends in the API requests based on the identified sequences and the rates of use comprises: 
identifying second sequences of API requests based on API request information corresponding to a second period ([0045] provides “Each of the use cases 320 may be associated with the context 152, such as the user identifier and the transaction identifier, and a message identifier that identifies a corresponding sequence of API calls in the API call data 146.” wherein “each use case” is interpreted to provide for different periods); 
identifying a second rate of use for the sequence in the second sequences ([0043], [0047-0048]); 
and determining that a difference between the first rate of use and the second rate of use satisfies one or more criteria ([0047-0048] for comparisons and thresholds).

Regarding claim 5, Zhu has taught the method of claim 1, wherein the API requests comprise a sample set of all API requests to the API provider ([0017] provides “Each predetermined API usage pattern may identify a series of API calls performed or invoked as a result of a corresponding use case.” wherein predetermined provides for sample).

Regarding claim 6, Zhu has taught method of claim 1, wherein a first API path trend of the one or more API path trends corresponds to an API user [0042], and wherein the method further comprises: updating a first sample rate to a second sample rate for the API request information based on the first The sampling frequency may be determined through experiments and may be a parameter which can be adjusted.”).

Regarding claim 7, Zhu has taught the method of claim 1 further comprising communicating, for display, the summary to an administrator associated with the API provider ([0077], [0079], [0087]).

Regarding claim 9, this claim contains limitations found within that of claim 1, and the same rationale of rejection applies, where applicable.
Regarding claim 10, this claim contains limitations found within that of claim 2, and the same rationale of rejection applies, where applicable.
Regarding claim 11, this claim contains limitations found within that of claim 3, and the same rationale of rejection applies, where applicable.
Regarding claim 12, this claim contains limitations found within that of claim 4, and the same rationale of rejection applies, where applicable.
Regarding claim 13, this claim contains limitations found within that of claim 5, and the same rationale of rejection applies, where applicable.
Regarding claim 14, this claim contains limitations found within that of claim 6, and the same rationale of rejection applies, where applicable.
Regarding claim 15, this claim contains limitations found within that of claim 7, and the same rationale of rejection applies, where applicable.
Regarding claim 17, this claim contains limitations found within that of claims 1 and 6, and the same rationale of rejection applies, where applicable.
Regarding claim 18, this claim contains limitations found within that of claim 1, and the same rationale of rejection applies, where applicable.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 8, 16 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over by Zhu et al (US 2015/0128156), in view of Call et al (US 2016/0057107).

Regarding claim 8, Zhu has taught the method of claim 1 but Zhu does not explicitly teach further comprising blocking API requests from one or more API users based on the one or more API path trends. However, in a similar field of endeavor, Call teaches blocking API requests from one or more API users based on the one or more API path trends ([0010] provides “The API filtering system, also referred to herein as an API wall, includes creating a dashboard including information regarding performance indicators related to the endpoint application/device, such as monitoring a frequency, a velocity, a time of day, a geo-location, or an authentication indicator related to the API call requests. The API wall further provides a report for a security team of an enterprise or other system user such that the security team can change access permissions for the API, wherein the access permission changes include modifying the access to the API, limiting access to the API, or blocking access to the API based on many factors, including the performance indicators. The system further provides security teams the ability to change the access permissions for the API from unauthenticated access permissions to authenticated access permissions.”).


Regarding claim 16, this claim contains limitations found within that of claim 8, and the same rationale of rejection applies, where applicable.
Regarding claim 19, this claim contains limitations found within that of claim 8, and the same rationale of rejection applies, where applicable.

3.	Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over by Zhu et al (US 2015/0128156), in view of Tofighbakhsh et al (US 2011/0145842).

Regarding claim 20, Zhu has taught the method of claim 17, but Zhu does not explicitly teach wherein the API request information comprises at least headers associated with the API requests.
However, in a similar field of endeavor, Tofighbakhsh teaches wherein the API request information comprises at least headers associated with the API requests ([0018] provides “…the API request may also include header information to communicate the requirements of the API definitions associated with the application 104”.
One of ordinary skill in the art before the effective filing date of Applicant’s claimed invention would be motivated to use the feature of headers associated with API requests, as taught by .


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ISHRAT RASHID whose telephone number is (571)272-5372. The examiner can normally be reached 10AM-6PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tonia L Dollinger can be reached on 571-272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/I.R/Examiner, Art Unit 2459                                                                                                                                                                                                        
/MINH CHAU NGUYEN/Primary Examiner, Art Unit 2459