Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 10 recites the limitation "the interruption point".  There is insufficient antecedent basis for this limitation in the claim.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more. The claims recite, “conducting, at regular intervals, a taint analysis..”, “marking the raw data, at regular intervals as tainted” and “periodically discarding, further monitoring, or taking other action selectively on the tainted data”.  These limitations of taint analysis, marking and periodically discarding, further monitoring or taking other action covers the performance of the limitation in the mind.  If a claim, under its broadest reasonable interpretation, covers the performance of the limitation in the mind but the recitation of generic computer components, then it falls within the “Mental Process” grouping of abstract ideas.  Nothing in the claimed elements preclude these steps from practically being performed in the mind.  Therefore claim 1 recites an abstract idea.  
	None of the additional elements integrate the judicial exception into a practical application.  The steps of “executing…a collection routine to gather”, “receiving results of the collection routine..” and “receiving user input to designate at last one variable to be monitored…” are nothing more than insignificant pre-solution activities and are mere data gathering (See MPEP 2106.05 (g)).  The limitations “executing commands to generate a graphic user interface” and “displaying the GUI” a nothing more than a insignificant pre-solution activity, they are well-understood, routine, conventional activities and do not amount to significantly more (2106.05(d)).  Lastly the steps of “visually representing results of taint analysis” and “inputting the marked data to be used in a process utilizing the marked data” are nothing more than insignificant post solution activity.  Accordingly the additional elements do no integrate the abstract idea into a practical application because they do not impose any meaningful milts on practicing the abstract idea.
 The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception for the reasons discussed above with respect to a practical application.  Therefore the claims are not patent eligible.

Claim 2, claims “wherein periodically discarding, further monitoring, or taking other action selectively on the tainted data comprises monitoring the tainted data at regular intervals in a passive manner, wherein the tainted data is logged for viewing later or is discarded.”.  If a claim, under its broadest reasonable interpretation, covers the performance of the limitation in the mind but the recitation of generic computer components, then it falls within the “Mental Process” grouping of abstract ideas.  Nothing in the claimed elements preclude these steps from practically being performed in the mind.  

Claim 3, claims “wherein the periodically discarding, further monitoring, or taking other action selectively on the tainted data comprises monitoring the tainted data at regular intervals in an active manner, wherein the process is interrupted each time tainted data is accessed”.  The examiner states that interrupting/halting due to a specific event such as “data is accessed” is a well-understood, routine, convention activity.  Accordingly the additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.

Claims 4, claims “displaying a user prompt on the GUI, presenting an option to monitor the process at the interruption point, or to ignore and continue the process.”.  This is nothing more that insignificant post solution activity.

Claim 5, claims “displaying values of variables used in the process, at the interruption point on the GUI.”.  This is nothing more than a  well-known generic feature of outputting or displaying (MPEP 2106.05(d)). Accordingly the additional element does not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. 
This is nothing more that insignificant post solution activity.  The displaying does not improve the functionality of a computer to any other technology or technical field (MPEP 2106.05(a)).

Claim 6, “feeding the raw data into a network machine learning classifier….. when the second not has a greater value that the fist node, the raw data is collectively is considered tainted, and when the first node has a greater value than the second node, the raw data collectively is considered not tainted.”,  If a claim, under its broadest reasonable interpretation, covers the performance of the limitation in the mind but the recitation of generic computer components, then it falls within the “Mental Process” grouping of abstract ideas.  Nothing in the claimed elements preclude these steps from practically being performed in the mind.  
As per claims 7 -12, claims 7-12 contain similar limitations to claims 1-2 and 4-6, therefore claims 7-12 are rejected for the same reasons as claims 1-2 and 4-6.
As per claims 13-18, claims 13-18 contain similar limitations to claims 1-6.  Therefore claims 13-18 are rejected for the same reasons as claims 1-6.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-2, 7-9 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Jung et al. (US 2011/0145918 A1) and further in view of Allen (US 9,507,943 B1) and Bates et al. (US 6,892,325 B2).
As per claim 1, Jung et al. teaches the invention as claimed including, “A computer implemented method, comprising:
executing, by at least one processor, a collection routine to gather raw data from a user;
receiving results of the collection routine in a form of the raw data from the user, which may be stored in a central data repository, by the at least one processor;
 “executing commands to generate a graphic user interface (GUI), by the at least one processor;
displaying the GUI, by the at least one processor;
receiving user input from the GUI to designate at least one variable to be monitored for taint analysis;
conducting, at regular intervals, a taint analysis to check the raw data against pre- defined rules to determine a taint status of tainted or not tainted of the raw data by the at least one processor;
visually representing results of the taint analysis on the GUI;
marking the raw data, at the regular intervals, as tainted or not tainted depending on the taint status by the at least one processor;”
Jung et al. teaches marking data as tainted when the data input to the target application is indicated as sensitive (0013).  Sensitive data may be designated as sensitive automatically based on the they type or category of the data (0014).  Also see 0016.  The sensitive data tracker monitors user input data and marks tainted data (0024). The sensitive data tracker monitors the user data on the input channels for a sensitive data indicator and marks the user data associated with the sensitive data as tainted data.  The sensitive data indicator may be may be provided automatically based on type or category of the data, allowing automatic tagging of sensitive data (0026). Sensitive data tracker monitors various input channels on which sensitive data may be introduced.  The receipt of sensitive data to be marked as tainted may act as a trigger condition for instrumentation and taint propagation (0033).  Also see figure 1.  Tainted data (122) is stored in memory.
However Jung et al. does not explicitly appear to teach, “executing commands to generate a graphic user interface (GUI), by the at least one processor;
displaying the GUI, by the at least one processor;
receiving user input from the GUI to designate at least one variable to be monitored for taint analysis;” and
 “visually representing results of the taint analysis on the GUI;”
Allen et al. teaches a browser environment. A script runtime is configured to track execution of scripts during execution of the script, variable output and/or to track other aspects of execution and/or display the data within the browser environment (column 5, lines 64 – column 6, lines 1-3).  Output from the analysis tool during the dynamic analysis can include variables.  The variables can include variable value, identifiers for the variable, a taint annotation or taint status and/or other information.  The variable values included in the variables can correspond to a value of the variables at a particular and/or at multiple times during execution of the data (column 7, lines 1-19).  Also see 0016 lines 19-33.
It would have been obvious to one ordinary skill in the art before the effective filing date to modify Jung et al. with Allen et al. because both teach dynamic taint analysis.  Jung et al. does not explicitly appear to teach the displaying of the tainted variables.  However, this is taught by Allen et al. and would have been obvious to try. 
However Jung et al. and Allen et al. do not explicitly appear to teach, “receiving user input from the GUI to designate at least one variable to be monitored for taint analysis;””
Bates et al. teaches, only the variable values that have been deemed to be important by the programmer at a particular point in the program are monitored.  All variables within a program  are displayed and a user is allowed to select any variable that the user would like to associate with a stopping point (column 3, lines 63 – column 4, lines 1-25).  When the debugger stops at each stopping point, only the values of the associated variables contained in the variable column are updated and displayed in the monitor window of the debugger (column 4, lines 55-61).
It would have been obvious to one of ordinary skill in the art before the effective filing date to modify Jung et al. and Allen et al. with Bates et al. because they all teach debugging that traces variables.  Both Jung et al. and Allen et al. both teach the monitoring of the propagation of tainted input variables though a program and Allen et al. teaches the displaying to the variables and taint status. Bates et all teaches one can select what variables to monitor for display.  This will allow one to now select what tainted inputs to monitor and display and would have been obvious to try. 
“inputting the marked data to be used in a process utilizing the marked data, by the at least one processor; and
periodically discarding, further monitoring, or taking other action selectively on the tainted data by the at least one processor.”
Jung et al. teaches that data is input to the system and that the system tracks the propagation of the tainted data as the data is read from and written to memory by the target application to detect if the tainted data it output from the application (0013).  Also see 0021.  Jung et al. further teaches instrumentation routines and analysis routines.  Analysis routines define what to do when an instrumentation is activated (0023).  Also see 0024, 0026, 0029, 0032 and figure 2.

As per claim 2, Jung et al. and Allen further teach, “The method of claim 1, wherein the periodically discarding, further monitoring, or taking other action selectively on the tainted data comprises monitoring the tainted data at regular intervals in a passive manner, wherein the tainted data is logged for viewing later or is discarded.
Jung et al. teaches the sensitive data tracker tracks the propagation of the tainted data as the tainted data is read from and written to memory locations (0029).  A taint map that allows tracking of the propagation of tainted data (0030).  Also see figures 5 and 6.  The examiner states that “for viewing later or is discarded” are nothing more that intended use and do not hold any patentable weight. 
Allen et al. teaches a browser environment. A script runtime is configured to track execution of scripts during execution of the script, variable output and/or to track other aspects of execution and/or display the data within the browser environment (column 5, lines 64 – column 6, lines 1-3).  Output from the analysis tool during the dynamic analysis can include variables.  The variables can include variable value, identifiers for the variable, a taint annotation or taint status and/or other information.  The variable values include in the variables the can correspond to a value of the variables at a particular and/or at multiple times during execution of the data (column 7, lines 1-19).  Also see 0016 lines 19-33.
As per claims 7-9, claims 7-9 contain similar limitations to claim 1-2.  Therefore claims 7-9 are rejected for the same reasons as claims 1-2. 
As per claims 13-14, claims 13-14 contain similar limitations to claim 1-2.  Therefore claims 13-14 are rejected for the same reasons as claims 1-2.
Claims 3 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Jung et al. (US 2011/0145918 A1), Allen (US 9,507,943 B1) and Bates et al. (US 6,892,325 B2) as applied to claims 1, 7 and 13 above, and further in view of VanderLeest (US 2019/00734473).
As per claim 3, Jung et al. further teaches, “The method of claim 1, wherein the periodically discarding, further monitoring, or taking other action selectively on the tainted data comprises monitoring the tainted data at regular intervals in an active manner, wherein the process is interrupted each time tainted data is accessed.
Jung et al. teaches tracing the propagation of the tainted data as the data is read form and written to memory (0013).  Tracking is done by binary instrumentation of the software application (0022-0033).  Also see 0029 and 0032.
However Jung et al. does not explicitly appear to teach “wherein the process is interrupted each time tainted data is accessed”.
VanderLeest et al. teaches sensitive data monitoring for any attempt to access (read or write) to the storage location of the sensitive data (or target data).  Any attempt to access the target data may trigger a validation mechanism (0013).  The is done using breakpoints (watchpoints).  The processor is configured to assign a data breakpoint to each memory location of the target data.  When access to the target data is attempted, the processor generates a data breakpoint interrupt and invokes the validation mechanism (0015).  Also see 0017.  The interrupt is triggered when access to target data is attempted (0047).   The steps of invoking the validation analysis mechanism includes the steps of (a) triggering a data breakpoint interrupt upon attempted access to the target data, (b) pausing executing of the current instruction, (c) invoking an interrupt hander in response to the data breakpoint interrupt, (d) running validation analysis routines to determine whether to permit or prohibit access, and (e) if the access is permitted allowing the paused instruction to continue execution and complete its access (0054).
It would have been obvious to one of ordinary skill in the art before the effective filing date to modify Jung et al. with VanderLeeset et al.  because both teach the monitoring of reads and writes to memory of tainted data for taint analysis.  Jung et al. teaches this is done by instrumentation, while VanderLeeset teaches using break points that are instrumented into the program execution.  The use of breakpoints to halt a program for analysis is well known to one of ordinary skill in the art.  This will allow Jung et al. to pause the execution and inspect the tainted data when accessed and would have been obvious to try.
As per claim 15, claim 15 contains a similar limitation to claim 3.  Therefore claim 15 is rejected for the same reasons as claim 3.
Claims 4-5 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Jung et al. (US 2011/0145918 A1), Allen (US 9,507,943 B1), Bates et al. (US 6,892,325 B2) and VanderLeest (US 2019/00734473) as applied to claims 3 and 15 above, and further in view of Chen et al. (US 2007/0079292 A1).
As per claims 4, Jung et al. and VanderLeeset et al.  do not explicitly appear to teach, “The method of claim 3, further comprising displaying a user prompt on the GUI, presenting an option to monitor the process at the interruption point, or to ignore and continue the process.”
Chen et al. teaches, when a debugger is paused at a breakpoint, the user may check the debuggee’s internal state such as memory values.  The user may set additional breakpoints, continue the execution for the debugee, and check the debuggee’s internal state in attempt to determine the cuase of the one or more bugs (0002).
It would have been obvious to one of ordinary skill in the art before the effective filing date to modify Jung et al. and VanderLeeset et al. with Chen et al. because both Jung et al. and VanderLeeset et al. teach the monitoring of reads and writes to memory of tainted data for taint analysis.  Jung et al. teaches this is done by instrumentation, while VanderLeeset teaches using break points that are instrumented into the program execution.  The use of breakpoints to halt a program for analysis is well known to one of ordinary skill in the art.  Chen et al. teaches a debugger may set a watchpoint (breakpoint) corresponding to a memory address (0022 and 0041).  Therefore all three teach monitoring a memory location.  Chen et al. further teaches that a user may set additional break points (monitor process at interruption point), continue the execution for the debugee (ignore and continue the process), and check the debuggee’s internal state (monitor the process at the interruption point).  This would allow Jung et al. to further examiner the tainted data when a read or write at the memory location is found or skip further examination and continue the execution and would have been obvious to try.
As per claim 5, Chen et al. and Bates et al. further teaches, “The method of claim 4, wherein when the monitor option is chosen:
displaying values of variables used in the process, at the interruption point, on the GUI.”
Chen et al. teaches, when a debugger is paused at a breakpoint, the user may check the debuggee’s internal state such as memory values.  The user may set additional breakpoints, continue the execution for the debugee, and check the debuggee’s internal state in attempt to determine the cuase of the one or more bugs (0002).
Bates et al. teaches when the debugger stops at each stopping point, values of associated variables contained in the variable column are updated and displayed in the monitor window of the debugger (column 4, lines 55-59).
As per claims 16-17, claims 16-17 contain similar limitations to claim 4-5.  Therefore claims 16-17 are rejected for the same reasons as claims 4-5.
Claims 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Jung et al. (US 2011/0145918 A1), Allen (US 9,507,943 B1), Bates et al. (US 6,892,325 B2) as applied to claim 9 above, and further in view of and VanderLeest (US 2019/00734473) and Chen et al. (US 2007/0079292 A1).

As per claim 10, Jung et al. does not explicitly appear to teach, “The system of claim 9, wherein the at least on processor is further configured to: 
display a user prompt on the GUI, presenting an option to monitor the process at the interruption point, or to ignore and continue the process.”
Jung et al. teaches tracing the propagation of the tainted data as the data is read form and written to memory (0013).  Tracking is done by binary instrumentation of the software application (0022-0033).  Also see 0029 and 0032.
However Jung et al. does not explicitly appear to teach “interruption point”.
VanderLeest et al. teaches sensitive data monitoring for any attempt to access (read or write) to the storage location of the sensitive data (or target data).  Any attempt to access the target data may trigger a validation mechanism (0013).  The is done using breakpoints (watchpoints).  The processor is configured to assign a data breakpoint to each memory location of the target data.  When access to the target data is attempted, the processor generates a data breakpoint interrupt and invokes the validation mechanism (0015).  Also see 0017.  The interrupt is triggered when access to target data is attempted (0047).   The steps of invoking the validation analysis mechanism includes the steps of (a) triggering a data breakpoint interrupt upon attempted access to the target data, (b) pausing executing of the current instruction, (c) invoking an interrupt hander in response to the data breakpoint interrupt, (d) running validation analysis routines to determine whether to permit or prohibit access, and (e) if the access is permitted allowing the paused instruction to continue execution and complete its access (0054).
It would have been obvious to one of ordinary skill in the art before the effective filing date to modify Jung et al. with VanderLeeset et al.  because both teach the monitoring of reads and writes to memory of tainted data for taint analysis.  Jung et al. teaches this is done by instrumentation, while VanderLeeset teaches using break points that are instrumented into the program execution.  The use of breakpoints to halt a program for analysis is well known to one of ordinary skill in the art.  This will allow Jung et al. to pause the execution and inspect the tainted data when accessed and would have been obvious to try.
However Jung et and VanderLeeset et al. do not explicitly appear to teach, “display a user prompt on the GUI, presenting an option to monitor the process at the interruption point, or to ignore and continue the process.”
Chen et al. teaches, when a debugger is paused at a breakpoint, the user may check the debuggee’s internal state such as memory values.  The user may set additional breakpoints, continue the execution for the debugee, and check the debuggee’s internal state in attempt to determine the cuase of the one or more bugs (0002).
It would have been obvious to one of ordinary skill in the art before the effective filing date to modify Jung et al. and VanderLeeset et al. with Chen et al. because both Jung et al. and VanderLeeset et al. teach the monitoring of reads and writes to memory of tainted data for taint analysis.  Jung et al. teaches this is done by instrumentation, while VanderLeeset teaches using break points that are instrumented into the program execution.  The use of breakpoints to halt a program for analysis is well known to one of ordinary skill in the art.  Chen et al. teaches a debugger may set a watchpoint (breakpoint) corresponding to a memory address (0022 and 0041).  Therefore all three teach monitoring a memory location.  Chen et al. further teaches that a user may set additional break points (monitor process at interruption point), continue the execution for the debugee (ignore and continue the process), and check the debuggee’s internal state (monitor the process at the interruption point).  This would allow Jung et al. to further examiner the tainted data when a read or write at the memory location is found or skip further examination and continue the execution and would have been obvious to try.
As per claim 11, Chen et al. and Bates et al. further teach, “The system of claim 10, wherein when the monitor option is chosen, the at least one processor is further configured to:
display values of variables used in the process, at the interruption point, on the GUI.” 
Chen et al. teaches, when a debugger is paused at a breakpoint, the user may check the debuggee’s internal state such as memory values.  The user may set additional breakpoints, continue the execution for the debugee, and check the debuggee’s internal state in attempt to determine the cuase of the one or more bugs (0002).
Bates et al. teaches when the debugger stops at each stopping point, values of associated variables contained in the variable column are updated and displayed in the monitor window of the debugger (column 4, lines 55-59).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Chess et al. (US 2013/0086676 A1), teaches a runtime taint analysis system (0015).  Tainted Values are labeled or tagged (0017).  Also see 0027.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MARK A GOORAY whose telephone number is (571)270-7805. The examiner can normally be reached Monday - Friday 10:00am - 6:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 571-272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/MARK A GOORAY/               Examiner, Art Unit 2199    
/LEWIS A BULLOCK  JR/               Supervisory Patent Examiner, Art Unit 2199