DETAILED ACTION
This is the initial Office action based on the application filed on February 17, 2021.
Claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification
The title of the invention is not descriptive. A new title is required that is clearly indicative of the invention to which the claims are directed.
The following title is suggested: CODE MONITORING AND RESTRICTING OF EGRESS CODE OPERATIONS

Claim Objections
Claims 2-12 and 14 are objected to because of the following informalities:
Claims 2-5 and 7 contain a typographical error: a colon (:) should be added after “comprising.”
Claims 2-7 recite “comprising.” It should read -- further comprising --.
Claims 8-12 and 14 contain a typographical error: a colon (:) should be added after “configured to.”
Claims 9-12 recite “wherein the processor is configured to.” It should read -- wherein the processor is further configured to --.
Claim 12 contains a typographical error: Claim 12 should depend on Claim 8, not Claim 10. See corresponding Claims 5 and 19. In the interest of compact prosecution, the Examiner subsequently interprets Claim 12 as depending on Claim 8 for the purpose of further examination.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 8, 9, 15, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over US 10,768,929 (hereinafter “Turner”) in view of US 10,354,093 (hereinafter “Farber”) and US 2007/0130149 (hereinafter “Kelso”).

As per Claim 1, Turner discloses:
A method comprising:
identifying an attempted action taken to code (col. 1 lines 39-41, “SCM systems with distributed version control typically enable programmers to create, revise, and store computer program source code in the form of text files (emphasis added).”; col. 12 lines 37-41, “The method 1100 begins at step 1102 where the pull request module 412 receives information about a suggested change [identifying an attempted action taken to code]. For instance, the pull request module 412 may receive a comment identifier and a commit message associated with the suggested change.”);
determining whether to block the attempted action based on a code permission assigned to the code (col. 12 lines 49-55, “At step 1104, the pull request module 412 determines whether the accepting user has permission to apply the suggested changes [determining whether to block the attempted action based on a code permission assigned to the code]. In certain embodiments, the pull request module 412 may retrieve the permissions associated with the source repository and compare the user identifier of the accepting user with the user identifiers of all the users that have write permission to the source branch.”); and
responsive to determining whether to block the attempted action, blocking one or more of access to the code and access to a file containing the code (col. 1 lines 39-41, “SCM systems with distributed version control typically enable programmers to create, revise, and store computer program source code in the form of text files [a file containing the code].”; col. 12 lines 55-60, “If at step 1104, it is determined that the accepting user does not have write permissions to the source branch, the pull request module 412 may generate an error message, e.g., indicating that the accepting user does not have sufficient permissions to apply the suggested code change, and the method 1100 may end [responsive to determining whether to block the attempted action, blocking one or more of access to the code and access to a file containing the code].”).
Turner does not explicitly disclose:
one or more of user profile access rights assigned to a user profile.
However, Farber discloses:
one or more of user profile access rights assigned to a user profile (col. 2 lines 37-40, “Different users or accounts associated with such users commonly have differing permission or access rights to digital content items associated with the different software applications.”; col. 5 lines 60-65, “An account profile includes application access permissions and content access permissions specific to the account [one or more of user profile access rights assigned to a user profile]. An account profile may be created upon registration by an account with the federated platform and/or upon registration by the account with the software applications.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Farber into the teaching of Turner to include “one or more of user profile access rights assigned to a user profile.” The modification would be obvious because one of ordinary skill in the art would be motivated to determine what permissions apply to access facilities of a software application (Farber, col. 1 lines 26-28).
The combination of Turner and Farber does not explicitly disclose:
blocking a port used to connect to a server hosting the code.
However, Kelso discloses:
blocking a port used to connect to a server hosting code (paragraph [0025], “… the firewall security layer of either the server or the client (or both) may be blocking the standard Windows share ports 137 to 139 [blocking a port used to connect to a server]. When the client tries to connect to the server, it would get no response if the firewall is blocking the ports;”: paragraph [0036], “In a client/server environment, such software programming code may be stored with storage associated with a server [a server hosting code].”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Kelso into the combined teachings of Turner and Farber to include “blocking a port used to connect to a server hosting the code.” The modification would be obvious because one of ordinary skill in the art would be motivated to prevent unauthorized access of a server by a client.

As per Claim 2, the rejection of Claim 1 is incorporated; and Turner further discloses:
identifying the code being accessed by identifying the file containing the code being accessed (col. 1 lines 39-44, “SCM systems with distributed version control typically enable programmers to create, revise, and store computer program source code in the form of text files. The SCM system typically saves a revision to source code by overwriting an existing version of a source code file with a new version of the file.”).

Claims 8 and 9 are apparatus claims corresponding to the method claims hereinabove (Claims 1 and 2, respectively). Therefore, Claims 8 and 9 are rejected for the same reasons set forth in the rejections of Claims 1 and 2, respectively.

Claims 15 and 16 are non-transitory computer readable storage medium claims corresponding to the method claims hereinabove (Claims 1 and 2, respectively). Therefore, Claims 15 and 16 are rejected for the same reasons set forth in the rejections of Claims 1 and 2, respectively.

Claims 3, 4, 10, 11, 17, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Turner in view of Farber and Kelso as applied to Claims 1, 8, and 15 above, and further in view of US 2015/0046463 (hereinafter “Mohan”).

As per Claim 3, the rejection of Claim 1 is incorporated; and Turner discloses “during an attempted action to block access to code,” but the combination of Turner, Farber, and Kelso does not explicitly disclose:
identifying a metadata tag stored in the file and applying a metadata tag rule to the file during the attempted action to block access to the code.
However, Mohan discloses:
identifying a metadata tag stored in a file and applying a metadata tag rule to the file (paragraph [0023], “… the metadata values may further include user and/or application specified tags using a tagging interface 170. Whenever files are created and/or modified an application may supply one or more tags and/or metadata values and/or a user may be prompted for metadata values in designated categories that may be associated with the file using metadata store 160.”; paragraph [0026], “As shown in FIG. 2, the method 200 includes a process 210 for receiving a file for storage, a process 220 for assigning metadata tags to the file, a process 230 for storing the file in a hierarchical file system …”; paragraph [0046], “… the automatic processing of content changes by content manager 350 and the content analyzers 351-359 may reduce and/or eliminate manual intervention during the metadata tagging process as the content analyzers 351-359 may more completely include rules for the metadata tagging.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Mohan into the combined teachings of Turner, Farber, and Kelso to include “identifying a metadata tag stored in the file and applying a metadata tag rule to the file during the attempted action to block access to the code.” The modification would be obvious because one of ordinary skill in the art would be motivated to help identify and locate files (Mohan, paragraph [0023]).

As per Claim 4, the rejection of Claim 3 is incorporated; and Turner discloses “responsive to an attempted action taken to code,” but the combination of Turner, Farber, and Kelso does not explicitly disclose:
determining whether the metadata tag is stored in the code responsive to the attempted action taken to the code.
However, Mohan discloses:
determining whether a metadata tag is stored in code (paragraph [0023], “… the metadata values may further include user and/or application specified tags using a tagging interface 170. Whenever files are created and/or modified an application may supply one or more tags and/or metadata values and/or a user may be prompted for metadata values in designated categories that may be associated with the file using metadata store 160.”; paragraph [0026], “As shown in FIG. 2, the method 200 includes a process 210 for receiving a file for storage, a process 220 for assigning metadata tags to the file, a process 230 for storing the file in a hierarchical file system …”; paragraph [0046], “… the automatic processing of content changes by content manager 350 and the content analyzers 351-359 may reduce and/or eliminate manual intervention during the metadata tagging process as the content analyzers 351-359 may more completely include rules for the metadata tagging.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Mohan into the combined teachings of Turner, Farber, and Kelso to include “determining whether the metadata tag is stored in the code responsive to the attempted action taken to the code.” The modification would be obvious because one of ordinary skill in the art would be motivated to help identify and locate files (Mohan, paragraph [0023]).

Claims 10 and 11 are apparatus claims corresponding to the method claims hereinabove (Claims 3 and 4, respectively). Therefore, Claims 10 and 11 are rejected for the same reasons set forth in the rejections of Claims 3 and 4, respectively.

Claims 17 and 18 are non-transitory computer readable storage medium claims corresponding to the method claims hereinabove (Claims 3 and 4, respectively). Therefore, Claims 17 and 18 are rejected for the same reasons set forth in the rejections of Claims 3 and 4, respectively.

Claims 5, 6, 12, 13, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Turner in view of Farber and Kelso as applied to Claims 1, 8, and 15 above, and further in view of US 2020/0104248 (hereinafter “Yim”).

As per Claim 5, the rejection of Claim 1 is incorporated; and Turner further discloses:
monitoring code actions applied to the code by a user device during a code access session (col. 7 lines 37-47, “The method commences at step 502, where a request to generate a pull request is received. Typically, a developer (e.g., Alice) may be working on a piece of source code on her own computing device (e.g., user computer 420). To do this, Alice may create a fork (e.g., clone repository 422) of the main (master) repository 404 that has the main source code 405. She can then implement changes to her version of the source code 425, e.g., in branch 424 (also referred to as Alice's branch). These changes may include fixing bugs, adding a feature, deleting a redundant piece of source code, refactoring the source code, etc.”); and
identifying an egress code action attempted to the code (col. 10 lines 43-46, “… lines of code that are added by Alice may be highlighted in green and lines of the code that have been deleted from the tip of the master branch (either by Alice or by other developers) may be highlighted in red.”).
Turner discloses “responsive to an egress code action,” but the combination of Turner, Farber, and Kelso does not explicitly disclose:
applying a hash key to one or more code segments to create a hash value responsive to the egress code action.
However, Yim discloses:
applying a hash key to one or more code segments to create a hash value (paragraph [0018], “… the user 102, and corresponding user device 103, updated a portion of the system software code 106 that is stored in the system software code server 104.”; paragraph [0026], “The system software code server 104 may apply a similar hash function to the system software code update 106.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Yim into the combined teachings of Turner, Farber, and Kelso to include “applying a hash key to one or more code segments to create a hash value responsive to the egress code action.” The modification would be obvious because one of ordinary skill in the art would be motivated to utilize a hash function to encode data for validation.

As per Claim 6, the rejection of Claim 5 is incorporated; and Turner discloses “responsive to an egress code action,” but the combination of Turner, Farber, and Kelso does not explicitly disclose:
wherein applying the hash key to the one or more code segments to create the hash value responsive to the egress code action comprises applying the hash key to only a portion of the one or more code segments.
However, Yim discloses:
applying a hash key to only a portion of one or more code segments (paragraph [0018], “… the user 102, and corresponding user device 103, updated a portion of the system software code 106 that is stored in the system software code server 104.”; paragraph [0026], “The system software code server 104 may apply a similar hash function to the system software code update 106.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Yim into the combined teachings of Turner, Farber, and Kelso to include “wherein applying the hash key to the one or more code segments to create the hash value responsive to the egress code action comprises applying the hash key to only a portion of the one or more code segments.” The modification would be obvious because one of ordinary skill in the art would be motivated to utilize a hash function to encode data for validation.

Claims 12 and 13 are apparatus claims corresponding to the method claims hereinabove (Claims 5 and 6, respectively). Therefore, Claims 12 and 13 are rejected for the same reasons set forth in the rejections of Claims 5 and 6, respectively.

Claims 19 and 20 are non-transitory computer readable storage medium claims corresponding to the method claims hereinabove (Claims 5 and 6, respectively). Therefore, Claims 19 and 20 are rejected for the same reasons set forth in the rejections of Claims 5 and 6, respectively.

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Turner in view of Farber and Kelso as applied to Claims 1 and 8 above, and further in view of US 2019/0220542 (hereinafter “Estruch Tena”).

As per Claim 7, the rejection of Claim 1 is incorporated; and the combination of Turner, Farber, and Kelso does not explicitly disclose:
permitting code egress from a server associated with the code for a period of time; and
when the period of time has lapsed, blocking subsequent code egress actions received.
However, Estruch Tena discloses:
permitting code egress from a server associated with code for a period of time (paragraph [0042], “… the electronic device can connect to and receive applications, such as applications 162, from an external device such as a server that contains a repository of applications.”; paragraph [0079], “The attribute of the electronic device can be a timer or a scheduled event. The timer can grant applications within a cluster permission to access certain features for a period of time. Conversely, the timer can deny applications within a cluster access to certain features for a period of time. For instance, the cluster engine 240 can deny a permission of a certain feature to the applications within a particular cluster during certain hours of certain days.” and “… the user can schedule a timer that when activated denies or grants permissions to the applications within a cluster. The scheduled timer can be displayed to the user in a settings view that allows a user to manually select certain features to schedule.”); and
when the period of time has lapsed, blocking subsequent code egress actions received (paragraph [0042], “… the electronic device can connect to and receive applications, such as applications 162, from an external device such as a server that contains a repository of applications.”; paragraph [0079], “The attribute of the electronic device can be a timer or a scheduled event. The timer can grant applications within a cluster permission to access certain features for a period of time. Conversely, the timer can deny applications within a cluster access to certain features for a period of time. For instance, the cluster engine 240 can deny a permission of a certain feature to the applications within a particular cluster during certain hours of certain days.” and “… the user can schedule a timer that when activated denies or grants permissions to the applications within a cluster. The scheduled timer can be displayed to the user in a settings view that allows a user to manually select certain features to schedule.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Estruch Tena into the combined teachings of Turner, Farber, and Kelso to include “permitting code egress from a server associated with the code for a period of time; and when the period of time has lapsed, blocking subsequent code egress actions received.” The modification would be obvious because one of ordinary skill in the art would be motivated to grant permission to access certain code actions for a period of time (Estruch Tena, paragraph [0079]).

Claim 14 is an apparatus claim corresponding to the method claim hereinabove (Claim 7). Therefore, Claim 14 is rejected for the same reason set forth in the rejection of Claim 7.

Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure.
US 2005/0097364 (hereinafter “Edeki”) discloses securing computers against unauthorized use and access.
US 2005/0273600 (hereinafter “Seeman”) discloses protecting digital documents from unauthorized dissemination, while enabling a practically unlimited range of usage options.
US 2007/0169071 (hereinafter “Martin”) discloses granting access permissions in an object-oriented computer program.
US 2009/0328188 (hereinafter “Raymer”) discloses preventing unauthorized access to electronically available information assets.
US 2012/0278902 (hereinafter “Martin”) discloses incremental deployment of computer software program logic on client devices in a network.
US 2016/0352748 (hereinafter “Hwang”) discloses blocking unauthorized data access.
US 2017/0103192 (hereinafter “Hussey”) discloses secure code delivery.
US 2017/0366551 (hereinafter “Brandwine”) discloses enabling security decisions to be made using authorization functions which can be provided by customers, providers, third parties, or other such entities.
US 2018/0139210 (hereinafter “Gideon”) discloses providing access control and/or identification of user devices.
US 2019/0073455 (hereinafter “Chen”) discloses allowing an independent software vendor (ISV) access to proprietary software code for software of an organization has been developed.
US 2019/0327271 (hereinafter “Saxena”) discloses the automation, verification, and management of access control mechanisms for computer infrastructure including distributed computing infrastructure.
US 2020/0104519 (hereinafter “Farber”) discloses managing content authorization for software applications in a federated platform system.
US 2021/0097024 (hereinafter “Miller”) discloses modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests.
US 6,609,115 (hereinafter “Mehring”) discloses limiting user access to an online centralized service facility containing system documentation for certain equipment, such as medical diagnostic equipment.
US 6,957,366 (hereinafter “McDonald”) discloses updating a software acceptance testing database via a communications network.
US 7,076,496 (hereinafter “Ruizandrade”) discloses monitoring software products as they flow through the various stages of software development and efficiently implementing a tracking system for managing updates and changes.
US 9,449,181 (hereinafter “Umapathy”) discloses control and enforcement of access of user data.

Any inquiry concerning this communication or earlier communications from the Examiner should be directed to Qing Chen whose telephone number is 571-270-1071. The Examiner can normally be reached on Monday through Friday from 9:00 AM to 5:00 PM EST.
If attempts to reach the Examiner by telephone are unsuccessful, the Examiner’s supervisor, Wei Zhen, can be reached at 571-272-3708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Any inquiry of a general nature or relating to the status of this application or proceeding should be directed to the TC 2100 Group receptionist whose telephone number is 571-272-2100.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/Qing Chen/
Primary Examiner, Art Unit 2191