DETAILED ACTION
This Office Action is in response to the application 16/778,872 filed on January 31st, 2020.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-20 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claims 1, 9 and 17; claims 1, 9 and 17 are/is rejected under 35 USC 101 because the claims are/is directed to an abstract idea without being integrated into a practical application nor being significantly more.
The claims reciting the limitations “scann[ing] source code,” “inputt[ing] the list of vulnerable tokens” and “modify[ing] the list of vulnerable tokens” are directed to an abstract idea as the claims recite mental processes. Accordingly, the claims recite an abstract idea.  This judicial exception is not integrated into a practical application.  It’s noted that the claims recite additional element(s) (i.e., a machine learning model).  However, said additional element is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of scanning/inputting/modifying) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.  Therefore, the claims are not integrated into a practical application.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional element, said element taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. Modifying the list of vulnerable tokens is conventional, well know routing in view of Berkeeimer memo here. Generic computer components recited as performing generic computer functions that are well understood, routine and conventional activities amount to no more than implementing the abstract idea with a computerized system. Therefore, the claim is directed to non-statutory subject matter.
Regarding claims 2-8, 10-16 and 18-20; claims 2-8, 10-16 and 18-20 are also rejected under 35 U.S.C 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims are directed to abstract idea without being integrated into a practical application nor being significantly more.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Massicotte, U.S. Patent Number 10,862,880.
Regarding claim 1; Massicotte discloses a computer-implemented method comprising:
scanning source code to generate a list of vulnerable tokens (col. 4, line – col. 5, line 22; authentication process involving application-specific dynamically-generated tokens; the request specifies a particular portion of the client application executable that will serve as the basis for generation of an authentication token; other resource files associated with the client application can be used to generate the token such as executable code, translation string files, icons, other graphics, sound files; generation of tokens may be based on additional information factors or pseudorandom factors.);
inputting, the list of vulnerable tokens, into a machine learning model to identify false positives in the list of vulnerable tokens (col. 5, line 49 – col. 6, line 19;  ensuring that each token is not only unique but is computationally difficult to replicate; the result is that attackers and malicious actors must expend significantly more time and computing resources to successfully authenticate their legitimate application or gain access to protected resources; the token verification module performs verification of tokens received from client application); and
modifying the list of vulnerable tokens to remove the identified false positives (col. 12, lines 47-58; modify generated tokens in a way that is prohibitively difficult to reverse-engineer and reproduce, thereby discouraging one common avenue of attacks/false positive on server infrastructure.).
Regarding claim 2; Massicotte discloses the method of claim 1, wherein the scanning occurs prior to uploading of the source code to a source code repository (col./ 5, lines 42-45; the client application transmits to the server application the token containing the extracted portion of the executable code/source code.).
Regarding claim 3; Massicotte discloses the method of claim 1, wherein the scanning occurs prior to publishing of the source code on a source code repository (col. 5, lines 35-36; the requested portion of the executable code is unknown to the client application prior to receipt of the request.).
Regarding claim 4; Massicotte discloses the method of claim 1, wherein the scanned source code is published on a publically available source code repository (col. 5, lines 8-10; the authenticator is aware that the resources are available to the application or client device.).
Regarding claim 5; Massicotte discloses the method of claim 4, wherein the scanning occurs periodically subsequent to publishing of source code on the publically available source code repository (col. 3, lines 63-67; the authenticator has knowledge of what non-application resources are available to the application or client device on the basis of the operating system running on the client device.).
Regarding claim 6; Massicotte discloses the method of claim 1, wherein the machine learning model is at least one of a: logistic regression model, a neural network, a Random Forest, a support vector machine, or a text classification and representation learning model (col. 11, lines 24-52; a machine performs any one or more of the modules or methodologies or processes.).
Regarding claim 7; Massicotte discloses the method of claim 1 further comprising: rendering the modified list of vulnerable tokens into a graphical user interface as a list of entries with corresponding graphical user interface elements (col. 13, lines 56-64; at least some of the operations may be performed by a group of computers, these operations being accessible via a network and via one or more appropriate interfaces such as application program interfaces (API) or GUI.); and receiving user-generated input selecting at least one of the graphical user interfaces to modify at least one entry in the list of vulnerable tokens (col. 5, lines 23-26; the server may select the resource or a portion of the resource in one of multiple ways; the portion is selected according to a regular or repeating pattern.).
Regarding claim 8; Massicotte discloses the method of claim 1 further comprising at least one of: transmitting the modified list of vulnerable tokens to a remote computing device, providing the modified list of vulnerable tokens to a code scanner scanning the source code, loading the modified list of vulnerable tokens in memory, or storing the modified list of vulnerable tokens in physical persistence (col. 11, line 24-52; the machine may be a client computer, a personal computer (PC), a tablet PC, a set-top-box (STB), a smartphone, an Internet of Things (IoT) appliance, a network router, switch or bridge including database to store the tokens which has been modified.).
Regarding claim 9; Claim 9 is directed to a system which has similar scope as claim 1. Therefore, claim 9 remains un-patentable for the same reasons.
Regarding claims 10-16; Claims 10-16 are directed to the system of claim 9 which have similar scope as claims 2-8. Therefore, claims 10-16 remain un-patentable for the same reasons.
Regarding claim 17; Claim 17 is directed to a non-transitory computer program product which has similar scope as claim 1. Therefore, claim 17 remains un-patentable for the same reasons.
Regarding claims 18-20; Claims 18-20 are directed to the computer program product of claim 17 which have similar scope as claims 2-8. Therefore, claims 18-20 remain un-patentable for the same reasons.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087.  The examiner can normally be reached on 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/KHOI V LE/
Primary Examiner, Art Unit 2436