Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This action is in response to the correspondence filed 04/22/2020.
Claims 21-40 are presented for examination.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,637,887 in view of claim 2 of US 2019/0297092 to Shibahara et al. (hereinafter Shibahara). Each of the limitations of claims 21, 28 and 35 of the present application are taught by each of the limitations of claims 1, 7 and 14 of U.S. Patent No. 10,637,887 except for the limitation of “where the abstract syntax tree matches the list when at least one portion of a subtree of the abstract syntax tree matches the list”. However, claim 2 of Shibahara teaches where the abstract syntax tree matches the list when at least one portion of a subtree of the abstract syntax tree matches the list. It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of U.S. Patent No. 10,637,887 with the method of matching subtrees as taught by Shibahara in order to increase the speed at which matches are identified while also decreasing the number of false positive and false negative matches.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 21-23, 25, 27-31, 33, 35, 36, 38 and 40 are rejected under 35 U.S.C. 103 as being unpatentable over EP 2 521 049 A1 to Li et al (Applicant’s IDS) (hereinafter Li) in view of 9,916,448 to Zhang et al. (hereinafter Zhang).
As to claims 21, 28 and 35, Li teaches a device, comprising: one or more memories; and one or more processors to: receive a query for data stored by a database (paragraph 41, received query); generate an abstract syntax tree based on the query (paragraph 42, parsing the query to create expected query structure; FIGS. 3 and 4 show examples of abstract syntax tree structures including the generated structure and the expected structure); determine whether the abstract syntax tree matches a list, where the list identifies one or more abstract syntax trees corresponding to queries or types of queries (paragraph 46, 49 and 50, comparing the created query structure to the query structures included in the repository); and selectively perform an action based on whether the abstract syntax tree matches the list (paragraph 53, provide potential attack notification).
Li does not explicitly teach where the abstract syntax tree matches the list when at least one portion of a subtree of the abstract syntax tree matches the list.
However, Zhang teaches where the abstract syntax tree matches the list when at least one portion of a subtree of the abstract syntax tree matches the list (Col 6, lines 7-24, a tree structure matches if at least a subtree of the tree structure matches).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Li to include the method of matching a least a portion of a subtree of a tree as taught by Zhang in order to increase the speed at which matches are identified while also decreasing the number of false positive and false negative matches while further detecting different variations which may have been based or built from a malicious tree structure, thus optimizing the efficiency and accuracy of the system.
As to claims 22, 29 and 36, Zhang teaches where the one or more processors, when determining whether the abstract syntax tree matches the list, are to: determine that the subtree is an exact match to the list (Col 8, lines 4-6 and lines 36-41, wherein based on the equation and the out percentage, the percent can be 1.0 or 100%).
As to claims 23, 31 and 38, Zhang teaches where the one or more processors, when determining whether the abstract syntax tree matches the list, are to: determine whether the abstract syntax tree matches the list based on a threshold similarity score (Col 7, lines 17-22, similarity score is compared to a threshold).
As to claim 25, Li teaches where the one or more processors, when selectively performing the action, are to: provide the query for use with the database based on determining that the abstract syntax tree matches the list (paragraph 7, forward the query to the destination software application).
As to claim 27, Li teaches where the types of queries include one or more of: a SELECT query, and a web application query (paragraph 33, query like SELECT).
As to claim 30, Zhang teaches where determining whether the abstract syntax tree matches the list comprises: comparing another subtree of the abstract syntax tree to the list; and determining a partial match of the other subtree to the list (Col 8, lines 4-6 and lines 36-41, wherein based on the equation and the out percentage, the percent can be less than 1.0 or 100% therefore determining a partial match where there are more than one for comparison).
As to claims 33 and 40, Li teaches determining that the query includes a list of one or more changes in columns; and where determining whether the abstract syntax tree matches the list comprises: determining whether the list matches a portion of the list of one or more changes in the columns (paragraphs 34 and 42, changes including deleting on data including columns).

Claims 24, 32 and 39 are rejected under 35 U.S.C. 103 as being unpatentable over Li in view of Zhang in further view of US 2008/0091649 to Lim et al. (hereinafter Lim).
As to claims 24, 32 and 39, Li and Zhang do not explicitly teach where the one or more processors are further to: determine a category, from a set of categories, of the query; and where the one or more processors, when determining whether the abstract syntax tree matches the list, are to: determine whether the abstract syntax tree matches the list, where the list identifies the one or more abstract syntax trees corresponding to the category of the query.
However, Lim teaches determining a category, from a set of categories, of the query; and determine whether the abstract syntax tree matches the list, where the list identifies the one or more abstract syntax trees corresponding to the category of the query (paragraph 52, comparing of the trees for complete and partial match associated with a category).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Li and Zhang to include the method of determining a category as taught by Lim in order to increase processing speed and efficiency of the search by eliminating queries and/or categories from further processing that are determined to be irrelevant.

Claims 26 and 37 are rejected under 35 U.S.C. 103 as being unpatentable over Li in view of Zhang in further view of US 2018/0046665 to Wilding.
As to claims 26 and 37, Li teaches where the one or more processors, when determining whether the abstract syntax tree matches the list, are to: determine that the abstract syntax tree does not match the list as discussed above. Li and Zhang do not explicitly teach when selectively performing the action, are to: flag the query as suspicious when the abstract syntax tree does not match the list; and block a source of the query based on the query being flagged.
However, Wilding teaches flagging the query as suspicious when the abstract syntax tree does not match the list; and blocking a source of the query based on the query being flagged (paragraph 43, flagging the statement and blocking the source).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Li and Zhang to include the method of flagging and blocking a source as taught by Wilding in order to prevent further harm and/or malicious data from being received from the source thus increasing the overall security of the system.

Claim 34 rejected under 35 U.S.C. 103 as being unpatentable over Li in view of Zhang in view of US 2017/0265076 to Richards et al. (Applicant’s IDS)(hereinafter Richards).
As to claim 34, Li and Zhang do not explicitly teach receiving an update to the list to include a particular data collector.
However, Richards teaches receiving an update to the list to include a particular data collector (paragraph 74, updating the database).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Li and Zhang to include the updating method taught by Richards in order to provide a dynamic method of monitoring which is up-to-date and continuously learns allowed or malicious structures.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MALCOLM CRIBBS whose telephone number is (571)270-1566. The examiner can normally be reached Monday-Friday 930a-330p; 430p-630p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on (571)270-3618. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MALCOLM . CRIBBS
Examiner
Art Unit 2497



/MALCOLM CRIBBS/Primary Examiner, Art Unit 2497