DETAILED ACTION
Claims 1-20 are allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Hunter Webb (Reg. No. 54593) on May 19, 2022.
The application has been amended as follows: 

1. (Currently Amended) A method for security handling of application code branching, comprising:
collecting a set of security rules related to a defined security policy;
applying the set of security rules to an application having a plurality of code branches;
dynamically identifying, during an elicitation of requirements phase, a code branch, within an instruction order of the application, which executes outside of its current execution space, wherein the identifying includes using natural language processing on a set of documents related to the application; 
generating, when a return from the code branch is inconsistent with the set of security rules, representing a potential security gap, a gap document including the potential security gap;
inserting customized programming that addresses the potential security gap into a security hook; and
connecting the application to the security hook when the return from the code branch is inconsistent with the set of security rules. 

2. (Original) The method of claim 1, wherein the return from the code branch is selected from a group consisting of a security hook, a safe position, and an endpoint.

3. (Original) The method of claim 1, wherein the set of documents is selected from the group consisting of business requirements, architecture design documentation, and pseudo code.

4. (Original) The method of claim 1, further comprising generating the gap document after an execution of the application.

5. (Original) The method of claim 1, further comprising terminating an execution of the application when the return from the code branch is inconsistent with the set of security rules.

6. (Original) The method of claim 1, wherein the defined security policy represents a security posture of an organization.

7. (Currently Amended) The method of claim 1, wherein the security hook is in an intermediate layer between the application and an operating system layer


8. (Currently Amended) A computer program product embodied in a computer readable storage medium that, when executed by a computer device, performs a method for security handling of application code branching, the method comprising:
collecting a set of security rules related to a defined security policy;
applying the set of security rules to an application having a plurality of code branches;
dynamically identifying, during an elicitation of requirements phase, a code branch, within an instruction order of the application, which executes outside of its current execution space, wherein the identifying includes using natural language processing on a set of documents related to the application; 
generating, when a return from the code branch is inconsistent with the set of security rules, representing a potential security gap, a gap document including the potential security gap;
inserting customized programming that addresses the potential security gap into a security hook; and
connecting the application to the security hook when the return from the code branch is inconsistent with the set of security rules.  

9. (Original) The computer program product of claim 8, wherein the return from the code branch is selected from a group consisting of a security hook, a safe position, and an endpoint.

10. (Original) The computer program product of claim 8, wherein the set of documents is selected from the group consisting of business requirements, architecture design documentation, and pseudo code.

11. (Original) The computer program product of claim 8, further comprising generating the gap document after an execution of the application.

12. (Original) The computer program product of claim 8, further comprising terminating an execution of the application when the return from the code branch is inconsistent with the set of security rules.

13. (Original) The computer program product of claim 8, wherein the defined security policy represents a security posture of an organization.

14. (Currently Amended) The computer program product of claim 8, wherein the security hook is in an intermediate layer between the application and an operating system layer
	

15. (Currently Amended) A computer system for security handling of application code branching, the computer system comprising:
a memory medium comprising program instructions; 
a bus coupled to the memory medium; and 
a processor for executing the program instructions, the instructions causing the system to: 
collect a set of security rules related to a defined security policy;
apply the set of security rules to an application having a plurality of code branches;
dynamically identify, during an elicitation of requirements phase, a code branch, within an instruction order of the application, which executes outside of its current execution space, wherein the identifying includes using natural language processing on a set of documents related to the application; 
generate, when a return from the code branch is inconsistent with the set of security rules, representing a potential security gap, a gap document including the potential security gap;
inserting customized programming that addresses the potential security gap into a security hook; and
connecting the application to the security hook when the return from the code branch is inconsistent with the set of security rules.  

16. (Original) The computer system of claim 15, wherein the return from the code branch is selected from a group consisting of a security hook, a safe position, and an endpoint.

17. (Original) The computer system of claim 15, wherein the set of documents is selected from the group consisting of business requirements, architecture design documentation, and pseudo code.

18. (Original) The computer system of claim 15, the instructions causing the system to generate the gap document after an execution of the application.

19. (Original) The computer system of claim 15, the instructions causing the system to terminate an execution of the application when the return from the code branch is inconsistent with the set of security rules.

20. (Original) The computer system of claim 15, wherein the defined security policy represents a security posture of an organization.

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: The primary reason for the allowance of the claims is the inclusion of the limitation, inter alia, “collecting a set of security rules related to a defined security policy; applying the set of security rules to an application having a plurality of code branches; dynamically identifying, during an elicitation of requirements phase, a code branch, within an instruction order of the application, which executes outside of its current execution space, wherein the identifying includes using natural language processing on a set of documents related to the application; generating, when a return from the code branch is inconsistent with the set of security rules, representing a potential security gap, a gap document including the potential security gap; inserting customized programming that addresses the potential security gap into a security hook; and connecting the application to the security hook when the return from the code branch is inconsistent with the set of security rules". 
The following is considered to be the closest prior art of record:
Kriegsman (US 2013/0227516) – teaches applying rules to an application to determine potential vulnerabilities in the application.
Reddy (US 2019/0303541) – teaches using a smart contract to audit software by analyzing different versions of the software as branches of a graph.
Gupta (US 2019/0318081) – teaches branches making system calls and trapping malicious code.
Dean (US 2016/0357660) – teaches analyzing code execution in different execution environments to determine if a particular environment will cause the code execution to fail.
Esperer (US 2019/0180035) – teaches detecting code vulnerabilities.
Beresnevichiene (US 2004/0194104) – teaches identifying code branches.
Sheridan (US 9792443) – teaches vulnerability of source code.
Biffle (US 9135414) – teaches executing code using software fault isolation mechanisms.
Kumar (US 7058561) –teaches cloning code and code branches and testing to optimize the code execution.
Acar (CN 111095249) – teaches executing code outside of its execution environment.
However, the concept of detecting and correcting a security gap using a custom hook as currently claimed cannot be found in the prior art of record.
None of the prior art of record, either taken by itself or in any combination, would have reasonably anticipated or made obvious the invention of the present application at or before the time it was effectively filed. The concepts and features, as claimed, are considered to be a non-obvious combination of limitations not taught in the prior art. Therefore, claims 1-20 are considered to be allowable.
According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary.”
The amendments submitted on March 29, 2022 in combination with the above Examiner Amendment has overcome the previous rejections. Therefore, all of the previous rejections have been removed and the current claims are in condition for allowance.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B KING whose telephone number is (571)270-7310.  The examiner can normally be reached on Monday-Friday 10AM-6PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 5712728878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/John B King/
Primary Examiner, Art Unit 2498