DETAILED ACTION
1. 	This is in response to applicant’s amendment filed on 5/12/2022. Claims 1 and 11 are amended. Claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Applicant’s Arguments
3.	Applicant’s arguments are moot in view of new ground of rejection rendered since they are based on newly added limitations added to independent claims 1 and 11 which is addressed below. However, introduction of the third reference in the rejection of the independent claims has direct effect on justification of motivational statement on claims 4 and 14 based on 4 references without a hindsight. Therefore, the rejection of claims 4 and 14 are withdrawn (see allowable subject matter below).

Claim Rejections - 35 USC § 103
4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


6.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
7.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

8.	Claims 1-3, 5-13, and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Mahaffey et al. US 2016/0099963 hereinafter “Mahaffey” Published Apr. 07 2016 in view of Heintz et al. US 2003/0229808 hereinafter “Heintz” published Dec. 11, 2003, and further in view of Daswani et. al US 8,806,647 hereinafter “Daswani” published Aug. 12, 2014 cited in the IDS filed on 10/15/2019.

Regarding claim 1, Mahaffey teaches: A method of rendering a security event in software application execution in a server computing device communicatively coupled to a plurality of client computing devices across a communication network (Mahaffey, first see FIG. 54 where clients 5465 communicatively coupled server 5405 across a communication network 5447 where rendering security event in software application, then see abstract along with ¶ [0178-0190]), the method comprising: 
receiving, at a memory of the server computing device, a waiver parameter specification identifying at least one waiver parameter in association with at least one recipient client device of the plurality of client computing devices, the at least one waiver parameter based at least in part on detecting a security violation event in accordance with a set of predetermined security policy violation during the software application execution (Mahaffey discloses the device state (waver parameter specification identifying) is sent to server 911 that is associated with security event of device 901, see ¶ [0140], and continues in ¶ [0190] that the state of device 901 is associated with particular software application that reads on applicant’s limitations; see also FIG. 37 and related texts; FIG. 42 disclose detection based on security policy on item 4203 and determination based on 4206, 4207 and 4208 for data based on security policy identification in item 4203; FIG. 36C disclose different models are set for analyzing gathering data which equate to applicant “predetermined security policy”);
during concurrent execution, in a processor of the server computing device, of object code of the software application, generating at least one waiver task automaton that monitors for the at least one waiver parameter in accordance with the security violation event (Mahaffey, first see ¶ [0148] that event or events generated will be processed in order to determine if actions need to be taken, then see ¶ [0190], that discloses the state of device 901 is a function of installed security software application where having access to a specific server 911 or remote software component 915 that monitoring activities on the mobile device 901 where communication from the device 901 must go through server 911  and continues ¶ [0192] based on security state information stored on server 911 for device 901 access has different meaning for processing of the server computing device (generated object code of the software application that is specific to state information of the device 901) where access level automatically determined by server 911 or …  and continues in ¶ [0219] that “a system and method for creating, testing and providing a cross-platform software system for a mobile communications device” where it reads on applicant’s limitations); and 
generating, based on the monitoring, for transmission to a client interface of the at least one recipient communication device, a waiver notification interface during the concurrent execution (FIG. 36A disclose how notification 3606 transmitted to client (receive notification 3607) and action taken 3609 based on  notification (waiver); Mahaffey in ¶ [0201] discloses that “the server 911 may provide access to the security state of a device 901 through an API over a protocol such as HTTP”, and continues in ¶ [0228] that , “The common API may facilitate this communication and allow access or calling within the system … These functions include but are not limited to a XML parser or generator, the software configuration for the mobile device, an anti-virus engine, an attack prevention engine, an anti-spam engine, a data protection system, a registration/ authentication system, a logging or reporting system, a server communications system, data-type extensions, a memory manager or a database system (see FIG. 20)” and then see FIG.s 36A-38 items 3809, 3811, 3817, 3819, 3821, and 3823 and related text along with ¶ [0348] discloses that the server sends notification to mobile device through interface in accordance with data object execution), the waiver notification interface presenting an option to create a new waiver in accordance with the set of security policy violations (FIG. 42 disclose gathering data on item 4201 (transmitted or received data), item 4205 disclose analyses of data based on security policy in item 4203 and decision made on item 4213 or 4211 to either block or allow access; FIG. 36A disclose how notification 3606 transmitted to client (receive notification 3607) and action taken 3609 based on  notification (waiver) which equate to applicant “new waiver” since every data gathering and analysis of data yield to a notification and a waiver, for example FIG. 42 has three level of determine data (decision making process) and waiver notification generation). Mahaffey do not explicitly disclose the waiver notification interface further providing capability for attaching evidence that the security violation event has been resolved, the evidence including at least a set of successful pipeline execution results. However, Heintz disclose the waiver notification interface further providing capability for attaching evidence that the security violation event has been resolved, the evidence including at least a set of successful pipeline execution results (Heintz, see FIG. 6B disclosing recordation of security violation; FIG. 8 disclose notification of the violation to proper party in item 814; FIG.9 disclose action taken to resolve the security violation by disabling VPN service, item 908)” and then see ¶ [0011] which disclose how notification is given to the property by having one action to resolve the security violation “restricting access” or as outlined in FIG.9 “disabling VPN and send such notification to proper party as outlined in item 814 of FIG.8).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Mahaffey with the teaching of Heintz because the use of Heintz’s idea (Heintz, see ¶ [0011]) could provide Mahaffey (Mahaffey, see abstract) the ability to include an automated processing device tool that generates security violation notifications, resolve such security violations and notifies concern party of the violation and steps taken to resolve such security violation (Heintz, ¶ [0014]).
Mahaffey and Heinz do disclose a waiver notification as outlined above but do not disclose such waiver notification rendered at a screen display of the client interface during the execution. 
However, Daswani disclose such waiver notification rendered at a screen display of the client interface during the execution (Daswani, FIG.2, item 206 disclose “notification module”; FIG. 1 and 6 relates to each other, see item 106a-c in FIG.1 and see FIG.6 item 618 as one example of display; See col. 3, lines 1-10 disclose FIG.1 and 6 relationship; and col. 3, lines 11-21 disclose the 106a-c of FIG.1 may be mobile devices such as smart phone or laptop or tablet; and finally col. 5, lines 14-20 disclose notification module is used for display which equate to applicant’s waiver notification to be display).

Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Mahaffey as modified with the teaching of Daswani because the use of Daswani’s idea (Daswani, see col. 5, lines 14-24 and col. 3, lines 11-21) could provide Mahaffey as modified (Mahaffey, see abstract) the ability to include display capability for notification through notification module on client devices (Daswani, col. 3, lines 11-21 disclose the 106a-c of FIG.1 may be mobile devices such as smart phone or laptop or tablet; and finally col. 5, lines 14-20 disclose notification module is used for display which equate to applicant’s waiver notification to be display).

Regarding claim 2, Mahaffey discloses all the limitations of claim 1. Further Mahaffey teaches: wherein the software application comprises an enterprise software application (Mahaffey, see ¶ [0476], “the data object, and trust ratings for the data object. One will appreciate that the above assessment data may be provided as an input into to server 3551. For example, a network operator or enterprise may operate a server that produces assessment data and feeds it data back to a master server. In another example, users may determine assessment data and provide it to server 3551 via an interface such as a web application”; also see FIG. 64 and related texts along with ¶¶ [0555, 0570, and 0849-0850]).

Regarding claim 3, Mahaffey discloses all the limitations of claim 1. Further Mahaffey teaches: wherein the waiver notification interface is generated upon the waiver parameter exceeding a threshold value of the waiver parameter as established in the specification or varies from a prior waiver parameter value in a prior execution of the software application (Mahaffey discloses threshold value for many different scenarios and since applicant’s limitations are so broad and does not specify what waver parameter, therefore the indicated paragraph reads on applicant’s limitations but there are so many other paragraphs that can read on applicant’s limitations, first see ¶ [0056], then see ¶ [0357], “a policy that specifies the threshold limit for network usage is a rate of 100 megabytes per day. If the behavioral data indicates that the application's network usage is above this threshold limit then the application can be flagged as adversely affecting the network or having the potential to adversely affect the network”). 

Regarding claim 5, Mahaffey discloses all the limitations of claim 3. Further Mahaffey teaches: wherein the client interface of the at least one recipient client device is configured to render at least one of: the new waiver, a modification to the waiver parameter, and an acknowledgement action for enactment thereon (Mahaffey, first see FIG. 41 and related texts along with ¶ [0422], “server 3551 requests the additional information for the data object from the second mobile communications device … Server 3551 receives (block 4123) and stores the additional information about the data object from the second mobile communications device on server 3551 or on data storage 3511 (block 4125), then analyzes this additional information with the previously received information from the first mobile communications device to render an assessment (block 4127). This assessment is transmitted to the first mobile communications device (block 4129), which receives the assessment (block 4131) and process the assessment (block 4133)”; also see ¶ [0590]; (FIG. 42 disclose gathering data on item 4201 (transmitted or received data), item 4205 disclose analyses of data based on security policy in item 4203 and decision made on item 4213 or 4211 to either block or allow access; FIG. 36A disclose how notification 3606 transmitted to client (receive notification 3607) and action taken 3609 based on  notification (waiver) which equate to applicant “new waiver” since every data gathering and analysis of data yield to a notification and a waiver, for example FIG. 42 has three level of determine data (decision making process) and waiver notification generation).). 

Regarding claim 6, Mahaffey discloses all the limitations of claim 1. Further Mahaffey teaches: wherein the new waiver relates to an anticipated security policy violation (Mahaffey, see ¶ [0590-0591], “the device receives an assessment from server 3551 indicating that the application is acceptable but software on the device gathers behavioral data that shows that the application violates policy (e.g., the application attempts to acquire the user's location), the device may undertake pre-configured remediation actions such as removing the application. The device may also transmit this behavioral data to server 3551 and indicate the policy violation”; “the device may undertake. The device may also transmit this behavioral data to server 3551 and indicate the policy violation pre-configured remediation actions such as removing the application”; FIG. 42 disclose gathering data on item 4201 (transmitted or received data), item 4205 disclose analyses of data based on security policy in item 4203 and decision made on item 4213 or 4211 to either block or allow access; FIG. 36A disclose how notification 3606 transmitted to client (receive notification 3607) and action taken 3609 based on  notification (waiver) which equate to applicant “new waiver” since every data gathering and analysis of data yield to a notification and a waiver, for example FIG. 42 has three level of determine data (decision making process) and waiver notification generation).

Regarding claim 7, Mahaffey discloses all the limitations of claim 6. Further Mahaffey teaches: wherein the recipient client device comprises at least one of a laptop computing device, a workstation computing device and a mobile computing device (Mahaffey, first see FIGs. 9-10 item 901 and related texts, then see ¶ [0176], “As used herein, the term "mobile communications device" refers to mobile phones, PDAs and smartphones, but excludes laptop computers, notebook computers or sub-notebook computers. In the present application, mobile communications device may also be referred to as "handset," "device," "mobile client" or "client." Specifically, mobile communications devices include devices for which voice communications are a primary function, but may offer data or other wireless Internet access capabilities, including Bluetooth, infrared, or wireless Internet access”). 

Regarding claim 8, Mahaffey teaches all the limitations of claim 7. Mahaffey further teaches: transmitting the waiver to a memory of the server computing device, wherein the memory maintains a record of waivers and modifications thereto (Mahaffey, see ¶¶ [0368 and 0507], “combinations of these is saved or stored on server 3551 (or at a storage location accessible by the server) so that the data can be accessed at a later time … The information may be saved or stored in nonvolatile memory or other persistent storage medium ( e.g., hard disk, optical disc, flash memory, and so forth)”; and continues in ¶ [0507], “the device may first check this list to see if the data object is present. If the object is present, the device does not re-scan the object. After scanning a file and determining it to be desirable, the device places an identifier for the data object in the list. Example identifiers include a file name, filesystem node identifier, or operating system specific data object handle. In an embodiment, the mobile communication saves this list of data objects to non-volatile storage so that the list can be preserved … any stored assessments are valid only for a particular set of data object content. If the data object's content changes, a different assessment may be necessary, as the data object may have been modified to include malicious code that was not present in the original data object”; also see ¶ [0378], “The application "Invader" includes the permissions "calendar'' and "SMS." The "calendar" permission allows the application to access calendar appointments saved on the client device. The "SMS" permission allows the application to send text messages from the client device. The Android Developers Reference for Android4.0rl, Feb. 1, 2012, available at <http ://developer.android.com/reference/ android/Manifest.permission-.html>, which is incorporated by reference, includes an extensive list of permissions or features that an application may access”). 

Regarding claim 9, Mahaffey discloses all the limitations of claim 1. Further Mahaffey teaches: wherein the waiver task automaton is defined by script code that includes data relating to the at least one waiver parameter and a threshold value associated with the at least one waiver parameter (Mahaffey, first see FIG. 53 and related texts along with ¶¶ [0141 and 0147], “the local security component on the mobile device can identify security events by analyzing files or data stored on the device, messages such as function or system calls between components on the device, or network data flowing into or out of the device for security events. The security events can include finding possible threats such as exploits, suspicious network traffic, viruses, malware, SMS message or phone call spam, suspicious system or function calls, authentication failures, etc”, then see ¶¶ [0656 and 0696], “URL may reference a server that will perform actions, such as automatically removing applications identified as malware from an application market when the URL is requested. The server may be implemented in a variety of ways, including a PHP script or a Java, Ruby, or Python application server”, “the system compares the sequence of computer calls each app program can make. If the sequences are similar enough (e.g., there is a high degree of similarity), the system may decide that the two apps are similar”). 

Regarding claim 10, Mahaffey discloses all the limitations of claim 9. Further Mahaffey teaches: wherein the script code further includes data pertaining to the at least one recipient communication device, and the monitoring comprises at least one application program interface (API) call to the software application during the concurrent execution (Mahaffey, first see ¶ [0355], “The monitoring program at the client transmits to the server behavioral data based on the monitoring of the one or more application programs at the client”, and then see ¶¶ [0426-0450 and 0474], “behavioral data include information about network connections caused by the data object (e.g., server names, source/destination addresses and ports, duration of connection, connection protocols, amount of data transmitted and received, total number of connections, frequency of connections, and network interface information for the connection, DNS requests made), behavior of the data object when run (e.g., system calls, API calls, libraries used, inter-process communication calls, number of SMS messages transmitted, number of email messages sent, information about user interfaces displayed, URLs accessed), overhead caused by the data object (e.g., battery used, CPU time used, network data transmitted, storage used, memory used)”, “server 3551 performs analysis of a data object's content to determine what APs on a device the data object utilizes. In an embodiment, the API analysis may include a search of the data object for data sequences indicating API calls; an analysis of specific library, function, class, or other import data structures in the data object; an analysis of dynamic linker calls; an analysis of calls to local or remote services; static analysis of the data object; dynamic analysis of the data object; and analysis of behavioral data reported by one or more devices”). 

Regarding claim 11, this claim defines a device claim that corresponds to method claim 1. Therefore, claim 11 is rejected with the same rational as in the rejection of claim 1. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 12, this claim defines a device claim that corresponds to method claim 2. Therefore, claim 12 is rejected with the same rational as in the rejection of claim 2. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 13, this claim defines a device claim that corresponds to method claim 3. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 3. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 15, this claim defines a device claim that corresponds to method claim 5. Therefore, claim 15 is rejected with the same rational as in the rejection of claim 5. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 
Regarding claim 16, this claim defines a device claim that corresponds to method claim 6. Therefore, claim 16 is rejected with the same rational as in the rejection of claim 6. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 17, this claim defines a device claim that corresponds to method claim 7. Therefore, claim 17 is rejected with the same rational as in the rejection of claim 7. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 18, this claim defines a device claim that corresponds to method claim 8. Therefore, claim 18 is rejected with the same rational as in the rejection of claim 8. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 19, this claim defines a device claim that corresponds to method claim 9. Therefore, claim 19 is rejected with the same rational as in the rejection of claim 9. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 

Regarding claim 20, this claim defines a device claim that corresponds to method claim 10. Therefore, claim 20 is rejected with the same rational as in the rejection of claim 20. Furthermore, Mahaffey in ¶ [0620] disclose CPU (processor) and memory can be implemented to execute the method. 
Allowable Subject Matter
9.	Claims 4 and 14 are objected as having allowable subject matter and they would be allowed if they incorporate the base claim they depend on and all intervening claims. Reason for allowance will be furnished upon allowance of the application.

Examiner note:
10.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.
Conclusion
11.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Wootton et al. U.S. 2012/0110174 A1 discloses system and method for scanning application programming interface (API) and If an application for which an analysis is sought is not in the data store, information about a different, but related application may be provided.
Krupp et al. 2017 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, “SPE: Security and Privacy Enhancement Framework for Mobile Devices” discloses if SPE is adopted by mobile operating systems producers, it would provide consumers and businesses the additional privacy and security controls they demand and allow users to be more aware of security and privacy issues with applications on their devices.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALIL NAGHDALI whose telephone number is (571) 272-9884.  The examiner can normally be reached on M-F 8-5.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's acting supervisor, KRISTINE KINCAID can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.
/KHALIL NAGHDALI/
Primary Examiner, Art Unit 2437