Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1.	This action is responsive to:  an original application filed on 17 February 2021 with acknowledgement that this application is a continuation of 16/154,151 now patent 10,956,574 that claims the benefit of a provisional application filed on 7 October 2017.
2.	Claims 1-19 are currently pending.  Claims 1 and 19, are independent claims. 
3.	The IDS submitted on 21 December 2021 and 20 August 2021 have been considered. 
Double Patenting
4.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A statutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and  In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/forms/.
 The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. 
 An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, please refer to - http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp
 
5.	Claims 1 and 7-18, are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1 and 3-12 of application 16/154,151 now patent 10,956,574.  Although conflicting claim 1 is not identical, it is not patentably distinct from the elements/features of the method for securing an application that exist in the patented application in similar or different names, essentially performing the same tasks.  The patented application contains more details.  Note claims 7-18 are identical to claims 3-12.  Below is a table showing the two claim ones.
PRESENT APPLICATION
PATENT 10,956,574
A method for securing an application through an application-aware runtime agent comprising: acquiring a code profile, wherein acquiring the code profile comprises of converting a set of code sources of the application to the code profile as a set of graphs that characterize operational relationships of controls within the set of code sources, wherein the controls are potential security vulnerabilities; 







instrumenting the application with a runtime agent according to the code profile, wherein instrumenting comprises tracking the utilization of the controls through execution of the application; 


enforcing the runtime agent on the execution of the application comprising: monitoring the execution flow, which comprises of monitoring the utilization of controls through the execution of the application, and 
     detecting a security event, which comprises identifying a section of the execution flow as the security event; 



and responding to the security event.
A method for securing an application through an application-aware runtime agent comprising: acquiring a code profile, wherein acquiring the code profile, which comprises converting a set of code sources of the application to the code profile as a set of flow graphs that includes at least a data flow graph and a control flow graph and that characterizes controls within the set of code sources;

analyzing the code profile and mapping
controls of interest within the code profile by
identifying sequences of controls in the set of
flow graphs that are associated with detection
of a potential security event;

instrumenting the application with a runtime
agent according to the code profile, wherein
instrumenting comprises augmenting the
execution of the controls of interest in the
application to trigger tracking operations
during execution of the application;

enforcing the runtime agent on the execution
of the application comprising:
       through execution of triggered tracking
operations, tracking execution flow of at least
the controls of interest, and 
        detecting a security event based at least in part on a detected sequence of execution flow associated with the security event, which comprises identifying a section of the execution flow as the security event; 
and responding to the security event.


Claim Rejections – 35 USC § 103
6.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


7.	Claims 1-4, 6-9, and 12-18, are rejected under 35 U.S.C. 103 as being unpatentable over Hao et al. U.S. Patent Application Publication No. 2010/0078868 (hereinafter ‘868) in view of Artzi et al. U.S. Patent Application Publication No. 2012/0102474 (hereinafter ‘474) in further view of Roichman U.S. Patent Application No. 2017/0316202 (hereinafter ‘202).
As to independent claim 1, “A method for securing an application through an application-aware runtime agent” is taught in ‘868 paragraphs 5, 18, and 44, note a Web Application Firewall is considered equivalent to a runtime agent; 
the following is not explicitly taught in ‘868: 
“comprising: acquiring a code profile, wherein acquiring the code profile comprises of converting a set of code sources of the application to the code profile as a set of graphs that characterize operational relationships of controls within the set of code sources, wherein the controls are potential security vulnerabilities” however ‘474 teaches a system and method for analyzing a source code and specification (i.e. code profile) of  a software application to generate models and intermediate representations, call graphs, to generate analysis results (i.e. operational relationships) as well as security vulnerabilities in the Abstract, paragraphs 4-6, and 51-52; 	
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a method and system for configuring a rule file for firewall of a web server taught in ‘868 to include a means to acquire source code and code profile of an application generate a graphs that characterize operational relationships to identify potential vulnerabilities.  One of ordinary skill in the art would have been motivated to perform such a modification because modern web applications are built atop web frameworks which makes traditional static analysis and modifications to analysis engine is error-prone and requires significant effort   see ‘474 paragraph 3. 
the following is not explicitly taught in ‘868 and ‘474:
“instrumenting the application with a runtime agent according to the code profile, wherein instrumenting comprises tracking the utilization of the controls through execution of the application; enforcing the runtime agent on the execution of the application comprising: monitoring the execution flow, which comprises of monitoring the utilization of controls through the execution of the application, and detecting a security event, which comprises identifying a section of the execution flow as the security event”  however ‘202 teaches adding patch code to a software program before running the software program in order to identify dependencies in the script code in the Abstract paragraphs 13-18; 
“and responding to the security event” however ‘202 teaches detecting an protecting against security vulnerabilities by taking preventative action / i.e. runtime application self-protection (RASP) in paragraphs 2, 4, 16-17, 22, and 24-29.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a method and system for configuring a rule file for firewall of a web server taught in ‘868 and ‘474 to include a means to utilize controls through the execution of the application.  One of ordinary skill in the art would have been motivated to perform such a modification a method that is different from static application security testing (SAST) is needed to account for runtime vulnerabilities see ‘202 paragraph 3. 

	As to dependent claim 2, “The method of claim 1, wherein the controls comprise method calls, thus instrumenting the application with a runtime agent comprises tagging method calls, monitoring the execution flow comprises tracking a series of method calls, and detecting the security event comprises identifying a subset of the series of method calls as a security event” is taught in ‘202 paragraphs 2, 4, 16-17, 22, and 24-29.
	As to dependent claim 3, “The method of claim 2, wherein acquiring the code profile comprises converting the controls into a succession of method calls” is shown ‘474 in Abstract, paragraphs 4-6, and 51-52.
	As to dependent claim 4, “The method of claim 3, wherein the controls comprise datatype activity calls” is disclosed in ‘474 paragraph 77. 
	As to dependent claim 6, “The method of claim 3, wherein the controls comprise input and output calls” is taught in ‘202 paragraph 17
	As to dependent claim 7, “The method of claim 6, wherein monitoring the execution flow further comprises of monitoring data input during the execution of the application” is shown in ‘202 paragraph 17.
	As to dependent claim 8, “The method of claim 7, wherein responding to the security event further comprises segmenting and classifying a data payload of the execution flow and monitoring the interaction with source data type and input calls” is disclosed in ‘474 paragraph 77.
	As to dependent claim 9, “The method of claim 1, wherein the runtime agent is language agnostic, thereby executable in multiple programming languages” is taught in ‘202 paragraphs 15-16.
	As to dependent claim 12, “The method of claim 1, wherein responding to the security event comprises as part of enforcing the runtime agent, proactively regulating the execution flow and preventing sequential utilization of controls associated with the security event” is shown in ‘202 paragraphs 2 and 35.
	As to dependent claim 13, “The method of claim 1, wherein responding to the security event comprises reactively regulating the execution flow and preventing sequential utilization of controls associated with the security event” is disclosed in ‘202 paragraphs 17, 25, and 35.
	As to dependent claim 14, “The method of claim 1, wherein responding to the security event comprises of identifying involved controls within the set of code sources and reporting the involved controls through a user interface” is taught in ‘202 paragraph 35.
	As to dependent claim 15, “The method of claim 1, wherein responding to the security event comprises of showing portions of the set of code sources that led to detecting the security event” is shown in ‘202 paragraphs 20, 22-23, and 25.
	As to dependent claim 16, “The method of claim 1, wherein responding to the security event comprises blocking execution flow associated with the security event” is disclosed in ‘202 paragraphs 17, 25, and 35.
	As to dependent claim 17, “The method of claim 1, where responding to the security event comprises modifying firewall settings based on clients involved in the security event” is taught in ‘868 Abstract, paragraphs 2, 7-8, and 14-17.
	As to dependent claim 18, “The method of claim 1, where responding to the security event includes generating a security event notification” is shown in ‘202 paragraphs 17, 25, and 35.
8.	Claims 5, 10, 11, and 19, are rejected under 35 U.S.C. 103 as being unpatentable over Hao et al. U.S. Patent Application Publication No. 2010/0078868 (hereinafter ‘868) in view of Artzi et al. U.S. Patent Application Publication No. 2012/0102474 (hereinafter ‘474) in further view of Roichman U.S. Patent Application No. 2017/0316202 (hereinafter ‘202) in further view of Chess et al. U.S. Patent Application Publication No. 2007/0240138 (hereinafter ‘138).
	As to dependent claim 5, the following is not explicitly taught in ‘868, ‘474, and ‘202: “The method of claim 3, wherein the controls further comprise user defined vulnerabilities” however ‘138 teaches user can define vulnerabilities in paragraphs 75 and 77.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a method and system for configuring a rule file for firewall of a web server taught in ‘868, ‘202, and ‘474 to include a means to allow a user to define vulnerabilities.  One of ordinary skill in the art would have been motivated to perform such a modification because software security vulnerabilities are numerous a require more than a single point solution see ‘138 paragraphs 7-9. 
	As to dependent claim 10, “The method of claim 1, wherein identifying a section of the execution flow as the security event further comprises looking up the section of the execution flow in a security profile dictionary” is taught in ‘138 paragraphs 25, and 74-76.
	As to dependent claim 11, “The method of claim 10, wherein responding to the security event further comprises updating the security profile dictionary” is shown ‘138 paragraphs 25, 74-76, and 87.
	As to independent claim 19, “A method for securing an application through an application-aware runtime agent” is taught in ‘868 paragraphs 5, 18, and 44, note a Web Application Firewall is considered equivalent to a runtime agent; 
the following is not explicitly taught in ‘868: 
“comprising: acquiring an application code profile comprising: mapping application controls of interest, wherein application controls includes method calls, data type activity, and input and output calls, and application controls of interest may be a defined sequence of application control” however ‘474 teaches a system and method for analyzing a source code and specification (i.e. code profile) of  a software application to generate models and intermediate representations, call graphs, to generate analysis results (i.e. operational relationships), utilize framework modules to capture information regarding entry points as well as security vulnerabilities in the Abstract, paragraphs 4-6, 31-33, and 51-52; 	
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a method and system for configuring a rule file for firewall of a web server taught in ‘868 to include a means to acquire source code and code profile of an application generate a graphs that characterize operational relationships to identify potential vulnerabilities.  One of ordinary skill in the art would have been motivated to perform such a modification because modern web applications are built atop web frameworks which makes traditional static analysis and modifications to analysis engine is error-prone and requires significant effort   see ‘474 paragraph 3. 
the following is not explicitly taught in ‘868 and ‘474:
“instrumenting the application with a runtime agent according to the code profile, wherein instrumenting comprises tagging flows of the method calls, thereby enabling tracking the utilization of the controls throughout execution of the application;  enforcing the runtime agent on the execution of the application comprising: monitoring execution flow, wherein the execution flow is the utilization of the method calls and external data input throughout the execution of the application, detecting a security event” however ‘202 teaches adding patch code  (tagging flows) to a software program before running the software program in order to identify dependencies in the script code in the Abstract and paragraphs 13-18; 
“and responding to the security event comprising of selectively performing at least one of the following: locating the application controls and external inputs that led to detecting the security event, preventing sequential utilization of controls associated with the security event, sending an alert regarding the security event, and providing a user interface that outputs runtime agent diagnostics and security event alerts and enables user control of the runtime agent” however ‘202 teaches detecting an protecting against security vulnerabilities by taking preventative action / i.e. runtime application self-protection (RASP) in paragraphs 2, 4, 16-17, 22, and 24-29.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a method and system for configuring a rule file for firewall of a web server taught in ‘868 and ‘474 to include a means to utilize controls through the execution of the application.  One of ordinary skill in the art would have been motivated to perform such a modification a method that is different from static application security testing (SAST) is needed to account for runtime vulnerabilities see ‘202 paragraph 3. the following is not explicitly taught in ‘868, 474, and ‘202:
	“wherein detecting a security event comprises identifying a section of the execution flow defined within a security profile dictionary” however ‘138 teaches a security test module that tests software for vulnerabilities (known weaknesses) from information gathered from software developers which includes an attack database (i.e. security profile dictionary) in paragraphs 25 and 74-76.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a method and system for configuring a rule file for firewall of a web server taught in ‘868, ‘202, and ‘474 to include a means utilize a security profile dictionary.  One of ordinary skill in the art would have been motivated to perform such a modification because software security vulnerabilities are numerous a require more than a single point solution which would include security profile dictionary (i.e. an attack database) see ‘138 paragraphs 7-9. 
Conclusion
9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ellen Tran whose telephone number is (571) 272-3842.  The examiner can normally be reached from 7:30 am to 4:00 pm.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
		If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at (571) 272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
____________________________
/ELLEN TRAN/Primary Examiner, Art Unit 2433                                                                                                                                                                                                        27 May 2022