Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The instant application having Application No. 16/795,439 filed on 2/19/2020 is presented for examination.

Examiner Notes
Examiner cites particular columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.

Drawings
The applicant’s drawings submitted are acceptable for examination purposes.

Authorization for Internet Communications
The examiner encourages Applicant to submit an authorization to communicate with the examiner via the Internet by making the following statement (from MPEP 502.03):
“Recognizing that Internet communications are not secure, I hereby authorize the USPTO to communicate with the undersigned and practitioners in accordance with 37 CFR 1.33 and 37 CFR 1.34 concerning any subject matter of this application by video conferencing, instant messaging, or electronic mail. I understand that a copy of these communications will be made of record in the application file.”

Please note that the above statement can only be submitted via Central Fax, Regular postal mail, or EFS Web.

Information Disclosure Statement
As required by M.P.E.P. 609, the applicant’s submissions of the Information Disclosure Statement dated 5/06/2020 and 6/22/2021 are acknowledged by the examiner and the cited references have been considered in the examination of the claims now pending.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a) as being anticipated by “Discovering software vulnerabilities using data-flow analysis and machine learning” by Kronjee et al. (cited in IDS).

As per claim 1, Kronjee discloses a method comprising: 
obtaining at least one program slice embedding vector and at least one register vector (First paragraph, right side, page 2; see also section 3) that are generated based on results from a static analysis tool (static analysis, Abstract), the at least one register vector corresponding to the at least one program slice embedding vector (Section 4.2);
using a machine learning model to generate, from the at least one program slice embedding vector and the at least one register vector, at least one probability rating associated with a vulnerability (Using the extracted features to train various probabilistic classifiers to perform vulnerability detection, see abstract); and 
reporting the at least one probability rating for use by the static analysis tool (The classifier reports probability p for a vulnerability class, see section 4.2).

As per claim 2, Kronjee further discloses wherein: the results from the static analysis tool are generated based on analysis of a binary by the static analysis tool (Section 3.3); and 
the at least one probability rating indicates a probability of the vulnerability existing in the binary (Section 4.3).

As per claim 3, Kronjee further discloses wherein each of the at least one program slice embedding vector is generated from a program slice representing portions of the binary that correspond to the vulnerability (Section 4.1).

As per claim 4, Kronjee further discloses wherein each of the at least one register vector indicates a CPU register that corresponds to the vulnerability (Section 4.1).

As per claim 5, Kronjee further discloses method of Claim 1, wherein: the at least one probability rating comprises multiple probability ratings, and the method further comprises ranking or aggregating the multiple probability ratings (Section 3.2).

As per claim 6, Kronjee further discloses wherein the machine learning model is trained in an iterative process using training data comprising a plurality of program slice embedding vectors, a plurality of register vectors, and a plurality of labels (Section 4.2).

As per claim 7, Kronjee further discloses wherein: each of the plurality of register vectors in the training data indicates a CPU register; and each of the plurality of labels in the training data identifies a register type of a corresponding one of the plurality of register vectors (Section 4.2).

As per claims 8-15, they are system claims having similar limitations as cited in claims 1-7 and are rejected under the same rationale.

As per claims 15-20, they are system claims having similar limitations as cited in claims 1-6 and are rejected under the same rationale.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Bryne (US 11,075,055) discloses facilitating identifying computer software vulnerabilities, and more specifically, execute an approximate representation of software to produce a fingerprint are provided. In one example, a system is provided. The system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can include a filter component and an execution component. The filter component can filter a platform-independent intermediate representation to a filtered representation. The execution component can execute the filtered representation on a virtual machine to produce an output vector which can be used to identify computer software vulnerabilities.
Venkataramani (US 2017/0154181) discloses detecting a covert timing channel on a combinational structure or a memory structure. The system identifies the events behind conflicts, and constructs an event train based on those events. For combinational structures, the system detects recurrent burst patterns in the event train. The system determines that a covert timing channel exists on the combinational structure if a recurrent burst pattern is detected. For memory structures, the system detects oscillatory patterns in the event train. The system determines that a covert timing channel exists on the memory structure if an oscillatory pattern is detected.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TIMOTHY A MUDRICK whose telephone number is (571)270-3374. The examiner can normally be reached 9am-5pm Central Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Dennis Chow can be reached on (571) 272-7767. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TIMOTHY A MUDRICK/Primary Examiner, Art Unit 2194                                                                                                                                                                                                        5/31/2022