DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-3, 5-8, 10 are pending.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “a front-end analysis unit configured to perform taint analysis…”, “a call table generation unit configured to generate a back-end call table…”, and “a back-end analysis unit configured to perform taint analysis…”, as in claim 6.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-8, 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mandal et al (Cross-Program Taint Analysis for IoT Systems), and further in view of Ferrara et al (Cross-Program Taint Analysis for the IoT Ecosystem) and Nagumo et al (PGPUB 2017/0206355).

Regarding Claim 6:
Mandal teaches the concept of an apparatus for detecting vulnerability comprising (abstract, cross-program taint analysis that leverages an existing intra-program taint analysis to detect security vulnerabilities in multiple communicating programs; page 1951 section 5.2, experimental setup comprising server and processor): 
a front-end analysis unit configured to perform taint analysis (page 1946 section 3.1, Julia Taint Analysis) on a front-end source code (page 1949 section 4.6.1-4.6.2, taint analyses in isolation on each single component of a system comprising three programs: Internet of Things (IoT) backend, Java servlet, and Android application; NOTE: while the IoT “backend” is explicitly referred to as a backend, it can be considered a frontend or a backend from the perspective of bidirectional inputs and outputs) generated with a first programming language of a program consisting of the front-end source code and a back-end source code (page 1946 section 3, Illustrative Example comprising Java program which collects data which is read by a Java servlet and made available to an Android mobile application); 
a call table generation unit configured to generate a back-end call table including input parameter taint information for a called function called by the front-end source code among one or more back-end functions included in the back-end source code (page 1947 section 4.1, start by formalizing taint analysis on single component, relying on inter-procedural data flow approach; graph is generated comprising statements classified into call nodes representing the statements where calls to other functions occur, and return nodes representing statements where control returns to the caller; this information is used to obtain set of edges comprising calls to other procedures and returns; page 1949 section 4.5, report phase takes program and tagged “source-sink-configuration”, i.e. Excel spreadsheet specifying sources and sinks, and set of tags representing types of sources and sinks; last set is then used to analyze each program 𝐺𝑝𝑖 with the Report phase of the GDPR checker, where the actual taint analysis is performed and returns all the tainted paths 𝑅𝑖; The algorithm then computes the edges 𝑐𝐸 connecting different programs through the same communication channel; these edges represent how data transmitted through channels might flow from a program to another), based on a result of the taint analysis on the front-end source code (page 1947 section 4.1, start by formalizing taint analysis on single component, relying on inter-procedural data flow approach; graph is generated comprising statements classified into call nodes representing the statements where calls to other functions occur, and return nodes representing statements where control returns to the caller); and 
a back-end analysis unit configured to perform taint analysis on the back-end source code based on the back-end call table (page 1949 section 4.5, the algorithm then computes the edges 𝑐𝐸 connecting different programs through the same communication channel; these edges represent how data transmitted through channels might flow from a program to another; these are then added to obtain a unique graph 𝑢𝐺𝑟 for the whole system; finally, it computes the paths connecting user-provided sources to user-provided sinks and project the graph on them; page 1950 section 4.6.3, algorithm 1 combines the results obtained by the taint analysis of each software component, adding the edges between different programs that communicate through some channel; algorithm 1 then builds the whole graph, computes the paths from user-defined sources to user-defined sinks and projects the graph one them; the graph reports, exactly, a possible flow of tainted data from source to sink).
Mandal does not explicitly teach the back-end source code generated with a second programming language.
However, Ferrara teaches the concept of back-end source code generated with a second programming language (abstract, taint analysis widely applied to detect software vulnerabilities; unfortunately, these analyses assume software written in a single programming language; this paper discusses how to lever existing static taint analyses to a cross-programming language scenario; page 3-4 section 2, Illustrative example includes code implemented in Java which interfaces with code implemented in C++; code snippets of Fig. 2 and Fig. 3 of Ferrara correspond to code snippets presented in applicant’s specification, Fig. 2-3; page 5 section 3, detect if a tainted value flows between the boundaries of these two applications, and further instrument and iterate the taint analysis to propagate cross-programming language tainted values).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the cross-language taint analysis teachings of Ferrara with the cross-program taint analysis teachings of Mandal, in order to provide a means of performing taint-analysis across multiple independent program modules, even in the event that the various modules are instrumented in different programming languages, thereby improving the overall security environment.
Neither Mandal nor Ferrara explicitly teaches wherein the back-end analysis unit is further configured to perform the taint analysis on the called function based on a result of setting each of one or more taint states as a taint state of a value passed as an input parameter of the called function.
However, Nagumo teaches the concept wherein a back-end analysis unit is configured to perform a taint analysis on a called function based on a result of setting each of one or more taint states as a taint state of a value passed as an input parameter of the called function (paragraph 27, “dynamically-loaded code” may include a code added with a function of transmitting user information exceeding the application privacy policy; paragraph 36, after adding tag information to the user information, the dynamically-loaded code analysis device 10 executes the application, and performs method trace each time the user information is operated; the analysis on the basis of the tag is “taint analysis” of the dynamic code; paragraph 42, tag-information memory unit memorizes the tag information indicating a taint tag added to information desired to be tracked; the tag-information memory unit memorizes information in which “taint tag ID”, “taint source”, “address”, and “user-information determination information” are associated with each other; paragraph 67-73, dynamically-loaded code analysis device determines whether transmission of information has been detected, and determines whether the information is user information; extraction unit reads trace information corresponding to taint tag; unit reads value stored in “package name” and “class name” associated with specified taint tag; specification unit determines if there is dynamically-loaded code information that matches the retrieved trace information; if so, specification unit determines that matched dynamically-loaded code information has caused transmission of the user information).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the taint state teachings of Nagumo with the cross-program taint analysis teachings of Mandal in view of Ferrara, in order to provide a means of tracking taint variables through an entire series of program routines, thereby providing information at each step as to whether the routine was exploiting the tainted parameters, and allowing observation of taint leaks which might otherwise be missed during standard taint analysis.

Regarding Claim 7:
Mandal in view of Ferrara and Nagumo teaches the apparatus of claim 6.  In addition, Mandal teaches wherein the input parameter taint information includes identification information of the called function (page 1948-1949 section 4.4-4.5, source-sink-configuration file consists of all possible sources and sinks, including set of communication sources and sinks, i.e. functions retrieving data from the channel and functions sending data to the channel); and
Nagumo teaches wherein the input parameter taint information includes the one or more taint states of an input parameter of the called function (abstract, dynamically-loaded code analysis device; paragraph 50-51, dynamically-loaded code information memory unit indicates that the class structure of the dynamically-loaded code with the dynamically-loaded code ID being “1” is “com.twxxxxx.android” and “classC”; the dynamically-loaded code information memory unit indicates that the class structure of the dynamically-loaded code with the dynamically-loaded code ID being “2” is “com.xxxxle.android.apps.A” and “classA”; the call-method information memory unit 15c memorizes call method information in which the tag information added to the user information and the class structure of the code performed for the user information are associated with each other; the call-method information memory unit memorizes information in which “taint tag ID”, “package name”, and “class name” are associated with each other; the “package name” and the “class name” to be memorized in the call-method information memory unit are also referred to as “trace information”).
The rationale to combine Mandal and Nagumo is the same as provided for claim 6 due to the overlapping subject matter between claims 6 and 7.

Regarding Claim 8:
Mandal in view of Ferrara and Nagumo teaches the apparatus of claim 7.  In addition, Nagumo teaches wherein the back-end analysis unit is further configured to identify the called function among the one or more back-end functions by comparing identification information of each of the one or more back-end functions with the identification information of the called function (paragraph 62, taint analysis; paragraph 67-73, dynamically-loaded code analysis device determines whether transmission of information has been detected, and determines whether the information is user information; extraction unit reads trace information corresponding to taint tag; unit reads value stored in “package name” and “class name” associated with specified taint tag; specification unit determines if there is dynamically-loaded code information that matches the retrieved trace information; if so, specification unit determines that matched dynamically-loaded code information has caused transmission of the user information).
The rationale to combine Mandal and Nagumo is the same as provided for claim 7 due to the overlapping subject matter between claims 7 and 8.

Regarding Claim 10:
Mandal in view of Ferrara and Nagumo teaches the apparatus of claim 7.  In addition, Nagumo teaches wherein the identification information of the called function may be determined based on a calling interface for calling the called function (paragraph 36-37, dynamically-loaded code analysis device performs method trace each time the user information is operated; dynamically-loaded code analysis device memorizes the result of method trace as call method information in a call-method information memory unit; the dynamically-loaded code analysis device 10 collates the dynamically-loaded code information and the call method information to specify a dynamically-loaded code that has caused transmission of the user information; paragraph 62, the dynamically-loaded code analysis device 10 collates the dynamically-loaded code information and the call method information to specify a dynamically-loaded code that has caused transmission of the user information; paragraph 63, the call-method information generation unit 14b generates the call method information in which at least the “package name” and the “class name” of the output call method are associated with the “taint tag ID” of the taint tag for which the arithmetic processing has been performed, and stores the call method information in the call-method information memory unit).
The rationale to combine Nagumo and Mandal is the same as provided for claim 7 due to the overlapping subject matter between claims 7 and 10.

Regarding Claims 1-3, 5:
	These are the method claims corresponding to the apparatus of claims 6-8, 10, and are therefore rejected for corresponding reasons.

Response to Arguments
Applicant's arguments filed 3/24/2022 have been fully considered but they are not persuasive.

Regarding the rejection of claims under 35 USC 101:
Applicant’s amendments have overcome the prior 35 USC 101 rejection.  Therefore, the rejection is withdrawn.

Regarding the rejection of claims under 35 USC 103:
	Applicant’s arguments: Unlike Mandal, claim 6 of the present application recites that the back-end analysis unit performs the taint analysis on the called function based on a result of setting each of one or more taint states as a taint state of a value passed as an input parameter of the called function included in the input parameter taint information. For example, when the taint state included in the taint information of the input parameter of the called function is 'taint' and 'suspect', the back-end analysis unit may perform taint analysis for each of a case where a taint status of a value passed as an input parameter of a corresponding called function is 'taint' and a case where the taint status is 'suspect'. 
Mandal fails to disclose the feature of "perform the taint analysis on the called function based on a result of setting each of one or more taint states as a taint state of a value passed as an input parameter of the called function." 
Also, Ferrara does not cure the deficiency of Mandal. Ferrara merely discloses the feature of "performing the taint analysis through program for Julia and CodeSonar. (section 3). 
Also, Nagumo does not cure the deficiency of Mandal. Nagumo discloses that "The tag- information memory unit 15a memorizes the tag information indicating a taint tag added to information desired to be tracked. FIG. 4 is a diagram illustrating an example of a data structure to be memorized in the tag-information memory unit 15a according to the first embodiment. For example, as illustrated in FIG. 4, the tag-information memory unit 15a memorizes information in which "taint tag ID", "taint source", "address", and "user-information determination information" are associated with each other." (paragraph [0042]), and "If determining that transmission of information has been detected (YES at Step S101), the extraction unit 14c analyzes taint of information to be transmitted (Step S102). For example, the extraction unit 14c reads a taint tag added to the information to be transmitted. The extraction unit 14c specifies a taint tag that matches the read taint tag based on the pieces of information memorized in the tag-information memory unit 15a, and reads a value to be stored in the "user-information determination information" associated with the specified taint tag. (paragraph [0068]) 
Nagumo merely discloses the feature of "reading taint of information". Nagumo fails to disclose the feature of "perform the taint analysis on the called function based on a result of setting each of one or more taint states as a taint state of a value passed as an input parameter of the called function.

Examiner’s response: The subject matter in question, i.e. “perform the taint analysis on the called function based on a result of setting each of one or more taint states as a taint state of a value passed as an input parameter of the called function”, was originally found in claims 4 and 9 as originally filed.  Nagumo was cited as teaching these argued claim elements.  Nagumo teaches that ““dynamically-loaded code” may include a code added with a function of transmitting user information exceeding the application privacy policy” (paragraph 27), and that “after adding tag information to the user information, the dynamically-loaded code analysis device 10 executes the application, and performs method trace each time the user information is operated” (paragraph 36), i.e. the tagged user information is an input to the dynamically loaded code function which operates on the user information.  Nagumo further teaches that “tag information indicating a taint tag added to information desired to be tracked” (paragraph 42), and that the analysis on the basis of the tag is “taint analysis” of the dynamic code (paragraph 36).  Applicant argues that Nagumo merely discloses “reading taint of information”, but Applicant fails to consider the means by which Nagumo achieves this objective, e.g. by performing a taint analysis which determines (i.e. “reads”) the taint state of user information operated on by a dynamic code function.  Nagumo therefore teaches “perform[ing] the taint analysis on the called function based on a result of setting each of one or more taint states as a taint state of a value passed as an input parameter of the called function”.  Mandal in view of Ferrara and Nagumo therefore teach all the limitations of claim 1 as amended, as well as corresponding claim 6.
	Applicant further argues that the dependent claims are allowable due to depending on an allowable independent claim.  However, as shown above, the independent claims are not allowable.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        

/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491