DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 


Invitation to Participate in DSMER Pilot Program
The present application satisfies the criteria for participation set forth in the Federal Register Notice entitled “Deferred Subject Matter Eligibility Response (DSMER) Pilot Program.” Therefore, the examiner invites applicant to participate in the DSMER pilot program. 

An applicant who accepts the invitation to participate in this pilot program must still file a reply to every Office action mailed in this application, but may defer presenting arguments or amendments in response to subject matter eligibility (SME) rejection(s) until the earlier of final disposition of the application, or the withdrawal or obviation of all other outstanding non-SME rejections. A final disposition for purposes of this pilot program occurs upon the earliest of: mailing of a notice of allowance; mailing of a final Office action; filing of a notice of appeal; filing of a request for continued examination; or abandonment of the application. Other than applicant’s ability to defer responding to SME rejections, participation in the DSMER pilot program does not alter the normal examination process (e.g., as outlined in MPEP 700), and applicant must still respond to all non-SME rejections when replying to Office actions. 

Further information about the pilot program, including an explanation of the criteria for receiving an invitation, and the conditions of participation, is provided in the Federal Register Notice announcing the program, which is available on the pilot program website https://www.uspto.gov/patents/initiatives/patent-application-initiatives/deferred-subject-matter-eligibility-response.

Applicant has two choices with respect to this invitation:
(1) Applicant may elect to participate in the DSMER pilot program. To effect this choice, applicant MUST accept this invitation by filing a completed request form PTO/SB/456 with a timely response to this Office action. The DSMER Pilot request form must be signed in accordance with 37 CFR § 1.33(b) by a person having authority to prosecute the application, and must be submitted via the USPTO’s patent electronic filing systems (EFS-Web or Patent Center). The form is available on the pilot program website https://www.uspto.gov/patents/initiatives/patent-application-initiatives/deferred-subject-matter-eligibility-response. If the form is properly completed and timely received, the application will be entered into the pilot program.

(2) Applicant may decline to participate in the pilot program. No action is required from applicant to effect this choice, because if applicant does not timely file a properly completed form PTO/SB/456, the application will not be entered into the pilot program.


35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



Claims 1-8 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because: while the claims recite a series of steps or acts to be performed, a statutory “process under 35 U.S.C. 101 must (1) be tied to a particular machine, or (2) transform underlying subject matter (such as an article or material) to a different state or thing. See page 10 of In Re Bilski 88 USPQ2d 1385. The instant claims are neither positively tied to a particular machine that accomplishes the claimed method steps nor transform underlying subject matter, and therefore do not qualify as a statutory process. The method claim is broad enough that the claim could be completely performed mentally, verbally or without a machine nor is any transformation apparent. 



Claims 16-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to nonstatutory subject matter.
The “system” claim is not to a process, machine, manufacture or composition of matter. The claimed element’s “a processor” can be considered as software. It is suggested to add “a processor on a device” or “memory” or similar. Therefore, the claimed subject matter as a whole fails to fall within the definition of a process, machine, manufacture or composition of matter, patentable eligible category subject matter.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-3, 6, 8-11 and 15-18 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Khazan et al., (US Publication No. 2005/0108562), hereinafter “Khazan”, and further in view of McClure et al., (US Publication No. 2003/0195861), hereinafter “McClure”.

Regarding claims 1, 9 and 16, Khazan discloses 
determining at least a static analysis and a dynamic analysis to perform for a first software application based [Khazan, paragraphs 40, 45, 62 and 64], at least in part, on a profile of the first software application [Khazan, paragraphs 40, 42, 45, 62 and 64, figure 4A, item 106]; 
analyzing the first software application with the static analysis to generate static analysis results [Khazan, paragraphs 40, 43, 62 and 64]; 
analyzing the first software application with the dynamic analysis to generate dynamic analysis results [Khazan, paragraphs 40, 43, 62 and 64]. 

Khazan does not specifically disclose, however McClure teaches
generating an assessment report based on the McClure, paragraphs 75 and 326-342].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to combine a report of an analysis for a vulnerability with the static and dynamic analysis of Khazan in order to provide a report of the status of the system to appropriate personnel.

Regarding claims 2, 10 and 17, Khazan-McClure further discloses
wherein the static analysis results indicate a first set of defects, and wherein the dynamic analysis results indicate a second set of defects [Khazan, paragraphs 40, 43, 62 and 64, different tests are run related to static and dynamic].

Regarding claims 3, 11 and 18, Khazan-McClure further discloses
indicating a severity of at least a subset of the first and second sets of defects [McClure, paragraph 327, low risk, medium risk and high risk].


Regarding claim 6, Khazan-McClure further discloses
determining the profile of the first software application based on metadata of the first software application [Khazan, paragraph 40].


Regarding claim 8, Khazan-McClure further discloses
correlating the static analysis results and the dynamic analysis results to generate correlated results, wherein generating the assessment report comprises generating the assessment report based on the correlated results [McClure, paragraphs 75 and 326-342].

Regarding claim 15, Khazan-McClure further discloses
instructions for correlating the static analysis results and the dynamic analysis results to generate correlated results, wherein generating the assessment results report comprises generating the assessment results report based on the correlated results [McClure, paragraphs 75 and 326-342].

Claims 4, 5, 12, 13, 19 and 20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Khazan-McClure as applied to claims 1, 9 and 16 above, and further in view of Wheeler et al., (US Publication No. 2002/0023217), hereinafter “Wheeler”.

Regarding claims 4, 12 and 19 Khazan-McClure does not specifically disclose, however Wheeler teaches
determining an assurance level of the first software application based on the profile of the first software application [Wheeler, paragraph 22, Security Profile of the device, whereby an assurance level of the device may be determined].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to combine the assurance level from the profile with the data of Khazan in order to determine the level of scanning required.

Regarding claims 5, 13 and 20 Khazan-McClure-Wheeler further discloses 
wherein determining at least the static analysis and the dynamic analysis comprises determining the static analysis and the dynamic analysis [Khazan, paragraphs 40-42] based on the assurance level of the first software application [Wheeler, paragraph 22, Security Profile of the device, whereby an assurance level of the device may be determined].


Allowable Subject Matter
Claims 7 and 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion


Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM J GOODCHILD whose telephone number is (571)270-1589. The examiner can normally be reached M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/William J. Goodchild/Primary Examiner, Art Unit 2433