DETAILED ACTION
This Office Action is in response to Application filed on 25 November 2019.
Claims 1-16 are pending.  The claims have been considered and examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-4, 9-10, and 13-15 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Dykes, U.S. Patent App. Pub. 2019/0213326, hereinafter referred to as “Dykes”.


Referring to claim 1, Dykes discloses an application security method that includes an API learning process (See paragraphs 0055, 0072). - A computerized method for securing an application based on auto-learning and auto-mapping of application services and application programming interfaces (APIs), comprising: 
Dykes discloses the application security deployed in multiple network locations and including mesh of applications (See paragraph 0007 and 0024). - providing a distributed application security mesh system; 
Dykes discloses a learning process (See paragraph 0055). - implementing a learning mode of the distributed application security mesh system comprising: 
Dykes discloses learning and classification of applications and learning of APIs (See paragraph 0055 and 0094). - learning a set of services and a set of APIs that are used by the set of services to interact with each other, wherein the service comprises an application service; 
Dykes discloses maintaining an API specification which includes data on exchanges between applications (See paragraph 0022 and 0026). - creating a record of the set of services, wherein the record comprises: a list of services that are currently active in a specified environment of the distributed application security mesh system, and a list of interactions of the services; and 
Dykes discloses anomaly detection and applying policy actions (See paragraph 0023). - implementing an enforcing mode of the distributed application security mesh system comprising: 
Dykes discloses using the API specifications to detect anomalies (See paragraph 0051). - determining that there is a deviation from a state of at least one record of the set of services provided during the learning mode, and 
Dykes discloses guidance from an administrator and enforcing security policies (See paragraphs 0047 and 0051). - implementing a mechanism for the review of the deviations by administrators of the systems and updating the learned state or to take an action based on the review.

Referring to claim 2, Dykes discloses detecting services and their transactions, configuration being provided by an administrator, and capturing network traffic (See paragraphs 0024, 0087, and 088). - The computerized method of claim 1, wherein the set of services are discovered: using a service discovery mechanism provided by a platform on which the application is deployed, using a manually entered configuration of the platform on which the application is 41deployed, and using traffic inspection in the application environment.

Referring to claim 3, Dyke discloses classification of applications, specifications that include protocol, providing configurations from an administrator (See paragraphs 0022, 0088, and 0094). - The computerized method of claim 1 further comprising: categorizing each service of the set of services into a set of different categories that are based on the attributes of the service interactions of each service, wherein the attributes comprises: a protocol of the service, an administrator assigned attribute to the service, an administrator assigned attribute to the API that is being provided by the service when the service is interacting with external users or external services.

Referring to claim 4, Dykes discloses providing application dependencies and the SPI specification providing exchanges with applications (See paragraphs 0022 and 0033). -  The computerized method of claim 1 further comprising: generating a service dependency map from the list of interactions of each service of the list of services; and generating an API dependency map from the list of API interactions of each service of the list of services.

Referring to claim 9, Dykes discloses the API classification is used to detect anomalies (See paragraph 0023).  Dykes discloses capturing data from new API call data and new applications (See paragraphs 0057 and 0078). - The computerized method of claim 1, wherein the step of determining that there is a deviation from a state of at least one record of the set of services provided during the learning mode: for each API of the set of APIs, determining a deviation from the learned state, wherein the deviation from the learned state comprises: a new service that was not seen previously during learning mode and has become active in the environment; a new pair of services start to interact with each other that were not seen previously interacting during learning mode; and a new pair of services categories to interact with each other that were not seen previously interacting during learning mode.

Referring to claim 10, Dykes discloses the API classification is used to detect anomalies (See paragraph 0023).  Dykes discloses capturing data from new API call data and new applications (See paragraphs 0057 and 0078). - The computerized method of claim 9, wherein the step of determining that there is a deviation from a state of at least one record of the set of services provided during the learning mode: for each API of the set of APIs, determining a deviation from the learned state, wherein the deviation from the learned state comprises: a known service start to use a new API that it was not previously used during learning mode; a known service start to use a known API but with a different service that was not previously used; and a new service start to interact with the external users or the applications that were not used before.

Referring to claim 13, Dykes discloses allowing an administrator to review data and to take action (See paragraph 0084). - The computerized method of claim 1, wherein the step of implementing the enforcing mode of the distributed application security mesh system further comprises: communicating the deviation to a system administrator; allow the administrator to be able to review the deviation either manually or programmatically through a script, and implementing an action specified by the system administrator.

Referring to claim 14, Dykes discloses allowing the administrator to block certain API transactions (See paragraphs 0083 and 0085). - The computerized method of claim 2, wherein the action specified by the system administrator results in: blocking the interaction between services such that the deviation is no longer observed; blocking the specific service that is causing deviation such that deviation is no longer observed; and blocking a specific API that is causing deviation such that the deviation is no longer observed.

Referring to claim 15, Dykes discloses logging APIs from applications and the logs are captured and normalized by the classifier (See paragraphs 0074 and 0075). - The computerized method of claim 14, wherein the action specified by the system administrator results in: logging the interaction between services such that the deviating behavior is logged but the services are allowed to interact; logging the activity from a specific service such that the deviating behavior is logged but the service is allowed to be active in the environment; and logging the specific API requests and responses such that deviating behavior is logged but the API is continued to be allowed in the environment.

Allowable Subject Matter
Claims 5-8, 11-12, and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

U.S. Patent 10,681,012 to Subbarayan et al.
- Deep learning based on API traffic security
U.S. Patent App. Pub. 2016/0342453 to Khan et al.
- Method for anomaly detection in cloud services
U.S. Patent App. Pub. 2021/0374027 to Joglekar et al.
- Self-learning alerting and anomaly detection of monitored services

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH D MANOSKEY whose telephone number is (571)272-3648. The examiner can normally be reached M-F 7:30am to 4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bryce Bonzo can be reached on 571-272-3655. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JOSEPH D MANOSKEY/Primary Examiner, Art Unit 2113                                                                                                                                                                                                        June 17, 2022