Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
                                                      DETAILED ACTION 
 
 1. Claims 1-8, 11-18, 20 are presented for the examination. Claims 9, 10, 19 are  canceled. 
                                                  
                                   Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 


2. Claims 1, 3, 4, 7, 8, 14, 15, 16, 17, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Call (US 20160057107 A1) in view of MorAES (US 20210232446 A1) and further in view of Baron(US 20070043861 A1).

 As to claim 1, Call teaches computer software having a plurality of software components configured to enable the processing device to utilize internal data for performing a plurality of functions (The API wall is configured, according to the example in FIG. 2, to receive API requests 213a-c and pass the requests on to specific business units. For example, the API call request 213a generated by endpoint device 202a is, after being intercepted by the API wall, routed to business unit A 260. Business unit A may include a web service A 220a, which may be implemented in hardware such as a web server or a software application implemented in a device or as SaaS. The business unit A and/or the web service may have a number of associated or hosted APIs, such as API 1 261a, API 2 261b, and API n 261c. The same example architecture is depicted for business units B and C, para [0051]), wherein the API is configured to define interactions between the software components (The API wall 110b may be located in a network 105b, which may be an intranet or similar network that connects computers/devices/systems at network nodes to at least some other network nodes within the enterprise network, thereby allowing users to use the network services. For example, the API wall 110b-1 may be located in a private network or an enterprise network where a web server 120b-1 is hosted and that services API services 126b, and may be deployed between multiple web servers hosted in a private network, para[0045], ln 1-20), and is further configured to define access constraints with respect to the computing system, the access constraints configured to restrict access by an end user associated with the computing system with respect to the internal data and software components( The API filtering system, also referred to herein as an API wall, includes creating a dashboard including information regarding performance indicators related to the endpoint application/device, such as monitoring a frequency, a velocity, a time of day, a geo-location, or an authentication indicator related to the API call requests. The API wall further provides a report for a security team of an enterprise or other system user such that the security team can change access permissions for the API, wherein the access permission changes include modifying the access to the API, limiting access to the API, or blocking access to the API based on many factors, including the performance indicators. The system further provides security teams the ability to change the access permissions for the API from unauthenticated access permissions to authenticated access permissions, para [0010]), adjust the access constraints of the API (modify access to APIs, create access control lists (ACLs), enforce ACLs, and/or change APIs from being unauthenticated access to being strictly authenticated access, para [0059], ln 9-12).
 Call does not teach a memory device configured to store an Application Programming Interface (API) and wherein the computer software is configured to adjust the access constraints of the API. However, MorAES  teaches store an Application Programming Interface (API) and wherein the computer software is configured to adjust the access constraints of the API. ( The APIs may provide methods of communication between various components of the server (100) such as computer-usable program code maintained on memory devices and various hardware devices of the server (100), para[0018], ln 5-20/Turning now to the figures, FIG. 1 is a block diagram of a server (100) according to an example of the principles described herein. The server (100) may include an application program interface (API) manager (105) to manage a number of applications that service a number of client devices communicatively coupled to the server (100). In order to provide for communication between the server (100) and the client devices, para[0017], ln 1-15/ any given rule may be updated and/or created in real time as the server (100) and API manager (105) are operating as described herein. By allowing for dynamic changes in the log verbosity rules (120), an administrator of the server (100) may change the verbosity of any to-be produced log after detecting that such a change is warranted based on an analysis of how the API manager (105) and/or any of the managed APIs interact with the user. After a log verbosity rule (120) has been created and/or changed by an administrator, the API manager (105) of the server (100) may send a response to the administrator indicating the change and/or addition of the log verbosity rules (120) to the log rule registry (115), para[0022]/ the computer software is configured to adjust the access constraints of the API since The AII manager of server changes the rules created by the API manager for controlling access to server by user as described above ). 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Call with MorAES to incorporate of a memory device configured to store an Application Programming Interface (API) and wherein the computer software is configured to adjust the access constraints of the API because this engages in is the definition of the proper level for the creation and storage of togs defining arty number of user's interactions with any of the individual APIs to be executed.
Call and MorAES do not teach the access constraints of the API are created by merging a plurality of filters with fields that are any of included and excluded , and wherein the plurality of filters are for any of resources, workflows, sessions, users and services. However, Baron teaches the access constraints of the API are created by merging a plurality of filters with fields that are any of included and excluded , and wherein the plurality of filters are for any of resources, workflows, sessions, users and services( One of the functions of the tier capture filter includes an optional mapping of individual function calls[API] to a function group, such as an I/O function group, a database access function group, and so on , para[0040], ln 1-5/ A number of different criteria may be used to include or exclude transactions in the tier capture filter 225. For example, the tier capture filter 225 may filter on a string associated with the transaction, such as transaction name, transaction URL, client name, database SQL strings in transaction, and so on… will recognize that filters may be combined[merging] to perform more complex filtering operations. One of ordinary skill in the art will also realize that additional filtering may be selectively invoked within the visualization system 250, to facilitate interactive diagnosis. ..and so on, para[0042]). 
 It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Call  and  MorAES  with Baron to incorporate the feature of the access constraints of the API are created by merging a plurality of filters with fields that are any of included and excluded , and wherein the plurality of filters are for any of resources, workflows, sessions, users and services because this facilitates the integrated display of the events, the visualization system synchronizes the recorded communication and processing events to a common time base.
 As to claim 3, MorAES teaches the access constraints of the API are adjusted based on one or more of: a) a role of the computing system, b) a license agreement, c) one or more standards or protocols, d) an authorization of the end user, e) an access group of the end user, f) deployment parameters, g) a current session, h) workflow, i) equipment provisioning, and j) troubleshooting results( para[0020], ln 7-30). 
As to claim 4, Call teaches the API is further configured to allow one or more actions of: a) controlling a mode of the computing system, b) controlling other APIs available to the end user or a user class of the end user, c) controlling other APIs available based on purchased or licensed content, d) selecting another API for performing a specific task, e) enabling the end user to selectively constraint the API( para[0059], ln 1-30). 
As to claim 7, Call teaches the internal data includes access constraints whereby input data has different restrictions than output data (para [0039]). 
As to claim 8, Call teaches the input data and output data include information with respect to the end user, uptime, events, and telemetry (para [0052], ln 1-28/ para [0053], ln 1-10). 
 
As to claim 14, MorAES teaches the access constraints of the API are defined by a combination of constraints on multiple levels include at least two of: service, system, deployment, resource, user, session, and workflow (para [0020], ln 5-30). 
As to claims 15, 16, 17, 18, they are rejected for the same reason as to claims 1, 3, 4 above. 

3. Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Call (US 20160057107 A1) in view of MorAES (US 20210232446 A1) and further in view of Duggal (US 20190220331 A1). 

As to claim 2, Call and MorAES do not teach the API comprises a northbound service acting as a gateway between the end user and the computer software. However, Duggal teaches the API comprises a northbound service acting as a gateway between the end user and the computer software (Employing a standard application controller 1600 may provide an abstraction for an application fabric. The application fabric may provide observability over a mesh network of services and can act as an API Gateway exposing activity to Northbound systems (e.g., portals/dashboards, analytics/big data, and AI/ML, para[0206], application 1036 according to some embodiments. As described herein, a user 1012 (e.g., an individual, group of individuals, computing device, group of computing devices, and/or the like), may utilize a computer system 1020 (e.g., a node) of the environment 1010 to develop, configure, deploy, and/or the like, a functional model-based application 1036. To this extent, the computer system 1020 may provide a functional modeling interface 1030, which can enable the user 1012 to define, modify, and/or the like, one or more aspects of the functional model-based application 1036 using any solution, para [0116], ln 1-30).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Call and MorAES with Duggal to incorporate of the API comprises a northbound service acting as a gateway between the end user and the computer software because this exists innumerable software languages and technologies that satisfy a wide variety of requirements, a significant challenge is how to flexibly and dynamically connect people, information, systems and devices for a new class of `smart` processes. 

4. Claims 5, 6, 12, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Call (US 20160057107 A1) in view of MorAES (US 20210232446 A1) in view of Baron(US 20070043861 A1) and further in view of REUZEL (US 20210182131 A1). 

As to claim 5, Call, MorAES and Baron do not teach API is defined by a schema or model written in a machine parsable language. However, REUZEL teaches API is defined by a schema or model written in a machine parsable language (The APIs are typically formalized in machine parsable formats like OpenAPI and web service definition language (WSDL), para [0002], ln 2- 5).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Call, MorAES and Baron with REUZEL to incorporate of API is defined by a schema or model written in a machine parsable language because this exposes which services are able to implement the server-side of an API.
As to claim 6, REUZEL teaches the access constraints of the API are defined by a list of Uniform Resource Locators (URLs) (para [0020], ln 7-35) for the same reason as to claim 5 above. 
As to claim 12, REUZEL teaches the access constraints of the API are based on services including one or more of Wi-Fi, Ethernet, Generalized Multi-Protocol Label Switching (GMPLS), Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), Intermediate System to Intermediate System (ISIS), transport, equipment, alarms, security, IPv4, IPv6, and Dynamic Host Configuration Protocol (DHCP)( para[0023, ln 1-10 and para[0026], ln 23-36) for the same reason as to claim 5 above.
As to claim 20, it is rejected for the same reasons as to claims 12 and 14. 

 
5.	Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Call (US 20160057107 A1) in view of MorAES (US 20210232446 A1) in view of Baron(US 20070043861 A1) and further in view of GUPTA (US 20190012254 A1).

 As to claim 11, Call, MorAES and Baron do not teach wherein the computer software includes functionality to test the internal data for violations of the access constraints and to report errors resulting from testing the internal data. However, GUPTA teaches the computer software includes functionality to test the internal data for violations of the access constraints and to report errors resulting from testing the internal data (software program may include a bug, an error, a flaw, a failure, or a fault in the software program that causes the software program to produce an incorrect or unexpected result, to behave in unexpected ways, and/or the like. For example, the defects in the software program may include an arithmetic defect (e.g., division by zero, arithmetic overflow, loss of arithmetic precision, and/or the like), a logic defect (e.g., infinite loops, infinite recursion, off-by-one errors, and/or the like), a syntax defect (e.g., using an incorrect operator), a resource defect (e.g., a null pointer dereference, using an uninitialized variable, using an otherwise valid instruction on the wrong data type, access violations …), para[0068], ln 3-30/ process 400 may include generating one or more reports based on the one or more defects and the expected behavior of the software program (block 450). For example, software analytics platform 210 may generate one or more reports based on the one or more defects and/or the expected behavior of the software program, para [0076], ln 1-13). 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Call , MorAES, Baron and REUZEL with GUPTA to incorporate of the computer software includes functionality to test the internal data for violations of the access constraints and to report errors resulting from testing the internal data because this generates one or more reports based on the one or more defects associated with the software program and the expected behavior of the software program, and may provide the one or more reports. 

6. Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Call (US 20160057107 A1) in view of MorAES (US 20210232446 A1)  in view of Baron(US 20070043861 A1) in view of REUZEL (US 20210182131 A1) and further in view of Erickson (US 20090182565 A1). 

As to claim 13, Call, MorAES, Baron and REUZEL do not teach. However, Erickson teaches the services include one of a standard view, limited view, and diagnostic view (Next, at step 238, control is effectively returned to the generic subscriber portal 181 when the manager and monitor screen flow, which is encoded in the monitor view, is complete. The SDF may standardize the monitor views and associated APIs as several separate views such as performance, availability, trouble, usage, and the like, para [0148], ln 20-45).
 It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Call, MorAES and REUZEL with Erickson to incorporate of services include one of a standard view, limited view, and diagnostic view because this enables graphical representations of the plurality of AOs to be manipulated to create a new Application Object.                                 
                               
Response to the argument: 

7.	Applicant amendment filed on 04/20/2022  has been considered but they are not persuasive: 


Applicant argued in substance that : 
 (1) “  wherein the computer software is configured to adjust the access constraints of the API, wherein the access constraints of the API are created by merging a plurality of filters with fields that are any of included and excluded, and wherein the plurality of filters are for any of resources, workflows, sessions, users, and services. 
Independent Claims 15 and 18 are similarly amended. This includes the subject matter of Claims 9-10 as well as a further clarification that the filters are for any of resources, workflows, sessions, users, and services. The combination of Call in view of MorAES, REUZEL, and Louie fails to suggest these limitations”
 
8.	 Examiner respectfully disagreed with Applicant's remarks:
               As to the point (1),  One of the functions of the tier capture filter includes an optional mapping of individual function calls[API] to a function group, such as an I/O function group, a database access function group, and so on , para[0040], ln 1-5/ A number of different criteria may be used to include or exclude transactions in the tier capture filter 225. For example, the tier capture filter 225 may filter on a string associated with the transaction, such as transaction name, transaction URL, client name, database SQL strings in transaction, and so on… will recognize that filters may be combined[merging] to perform more complex filtering operations. One of ordinary skill in the art will also realize that additional filtering may be selectively invoked within the visualization system 250, to facilitate interactive diagnosis. ..and so on, para[0042].
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

                                                           Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LECHI TRUONG whose telephone number is ( 571) 272-3767.  The examiner can normally be reached on 10-8PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor,   SAM SOUGH can be reached on ( 571) 272-6799   . The fax phone number for the organization where this application or proceeding is assigned is 703-872-9306.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR of Public PAIP. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIP system, contact the Electronic Business Center (EBC) at 866-217-9197(toll-free).
/LECHI TRUONG/Primary Examiner, Art Unit 2194