DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The 10/23/2020 IDS document has been considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 9-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because they are drawn to a “computer processor,” “a repository,” and a “taint propagation instrumenter executing on the computer processor,” which may be interpreted as software per se. For instance, the processor is not explicitly defined as either hardware, nor is it excluded as being software per se (e.g., [0072] of the instant specification which merely recites optional language). A processor may be a software processor, and thus software per se. The instrumenter is defined as being part of the processor, and is thus likewise interpretable as software per se. The repository is defined as “any type of storage unit and/or device” such as “e.g., a file system, database, collection of tables” in at least [0017] of the instant specification. As such, this element is likewise interpretable as software per se. 
Software per se is not considered to be patent-eligible subject matter. The dependent claims do not further specify the aforementioned elements, nor do they introduce additional hardware elements. As such, the dependent claims do not cure the deficiencies of their parent claim and are likewise rejected.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to the abstract idea of mathematical concepts (i.e., mathematical relationships and equations) without significantly more. The claim(s) recite(s) obtaining source code, visualizing the source code via use of an abstract syntax tree which identifies relationships within elements of the code, identifying a specific relationship within the AST (e.g., the information flow of a variable), modifying the AST to include nodes with instructions concerning taint status and tracking, and following the modified AST to identify a determination concerning the taint. However, this may be interpreted as an analyst charting out the AST via mental inference and, e.g., pen and paper. The analyst may modify the AST with nodes implying mathematical checks, and follow through the modified AST by plugging in values inferred from the code. Since all of these steps may be performed via mental inference and pen and paper, the claims are considered to fall under the judicial exception. 
It is noted that claims 1-8 do not recite any specific computer elements and can be directly mapped to the pen-and-paper interpretation.  
This judicial exception is not integrated into a practical application because generally linking the use of the judicial exception to a particular technological environment or field of use is not considered to be sufficient—see MPEP 2106.05(h). In this case, the independent claims link the judicial exception to taint detection, tracking, and vulnerability analysis by use of ASTs comprising nodes for such. However, this does not appear to be substantially overcome the pen and paper example above, as it merely comprises use of mathematical relationships / equations specific to the particular technological environment. While this limits the judicial exception to taint/vulnerability analysis, it appears to only generally link the use of the judicial exception to said environment (i.e., a suggestion to modify an AST to track taint for vulnerability analysis).
The claims further recite elements which may be considered sufficient to amount to significantly more than the judicial exception: “a first programming language,” “execution of a built-in operator implemented in a second programming language,” “a second programming language,” “the second programming language” implementing “an interpreter for the first programming language,” “a computer processor,” “a repository,” and “a taint propagation instrumenter.” 
However, these elements are not sufficient to amount to significantly more than the judicial exception because:
For “a first programming language,” “execution of a built-in operator implemented in a second programming language,” “a second programming language,” “the second programming language” implementing “an interpreter for the first programming language,” adding a specific limitation other than what is well-understood, routine, conventional activity in the field is not considered to be sufficient—see MPEP 2106.05(d). These elements merely further specify the source code which is turned into the AST, and it is generally well-understood, routine, and conventional activity in the field to perform language-independent flow tracking, for e.g., languages instrumented on top of JVM. For instance, refer to at least the abstract, as well as to “Language Independence” and the described contributions (numbers 1-4 on page 347) in the Introduction of the “Language-Independent Information Flow Tracking Engine for Program Comprehension Tools” NPL reference. 
For “a computer processor,” “a repository,” and “a taint propagation instrumenter,” adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea is not considered to be sufficient—see MPEP 2106.05(f). These elements merely recite the base elements of any computer for performing the judicial exception (i.e., processor and memory). 
The dependent claims are likewise rejected under this analysis as above, since they are considered to merely further specify the judicial exception in greater detail (e.g., further specifying how the AST is structured and additional mathematical relationships / equations). They do not indication of integration into a practical application nor specify limitations indicative of significantly more than the judicial exception.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 7 and 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Each of claims 7 and 15 recite an observation of values of the first variable being untainted and replacing a node thereafter. However, their respective parent claims each only recite nodes with functionality for determining that “the first non-constant value is tainted.” The respective parent claims do not recite any functionality for determining that the value is untainted. Accordingly, claims 7 and 15 are not clear because they rely on functionality which is not recited in their parent claims. 
It is further noted that each of the respective parent claims recites an explicit step of adding a tainted object. As such, claims 7 and 15 further appear to be contradictory to the steps recited in their respective parent claims (i.e., the parent claims find tainted objects, whereas claims 7 and 15 trigger upon there being no tainted objects). 
Claims 7 and 15 have not been examined under prior art considerations, as it is not clear how the claimed invention would function. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-3, 5-6, 8-11, 13-14, 16-18, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Language-Independent Information Flow Tracking Engine for Program Comprehension Tools,” hereinafter “Azadmanesh” in view of Kikuchi (US 2009/0193497 A1).

Regarding claim 1, Azadmanesh discloses: A method for instrumenting an abstract syntax tree, comprising: determining that a first non-constant value of a first variable corresponding to a first variable node of the abstract syntax tree flows into a first operator node in the abstract syntax tree, wherein the abstract syntax tree is generated from source code; 
Refer to at least TABLE II on page 352, the last paragraph on page 349, section V.B. AST node classes, and the last paragraph in VI of Azadmanesh with respect to tagging AST nodes based on, e.g., the flow of variables associated with the node.
Refer to at least section II of Azadmanesh with respect to generating an abstract syntax tree from source code.
adding, to the abstract syntax tree, a first [wrapper] node comprising functionality to: 
[intercept access to a wrapped node and provide information to a shadow node], and 
return the first non-constant value to the first operator node, wherein the first operator node generates a first result value by executing a first operator using the first non-constant value; 
Refer to at least FIG. 2(b), section IV, and section VI of Azadmanesh with respect to wrapper nodes and associated event listeners for intercepting access to wrapped nodes before and after the node is visited. The wrapper nodes are dynamically inserted and correspond to the tags. 
Refer to at least section III with respect to tracking tainted values. 
adding, to the abstract syntax tree, a first set taint node that stores, based on [the information from the wrapper node], the first result value in a first tainted object; and 
Refer to at least FIG. 2(c)-3, section III.A.1, and sections IV-VI of Azadmanesh with respect to shadow nodes and container object for storing and keeping track of variables.  
performing, using the abstract syntax tree, a taint analysis of the source code to identify a vulnerability in the source code.
Refer to at least section III of Azadmanesh with respect to computer security and preventing unauthorized information flow.
Refer to at least the conclusion of Azadmanesh with respect to tracking information flow via AST.
Azadmanesh discloses wrapper nodes and tracking tainted values, but may not specifically disclose: a first check taint node comprising functionality to: make a first taint status determination that the first non-constant value is tainted; a first set taint node that stores, based on the first taint status determination, the first result value in a first tainted object. However, Azadmanesh in view of Kikuchi discloses: a first check taint node comprising functionality to: make a first taint status determination that the first non-constant value is tainted; a first set taint node that stores, based on the first taint status determination, the first result value in a first tainted object. 
Refer to at least [0065], [0075], [0092], and [0095] of Kikuchi with respect to inserting runtime checks. Further refer to at least the abstract and [0040]-[0043] with respect to templates.
Refer to at least [0077], [0127]-[0129] of Kikuchi with respect to exemplary checks.
The teachings of Azadmanesh and Kikuchi both concern ASTs and insertion of checks, and are considered to be within the same field of endeavor and combinable as such. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Azadmanesh to specifically include wrapper nodes and shadow nodes for taint tracking based on policy for at least the purpose of further extending flow tracking to identify tainted values and provide security from, e.g., XSS and injection attacks (see at least [0004]-[0009] of Kikuchi).

Regarding claim 2, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations to Azadmanesh and Kikuchi; e.g., the wrapper node intercepts access to the wrapped node).

Regarding claim 3, Azadmanesh-Kikuchi discloses: The method of claim 2, wherein the source code is represented in a first programming language, wherein the first operator node corresponds to an execution of a built-in operator implemented in a second programming language, and wherein the second programming language implements an interpreter for the first programming language.
Refer to at least the abstract, as well as to “Language Independence” and the described contributions (numbers 1-4 on page 347) in the Introduction of Azadmanesh with respect to language-independent flow tracking, for e.g., languages instrumented on top of JVM.

Regarding claim 5, Azadmanesh-Kikuchi discloses: The method of claim 1, further comprising: making a decision to perform taint propagation based on applying a policy for the first operator, wherein the first check taint node makes the first taint status determination in response to the decision to perform taint propagation.
Refer to at least the abstract, [0090]-[0092], and FIG. 2 of Kikuchi with respect to policy for, e.g., redirector functions which are inserted and used to implement security policies.
This claim would have been obvious for at least the same reasons as claim 1 above.

Regarding claim 6, Azadmanesh-Kikuchi discloses: The method of claim 1, further comprising: determining that a second non-constant value of a second variable corresponding to a second variable node in the abstract syntax tree flows into a second operator node in the abstract syntax tree, wherein the second non-constant value has a first type; and 
Refer to at least TABLE II on page 352, the last paragraph on page 349, section V.B. AST node classes, and the last paragraph in VI of Azadmanesh with respect to tagging AST nodes based on, e.g., the flow of variables associated with the node.
Refer to at least section II of Azadmanesh with respect to generating an abstract syntax tree from source code.
adding, to the abstract syntax tree, a second check taint node comprising functionality to: make a second taint status determination that the second non-constant value is tainted (refer to at least [0065], [0075], [0092], and [0095] of Kikuchi with respect to inserting runtime checks. ), detect an implicit call to a function to convert the second non-constant value to a second type, send the second non-constant value to the function, wherein the function generates a converted value having the second type using the second non-constant value, and 
Refer to at least FIG. 2(b) of Azadmanesh with respect to multiple wrapper nodes for multiple wrapped nodes; intercepting values. 
Refer to at least section III of Azadmanesh being applicable to tracking implicit information flow once control dependencies are determined.
return the converted value to a second operator node in the abstract syntax tree, wherein the second operator node generates a second result value by executing a second operator using the converted value.
Refer to at least FIG. 2(b)-(c) of Azadmanesh with respect to information flow. 
This claim would have been obvious for at least the same reasons as claim 1 above.

Regarding claim 8, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations concerning the shadow node).

Regarding independent claim 9, it is substantially similar to independent claim 1 above, and is therefore rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding dependent claims 10-11, 13-14, and 16, they are substantially similar to claims 2-3, 5-6, and 8 above, and are likewise rejected.

Regarding independent claim 17, it is rejected for substantially the same reasons as independent claim 1 above (i.e., the citations and obviousness rationale applied to claim 1 are likewise considered to be applicable to the language of claim 17).

Regarding dependent claims 18 and 20 they are substantially similar to claims 2 and 5 above, and are likewise rejected.

Claim(s) 4, 12, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Azadmanesh-Kikuchi as applied to claims 1-3, 5-6, 8-11, 13-14, 16-18, and 20 above, and further in view of Hsueh (US 2016/0094574 A1).

Regarding claim 4, Azadmanesh-Kikuchi does not explicitly disclose: wherein the first taint status determination is based on the first non-constant value being an object comprising a taint status flag indicating that the object is tainted. However, Azadmanesh-Kikuchi in view of Hsueh discloses: wherein the first taint status determination is based on the first non-constant value being an object comprising a taint status flag indicating that the object is tainted.
Refer to at least [0040] of Hsueh with respect to flagging tainted variables for taint analysis. 
The teachings of Azadmanesh-Kikuchi and Hsueh relate to taint analysis and are considered to be within the same field of endeavor and combinable as such. Azadmanesh further discloses tracking variable values and metadata.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Azadmanesh-Kikuchi to explicitly flag tainted variables because  all of the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art at the time.

Regarding claims 12 and 19, they are substantially similar to claim 4 above, and are therefore likewise rejected. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Of particular relevance is the “Towards Efficient, Multi-Language Dynamic Taint Analysis” NPL filed October 2019 and having a difference in inventive entity. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432