Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they do not include the following reference sign(s) mentioned in the description: Reference number 512 (paragraph [0033], for detection reporting component) is not found in the drawings (Figure 5).  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
In addition to Replacement Sheets containing the corrected drawing figure(s), applicant is required to submit a marked-up copy of each Replacement Sheet including annotations indicating the changes made to the previous version.  The marked-up copy must be clearly labeled as “Annotated Sheets” and must be presented in the amendment or remarks section that explains the change(s) to the drawings.  See 37 CFR 1.121(d)(1).  Failure to timely submit the proposed drawing and marked-up copy will result in the abandonment of the application.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION. —The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 5, 10, 16 and 17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 5 and claim 16 recite “the CFG”. There is insufficient antecedent basis for this limitation in the claim. Claim 1, upon which claim 5 and 16 depend, refers to a traceable data structure but does not explicitly say it is CFG. For examination purpose “traceable data structure” and “CFG” will be treated as the same. The examiner suggests replacing “CFG” in claim 5 and 16 with “traceable data structure” to rectify the issue. 
Claim 10 recites “the script vulnerability”. There is insufficient antecedent basis for this limitation in the claim. Claim 1, upon which claim 10 depends, refers to script-based attacks but does not explicitly say it is a script vulnerability. For examination purpose “script vulnerability” and “script-based attack” will be treated as the same. The examiner suggests replacing “script vulnerability” in claim 5 with “script-based attack” to rectify the issue. 
Claim 17 recites “the control script”. There is insufficient antecedent basis for this limitation in the claim. Claim 1, upon which claim 17 depends, does not explicitly disclose control script. Therefore, the scope of the claim is unclear. For examination purpose, examiner has interpreted “control script” in claim 17 the same as it is in claim 3 where it was first introduced.  

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1, 8-14, 16-17 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Sawhney et al (US PG-PUG No. 20180300480 A1).
Regarding claim 1, Sawhney et al teaches a method of detecting script-based attacks (paragraph [0006]: A method to safeguarding against end user script-based attacks), comprising: 
receiving a traceable data structure, the traceable data structure comprising a set of runtime JavaScript execution data points and one or more associated event chains that include the execution data points and their relative ordering (paragraph [0010]: a method includes: receiving a plurality of benign web content, each web content having a script (JavaScript); extracting the scripts from each of the plurality of benign web content; extracting structural features (execution data points and event chains) from the scripts; building a plurality of abstract syntax trees (ASTs) (traceable data structure) using the structural features of the scripts; clustering the plurality of ASTs into common clusters of ASTs by means of a predetermined tree edit distance; and generalizing the common clusters of ASTs into a plurality of generalized ASTs (GASTs) by means of associating a common node that is predictive of a particular type of script), 
the traceable data structure having been generated in a client browser in association with a first interaction with a view of a page; and performing a behavioral execution analysis on the traceable data structure and at least one other traceable data structure representing a second interaction with the page view; and responsive to the behavioral execution analysis, identifying an attack (paragraph [0048]: Once the structure of the script has been determined and an AST created, in step 503, the policy 103 will compare the determined structure (traceable data structure) of the unclassified end user browser (client browser) 112 with the plurality of generalized ASTs (at least one other traceable data structure). At step 505, the determined structure of the unclassified script will be determined if it is a match with the plurality or set of generalized ASTs. A match may be a predetermined tree edit distance or some threshold of a predetermined tree edit distance. If there is a match within the predetermined tree edit distance, then the script is classified as benign (509). Otherwise, the script is classified as malicious (507) (identifying an attack). The policy 103 can be configured in detection or blocking mode—in detection mode, the policy 103 will not block the behavior and send an alert or notification to the management system 150 and/or the server 110. If any portion of the web application 105 does not meet the constraints, then an alert may be provided to the administrator of the server 110 indicating the issue with the web application. In blocking mode, the policy 103 will both block the malicious behavior and alert the management system 150. Paragraph [0039]: A predetermined tree edit distance (d) is a value for the threshold of comparison of one tree to another. The larger d is, the looser the match with a given tree).
Regarding claim 8, Sawhney et al teaches all of the features with respect to claim 7,  
Sawhney et al further teaches wherein the code execution-collected data comprises at least one of: command type, constructor, property, element name, element attribute, unique DOM object identifier, parent node identifier, asynchronous trace identifier, sibling node identifier, script originator source identifier, outgoing URL, sensitive data area type, and one or more event descriptors ([0042] FIG. 4 illustrates an example GAST (Generated AST) generally at 400. Where node 403 represents the class user, node 405 represents the password being 6 characters long, node 407 represents the user's ID, and node 409 represents the string name. While the GAST 400 illustrated is discussed with respect to script code, this is not intended to be limiting. For example, the structural feature extraction scenario 300 can be used to extract structural features from a variety of different types of code (examples of which are listed above). The GAST 400 includes various aspects that can be used to characterize the structure as being associated with a log-in function 401. [0043] For an example, suppose at node 407 in the ASTs in a cluster has values {2345, 6789, 9788, 9090} at AST node 407. In the context of an online banking website, these values probably correspond to individuals account numbers or ID).
Regarding claim 9, Sawhney et al teaches all of the features with respect to claim 8, as outlined above.
	Sawhney et al further teaches wherein the CFG is received as a compressed and serialized binary representation in which the code execution-collected data is encoded (paragraph [0047]: Once the web application 105 is received at the end user browser 112, the browser will compile or interpret the script portion of the web application 105 into web assembly code, or WebAssembly code, wherein the operations of the application 105 may be translated from the first language to the WebAssembly language. This WebAssembly code is a standard that defines a binary format and a corresponding assembly-like text format for executable code in Web pages).
Regarding claim 10, Sawhney et al teaches all of the features with respect to claim 1, as outlined above.
	Sawhney et al further teaches responsive to identifying the script vulnerability, updating a policy associated with the webpage; and instantiating the updated policy (paragraph [0049]: With such a strict black or white, meet or not threshold, policy 103, there are bound to be false positives/negatives or misclassifications on the malicious side, though the benign side is a possibility too. As such the policy 103 will learn or train from the false positives. The server 110 once notification is received may allow the web application 105 to run, therein creating an exception to the policy (update policy) 103 as a script was misclassified (511). Instead of or in combination with allocating for an exception, the policy 103 will review (515) the false positive, and in particular the tree edit distance, otherwise the process 500 ends (513).).
Regarding claim 11, Sawhney et al teaches all of the features with respect to claim 10, as outlined above.
	Sawhney et al further teaches wherein the updated policy is instantiated in the client browser (paragraph [0049]: Once the training or machine learning is accomplished the updated generalized AST replaces previous GAST (517) to limit miscalculations in future comparisons. Paragraph [0048]: Once the structure of the script has been determined and an AST created, in step 503, the policy 103 will compare the determined structure of the unclassified end user browser 112 with the plurality of generalized ASTs).
Regarding claim 12, Sawhney et al teaches all of the features with respect to claim 1, as outlined above.
	Sawhney et al further teaches wherein the first and second interactions differ from one another in at least one of: geographic-specific content associated with the page, different browsers, different platforms, and different installed extensions and software on a respective end user's machine (Paragraph [0024]: End user devices (different platforms) 114 can each be a user device, subscriber equipment, customer equipment, access terminal, smartphone, personal digital assistant (PDA), computer, tablet computing device, e-book, Internet appliance, media player, game console, or some other user communication apparatus, including combinations thereof. Paragraph [0029]: In operation, end user devices 114 generate requests (interactions) for network content from server 110, such as Internet web pages or media content 105 such as videos, documents, pictures, and music. Upon receipt of a request, the server 110 processes the requests and supplies (get function) the required content, e.g. web application 105 to the requesting device 114. The end user browser 112 compiles and runs the web application 105 on the end user device 114).
Regarding claim 13, Sawhney et al teaches all of the features with respect to claim 1, as outlined above.
	Sawhney et al further teaches wherein at least one associated event chain represents one of: a synchronous flow, and an asynchronous flow (paragraph [0025]: Communication links (event chain) 170-172 can each use various communication protocols, such as Time Division Multiplex (TDM), asynchronous transfer mode (ATM), Internet Protocol (IP), Ethernet, synchronous optical networking (SONET), hybrid fiber-coax (HFC), circuit-switched, communication signaling, wireless communications, or some other communication format, including combinations, improvements, or variations thereof).
Regarding claim 14, Sawhney et al teaches all of the features with respect to claim 1, as outlined above.
	Sawhney et al further teaches wherein performing behavioral execution analysis comprises one of: performing frequency-based inferencing using a statistical machine learning model that tries to predict a next event in an event chain; and applying a deep learning model that traverses each logical event chain to learn an execution order of the code, and that attempts to predict anomalies by following a code execution path and identifying deviation from one or more context norms represented in the deep learning model (Paragraph [0008]: This disclosure outlines an automated approach for accurately modeling the structure of embedded scripts using language based and machine learning based techniques to abstract the dynamism of similar scripts. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part. This disclosure outlines the ability to infer the structure of scripts and then use that in detection, protection, and remediation in a variety of applications in the context of information security).
Regarding claim 16, Sawhney et al teaches all of the features with respect to claim 1, as outlined above.
	Sawhney et al further teaches wherein performing behavioral execution analysis includes inspecting web resources detected in the CFG to identify one of: known vulnerabilities, and changes that are indicative of script integrity (paragraph [0007]: enables the ability to whitelist legitimate scripts (integrity changes), weed out non-matching scripts (vulnerabilities), and infer false positives and true attacks from raw events).
Regarding claim 17, Sawhney et al teaches all of the features with respect to claim 1, as outlined above.
	Sawhney et al further teaches wherein the control script is delivered by a content delivery network (paragraph [0051]:  communication interface 601 is configured to communicate with cache nodes of the content delivery network to configure the cache nodes with HTTP acceleration services and applications).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 5-7 are rejected under 35 U.S.C. 103(a)(1) as being unpatentable over Sawhney et al (US PG-PUG No. 20180300480 A1) in view of Chari et al (US PATENT No. 10902121 B2).
Regarding claim 2, Sawhney et al teaches all of the features with respect to claim 1, as outlined above.
	Sawhney et al does not appear to explicitly teach CFG. However, Chari et al teaches wherein the traceable data structure is a call flow graph (CFG) (paragraph (60): The control flow graph 401 comprises nodes and edges, wherein the nodes of the control flow graph represent functions or instructions, and the edges thereof represent calls, or the like. Thus, an edge in the call flow graph may represent caller and callee, together with a value that represents a call sequence). 
Sawhney et al and Chari et al are both considered to be analogous to the claimed invention because they are in the same field of teaching determining anomalous behavior in an application program using structural representation (AST and CFG) for script structures analysis of webpages. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the abstract syntax trees script structure disclosed by Sawhney et al with adding call flow graph disclosed by Chari et al. 
One of ordinary skill in the art would have been motivated to make these modifications in order to facilitate securing the program against attack, as suggested by Chari et al (paragraph (1)).
Regarding claim 5, Sawhney et al teaches all of the features with respect to claim 1, as outlined above.
	Sawhney et al does not appear to explicitly teach CFG. However, Chari et al teaches wherein the CFG comprises a set of nodes, wherein a given node is associated with a particular JavaScript execution data point (paragraph (60): The control flow graph (CFG) 401 comprises nodes and edges, wherein the nodes of the control flow graph represent functions or instructions (execution data point)). It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the abstract syntax trees script structure disclosed by Sawhney et al with adding call flow graph disclosed by Chari et al. One of ordinary skill in the art would have been motivated to make these modifications in order to facilitate securing the program against attack, as suggested by Chari et al (paragraph (1)).
Regarding claim 6, Sawhney et al teaches all of the features with respect to claim 5, as outlined above.
	Sawhney et al does not appear to explicitly teach, but Chari et al teaches wherein a given node is enriched to include one or more attributes describing the execution data point represented by that given node (paragraph (58):  these flow graphs are generated by recording events and marking them with metadata (attributes) as control flow, or data flow. Thus, for example, the metadata may annotate call graphs (e.g., to identify branches, calls, system calls, returns, indirect branches, indirect calls, etc.), identify count instructions, memory writes, the values of the EIP register (that holds the extended instruction pointer for the stack), and so forth). It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to make modification disclosed by Sawhney et al with adding attributes to given node disclosed by Chari et al. One of ordinary skill in the art would have been motivated to make these modifications in order to facilitate securing the program against attack, as suggested by Chari et al (paragraph (1)).
Regarding claim 7, Sawhney et al teaches all of the features with respect to claim 6, as outlined above.
	Sawhney et al does not appear to explicitly teach, but Chari et al teaches wherein the given node comprises a set of code execution-collected data (paragraph (56):  data about the program's execution is collected by instrumenting the program and monitoring events in the program as it executes (preferably over multiple invocations), and recording the events with metadata related to control flow or data flow). It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to make modification disclosed by Sawhney et al with adding a set of code execution-collected data disclosed by Chari et al. One of ordinary skill in the art would have been motivated to make these modifications in order to facilitate securing the program against attack, as suggested by Chari et al (paragraph (1)).
Claims 3-4 are rejected under 35 U.S.C. 103 as being unpatentable over Sawhney et al (US PG-PUG No. 20180300480 A1) and Chari et al (US PATENT No. 10902121 B2) in view of Ross (US PG-PUB No. 20070113282 A1).
Regarding claim 3, Sawhney et al and Chari et al, hereinafter SC, teaches all of the features with respect to claim 2, as outlined above.
	SC does not teach injecting a control script at the client browser. However, Ross teaches wherein the CFG is generated at the client browser by injecting a control script in the page (paragraph [0026]: hook script generator 244 may create a generic hook script (control script) off-line for archive or reading in (inject) to a remote client through a network 208 or other delivery means. In this manner, a script manufacturer may design and distribute a hook script for use by a plurality of client end-users). 
SC and Ross are both considered to be analogous to the claimed invention because they are in the same field of teaching detecting and disabling malicious script code. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to make modification disclosed by SC with adding control script disclosed by Ross. 
One of ordinary skill in the art would have been motivated to make these modifications in order to provides a run-time detection and control of the data content processing, as suggested by Ross (abstract).
Regarding claim 4, Sawhney et al and Chari et al, hereinafter SC, teaches all of the features with respect to claim 3, as outlined above.
	SC does not teach, but Ross teaches wherein the control script runs in the browser as a first script before any page script such that all execution flows in the page are controlled by and pass through the control script (paragraph [0026]: The distributed hook script (control script) may be read in to a web browser prior to (first script) reading in any web page in order to provide run-time detection and control of the data content processing for the remote client). It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to make modification disclosed by SC with adding control script disclosed by Ross. One of ordinary skill in the art would have been motivated to make these modifications in order to provides a run-time detection and control of the data content processing, as suggested by Ross (abstract).
Claims 15 is rejected under 35 U.S.C. 103 as being unpatentable over Sawhney et al (US PG-PUG No. 20180300480 A1) in view of Kalle (US PATENT No. 8826444 B1).
Regarding claim 15, Sawhney et al teaches all of the features with respect to claim 1, as outlined above.
	Sawhney et al does not teache domain reputation score. However, Kalle teaches wherein performing behavioral execution analysis includes computing a domain reputation score (paragraph (61): The BASH (short for "Behavioral Analysis and Signature Heuristics") system may represent a system that analyzes the behavior of an application to determine whether an application is malicious or otherwise suspect. Paragraph (65): web domain classification module 110 may classify the web domain identified in step 302 by calculating a reputation score for the same based at least in part on reputation scores associated with clients that have attempted to access the web domain, using a weighting system that assigns weights to each of a variety of calculations based on client reputations. Web domain classification module 110 may then take a sum or multiple (or other aggregate) of the weights to calculate a reputation score for the web domain in question).
Sawhney et al and Kalle are both considered to be analogous to the claimed invention because they are in the same field of teaching detecting malicious script from web domains. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to make modification disclosed by Sawhney et al with adding calculating domain reputation score disclosed by Kalle. 
One of ordinary skill in the art would have been motivated to make these modifications in order to classify web domain as secure or not secure by calculating domain reputation score, as suggested by Kalle in paragraph (90).

Claims 18 is rejected under 35 U.S.C. 103(a)(1) as being unpatentable over Sawhney et al (US PG-PUG No. 20180300480 A1) in view of Ross (US PG-PUB No. 20070113282 A1). 
Regarding claim 18, Sawhney et al teaches 
a computer program product in a non-transitory computer-readable medium, the computer program product comprising computer program instructions executed across a set of hardware processors to protect integrity of a page, the computer program instructions comprising (Paragraph [0053]: Processing circuitry 605 comprises microprocessor and other circuitry that retrieves and executes operating software 607 from memory device 606. Memory device 606 comprises a non-transitory storage medium, such as a disk drive, flash drive, data storage circuitry, or some other memory apparatus (e.g. script repository 216). Processing circuitry 605 is typically mounted on a circuit board that may also hold memory device 606 and portions of communication interface 601 and user interface 602. Software 607 comprises computer programs, firmware, or some other form of machine-readable processing instructions. Software 607 includes crawler module 608, extractor module 609, and script modeler module 610, comparison module 612, recursion module 614, although any number of software modules may provide the same operation. Software 607 may further include an operating system, utilities, drivers, network interfaces, applications, or some other type of software. When executed by processing circuitry 605, software 607 directs processing system 603 to operate management computing system 600 as described herein): 
an event processor configured (i) to receive a binary file, the binary file having been generated at a client browser in association with a view of the page (paragraph [0047]: Once the web application 105 is received at the end user browser 112, the browser will compile or interpret the script portion of the web application 105 into web assembly code, or WebAssembly code that defines a binary format and a corresponding assembly-like text format for executable code in Web pages), 
the binary file comprising a traceable data structure identifying a set of runtime JavaScript execution data points and one or more associated event chains that include the execution data points and their relative ordering (Paragraph [0010]: extracting structural features (execution data points and event chains) from the scripts; building a plurality of abstract syntax trees (ASTs) (traceable data structure) using the structural features of the scripts (JavaScript); clustering the plurality of ASTs into common clusters of ASTs by means of a predetermined tree edit distance; and generalizing the common clusters of ASTs into a plurality of generalized ASTs (GASTs) by means of associating a common node that is predictive of a particular type of script.), and 
(ii) perform a behavioral analysis on the traceable data structure to identify an active attack (paragraph [0037]: An AST (abstract syntax tree which is a kind of traceable data structure) is an internal data structure built by a parser after performing syntactic analysis (behavior analysis) of a script or a program. Paragraph [0047]: a process 500 for detecting script-based malware may be utilized. [0048]: Once the structure of the script has been determined and an AST created, in step 503, the policy 103 will compare the determined structure of the unclassified end user browser 112 with the plurality of generalized ASTs. If there is a match within the predetermined tree edit distance, then the script is classified as benign (509). Otherwise, the script is classified as malicious (507)); and 
a policy engine configured (i) to receive information about the active attack and in response thereto generate a policy update associated with the page, and (ii) output the policy update to mitigate the active attack (Paragraph [0048]: The policy 103 can be configured in detection or blocking mode—in detection mode, the policy 103 will not block the behavior and send an alert or notification (output the policy update) to the management system 150 and/or the server 110. If any portion of the web application 105 does not meet the constraints, then an alert may be provided to the administrator of the server 110 indicating the issue with the web application. In blocking mode, the policy 103 will both block the malicious (attack) behavior and alert the management system 150).
Sawhney et al does not teach control script, but Ross teaches a control script configured into the page at a position such all execution flows on the page are controlled by and pass through the control script (paragraph [0026] The distributed hook script (control script) may be read in to a web browser prior to (first script) reading in any web page in order to provide run-time detection and control of the data content processing for the remote client); It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to make modification disclosed by Sawhney et al with adding control script disclosed by Ross. One of ordinary skill in the art would have been motivated to make these modifications in order to provides a run-time detection and control of the data content processing, as suggested by Ross (abstract).

Claims 19 is rejected under 35 U.S.C. 103(a)(1) as being unpatentable over Sawhney et al (US PG-PUG No. 20180300480 A1) and Ross (US PG-PUB No. 20070113282 A1) in view of Chari et al (US PATENT No. 10902121 B2).
Regarding claim 19, Sawhney et al and Ross teaches all of the features with respect to claim 18, as outlined above.
	Sawhney et al and Ross do not teach wherein the traceable data structure is a call flow graph (CFG). However, Chari et al teaches CFG. (paragraph (60): The control flow graph 401 comprises nodes and edges, wherein the nodes of the control flow graph represent functions or instructions, and the edges thereof represent calls, or the like. Thus, an edge in the call flow graph may represent caller and callee, together with a value that represents a call sequence). It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the traceable data structure disclosed by Sawhney et al with adding call flow graph disclosed by Chari et al. One of ordinary skill in the art would have been motivated to make these modifications in order to facilitate securing the program against attack, as suggested by Chari et al (paragraph (1)).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure:
Sahita et al (US PATENT No. 9898605 B2) disclose monitoring executed script for zero-day attack of malware.
Abadi et al (US PG-PUG No. 20190347422 A1) disclose system and method for identifying vulnerabilities in code due to open source usage.
Gupta (US PATENT No. 10447730 B2) disclose detection of SQL injection attacks.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASMINE M DAY whose telephone number is (571)272-0067. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 571-272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.M.D./Examiner, Art Unit 2499      
/PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499