DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 4/6/2022 has been entered.

Response to Arguments
Regarding claims rejected under 35 USC 103:
Applicant’s arguments have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of “HAMPI: A String Solver for Testing, Analysis and Vulnerability Detection.”

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 25-44 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 7 of U.S. Patent No. US 8,875,297 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the patent anticipate those of the instant application. For instance, exemplary claim 25 is disclosed by claims 1 and 7 of the patent. Independent claims 32 and 39 are likewise disclosed by claims 1 and 7 of the patent (the “executable operations” and  “program code executable by a data processing system to initiate operations” respectively executing the method). Instant claims 26-31, 33-38, and 40-44 depend on respective parent claims 25, 32, and 39, and are therefore likewise rejected.

Instant Application
US 8,875,297 B2
Claim 25. A method, comprising:

identifying a downgrader in a computer program under test;

performing, using a processor, testing on the downgrader in a first level of analysis; 

responsive to the downgrader not passing the testing performed in the first level of analysis:

automatically synthesizing a counter example for the downgrader; wherein the
automatically synthesizing the counter example for the downgrader comprises
encoding as a first logical formula a complement of a regular pattern asserting a
security property of a method corresponding to the downgrader and feeding the first
logical formula into a string-analysis solver;








creating a test unit for the downgrader using the counter example as an input parameter to the downgrader; and

executing the test unit to perform testing on the downgrader in a second level of analysis; and

responsive to the downgrader passing the testing performed in the second level of analysis, presenting to a user a prompt that prompts the user to simplify a model of the downgrader.
Claim 1. A method of analyzing a security specification, the method comprising:
identifying a downgrader in a computer program under test;

via a processor, performing testing on the downgrader in a first level of analysis;

responsive to the downgrader not passing the testing performed in the first level of analysis:

automatically synthesizing a counter example for the downgrader, wherein synthesizing the counter example for the downgrader comprises encoding as a first logical formula a complement of a regular pattern asserting a security property of a method corresponding to the downgrader, encoding as a second logical formula instructions of the method within a call graph, and feeding the first logical formula and the second logical formula into a string-analysis solver;








creating a test unit for the downgrader using the counter example as an input parameter to the downgrader; and

executing the test unit to perform testing on the downgrader in a second level of analysis.

Claim 7. The method of claim 1, further comprising:
responsive to the downgrader passing the testing performed in the second level of analysis, prompting a user to simplify a model of the downgrader.


Claims 25-44 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 7-8, and 14 of U.S. Patent No. US 8,863,292 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the patent anticipate those of the instant application. For instance, exemplary claim 32 is disclosed by claims 1 and 7 of the patent. Claim 39 is likewise disclosed by claims 8 and 14 of the patent for substantially the same reasons (i.e., similar language). Claim 25 is disclosed by claims 1, 7, 8, and 14 of the patent (i.e., the method being executed).  Instant claims 26-31, 33-38, and 40-44 depend on respective parent claims 25, 32, and 39, and are therefore likewise rejected.

Instant Application
US 8,863,292 B2
Claim 32. A system comprising:
a hardware processor configured to initiate executable operations comprising:

identifying a downgrader in a computer program under test; 

performing testing on the downgrader in a first level of analysis; 

responsive to the downgrader not passing the testing performed in the first level of analysis:

automatically synthesizing a counter example for the downgrader, wherein the
automatically synthesizing the counter example for the downgrader comprises
encoding as a first logical formula a complement of a regular pattern asserting a
security property of a method corresponding to the downgrader and feeding the first
logical formula into a string-analysis solver;







creating a test unit for the downgrader using the counter example as an input parameter to the downgrader; and

executing the test unit to perform testing on the downgrader in a second level of analysis; and

responsive to the downgrader passing the testing performed in the second level of analysis, presenting to a user a prompt that prompts the user to simplify a model of the downgrader.
Claim 1. A system comprising: 
a processor configured to initiate executable operations comprising:

identifying a downgrader in a computer program under test;

performing testing on the downgrader in a first level of analysis;

responsive to the downgrader not passing the testing performed in the first level of analysis:

automatically synthesizing a counter example for the downgrader, wherein synthesizing the counter example for the downgrader comprises encoding as a first logical formula a complement of a regular pattern asserting a security property of a method corresponding to the downgrader, encoding as a second logical formula instructions of the method within a call graph, and feeding the first logical formula and the second logical formula into a string-analysis solver;









creating a test unit for the downgrader using the counter example as an input parameter to the downgrader; and

executing the test unit to perform testing on the downgrader in a second level of analysis.

Claim 7. The system of claim 1, the executable operations further comprising:
responsive to the downgrader passing the testing performed in the second level of analysis, prompting a user to simplify a model of the downgrader.



Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 25-26, 30-33, 37-40, and 44 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rajan (US 2009/0089618 A1) in view of “Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications” (hereinafter “Saner”), Garland (US 6,289,502 B1), and “HAMPI: A String Solver for Testing, Analysis and Vulnerability Detection” (hereinafter “HAMPI”).

Regarding claim 25, Rajan discloses: A method, comprising:
identifying a [property] in a computer program under test;
performing, using a processor, testing on the [property] in a first level of analysis; 
Refer to at least the abstract, as well as to the first two stages in FIG. 3 of Rajan, wherein a property P is verified using model checking. 
responsive to the [property] not passing the testing performed in the first level of analysis:
Refer to at least “IF P IS FALSE” in FIG. 3 of Rajan.
automatically synthesizing a counter example for the [property];
Refer to at least the abstract, [0007], and “COUNTER EXAMPLE RUN” in FIG. 3 of Rajan with respect to generating a counterexample. 
creating a test unit for the [property] using the counter example as an input parameter to the [property]; and
executing the test unit to perform testing on the [property] in a second level of analysis; and
Refer to at least the abstract, [0006]-[0007], [0022], [0024], and  “WEB TEST CASES t@” FIG. 3 of Rajan with respect to generating a counterexample / witness. The counterexample / witness is used in creating a test case. The test case is executed.
responsive to the [property] passing the testing performed in the second level of analysis, presenting to a user a prompt.
Refer to at least [0024] of Rajan with respect to presenting a result to the tester for modification.
Rajan is generic for web applications (i.e., [0001] of Rajan), and does not disclose: downgrader; [presenting to a user a prompt] that prompts the user to simplify a model of the downgrader. Further, while Rajan discloses “generating counterexamples by negating a desirable property” in at least [0007], it does not specify: wherein the automatically synthesizing the counter example for the downgrader comprises encoding as a first logical formula a complement of a regular pattern asserting a security property of a method corresponding to the downgrader and feeding the first logical formula into a string-analysis solver. However, Rajan in view of Saner discloses: downgrader;
Refer to at least the abstract and section 3 of Saner with respect to performing a static analysis on sanitization routines. 
Rajan-Saner in view of Garland discloses: [presenting to a user a prompt] that prompts the user to simplify a model of the downgrader;
Refer to at least Col. 24, Ll. 11-30 of Garland with respect to a nondeterminism "remover" which, for example, prompts a user to provide a "chooser" function for each instance of a "choose" statement.  The non-determinism remover can also prompt the user to provide an "action selector" function to resolve the implicit nondeterminism resulting from multiple non-input actions being enabled in a state, or can aid in incorporating scheduling variables, for example, to implement a round-robin scheduling of actions.
Rajan-Saner-Garland in view of HAMPI discloses: wherein the automatically synthesizing the counter example for the downgrader comprises encoding as a first logical formula a complement of a regular pattern asserting a security property of a method corresponding to the downgrader and feeding the first logical formula into a string-analysis solver.
Refer to at least pages 9 and 11-12 of HAMPI with respect to constraints which may be negated and encoding them as a formula to be fed into an STP solver.
Since the teachings of both Rajan, Saner, and Garland concern software testing, they are considered to be combinable. The teachings of HAMPI likewise concern software testing and vulnerability analysis and are likewise combinable.
Therefore it would have been obvious to one of ordinary skill in the art at the time of Applicant’s invention to modify the teachings of Rajan with those of Saner to include support for testing sanitization routines of web applications for at least the reasons provided in the introduction of Saner (i.e., increasing the security of web applications). It further would have been obvious to modify Rajan-Saner with the teachings of Garland to include interactive tools to aid with transformations or derivations of system specifications for at least the purpose of increasing user efficiency (e.g., Col. 24, Ll. 7-30 of Garland). Finally, it would have been obvious to one of ordinary skill in the art to modify the teachings of Rajan-Saner-Garland with those of HAMPI implementing a strong solver because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time of the invention (i.e., Rajan’s negating a desirable property to generate a counterexample via use of the HAMPI tool).

Regarding claim 26, Rajan-Saner-Garland-HAMPI discloses: The method of claim 25, wherein the executing the test unit to perform testing on the downgrader in the second level of analysis comprises: receiving from the user a user input to initiate execution of the test unit.
Refer to at least 63 in FIG. 1 of Garland with respect to a user interface. Further refer to at least 120 in FIG. 1B of Garland with respect to validation tools. 
Refer to at least Col 8, Ll. 55-60 of Garland with respect to validation tools requiring user input based on validation output.
This claim would have been obvious for substantially the same reasons as claim 25 above.

Regarding claim 30, Rajan-Saner-Garland-HAMPI discloses: The method of claim 25, wherein the performing testing on the downgrader in the first level of analysis comprises: building a call graph rooted at a method corresponding to the downgrader; modeling instructions of the method corresponding to the downgrader within the call graph; asserting a pattern with respect to return variables in the call graph having the modeled instructions; and running a string-analysis solver on the pattern that is asserted.
Refer to at least sections 3.1 -3.1.3 of Saner with respect to the particular steps of the static analysis portion in Saner (e.g., creating a dependence graph; using string automata; determining intersections for automata).
This claim would have been obvious for substantially the same reasons as claim 25 above.

Regarding claim 31, it is rejected for substantially the same reasons as claims 25 and 30 above (i.e., the citations and obviousness rationale).

Regarding independent claim 32, it is substantially similar to independent claim 25, and is therefore likewise rejected (i.e., the citations and the obviousness rationale).

Regarding dependent claims 33 and 37-38, they are substantially similar to dependent claims 26 and 30-31 above, and are therefore likewise rejected.

Regarding independent claim 39, it is substantially similar to independent claim 25, and is therefore likewise rejected (i.e., the citations and the obviousness rationale).

Regarding dependent claims 40 and 44, they are substantially similar to dependent claims 26 and 30 above, and are therefore likewise rejected.

Allowable Subject Matter
Claims 27, 34, and 41 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The applied prior art does not teach the claim language. Claims 28-29, 35-36, and 42-43 depend on respective claims 27, 34, and 41, and are therefore objected to for at least that reason.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432