Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This office action is in response to application filed 9/7/2022. Claims 1, 3-8, 10-15, and 17-21 are currently pending and claim 2, 9, and 16 are cancelled. Claims 1, 8, and 15 are the independent claims.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-4, 6-8, 10-11, 13-15, 17-18, and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Moniz et al (herein called Moniz) (US Patent 9,558,106 B1) and Sun et al. (herein called Sun) (US Patent 8,001,422 B2) in further view of Reshef et al. (herein called Reshef) (US Patent 6,584,569 B2).
As per claim 1, Moniz teaches a computer-implemented method comprising:
automatically intercepting, by one or more processors, one or more of a plurality of requests in real-time for a deployed target application (col. 2 lines 13-55, col. 4 lines 10-65, col. 5 lines 5-30, col. 16 lines 45-55, col. 11 lines 10-40, users transmit client requests (plurality of requests) to production software system (deployed target application) and interceptor intercepts at least some/a percentage of/etc. requests using sampling rules and forwards the requests to production system for processing and production system provides a response to the requests which is relayed to user, and interceptor also forwards duplicate of intercepted requests to testing service for use in testing. As the client/user requests are intercepted by the interceptor when users transmits requests to a production software system and the production system processes the requests and provides a response which is relayed to the user, the interceptor automatically intercepts the requests in real-time/as they are transmitted to production software system for processing/etc.);
modifying, by the one or more processors, the one or more of the plurality of intercepted requests to generate one or more modified action on the target application (col. 6 lines 53-65, col. 8 lines 25-37, parameters of intercepted requests are modified to simulate specific behavior for test purposes before being used for testing/replayed on systems being tested/etc. As the intercepted request is modified to simulate a specific behavior for test purposes, the simulated specific behavior resulting from the modification is a generated action/test action/etc. on the target application.),
and wherein the generated one or more malicious requests are based on different types of real-time user requests (col. 5 lines 5-30, col. 6 lines 53-60, col. 8 lines 25-37, interception of client/user request to software system/application (real time user request) may include intercepting a first percentage of a first type of client/user request  such as a product search, purchase order, etc. (first type of real time user/client request) and a second percentage of a second type of client/user request (second/different type of user request), and parameters of intercepted requests are modified (generate one or more actions) to simulate specific behavior for test purposes before being used for testing/replayed on systems being tested/etc.. As the intercepted request are different types of client/user requests such as product search/purchase order/etc. that have been intercepted when the client/user makes the request to the production software system/application, it is obvious that the requests are real-time user/requests made by clients/etc. that are modified to generate the generated actions used in testing, and as Reshef teaches that the modified requests/generated actions/etc. used in testing may be malicious requests used in testing, as seen below, it is obvious that the generated actions based on different types of real-time user/client requests may be malicious requests based on different types of real-time user/client requests.);
directing, by the one or more processors, only the generated one or more malicious requests to an offline instance of the target application, wherein the offline instance is a duplicate of the target application (col. 5 line 30-col. 6 line 12, col. 6 lines 53-65, col. 16 lines 55-67, candidate stack and authority stack are software systems such as software systems/applications to be validated, implementation of software being adopted for production system, most recent version of software system of production system, mirror copies of production software system (duplicate of target application), etc., (offline instance of target application/production software system/etc.) and intercepted requests are modified/candidate requests created/etc. and sent to/received by/replayed on/etc. candidate authority systems/stacks/etc. (direct only generated/modified malicious request/candidate request/etc. to offline instance of target application/candidate and authority stack/system/etc. being tested) and candidate stack/authority stack/offline instance processes the request based on their software systems/testing occurs/etc. As the candidate stack and authority stack are software systems such as applications being validated/tested, most recent version of production system, mirror copies of production software system/target application, etc., it is obvious that the candidate stack and authority stack may be duplicate/copies/versions/mirrors of/etc. of the target application/production software system which are offline instances of the target application/copies not being used in/deployed to/etc. production system/etc. being used for testing/validation/etc., and as Reshef teaches that the modified requests/generated actions generated from the intercepted requests may be malicious requests, as seen below, it is obvious that the modified requests/generated actions sent to the offline/duplicate instance of the target application may be generated malicious requests.);
receiving, by the one or more processors, a response to the generated one or more malicious requests from the offline instance of the target application in real-time, wherein the response indicates a security level of the target application (col. 5 lines 30-45, col. 6 line 30-col. 7 line 35, col. 9 line 60-col. 10 lines 55, intercepted/candidate/modified/etc. request is replayed/executed/processed by candidate stack/authority stack/offline instance of target application/etc. to perform testing, response/result/etc. of processing the modified/candidate/intercepted request by the candidate/authority stack/offline instance is generated/received/provided/etc. (receive response to modified requests from the offline instance of the target application/candidate stack/authority stack in real time/after executing/replaying/processing malicious request) and response is analyzed to analyze/determine/etc. performance of offline instance/candidate stack/authority stack such as numbers of bugs/errors, identify failing service, system performance levels/memory usage/processor usage/etc., response times, etc., determine whether the performance is acceptable or unacceptable based on threshold levels, and report/cause alarm to be sent/etc. unacceptable performance (response indicates a security level/acceptable or unacceptable performance/number of bugs/errors/failing service/etc. of the target application/authority stack/candidate stack). And as Reshef teaches that the modified requests generated from the intercepted requests may be malicious requests, as seen below, it is obvious that the response to the generated modified requests from the offline/duplicate instance of the target application may be a response to generated malicious requests from the offline/duplicate instance of the target application.).
While Moniz teaches intercepting requests according to sampling rules to intercept a percentage of requests to a deployed target application/production software system in real-time, it does not explicitly state that the sampling rules cause the intercepting to occur at random, and as such does not explicitly state, however Sun teaches:
intercepting at random, by one or more processors, one or more of a plurality of requests (col. 7 lines 59-67, col. 8 lines 10-30, random sampling of requests to production service are routed to interceptor (intercepting at random one or more of a plurality of requests) which passes requests to test service to be used to perform testing/test service processes request/etc. As the requests may be randomly sampled/routed to interceptor/randomly intercepted/etc. and passed to test service by the interceptor, and as Moniz teaches intercepting requests according to sampling rules as seen above, it is obvious that the intercepting according to sampling rules of Moniz may be such that the sampling is random/requests are intercepted at random/etc. as taught by Sun.). 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Moniz such that the sampling/intercepting of the requests occurs at random, as conceptually taught by Sun, to create automatically intercepting at random, by one or more processors, one or more of a plurality of requests in real-time for a deployed target application, because these modifications allow for testing to using production data/requests/etc. without having to spend resources/increase costs/etc. storing/intercepting/etc. all requests thereby saving resources, while also allowing for a desired level/amount of testing to occur using production data/requests thereby providing a desired level of assurance/accuracy/etc. that the software/application/etc. being tested operates/processes/etc. as intended/without error/etc. on production data/requests thereby helping to prevent errors and ensure that the application/software/etc. works as desired.
While Moniz teaches modifying intercepted requests to generate actions/simulate specific behavior for test purposes/etc. on the target application, it does not explicitly state that the action/simulated behavior for test purposes/etc. is a malicious action, and as such does not explicitly state, however Reshef teaches:
modifying, by the one or more processors, the one or more of the plurality of intercepted requests to generate one or more malicious requests, wherein the one or more malicious requests are associated with one or more malicious actions on the target application (col. 3 lines 1-5, col. 4 lines 1-25, col. 7 lines 60-67, col. 9 lines 60-col. 10 line 50, client/http/user request is mutated/modified according to rules/security flaws/vulnerabilities/etc. to create mutated requests representing “hacks” which are used to test the security of the application (generate malicious/mutated request associated with malicious action/security flaw/vulnerability/hack/etc. on application by modifying/mutating client/user/first request which is used to test the application security), and “hacks”/requests altered by hacker/etc. have potential to freeze the application (malicious requests are associated with malicious actions on the target application). As Moniz teaches modifying intercepted requests to simulate specific behavior for test purposes, and Reshef teaches modifying requests to create mutated requests representing “hacks”/malicious requests/etc., which have the potential to freeze the application/malicious action/etc., and are used to test security of the application, it is obvious that the modified intercepted requests used in testing of Moniz may be mutated requests representing “hacks”/malicious requests/etc. associated with one or more malicious actions on the target application/have potential to freeze application/etc. used to test the application.),
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Moniz and Sun such that the modification of the request generates a malicious action, as conceptually taught by Reshef, to create modifying, by the one or more processors, the one or more of the plurality of intercepted requests to generate one or more malicious requests, wherein the one or more malicious requests are associated with one or more malicious actions on the target application, because these modifications allow for the application/software system/etc. being tested to be tested using malicious actions/requests/hacks/etc. which is desirable as it allows for an application/software system to be tested for security/errors/bugs/vulnerabilities/etc. against undesired/malicious/hacks/etc. requests/communications/etc., thereby helping to ensure that the application operates as desired regarding malicious actions/hacks/requests/etc. thereby helping to ensure application security and prevent errors from occurring due to malicious actions/hacks/etc.

As per claim 3, Moniz further teaches: 
forwarding, by one or more processors, one or more of a plurality of unmodified requests directly to the target application, wherein the one or more of the plurality of unmodified requests are not intercepted (col. 2 lines 34-38, col. 4 lines 25-47, col. 16 lines 45-57, interceptor uses sampling rules to intercept requests such that not all requests are intercepted, interceptor intercepts/receives/etc. requests and acts as a relay forwarding requests to production system/production stack/etc. (forward plurality of unmodified requests directly to target application/production system/stack) for processing and forwards production response to corresponding/respective user/recipient/client/etc., and may forward duplicate of intercepted requests to testing service as in intercepted request. As the requests are forwarded to production stack/system/target application without being modified while duplicates of intercepted requests are forwarded to testing service as intercepted requests, and as not all requests are intercepted, the requests forwarded to the production stack/system/target application are unmodified requests forwarded directly to the target application that are not intercepted.); and
forwarding, by one or more processors, to a user of the target application, an application response to the unmodified request (col. 4 lines 30-41, col. 16 lines 49-52, production system/stack/target application processes request (unmodified request) and production response (application response to unmodified request) is forwarded to respective recipient/user device/client/etc. (forward response to a user of the target application/production system/stack).).
 
As per claim 4, Moniz does not explicitly state, however Reshef teaches: wherein generating the first malicious request comprises: 
modifying, by one or more processors, at least a portion of the request according to a vulnerability rule defined in a request template associated with the malicious action (col. 4 lines 8-20, col. 7 lines 60-67, col. 9 line 60-col. 10 line 40, mutation rules are used to mutate/modify http request/first request/at least a portion of first request into mutated/modified http request with changed/modified parameters based on pre-defined rules/published security flaws/vulnerabilities/etc. using design and structure of application by iterating through transaction file/detected vulnerabilities/etc., retrieving mutation rules relative to transactions, creating mutated requests for transactions, adding additional requests based on rules, etc. (modify/mutate request according to vulnerability rule/mutation rule/etc. defined in request template/mutation rules/identified vulnerabilities/etc. associated with malicious action).).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to add modifying, by one or more processors, at least a portion of the request according to a vulnerability rule defined in a request template associated with the malicious action, as conceptually taught by Reshef, into that of Moniz and Sun, because these modifications allow for the application/software system/etc. being tested to be tested using malicious actions/requests/hacks/etc. which is desirable as it allows for an application/software system to be tested for security/errors/bugs/vulnerabilities/etc. against undesired/malicious/hacks/etc. requests/communications/etc., thereby helping to ensure that the application operates as desired regarding malicious actions/hacks/requests/etc. thereby helping to ensure application security and prevent errors from occurring due to malicious actions/hacks/etc.

As per claim 6, While Moniz teaches receiving a response to modified requests that indicate a security level of the target application, as seen above, it does not explicitly state, however Reshef further teaches: 
in response to the security level being below a predetermined threshold level, providing, by one or more processors, an indication of a potential vulnerability associated with the malicious action (col. 11 lines 5-10, lines 25-45, attack score are based on attack results and a success probability assigned to mutation rule/vulnerability/etc. and are assigned to each vulnerability, and attacks having scores above specified/predetermined threshold are reported to operator (indication of potential vulnerability associated with malicious action/attack). As attack scores are based on attack results and success probability it is obvious that higher attack scores are lower security scores/rating/levels/etc., and as attacks/potential vulnerabilities/etc. are reported/indicated when they have an attack score above a specified/predetermined threshold, it is obvious that an attack score above the specified/predetermined threshold is a security level being below a predetermined threshold and as such the attacks/vulnerabilities are reported/indicated in response to the first security level being below a predetermined threshold level/attack score being above specified threshold.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to add in response to the security level being below a predetermined threshold level, providing, by one or more processors, an indication of a potential vulnerability associated with the malicious action, as conceptually taught by Reshef, into that of Moniz and Sun, because these modifications allow for potential vulnerabilities to be analyzed/evaluated such that potential vulnerabilities determined to be unacceptable/having a security level below a threshold/etc. to be reported/alarm occurs/user is alerted/etc., which is desirable as it allows for unacceptable potential vulnerabilities to be determined/identified/etc. so they may be corrected thereby helping to ensure application security and that the application operates as desired, while also allowing for potential vulnerabilities that are within acceptable security levels to remain, thereby saving resources that would be spent addressing potential vulnerabilities that have adequate security/are not likely to occur/etc.

As per claim 7, Moniz does not explicitly state, however Reshef further teaches:
wherein the target application is an online web application and the request is a Hyper Text Transport Protocol (HTTP) request (col. 2 lines 43-67, col. 4 lines 1-25, col. 6 lines 25-40, col. 7 lines 35-65, web application hosted on web server/web application server (online web application) interface with external clients and receive/are sent HTTP requests (request is hyper text transport protocol/HTTP request).).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Moniz and Sun such that the target application is an online web application and the request is a Hyper Text Transport Protocol (HTTP) request, as conceptually taught by Reshef, because these modification allow for the applications/software systems/etc. to be online/web applications which are accessed online/over the web/etc. and for the online web applications to be tested using the testing system thereby expanding the usability of the testing system and applications by allowing users/clients to access applications/software systems/etc. online/over the web/etc., increasing the usability of the application/software system, while also helping to ensure that the applications operate as intended by testing them using the testing system thereby expanding the usability of the testing system.

As per claims 8, 10-11, and 13-14, they recite systems having similar limitations to the methods of claims 1, 3-4, and 6-7, respectively, and are therefore rejected for the same reasoning as claims 1, 3-4, and 6-7, respectively, above. 

As per claims 15, 17-18, and 20, they recite computer program products having similar limitations to the methods of claims 1, 3-4, and 6, respectively, and are therefore rejected for the same reasoning as claims 1, 3-4, and 6, respectively, above.

As per claim 21, Moniz and sun do not explicitly state, however Reshef teaches: 
wherein more than one malicious request is generated for the same malicious action (col. 4 lines 8-25, col. 9 line 60-col. 10 line 60, potential security vulnerabilities are itemized/listed and multiple mutations/mutate requests (more than one malicious request) representing “hacks” into the application/attacks on the application/etc. is generated for each vulnerability (malicious action/attack/hack/etc. on the application using vulnerability) based on mutation rules and are sent to the application/initiated/etc. to attack the application via their corresponding vulnerabilities. As each potential vulnerability has multiple mutations/mutated requests/hacks/malicious requests generated for it which attempt to “hack” into the application/attack the application, the multiple mutated/malicious requests generated for a vulnerability and initiated to hack into an application by attacking via the vulnerability are more than one malicious request generated for the same malicious action/attack on the application via the vulnerability/etc.); and 
more than one malicious request is associated with more than one malicious action (col. 4 lines 8-25, col. 9 line 60-col. 10 line 60, potential security vulnerabilities are itemized/listed and multiple mutations/mutate requests (more than one malicious request) representing “hacks” into the application/attacks on the application/etc. is generated for each vulnerability (multiple/more than one malicious action/attack/hack/etc. on the application corresponding to each vulnerability) based on mutation rules and are sent to the application/initiated/etc. to attack the application via their corresponding vulnerabilities. As each potential vulnerability/multiple listed vulnerabilities have multiple mutations/mutated requests/hacks/malicious requests generated for them which attempt to “hack” into the application, the multiple mutated/malicious requests generated for the multiple listed vulnerabilities and initiated to hack into an application by attacking via the vulnerability are more than one malicious request generated for/associated with/etc. the malicious action/attack on the application via the vulnerability/etc., and as there are multiple/listed/more than one vulnerabilities that have multiple/more than one/etc. mutated requests/hacks/etc. generated for them more than one malicious request is associated with more than one malicious action/multiple/more than one mutated request/hack/etc. is used to attack/hack etc. more than one vulnerability/perform more than one malicious action/etc.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to add wherein more than one malicious request is generated for the same malicious action; and more than one malicious request is associated with more than one malicious action, as conceptually taught by Reshef, into that of Moniz and Sun because these modifications allow for the application/software system/etc. being tested to be tested using malicious actions/requests/hacks/etc. which is desirable as it allows for an application/software system to be tested for security/errors/bugs/vulnerabilities/etc. against undesired/malicious/hacks/etc. requests/communications/etc., thereby helping to ensure that the application operates as desired regarding malicious actions/hacks/requests/etc. thereby helping to ensure application security and prevent errors from occurring due to malicious actions/hacks/etc.

Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Moniz et al (herein called Moniz) (US Patent 9,558,106 B1), Sun et al. (herein called Sun) (US Patent 8,001,422 B2), and Reshef et al. (herein called Reshef) (US Patent 6,584,569 B2) in further view of Amit et al. (herein called Amit) (US PG Pub. 2013/0167237 A1).

As per claim 5, Moniz and Sun do not explicitly state, however Reshef further teaches: wherein determining the first security level comprises: 
comparing, by one or more processors, the response with a predetermined response to the malicious action (col. 10 lines 50-col. 11 line 45, reply/response to mutated/malicious request is received and analyzed to determine rating and severity of the potential vulnerability, and rating is based on recognition of keywords in the response, i.e. http response that includes pre-defined keywords such as “error”, “sorry”, “not found”, etc.(predetermined response to malicious action) indicates that application withstood attack while responses that do not include pre-defined keywords indicates that attack was successful. As the response to the mutated/malicious request/action is analyzed for/compared to/etc. pre-determined keywords/response to determine if the attack was successful it is obvious that the response is compared with a predetermined response to the malicious action.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to add comparing, by one or more processors, the response with a predetermined response to the malicious action, as conceptually taught by Reshef, into that of Moniz and Sun because these modifications allow for the application to be tested/application response to be analyzed/etc. to determine potential vulnerability/if malicious action is successful/etc., which is desirable as it helps identify/determine/etc. potential vulnerabilities thereby allowing a user to be made aware of potential vulnerabilities that need to be corrected thereby helping to ensure application security and that the application operates as desired.
While Reshef teaches comparing a response to a request with predetermined responses to determine malicious actions, it does not explicitly state, however Amit teaches:
in response to determining a match between the response and the predetermined response, associating, by one or more processors, the target application with a potential vulnerability for the malicious action (pars. [0039]-[0041], [0056]-[0057], request/payload/etc. is submitted to web service/application that simulates an attack, web service/application processes the request and provides a response, and response is compared with expected/predetermined response characteristic of a vulnerability, and when the response is consistent with/matches the expected/predetermined response determination is made that the web service/application is vulnerable to the attack (associate target application with potential vulnerability for the malicious action/attack in response to determining a match between the first response and the predetermined response.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to add in response to determining a match between the first response and the predetermined response, associating, by one or more processors, the target application with a potential vulnerability for the malicious action, as conceptually taught by Amit, into that of Moniz, Sun, and Reshef because these modifications allow for an effective and efficient method of identifying vulnerabilities in the application based on responses/replies known to be characteristic of vulnerabilities, thereby increasing the effectiveness of the testing of the application by helping to identify vulnerabilities/security flaws/etc. for correction.

As per claims 12 and 19, they recite a system and computer program product, respectively, having similar limitations to the method of claim 5 and are therefore rejected for the same reasoning as claim 5, above. 

Response to Arguments
Applicant's arguments filed 7/14/2022 have been fully considered but they are not persuasive.
	As per the arguments on pg. 9 par.4-pg. 11 par. 3 of the remarks that Moniz et al (herein called Moniz) (US Patent 9,558,106 B1), Sun et al. (herein called Sun) (US Patent 8,001,422 B2), and Reshef et al. (herein called Reshef) (US Patent 6,584,569 B2) do not teach all limitations of the amended independent claims because Moniz does not disclose generating malicious requests based on different types of real-time user requests, and as such does not teach “modifying, by the one or more processors, the one or more of the plurality of intercepted request to generate one or more malicious requests, wherein the one or more malicious request are associated with one or more malicious actions on the target application, and whrein the generated one or more malicious requests are based on different types of real time user requests”, as required by amended independent claims, and furthermore Moniz does not teach receiving a response to the generated malicious requests from the offline instance of the target application in real-time, as required by the amended independent claims, and therefore the amended independent claims and their respective dependent claims are allowable, the examiner, respectfully, disagrees. 
	The examiner would first like to point out that the independent claims are rejected under 35 USC 103 as being obvious over the combination of Moniz, Sun, and Reshef, not Moniz alone. Examiner would further like to point out that Moniz teaches intercepting different types of client/user requests to a software system/application, such as product search/purchase order/etc., and modifying the intercepted requests/parameters of the intercepted requests to simulate specific behavior for test purposes before being used for testing/replayed on systems being tested/etc. (as seen in the rejection of claim 1, above). As the requests are different types of client/user request intercepted when they are made to the software system/application, the intercepted requests are different types of real-time user/client requests, and as the intercepted requests/parameters of intercepted requests are modified to simulate specific behavior for test purposes before being used for testing/replayed on systems being tested/etc., the modified requests/actions/etc. generated for test purposes are based on the intercepted different types of real-time user/client requests. As such, with broadest reasonable interpretation, Moniz does teach modifying, by the one or more processors, the one or more of the plurality of intercepted requests to generate one or more modified requests/actions/etc., as required by the independent claims, and that the generated modified one or more generated modified request/action/etc. are based on different types of real-time user requests/different types of client request that have been intercepted. The deficiency of Moniz is that it does not explicitly state that the generated one or more modified request/action/etc. is a malicious request associated with one or more malicious actions. However, Reshef teaches that intercepted client/user/http requests are modified to create mutated request representing “hacks” which are used to test the application, and that “hacks”/requests altered by “hackers”/etc. have potential to freeze the application (as seen in the rejection of claim 1, above), and as such Reshef teaches that the modified requests/action used to test the application may be malicious requests/request representing “hacks”/etc., and that the malicious request are associated with malicious action on the target application/associated with “hack” that has potential to freeze the application/etc.. As such, with broadest reasonable interpretation, the combination of Moniz and Reshef does teach these features/limitations of the amended independent claims. 
	Additionally, the examiner would also like to point out that Moniz does teach receiving a response to the generated modified request/malicious requests of Reshef/etc. from the offline instance of the target application in real-time, wherein the response indicates a security level of the target application as required by the amended independent claims, as, with broadest reasonable interpretation, in real-time” may be interpreted to be as something happens/when something occurs/etc., and Moniz teaches performing testing on offline instance of target application by executing/replaying/etc. modified request on an offline instance of target application, and that a response/result of the replaying/executing/processing the modified request on the offline instance of the target application is generated/received/provided/etc. so that it may be analyzed to determine bugs/errors/identify failing service/system performance levels/memory usage/processor usage/etc./response times/etc. of the application, and that a determination is made as to whether the performance is acceptable or unacceptable based on threshold levels and a report/cause alarm to be  sent/etc. if performance levels are unacceptable/response indicates a security level/acceptable or unacceptable performance/number of bugs/errors/failing service/etc. of the target application (as seen in the rejection of claim 1, above). As such, Moniz teaches that the modified request/malicious request from Reshef/etc. is executed/replayed/etc. on the offline instance of the target application to perform testing of the application, and the result/response/etc. is received/generated/provided and analyzed to determine a security level/performance/bugs/errors/etc. of the target application indicated in the result/response, and as the result/response is generated/received/provided as a result of execution/replaying of the modified/malicious request on the offline instance of the application, the response/result is received from the offline instance of the target application “in real time”/as a response to executing/replaying the modified/malicious request on the offline instance of the target application/as the response is generated in response to executing the modified request on the target application/etc. As such, with broadest reasonable interpretation, the combination of Moniz and Reshef does teach these limitations/features of the amended independent claims.  
Therefore the examiner finds these arguments unpersuasive and maintains that the rejection under 35 USC 103 is proper.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DOUGLAS M SLACHTA whose telephone number is (571)270-0653. The examiner can normally be reached Monday-Friday 6:30am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached on 571-272-3721. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DOUGLAS M SLACHTA/Examiner, Art Unit 2193