Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 2/22/22 has been entered.
 Status of Claims
Claims 1, 3, and 6 have been amended.  
Claims 5, 8, and 10 are original claims.  
Claim 11 has been canceled.
Claims 2, 4, 7, and 9 have been previously presented.
Claims 1-10, 12, and 13 are currently pending in the application and are considered below.
Response to Arguments
Applicant’s arguments on pages 12-25, filed on 2/2/22, have been fully considered but they are not persuasive. Applicant notes, on page 12, that claims 1, 3, and 6 are amended and claims 12 and 13 are new claims.
Specifically regarding Applicant’s arguments:
35 U.S.C. 112(b) Rejections:
	Applicant notes, on page 13, that claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. Applicant states, on page 13, that the claims have been amended appropriately. The Examiner notes the amended claims result in a new rejection under 35 U.S.C. 112(b).
Applicant’s arguments have been fully considered, but are not persuasive.
35 U.S.C. 103 Rejections:
	Applicant notes, on pages 13-14, that claims 1-11 have been rejected under 35 U.S.C § 103 as being anticipated by Weigert (U.S. Patent Publication No. 20100241469) (hereinafter referred to referred to as "Sahoo"). Applicant argues, on page 14, that, in response to the Examiner’s contentions, Applicant has amended claim 1 to include the amended features.
	Regarding Applicant's arguments on pages 14-15, regarding the rejections under 35 USC 103, the Examiner notes the substance of Applicant's arguments are directed to aspects of the amended claim limitations. The Examiner notes the cited prior art was not relied upon for teaching the amended aspects of the pending claims, but was cited to teach the claims as previously filed. Applicant is referred to the rejections of the pending claims under 35 USC 103, below, for a complete discussion of the pending claims. However, in the interest of compact prosecution, the Examiner provides the discussion below.
	Regarding Applicant’s argument that, “the license usage type in the claimed subject matter refers to snippets, file or a library,” Applicant’s argument that the disclosure of Weigert as related to snippets is contextually different from Applicant’s disclosure and that the scope and purpose of usage is different from snippets in Weigert, and Applicant’s argument that, “the scope of categorizing the OSS components in the product into categories of strong copyleft, weak copyleft, permissive is not obvious in view of Weigert, since Weigert merely recites GPL, MPL and does not recite other license types of LGPL, EPL, AGPL that contextually differs from the scope of GPL, MPL in Weigert,” the Examiner notes the claims are interpreted under the broadest reasonable interpretation. Distinguishing between the context of the disclosure of prior art and the context of Applicant’s specification does not preclude prior art from teaching or suggesting the broadest reasonable interpretation.
Additionally, the Examiner notes that the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).
Additionally, the Examiner notes that one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Additionally, the Examiner notes Sahoo was relied upon to teach or suggest categorizing the OSS components in the product into categories of strong copyleft, weak copyleft, permissive in view of Weigert.
Additionally, the Examiner notes Weigert describes snippets in the context of scanning source code, applying rules, identifying potential undocumented source code usage (0132-1035, 0142). Weigert also notes that individual clauses may be added to a license and the meaning of a clause or a license may be modified (0051, 0053), and further discloses: [the code provenance engine 135 may also use the text fracturing module 150 to similarly fracture or otherwise sub-divide source files under review into blocks and/or sub-blocks, which may be compared against the blocks and/or sub-blocks for the known open source. For example, in one implementation, the code provenance engine 135 may use the fingerprinting module 155 to create a unique fingerprint for the blocks and/or sub-blocks of the known open source and the source file under review, wherein a match between the unique fingerprints may indicate whether the source file has undocumented and/or improperly documented source code (0095)] The Examiner interprets blocks and sub-blocks as snippets.
Regarding Applicant’s arguments on page 15 that:
Applicant asserts that paragraph [0134] of WEIGERT discloses a set of rules for determining where logical fragments should begin and/or end may be based on heuristic methods developed through experimentation, trial and error. However, the claimed subject matter does not create or determine logical fragments through trial and error and is certain in identifying matches between the attributes, categorizing the OSS components, identifying license usage type and so on.” 

The Examiner notes the discussion above as related to distinguishing between the context of the prior art and Applicant’s specification, interpreting claims under the broadest reasonable interpretation, obviousness based on what the teachings of the references would have suggested to those of ordinary skill in the art, and attacking references individually where the rejections are based on combinations of references applies here, as well. 
	Regarding Applicant’s arguments on page 15 that:
Further, Applicant submits that WEIGERT does not teach that the usage type "library" is identified as library-executable or library-binary type. This clearly shows that the scope of usage type of the OSS components as one of snippets, file, library, (one of library-executable, library-binary type) is unlike version identifier, classification path, clause identifiers, snippets in WEIGERT since 
(a) WEIGERT does not identify usage type of snippets, file library (static library, dynamic library) for the OSS components that are categorized as weak copyleft license, permissive license and (2) identifying library as library-executable or library-binary type. 

The Examiner notes the discussion above as related to distinguishing between the context of the prior art and Applicant’s specification, interpreting claims under the broadest reasonable interpretation, obviousness based on what the teachings of the references would have suggested to those of ordinary skill in the art, and attacking references individually where the rejections are based on combinations of references applies here, as well. 
Additionally, the Examiner notes Sahoo was relied upon to teach or suggest categorizing the OSS components in the product into categories of strong copyleft, weak copyleft, permissive in view of Weigert.
Additionally, the Examiner notes Weigert discloses 
[packages in the code base can often further contain hundreds, thousands, or even millions of source files that may be subject to different open source licenses (0003; see also 0015); the unpacking engine 115 may determine a file type for each unpacked file based on the metadata or other information derived for the unpacked source files... code-based binaries (typically .dll and .exe files) may be identified as likely including or referencing source code (0073); a given package may contain several different software components (e.g., libraries, main application, test suites, etc.), yet different open source licenses may vary in whether they permit or prohibit the use of different or incompatible licenses for the various components (0003); object files or static library components and less closely related to shared libraries (0110); identify further dependency information relating to software under review (e.g., linkable objects exported by a package or source binary, statically linked objects included from other packages, dynamically linked objects that reference other packages, etc.) (0013; see also 0069, claim 3)] Weigert discloses unpacking source code files as deeply as possible while also deriving metadata describing the unpacked file, and determining a file type for each unpacked file, and notes files may be object files, libraries, binary files, and dll. fnd exe. files (i.e., library files may be executable files, binary files, static files, or dynamically linked files.
	Regarding Applicant’s arguments, on page 16, that:
Further, Applicant submits that WEIGERT does not define snippets as Snip, file s Fil, library (Comps or Compd) and also determine if the component is modified. If the usage type is Snip for any OSS component, then the associated attribute is modification. As stated in paragraph [040] of the specification, "In an embodiment, the system 100 is configured to define usage of open source components as Snippets (Snip), File (Fil), Components (Static Library) (Comps), Components (Dynamic Library) (Compd), Further the system 100 may be configured to determine if a component is modified. In an embodiment, if the usage is snippets (Snip) for any open source component, then the associated attribute is modification". 

	The Examiner notes the substance of Applicant's arguments are directed to aspects of the amended claim limitations. The Examiner notes the cited prior art was not relied upon for teaching the amended aspects of the pending claims, but was cited to teach the claims as previously filed. Applicant is referred to the rejections of the pending claims under 35 USC 103, below, for a complete discussion of the pending claims.
	Regarding Applicant’s arguments, on pages 16-17, that:
With respect to learning OSS components, attributes in the comprehensive report in the claimed subject matter, the Examiner contends that WEIGERT discloses a license review system that may create reports of software reviews and store the reports in a reports database, tailoring the methodology for determining license distance based on learned experience. Applicant asserts that the learning referred in the claimed subject matter is the adaptive learning by the knowledge database to include matches and new matched based on continually updating a second database.

However the learned experience in WEIGERT is about the learning experience by compliance officers or authorized reviewers to add new rules, modify or remove existing rules based on their learned experience (paragraph [0111]). As stated in paragraphs [030] [041] of the specification, "Furthermore, in accordance with the present disclosure a customized knowledge base is adaptively learnt in the form of a second OSS database (DB2), at step 214 (FIG.2B). In an embodiment, the second OSS database (DB2) comprises the one or more matches from step 204 (FIG.2A) and the one or more new matches from step 212 (FIG.2B). In an embodiment, the unidentified components may be categorized as proprietary components to be packaged suitable", "the second OSS database (DB2) may be updated with the one or more OSS components and associated attributes comprised in the comprehensive report (R5), at step 220 (FIG.2) thereby enhancing the customized knowledge database via adaptive learning. It may be noted that the first time a product is received for analyzing the OSS components comprised therein, the second OSS database (DB2) may be empty. The adaptive learning updates the second OSS database". 
Applicant believes that the scope of learning by the second database to continually update with new matches of the OSS components of the product with the OSS components available in public domain to enhance the customized knowledge database is different from human compliance officers or other authorized reviewers) learning experience to add new rules or modify existing rules.

The Examiner notes the discussion above as related to distinguishing between the context of the prior art and Applicant’s specification, interpreting claims under the broadest reasonable interpretation, obviousness based on what the teachings of the references would have suggested to those of ordinary skill in the art, and attacking references individually where the rejections are based on combinations of references applies here, as well. 
Additionally, Applicant’s arguments are not directed to prior art not teaching or suggesting the claim limitations, but to arguing a distinction between the intended interpretation and the exemplary embodiments and elements not claimed. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims (See In reVan Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) See MPEP 2145; See MPEP § 2111 - § 2116.01, for additional case law relevant to claim interpretation).
	Additionally, the Examiner notes Weigert discloses:
	[the license review system 105 may associate each reviewed file, package, binary object, or other software component with a reference to the corresponding report (0059); the software diligence engine 110 may generally be configured to manage various aspects of searching the plain text information to locate any text matching one or more interactively learned patterns identified as relevant to due diligence review (e.g., patterns stored in the license database 185b that correspond to known open source licenses, cryptography, patent or copyright usages, etc.) (0075); ; the interactive process constructing a report for reviewed software may be used to expand the information contained in the license database 185b to ensure that subsequent batch mode reviews will have full coverage for the same or related versions of the package (e.g., uncovered patterns in a given package may be analyzed and associated with a description in the license database 185b, whereby the patterns may be available in subsequent batch mode runs) (0066; see also 0076, 0111, 0116-0119); compliance officers or other authorized reviewers may add new rules, modify or remove existing rules, or otherwise tailor the methodology for determining license distance based on learned experience or other factors (0111; see also 0066-0067)] The disclosure of Weigert teaches or suggests adaptively learning the one or more OSS components and the attributes associated thereof comprised in the comprehensive report.
	Regarding Applicant’s arguments, on page 17, that 
With respect to determining based on final attributes, the OSS components that are compliant are either compiled with the proprietary component, or not compiled with the proprietary component but are part of the final deliverable, the Examiner contends that WEIGERT discloses this limitation as generating a component dependency tree created under the control of a binary scan engine by searching debug information created during a build associated with the binary object. The debug information references packages associated with the binary object and scanning a binary representation of the binary object to identify linkable objects associated with the binary object. 

Applicant asserts that the claimed subject matter determines which of the OSS components can be selected for deliverable by accounting 2 scenarios i.e., some of the OSS components are compliant and can be part of a final deliverable but cannot be compiled. For example, weak copyleft license (GNU lesser general public license, Sun Binary code license). The claimed subject matter creates a list of OSS components which may be compiled with proprietary code and another set of OSS components which may be part of a final deliverable but may not be compiled. Referring to table 3 of the specification, the attributes Distribute with Proprietary code (DP), Compile with Proprietary code (CP) indicate whether the open source component can be compiled with proprietary product code (P1, P2...Pn) and can be distributed with proprietary product code (P1, P2...Pn). This clearly shows that the context of separating the OSS components into two lists (1) OSS components that are compliant and compiled with the proprietary component, (2) OSS components that are compliant and not compiled with the proprietary component but part of final deliverable is not disclosed by WEIGERT since the context of generating component dependency tree for the binary object does not determine OSS component that are compliant as either compiled with the proprietary component, or not compiled with the proprietary component but are part of the final deliverable. 

The Examiner notes the discussion above as related to distinguishing between the context of the prior art and Applicant’s specification, interpreting claims under the broadest reasonable interpretation, obviousness based on what the teachings of the references would have suggested to those of ordinary skill in the art, and attacking references individually where the rejections are based on combinations of references applies here, as well. 
Additionally, Applicant’s arguments are not directed to prior art not teaching or suggesting the claim limitations, but to arguing a distinction between the intended interpretation and the exemplary embodiments and elements not claimed. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims (See In reVan Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) See MPEP 2145; See MPEP § 2111 - § 2116.01, for additional case law relevant to claim interpretation).
	Regarding Applicant’s arguments, on page 18, as related to the system of the present application being configured to define usage of open source components and as related to a matrix, the Examiner notes the substance of Applicant's arguments are directed to aspects of the amended claim limitations. The Examiner notes the cited prior art was not relied upon for teaching the amended aspects of the pending claims, but was cited to teach the claims as previously filed. Applicant is referred to the rejections of the pending claims under 35 USC 103, below, for a complete discussion of the pending claims.
	Regarding Applicant’s arguments, on page 18, that:
Applicant submits that WEIGERT merely discloses full license name, short license name, version, URL without teaching the pre-defined format in such a way that each of the attributes follow one-another in the second database. As shown in Table 2 (paragraph [032]) of the specification and the amended claims 2, and 7, the pre-defined format referred in the second database is in such a way that OSS component name is followed by OSS component version, followed by OSS component home page URL, followed by OSS component license type, followed by OSS component license URL, followed by OSS component attribution note, followed by license usage type, followed by commercial distribution permission, followed by OSS component compile permission, followed by license compatibility with the OSS component license type. Therefore, Applicant believes that WEIGERT merely states URL, version and does not define pre-defined format as in the present application. 
	
The Examiner notes the discussion above as related to distinguishing between the context of the prior art and Applicant’s specification, interpreting claims under the broadest reasonable interpretation, obviousness based on what the teachings of the references would have suggested to those of ordinary skill in the art, and attacking references individually where the rejections are based on combinations of references applies here, as well. 
Additionally, Applicant’s arguments are not directed to prior art not teaching or suggesting the claim limitations, but to arguing a distinction between the intended interpretation and the exemplary embodiments and elements not claimed. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims (See In reVan Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) See MPEP 2145; See MPEP § 2111 - § 2116.01, for additional case law relevant to claim interpretation).
	Regarding Applicant’s arguments, on page 19, that:
The Office Action contends that WEIGERT discloses the pre-defined rules as license distance rules that is based on various properties of the software component associated with the license declaration, such as whether the component has a well formed header, multiple headers, or the full text of a license, whether the component is stored in a directory or sub-directory, or other properties of the component. However, the pre-defined rules in the claimed subject matter refer to rejecting or approving the OSS component for inclusion in the second database based on its associated with the strong copyleft license, weak copyleft license, and permissive license respectively.

The Examiner notes the discussion above as related to distinguishing between the context of the prior art and Applicant’s specification, interpreting claims under the broadest reasonable interpretation, obviousness based on what the teachings of the references would have suggested to those of ordinary skill in the art, and attacking references individually where the rejections are based on combinations of references applies here, as well. 
Additionally, Applicant’s arguments are not directed to prior art not teaching or suggesting the claim limitations, but to arguing a distinction between the intended interpretation and the exemplary embodiments and elements not claimed. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims (See In reVan Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) See MPEP 2145; See MPEP § 2111 - § 2116.01, for additional case law relevant to claim interpretation).
	Regarding Applicant’s arguments, on page 19, that:
The Office Action contends that WEIGERT discloses the subject matter as choice license, mixed license, aggregation classes etc. However, Applicant asserts that the scope of computing final deliverable with indication of Yes or No for each of the OSS components in the product is not disclosed in WEIGERT. Referring to Table 4 in the specification, "O1ComY, 0ISnipY, OModN, OJFiIY, OlCompsY, OlCompdN, O1DPN, O1CPY" disclose that the Commercialization is Yes for OSS 1, Snippets is Yes for OSS 1, Modification is No for OSS 1, File is Yes for OSS 1, Static library (component) is Yes for OSS 1, Dynamic library (component) is No for OSS 1, Distribution with proprietary code is No for OSS 1, and Compile with proprietary code is Yes for OSS 1. Therefore, Applicant believes that the claims 5 and 10 are not obvious over the teachings of WEIGERT. 

The Examiner notes the discussion above as related to distinguishing between the context of the prior art and Applicant’s specification, interpreting claims under the broadest reasonable interpretation, obviousness based on what the teachings of the references would have suggested to those of ordinary skill in the art, and attacking references individually where the rejections are based on combinations of references applies here, as well. 
Additionally, Applicant’s arguments are not directed to prior art not teaching or suggesting the claim limitations, but to arguing a distinction between the intended interpretation and the exemplary embodiments and elements not claimed. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims (See In reVan Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) See MPEP 2145; See MPEP § 2111 - § 2116.01, for additional case law relevant to claim interpretation).
	Regarding Applicant’s argument, on page 19, that:
In view of the above arguments, Applicant respectfully submits that amended claims 1 and 6 are non-obvious over the teachings of WEIGERT.

The Examiner notes the discussion above as related to distinguishing between the context of the prior art and Applicant’s specification, interpreting claims under the broadest reasonable interpretation, obviousness based on what the teachings of the references would have suggested to those of ordinary skill in the art, and attacking references individually where the rejections are based on combinations of references applies here, as well. 
	Regarding Applicant’s arguments, on pages 19-20, that:
Sahoo does not teach, suggest or disclose: identifying OSS components in a deliverable and also facilitates the product owner to identify proprietary IP that can be suitably protected and licensed without contamination by the accompanying OSS components in the product under consideration. License attributes of the OSS components are mapped suitably and a final attribute is derived for each OSS component embedded in the product under consideration. 

The Examiner notes the discussion above as related to distinguishing between the context of the prior art and Applicant’s specification, interpreting claims under the broadest reasonable interpretation, obviousness based on what the teachings of the references would have suggested to those of ordinary skill in the art, and attacking references individually where the rejections are based on combinations of references applies here, as well. 
Additionally, Applicant’s arguments are not directed to prior art not teaching or suggesting the claim limitations, but to arguing a distinction between the intended interpretation and the exemplary embodiments and elements not claimed. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims (See In reVan Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) See MPEP 2145; See MPEP § 2111 - § 2116.01, for additional case law relevant to claim interpretation).
	Regarding Applicant’s arguments, on page 20, that:
It is to be noted that Sahoo does not teach, suggest or disclose the aforementioned attributes and the intelligence that is needed to categorized OSS components. These attributes differ depending on the license types, permissible usage, license terms, expiry of terms, scope of usage, warranty, etc. 
Also, Sahoo does not disclose any OSS databases as in the present application.

The Examiner notes the discussion above as related to distinguishing between the context of the prior art and Applicant’s specification, interpreting claims under the broadest reasonable interpretation, obviousness based on what the teachings of the references would have suggested to those of ordinary skill in the art, and attacking references individually where the rejections are based on combinations of references applies here, as well. 
Additionally, Applicant’s arguments are not directed to prior art not teaching or suggesting the claim limitations, but to arguing a distinction between the intended interpretation and the exemplary embodiments and elements not claimed. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims (See In reVan Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) See MPEP 2145; See MPEP § 2111 - § 2116.01, for additional case law relevant to claim interpretation).
Regarding Applicant’s arguments, on page 21, as related to:
Again, Sahoo does not teach, suggest or disclose:
defining an OSS the usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library(Compd), and determining if a component is modified, wherein when the OSS usage type is the snippets (Snip) for the OSS component then the associated attribute is modification, and the snippets (Snip) is indicative of one or more attributes for the one or more OSS components used as part of software development and wherein the Static library (Comps) and the dynamic library (Compd) is indicative of one or more listed open source components being used as part of software development; 

The Examiner notes the substance of Applicant's arguments are directed to aspects of the amended claim limitations. The Examiner notes the cited prior art was not relied upon for teaching the amended aspects of the pending claims, but was cited to teach the claims as previously filed. Applicant is referred to the rejections of the pending claims under 35 USC 103, below, for a complete discussion of the pending claims.
Regarding Applicant’s arguments, on page 22, that:
The entire portion of Sahoo does not discuss that matching is based on attributes associated with the OSS components. In the claimed subject matter, the attribute level match is performed between the OSS components of the product and OSS components in the database. Further, Applicant contends that verifying the compatibility among software components is contextually different from unidentified components in terms of its scope i.e OSS components of the product under consideration having no match or having a match but characterized by one or more missing attributes that are identified as unidentified components. This clearly depicts that verifying compatibility in Sahoo is unlike identifying unidentified components that have no match with OSS components available in OSS database or having a match but characterized by missing attribute. Further, Sahoo does not disclose using a customized database and defining usage of the OSS components. It is clear that Sahoo does not contextually disclose the referenced limitations in terms of updating the OSS database and defining the usage of the OSS components. 

The Examiner notes the discussion above as related to distinguishing between the context of the prior art and Applicant’s specification, interpreting claims under the broadest reasonable interpretation, obviousness based on what the teachings of the references would have suggested to those of ordinary skill in the art, and attacking references individually where the rejections are based on combinations of references applies here, as well. 
Additionally, Applicant’s arguments are not directed to prior art not teaching or suggesting the claim limitations, but to arguing a distinction between the intended interpretation and the exemplary embodiments and elements not claimed. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims (See In reVan Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) See MPEP 2145; See MPEP § 2111 - § 2116.01, for additional case law relevant to claim interpretation).
Regarding Applicant’s arguments, on page 22, that:
Applicant asserts that the present disclosure intelligent facilitation of a matrix which is able to identify OSS components in a deliverable and also facilitates the product owner to identify proprietary IP that can be suitably protected and licensed without contamination by the accompanying OSS components in the product under consideration. License attributes of the OSS components are mapped suitably and a final attribute is derived for each OSS component embedded in the product under consideration.is not, taught, suggest or disclosed in either Weigert or Sahoo.

The Examiner notes the substance of Applicant's arguments are directed to aspects of the amended claim limitations. The Examiner notes the cited prior art was not relied upon for teaching the amended aspects of the pending claims, but was cited to teach the claims as previously filed. Applicant is referred to the rejections of the pending claims under 35 USC 103, below, for a complete discussion of the pending claims.
Regarding Applicant’s arguments, on pages 22-23, that:
Applicant asserts that the claimed subject matter also provides a technical solution of periodically comparing unidentified components with the OSS components in a first OSS database to identify new matches.
 
Further, the present application offers the following aspects: 
1. Intelligence to categories of OSS components to read the categorization logically and can provide appropriate compliance output. 
2. Continually updating database to identify new matches. 
3. A customized knowledge base is adaptively learnt in the form of a OSS database. 
4. Storing attributes of the OSS components in the OSS database in pre-defined format facilitate faster retrieval of information comprised therein as compared to fetching information based on metadata. 
5. System creates a list of OSS components which is compiled with proprietary code and another set of OSS components which is part of a final deliverable but may not be compiled. 

Hence, Applicant submits that the combination of cited art Weigert and Sahoo fails to come up with all the features of amended independent claim 1. 

The Examiner notes the discussion above as related to distinguishing between the context of the prior art and Applicant’s specification, interpreting claims under the broadest reasonable interpretation, obviousness based on what the teachings of the references would have suggested to those of ordinary skill in the art, and attacking references individually where the rejections are based on combinations of references applies here, as well. 
Additionally, Applicant’s arguments are not directed to prior art not teaching or suggesting the claim limitations, but to arguing a distinction between the intended interpretation and the exemplary embodiments and elements not claimed. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims (See In reVan Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) See MPEP 2145; See MPEP § 2111 - § 2116.01, for additional case law relevant to claim interpretation).
Regarding Applicant’s arguments, on page 23, that:
Based on the claim amendments and differentiating arguments it can be concluded that the prior arts do not implicitly or explicitly disclose or even suggest the feature of defining an OSS the usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library(Compd), and determining if a component is modified, wherein when the OSS usage type is the snippets (Snip) for the OSS component then the associated attribute is modification, and the snippets (Snip) is indicative of one or more attributes for the one or more OSS components used as part of software development and wherein the Static library (Comps) and the dynamic library (Compd) is indicative of one or more listed open source components being used as part of software development; 
as disclosed by the amended claim 1. 

The Examiner notes the substance of Applicant's arguments are directed to aspects of the amended claim limitations. The Examiner notes the cited prior art was not relied upon for teaching the amended aspects of the pending claims, but was cited to teach the claims as previously filed. Applicant is referred to the rejections of the pending claims under 35 USC 103, below, for a complete discussion of the pending claims.
Applicant’s arguments have been fully considered, but are not persuasive.


Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 1 is unclear due to inconsistent verb tense.
Regarding claim 1, Claim 1 comprises:
“A processor implemented method comprising: 
receiving a product embedded with one or more Open Source Software (OSS) components, and analyzing the received product for OSS compliance and prevent OSS contamination of one or more proprietary components; 
comparing each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches there between based on attributes associated thereof;
categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or OSS components having a weak copyleft license; 
identifying a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary type; 
defining the usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library(Compd), and determining if a component is modified, wherein when the usage type is the snippets (Snip) for the OSSAMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 3 component then the associated attribute is modification, and the snippets (Snip) is indicative of one or more attributes for the one or more OSS components used as part of software development and wherein the Static library (Comps) and the dynamic library (Compd) is indicative of one or more listed open source components being used as part of software development;”

	As such, the claim effectively comprises, 
“A...method comprising: 
receiving…, and analyzing…and prevent; 
comparing…;
categorizing…”
The limitations are unclear due to the inconsistent verb tense of the functions recited within, “receiving a product embedded with one or more Open Source Software (OSS) components, and analyzing the received product for OSS compliance and prevent OSS contamination of one or more proprietary components.” The Examiner notes Applicant’s specification states (emphasis added):
In an embodiment, a product under consideration embedded with one or more Open source software (OSS) components that need to be analyzed for OSS compliance and also prevent OSS contamination of proprietary components is received by the system 100 of the present disclosure at step 202 (FIG2A). As seen in the flow chart of FIG.3, different versions of a product P,, P2,..Pn are received at block 302. The OSS components of the product under consideration is compared at block 304(FIG.3) with OSS components available in the first OSS database at step 204 (FIG.2A) to identify one or more matches therebetween based on component attributes and license attributes associated thereof. At block 306 (FIG.3) there is check for a match, if any. In an embodiment, the one or more OSS components having a match with the OSS components available in the public OSS database (DB1) are categorized based on associated attributes at step 206 (FIG.2A) and block 308 (FIG.3). In an embodiment the various categories may include (i) OSS components having strong copyleft license such as General Public License (GPL) or Affero General Public License (AGPL) (ii) permissive license such as Massachusetts Institute of Technology (MIT) License or Apache or (iii) weak copyleft or free public license such as Lesser General Public License (LGPL), Mozilla Public License (MPL), Eclipse Public License (EPL) and the like. (0026)
Thus intelligence associated with the systems and methods of the present disclosure facilitate a matrix, by analyzing a set of OSS components (refer Table 2, Table 3 and Table 4 of DB2) to identify OSS components that may be compiled in a final deliverable and also facilitate the product owner to identify proprietary intellectual property that may be suitably protected and licensed without contamination by the accompanying OSS components in the product under consideration. An analysis of the OSS components and their attributes in consideration with the pre-defined rules ensure that inter-license compatibilities are checked and compliance with respect to compilation and distribution in a final deliverable is achieved, thereby ensuring that the OSS components retained in the final deliverable retain their intellectual property. For instance, a final deliverable may be P1 and/or P2 and/or ....Pn while enforcing proprietary End User License Agreement (PEULA). (0042)

The Examiner notes Applicant’s specification provides no additional discussion of preventing OSS contamination of one or more proprietary components, and Applicant’s specification provides no discussion of how the function of, “prevent OSS contamination of one or more proprietary components,” is performed. In lieu of a rejection under 35 U.S.C. 112(a) for an inadequate written description of how the function of preventing contamination of one or more proprietary components is performed, as best understood by the Examiner, the claim limitations of, “analyzing the received product for OSS compliance and prevent OSS contamination of one or more proprietary components, are intended to be interpreted as reciting an intended use or intended functional result of the analyzing, wherein the scope of the analyzing is defined by the subsequent claim limitations. As such, in order to advance compact prosecution, the claim language is interpreted as comprising:
“A processor implemented method comprising: 
receiving a product embedded with one or more Open Source Software (OSS) components; 
analyzing the received product for OSS compliance to prevent OSS contamination of one or more proprietary components by: 
comparing each of the one or more OSS components in the product…”
The language in bold is interpreted as nonfunctional descriptive material or an intended use, wherein the scope of the claimed analyzing function is defined by the subsequent limitations (i.e., comparing each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database… categorizing, the one or more OSS components in the product… identifying a usage type for the one or more OSS components in the product… defining the usage type of the OSS components…)
The Examiner notes Applicant’s specification supports this interpretation. Additionally, the Examiner notes interpreting, “prevent OSS contamination of one or more proprietary components,” as a positively recited, required function would result in a rejection under 35 U.S.C. 112(a) for the reasons discussed above.
Additionally, regarding claim 1, the limitations are unclear in that it is unclear if, “the OSS components,” in, “defining the usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library (Compd),” is intended to be recited as, “defining the usage type of the one or more OSS components in the product,” or if the limitation is intended to be interpreted as, “defining the usage type of the OSS components available in the public domain,” to refer to the previously recited, “OSS components available in the public domain,” or if it is intended to be interpreted in a different manner.
Additionally, regarding claim 1, the limitations are unclear as related to the aspect of a usage type in that the limitations appear to comprise different scopes for what comprises a usage type. The Examiner notes the discussion of the prior rejection of the claims filed 6/30/21 in the Office Action filed 10/23/21 applies here, as well. While the prior claims were rejected due to the limitations defining two different scopes for the usage type of the OSS components (a license usage type and an OSS usage type), and also reciting performing a function based on, “the usage type,” which indicates the claim is directed to a single usage type element, the pending claims are unclear as related to the aspect of a usage type. The Examiner notes the limitations comprise multiple elements associated with usage types and multiple elements associated with OSS components.
The limitations comprise [subsequent steps defining the scope of the claimed analyzing function]:
comparing each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches there between based on attributes associated thereof;
categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or OSS components having a weak copyleft license; 
identifying a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary type; 
defining the usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library (Compd), and determining if a component is modified, wherein when the usage type is the snippets (Snip) for the OSSAMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 3 component then the associated attribute is modification, and the snippets (Snip) is indicative of one or more attributes for the one or more OSS components used as part of software development and wherein the Static library (Comps) and the dynamic library (Compd) is indicative of one or more listed open source components being used as part of software development;”

The limitations effectively comprise: “categorizing, the one or more OSS components in the product…as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or OSS components having a weak copyleft license; identifying a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the usage type is one of a snippet, a file or a library… defining the usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library…”
The limitations above appear to comprise different scopes for a usage type (i.e., “identifying a usage type,” and, “defining a usage type”), wherein the first limitation above defines the scope of a usage type as being one of a snippet, a file, or a library, wherein the library is a library-executable or a library-binary type, and the immediately following limitation defines the scope of the usage type as being snippets, file, a static library, or a dynamic library. The conflicting scopes result in the limitations being unclear.
The Examiner notes the specification appears to use the phrases, “usage type,” “license usage type,” and “OSS usage type,” interchangeably, and in a variety of manners which result in the claim limitations being unclear (see Applicant’s specification at least at 0005, 0006, 0007, 0010, 0027, 0031, 0034, 0035, 0036). The Examiner notes the specification also states (emphasis added):
In an embodiment, the system 100 is configured to define usage of open source components as Snippets (Snip), File (Fil), Components (Static Library) (Comps), Components (Dynamic Library) (Compd), Further the system 100 may be configured to determine if a component is modified. In an embodiment, if the usage is snippets (Snip) for any open source component, then the associated attribute is modification. (0040) 

Applicant’s specification appears to refer to usage type as a license usage type of OSS components in the context of the OSS components having a strong copyleft license, a permissive license, or a weak copyleft license. Applicant’s specification also appears to describe the usage type of OSS components in the context of how the OSS component is used in a software product (i.e., the file type of the OSS components used in a software product). As best understood by the Examiner, the usage type as related to the license (i.e., license usage type, OSS usage type) appears to correspond to the license categorization of a strong copyleft license, a permissive license, or a weak copyleft license, and the usage type as related to the use of OSS components in a software product appear to correspond to the type of file format of the OSS component.
Additionally, regarding claim 1 limitations of:
determining if a component is modified, wherein when the usage type is the snippets (Snip) for the OSSAMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 3 component then the associated attribute is modification, and the snippets (Snip) is indicative of one or more attributes for the one or more OSS components used as part of software development and wherein the Static library (Comps) and the dynamic library (Compd) is indicative of one or more listed open source components being used as part of software development;

The Examiner notes claim 1 provides an initial recitation of attributes associated with each of the one or more OSS components in the product and OSS components in the public domain. The limitations are also unclear in that it is unclear if, “the associated attribute,” recited in, “the associated attribute is modification,” is intended to reference a previous element or introduce a new element with a lack of proper antecedent basis, and it is unclear if the, “one or more attributes for the one or more OSS components used as part of software development,” recited in, “then the associated attribute is modification, and the snippets (Snip) is indicative of one or more attributes for the one or more OSS components used as part of software development,” is intended to reference the initial recitation in claim 1 of attributes associated with each of the one or more OSS components in the product and OSS components in the public domain, or if it is intended to introduce a new element.
Additionally, the Examiner notes Applicant’s specification describes determining if a component is modified as being met by simply identifying the file type of the component as being a snippet (see Applicant’s specification at 0040) (i.e., if a component is a snippet, then the component has to have the attribute of modification since the original open source component was modified to become a snippet of the original open source component).
Additionally, as related to, “the snippets (Snip) is indicative of one or more attributes for the one or more OSS components used as part of software development and wherein the Static library (Comps) and the dynamic library (Compd) is indicative of one or more listed open source components being used as part of software development,” the Examiner notes the previous limitations already comprise, “receiving a product embedded with one or more Open Source Software (OSS) components,” “comparing each of the one or more OSS components in the product with OSS components available in the public domain…to identify one or more matches there between based on attributes associated thereof, “ “identifying a usage type for the one or more OSS components in the product…wherein the usage type is one of a snippet, a file or a library,” and, “defining the usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library(Compd),” As such, the received product comprises a specific file type (e.g., snippet, file, or library) used as part of software development, wherein the specific file type comprises attributes used to match the received product with OSS components available in the public domain, wherein the file type is indicative of the OSS components available in the public domain wherein the OSS components available in the public domain are one or more listed open source components being used as part of software development.  
As best understood by the Examiner, in view of Applicant’s specification and the broadest reasonable interpretation, the limitations are directed to, “A processor implemented method comprising: receiving a product embedded with one or more Open Source Software (LOSS) components, and analyzing the received product for OSS compliance to protect OSS contamination of one or more proprietary components by: [performing the subsequent functions], wherein the OSS components may have a license usage type, wherein the license usage type may comprise a strong copyleft license, a permissive license, or a weak copyleft license, wherein the OSS components used may comprise a plurality of file types, including a snippet, a file, or a library, wherein determining if a component is modified comprises identifying the OSS component file type as a snippet, and wherein the type of file used is indicative of how the one or more listed open source software components is used as part of software development (i.e., the file type is indicative of how the OSS component is used in a software product).
As such, regarding: 
identifying a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary type; 
defining the usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library (Compd), and determining if a component is modified, wherein when the usage type is the snippets (Snip) for the OSSAMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 3 component then the associated attribute is modification, and the snippets (Snip) is indicative of one or more attributes for the one or more OSS components used as part of software development and wherein the Static library (Comps) and the dynamic library (Compd) is indicative of one or more listed open source components being used as part of software development;”

The limitations above comprise conflicting scopes of a usage type and nonfunctional descriptive material describing the usage types. As best understood by the Examiner, in view of Applicant’s specification and the broadest reasonable interpretation, in order to advance compact prosecution, the limitations of claim 1 are interpreted as effectively comprising:
A processor implemented method comprising: 
receiving a product embedded with one or more Open Source Software (OSS) components; 
analyzing the received product for OSS compliance to prevent OSS contamination of one or more proprietary components by: 
comparing each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches there between based on attributes associated thereof;
categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or OSS components having a weak copyleft license; 
identifying a file type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the file type is one of a snippet, a file or a library, wherein the library is further identified as one of an executable, binary, static, or dynamic type, and wherein the file type is indicative of one or more attributes for the one or more OSS components used as part of software development or is indicative of one or more listed open source components being used as part of software development;
identifying as one or more unidentified components, the one or more OSS components in the product having no match….

Additionally regarding claim 1, “determining, the one or more OSS components that are selected for a final deliverable based on the final attribute, wherein each of the one or more OSS components that are compliant are either compiled with the proprietary component, or not compiled with the proprietary component but are part of the final deliverable,” is unclear due to claim construction. It is unclear if the comma is intended to be included in, “determining, the….” Additionally, “the one or more OSS components that are selected for a final deliverable,” lacks proper antecedent basis. It is unclear if the limitation is intended to comprise selecting one or more of the one or more OSS components embedded within the received product that are compliant for a final deliverable based on the final attribute, determining that the one or more OSS components selected for a final deliverable based on the final attribute are compliant, or some other interpretation. The Examiner notes the previous limitations include, “generating a comprehensive report (R5) based on the OSS compliance analysis, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein,” (i.e., determining the one or more OSS components selected for a received product are compliant based on the final attribute). In order to advance compact prosecution, the Examiner interprets the limitation to be met by prior art that teaches or suggests, “determining that the one or more OSS components that are selected for a final deliverable are compliant based on the final attribute, wherein the one or more OSS components that are selected for the final deliverable are either compiled with the proprietary component or not compiled with the proprietary component but are part of the final deliverable.”
Regarding claim 6, the discussion above applies here, as well. 
The claims are unclear in that a person of ordinary skill in the art would not be able to interpret the metes and bounds of the claims so as to understand how to avoid infringement.
Claims 2-5 and 12 are rejected due to their dependency from claim 1. Claims 7-10 and 13 are rejected due to their dependency from claim 6. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.
Ascertaining the differences between the prior art and the claims at issue.
Resolving the level of ordinary skill in the pertinent art.
Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-10 are rejected under 35 U.S.C. 103 as being unpatentable over Weigert, U.S. patent Application Publication 20100241469, in view of Sass, U.S. patent Application Publication 20160202972, and further in view of Sahoo, U.S. patent Application Publication 20130254744.
Claims 1 and 6 are substantially similar, and will be addressed together. Substantially similar limitations of dependent claims will be addressed together, as indicated.
	NOTE: The claim interpretation discussed in the Claim Interpretation section, above, applies here as well.
	Regarding claims 1 and 6, 
	Weigert — which is directed to a system and method for automating software due diligence — discloses:
	(claim 1) A processor implemented method comprising: receiving a product embedded with one or more Open Source Software (OSS) components, and analyzing the received product for OSS compliance and prevent OSS contamination of one or more proprietary components;
	(claim 6) A system comprising: one or more data storage devices (102) operatively coupled to one or more hardware processors (104) and configured to store instructions configured for execution by the one or more hardware processors to: receive, a product embedded with one or more Open Source Software (OSS) components, and analyze the received product for OSS compliance and 
prevent OSS contamination of one or more proprietary components;
NOTE: The claims are rejected under 35 U.S.C. 112(b). In order to advance compact prosecution, the claim interpretation discussed in the rejections under 35 U.S.C. 112(b) are used to address the limitations with prior art (i.e., receiving a product embedded with one or more Open Source Software (OSS) components; analyzing the received product for OSS compliance to prevent OSS contamination of one or more proprietary components by:…).

[open source software typically originates from one or more upstream repositories or other sources that are beyond the control of the development organization…the compatibility of different open source licenses may not always be clearly discernable, as a given package may often [include] several different software components (e.g., libraries, main application, test suites, etc.) (0003; see also 0001-0007); A method for performing software due diligence review, comprising: receiving software subject to due diligence review (claim 1); A system for performing software due diligence review (claim 17); Implementations of the invention may be made in hardware, firmware, software, or various combinations thereof. The invention may also be implemented as instructions stored on a machine-readable medium, which may be read and executed by one or more processors. A machine-readable medium may include various mechanisms for storing or transmitting information in a form readable by a machine (e.g., a computing device) (0174)]
	comparing each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches there between based on attributes associated thereof; 
	[The invention generally relates to a system and method for performing software due diligence review, and in particular to using a binary scan engine, parallel pattern matching, and other components to review software for compliance and compatibility with open source license requirements, export regulations, and other issues pertaining to software due diligence (0001, Fig. 7); the code provenance engine may download or otherwise obtain information relating to known open source from various third-party repositories for comparison with source files under review (0020); the third-party repositories 175 may include any suitable repositories that contain open source, freeware, shareware, or other public or private software (0034); the system for automating software due diligence may include a license database that stores information describing various software licenses. The licenses may be described in the license database according to a condensed license description syntax, which may contain a limited number of verifiable attributes to provide precision and lack of redundancy in describing known software licenses…the license description syntax may enable the license database to be established (0009); the information retrieved from the build system 190 and downloaded to the local review database 180 may include, among other things, license information from the license database 185b, package information from the package database 190a, and/or report information from the reports database 185a (0064); the binary scan engine may be invoked in order to match source code to binary objects when one or more binary packages, updated binary packages, or other binary objects have been submitted to the build system (0014; see also 0017-0019, 0075, 0078-0093,  Fig. 6 discussing keyword matching, text matching, and pattern matching); the system may include a fingerprinting module for calculating a unique file fingerprint for binaries and/or unpacked source files under review. The unique file fingerprint for each binary and/or unpacked file may be compared to existing file fingerprints (0016, 0022; see also 0150-0153 discussing generating a fingerprint for the received source file, matching the source file to a database or other repository, and failing to match the source file); The compliance report may be attached to appropriate entries in the package database (0023)] The disclosure describes obtaining information relating to known open source from various third-party repositories for comparison with source files under review, wherein the third-party repositories may include any suitable repositories that contain open source, freeware, shareware, or other public or private software. Licenses may be described in the license database according to a condensed license description syntax, which may contain a limited number of verifiable attributes. The disclosure describes a system and method for performing software due diligence review, and in particular to using a binary scan engine, parallel pattern matching, and other components to review software for compliance and compatibility with open source license requirements, wherein the disclosure describes comparing a received package with information in a database license database via key word matching, text matching, pattern matching, and matching unique fingerprints generated for binaries and source files under review with existing file fingerprints, wherein a compliance report may be attached to appropriate entries in the package database. As described by Weigert, the system and method for performing due diligence review may obtain information from third-party repositories for comparison with source files under review, wherein the repositories may include any suitable repositories that contain open source, freeware, shareware, or other public or private software, wherein the information obtained may be used to establish a license database, wherein the licenses may be described in the license database according to a condensed license description syntax, which may contain a limited number of verifiable attributes to provide precision and lack of redundancy in describing known software licenses, wherein performing software due diligence review may comprise comparing a received package with information in a database license database via key word matching, text matching, pattern matching, and matching unique fingerprints generated for binaries and source files under review with existing file fingerprints, wherein a compliance report may be attached to appropriate entries in the package database. The Examiner interprets the disclosure as teaching or suggesting comparing each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches there between based on attributes associated thereof.
categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as [a group or collection of related software components]; 
[software subject to due diligence review may include various packages or other source files defined to be a group or collection of related software components (0032); FIG. 7 illustrates an exemplary process for massive parallel text pattern matching in a software due diligence system. For example, in one implementation, the software due diligence system may employ a license database that contains a massive number of text patterns (e.g., on the order of one-hundred thousand to one million or more), wherein each of the text patterns include an excerpt of legal language considered relevant to software due diligence. In particular, the text patterns may generally include any suitable string or sub-string considered relevant to software due diligence, including text within a software license (e.g., GPL, LGPL, etc.), a cryptographic algorithm relevant to export controls, or other relevant text (0159; see also 0018, 0086, 0158)] The disclosure is interpreted as teaching or suggesting categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as [a group or collection of related software components]. While the disclosure of Weigert references examples of software licenses (e.g., GPL, LGPL, etc.), which corresponds to Applicant’s disclosure of examples of strong, permissive, and weak copyleft licenses (see Applicant’s specification at 0026; see also 0018), Weigert does not appear to explicitly recite components having a strong, permissive, or weak copyleft license.
Regarding the limitations of:
identifying a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary type; 
defining the usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library(Compd), and determining if a component is modified, wherein when the usage type is the snippets (Snip) for the OSSAMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 3 component then the associated attribute is modification, and the snippets (Snip) is indicative of one or more attributes for the one or more OSS components used as part of software development and wherein the Static library (Comps) and the dynamic library (Compd) is indicative of one or more listed open source components being used as part of software development; 

The Examiner notes Applicant’s specification describes determining if a component is modified as being met by simply identifying the file type of the component as being a snippet (see Applicant’s specification at 0040) (i.e., if a component is a snippet, then the component has to have the attribute of modification since the original open source component was modified to become a snippet of the original open source component).
Additionally, the Examiner notes the previous limitations already comprise, “receiving a product embedded with one or more Open Source Software (OSS) components,” “comparing each of the one or more OSS components in the product with OSS components available in the public domain…to identify one or more matches there between based on attributes associated thereof, “ “identifying a usage type for the one or more OSS components in the product…wherein the usage type is one of a snippet, a file or a library,” and, “defining the usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library(Compd),” As such, the received product comprises a specific file type (e.g., snippet, file, or library) used as part of software development, wherein the specific file type comprises attributes used to match the received product with OSS components available in the public domain, wherein the file type is indicative of the OSS components available in the public domain wherein the OSS components available in the public domain are one or more listed open source components being used as part of software development.  
As discussed in the rejections under 35 U.S.C. 112(b), the limitations above are unclear. The limitations above are interpreted as comprising multiple scopes for usage type and nonfunctional descriptive material describing file types. As discussed In order to advance compact prosecution, the Examiner interprets the limitations as: 
  identifying a file type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the file type is one of a snippet, a file or a library, wherein the library is further identified as one of an executable, binary, static, or dynamic type, and wherein the file type is indicative of one or more attributes for the one or more OSS components used as part of software development or is indicative of one or more listed open source components being used as part of software development;

Weigert further discloses:
  identifying a file type for the one or more OSS components in the product […], wherein the file type is one of a snippet, a file or a library, wherein the library is further identified as one of an executable, binary, static, or dynamic type, 
[packages in the code base can often further contain hundreds, thousands, or even millions of source files that may be subject to different open source licenses (0003; see also 0015); the unpacking engine 115 may determine a file type for each unpacked file based on the metadata or other information derived for the unpacked source files... code-based binaries (typically .dll and .exe files) may be identified as likely including or referencing source code (0073); a given package may contain several different software components (e.g., libraries, main application, test suites, etc.), yet different open source licenses may vary in whether they permit or prohibit the use of different or incompatible licenses for the various components (0003); object files or static library components and less closely related to shared libraries (0110); identify further dependency information relating to software under review (e.g., linkable objects exported by a package or source binary, statically linked objects included from other packages, dynamically linked objects that reference other packages, etc.) (0013; see also 0069, claim 3)] Weigert discloses unpacking source code files as deeply as possible while also deriving metadata describing the unpacked file, and determining a file type for each unpacked file, and notes files may be object files, libraries, binary files, and dll. fnd exe. files (i.e., library files may be executable files, binary files, static files, or dynamically linked files. As noted above, Weigert does not appear to explicitly recite components having a strong, permissive, or weak copyleft license. 
Particularly regarding wherein the file type is one of a snippet, [a file or a library] […] determining if a component is modified [wherein when the usage type is the snippets (Snip) for the OSSAMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 3 component then the associated attribute is modification]
Weigert describes snippets in the context of scanning source code, applying rules, identifying potential undocumented source code usage (0132-1035, 0142). Weigert also notes that individual clauses may be added to a license and the meaning of a clause or a license may be modified (0051, 0053), and describes cases where the modify operator has been used to add additional permissions or to counteract obligation clauses in a license (0052), and notes some complex licenses may have an “Equivalents” attribute that identifies alternative expressions for the same license and that clauses may be added or rescinded (0053). While this disclosure describes snippets and modifications, the disclosure below particularly teaches or suggests a snippet and determining if a component is modified [wherein when the usage type is the snippets (Snip) for the OSSAMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 3 component then the associated attribute is modification]:
[the code provenance engine 135 may also use the text fracturing module 150 to similarly fracture or otherwise sub-divide source files under review into blocks and/or sub-blocks, which may be compared against the blocks and/or sub-blocks for the known open source. For example, in one implementation, the code provenance engine 135 may use the fingerprinting module 155 to create a unique fingerprint for the blocks and/or sub-blocks of the known open source and the source file under review, wherein a match between the unique fingerprints may indicate whether the source file has undocumented and/or improperly documented source code (0095)] The Examiner interprets blocks and sub-blocks as snippets. The Examiner notes Applicant’s specification describes determining if a component is modified as being met by simply identifying the file type of the component as being a snippet (see Applicant’s specification at 0040) (i.e., if a component is a snippet, then the component has to have the attribute of modification since the original open source component was modified to become a snippet of the original open source component).
The Examiner interprets the disclosure as related to the code provenance engine using the text fracturing module to fracture or otherwise subdivide source files under review into blocks and sub-blocks, which may be compared against the blocks and/or sub-blocks for the known open source components and creating a unique fingerprint for the blocks and/or sub-blocks of the known open source and the source file under review, wherein a match between the unique fingerprints may indicate whether the source file has undocumented and/or improperly documented source code as teaching or suggesting a snippet and determining if a component is modified [wherein when the usage type is the snippets (Snip) for the OSSAMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 3 component then the associated attribute is modification]. However, in view of the claims being rejected under 35 U.S.C. 112(b), in order to advance compact prosecution, additional prior art will be introduced to more explicitly address the limitations as related to wherein the file type is…a snippet.
Weigert further discloses:
and wherein the file type is indicative of one or more attributes for the one or more OSS components used as part of software development or is indicative of one or more listed open source components being used as part of software development;
[the unpacking engine 115 may determine a file type for each unpacked file based on the metadata or other information derived for the unpacked source files (0073, 0127); The unpacking engine may recursively unpack source code files as deeply as possible, while also deriving metadata describing the unpacked files (e.g., package name, version, release, etc.) (0015); the compatibility of different open source licenses may not always be clearly discernable, as a given package may often [include] several different software components (e.g., libraries, main application, test suites, etc.) (0003; see also 0001-0007); The licenses may be described in the license database according to a condensed license description syntax, which may contain a limited number of verifiable attributes to provide precision and lack of redundancy in describing known software licenses (0009); the software diligence engine 110 may scan software to identify, among other things, information relating to open source licenses, patent, copyright, trademark, and other intellectual property usage, e-mail addresses (e.g., to identify a developer or project manager), URLs, and indications of cryptography (e.g., to comply with export regulations) (0061); a report may be generated for the source file to provide information relating to matching licenses, a risk level, a distribution status, and/or other information relevant to compatibility and compliance with one or more software due diligence issues (0019; see also 0032, 0058, 0173); the license review system 105 may facilitate identification of various software due diligence problems, including review for compliance and compatibility with open source or other software licenses, as well as compliance with export regulations, internal policies, or other controls (0058)] As described by Weigert, a package received for review may include several different software components with different open source licenses, wherein the system may unpack the source files and determine a file type for each unpacked file based on the metadata (e.g., package name, version, release, etc.) [i.e., attributes associated with the file type], or other information derived for the unpacked source files, wherein the software diligence engine may scan software to identify, among other things, information relating to open source licenses, patent, copyright, trademark, and other intellectual property usage, e-mail addresses (e.g., to identify a developer or project manager), URLs, and indications of cryptography (e.g., to comply with export regulations), wherein the system may facilitate identification of various software due diligence problems, including review for compliance and compatibility with open source or other software licenses, as well as compliance with export regulations, internal policies, or other controls, wherein a report may be generated for the source file to provide information relating to matching licenses, a risk level, a distribution status, and/or other information relevant to compatibility and compliance with one or more software due diligence issues. The Examiner interprets the disclosure of Weigert as teaching or suggesting wherein the file type is indicative of one or more attributes for the one or more OSS components used as part of software development or is indicative of one or more listed open source components being used as part of software development.  
Weigert further discloses:
identifying as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute; 
[The licenses may be described in the license database according to a condensed license description syntax, which may contain a limited number of verifiable attributes to provide precision and lack of redundancy in describing known software licenses (0009); the code provenance engine 135 may be configured to determine whether software actually includes undocumented and/or improperly documented source code (particularly when the software is identified as closed source or proprietary) (0094; see also 0018, 0020, 0034, 0089); after the list of logical fragments has been generated in operation 530, the individual fragments may be further analyzed to identify potentially undocumented source code (0142); see also 0150-0153 discussing generating a fingerprint for the received source file, matching the source file to a database or other repository, and failing to match the source file); In cases where a report indicates that the batch mode review only achieved partial coverage for a reviewed package, a manual review may be required to achieve full coverage (0066); Questionable cases may be excluded from being listed among the inclusions (0046)] Weigert also describes cases where the modify operator has been used to add additional permissions or to counteract obligation clauses in a license (0052), and notes some complex licenses may have an “Equivalents” attribute that identifies alternative expressions for the same license and that clauses may be added or rescinded (0053) (i.e., a modify operator to counteract an obligation clause, an ”Equivalents” attribute, and a clause being rescinded may be interpreted as corresponding to having a match but characterized by at least one missing attribute). The Examiner interprets the disclosure as teaching or suggesting identifying as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute.
Weigert further discloses:
periodically comparing the one or more unidentified components with the OSS components in the first OSS database (DB1) to identify one or more new matches based on continual updation of OSS components available in the public domain; 
updating a second OSS database (DB2) comprising at least some of the one or more OSS components in the product having the one or more new matches, wherein the one or more new matches, the one or more unidentified components are categorized as at least of the one or more proprietary components and OSS components being previously available in the public domain; 
	[a review may be automatically scheduled whenever an existing package is updated in the build system (0012; see also 0016, 0059, 0063, 0112, 0117, 0152, 0153); unmatched keywords may identify new relevant (or irrelevant) text patterns, which may be used to create new text patterns based on how certain keywords appear within source code (e.g., a dialogue window may present context surrounding the unmatched keyword, wherein the context may be edited to create a new text pattern to cover the unmatched keyword) (0018; see also 0150); The fingerprints may then be recorded in a database or another suitable repository in an operation 560, and a subsequent operation 565 may include identifying potentially undocumented source code if the fingerprint generated for any of the source code under review matches the fingerprint generated any of the third-party source code (0016, 0149); the list of logical fragments generated in operation 530 may be recorded in a manner suitable for subsequent analysis (e.g., in a fingerprint database) (0016, 0141); if any new keywords and/or text patterns have been added since the prior review, the source file may be searched again (0152); the code provenance engine may determine whether software identified as closed source (or proprietary) actually includes undocumented and/or improperly documented open source components (0020, 0094, 0130); the attribute may be used to detect and remove obsolete text patterns at regular intervals (0093)]
performing an OSS compliance analysis for the one or more OSS components in the product based on the usage type, the attributes associated thereof comprised in the second OSS database (DB2) and one or more pre-defined rules, 
[the license description syntax may include one or more attributes for describing the various software licenses in the license database 185b. In particular, a given software license described in the license database 185b may be associated with some or all of the following attributes of the license description syntax: (0036); the software diligence engine 110 may be configured to review one or more source code packages for various compliance issues (0070); derive metadata describing the unpacked source files (e.g., package name, version, release, etc.) (0071); the code provenance engine may use a set of rules (0021-0022); one or more rules to govern remediation of any compliance issues, construct workflows to manage the remediation, or otherwise finalize the due diligence review process (0023); one or more rules may define default operator precedence conditions as related to a combination of license schemes (0050-0051); implement package-specific rules or policies to govern remediation of any issues (e.g., notifying the developer of the potential issue, restricting use based on the severity of the issue, etc.). Relevant rules and/or policies may also be attached to database entries associated with remediated software in order to prevent recurrence of the issue in subsequent or related versions of the software (0065)]
wherein the attributes are stored in the second OSS database (DB2) in a pre-defined format that facilitates in faster retrieval of information from the second OSS database (DB2); 
[the system for automating software due diligence may include a license database that stores information describing various software licenses. The licenses may be described in the license database according to a condensed license description syntax, which may contain a limited number of verifiable attributes to provide precision and lack of redundancy in describing known software licenses. In particular, a given entry in the license database may uniquely describe one version of a software license, even for licenses that may have multiple names known to be in circulation (e.g., because of the existence of multiple sources and/or authors for the license). For example, in one implementation, the license description syntax may provide a short name and/or an integer identifier to each license described in the license database, wherein the short name and/or integer identifier may be restricted to one use within a namespace for the license database. If the authoritative text for a particular license falls into disuse or undergoes substantial revision, a new short name and/or integer identifier may be assigned to the license. Thus, the license description syntax may enable the license database to be established as a global license database (or library), which may be made available for public, private, or other forms of access (0009); the information retrieved from the build system 190 and downloaded to the local review database 180 may include, among other things, license information from the license database 185b, package information from the package database 190a, and/or report information from the reports database 185a (0064)] The Examiner interprets the disclosure as related to: the licenses being described in the license database according to a condensed license description syntax, which may contain a limited number of verifiable attributes to provide precision and lack of redundancy; a given entry in the license database may uniquely describe one version of a software license; the license description syntax may provide a short name and/or an integer identifier to each license described in the license database; the information retrieved from the build system and downloaded to the local review database may include, among other things, license information from the license database; and the license description syntax may enable the license database to be established as a global license database as teaching or suggesting wherein the attributes are stored in the second OSS database (DB2) in a pre-defined format that facilitates in faster retrieval of information from the second OSS database (DB2).
Weigert further discloses:
generating a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or moreFiling Date: 06/28/2018 OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein, 
[one or more reports may be constructed for the package based on the batch review performed (0113); reports stored in the reports database 185a may expose a degree to which a particular package was covered during the batch mode review of the package (0066); a report may be generated for the source file to provide information relating to matching licenses, a risk level, a distribution status, and/or other information relevant to compatibility and compliance with one or more software due diligence issues (0019; see also 0035, 0059, 0065-0066, 0114); If the software under review includes one or more open source licenses or other relevant legal language, the system may check for permissions and obligations associated with attributes of the open source licenses or other legal language to draw inferences regarding potential compliance problems (0008; see also 0002-0008, 0032, 0058, 0097-0098, 0113, 0120, 0173); Any new packages may be initially associated with a "candidate" status, wherein candidate packages may initially be blocked from distribution pending due diligence review. If the candidate package is determined to be in compliance with open source licenses, export regulations, and other requirements, the status of the package may be changed to "production" status to permit distribution (0012)] The Examiner interprets the status of the package may be changed from “candidate” to "production" to permit distribution as a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein.
adaptively learning the one or more OSS components and the attributes associated thereof comprised in the comprehensive report (R5) 
	[The licenses may be described in the license database according to a condensed license description syntax, which may contain a limited number of verifiable attributes to provide precision and lack of redundancy in describing known software licenses (0009); the license review system 105 may associate each reviewed file, package, binary object, or other software component with a reference to the corresponding report (0059); the software diligence engine 110 may generally be configured to manage various aspects of searching the plain text information to locate any text matching one or more interactively learned patterns identified as relevant to due diligence review (e.g., patterns stored in the license database 185b that correspond to known open source licenses, cryptography, patent or copyright usages, etc.) (0075); ; the interactive process constructing a report for reviewed software may be used to expand the information contained in the license database 185b to ensure that subsequent batch mode reviews will have full coverage for the same or related versions of the package (e.g., uncovered patterns in a given package may be analyzed and associated with a description in the license database 185b, whereby the patterns may be available in subsequent batch mode runs) (0066; see also 0076, 0111, 0116-0119); compliance officers or other authorized reviewers may add new rules, modify or remove existing rules, or otherwise tailor the methodology for determining license distance based on learned experience or other factors (0111; see also 0066-0067)]
	and updating the second OSS database (DB2); and
	[The various relationships among binary packages and their dependent objects may then be used to construct the dependency graph in an operation 350. As such, the dependency graph may provide a building block having sufficient information to establish a dependency graph between various segments of related source code, whereby an operation 360 may include mapping the various information in the dependency graph to relevant source files for subsequent due diligence review. Subsequently, an operation 365 may include updating the derivative database, wherein any dependency information or other information identified for the scanned binary may be stored in the derivative database (0122; see also 0013, 0069); new patterns relevant to due diligence review have been added to the system…the previous review may be automatically updated to account for the new patterns (0017); various components of the system (e.g., the crawler 145) may know where to look for updated information (0035); the list of keywords stored in the license database 185b may be dynamically updated as necessary to add new keywords, remove bad keywords, make certain keywords weak, and otherwise maintain the list of keywords as may be appropriate (0084)]
	Regarding, “determining, the one or more OSS components that are selected for a final deliverable based on the final attribute, wherein each of the one or more OSS components that are compliant are either compiled with the proprietary component, or not compiled with the proprietary component but are part of the final deliverable,” as discussed above, in order to advance compact prosecution, the Examiner interprets the limitation to be met by prior art that teaches or suggests, “determining that the one or more OSS components that are selected for a final deliverable are compliant based on the final attribute, wherein the one or more OSS components that are selected for the final deliverable are either compiled with the proprietary component or not compiled with the proprietary component but are part of the final deliverable.”  
	Weigert discloses:
	determining, the one or more OSS components that are selected for a final deliverable are compliant based on the final attribute, wherein the one or more OSS components that are selected for the final deliverable are either compiled with the proprietary component or not compiled with the proprietary component but are part of the final deliverable.”  
[whenever a new software package is compiled or otherwise submitted to the build system, the software diligence engine may automatically schedule a review of the package submission for compliance issues, construct a report for the review, and estimate a risk level for the reviewed package (0012); a report may be generated for the source file to provide information relating to matching licenses, a risk level, a distribution status, and/or other information relevant to compatibility and compliance with one or more software due diligence issues (0019; see also 0163-0164, 0173); The license review system 105 may then check for permissions and obligations associated with various attributes of the declared open source licenses, contradictions or relaxations with regard to other license declarations, or other information associated with open source licenses (0058; see also 0101); the compliance reports may also include an indication of whether the software component includes multiple licenses or inter-package relationships (0023); Any new packages may be initially associated with a "candidate" status, wherein candidate packages may initially be blocked from distribution pending due diligence review. If the candidate package is determined to be in compliance with open source licenses, export regulations, and other requirements, the status of the package may be changed to "production" status to permit distribution (0012)] Additionally, the Examiner notes the limitations above are substantially similar to the previous limitations comprising, “receiving a product embedded with one or more Open Source Software (OSS) components, and analyzing the received product for OSS compliance and prevent OSS contamination of one or more proprietary components… performing an OSS compliance analysis for the one or more OSS components in the product…generating a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein,” (i.e., “a product embedded with one or more Open Source Software (OSS) components,” corresponds to a final deliverable comprising one or more selected OSS components, wherein the one or more selected OSS components are not compiled with the proprietary component but are part of the final deliverable, wherein the one or more selected OSS components are determined to be compliant. While the disclosure of Weigert teaches or suggests determining that the one or more OSS components that are selected for a final deliverable are compliant based on the final attribute, wherein the one or more OSS components that are selected for the final deliverable are either compiled with the proprietary component or not compiled with the proprietary component but are part of the final deliverable, in view of the claims being rejected under 35 U.S.C. 112(b), in order to advance compact prosecution, additional prior art will be introduced to more explicitly address the limitations in the context of determining OSS components selected for a final deliverable are compliant and either compiling the selected OSS components with the final deliverable or the OSS components being part of the final deliverable but not compiled with the proprietary component.


Regarding the limitations as related to the file type being a snippet and attributes associated with the file types, Sass — which is directed to a system and method for checking open source usage — discloses (while additional portions of the claim limitations are included to provide context and support the motivation and rationale to combine the cited prior art, note the portion in italics/bold is what has not explicitly been addressed and/or what is being addressed): 
identifying a usage type for the one or more OSS components in the product […]  wherein the usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary type; defining the usage type of the OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library(Compd), and 
[One technical solution comprises a method and system for discovering open source projects, parts of which are being used within source files…The method and apparatus thus provide for identifying source code associated with open source repository, within another set of source code files (0023); code that is part of one or more products may be examined (0027); Open source may be provided as one or more binary libraries, compiled files, one or more file hierarchies of source code, or the like. Open source may be found in user's code as one or more binary files, one or more source files, or one or more code snippets within source files (0019); The components may be arranged as one or more executable files, dynamic libraries, static libraries, methods, functions, services, or the like (0084); If one or more matches are found, it is assumed that the user's code contains the code from the respective open source project (0037); identifying code snippets, which are literally or conceptually copied from known open source projects (0038)]
determining if a component is modified, wherein when the usage type is the snippets (Snip) for the OSSAMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 3 component then the associated attribute is modification, 
[A user may then take the project, change one or more files, add a notice that the amended files are subject to a second license, and make the amended project publicly available. A second user may then use the amended project, which is associated with the first and the second licenses (0021); The characteristics, or signatures may be determined for entities such as a file, or any part thereof (0025; see also 0086, 0089, 0094); If a sequence or a subsequence appearing in a user's code entity is found in the repository, an indication may be provided that the user's code contains or is highly similar to code contained in one of the open source projects contained in the repository (0042)]
and the snippets (Snip) is indicative of one or more attributes for the one or more OSS components used as part of software development and wherein the Static library (Comps) and the dynamic library (Compd) is indicative of one or more listed open source components being used as part of software development; 
[The characteristics, or signatures may be determined for entities such as a file, or any part thereof (0025; see also 0086, 0089, 0094); The characteristics for the user code may be determined (0030); the characteristic and an identifier of the entity, such as the file library or the file name, may be stored in the repository (0053); Exemplary characteristics may include but are not limited to: a result of a hash function such as SHA-1 function applied to the entity, for example a file…part of a file, specific range of lines from a file, a function, a method, a file library, a directory, or the like (0047); the repository may comprise for each version of each entity [i.e., a file] the name and version of the open source project it belongs to, the entity name, its characteristics, the license associated with the open source project, and possibly additional attributes and information related to the open source project, such as vulnerabilities, bugs, quality issues, reports on trends, replacements, what other users use the open source project for (0024; see also 0021); Pane 212 may provide further details of the open source project found to be used, such as its version, license, and a notice related to the usage of the project in the user's organization (0075)] The disclosure describes source files as comprising a plurality of files, which may include files, snippets, a file library, or the like. The Examiner interprets the disclosure as describing snippets as comprising characteristics and describes snippets as comprising the attribute of being a modified component and as being used as part of software development. The Examiner interprets the disclosure as related to source code characteristics, additional attributes and information, and details comprising its version, license, a notice related to the usage of the project in the user's organization, and replacements as corresponding to the file type being indicative of one or more listed open source components being used as part of software development. 
Additionally and alternatively, Sass further discloses:
wherein the attributes are stored in the second OSS database (DB2) in a pre-defined format that facilitates in faster retrieval of information from the second OSS database (DB2); 
[the characteristic and an identifier of the entity, such as the file library or the file name, may be stored in the repository (0053); Storage device 312 may store characteristic determination component 320 for applying one or more algorithms to a source code entity, and obtaining a characteristic such as a numeric value, a sequence of keywords or identifiers, or the like (0086); comparing the characteristic of the source code entity to be checked to characteristics stored in a repository (0014; see also 0029); the characteristics may be stored in a manner that enables fast search, for example in a sorted manner (0054)] The Examiner interprets the disclosure as related to file characteristics being stored in the repository in a manner that enables fast search, for example in a sorted manner, as teaching or suggesting the limitations.
Weigert teaches a system and method for automating software due diligence. Sass teaches a system and method for checking open source usage. As such, each of the cited prior art are in the field of Applicant’s endeavor and/or are reasonably pertinent to the particular problem with which Applicant was concerned.
	The difference between Sass and Weigert is that Sass discloses one or more code snippets within source files.
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features of one or more code snippets within source files (as taught by Sass) with the system and method for automating software due diligence (as taught by Weigert) in order to provide a method and system for discovering open source projects, parts of which are being used within source files, e.g., identifying logical entities, such as an open source library from physical parts such as user files or parts thereof (Sass 0023), identify whether a programming project contains open source (Sass 0011, 0019, 0023), identify which open source project and which version thereof the source code belongs to (Sass 0020), and identify which license the source code may be associated with, or additional data related to used open source projects (Sass 0020).
The combination of Weigert and Sass does not appear to explicitly recite components having a strong, permissive, or weak copyleft license.
	However, Sahoo — which is directed to a system and method for verifying compatibility among software components, more particularly open source software — discloses (while additional portions of the claim limitations are included to provide context and support the motivation and rationale to combine the cited prior art, note the portion in italics/bold is what has not explicitly been addressed and/or what is being addressed): 
categorizing, the one or more OSS components in the product […] as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft license; 
[The present invention generally relates to a system and method for verifying compatibility among software components, more particularly open source software (0001); A categorizing module, another processor executable programmed module is configured for categorizing the received software components based on their licensing information (0017); One of the modules of the auto-license compatibility verifier is the receiving module which is configured for receiving required software components along with their licensing information that are used in the developed or conceptualized software solution. The licensing information may include different categories of the software licenses such as strong copyleft license, weak copyleft license or permissive license or the licensing information may also include version of the software components and its license type and version number such as GNU General Public License (GPL), GNU Lesser General Public License (LGPL), Berkeley Software Distribution License (BSD) etc. After receiving the required software components, a categorizing module upon execution of the processor is configured for categorizing the received software components based on their licensing information. Upon categorization of the software components, a mapping module, one of the processor-executable module of said computer-implemented system is further configured for mapping the licensing information of the received and thereafter categorized software components with respect to the previously stored licensing information which is stored in the database for ensuring the compatibility of the software components among them, wherein the database is stored in the memory of the said computer-implemented system (0023; see also 0007-0010, 0017, 0026)] The Examiner interprets the disclosure as teaching or suggesting categorizing, the one or more OSS components in the product […] as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft license.
Additionally and alternatively, regarding the limitations in the context of determining if a component is modified, performing an OSS compliance analysis for the one or more OSS components in the product, and determining OSS components selected for a final deliverable are compliant and either compiling the selected OSS components with the final deliverable or the OSS components being part of the final deliverable but not compiled with the proprietary component, Sahoo further discloses:
	determining if a component is modified...performing an OSS compliance analysis for the one or more OSS components in the product based on…one or more predefined rules…generating a comprehensive report (R5) based on the OSS compliance analyses…indicative of compliance…determining, the one or more OSS components that are selected for a final deliverable […], wherein each of the one or more OSS components that are compliant are either compiled with the proprietary component, or not compiled with the proprietary component but are part of the final deliverable.  
	[receiving the required software components along with their licensing information that are used in the developed or conceptualized software solution (0017); verifying compatibility among two or more software components of the developed or conceptualized software solution, characterized by dynamically tracing licensing information of the software components in relative to the pre-stored licensing information which are stored in the database (0017; see also 0026); The licensing information may include different categories of the software licenses such as strong copyleft license, weak copyleft license or permissive license or the licensing information may also include version of the software components and its license type such as GNU General Public License (GPL), GNU Lesser General Public License (LGPL), Berkeley Software Distribution License (BSD) etc. (0026); The step of mapping is performed for ensuring the compatibility of the received and thereafter categorized software components among them which are used in the developed or conceptualized software solution. On the basis of the mapping information received and after ensuring the compatibility among the software components, an intelligent query module (108) is configured for displaying the pre-defined queries to the user upon which the user is prompted to respond. The respond made by the user is further processed by the auto-license compatibility verifier for confirming whether the software components of which the licensing information is mapped are compatible or incompatible among them or not (0033); The generation module (110) is configured for generating a report which is based on the user response made by the user upon the displayed pre-defined queries for the verified and compatible software components. Upon verification of the compatibility among the software components which are used in the developed or conceptualized software solution, the software developers are ensured that the developed software solution is free from the licensing implications and can be redistributed or commercially exploited in the market (0034)
Sahoo describes an exemplary embodiment (at 0041-0050) wherein a software solution, ABCsoft, is considered as the developed or conceptualized software solution for which three different open source software are used, each of the open source software is having their own licensing restrictions or licensing information, wherein before the software solution ABCsoft is redistributed or commercially exploited in the market, it is necessary for the developers to verify whether the used open source software components are compatible among themselves or not (see 0041). Various steps are performed by the said processor-executable programmed modules for verifying the compatibility among the software components (see 0042). The receiving module receives the three open source software with version number along with their licensing information. The said license type is part of the licensing information, wherein the licensing information may also include different categories of the software licenses such as strong copyleft license, weak copyleft license or permissive license or the licensing information may also include version of the open source software (see 0043). The mapping module selects and maps each of the open source software, one at a time (see 0045). The generation module generates a report for the confirming the compatibility or incompatibility of the open source software (see 0049, Table 1), wherein OSS components may be dynamically linked from the solution based on the OSS components not being modified (Table 1c.), the OSS components may be compiled along with the software solution based on the OSS components being modified (Table 1d.), or the selected combination of the OSS components along with its licenses allow you to redistribute or commercially exploit the software solution under any chosen license term (Table 1e.)

    PNG
    media_image1.png
    308
    333
    media_image1.png
    Greyscale

	
As described by Sahoo, ABCsoft is a conceptualized software solution for which three different open source software are used (i.e., a final deliverable comprising one or more OSS components), wherein the system may verify compatibility among the software components of the conceptualized software solution based on categorizing license information categorized as strong copyleft license, weak copyleft license or permissive license (i.e., determining the one or more OSS components selected for a final deliverable are compliant). The system may determine whether or not the open source components are being modified, and generate a report based on the compliance analysis indicative of compliance of the one or more open source software components selected for the final deliverable. The report describes license obligations, whether source code is modified or not modified, describes the solution as comprising a dynamically linked library, and notes the open source software as being modified, distribution permission, and permission to compile OSS components along with the solution. The Examiner interprets the referenced, “solution,” as a final deliverable comprising one or more pen source software components selected. The Examiner interprets the disclosure as teaching or suggesting determining if a component is modified...performing an OSS compliance analysis for the one or more OSS components in the product based on…one or more predefined rules…generating a comprehensive report (R5) based on the OSS compliance analyses…indicative of compliance…determining, the one or more OSS components that are selected for a final deliverable. The Examiner interprets the disclosure, particularly as related to Table 1c.-1e., as teaching or suggesting wherein each of the one or more OSS components that are compliant are either compiled with the proprietary component, or not compiled with the proprietary component but are part of the final deliverable.    
Weigert teaches a system and method for automating software due diligence. Sass teaches a system and method for checking open source usage. Sahoo teaches a system and method for verifying compatibility among software components, more particularly open source software. As such, each of the cited prior art are in the field of Applicant’s endeavor and/or are reasonably pertinent to the particular problem with which Applicant was concerned.
The difference between Sahoo and the combination of Weigert and Sass is that Sahoo discloses categorizing the received software components based on their licensing information, licensing information may include different categories of the software licenses such as strong copyleft license, weak copyleft license or permissive license, verifying compatibility among two or more software components of the developed or conceptualized software solution by dynamically tracing licensing information of the software components in relative to the pre-stored licensing information which are stored in the database, verification of the compatibility among the software components which are used in the developed or conceptualized software solution, and generating a report for the verified and compatible software components indicating OSS components may be dynamically linked from the solution based on the OSS components not being modified or the OSS components may be compiled along with the software solution based on the OSS components being modified.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features of one or more code snippets within source files (as taught by Sass) and the features of categorizing the received software components based on their licensing information, licensing information may include different categories of the software licenses such as strong copyleft license, weak copyleft license or permissive license, verifying compatibility among two or more software components of the developed or conceptualized software solution by dynamically tracing licensing information of the software components in relative to the pre-stored licensing information which are stored in the database, verification of the compatibility among the software components which are used in the developed or conceptualized software solution, and generating a report for the verified and compatible software components indicating OSS components may be dynamically linked from the solution based on the OSS components not being modified or the OSS components may be compiled along with the software solution based on the OSS components being modified (as taught by Sahoo) with the system and method for automating software due diligence (as taught by Weigert) in order to enable mapping of licensing information of the received and thereafter categorized software components with respect to the previously stored licensing information which is stored in the database for ensuring the compatibility of the software components among them, wherein the database is stored in the memory of the said computer-implemented system (Sahoo 0023; see also 0007-0010, 0017), dynamically verify the compatibility of different software components such as open source software which are used in a software solution (Sahoo 0005), and enable dynamic verification of compatibility among software components by tracing licensing information of said software components relative to the previously stored licensing information in a database (Sahoo 0006).

Regarding claims 2 and 7, the combination of Weigert, Sass, and Sahoo teaches the limitations of claims 1 and 6.
	Weigert further discloses:
wherein the attributes stored in the second OSS database (DB2) in the pre-defined format include OSS component name, OSS component version, OSS component home page URL, OSS component license type, OSS component license URL, OSS component attribution note, the usage type, commercial distribution permission, OSS component compile permission, license compatibility with the OSS component license type associated with other OSS components comprised in the product or compatibility with proprietary license.  
	[the system for automating software due diligence may be used to track licenses, risk levels, distribution status, and other compliance issues for software subject to due diligence review. In particular, the system may be used to review software to identify references to known open source licenses, external licenses, end user license agreements, other software licenses, and/or cryptographic algorithms that may present issues for export controls or regulations (e.g., using cross-references to software known to have export defects). If the software under review includes one or more open source licenses or other relevant legal language, the system may check for permissions and obligations associated with attributes of the open source licenses or other legal language to draw inferences regarding potential compliance problems (0008; see also 0002-0008, 0032, 0058, 0097-0098, 0173); The license review system 105 may then check for permissions and obligations associated with various attributes of the declared open source licenses, contradictions or relaxations with regard to other license declarations, or other information associated with open source licenses (0058; see also 0101); a license database 185b may be configured to store information that describes various software licenses, and a reports database 185a may be configured to store information that describes results of software due diligence review. In one implementation, the licenses may be described in the license database 185b according to a condensed license description syntax, which may contain a limited number of verifiable attributes for known software licenses. The license description syntax may be designed to provide precision and lack of redundancy in the description of software licenses. In particular, a given entry in the license database 185b may be used to uniquely describe one version of a software license, even for licenses that may have multiple names known to be in circulation (e.g., because of the existence of multiple sources and/or authors for the license)… the reports database 185a and/or the license database 185b may be established as a global license database (or library) (0035; see also 0015); the license description syntax may include one or more attributes for describing the various software licenses in the license database 185b. In particular, a given software license described in the license database 185b may be associated with some or all of the following attributes of the license description syntax: (0036); Full Name: Provides a descriptive and distinct full name for the license, as drafted by the initial author, which may further include a version number and/or timestamp (0037); Short Name: Provides a truncated name for the license, which may be condensed for practical human usage, while also being distinct across the entire namespace. Each short name contains a name element, and each short name further contains a version identifier and/or a descriptive identifier (0038); Name Element (0039); Version Identifier (0040); Descriptive Identifiers (0041); Full Text List: Provides known Uniform Resource Locators (URLs), expected to be persistent, which contain the full text of the license (0042); Alias List (0043); Classification Path: Provides a hierarchical path for classifying or otherwise organizing various software licenses (0044); Integer Identifier: Provides a numeric integer for uniquely identifying the license (0045); Inclusions List (0046); Complex License List: Provides a list of licenses considered synonymous, equivalents of, or otherwise related to the license being described, wherein each complex license is expressed using one or more elements of the license description syntax as a vocabulary. Complex licenses may include choice licenses (e.g., dual licenses, triple licenses, etc.), mixed licenses, modified licenses, or other interactions among a plurality of licenses (0047); Choice Licenses: Require a user to choose at least one license from a given list that includes a plurality of licenses (0048); Mixed Licenses: Require a user to concurrently comply with the terms of a plurality of licenses (0049); Aggregation Classes: Combinations of choice license schemes (e.g., dual licenses, triple licenses, etc.) and/or mixed license schemes can often exist for a given package (0050); Additions, Exclusions, or Modifications: The logical AND operator may be used to add individual clauses to a license, or to add individual licenses to a license class…modify the meaning of a clause or a license (e.g., to add additional permissions or to counteract obligations or other terms associated with a particular license) (0051); Clause Identifiers: Individual clauses may be identified using a clause identifier…add additional permissions or to counteract obligation clauses in a license (0052); Equivalents: Various complex licenses may be well known in their own right (e.g., when complex licenses are prominent enough to have a set of known attributes or characteristics). Thus, some complex licenses may have an "Equivalents" attribute that identifies alternative expressions for the same license (0053); Public Comments: Provides cross-references to public reviews and comments for a license, which may originate from a newsgroup, a web page, a mailing list, a blog, or another public forum or source (0054); Additional Attributes: Provides extensibility where additional attributes may be defined to describe the license… The additional attributes may be defined as Boolean variables to provide a simple binary setting (e.g., Y/N, 1/0, etc.), and in one implementation, the setting for the attributes may optionally be permitted to remain undefined. In one implementation, additional attributes may be phrased as questions that can be answered from the license text (0055); remediate issues identified in the batch review, override blocks or permissions on distribution of the package, or otherwise finalize the due diligence review for the package (0115); the report may identify a risk level, distribution status, and/or matching licenses, among other things, thereby providing various types of information that can be used to ensure compatibility and compliance for software subject to due diligence review (0173); in addition to being reviewed for keywords and text strings that indicate references to one or more licenses in the license database 185b, the license review system 105 may include a code provenance engine 135 configured to review software for undocumented and/or improperly documented source code. For example, open source components may typically carry prominent copyright and/or license information, and may liberally point to sources of borrowed code, while closed source (or proprietary) components do not. As such, because the absence of relevant keywords or text patterns in a source file may not necessarily indicate that the source file is free of software due diligence issues, the code provenance engine 135 may be configured to determine whether software actually includes undocumented and/or improperly documented source code (particularly when the software is identified as closed source or proprietary) (0094; see also 0020, 0034)]
	The Examiner notes the limitation comprises a list of generic attributes associated with OSS components and asserts the cited prior art teaches or suggests the limitations.
	Additionally, the discussion of the disclosure of Sahoo as related to claim 1 applies here, as well. Sahoo describes a report generated for a described scenario in Table 1 regarding a solution (0049). The report describes license obligations, whether source code is modified or not modified, describes the solution as comprising a dynamically linked library, and notes the open source software as being modified, distribution permission, and permission to compile OSS components along with the solution.
		
	Regarding claims 3 and 8, the combination of Weigert, Sass, and Sahoo teaches the limitations of claims 2 and 7.
	The Examiner notes claim 1 and claim 6 comprise categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft license, identifying as one or more unidentified components, and generating a comprehensive report (R5) based on the OSS compliance analyses. Claims 3 and 8 comprise generating four reports, and do not comprise elements not previously addressed. The Examiner asserts the comprehensive report based on the OSS compliance analysis may be interpreted as comprising the four separate reports referenced in claims 3 and 8. 
	Weigert further discloses:
	further comprising: a first report (R1) pertaining to the one or more unidentified components; a second report (R2) pertaining to the one or more OSS components in the product having the strong copyleft license; a third report (R3) pertaining to the one or more OSS components in the product having the weak copyleft license; and a fourth report (R4) pertaining to the one or more OSS components in the product having the permissive license.  
	[one or more reports may be constructed for the package based on the batch review performed (0113); a report may be generated for the source file to provide information relating to matching licenses, a risk level, a distribution status, and/or other information relevant to compatibility and compliance with one or more software due diligence issues (0019; see also 0035, 0059, 0065)]
	The Examiner notes the limitations are recited in a manner in which the motivation and rationale discussed for claims 1 and 6 applies here, as well.

	Regarding claims 4 and 9, the combination of Weigert, Sass, and Sahoo teaches the limitations of claims 3 and 8. The Examiner notes claims 1 and 6 comprise, one or more pre-defined rules. Claims 4 and 9 simply provide examples of predefined rules. 
	Weigert further discloses:
	wherein the one or more pre-defined rules comprise: 
	rejecting an OSS component if associated with the strong copy left license; 
	approving an OSS component for inclusion in the second OSS database (DB2) if associated with the weak copy left license and the usage type is one of the library not compiled with the product or the file not compiled with the product; 
	rejecting an OSS component if associated with the weak copy left license and the usage type is one of the library compiled with the product or the file compiled with the product; 
	rejecting an OSS component if associated with the weak copy left license and the usage type is the snippet; and 
	approving an OSS component for inclusion in the second OSS database (DB2) if associated with the permissive license and the usage is one of the library, the snippet or the file.  
	[the system may create a compliance report after software has been subject to due diligence review, including license review and/or export review. The compliance report may be attached to appropriate entries in the package database, and may indicate a level of risk that a particular software package or portion thereof may raise. Compliance officers or other authorized reviewers may then analyze the reports to determine how to handle distribution of the software, define one or more rules to govern remediation of any compliance issues, construct workflows to manage the remediation, or otherwise finalize the due diligence review process (0065); the reports constructed in operation 220 may include a risk level that provides a metric for any software due diligence issues that may have been identified in operation 215. If the risk level for a reviewed package does not exceed a predetermined product-specific threshold, the package may receive a status of "production" in an operation 240, thereby allowing the package to be distributed. If the risk level exceeds the threshold, however, distribution of the package may be blocked (0114)] The Examiner interprets packages receiving a status of “production” or being blocked based on rules associated with risk thresholds as accepting or rejecting an OSS component. 
	Weigert describes defining one or more rules to apply based on a compliance report after software has been subject to due diligence review, including license review and/or export review indicating a level of risk that a particular software package or portion thereof may raise, and provides examples of risk levels that provide a metric for any software due diligence issues that may have been identified and examples of  packages receiving a status of “production” or being blocked based on rules associated with risk thresholds. Weigert describes rules based on risk levels and metrics.
	Additionally, Weigert notes exemplary rules and license distances reflect relative importance and reliability of various factors relating to license declarations and component relationships, the reliability of these and other factors may be considered somewhat subjective and amenable to modification...compliance officers or other authorized reviewers may add new rules, modify or remove existing rules, or otherwise tailor the methodology for determining license distance based on learned experience or other factors (0111).
	The Examiner asserts it would be obvious to one of ordinary skill in the art to generate one or more predefined rules as related to accepting or rejecting an OSS component based on an analysis of OSS component issues.

	Regarding claims 5 and 10, the combination of Weigert, Sass, and Sahoo teaches the limitations of claims 4 and 9. The Examiner notes claim 1 and claim 6 comprise generating a comprehensive report (R5) based on the OSS compliance analyses. The Examiner notes a comprehensive report may be interpreted as comprising reports on different issues. 
	Weigert further discloses:
	wherein generating the comprehensive report (R5) comprises: 
	combining the first report (R1), the second report (R2), the third report (R3) and the fourth report (R4); and 
	computing the final attribute wherein the final attribute is "Y" or "N" for each of the one or more OSS components in the product based on the one or more pre-defined rules corresponding to approving or rejecting of the OSS component respectively and wherein a AMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 6"Y" for all of the one or more OSS components in the product is indicative of compliance with the attributes of each of the one or more OSS components comprised therein.  
	[Additional Attributes: Provides extensibility where additional attributes may be defined to describe the license… The additional attributes may be defined as Boolean variables to provide a simple binary setting (e.g., Y/N, 1/0, etc.), and in one implementation, the setting for the attributes may optionally be permitted to remain undefined. In one implementation, additional attributes may be phrased as questions that can be answered from the license text (0035, 0055; see also 0015, 0023, 0059, 0060, 0066, 0113)]
Claims 12 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Weigert, U.S. patent Application Publication 20100241469, in view of Sass, U.S. patent Application Publication 20160202972, in view of Sahoo, U.S. patent Application Publication 20130254744, and further in view of Powell, U.S. patent Application Publication 20050216898.
Regarding claim 12 and claim 13, the combination of Weigert, Sass, and Sahoo teaches or suggests the limitations of claims 12 and 13.
Regarding the remaining limitations:
further comprising intelligently creating a matrix by analyzing the one or more OSS components to further identify at least one OSS component to beAMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 11 compiled in a final deliverable, wherein the analysis of the one or more components enables checking of inter-license compatibilities, compliance and distribution of the final deliverable and wherein checking of inter-license compatibilities ensures that the one or more OSS components retain in the final deliverable.  
	The Examiner notes the language in bold, above, is taught in addressing the substantially similar limitations of claims 1 and 6. While Sahoo further discloses an intelligent query module (0017), and Sass discloses programmable logic circuitry and programmable logic arrays (0100), the combination of Weigert, Sass, and Sahoo does not appear to explicitly recite the use of a matrix.
However, Powell — which is directed to a system for software source code comparison — discloses (while additional portions of the claim limitations are included to provide context and support the motivation and rationale to combine the cited prior art, note the portion in italics/bold is what has not explicitly been addressed and/or what is being addressed):
further comprising intelligently creating a matrix by analyzing the one or more OSS components to further identify at least one OSS component to beAMENDMENT AND RESPONSE UNDER 37 C.F.R § 1.111Page 11 compiled in a final deliverable, wherein the analysis of the one or more components enables checking of inter-license compatibilities, compliance and distribution of the final deliverable and wherein checking of inter-license compatibilities ensures that the one or more OSS components retain in the final deliverable.  
	[The present invention relates to data object comparison and analysis, and in particular to software for comparing two or more data objects to determine the extent of any similarities between them (0003; see also 0006, 0016); The system of the present invention models the conditional probability that two (or more) corpuses have a similar combination of characteristics. For example, the two corpuses may be software source code bases composed of source code files, structured or unstructured documents, patents, or technical disclosures. The characteristics analyzed may be the structure and content of those code bases and source code files (0032; see also 0034, 0035); any data object or file object will contain some inherent structure that organizes the content stored within it. Thus, it is possible for two corpuses such as source code files, for example, to have both similar structure and content, different structure and content, similar structure with different content, or different structure with similar content. A two-by-two matrix showing the possible scenarios is illustrated in FIG. 1 (0045); FIG. 4 illustrates a sample correlation matrix according to an aspect of a first exemplary embodiment of the present invention (0029)] The disclosure describes a matrix showing possible scenarios and a correlation matrix in the context of comparison and analysis of software source code bases composed of source code files.
Weigert teaches a system and method for automating software due diligence. Sass teaches a system and method for checking open source usage. Sahoo teaches a system and method for verifying compatibility among software components, more particularly open source software. Powell teaches a system for software source code comparison. As such, each of the cited prior art are in the field of Applicant’s endeavor and/or are reasonably pertinent to the particular problem with which Applicant was concerned.
The difference between Sahoo and the combination of Weigert and Sass is that Sahoo discloses a matrix showing possible scenarios and a correlation matrix in the context of comparison and analysis of software source code bases composed of source code files.
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features of a matrix showing possible scenarios and a correlation matrix in the context of comparison and analysis of software source code bases composed of source code files (as taught by Powell), the features of one or more code snippets within source files (as taught by Sass) and the features of categorizing the received software components based on their licensing information, licensing information may include different categories of the software licenses such as strong copyleft license, weak copyleft license or permissive license, verifying compatibility among two or more software components of the developed or conceptualized software solution by dynamically tracing licensing information of the software components in relative to the pre-stored licensing information which are stored in the database, verification of the compatibility among the software components which are used in the developed or conceptualized software solution, and generating a report for the verified and compatible software components indicating OSS components may be dynamically linked from the solution based on the OSS components not being modified or the OSS components may be compiled along with the software solution based on the OSS components being modified (as taught by Sahoo) with the system and method for automating software due diligence (as taught by Weigert) in order to provide a system for comparing two corpuses to determine how they resemble one another (Powell 0016), model the conditional probability that two (or more) corpuses have a similar combination of characteristics (Powell 0032), provide a system, software, and methods for analyzing at least two corpuses and determining concepts contained in each and further determining the extent to which the corpuses contain concepts in common (Powell 0016), analyze and compare the corpuses in such a way that they may be preprocessed without affecting the comparison (Powell 0033), and compare the code against a database of open source code bases (Powell 0034, 0035).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
NPL:
Pavento, Michael S., A Practical Guide to Open Source Software, Kilpatrick Townsend & Stockton LLP Intellectual Property Desk Reference – 7th Edition, May 2015, https://kilpatricktownsend.com/Insights/Publications/2015/5/A-Practical-Guide-to-Open-Source-Software
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LANCE WILLIAM WHITE whose telephone number is (469)295-9109. The examiner can normally be reached Monday-Friday 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sarah Monfeldt can be reached on 571-270-1833. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/L.W.W./Examiner, Art Unit 3689                                                                                                                                                                                                        /SARAH M MONFELDT/Supervisory Patent Examiner, Art Unit 3689