Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/19/2022 has been entered.
 
Response to Arguments

Applicant’s arguments with respect to claim(s) 1-3, 5-9, 11-15, 17-18 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2, 5, 7-8, 11, 13-14, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Joyce (US 2021/0037018) in view of Cseri (US 10,628,244) further in view of Gataullin (US 2014/0317454) further in view of Manadhata (US 2016/0142632)



Regarding Claim 1,

Joyce (US 2021/0037018) teaches a method for managing custom code within a data computing platform comprising: 
determining that a request for one or more uniform resource identifiers external to the data computing platform is being made by custom code executing in the data computing platform (Paragraph [0033-0034] teaches determining a request for a URL (i.e. Uniform Resource Identifier) made by a client API request (i.e. custom code)); 
in response to the determination, checking a whitelist of allowable external uniform resource identifiers against the requested one or more uniform resource identifiers;
 and allowing access to the requested one or more uniform resource identifiers if a match is detected with the whitelist (Paragraph [0035] teaches checking an API whitelist to determine if the URL paths of the API requests are allowed)(Paragraph [0036] teaches allowing access by the code to the target resource);, otherwise preventing access by the custom code to the requested one or more uniform resource identifiers (Paragraph [0040] teaches negative determination means the API request is rejected) wherein the method is performed using one or more processors.
Joyce does not explicitly teach checking a blacklist of uniform resource identifiers external to the data computing platform; and denying access by the custom code to a whitelisted uniform resource identifier if the whitelisted uniform resource identifier is on the blacklist;
Cseri (US 10,628,244) teaches checking a blacklist of uniform resource identifiers external to the data computing platform (Col. 8, lines 11-14, teaches creating a blacklist of impermissible URLs)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the whitelist system of Joyce to include a blacklist and the results would be predictable (i.e. there would be a whitelist with permissible URLs and a blacklist with impermissible URLs)
Gataullin (US 2014/0317454) teaches and denying access a whitelisted identifier if the whitelisted identifier is on the blacklist (Paragraph [0141] teaches a blacklist may override a whitelist)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the whitelisted and blacklisted uniform resource identifiers of Joyce and Cseri to include denying access if a whitelisted identifier is on the blacklist as taught in Gataullin
The motivation is to give the blacklist “priority” over the whitelist (Paragraph [0141])
Joyce, Cseri and Gataullin do not explicitly teach a blacklist of uniform resource identifiers per registered organizational level
Manadhata (US 2016/0142632) teaches a blacklist of uniform resource identifiers per registered organizational level (Paragraph [0011-0012] teaches organizations construct their own blacklists…resources identified for a blacklist based on analysis of resource identifiers such as uniform resource identifiers (URIs)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Joyce, Cseri, Gataullin with the blacklist per registered organizational level as taught by Manadhata 
The motivation is so “organizations can identify malicious resources for inclusion on blacklists” (Paragraph [0012] of Manadhata)

Regarding Claim 2,

Joyce, Cseri, Gatullin, and Manadhata teaches the method of claim 1. Joyce teaches wherein the determining that the request for the one or more uniform resource identifiers external to the data computing platform is being made by custom code comprises employing a proxy server to intercept the request for the one or more uniform resource identifiers external to the data computing platform (Figure 1, teaches API gateway as the proxy server)

Regarding Claim 5,

Joyce, Cseri, Gatullin, and Manadhata teaches the method of claim 1. Joyce teaches wherein the whitelist comprises data representing that a data set can be accessed by the requested one or more external uniform resource identifiers (Paragraph [0035] teaches checking an API whitelist to determine if the URL paths of the API requests are allowed).

Regarding Claims 7-8, 11, 

Claims 7-8, 11 are similar in scope to Claims 1-2, 5 and are rejected for a similar rationale.

Regarding Claims 13-14, 17, 

Claims 13-14, 17 are similar in scope to Claims 1-2, 5 and are rejected for a similar rationale.


Claim 3, 9, 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Joyce (US 2021/0037018) in view of Cseri (US 10,628,244) further in view of Gataullin (US 2014/0317454) and Manadhata in view of Quong (US 2014/0283109)


Regarding Claim 3,

Joyce, Cseri, Gatullin, and Manadhata teaches the method of claim 1. Joyce teaches the allowable uniform resource identifiers being approved to be accessed by the custom code during execution of the custom code (Paragraph [0035] teaches checking an API whitelist to determine if the URL paths of the API requests are allowed
 but does not explicitly teach further comprising, the manifest file including the whitelist that lists the allowable uniform resource identifiers that are external to the data computing platform,
Quong (US 2014/0283109) teaches a manifest file including the whitelist that lists the allowable uniform resource identifiers that are external to the data computing platform (Paragraph [0037] teaches a resource manifest may be a URI whitelist)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Joyce to include a manifest file including a whitelist and the results would be predictable (i.e. a manifest file would include a whitelist)
While Quong teaches a linking a manifest file with an application resource (Figure 4, 410) Quong does not explicitly teach linking a manifest file to a project identifier related to the custom code
It would have been obvious to one of ordinary skill to include a project identifier in the manifest file on Quong and the results would be predictable (i.e. manifest file 410 would include a project identifier)

Regarding Claim 9, 15

Claim 9, 15 are similar in scope to Claim 3 and is rejected for a similar rationale.

Claim 6, 12, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Joyce (US 2021/0037018) in view of Cseri (US 10,628,244) further in view of Gataullin (US 2014/0317454) and Manadhata in view of Alexander (US 2012/0191855)


Regarding Claim 6,

Joyce, Cseri, Gatullin, and Manadhata teaches the method of claim 1 but does not explicitly teach comprising providing through the data computing platform, a user interface configured to allow generation of a default whitelist on a per custom code basis and configured to allow changes to the default whitelist.
Alexander (US 2012/0191855) teaches a user interface configured to allow generation of a default whitelist on a per custom code basis and configured to allow changes to the default whitelist (Paragraph [0055] teaches a default whitelist which may be changed and overridden by users).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Joyce with the generation and modification of the default whitelist as taught by Alexander 
The motivation is to adjust the whitelist for users according to their particular circumstances (Paragraph [0055])

Regarding Claim 12, 18

Claim 12, 18 are similar in scope to Claim 6 and is rejected for a similar rationale.



Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HARRIS C WANG/Primary Examiner, Art Unit 2439