DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment / Arguments
Regarding claims rejected under 35 USC 101:
Applicant’s arguments, in view of the amended claim language, have been fully considered and are persuasive.  Accordingly, the rejection has been withdrawn. 

Regarding claims rejected under 35 USC 112(b):
Applicant’s amendment is considered to have overcome the rejection.  Accordingly, the rejection has been withdrawn. 

Regarding claims rejected under 35 USC 103:
Applicant’s arguments, in view of the amended claim language, have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of “Towards Efficient, Multi-Language Dynamic Taint Analysis.”

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-7, 9-15, and 21-25 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by “Towards Efficient, Multi-Language Dynamic Taint Analysis,” hereinafter “Kreindl.”

Regarding claim 1, Kreindl discloses: A method comprising: determining that a first non-constant value of a first variable corresponding to a first variable node of an abstract syntax tree flows into a first operator node in the abstract syntax tree, wherein the abstract syntax tree is generated from source code; 
Refer to at least the second paragraph on page 86 and Figure 4 on page 89 of Kreindl with respect to an abstract syntax tree generated from code. Constant and non-constant values are tracked.
adding, to the abstract syntax tree between the first variable node and the first operator node, a first check taint node comprising functionality to: make a first taint status determination that the first non-constant value is tainted, return the first non-constant value to the first operator node, wherein the first operator node generates a first result value by executing a first operator using the first non-constant value, and convey the first taint status determination to a first set taint node; 
Refer to at least “Language-Independent Components” and Figure 2 in 3.2 on page 87 of Kreindl with respect to inserting nodes into the AST. A taint propagation node is inserted. Taint status is determined and propagated; taint labels are implemented.
adding, to the abstract syntax tree, the first set taint node between the first operator node and a parent node of the first operator node, wherein the first set taint node stores, based on the first taint status determination, the first result value in a first tainted object that identifies the first result value as tainted; 
Refer to at least “Language-Independent Components” and Figure 2 in 3.2 on page 87 of Kreindl with respect to inserting nodes into the AST. A computation node is inserted. The computation node computes a taint label and/or further implements taint propagation. Shadow memory may be allocated. 
Refer to at least paragraph 3 on page 88 of Kreindl with respect to a “taint extension [which] also implements the strategy to store and access taint labels within complex objects produced by the respective runtime, such as structured objects or arrays.”
executing the abstract syntax tree, wherein executing the abstract syntax tree comprises processing the first check taint node and the first set taint node; 
Refer to at least “Language-Independent Components” 3.2 on page 87 of Kreindl with respect to implementation “as the program executes.” 
and while executing the abstract syntax tree, performing, using the abstract syntax tree, a taint analysis of the source code to identify a vulnerability in the source code.
Refer to at least the introduction and motivation sections of Kreindl with respect to dynamic taint analysis for identifying vulnerabilities. 

Regarding claim 2, it is rejected for substantially the same reasons as claim 1 above (e.g., refer to “Language-Specific Components” and “Analysis-Specific Components” on pages 87-88 of Kreindl concerning storing and accessing taint labels within complex objects).

Regarding claim 3, Kreindl discloses: The method of claim 2, wherein the source code is represented in a first programming language, wherein the first operator node corresponds to an execution of a built-in operator implemented in a second programming language, and wherein the second programming language implements an interpreter for the first programming language.
Refer to at least the abstract, paragraph 2 in 3.3 on page 89, and 5.1 on pages 91-92 of Kreindl with respect to multi-language taint tracking.

Regarding claim 4, it is rejected for substantially the same reasons as claim 1 above (e.g., refer to at least “Analysis-Specific Components” on page 88 of Kreindl with respect to flags used as taint labels).

Regarding claim 5, Kreindl discloses: The method of claim 1, wherein executing the abstract syntax tree comprises  making, by the first check taint node, a decision to perform taint propagation based on applying a policy for the first operator, wherein the policy comprises a rule that has an input qualifier specifying when, based on the inputs to the first operator, to propagate a taint status of the inputs to results of the first operator.
Refer to at least “Analysis-Specific Components” on page 88 and paragraph 3 on page 90 of Kreindl with respect to policy for defining taint sources and sinks; policy concerning taint propagation. 

Regarding claim 6, it is rejected for substantially the same reasons as claim 1 above (e.g., inserting nodes as per “Language-Independent Components” and Figure 2), and further in view of section 4 on pages 90-91 of Kreindl concerning exemplary conversion of values. 

Regarding claim 7, Kreindl discloses: The method of claim 1, further comprising: observing that non-constant values of a second variable have been untainted during a series of executions of the abstract syntax tree; and in response to observing that the non-constant values of the second variable have been untainted, replacing a second check taint node, added for the second variable, with an empty instrumentation node that returns a non-constant value of the first variable to the first operator node without making a taint status determination.
Refer to at least sections 3.3-4 of Kreindl with respect to optimizing taint propagation; e.g., untainted and constant values.

Regarding independent claim 9, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., the citations).

Regarding claims 10-15, they are substantially similar to claims 2-7 above, and are therefore likewise rejected.

Regarding independent claim 21, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., the citations).

Regarding claims 22-25, they are substantially similar to claims 2-7 above, and are therefore likewise rejected.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432