DETAILED ACTION
Claims 1-17 and 19-21 are pending in the present application. Claims 1, 3, 6, 7, 8, 10, 13, 14, 15, and 19 were amended, claim 18 was cancelled, and claim 21 was added in the response filed 11 October 2022.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-14 and 21 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding independent claims 1 and 8, the limitation “cause an error” is vague and unclear. The disclosure appears to describe sending an error. Note support for this feature can be found at paragraph 0041.
Claims 2-7, 9-14 and 21 are rejected based on dependency.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claim(s) 1-17, and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over Luo et al. US Patent 8,826,421 B2 in view of Gupta US Patent 10,447,730 A1.

Regarding claim 1, Luo et al. teaches the following:
A method for validating input requests, [note: Abstract, “a computing device provides security rules subset of a server-side protection element to a pre-validation component deployed at a client side”] the method comprising: 
receiving, by one or more computing devices, a first validation request from a client device, wherein the first validation request includes a first set of elements of a first request to be executed on a database [note: Figure 4 (11) client browser, (110) pre-validation component, (103) validation means; column 4 lines 15-27 “sending a user’s HTTP request to and receiving a corresponding response from an application server” validating an input value ]; 
generating, by the one or more computing devices, a first data object including the first set of elements included in the first validation request [note: column 5 lines 25-58, example security rules for security protection means to perform various actions ]; 
validating, by the one or more computing devices, the first data object based on identifying whether the first data object includes one or more restricted characters, wherein an identification of the one or more restricted characters would cause an error in the validation of the first data object [note: column 5 line 58 through column 6 line 5, pre-validation];
 	transmitting, by the one or more computing devices, a first response to the client device, the first response including a first validation result of the first data object; receiving, by the one or more computing devices, from a server, a second validation request including a second set of elements of a second request to be executed on the database, wherein the second request mirrors the first request [note: column 5 lines  26-51 means for defining policy and security validation schemes ]; 
generating, by the one or more computing devices, a second data object including the second set of elements included in the second validation request [note: column 5 lines 52- column 6 line 5 ]; 
validating, by the one or more computing devices, the second data object based on identifying whether the first data object includes the one or more restricted characters, wherein an identification of the one or more restricted characters would cause an error in the validation of the second data object; transmitting, by the one or more computing devices, a second response to the server, the second response including a second validation result of the second data object; and wherein in response to successfully validating the second data object, the server executes the second request on the database [note: column 5 lines  26-51 means for defining policy and security validation schemes ].
Although Luo et al. teach the invention as cited they do not explicitly teach one or more devices, mirroring, restricting characters as cited; however, Gupta further describes implementing a combination of devices in a network for validation, mirroring the performance of each, and various means for checking request/queries for validation [note: Figure 4A (426) mirroring performance of each process; column 2 lines 12-49 “check if the captured web request matches a valid web request”; column 3 lines 7-37 “system and methods for identifying valid data types…”, for one or more parameters; column 10 line 35 through column 11 line 13, “determine valid data type”; column 27 line 54 through column 28 line 21 digital processing infrastructure includes client computer(s) devices and server computer(s) and a combination of network(s). column 17 line 28 through column 18 line 40, “504 to determine whether the request is in the correct format … correct length”, additional checks may include determining correspondence with a reference table for allowed data elements]. It would have been obvious to one of ordinary skill at the time of the effective filing date to have combined the cited references since they are both directed toward validation of data entries. Gupta further describes how the system may be extended to a combination of sources within multiple networks.

Claim 2: The method of claim 1, wherein a framework of the database validates the second set of elements of the second request prior to processing the second request  [note: Luo et al., column 5 lines  26-51 means for defining policy and security validation schemes ].

Claim 3: The method of claim 1, wherein the validating comprises validating the first data object and the second data object based on a set of rules associated with the first or second set of elements  [note: Luo et al., column 5 lines  26-51 means for defining policy and security validation schemes ].

Claim 4: The method of claim 1, further comprising identifying, by the one or more computing devices, a security breach in response to failing to validate the first or second set of elements  [note: Luo et al., column 5 lines  26-51 means for defining policy and security validation schemes ].

Claim 5: The method of claim 1, wherein the first request and the second request include a string input  [note: Luo et al., Figure 3 see flow chart steps s306 and s308 ].

Claim 6: The method of claim 5, further comprising: generating, by the one or more computing devices, an error message to be included in the first response in response to the first validation result indicating a failure to validate the first data object, wherein the error message includes a reason for the failure; causing, by the one or more computing devices, the client device to display the error message and the string input with a visual effect of highlighting the error message  [note: Luo et al., Figure 3 see flow chart step s309; Luo et al. is directed toward resolving a technical solution  and performing actions in response to detecting a violation, see abstract, and column 10 lines 41-58; further Gupta teach the data types defined for a request include a string, see column 18 lines 54-60; Gupta also provides means for notifications in response to analysis (i.e. error messages), see column 21 lines 17-21 analysis engine sends notifications ].

Claim 7: The method of claim 1, further comprising identifying, by the one or more computing devices, a solution to resolve the error in the validation of the first data object or the second data object, in response to failing to validate the first or second set of elements using a machine-learning algorithm; and transmitting, by the one or more computing devices, the solution to the client device or the server  [note: Luo et al., column 5 lines  26-51 means for defining policy and security validation schemes; column 6 lines 34-64 problem solved through pre-validation component ].

Regarding claim 21: “receiving a solution to resolve the error in the validation of the first data object; and learning, by a learning engine, the received solution to resolve the error, wherein learning engine is configured to provide the received solution … [note: Luo et al., column 5 lines  26-51 means for defining policy and security validation schemes; column 6 lines 34-64 problem solved through pre-validation component; and Gupta teach the data types defined for a request include a string, see column 18 lines 54-60; Gupta also provides means for notifications in response to analysis (i.e. error messages), see column 21 lines 17-21 analysis engine sends notifications ].
The limitations of claims 8-14 parallel claims 1-7 above, therefore they are rejected under the same rationale.

Regarding Claim 15, Luo et al. teaches the following:
 	A non-transitory computer-readable medium having instructions stored thereon, execution of which, by one or more processors of a device, cause the one or more processors to perform operations [note: Figure 4; column 11 lines 1-16 ] comprising: 
receiving a query from a server, wherein the query adds or modifies an input into a database [note: column 7 lines 40-67 means for defining script to define modifications such as add, delete, etc. through JAVA script ]; 
mapping the input to a field in the database [note: column 2 lines 50-54, “in response to an on Property Change event in an input field, the pre-validation component validates security of the input” on the client side based on the rule ]; 
retrieving attributes associated with the field to which the input is to be mapped from a property in a database file [note:  column 9 lines 52-59 performs input validation to the request ]; 
validating the input based on both identifying whether input includes the one or more restricted characters and based on the attributes about the field [note: column 10 lines 14-46, “validation means 103 in the protection means 10 validates all user input values in the HTTP request from the user…” ]; 
in response to successfully validating the input: processing the query; in response to failing to validate the input: transmitting an exception to the server  [note:  column 10 lines 14-46, validation means].
Although Luo et al. teach the invention as cited they do not explicitly teach one or more processors of a device to perform processes; however Gupta further describes implementing a combination of devices in a network for validation [note: Figure 4A (426) mirroring performance of each process; column 2 lines 12-49 “check if the captured web request matches a valid web request”; column 3 lines 7-37 “system and methods for identifying valid data types…”, for one or more parameters; column 10 line 35 through column 11 line 13, “determine valid data type”; column 27 line 54 through column 28 line 21 digital processing infrastructure includes client computer(s) devices and server computer(s) and a combination of network(s). It would have been obvious to one of ordinary skill at the time of the effective filing date to have combined the cited references since they are both directed toward validation of data entries. Gupta further describes how the system may be extended to a combination of sources within multiple networks.

Claim 16: The non-transitory computer-readable medium of claim 15, wherein the database file defines a framework of the database  [note: column 11 lines 1-16 various hardware embodiments ].

Claim 17: The non-transitory computer-readable medium of claim 15, the operations further comprising adding the exception in a log file  [note: Luo et al.,   column 7 lines 40-67 means for defining script to define modifications such as add, delete, etc. through JAVA script ]; 

Claim 19: The non-transitory computer-readable medium of claim 15, wherein the attributes include type of data, length, permitted characters, and restricted characters  [note: Gupta, column 2 lines 61-64 identifying valid data types; column 12 lines 7-10 check the length].

Claim 20: The non-transitory computer-readable medium of claim 19, the operations further comprising: identifying the data type, length, and characters of the input; and comparing the data type, length, and characters of the input against the attributes associated with the field  [note: Gupta, column 2 lines 61-64 identifying valid data types; column 12 lines 7-10 check the length].

Response to Arguments
Applicant's arguments filed 11 October 2022. have been fully considered but they are not persuasive. 
In the remarks the following was argued:
ARGUMENT: The independent claims have been amended to include reference to identifying restricted characters, while Gupta teaches “a valid data type”, they do not teach identification of restricted characters as recited by the claim limitation. Gupta does not use the term character. Luo et al. does not make up for this deficiency.
RESPONSE: The examiner respectfully maintains the prior art rejection. Note, Luo et al. teach validating requests and performing actions in response to detecting a violation, abstract. Gupta further describes implementing a combination of devices in a network for validation, mirroring the performance of each, and various means for checking request/queries for validation [note: Figure 4A (426) mirroring performance of each process; column 2 lines 12-49 “check if the captured web request matches a valid web request”; column 3 lines 7-37 “system and methods for identifying valid data types…”, for one or more parameters; column 10 line 35 through column 11 line 13, “determine valid data type”; column 27 line 54 through column 28 line 21 digital processing infrastructure includes client computer(s) devices and server computer(s) and a combination of network(s). column 17 line 28 through column 18 line 40, “504 to determine whether the request is in the correct format … correct length”, additional checks may include determining correspondence with a reference table for allowed data elements].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Note attached form PTO-892.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to GRETA ROBINSON whose telephone number is (571)272-4118. The examiner can normally be reached Mon.-Fri. 9:30AM-6:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Usmaan Saeed can be reached on 571-272-4046. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/GRETA L ROBINSON/Primary Examiner, Art Unit 2169