Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1. This Office Action is in response to the amendment filed on 01/22/2026. Claims 1-20 are pending in this application. Claims 1, 9 and 17 are independent claims. This Office Action is made Final.
Claim Rejections - 35 USC § 101
2. 35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
3. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The independent claims 1, 9 and 17 are corresponding to one of four statutory categories including method, system, and product respectively under step 1.
The claims 1, 9 and 17 similarly recite “identifying, by at least one computer processor, dependency relationships among libraries in a repository of libraries; training, by at least one computer processor, at least one machine learning model that predicts with a confidence value a dependency between a given library and a target library, the training using the dependency relationships among libraries; creating, by at least one computer processor, an L layer tree-like graph, using the dependency relationships among libraries and an application package, wherein L is configurable; and executing, by at least one computer processor, the at least one machine learning model for each pair of nodes having a dependency relationship in the L layer tree-like graph, the at least one machine learning model identifying the dependency relationship with a confidence value, the executing of the at least one machine learning model determining versions of the libraries to use in the application package being programmed and compiled via the at least one computer processor, wherein pairs of nodes having largest confidence values are selected as the versions of the libraries to use in the application package”.
The limitation of the claims 1, 9 and 17 of “identifying, by at least one computer processor, dependency relationships among libraries in a repository of libraries” as a drafted is a mental process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind such as “identifying”. For example, a human may identify dependency relationships among libraries in a repository of libraries with a pen and paper or in a human mind. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea under Step 2A Prong I.
The limitation of the claims 1, 9 and 17 of “creating, by at least one computer processor, an L layer tree-like graph, using the dependency relationships among libraries and an application package, wherein L is configurable” as a drafted is a mental process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind such as “creating (designing)”. For example, a human may create an L layer tree-like graph, using the dependency relationships among libraries and an application package, wherein L is configurable with a pen and paper or in a human mind. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea under Step 2A Prong I.
The limitation of the claims 1, 9 and 17 of “the executing of the at least one machine learning model determining versions of the libraries to use in the application package being programmed and compiled via the at least one computer processor” as a drafted is a mental process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind such as “determining”. For example, a human may determine versions of the libraries to use in the application package busing machine learning model with a pen and paper or in a human mind. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea under Step 2A Prong I.
The limitation of the claims 1, 9 and 17 of “wherein pairs of nodes having largest confidence values are selected as the versions of the libraries to use in the application package” as a drafted is a mental process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind such as “selecting”. For example, a human may select pairs of nodes having largest confidence value as the versions of the libraries to use in the application package with a pen and paper or in a human mind. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea under Step 2A Prong I.
This judicial exception is not integrated into a practical application. In particular, the claims 1, 9 and 17 recite additional elements such as “training, by at least one computer processor, at least one machine learning model that predicts with a confidence value a dependency between a given library and a target library, the training using the dependency relationships among libraries”.
Examiner would like to point out that with the broad reasonable interpretation, this element amounts to apply it under MPEP § 2106.05(f): Mere Instructions to Apply an Exception, which does not impose any meaningful limits on practicing the mental process (insignificant additional element). Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to insignificant additional elements under Step 2A Prong 2 and Step 2B.
This judicial exception is not integrated into a practical application. In particular, the claims 1, 9 and 17 recite additional elements such as “executing, by at least one computer processor, the at least one machine learning model for each pair of nodes having a dependency relationship in the L layer tree-like graph, the at least one machine learning model identifying the dependency relationship with a confidence value”.
Examiner would like to point out that with the broad reasonable interpretation, this element amounts to apply it under MPEP § 2106.05(f): Mere Instructions to Apply an Exception, which does not impose any meaningful limits on practicing the mental process (insignificant additional element). Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to insignificant additional elements under Step 2A Prong 2 and Step 2B.
This judicial exception is not integrated into a practical application. In particular, the claims 2, 10 and 18 recite additional elements such as “wherein the at least one machine learning models includes at least one association rule model created via association rule learning”.
Examiner would like to point out that with the broad reasonable interpretation, this element
amounts to field of use under MPEP § 2106.05(h): Field of Use and Technological Environment, which
does not impose any meaningful limits on practicing the mental process. Accordingly, this additional
element does not integrate the abstract idea into a practical application because it does not impose any
meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea under Step 2A Prong 2 and 2B.
This judicial exception is not integrated into a practical application. In particular, the claims 3, 11 and 19 recite additional elements such as “wherein the application package forms a root of the L layer tree-like graph, libraries used in the application package form nodes of a first layer of the L layer tree-like graph, and libraries used in the nodes of the first layer form nodes of a second layer of the L layer tree-like graph, wherein a subsequent layer of the L layer tree-like graph is formed based on library uses in a prior layer of the L layer tree-like graph”.
Examiner would like to point out that with the broad reasonable interpretation, this element
amounts to field of use under MPEP § 2106.05(h): Field of Use and Technological Environment, which
does not impose any meaningful limits on practicing the mental process. Accordingly, this additional
element does not integrate the abstract idea into a practical application because it does not impose any
meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea under Step 2A Prong 2 and 2B.
The limitation of the claims 4, 12 and 20 of “the L layer tree-like graph is grown until a stop criterion is met” as a drafted is a mental process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind such as “growing [adding]”. For example, a human may add nodes and edges to the L layer tree-like graph until a stop criterion is met with a pen and paper or in a human mind. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea under Step 2A Prong I.
This judicial exception is not integrated into a practical application. In particular, the claims 5 and 13 recite additional elements such as “wherein the stop criterion includes that a number of reached L layers, where L is a preconfigured number”.
Examiner would like to point out that with the broad reasonable interpretation, this element
amounts to field of use under MPEP § 2106.05(h): Field of Use and Technological Environment, which
does not impose any meaningful limits on practicing the mental process. Accordingly, this additional
element does not integrate the abstract idea into a practical application because it does not impose any
meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea under Step 2A Prong 2 and 2B.
This judicial exception is not integrated into a practical application. In particular, the claims 6 and 14 recite additional elements such as “wherein the stop criterion includes that a library node being built as a leaf node has been used in a prior layer of the L layer tree-like graph”.
Examiner would like to point out that with the broad reasonable interpretation, this element
amounts to field of use under MPEP § 2106.05(h): Field of Use and Technological Environment, which
does not impose any meaningful limits on practicing the mental process. Accordingly, this additional
element does not integrate the abstract idea into a practical application because it does not impose any
meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea under Step 2A Prong 2 and 2B.
This judicial exception is not integrated into a practical application. In particular, the claims 7 and 15 recite additional elements such as “wherein the at least one machine learning model includes M machine learning models, each of which correspond to a group of the dependency relationships of the libraries, grouped according to a time stamp of use of the libraries”.
Examiner would like to point out that with the broad reasonable interpretation, this element
amounts to field of use under MPEP § 2106.05(h): Field of Use and Technological Environment, which
does not impose any meaningful limits on practicing the mental process. Accordingly, this additional
element does not integrate the abstract idea into a practical application because it does not impose any
meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea under Step 2A Prong 2 and 2B.
This judicial exception is not integrated into a practical application. In particular, the claims 8 and 16 recite additional elements such as “wherein each of the M machine learning models has an associated weight”.
Examiner would like to point out that with the broad reasonable interpretation, this element
amounts to field of use under MPEP § 2106.05(h): Field of Use and Technological Environment, which
does not impose any meaningful limits on practicing the mental process. Accordingly, this additional
element does not integrate the abstract idea into a practical application because it does not impose any
meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea under Step 2A Prong 2 and 2B.
Dependent claims 2-8, 10-16 and 18-20 are also similar rejected under same rationale as cited above wherein these claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. These claims are merely further elaborate the mental process itself or providing additional definition of process which does not impose any meaningful limits on practicing the abstract idea. Claims 2-8, 10-16 and 18-20 are also rejected for incorporating the deficiency of their independent claims 1, 9 and 17.
Reasons for Allowance
4. The following is an examiner’s statement of reasons for allowance: the prior-art, Yao (US PGPub 20200285488), in view of Soroush (US PGPub 20200053116), in view of Shi (US PGPub 20210209446), in view of Nagao (US Patent 11461079), and further in view of Bulut (US PGPub 20210075814) failed to disclose of a computer-implemented method comprising: identifying, by at least one computer processor, dependency relationships among libraries in a repository of libraries; creating, by at least one computer processor, at least one machine learning model that predicts with a confidence value a dependency between a given library and a target library, using the dependency relationships among libraries; creating, by at least one computer processor, an L layer tree-like graph, using the dependency relationships among libraries and an application package, wherein L is configurable; and determining, by at least one computer processor, versions of the libraries to use by running the at least one machine learning model for each pair of nodes having a dependency relationship in the L layer tree-like graph, the at least one machine learning model identifying the dependency relationship with a confidence value, wherein pairs of nodes having largest confidence values are selected as the versions of the libraries to use in the application package, as recited by the independent claim 1.
Regarding Claim 1, the closest prior-art found, Yao, Soroush, Shi, Nagao and Bulut discloses of a computer-implemented method comprising: identifying, by at least one computer processor, dependency relationships among libraries in a repository of libraries; creating, by at least one computer processor, at least one machine learning model that predicts with a confidence value a dependency between a given library and a target library, using the dependency relationships among libraries; creating, by at least one computer processor, an L layer tree-like graph, using the dependency relationships among libraries and an application package, wherein L is configurable; and determining, by at least one computer processor, versions of the libraries to use by running the at least one machine learning model for each pair of nodes having a dependency relationship in the L layer tree-like graph, the at least one machine learning model identifying the dependency relationship with a risk value.
Individually, Yao teaches that a determination is made of a dependency tree of dependency library files for an application to load into an application runtime environment. A determination is made as to whether a shared library repository includes all the dependency library files in the dependency tree. The shared library repository is updated to include any dependency library files not in the dependency tree of the application. Access is provided to the dependency library files in the shared library repository in the dependency tree in the application runtime environment. The application is started in the application runtime environment in response to providing access to the dependency library files in the application runtime environment.
Soroush teaches that the embodiments of the system described herein provide enhancements and improvements in the area of compositional security analysis via three key innovative contributions. First, the composed system is modeled using a multi-layer graph comprising: a dependency subgraph that captures the functional relationships among system components; a configuration subgraph that accounts for the relationships among configuration parameters within and across system components; and an attack subgraph containing the vulnerabilities induced by a given configuration and their dependencies in so far as they enable multi-step attacks. The composed system graph can be a multi-layer graph which merges three types of subgraphs, as depicted generally above in relation to FIG. 2 and specifically below in relation to FIGS. 5 and 6: (1) a dependency subgraph that captures functional dependencies amongst the components; (2) a vulnerability subgraph that captures the dependencies between vulnerabilities; and (3) a configuration subgraph that captures within-component and across-component configuration dependencies.
Shi teaches that in some embodiments of the present application, it is contemplated that a network node may be represented by a peripheral node, e.g., a network node of an i.sup.th layer in a graph neural network may be represented by its neighbor nodes, e.g., the node may be represented according to its association relationship (or dependency) with one or more nodes of its periphery. Further, nodes of each layer may be determined in the way of iteration, particularly layer-by-layer iteration, e.g., nodes of an (i+1).sup.th layer may be represented by nodes of the i.sup.th layer, and therefore the representations of nodes of each layer may be iteratively determined.
Nagao teaches that FIG. 5 is a schematic diagram of the dependency graph generated by the Maven based on the POM file 1 of FIG. 4. Since the libraries “libB” and “libC” are excluded from the library “libA” by the exclusion elements 1f and 1g as described above, the libraries “libB” and “libC” corresponding to child nodes of the library “libA” are not selected in the dependency graph 2.
Bulut teaches that system 400e can comprise a DevOps pipeline 428 that can comprise one or more stages 430a, 430b, 430c, 430d (denoted as Source Code (Git), Build, Test, and Deploy, respectively, in FIG. 4E). In an example, a developer can develop software codes and push (e.g., load, save, etc.) such codes (e.g., applications) into a repository (e.g., a database) at stage 430a. In this example, when such codes are in such a repository, compliance process risk assessment system 102 (e.g., via deep learning model 412, metric assignment component 108, and/or risk assignment component 110 as illustrated in FIG. 4E) can assign one or more risk scores associated with such codes based on one or more packages 432 (illustrated in FIG. 4E as a dependency graph) that can comprise libraries used by such codes. In this example, when such codes are in such a repository, compliance process risk assessment system 102 (e.g., via deep learning model 412, metric assignment component 108, and/or risk assignment component 110 as illustrated in FIG. 4E) can further assign one or more risk scores associated with such codes (e.g., applications) based on one or more internet security docker benchmarks 434 (illustrated in FIG. 4E as a dependency graph) that can comprise configuration requirements (e.g., technical check specifications (tech check specs)) that can be used by such codes in the repository.
However, the prior-art, Yao, Soroush, Shi, Nagao and Bulut failed to disclose the following subject matter such as “the at least one machine learning model identifying the dependency relationship with a confidence value in the L layer tree-like graph, wherein pairs of nodes having largest confidence values are selected as the versions of the libraries to use in the application package” for Claims 1, 9 and 17.
Therefore, the prior-art, Yao, Soroush, Shi, Nagao and Bulut failed to teach the method of claim 1, the product of claim 9 and the system of claim 17 as well as their dependent claims. Thus, claims 1-20 contain allowable subject matter.
5. Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Response to Arguments
6. Applicant's arguments regarding claims 1, 9 and 17 with their dependent claims have been fully considered but they are not persuasive.
Regarding the first argument w.r.t. 101 Abstract Idea rejection of the remark on page 8 that if the claims found to be judicial exception in Step 2B to evaluate whether the additional elements amount to significantly more than the judicial exception, the consideration is a well-understood, routine, conventional activity (WURC), the rejection should contain factual support for this conclusion, the examiner would like to point out that the support can come from MPEP examples/description, the applicant’s admitted specification (as in technical background) or prior art, the examiner provided the rationales from MPEP description such as mere data gathering/outputting/storing, apply it or field of use. Thus, the examiner has provided the factual support for the insignificant additional elements in the claim limitations.
Regarding the second argument w.r.t. 101 Abstract Idea rejection of the remark on page 9 that the amendment such as training a machine learning model and executing the machine learning model should not be considered as mental processes, which cannot be performed by a human mind and those features recite an improvement to technology under Step 2A, Prong 2, the examiner agrees that those specific amendment are rather considered as additional elements. However, they are determined to be not significantly more than judicial exception as they are considered as “apply it” based on MPEP section as provided by the rationale under 101 Abstract Idea rejection above. Thus, the examiner determined that the amendment would not suffice to overcome 101 Abstract Idea rejection.
Under the two requirements for Step 2A Prong 2, integrating a judicial exception into a practical application, 1) The specification should describe the claimed improvement to achieve the desired goal and 2) The claimed improvement should be reflected at least in the additional elements by specifying how the claimed improvement performs the additional element to improve functioning of a computer or existing technical field. The examiner still cannot see from the claim limitations that the claimed improvement is reflected in additional elements to achieve a desired goal such as “correcting libraries that fail or are not compatible to work together” or “avoid using conflicting or mismatching libraries in compiling of the code with those libraries” or “minimizing codes changes and rendering code development more efficient” as described by the applicant.
Thus, the examiner maintains the 101 Abstract Idea rejection over the amendment and the applicant’s arguments.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAE UK JEON whose telephone number is (571)270-3649. The examiner can normally be reached 10am-6pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached on 571-272-3721. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAE U JEON/Primary Examiner, Art Unit 2193