DETAILED ACTION
1. This action is responsive to an amendment filed on 10/14/2025.
2. Claims 1-20 are pending. Claims 1, 15 and 20 are independent and currently amended. The amendment has been entered.
Response to Arguments
3. Applicant cited paragraphs 44 and 67 of the Application Publication for supports for the Claim Amendments; however, after reviewing the, Examiners respectfully disagree that the cited paragraphs disclose “… a machine learning model selected from a plurality of machine learning models, wherein the machine learning model selected is specific to the purported contributor that was trained with past metadata exclusive to the purported contributor” as recited in the amended claims 1, 15 and 20. Paragraph 67 discloses “[T]he contribution can thus be evaluated according to historical metadata collected from the same purported contributor. A machine learning model can be used to compute the risk score for the contribution” (emphasis added); thus, at most, it only suggests that any machine learning model can be used but does not teach that “the machine learning model selected is specific to the purported contributor” (emphasis added) as recited in the amended claims. A matter of fact, nowhere does the Application Publication disclose or teach selection of a machine learning model specific to the purported contributor.
4. Applicant's arguments relating to art rejections have been fully considered; however, they are not persuasive based on new ground(s) of rejection.
Claim Rejections - 35 USC § 112
5. The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
6. Claim 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
The Applicant’s specification does not have supports for limitation “… a machine learning model selected from a plurality of machine learning models, wherein the machine learning model selected is specific to the purported contributor that was trained with past metadata exclusive to the purported contributor” as recited in the amended independent claims 1, 15 and 20. Therefore, independent claims 1, 15 and 20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. Accordingly, dependent claims 2-14 and 16-19 are also rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement based on their dependency of the rejected claims 1 and 15, respectively.
Claim Rejections - 35 USC § 103
7. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
8. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
9. Claims 1-6, 8, 9, 12-18 and 20 are rejected as being unpatentable over Sandhu (US PG Pub. 2021/0141718) in view of Kannan (US PG Pub. 2021/0012404).
As regarding claim 1, Sandhu discloses A computer-implemented method comprising:
receiving an indication of a request to publish a new code contribution to a code repository from a purported contributor, wherein the request comprises proposed source code [para. 16 and 30; receiving a pull request];
extracting request metadata from the request [para. 56 and 58-60; extracting current time of the code change from the pull request];
determining a risk score for the new code contribution, wherein determining the risk score comprises submitting the extracted request metadata to a machine learning model trained with past metadata of the purported contributor [para. 46 and 60; determining risk based on machine learning that has been trained on a set of training data indicating the code changes resulted in bugs or issues];
Sandhu does not explicitly disclose a machine learning model selected from a plurality of machine learning models, wherein the machine learning model selected is specific to the purported contributor that was trained with past metadata exclusive to the purported contributor. However, Kannan discloses it [para. 19 and 25-26; selecting a machine learning model that was trained with the past train dataset].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Sandhu’s metadata to further comprise Kannan’s selecting a machine learning model that was trained with the past train dataset so that the appropriate machine learning model would be used.
Sandhu further discloses determining a risk disposition of the request based on the risk score [para. 24 and 47-48; determining whether additional verification of the code change is required]; and
processing the request according to the risk disposition [para. 24 and 47-48; performing additional verification of the code change if a risk threshold is satisfied].
As regarding claims 2 and 18, Sandhu further discloses The method of claim 1, wherein: determining the risk disposition of the request comprises:
responsive to determining that the risk score exceeds a threshold, sending a notification to a security manager indicating that the new code contribution is determined to be risky [para. 24];
receiving an appraisal response from the security manager [para. 44]; and
responsive to an approved appraisal response from the security manager, publishing the new code contribution [para. 121].
As regarding claim 3, Sandhu further discloses The method of claim 2, wherein: the new code contribution is blocked from being added to a source code repository until it is approved [para. 52].
As regarding claim 4, Sandhu further discloses The method of claim 1, further comprising: responsive to receiving a rejection appraisal from a security manager user interface, notifying the purported contributor that the request was rejected via a secondary channel [para. 52].
As regarding claim 5, Sandhu further discloses The method of claim 1, wherein: the machine learning model is trained with past metadata from across a plurality of code hosting platforms or projects [para. 46 and 60].
As regarding claim 6, Sandhu further discloses The method of claim 1, wherein: the machine learning model is trained to recognize atypical metadata for the purported contributor [para. 95; developer risk is high because a lack of peer review interactions].
As regarding claim 8, Sandhu further discloses The method of claim 1, wherein: the request metadata comprises a timestamp of the request to publish the new code contribution to the code repository [para. 56].
As regarding claim 9, Sandhu further discloses The method of claim 1, wherein: the request metadata comprises presence of commit artifacts of the request to publish the new code contribution to the code repository [para. 17, 40 and 101-102].
As regarding claim 12, Sandhu further discloses The method of claim 1, wherein: the request metadata comprises a number of files of the request to publish the new code contribution to the code repository [para. 65].
As regarding claim 13, Sandhu further discloses The method of claim 1, wherein: the request metadata comprises a size of the new code contribution [para. 17 and 40].
As regarding claim 14, Sandhu further discloses The method of claim 1, wherein: the request metadata comprises an amount of documentation of the request to publish the new code contribution to the code repository [para. 17 and 20].
As regarding claim 15, Sandhu discloses A computing system comprising:
at least one hardware processor [para. 123-125];
at least one memory coupled to the at least one hardware processor [para. 123-125];
a source code repository of published code contributions [para. 16-17];
a machine learning model trained with request metadata of past observed requests to publish new code contributions to the source code repository to compute a risk score [para. 46 and 60]; and
one or more non-transitory computer-readable media having stored therein computer-executable instructions that, when executed by the computing system, cause the computing system [para. 129] to perform:
receiving a request to publish a new code contribution to the source code repository from a purported contributor, wherein the request comprises proposed source code and request metadata [para. 16 and 30; receiving a pull request];
extracting the request metadata from the request [para. 56 and 58-60; extracting current time of the code change from the pull request];
determining a risk score for the new code contribution, wherein computing the risk score comprises submitting the request metadata to the machine learning model, wherein the machine learning model is trained with past metadata of the purported contributor [para. 46 and 60; determining risk based on machine learning that has been trained on a set of training data indicating the code changes resulted in bugs or issues];
determining a disposition of the request based on the risk score [para. 24 and 47-48; determining whether additional verification of the code change is required]; and
processing the request according to the disposition [para. 24 and 47-48; performing additional verification of the code change if a risk threshold is satisfied].
Sandhu does not explicitly disclose a machine learning model selected from a plurality of machine learning models, wherein the machine learning model selected is specific to the purported contributor that was trained with past metadata exclusive to the purported contributor. However, Kannan discloses it [para. 19 and 25-26; selecting a machine learning model that was trained with the past train dataset].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Sandhu’s metadata to further comprise Kannan’s selecting a machine learning model that was trained with the past train dataset so that the appropriate machine learning model would be used.
As regarding claim 16, Sandhu discloses The system of claim 15, further comprising: a user interface configured to present a risk assessment alert to a security manager responsive to detecting that the risk score computed by the machine learning model for the request to publish the new code contribution exceeds a threshold [para. 24].
As regarding claim 17, Sandhu discloses The system of claim 16, wherein: the threshold is configurable by the security manager [para. 45].
As regarding claim 20, Sandhu discloses One or more non-transitory computer-readable media comprising computer-executable instructions that, when executed by a computing system, cause the computing system to perform operations comprising:
receiving an indication of a request to publish a new code contribution to a source code repository from a purported contributor, wherein the request comprises proposed source code and request metadata [para. 16 and 30; receiving a pull request];
extracting the request metadata from the request [para. 56 and 58-60; extracting current time of the code change from the pull request];
determining a risk score for the new code contribution, wherein computing the risk score comprises submitting the request metadata to a machine learning model trained with past metadata of the purported contributor [para. 46 and 60; determining risk based on machine learning that has been trained on a set of training data indicating the code changes resulted in bugs or issues];
determining a disposition of the request based on the risk score [para. 24 and 47-48; determining whether additional verification of the code change is required]; and
processing the request according to the disposition [para. 24 and 47-48; performing additional verification of the code change if a risk threshold is satisfied];
wherein: determining the disposition of the request comprises:
responsive to determining that the risk score exceeds a threshold, sending a notification to a security manager indicating that the new code contribution is determined to be risky [para. 24];
receiving an appraisal response from the security manager [para. 44]; and
responsive to an approved appraisal response from the security manager, publishing the new code contribution [para. 121]; and
based on the risk score, the new code contribution is blocked from being added to the source code repository until the new code contribution is approved [para. 52].
Sandhu does not explicitly disclose a machine learning model selected from a plurality of machine learning models, wherein the machine learning model selected is specific to the purported contributor that was trained with past metadata exclusive to the purported contributor. However, Kannan discloses it [para. 19 and 25-26; selecting a machine learning model that was trained with the past train dataset].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Sandhu’s metadata to further comprise Kannan’s selecting a machine learning model that was trained with the past train dataset so that the appropriate machine learning model would be used.
10. Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Sandhu (US PG Pub. 2021/0141718) in view of Kannan (US PG Pub. 2021/0012404) and further in view of Kraus (US PG Pub. 2020/0285737).
As regarding claim 7, Sandhu and Kannan do not explicitly disclose metadata comprising IP address. However, Kraus discloses it [para. 286].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Sandhu and Kannan’s metadata to further comprise IP address of the user, as disclosed by Kraus, as an alternative metadata.
11. Claims 10 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Sandhu (US PG Pub. 2021/0141718) in view of Kannan (US PG Pub. 2021/0012404) further in view of Soldano (US PG Pub. 2024/0012637).
As regarding claim 10, Sandhu and Kannan do not explicitly disclose metadata comprising a programming language of the new code contribution. However, Soldano discloses it [para. 20 and 45].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Sandhu and Kannan’s metadata to further comprise programming language, as disclosed by Soldano, to indicate a specific computer language associated with the code change.
As regarding claim 11, Sandhu, Kannan and Soldano further disclose The method of claim 1, wherein: the request metadata comprises a human language of the request to publish the new code contribution to the code repository [Soldano para. 31-32].
12. Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Sandhu (US PG Pub. 2021/0141718) in view of Kannan (US PG Pub. 2021/0012404) in view of Kraus (US PG Pub. 2020/0285737) and further in view of Soldano (US PG Pub. 2024/0012637).
As regarding claim 19, Sandhu further discloses The system of claim 15, wherein: the machine learning model is trained to recognize atypical metadata for the purported contributor [para. 95; developer risk is high because a lack of peer review interactions]; and
the request metadata comprises:
a timestamp of the request to publish the new code contribution to the source code repository [para. 56]; and
a size of the new code contribution [para. 17 and 40].
Sandhu and Kannan do not explicitly disclose metadata comprising IP address. However, Kraus discloses it [para. 286].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Sandhu and Kannan’s metadata to further comprise IP address of the user, as disclosed by Kraus, as an additional metadata.
Sandhu and Kannan do not explicitly disclose metadata comprising a programming language of the new code contribution and a human language of the request to publish the new code contribution. However, Soldano discloses it [para. 20 and 45; programming language || para. 31-32; comments in human language].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Sandhu and Kannan’s metadata to further comprise programming language and human language, as disclosed by Soldano, as additional metadata.
Conclusion
Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG P TRUONG whose telephone number is (571)270-7905. The examiner can normally be reached on M-F 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 57127267986798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THONG TRUONG/
Examiner, Art Unit 2433
/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433