Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is responsive to Request for continued Examination submitted on 1/23/2026. Claims 1, 4, 7, 13 are amended. Claim 3 is previously cancelled. Consequently, claims 1, 2, 4-18 are pending examination.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1, 2, 4-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
Claim(s) 1 is/are drawn to a method, claim 7 is drawn to a program product, and claim(s) 13 is drawn to data processing system. As such, claims 1, 7, and 13 are drawn to one of the statutory categories of invention.
Claims 1, 2, 4-18 are directed to testing code by recovery path, monitoring responses, and reporting potential security vulnerabilities. Specifically, the claims recite list the claim limitations that recite the abstract idea, which is grouped within the Mathematical Concepts and is similar to the concept Methods Of Organizing Human Activity and is similar to the concept of (fundamental economic principles or practices including hedging insurance, mitigating risk) OR (commercial or legal interactions including agreements in the form of contracts, legal obligations, advertising, marketing or sales activities or behaviors business relations OR (managing personal behavior or relationships or interactions between people including social activities teaching, and following rules or instructions) OR Mental Processes and is similar to the concept of (concepts performed in the human mind (including an observation, evaluation, judgement, opinion) grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)). Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
Step 2A, Prong One, the claims are directed to an abstract idea. The claim recite a processor executing a code testing service and a program under test, the program under test including at least one main execution path and a recovery path different from the main execution path, the recovery path contained in the program under test prior to performing an interrupt operation, wherein the executing includes: the code testing service controlling the processor to force execution of the recovery path in the program under test; the program under test generating program checks, resulting in notifications of program checks regarding the recovery path; the processor processing the notifications by executing a code monitor to detect potential security vulnerabilities in the recovery path of the program under test; and the code monitor commanding the processor to generate and store a report of the potential security vulnerabilities in the program under test, wherein forcing the recovery path includes: executing, via the processor, the at least one main execution path in the program under test; generating an interrupt command configured to perform the interrupt operation to interrupt execution of the processor and delivering the interrupt command to the processor; and in response to receiving the interrupt command, controlling the processor to interrupt the execution of the at least one main execution path, and controlling the processor to force the execution of the recovery path in the program under test.
These limitations fall within the category of mental processes and methods or organizing human activity. Specifically, testing and analysis which are judicial exceptions. Detecting potential security vulnerabilities and reporting them are conventional data processing tasks often done mentally or by abstract logic and do not improve the functioning of the computer or any technology.
Step 2A, Prong Two, the claims do not integrate the abstract idea into a practical application. The claims recite generic computer components such as a processor, a code monitor. The use of these components is merely to implement the abstract idea of code testing and vulnerability detection. There is no improvement to computer technology or another technical field. The claimed steps do not require any specific technological environment or unconventional use of technology. Furthermore, the additional limitations in the dependent claims such as using timer or trigger an interrupt, limiting frequency or count, are standard control mechanism that are well understood, routine and conventional in software testing.
2B, the claims do not recite an inventive concept that transforms the abstract idea into patent eligible application. The additional elements are generic and perform conventional functions. The claims simply implement the abstract idea of triggering, monitoring and reporting vulnerabilities using conventional functions. Therefore claims 1, 2, 4-18 are rejected under 35 U.S.C. 101 as being directed to an abstract idea without significantly more.
Response to Arguments
Applicant's arguments filed regarding - 35 USC § 101 have been fully considered but they are not persuasive. The arguments are presented below:
Improvement to “Technology” argument.
Response: the applicant has not identified what specific technology is improved or how it is improved. The claims are directed to software testing. Forcing error paths to run and checking for problems. This testing methodology itself is the abstract idea, not a separate technology being improved. The claims do not improve how computers perform testing through any new technical method. They simply use generic computer components to implement a known testing approach.
Technological problem/solution argument.
Response: The alleged problem is that recovery paths may contain undetected vulnerabilities. The alleged solution is to force execution of those paths and monitor them. This is logical testing approach, not a technological innovation. The problem (untested code paths) and solution (make them run and observe) could apply to any testing scenario, even manual code review. The claims use conventional computer operations without any technical modification to how computers function.
Tangible outcome Argument.
A report to vulnerabilities is simply information from data analysis. Having tangible output does not make the claim patent eligible.
Detecting security vulnerabilities and reducing cybersecurity risks is certainly a useful and desirable result. However, achieving a use file result does not make an abstract idea patent eligible. Many abstract ideas produce valuable outcomes, such as hedging financial risk (rejected in Bilski), Detecting credit card fraud (rejected in Cybersource) and Organizing business information (rejected in Alice).
The test is not whether the claimed invention solves an important problem, but whether it does so using patent eligible subject matter. The claims recite, running code, monitoring what happens, analyzing for problems and generating a repot. This is collecting, analyzing and reporting data, which are activities that are held abstract even when they address problems like cybersecurity. The cyber security context is simply the technological environment is which the abstract testing method is applied. Merely limiting an abstract idea to a particular field of use does not make it patent eligible. In conclusion detecting vulnerabilities is important, the claims remain directed to abstract idea of software testing applied to the cybersecurity filed. The tangible outcome of identifying vulnerabilities is simply information resulting from conventional data processing operations.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. (see PTO 890).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARGON N NANO whose telephone number is (571)272-4007. The examiner can normally be reached 7:30 AM-3:30 PM. M.S.T..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached at 571 272 3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SARGON N NANO/Primary Examiner, Art Unit 2443