DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is responsive to communications filed on December 30, 2025.
Claims 1, 3, 11, 13, 14 and 20 have been amended.
Claims 1-20 have been examined and are pending.
Allowable Subject Matter
Claims 2, 3, 12 and 13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Response to Amendments
In view of Applicants' amendments, the objection to the claims is withdrawn.
Response to Arguments
Applicants have argued the cited art does not teach or suggest certain amended features recited by the independent claims (Remarks, pages 9-11). Applicants' arguments have been fully considered but are moot in view of the new ground(s) of rejection set forth below.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 11 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190065155 A1 - hereinafter "Varadarajan", in view of JP 2019500676 A (machine translation) - hereinafter "Jackson".
With respect to claim 1, Varadarajan teaches,
A method, comprising: - "Some of the disclosed techniques can be implemented to provide a web application builder framework in a database system. A collection of reusable components (“web application builder components”) can be presented on a reusable, configurable canvas or user interface for creating “application builders”, i.e., tools that can be used for creating web applications and pages." [0025]
identifying one or more architecture components included in a component registry associated with an organization, - "At block 210, system 100 maintains a multi-tenant database 112 identifying web application builder components. In some implementations, the multi-tenant database 112 is shared by multiple enterprises." [0038] "At block 220, system 100 displays a user interface for the web application builder framework. In some implementations, the user interface includes a selectable list of a subset of the web application builder components." [0039] "In some implementations, the selectable list of web application builder components may be a palette editor. A palette editor shows all of the available web application builder components in a palette, toolbar, list, or other form of displaying the components." [0039]
identifying respective configurations for each of the one or more architecture components; - "Component properties or property editor 430 is an editor for configurable menus of properties or attributes of web application builder components. In some implementations, users of the web application builder framework can create configurable fields for properties of web application components in a web application builder. Then, when users of the web application builder construct an application, they can configure properties or attributes of web application components according to how the property editor has allowed the user to configure them." [0052]; Fig. 4
generating an application - "FIG. 3 shows an example of a web application builder constructed with a web application builder framework, in accordance with some implementations." [0044]; configured for execution in a cloud-based environment - "Thus, the disclosed techniques can be implemented without having to install software locally, that is, on computing devices of users interacting with services available through the cloud." [0129]; based at least in part on integrating the one or more architecture components - "At block 220, system 100 displays a user interface for the web application builder framework. In some implementations, the user interface includes a selectable list of a subset of the web application builder components. In some implementations, the user interface includes one or more “development areas”. Development areas represent a working area for the developers or admins constructing a web application builder." [0039]; in accordance with the respective configurations; and - "In some implementations, system 100 processes a second user request to modify the selected web application builder components within the one or more development areas. In some implementations, the request to modify involves a modification of one or more properties or attributes of the web application builder components. In some implementations, system 100 updates the selected web application builder components within the one or more development areas." [0043]
providing the application to a device associated with a user based at least in part on generating the application. - "In some implementations, the web application builder is configured to be executable on one or more browsers or other web navigation applications operating on one or more client devices." [0042]
Varadarajan does not explicitly teach each architecture component of the component registry being configured to comply with a security policy of the organization;
However, in the analogous field of software deployment, Jackson teaches:
"The technical field relates generally to software development, and more specifically to software component repositories used in component-based software development." (page 2, paragraph 2)
"Once procedure 301 determines a risk that matches the component (and the risk of the component within this component if deeply inspected), the matched risk is evaluated 315 against a pre-defined repository policy and Determine the action taken on the risk. If all risks are determined to “pass” according to the repository policy, the procedure 301 then performs 317 pass-through actions as defined in the predefined repository policy. Components that pass the repository policy are considered acceptable and can be added to the repository as usual." (page 11, paragraph 2)
"In this example, the repository policy does not tolerate software components with MIT licenses or critical security threats, but all others are tolerated." (page 15, paragraph 4)
"Policy can be associated with a repository, or an entire organization, or can be associated with an application, but not necessarily associated with the entire organization)." (page 16, paragraph 2)
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Varadarajan with Jackson's teachings because doing so would provide Varadarajan's system with the ability to improve the efficiency of software development, as suggested by Jackson (page 2, paragraph 5).
With respect to claim 11, Varadarajan teaches,
A non-transitory computer-readable medium storing code, the code comprising instructions executable by one or more processors to: - Fig. 11A
The remaining limitations are rejected using the mapping from analogous claim 1.
With respect to claim 20, Varadarajan teaches,
An apparatus, comprising: one or more memories; and one or more processors coupled with the one or more memories and configured to cause the apparatus to: - Fig. 11A
The remaining limitations are rejected using the mapping from analogous claim 1.
Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Varadarajan and Jackson, and in view of US 20110071884 A1 hereinafter "Michaelis".
With respect to claims 4 and 14, Varadarajan does not explicitly teach,
identifying, based at least in part on receiving a user input from the device, that the application is a test application; and
removing the application after a duration based at least in part on identifying that the application is a test application.
However, in the analogous field of test applications, Michaelis teaches:
"Generally, to test software applications, a user must download a test application to a computer system. Thus, if a user wants to research a software purchase, the user needs to test the application on his or her computer system. These test applications are often offered for a limited time unless a registration key is provided. After some limited amount of time, the test application is uninstalled or modified to make the test application unusable." [0003]
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Varadarajan and Jackson with Michaelis' teachings because doing so would provide Varadarajan/Jackson's system with the ability to improve the security of test applications, as suggested by Michaelis (Abstract).
Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Varadarajan and Jackson, and in view of US 20230351023 A1 hereinafter "Kurian".
With respect to claims 5 and 15, Varadarajan does not explicitly teach,
identifying one or more second architecture components in accordance with a periodicity; and
adding the one or more second architecture components to the component registry based at least in part on identifying the one or more second architecture components.
However, in the analogous field of vulnerability assessment, Kurian teaches,
"The memory device 136 comprises computer-readable instructions 140 and data storage 138. The data storage 138 of the metadata list database system 102 may comprise a database 142, where the database 142 stores the SBOM's and IBOM's associated with each endpoint device within the network. As new components are added to SBOM's and IBOM's over time by the endpoint device monitoring computing system 103, the updated SBOM's and/or IBOM's may be stored within the database 142." [0058]
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Varadarajan and Jackson with Kurian's teachings because doing so would provide Varadarajan/Jackson's system with the ability to remediate security vulnerabilities in computing devices using continuous device-level scanning and monitoring, as suggested by Kurian (Abstract).
Claims 6, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Varadarajan and Jackson, and in view of US 11416369 B1 - hereinafter "Trapani".
With respect to claims 6 and 16, Varadarajan does not explicitly teach the following limitations which, in the analogous field of software metrics, are taught by Trapani as follows:
identifying one or more metrics of the application based at least in part on respective resources associated with the one or more architecture components; - "The method includes obtaining measured performance metrics of a first component of the plurality of application infrastructure components during a reporting window time period,..." (col. 3:65-4:1) "Example performance metrics may be displayed for each component, such as response time, memory utilization, CPU utilization, etc." (col. 21:24-26)
generating one or more scores associated with one or more utilities for the application based at least in part on the one or more metrics; and - "The method includes processing the measured performance metrics with the second machine learning model, using the obtained outlier threshold value, to produce the component health score output for the first component, and generating an output to transform a display visible to an operator." (col. 4:16-21)
providing the one or more scores to the device. - "As mentioned above, the health status and health scores dashboard (such as the multi-level application monitoring interface 432), may provide a four level health monitoring interactive display, to enable eyes-on-glass health monitoring with drill-down into component-level problems in isolation." (col. 18:42-47). "The system 400 also includes a user monitoring device 406. The user monitoring device includes a multi-level application monitoring interface 432, which may be used to monitor performance anomalies of the components of the computer system 402 as described further below." (col. 18:28-32)
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Varadarajan and Jackson with Trapani's teachings because doing so would provide Varadarajan/Jackson's system with the ability to automate anomaly detection for application infrastructure components, as suggested by Trapani (col. 1:8-10).
With respect to claim 10, Varadarajan does not explicitly teach,
updating a first metric of the one or more metrics in accordance with a first periodicity based at least in part on providing the one or more scores to the device; and
updating a second metric of the one or more metrics in accordance with a second periodicity different than the first periodicity based at least in part on providing the one or more scores to the device.
However, in the analogous field of software metrics, Trapani teaches:
"FIGS. 7A and 7B illustrate an example process for determining statuses of application infrastructure components, for display via a user interface (such as the multi-level application monitoring interface 432). As shown in FIG. 7A, control may start at the beginning of each update period, such as a repeating periodic time frame for monitoring performance of each component in the system and applying a machine learning model to determine a health status and score for each component. Example time periods may include every minute, every five minutes, every half-hour, every one hour, etc." (col. 22:65-23:8)
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Varadarajan and Jackson with Trapani's teachings because doing so would provide Varadarajan/Jackson's system with the ability to automate anomaly detection for application infrastructure components, as suggested by Trapani (col. 1:8-10).
Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Varadarajan, Jackson and Trapani, and in view of US 20140223416 A1 - hereinafter "Cohen", and in view of US 12072790 B1 - hereinafter "Pearson".
With respect to claims 7 and 17, Varadarajan does not explicitly teach,
identifying the one or more metrics is based at least in part on an application identifier, the application identifier is associated with a source code and one or more resources generated from the source code;
However, in the analogous field of software development, Cohen teaches:
"The term "snapshot" is intended to broadly mean a collection of metrics on an executing application's runtime behavior. A snapshot, for example, and not for limitation, may include the throughput rates, CPU usage, memory usage, executions, or errors reported, application identifiers (e.g. file name, version, constituent source code artifacts), and other similar type of information." [0087]
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Varadarajan, Jackson and Trapani with Cohen's teachings because doing so would provide Varadarajan/Jackson/Trapani's system with the ability to improve the documentation of source code artifacts for an executing application, as suggested by Cohen [0023].
Varadarajan does not explicitly teach and the source code comprises a reference to the component registry.
However, in the analogous field of software development, Pearson teaches:
"In addition to the location of the source code within the application codebase (e.g., class, function, source code file, line, etc.), the source code attribute data 406 may include attributes such as the types of programming statements and operators used,..." (col. 14:7-11)
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Varadarajan, Jackson, Trapani and Cohen with Pearson's teachings because doing so would provide Varadarajan/Jackson/Trapani/Cohen's system with improvements in software development and environments testing, as suggested by Pearson (col. 6:8-12).
Claims 8, 9, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Varadarajan, Jackson and Trapani, and in view of US 20180143891 A1 - hereinafter "Polisetty".
With respect to claims 8 and 18, Varadarajan does not explicitly teach,
transmitting a notification to the device based at least in part on determining that at least one metric of the one or more metrics satisfies a threshold, the notification associated with the at least one metric.
However, in the analogous field of software metrics, Polisetty teaches:
"If it is determined at 612 that one or more of the KPI values are underperforming their respective thresholds, it is further determined at 614 if one or more of the corrective actions 470 can be identified to remedy the situations that caused the KPIs to underperform their respective thresholds. In an example, a corrective action can be a simple communication to corresponding personnel with an update regarding the subpar performance of the KPI." [0048]
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Varadarajan, Jackson and Trapani with Polisetty's teachings because doing so would provide Varadarajan/Jackson/Trapani's system with the ability to improve the performance of a mobile application portfolio, as suggested by Polisetty [0024].
With respect to claims 9 and 19, Varadarajan does not explicitly teach,
providing a remediation option associated with the at least one metric to the device based at least in part on transmitting the notification.
However, in the analogous field of software metrics, Polisetty teaches:
"In an example, a corrective action can be a simple communication to corresponding personnel with an update regarding the subpar performance of the KPI. In other examples, a more detailed analysis of the data that caused the KPI to underperform may be conducted and the information gathered can be included in the communication to the personnel. The corrective actions 470 may also include aids such as checklists to identify problems and notes regarding the various solutions may also be included in the alert that is generated and transmitted at 616." [0048]
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Varadarajan, Jackson and Trapani with Polisetty's teachings because doing so would provide Varadarajan/Jackson/Trapani's system with the ability to improve the performance of a mobile application portfolio, as suggested by Polisetty [0024].
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GEOFFREY R ST LEGER whose telephone number is (571)270-7720. The examiner can normally be reached M-F (IFP) ~9:00-5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S Sough can be reached at 571-272-6799. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GEOFFREY R ST LEGER/Primary Examiner, Art Unit 2192