Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to the application filed on or reply to the remarks of 2/5/2026. The instant application has claims 1-20 pending. The system, method and medium for producing an modified code based on mapping dummy values to secrets. There a total of 20 claims.
Response to Arguments
Applicant's arguments filed 2/5/2026 have been fully considered but they are not persuasive.
The applicant argues that Vasudeva does not disclose: I. file storing secrets with the code, II. generating of dummy values, III. mapping of secrets to dummy values, IV. replacing the secretes with dummy values.
The examiner respectfully disagrees. Vasudeva discloses data might be user identifier or token information that is confidential that is, i.e. secrets, is stored in files or directories see Col 12 Ln 4-28 & Fig. 12 item 1214-12224. And further the alphanumeric text being generated to reference to file directories that is mapped see Col 3 Ln 5-18 & Col 3 Ln 40-60. And then , the modified alphanumeric text is used in execution of an JSON code see Col 33 Ln 54- Col 34 Ln 31. Thus, the secret data in form having user identifiers is stored in files that is mapped to alphanumeric text that is used for accessing memory locations to retrieve information to fulfill an transaction as implemented in JSON code.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under pre-AIA 35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over US Patent 12093301 to Vasudeva in view of US Patent 7437362 to Ben-Natan.
Regarding claim 1, 8, 15, Vasudeva discloses A method, comprising: receiving a file comprising one or more secrets that are stored within a source code of a software application; generating one or more dummy values(Abstract & Fig. 22 item 2202-2208, the alphanumeric text represents dummy values & Col 24 Ln 9-52); mapping each of the one or more secrets to a corresponding dummy value of the one or more dummy values(Col 4 Ln 9-34 & Col 3 Ln 5-25, the values are acceptable is determined and key-value is substituted & Col 12 Ln 4-28 & Fig. 12 item 1214-12224); replacing each of the one or more secrets that are stored within the source code with the corresponding dummy value to generate a modified source code(Fig. 22 item 2208, the modified code with file names & Col 3 Ln 40-56& Col 3 Ln 5-18 & Col 3 Ln 40-60).
But Vasudeva does not disclose storing the modified source code and the mapping in a data store.
In the same field of endeavor as the claimed invention, Ben-Natan discloses storing the modified source code and the mapping in a data store(Fig. 2 item 104 & Col 2 Ln 43-Col 3 Ln 43, the modify the transactions based on SQL query being filtered and security policy being applied).
It would have been obvious to one of ordinary skill in the art before the effective filing date of claimed invention to modify Vasudeva invention to incorporate discloses storing the modified source code and the mapping in a data store for the advantage of applying security policy and restrict access to data as taught in Ben-Natan see Col 3 Ln 24-42.
Regarding claim 2, 9, 16, the combined method/system/medium of Vasudeva and Ben-Natan, mutatis mutandis, Vasudeva discloses the method of claim 1, wherein a dummy value of the one or more dummy values includes an indicator of a category of data for a secret that is mapped to the dummy value(Col 49 Ln 35-50).
Regarding claim 3, 10, 17, the combined method/system/medium of Vasudeva and Ben-Natan, mutatis mutandis, Vasudeva discloses the method of claim 1, comprising matching a first dummy value of the one or more dummy values with a second dummy value of the one or more dummy values based on a first data category indicator in the first dummy value and a second data category indicator in the second dummy value(Fig. 22).
Regarding claim 4, 11, 18, the combined method/system/medium of Vasudeva and Ben-Natan, mutatis mutandis, Vasudeva discloses the method of claim 1, wherein a first dummy value of the one or more dummy values is associated with a first data category at a first hierarchical level, and a second dummy value of the one or more dummy values is associated with a second data category at a second hierarchical level lower than the first hierarchical level(Fig. 22 & Col 3 Ln5-25, the different file paths)).
Regarding claim 5, 12, 19, the combined method/system/medium of Vasudeva and Ben-Natan, mutatis mutandis, Vasudeva discloses the method of claim 1, comprising updating a dummy value of the one or more dummy values by changing at least one of a position or a meaning of at least one character in the dummy value(Col 49 Ln 35-50).
Regarding claim 6, 13, 20 the combined method/system/medium of Vasudeva and Ben-Natan, mutatis mutandis, Vasudeva discloses the method of claim 1, comprising partitioning the secret into a first portion and a second portion, storing the first portion in a first memory device, and storing the second portion in a second memory device(Col 38 LN 44-60, the file system being accessed on different network with different memory stores & Col 12 LN 4-52, the access to data based on authentication of user and permissions).
Regarding claim 7,14, the combined method/system/medium of Vasudeva and Ben-Natan, mutatis mutandis, Vasudeva discloses the method of claim 1, comprising populating a dummy value of the one or more dummy values by accessing a first memory device and subsequently accessing a second memory device, wherein a first portion of a secret of the one or more secrets is retrieved from the first memory device and a second portion of the secret is retrieved from the second memory device(Col 38 LN 44-60, the file system being accessed on different network with different memory stores).
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Venkat Perungavoor whose telephone number is (571)272-7213. The examiner can normally be reached 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached on 571-272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VENKAT PERUNGAVOOR/Primary Examiner, Art Unit 2492 Email: venkatanarayan.perungavoor@uspto.gov
Prosecution Insights