Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsHuazhong University Of Science And Technology › 18650308
Last updated: April 18, 2026
Application No. 18/650,308

SYSTEM AND METHOD FOR VULNERABILITY LOCALIZATION BASED ON DEEP LEARNING

Final Rejection §103
Filed
Apr 30, 2024
Examiner
NAHAR, SAYEDA S
Art Unit
2435
Tech Center
2400 — Computer Networks
Assignee
Huazhong University Of Science And Technology
OA Round
2 (Final)
67%
Grant Probability
Favorable
3-4
OA Rounds
3y 5m
To Grant
99%
With Interview

Interview Optional

+35.8% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 27 resolved cases, 2023–2026

Examiner Intelligence

NAHAR, SAYEDA S View full profile →
Grants 67% — above average
67%
Career Allow Rate
18 granted / 27 resolved
+8.7% vs TC avg
Strong +36% interview lift
Without
With
+35.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
25 currently pending
Career history
52
Total Applications
across all art units

Statute-Specific Performance

§101
14.0%
-26.0% vs TC avg
§103
61.6%
+21.6% vs TC avg
§102
4.4%
-35.6% vs TC avg
§112
17.6%
-22.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 27 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment 2. This is in response to the amendments filed on 12/30/2025. Claims 1, 3-5, 8, 11, 13-15 and 18 have been amended. Claims 1, 3-11 and 13-20 are currently pending and have been considered below. The 101 rejection to the claim 1-20 and drawing objection has been reconsidered and withdrawn. Response to Arguments 3. Applicant’s arguments filed on 12/30/2025 have been fully considered but they are not persuasive. On the Remarks, Applicant argues that, None of these references teach "adding data-flow edges and control-flow edges to the first abstract syntax tree to form a second abstract syntax tree with semantic-flow enhancement; .... wherein the step of adding data-flow edges and/or control-flow edges to the first abstract syntax tree comprises at least one of following steps: connecting each non-root node to a parent node thereof; establishing connection relation among peer nodes and/or terminal nodes; based on an occurrence order of variables, connecting nodes involving the variables," as recited in amended claim 1 or claim 11. these references, fail to teach or suggest each and every element of the claimed invention. The examiner respectfully disagrees. First, in response to applicant's argument that YOSHIDA does not disclose "adding ….. to the first abstract syntax tree to form a second abstract syntax tree …", it is noted that, YOSHIDA at Para.0032, Para.0020 discloses; “the abstract syntax tree 110A may represent the constructs at a concrete level of abstraction”, “… the terms “abstract” and “concrete” are … referring to the level of abstraction of a representation of software programs….a lowest level of abstraction …. include a …. representation without abstraction…. to elements of source code…”, abstract syntax tree 110A in YOSHIDA is equivalent to the claimed first abstract syntax tree. Abstract syntax tree 110A may represent the constructs at a concrete level of abstraction, “construct” refers to elements of source code. lowest level of abstraction or a concrete level of abstraction include a representation without abstraction, as 110A represent the constructs/elements of the source code at a concrete level of/ lowest level of abstraction thus indicated that a first abstract syntax tree that does not contain semantic information. Also, it is noted that, YOSHIDA at Para.0049, Para.0046, Para.0037 discloses, “The …. abstract syntax tree 110D … generated by merging one or more nodes of the abstract syntax tree 110B …. with one or more nodes of the abstract syntax tree 110C”, “The … abstract syntax tree 110D may be an example of an abstract syntax tree 110A”, “The abstract syntax tree 110B and the abstract syntax tree 110C may each be an example of an abstract syntax tree 110”. Moreover, YOSHIDA at Para.0037, Para.0041, Para.0042 discloses, “The abstract syntax tree 110B may include … first constructs of first source code …..abstract syntax tree 110C may include …. second constructs of second source code”, “the abstract syntax tree 110C may represent a code pattern associated with an error, and the abstract syntax tree 110B may represent a repair candidate that may address the error”, “The first source code may be more secure than…. the second source code. The first source code may be a repair candidate …. with relation to the second source code”, which the examiner interpreted as being the claimed “adding ….. to the first abstract syntax tree to form a second abstract syntax tree with semantic-flow enhancement” because the broadest reasonable interpretation of the claimed “adding ….. to the first abstract syntax tree to form a second abstract syntax tree with semantic-flow enhancement” includes abstract syntax tree 110D which is formed after abstract syntax tree 110A [110A is equivalent to claimed ‘first abstract syntax tree’], abstract syntax tree 110D is equivalent to the claimed ‘a second abstract syntax tree with semantic-flow enhancement’; as 110D is generated by merging one or more nodes of the abstract syntax tree 110B with one or more nodes of the abstract syntax tree 110C. 110C includes second constructs of second source code represents a code pattern associated with an error and 110B includes first constructs of first source code which is more secure and address any error associated with the source code, both 110B and 110C include constructs of source code representing code patterns associated with error and repair mechanism which is not included in 110A or constructs of the source code at a concrete level of/lowest level of abstraction. Therefore, it is indicated that, in YOSHIDA, second abstract syntax tree [110D/merged abstract syntax tree 110B with the abstract syntax tree 110C] contains semantic-flow enhancement which is not present in first abstract syntax tree or 110A. Furthermore, it is noted that, YOSHIDA at Para.0060, Para.0059 discloses, “The …. abstract code graph …. generated by generating one or more …. nodes …. in the abstract syntax tree 110A …..”, “the …. abstract code graph … include … one or more branch nodes 106… one or more leaf nodes 109” which the examiner interpreted as being the claimed “…. the step of adding …. to the first abstract syntax tree comprises at least one of following steps: connecting each non-root node to a parent node thereof…”. Second, in response to applicant's argument that LIU does not disclose "adding data-flow edges and control-flow edges to the …abstract … tree to form a …abstract ….tree with semantic-flow …..", it is noted that, LIU at Abstract, Contents of the Invention, claim 3 discloses; “supplement the node information of the abstract …..tree, and extracting control flow graph of the intelligent contract from the abstract …. tree after supplementing… obtaining … the intelligent contract according to the control flow graph….”, “obtain …. and abstracting the data …analysis result into a data structure, so as to analyze the … semantic features of the intelligent contract”, “supplementing the node information of the abstract … tree…. the node information of the parent node in the abstract ….tree stored in the corresponding sub-node” which the examiner interpreted as being the claimed “adding data-flow edges and control-flow edges to the …abstract … tree to form a …abstract ….tree with semantic-flow …." because the broadest reasonable interpretation of the claimed “adding data-flow edges and control-flow edges to the …abstract … tree to form a …abstract ….tree with semantic-flow …." includes extracting control flow graph of the intelligent contract from the abstract tree after supplementing and analyze the semantic features of the intelligent contract, which is equivalent to the claimed ‘adding data-flow edges and control-flow edges to the abstract tree to form an abstract tree with semantic-flow…’. Finally, in response to applicant's argument that “these references, fail to teach or suggest each and every element of the claimed invention”, from the above citations it is already indicated that, YOSHIDA discloses first abstract syntax tree, second abstract syntax tree, LIU discloses that “adding data-flow edges and control-flow edges to the …. abstract …. tree to form a …. abstract ……tree”. In addition, it is noted that, Olson at Para.0038, Para.0062 discloses “pre-training the machine learning model using …. source code as an input”, “a machine learning (ML) model to perform a ML based analysis on an abstract …..tree ….. for detecting a ….security vulnerability over …. source code” which the examiner interpreted as being the claimed “a pre-established vulnerability detection and localization model". It is clearly indicated that all of these references, teach each and every element of the claimed invention, and the rejection of such is sustained below. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 4. Claims 1,3-4 and 11,13-14 are rejected under AIA 35 U.S.C. 103 as being unpatentable over YOSHIDA et al (US 20190278572 A1) in view of LIU et al. (CN 115017514 A) and further in view of Olson et. Al (US 20230177170 A1) Regarding Claim 1: YOSHIDA discloses: a. A system for vulnerability localization …. (Para.0024; “systems …to generate abstract code graphs ….to identify …. code patterns … include ….. vulnerabilities”) the system at least comprising a processor, wherein the processor is configured to operate a coding program of a method for vulnerability localization ….. (Abstract, Para.0056; “a method may include generating an abstract code graph”, “the abstract code graph generator … implemented using hardware including a processor”) wherein the method comprises the steps of: b. analyzing a code file under detection (Para.0024, Para.0027; “The abstract code graphs of …code …. analyzed …. indicate frequently occurring code patterns in the …. code”, “an abstract code graph … based on an abstract syntax tree 110”) so as to obtain a first abstract syntax tree (Para.0031, Para.0029; “the abstract syntax tree 110A may be obtained…. from source code”, “The abstract syntax tree 110A may be an example of an abstract syntax tree 110”) that does not contain semantic information; (Para.0032, Para.0020; “the abstract syntax tree 110A may represent the constructs at a concrete level of abstraction”, “… the terms “abstract” and “concrete” are … referring to the level of abstraction of a representation of software programs….a lowest level of abstraction, or a concrete level of abstraction…. include a …. representation without abstraction…. the term “construct” may refer to elements of source code…” abstract syntax tree 110A is construed as first abstract syntax tree as abstract syntax tree 110A may represent the constructs at a concrete level of abstraction, “construct” refers to elements of source code. lowest level of abstraction or a concrete level of abstraction include a representation without abstraction, as 110A represent the constructs/elements of the source code at a concrete level of/ lowest level of abstraction thus construed as a first abstract syntax tree that does not contain semantic information) c. adding ….. to the first abstract syntax tree to form a second abstract syntax tree (Para.0049, Para.0046, Para.0037; “The …. abstract syntax tree 110D … generated by merging one or more nodes of the abstract syntax tree 110B …. with one or more nodes of the abstract syntax tree 110C”, “The … abstract syntax tree 110D may be an example of an abstract syntax tree 110A”, “The abstract syntax tree 110B and the abstract syntax tree 110C may each be an example of an abstract syntax tree 110” abstract syntax tree 110D is construed as second abstract syntax tree which is formed after abstract syntax tree 110A/ first abstract syntax tree) with semantic-flow enhancement; (Para.0037, Para.0041, Para.0042; “The abstract syntax tree 110B may include … first constructs of first source code …..abstract syntax tree 110C may include …. second constructs of second source code”, “the abstract syntax tree 110C may represent a code pattern associated with an error, and the abstract syntax tree 110B may represent a repair candidate that may address the error”, “The first source code may be more secure than…. the second source code. The first source code may be a repair candidate …. with relation to the second source code” abstract syntax tree 110D is construed as a second abstract syntax tree with semantic-flow enhancement; 110D is generated by merging one or more nodes of the abstract syntax tree 110B with one or more nodes of the abstract syntax tree 110C, 110C includes second constructs of second source code represents a code pattern associated with an error and 110B includes first constructs of first source code which is more secure and address any error associated with the source code, as both 110B and 110C include constructs of source code representing code patterns associated with error and repair mechanism which is not included in 110A or constructs of the source code at a concrete level of/lowest level of abstraction, thus construed as second abstract syntax tree [110D/merged abstract syntax tree 110B with the abstract syntax tree 110C] contains semantic-flow enhancement which is not present in first abstract syntax tree or 110A) d. splitting the second abstract syntax tree to obtain a plurality of second abstract syntax sub-trees; (FIG.1D/Para.0046, Para.0047; “the abstract syntax tree 110D …. include …. the first constructs of the first source code and the second constructs of the second source code….abstract syntax tree 110D ….include …. one or more nodes were previously ….nodes of a previous abstract syntax tree, …. 110B …. the abstract syntax tree 110C”, “abstract syntax tree 110D may include …. one or more leaf nodes 109” leaf nodes 109 are construed as plurality of second abstract syntax sub-trees) and e. entering the second abstract syntax sub-trees into (Para.0125, Para.0043, Para.0044; “developer may enter a line of code, such as…. “closable.close( )” into an ….development environment”, “the abstract syntax tree 110C may represent the second source code “closable.close( )”, “abstract syntax tree 110B may represent the first source code ….“closable.close( )”) ….. f. wherein the step of adding …. to the first abstract syntax tree (Para.0060; “The …. abstract code graph …. generated by generating one or more …. nodes …. in the abstract syntax tree 110A …..”) comprises at least one of following steps: connecting each non-root node to a parent node thereof; (Para.0059; “the …. abstract code graph … include … one or more branch nodes 106… one or more leaf nodes 109” abstract code graph is construed as the parent node) establishing connection relation among peer nodes and/or terminal nodes; based on an occurrence order of variables, connecting nodes involving the variables; and based on controlled information, connecting nodes having program control semantics. however, YOSHIDA does not explicitly disclose: a. A system for vulnerability …. based on deep learning……a method for vulnerability …… based on deep learning… c. adding data-flow edges and control-flow edges to the …. abstract …. tree to form a …. abstract ……tree with semantic-flow ….. e. entering the …. abstract …..trees into a pre-established vulnerability detection and localization model, f. …. adding data-flow edges and/or control-flow edges to the …. abstract ….. tree …. In an analogous reference LIU discloses: c. adding data-flow edges and control-flow edges to the …abstract … tree to form a …abstract ….tree with semantic-flow …..(Abstract, Contents of the Invention; “supplement the node information of the abstract …..tree, and extracting control flow graph of the intelligent contract from the abstract …. tree after supplementing… obtaining … the intelligent contract according to the control flow graph….”, “obtain …. and abstracting the data …analysis result into a data structure, so as to analyze the … semantic features of the intelligent contract” extracting control flow graph of the intelligent contract from the abstract tree after supplementing and analyze the semantic features of the intelligent contract is construed as adding data-flow edges and control-flow edges to the abstract tree to form an abstract tree with semantic-flow) f. …. adding data-flow edges and/or control-flow edges to the …. abstract ….. tree …. (claim 3; “supplementing the node information of the abstract … tree…. the node information of the parent node in the abstract ….tree stored in the corresponding sub-node”) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify YOSHIDA’s method of obtaining an abstract syntax tree (AST) by enhancing YOSHIDA’s method to include LIU’s method for intelligent contract vulnerability detection based on abstract syntax tree. The motivation: Adding data-flow and/or control-flow edges to an Abstract Syntax Tree (AST) significantly enhances its utility for various code analysis and manipulation tasks. These benefits arise from enriching the purely syntactic information of an AST with semantic information about how data and control flow through a program. In an analogous reference Olson discloses: a. A system for vulnerability …..based on deep learning……(Para.0099; “a system for … detecting a security vulnerability in a source code using a machine learning model”) a method for vulnerability …… based on deep learning… (Abstract; “a method of ……detecting a security vulnerability in a source code using a machine learning model”) e. entering the …. abstract ……trees into (Para.0039, Para.0044; “pre-training the machine learning model using an ….source code as an input”, “parse the source code into the abstract ….. tree ….. wherein the abstract …..tree ….. is a …abstract …..structure of the source code ….”) a pre-established vulnerability detection and localization model. (Para.0038, Para.0062; “pre-training the machine learning model using …. source code as an input”, “a machine learning (ML) model to perform a ML based analysis on an abstract …..tree ….. for detecting a ….security vulnerability over …. source code” pre-training a machine learning model using a source code as an input which is parsed into abstract tree in order to detect security vulnerability over source code is construed as entering the abstract trees into a pre-established vulnerability detection and localization model) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify YOSHIDA in view of LIU’s method of obtaining an abstract syntax tree (AST) by enhancing YOSHIDA in view of LIU’s method to include Olson’s method for detecting a security vulnerability in a source code using a machine learning model. The motivation: Detecting security vulnerabilities in source code using pre-established vulnerability detection and localization model offer major benefits, such as saving time and resources, providing high accuracy, and enabling proactive security. By using models that are already trained on large datasets, organizations can accelerate their vulnerability management efforts and improve their overall security posture. With respect to independent claim 11, a corresponding reasoning was given earlier in this section with respect to claim 1; therefore, claim 11 rejected, for similar reasons, under the grounds as set forth for claim 1. Regarding Claim 3: YOSHIDA in view of LIU and further in view of Olson discloses: The system of claim 1, wherein the step of establishing connection relation among peer nodes at least comprises: connecting each said node to its peer sibling nodes, so as to provide a …. with an order of child nodes. (LIU, Embodiment 1; “the node information of the parent node in the abstract ….tree stored in the corresponding sub-node”) …. provide a neural network model ….. (Olson, Para.0026; “providing the …. input …. as training data to …. the machine learning model”) With respect to independent claim 13, a corresponding reasoning was given earlier in this section with respect to claim 3; therefore, claim 13 rejected, for similar reasons, under the grounds as set forth for claim 3. Regarding Claim 4: YOSHIDA in view of LIU and further in view of Olson discloses: The system of claim 3, wherein the step of establishing connection relation among terminal nodes comprises: connecting one said terminal node to a following said terminal node so as to connect a plurality of …. that are related to a source code. (YOSHIDA, Para.0004; “an abstract syntax tree (AST) …. represent constructs of source code and relationships between the constructs in the source code…. The first AST node may be connected to the second AST node in the abstract syntax tree in a manner that represents a relationship between the first construct at the first location and the second construct at the second location”) ….. labels that are related to a source code. (Olson, Para.0128, Abstract; “The source code comprises an unlabeled source code and a labeled source code”, “a labeled source code to predict a presence or an absence of the …. security vulnerability”) With respect to independent claim 14, a corresponding reasoning was given earlier in this section with respect to claim 4; therefore, claim 14 rejected, for similar reasons, under the grounds as set forth for claim 4. Claims 5 and 15 are rejected under AIA 35 U.S.C. 103 as being unpatentable over YOSHIDA et al (US 20190278572 A1) in view of LIU et al. (CN 115017514 A) in view of Olson et. Al (US 20230177170 A1) also in view of ALORAINI et. Al (US 20240427900 A1) Regarding Claim 5: YOSHIDA in view of LIU also in view of Olson discloses: The system of claim 4, wherein the step of splitting the second abstract syntax tree comprises: acquiring a sub-tree node sequence of at least one code block; (YOSHIDA, Para.0038, FIG,1A/Para.0093; “the abstract syntax tree 110B may include a … one or more leaf nodes”, “leaf nodes in the subgraphs 150 …. referred to as “split nodes.” …. code graph 130 that correlate to split nodes of the subgraphs 150 may also be referred to as “split nodes” from FIG.1A, code graph 130 is generated from abstract syntax tree 110/second abstract syntax tree 110B, subgraphs 150/split nodes/leaf nodes generated from code graph 130 and abstract syntax tree 110/second abstract syntax tree 110B) according to …. statement types, sorting statements of different said statement types in the source code; (Para.0042, Para.0041; “second source code …. include …. phrase “closable.close( );” and the first source code may include the ….phrase “if (closable !=null) closable.close( );.” …. The first source code … more secure …. than the second source code. The first source code … a repair candidate of a development suggestion with relation to the second source code…. the second source code may be from software under test”, “the abstract syntax tree 110B may represent …first source code ….the abstract syntax tree 110C ….represent …. second source code”) selecting at least one said statement type ….. of the statement types; (Para.0042; “second source code …. include …. phrase “closable.close( );” and the first source code may include the ….phrase “if (closable !=null) closable.close( );.” …. The first source code … more secure …. than the second source code. The first source code … a repair candidate of a development suggestion …. the second source code may be from software under test”) and according to the ….. of the statement types, determining how the statement type is to be split. (Para.0043; “the abstract syntax tree 110C ….represent the second source code “closable.close( );.” …. The leaf node 109G …. represent the construct “closable” …. as “Var Closable.” The leaf node 109H …. represent the construct “close( )” as “Id close.” …”) however, YOSHIDA in view of LIU also in view of Olson does not explicitly disclose: according to a complexity order of statement ….. sorting statements of different said statement types in the source code; selecting at least one said statement …..that takes a top place in the complexity order of the statement ….and according to the complexity order of the statement ….. determining how the statement …. is to be split. In an analogous reference ALORAINI discloses: according to a complexity order of statement …. sorting statements of different said statement …. in the source code; (Para.0084, Para.0027, Para.0109; “Classifier …. classify …. code structures and…… conditional statements, complex Boolean logic.… descriptive text within the code …… in generating …. score”, “generating a ….. score ….. for detection of complex …. code patterns ….”, “complexity (e.g., a measure of a structural complexity of the code”) selecting at least one said statement …. that takes a top place in the complexity order of the statement …..; (Para.0084, Para.0097, Para.0027; “classify …. code structures and…. conditional statements, complex Boolean logic….in generating …. score”, “generates a higher …score ….. indicate that computer code … has a high degree of complexity”, “generating a ….. score ….. for detection of complex …. code patterns ….”) and according to the complexity order of the statement …. determining how the statement …... is to be split. (Para.0084, Para.0097, Para.0094; “Classifier …. classify …. code structures and…… conditional statements, complex Boolean logic.… descriptive text within the code ……”, “computer code …. was not well tested or has a high degree of complexity”, “a degree indicating how tested the computer code …. how complex such code is (e.g., based on a …. complexity technique”) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify YOSHIDA in view of LIU also in view of Olson’s method of obtaining an abstract syntax tree (AST) by enhancing YOSHIDA in view of LIU also in view of Olson’s method to include ALORAINI’s method for evaluating a privacy incidence risk. The motivation: sorting statements in the source code according to the complexity order of statement, provide benefit of Prioritizing efficient operations, early exit conditions and clarity in conditional logic. With respect to independent claim 15, a corresponding reasoning was given earlier in this section with respect to claim 5; therefore, claim 15 rejected, for similar reasons, under the grounds as set forth for claim 5. Claims 6-7 and 16-17 are rejected under AIA 35 U.S.C. 103 as being unpatentable over YOSHIDA et al (US 20190278572 A1) in view of LIU et al. (CN 115017514 A) in view of Olson et. Al (US 20230177170 A1) also in view of ALORAINI et. Al (US 20240427900 A1) and further in view of RYU et. Al (KR 101997012 B1) Regarding Claim 6: YOSHIDA in view of LIU also in view of Olson and further in view of ALORAINI discloses: The system of claim 5, wherein the step of, according to a complexity order of statement types, sorting statements of different said statement types in the source code comprises: compiling method information in data sets related to individual code blocks; (Olson, Para.0083, Para.0084; “method comprises detecting …. security vulnerability during the compilation of the source code by performing a library analysis ….”, “the library analysis is a …. dynamic analysis to detect the security vulnerability during the compilation of the source code ….”) ….. however, YOSHIDA in view of LIU also in view of Olson and further in view of ALORAINI does not explicitly disclose: …. determining complexity of the individual statement types based on a mean value of the nodes; and according to complexity, sorting statements of different said statement types in the source code. In an analogous reference RYU discloses: …. determining complexity of the individual statement types based on a mean value of the nodes; (Under the section Claims, Abstract, DESCRIPTION-OF-EMBODIMENTS; “Generating source codes of a program …. In the case of the branch code, the state complexity is calculated based on the ….. average”, “predicting a resource of a program based on state complexity”, “Programs …. include statements (general command code), branch statements (branch codes), loop statements (repeated codes), function calls (function call codes”) and according to complexity, sorting statements of different said statement types in the source code. (Under the section Claims; “Generating source codes of a program as FA (Finite-state Automata) corresponding to each of a plurality of code categories…. Calculating a state complexity for each of the generated FAs”) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify YOSHIDA in view of LIU also in view of Olson and further in view of ALORAINI’s method of obtaining an abstract syntax tree (AST) by enhancing YOSHIDA in view of LIU also in view of Olson and further in view of ALORAINI’s method to include RYU’s method for predicting resources of a procedural program. The motivation: Determining the complexity of individual statement types based on a mean value in source code offers a high-level view of the codebase's overall complexity, making it valuable for initial assessments, benchmarking, and identifying general trends. With respect to independent claim 16, a corresponding reasoning was given earlier in this section with respect to claim 6; therefore, claim 16 rejected, for similar reasons, under the grounds as set forth for claim 6. Regarding Claim 7: YOSHIDA in view of LIU also in view of Olson also in view of ALORAINI and further in view of RYU discloses: The system of claim 6, wherein in the step of selecting at least one said statement type that takes a top place in the complexity order of the statement types, the statement type is at least one of a For statement type, a While statement type, a Try statement type, a Do statement type, a ForEach statement type, a Switch statement type, and an If statement type. (RYU, DESCRIPTION-OF-EMBODIMENTS; “The statement may include …. a switch statement, an if else statement…. The loop statement may include a for statement, a while statement”) With respect to independent claim 17, a corresponding reasoning was given earlier in this section with respect to claim 7; therefore, claim 17 rejected, for similar reasons, under the grounds as set forth for claim 7. Claims 8-10 and 18-20 are rejected under AIA 35 U.S.C. 103 as being unpatentable over YOSHIDA et al (US 20190278572 A1) in view of LIU et al. (CN 115017514 A) in view of Olson et. Al (US 20230177170 A1) also in view of ALORAINI et. Al (US 20240427900 A1) and in view of RYU et. Al (KR 101997012 B1) and further in view of WU et. Al (CN 112463209 A) Regarding Claim 8: YOSHIDA in view of LIU also in view of Olson also in view of ALORAINI and in view of RYU discloses: The system of claim 7, wherein the vulnerability detection and localization model comprises ….. a graph-attention-based model. (Olson, Para.0129; “the abstract ….. tree …. with a control and a dataflow of the source code…. transmitted to the machine learning analysis module …. performs a machine learning model based analysis on the abstract …. tree ….. over the …..source code to detect a …security vulnerability”) however, YOSHIDA in view of LIU also in view of Olson also in view of ALORAINI and in view of RYU does not explicitly disclose: …. a treeLSTM vector coding model….. In an analogous reference WU discloses: ….a treeLSTM vector coding model… (Under description; “extracting source program structure characteristic vector by using TreeLSTM structure tree …. FIG. 3 is a TreeLSTM structure tree …..model”) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify YOSHIDA in view of LIU also in view of Olson also in view of ALORAINI and in view of RYU’s method of obtaining an abstract syntax tree (AST) by enhancing YOSHIDA in view of LIU also in view of Olson also in view of ALORAINI and in view of RYU’s method to include WU’s method of extracting source program structure feature vector by using TreeLSTM structure tree encoder. The motivation: a treeLSTM vector coding model allows to capture the hierarchical dependencies and relationships that are present in data like natural language sentences and source code. With respect to independent claim 18, a corresponding reasoning was given earlier in this section with respect to claim 8; therefore, claim 18 rejected, for similar reasons, under the grounds as set forth for claim 8. Regarding Claim 9: YOSHIDA in view of LIU also in view of Olson also in view of ALORAINI and in view of RYU and further in view of WU discloses: The system of claim 8, wherein the control flow and the data flow are added to the abstract …..tree to form a … abstract ….tree …. (LIU, Abstract; “supplement the node information of the abstract ….tree, and extracting control flow graph of the intelligent contract from the abstract …. tree after supplementing…. obtaining …. the intelligent contract according to the control flow graph…”) … a second abstract syntax tree with semantic-flow enhancement, (YOSHIDA, Para.0049, Para.0037, Para.0042; “abstract syntax tree 110D … generated by merging one or more nodes of the abstract syntax tree 110B …. with one or more nodes of the abstract syntax tree 110C”, “The abstract syntax tree 110B … include … first source code …..abstract syntax tree 110C ….include a ….second source code”, “The first source code …. more secure …. The first source code may be a repair candidate of a development suggestion …..”) and the second abstract syntax tree is then split in a fine-grained manner, thereby realizing detection and localization of code vulnerabilities. (YOSHIDA, Para.0045, Para.0041; “the abstract syntax tree 110B and the abstract syntax tree 110C may include any number of …. leaf nodes”, “the abstract syntax tree 110B …represent …. first source code ….the abstract syntax tree 110C may represent ….second source code … the first source code and the second source code …be related to a similar …..vulnerability”) With respect to independent claim 19, a corresponding reasoning was given earlier in this section with respect to claim 9; therefore, claim 19 rejected, for similar reasons, under the grounds as set forth for claim 9. Regarding Claim 10: YOSHIDA in view of LIU also in view of Olson also in view of ALORAINI and in view of RYU and further in view of WU discloses: The system of claim 9, wherein …… the second abstract syntax sub-tree splitting method, (YOSHIDA, Para.0047; “abstract syntax tree 110D may include ….one or more leaf nodes”) localization of vulnerability codes is realized. (YOSHIDA, Para.0048, Para.0041; “abstract syntax tree 110D …. generated based on the abstract syntax tree 110B and the abstract syntax tree 110C”, “abstract syntax tree 110B …. represent …. of first source code …. the abstract syntax tree 110C …. represent …. second source code …. the first source code and the second source code … be related to a similar …. Vulnerability….”) ….. combining the graph-attention-based vulnerability detection and localization model and the …. abstract …. tree …. localization of vulnerability codes is realized. (Olson, Para.0129; “integrating the abstract ….. tree …. with a control and a dataflow of the source code….The abstract ….tree …. is transmitted to the machine learning analysis module …. performs a machine learning model based analysis on the abstract …. tree …. over the …..source code to detect a …security vulnerability”) With respect to independent claim 20, a corresponding reasoning was given earlier in this section with respect to claim 10; therefore, claim 20 rejected, for similar reasons, under the grounds as set forth for claim 10. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAYEDA SALMA NAHAR whose telephone number is (703)756-4609. The examiner can normally be reached M-F 12:00 PM to 6:00 PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amir Mehrmanesh can be reached on (571) 270-3351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SAYEDA SALMA NAHAR/Examiner, Art Unit 2435 /BEEMNET W DADA/Primary Examiner, Art Unit 2435
Read full office action

Prosecution Timeline

Apr 30, 2024
Application Filed
Oct 02, 2025
Non-Final Rejection — §103
Dec 30, 2025
Response Filed
Apr 03, 2026
Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

17/682,191
Patent 12537850
CONCEALED MONITOR COMMUNICATIONS FROM A TASK IN A TRUSTED EXECUTION ENVIRONMENT
2y 5m to grant Granted Jan 27, 2026
17/742,131
Patent 12506751
METHOD AND SYSTEM FOR SCORING SEVERITY OF CYBER ATTACKS
2y 5m to grant Granted Dec 23, 2025
17/765,529
Patent 12493681
PUF-RAKE: A PUF-BASED ROBUST AND LIGHTWEIGHT AUTHENTICATION AND KEY ESTABLISHMENT PROTOCOL
2y 5m to grant Granted Dec 09, 2025
17/748,459
Patent 12457490
ON-DEMAND SUBSCRIPTION CONCEALED IDENTIFIER (SUCI) DECONCEALMENT FOR SELECT APPLICATIONS
2y 5m to grant Granted Oct 28, 2025
17/822,582
Patent 12445469
USING A THREAT INTELLIGENCE FRAMEWORK TO POPULATE A RECURSIVE DNS SERVER CACHE
2y 5m to grant Granted Oct 14, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
67%
Grant Probability
99%
With Interview (+35.8%)
3y 5m
Median Time to Grant
Moderate
PTA Risk
Based on 27 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month