Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This office action is responsive to amendment filed on 1/8/2026. No claims are amended or added. Claims 1-20 are pending examination.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
The claims recite a method (claims 18-19), a system (claim 20) and non-transitory computer-readable medium (claims 1-17). These fall within the statutory categories of process, machine and manufacture.
Step 2A, Prong one, the claims are directed to an abstract idea, specifically a judicial exception under one of the categories including mental process, mathematical concepts and methods of organizing human activity. The claims recite the steps of , receiving executable code with an API invocation, intercepting API calls via virtual barrier, determining whether the invocation is for a native API, recording a source identifier and influencing the execution of the native API based on a trigger event. These limitations, taken as a whole are directed to the abstract idea of monitoring, recording and influencing application behavior based on source context, which is similar to data collection (receiving API invocation), analysis (determining the type of API or inspecting its argument) and decision making based on rules (modifying execution based on thresholds or identifiers). These are all mental processes or fundamental business practices that can be performed by humans pr a generic computer. There is no specific technological improvement to computer functionality recited in the claims. The claims describe the result (secure execution code) but not a specific way to achieve the result beyond the generic functions of receiving, intercepting, determining, recording and modifying.
Step 2A, prong two, the claims recite some implementation context, such as execution within a JavaScript, call back functions or DOM events. However, these elements are well known environments and routine programming. The virtual barrier, wrapped API, and trigger events are described at a high level without detaining a specific structure or implementation that improves the functioning pf the computer itself. There is no indication that the claims improve the performance, efficiency or structure of the computer or browser platform, instead they recite conventional use of software to apply abstract logic to application execution. The abstract idea is not integrated into a practical application.
Sep 2B, the additional elements such as a processor or computer readable medium, execution in a JavaScript-capable application, generic concept such as receiving code, inspecting arguments and modifying execution are well understood, routine and conventional in computer programming and cyber security. These steps merely implement the abstract idea on a generic computer environment without adding a technological innovation. The claims are not patent eligible.
Response to Arguments
Applicant's arguments filed regarding 35 USC § 101 have been fully considered but they are not persuasive for the reasons explained below.
Argument 1- the claims recite combination of security operations.
Response: the applicant argues the claims recite a combination of security operations, not merely a result. While the claims do recite multiple steps, these steps still describe what is accomplished (tracking API sources and controlling execution) rather than how it is accomplished at technical level. The “combination” consists of generic functional steps such as receiving code, intercepting calls, recording identifiers and modifying execution, these steps are described abstractly without technical implementation details. Combining abstract ideas or generic functions does not automatically render them patent eligible.
Argument 2- The claims recite concrete steps.
Response: the applicant contends the claims recite concrete technical steps that cannot be performed mentally. However, patent eligibility requires more than merely being implemented on a computer or being too complex for mental performance. The court held that implementation ab abstract idea using generic computer components does not satisfy 101 requirements. The operations recited such as intercepting function calls, recording identifiers, retrieving them later and conditionally executing code are conventional programming techniques. The claims lack specificity how the “virtual barrier” operates, how the wrapping mechanism differs from standard function wrappers, or what technical innovation makes this approach non-conventional. Being rooted in technology because it involves code execution is insufficient. The question is whether there is a technical improvement.
Argument 3- Integration into Practical Application (Step 2A, Prong 2).
Response: The applicant cited Ancora Technologies. The clams in Ancora are different, the claims in Ancors improved computer boot security through BIOS-based mechanism that verified program code before execution, which was found to be a concrete technological solution. Whereas, the current claims broadly describe tracking API sources and influencing execution without specifying how the security improvement is technically achieved beyond generic interception and conditional execution.
Regarding Finjan, it involved claims directed to a specific behavioral based virus scanning method that identifies suspicious code behaviors before execution, representing an improvement in the computer security technology itself. The court emphasized the claims focus on how the computer tool accomplished its task, not only what happened. IN contrast, the current claims do not improve how computers function. They describe using conventional computer operations (intercepting calls, storing data, conditional execution) to implement a security monitoring concept. There is no improvement to computer operation, network security architecture, or code execution methodology. The claims only apply known techniques to track API invocations.
Argument 4- Claims amount to significantly more (Step2B)
Response: The claims lack an inventive concept beyond the abstract idea itself. The individual elements such as intercepting API call, wrapping functions, storing association in maps, triggering on events, are conditionally executing code, are well understood, routine and conventional in programming. The applicant has not identified what makes these elements, individually or in combination, inventive. The claims read on standard JavaScript interception patterns, event handlers, and callback management that have been used for a long time. Even if considered together, arranging conventional elements in a conventional way to implement an abstract idea does not constitute an inventive concept. The rejection under U.S.C. 101 is maintained.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARGON N NANO whose telephone number is (571)272-4007. The examiner can normally be reached 7:30 AM-3:30 PM. M.S.T..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached at 571 272 3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SARGON N NANO/Primary Examiner, Art Unit 2443