DETAILED ACTION
This Office Action is in response to the application 18/789,231 filed on July 30th, 2024.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-20 are pending and herein considered.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 07/30/2024, is in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-7, 9-11, 13-15 and 17-20 are rejected under 35 U.S.C 103 as being unpatentable over Esperer et al. (Esperer), U.S. Pub. Number 2019/0180035, in view of Zhu, U.S. Patent Number 9,852,294.
Regarding claim 1; Esperer discloses a method comprising:
analyzing execution of an application loaded into a runtime engine at runtime (par. 0050; the VM scan environment is a virtual machine designed to facilitate code analysis.), wherein analyzing execution of the application comprises, detecting a first event during execution of the application (par. 0050; the rule engine implemented by the ruleset code intercepts API calls of the source code to be analyzed.), wherein the first event corresponds to invocation (par. 0051; intercepting API calls.) of a first function of an application programming interface (API) of the runtime engine (par. 0050; allows the VM scan environment to identify security and compliance vulnerabilities.);
based on determining that the first event triggers execution of the first code unit, performing a first action based on execution of the first code unit (par. 0051; intercepting API calls, the ruleset identifies security and compliance vulnerabilities, and reports findings; the findings can be transformed into human-readable representations, and into machine-readable exchange formats.); and
detecting a first vulnerability of the application based on results of analyzing execution of the application (pars. 0047 & 0064; a software vulnerability is detected when the actual execution context disagrees with the admissible execution context; facilitate the detection of vulnerabilities.), wherein the results of analyzing execution of the application comprise a result of performing the first action (par. 0064; the tracking of execution context during dynamic analysis and limit the execution time to ensure a scan always finishes in finite time.).
Esperer fails to explicitly disclose determining if the first event triggers execution of a first code unit based on at least one of a type of the first event and contextual information obtained for the first event .
However, in the same field of endeavor, Zhu discloses systems and methods for detecting suspicious applications based on how entry-point functions are triggered comprising determining if the first event triggers execution of a first code unit based on at least one of a type of the first event and contextual information obtained for the first event (col. 12, lines 35-43; determine whether the application identified is suspicious based on how the entry-point function is triggered; for instance, suspicion-determining module 110 may determine whether application 216 is suspicious by determining whether entry-point function 402 and/or entry-point function 502 is a user-initiated function or an automatically initiated function.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Zhu into the method of Esperer comprising determining if the first event triggers execution of a first code unit based on at least one of a type of the first event and contextual information obtained for the first event to detect suspicious applications (Zhu: col. 1, line 34).
Regarding claim 2; Esperer and Zhu disclose the method of claim 1, Esperer further discloses comprising loading an agent into the runtime engine based on loading of the application into the runtime engine, wherein detecting the first event, determining if the first event triggers execution of the first code unit, performing the first action, and detecting the first vulnerability are performed by the agent (Esperer: par. 0048; the VM scan environment executes the source code of the application in a dedicated virtual machine (VM) environment to detect security and compliance vulnerabilities which are referred to as findings.).
Regarding claim 3; Esperer and Zhu disclose the method of claim 1, Esperer further discloses comprising obtaining the contextual information of the first event based on detecting the first event, wherein the contextual information comprises at least one of data and metadata of the first event (Esperer: par. 0065; the VM Scan Environment is a virtual machine with its own instruction set; the instructions are referred to as virtual machine instructions; the compiler inserts VM instructions to keep track of the execution context, ang generates instrumentation instructions.).
Regarding claim 4; Esperer and Zhu disclose the method of claim 3, wherein Esperer further discloses the at least one of data and metadata of the first event comprise at least one of a parameter value passed into the first function of the API and a return value of the first function of the API (Esperer: par. 0095; the ruleset code can be programmed in such a way that it reads interactively input from the user, and it calls the real-world API.).
Regarding claim 5; Esperer and Zhu disclose the method of claim 3, wherein Esperer further discloses determining if the first event triggers execution of the first code unit comprises evaluating the at least one of data and metadata of the first event against a criterion for executing the first code unit, and wherein determining that the first event triggers execution of the first code unit comprises determining that the at least one of data and metadata of the first event satisfy the criterion (Esperer: par. 0085; the ruleset code can reason about the potential return values and return types of individual functions; for instance, it can detect a function that returns strings in seven different cases but an integer in one eight case; ruleset code can issue a finding informing about potential unreliable behavior of such function; since the types cannot be inferred reliably at compile time in a dynamically typed language, static type checking cannot detect such errors.).
Regarding claim 6; Esperer and Zhu disclose the method of claim 1, wherein Esperer further discloses determining if the first event triggers execution of a first code unit comprises determining if the type of the first event corresponds to one of a plurality of event types indicated as triggering execution of the first code unit (Esperer: par. 0086; concrete execution mode is used both to run the compiled ruleset code and the compiled source code to be analyzed; compiled ruleset code is run in a strict flavor of the concrete execution mode; if bugs in the compiled ruleset code exist, the VM Scan Environment raises an exception and terminates execution if the exception is not caught; data flow and call graph information are not generated for ruleset code.).
Regarding claim 7; Esperer and Zhu disclose the method of claim 1, wherein Esperer further discloses the first code unit implements a first aspect for aspect-oriented programming, and wherein performing the first action comprises performing an action corresponding to the first aspect (Esperer: par. 0064; facilitate the detection of vulnerabilities; the tracking of execution context during dynamic analysis; and limit the execution time to ensure a scan always finishes in finite time.).
Regarding claim 9; Esperer and Zhu disclose the method of claim 1, wherein Esperer further discloses the application is a JavaScript application, and wherein the runtime engine is a JavaScript runtime engine (Esperer: par. 0025; the source code is any collection of computer instructions, possibly with comments, written using a human-readable programming language, usually as plain text, e.g., Java or JavaScript.).
Regarding claim 10; Claim 10 is directed to one or more non-transitory machine-readable media which has similar scope as claim 1. Therefore, claim 10 remains un-patentable for the same reasons.
Regarding claims 11 & 13-14; Claims 11 & 13-14 are directed to the non-transitory machine-readable media of claim 10 which have similar scope as claims 2, 7 & 9. Therefore, claims 11 & 13-14 remain un-patentable for the same reasons.
Regarding claims 17-20; Claims 17-20 are directed to the apparatus of claim 15 which have similar scope as claims 3, 5-7. Therefore, claims 17-20 remain un-patentable for the same reasons.
Claims 8, 12 and 16 are rejected under 35 U.S.C 103 as being unpatentable over Esperer et al. (Esperer), U.S. Pub. Number 2019/0180035, in view of Zhu, U.S. Patent Number 9,852,294, and further in view of Bailey et al. (Bailey), U.S. Pub. Number 2019/0354414.
Regarding claim 8; Esperer and Zhu disclose the method of claim 1.
Esperer and Zhu fail to explicitly disclose registering a first callback function for the first function of the API, and wherein detecting the first event is based on invocation of the first callback function.
However, in the same field of endeavor, Bailey discloses automatically building a web API definition from a microservice or web application comprising registering a first callback function for the first function of the API, and wherein detecting the first event is based on invocation of the first callback function (Bailey: par. 0034; registering an API call on “/users” that expects to receive a “User” type and returns a “User” type.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bailey into the method of Esperer and the systems and methods of Zhu comprising registering a first callback function for the first function of the API, and wherein detecting the first event is based on invocation of the first callback function to build web API definitions from microservices or web application (Bailey: par. 0001).
Regarding claim 12; Claim 12 is directed to the non-transitory machine-readable media of claim 10 which has similar scope as claim 8. Therefore, claim 12 remains un-patentable for the same reasons.
Regarding claim 16; Claim 16 is directed to the apparatus of claim 15 which has similar scope as claim 8. Therefore, claim 16 remains un-patentable for the same reasons.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087. The examiner can normally be reached 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KHOI V LE/
Primary Examiner, Art Unit 2436