SYSTEMS AND METHODS FOR CONSOLIDATING APPLICATIONS USED IN AN ORGANIZATION

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This communication is responsive to Amendment, filed 11/04/2025. Claims 1, 3-11, 13-20 are pending in this application. In the Amendment, claims 2, 12 were cancelled. This action is made Final. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claims 1, 3-11, 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Herzog et al. (US Pat No. 12,309,235), in view of Kirti et al. (US Pub No. 20200153855). As to claims 1, 11 Herzog teaches a computing system for consolidation software services, the system comprises a memory and a processor configure to: collecting data records from computer applications, wherein each record of the data includes a name of a software service (i.e. to reconcile the discrepancy between the reference set of software applications and the set of software applications actually installed on the computing device, a discovery process may be executed to collect information about the software applications installed on each computing device…., the collected information may include various attributes associated with software processes corresponding to a given software application. The collected information may be processed to generate, for each respective software application, a corresponding representation thereof, which may be referred to as an application fingerprint, col. 1, lines 50-61; The persistent storage may represent, for example, CMDB 500 or some other database in which mapping application 600 may be configured to store information collected and/or generated as part of the discovery and/or mapping operations, col. 20, lines 5-16 The persistent storage may represent, for example, CMDB 500 or some other database in which mapping application 600 may be configured to store information collected and/or generated as part of the discovery and/or mapping operations, col. 20, lines 5-16; The process name may be a name associated with the corresponding software process, col. 21, lines 13-32); for each of the data records (i.e. Software application 610 may be associated with application fingerprint 612 and process attributes 614, while software application 620 may be associated with application fingerprint 622 and process attributes 624. Thus, software applications 610-620 may be associated with application fingerprints 612-622, respectively, and process attributes 614-624, respectively, col. 20, lines 17-30; Based on and/or in response to reception of the representations at arrow 808, mapping application 600 may be configured to generate (e.g., using application importance model 630 and/or device fingerprint model 634), for each respective computing device, a corresponding device fingerprint, as indicated by block 810. Based on and/or in response to generating a corresponding device fingerprint for each respective computing device at block 810, mapping application 600 may be configured to generate (e.g., using device fingerprint comparator 638 and/or trained clustering model 714) a plurality of clusters of the computing devices based on the device fingerprints, as indicated by block 812, col. 31, lines 35-50), performing a search on a database using a search query that includes a respective name of the software service (i.e. Based on and/or in response to reception of the request at arrow 804, mapping application 600 may be configured to transmit, to persistent storage 802, a request for representations of software applications installed on the computing devices, as indicated by arrow 806. Alternatively, in some implementations ... Based on and/or in response to reception of the request at arrow 806, persistent storage 802 may be configured to transmit, to mapping application 600, the representations, as indicated by arrow 808. The transmission at arrow 808 may include, for each computing device identified at arrow 806, a representation similar to representation 602 shown in FIG. 6, col. 31, lines 20-34), ii. converting text from results of the search into a numeric vector (i.e. A fingerprint vector may include, be based on, and/or be represented using one or more word vectors associated with one or more character strings (which may be considered to form words) contained in the process attributes on which the fingerprint is based. A word vector may be determined for each word present in a corpus of textual records such that words having similar meanings (or semantic content) are associated with word vectors that are near each other within a semantically encoded vector space. Such vectors may have dozens, hundreds, or more elements and thus may be an n-space where n is a number of dimensions. These word vectors allow the underlying meaning of words to be compared or otherwise operated on by a computing device (e.g., by determining a distance, a cosine similarity, or some other measure of similarity between the word vectors). Since the corpus of textual records may be based on process attributes of software applications and/or other computer-generated character strings, some of the words may be non-dictionary words that have semantic meaning in the context of one or more computing devices and/or systems, but that might not be meaningful outside of this context, col. 26, line 65 to col. 27, line 18; In some implementations, a given application fingerprint may be represented as a vector that includes a plurality of values that represent the corresponding process attributes. Thus, the vector may be viewed as an embedding of the corresponding process attributes in a multi-dimensional vector space. In other implementations, the given application fingerprint may be represented as a character string that represents the corresponding process attributes. For example, the character string may be a combination of a predetermined number of terms that distinguish the corresponding software application from other software applications. In some cases, the process attributes may be processed by one or more machine learning models (e.g., an artificial neural network, a clustering algorithm, etc.) to generate at least part of the corresponding application fingerprint, col. 21, lines 33-47), iii. performing a similarity comparison between the numeric vector and a plurality of vectors stored in a service database, the plurality of vectors represent description of known software services, the similarity comparison outputs a plurality of similarity scores, each similarity score of the plurality of similarity scores is related to a software service of the known software services (i.e. The reference computing device may be selected to be used as a reference based on, for example, the reference computing device including a reference set of software applications that is considered secure, compliant, correct, and/or otherwise desirable, col. 23, line 52 to col. 24, line 3; The machine learning model ... may be trained to generate device fingerprint 636 using a data set that includes a plurality of pairs of (i) application fingerprints and corresponding importance values associated with a given computing device and (ii) a ground-truth metric indicating, for example, a similarity between the given computing device and at least one other computing device, which is also associated with corresponding application fingerprints and importance values, col. 23, lines 20-37; the reference set of software application ... may be automatically selected as the reference computing device, col. 23, line 52 to col. 24, line 3; Thus, the similar fingerprints produced by similarity model 712 may be those with vector representations for which the respective cosine similarities with the input vector representation of the fingerprint are above a threshold value. Alternatively, the output of similar records may be a certain (e.g., predetermined) number of fingerprints (or identifiers thereof) for which the respective cosine similarities with the input vector representation of the fingerprint are the most similar, col. 28, lines 41-49), iv. creating a candidate software services list including candidate software services having a similarity score higher than threshold (i.e. The cluster or clusters may be determined based on similarity calculations (e.g., cosine similarities) between the input vector representation of the fingerprint and other fingerprints in the cluster of a centroid of the cluster, for example, col. 29, lines 42-51; VI. Example Similarity and Clustering Models Application importance model 630, device fingerprint model 634, and/or device fingerprint comparator 638 may be based on and/or include one or more machine learning (ML) models, col. 26, lines 40-55), v. inputting information on the candidate software services of the candidate software services list into a model that determines whether one of the candidate software services matches the software service of the data record (i.e. Turning to FIG. 8B, based on and/or in response to reception of the transmission at arrow 820, mapping application 600 may be configured to compare (e.g., using application fingerprint comparator 642) reference software applications of the reference computing device to software applications of each computing device within the particular cluster, as indicated by block 822. Based on and/or in response to the application-level comparison at block 822, mapping application 600 may be configured to determine (e.g., using application fingerprint comparator 642) disparities between the reference software applications and the software applications of each computing device within the particular cluster, as indicated by block 824, col. 32, lines 45-62; In some implementations, application fingerprint comparator 642 may additionally or alternatively be configured to determine application disparity 644 between software applications 610-620 and the reference set of software applications installed on the reference computing device based on the process attributes of these software applications. For example, the application fingerprint of a given reference software application may be compared to application fingerprints 612-622 to identify candidate matches for the given reference software application. The process attributes of the given reference software application may then be compared to the corresponding process attributes of each of the candidate software applications. Accordingly, two representations of two software applications may be considered to match when (i) the corresponding fingerprints of the two software applications match and (ii) when the corresponding process attributes of the two software applications match (e.g., are identical and/or similar). Thus, process attributes 614-624 may provide an additional and/or more detailed basis for comparison of software applications 610-620 to the reference set of software applications of reference computing device representation 604, col. 25, line 48 to col. 26, line 2), and vi. applying policies of the software service of the data record to each of the one or more candidate software services that matches the software service of the data record, wherein the results of the search include a domain name and text summarizing content in a Uniform Resource Locator (URL) of the result (i.e. In some implementations, application disparity 644 may include suggested modifications to software applications 610-620, including suggested deletions of the one or more unauthorized software applications and/or suggested installations of the one or more missing software applications, col. 26, lines 19-36; The presence of such open ports at an IP address may indicate that a particular application is operating on the device that is assigned the IP address, which in turn may identify the operating system used by the device, col. 16, lines 45-62; domain name system (DNS) servers that associate a domain name of computational instance 322 with one or more Internet Protocol (IP) addresses of data center 400A may re-associate the domain name with one or more IP addresses of data center 400B. After this re-association completes (which may take less than one second or several seconds), users may access computational instance 322 by way of data center 400B, col. 14, lines 58-67; the textual representation of an application fingerprint may be the character string(s) that represent corresponding process attributes (e.g., process attributes 614 or a subset thereof), and the vector representation may be the application's fingerprint itself (e.g., application fingerprint 612), col. 28, lines 5-18; Based on and/or in response to reception of the request at arrow 836, mapping application 600 may be configured to generate instructions to execute the one or more modifications, as indicated by block 838. In one example, the instructions may include written instructions addressed to one or more programmers, administrators, and/or other users within managed network 300 requesting manual execution of the one or more modifications. In another example, the instructions may include software instructions configured to cause automated execution of the one or more modifications by the corresponding computing devices. For example, the instructions may include scripts configured to install and/or uninstall relevant software applications from the corresponding computing devices. Thus, execution of the modifications, as indicated by block 838, may operate to reduce the disparities determined at block 834, thereby bringing computing devices within managed network 300 closer to a desired/target state and/or configuration, col. 33, lines 48-65). Although Herzog teaches "Internet Protocol (IP) address" (i.e. domain name system (DNS) servers that associate a domain name of computational instance 322 with one or more Internet Protocol (IP) addresses of data center 400A may re-associate the domain name with one or more IP addresses of data center 400B. After this re-association completes (which may take less than one second or several seconds), users may access computational instance 322 by way of data center 400B, col. 14, lines 58-67). Herzog does not seem to specifically disclose "a Uniform Resource Locator (URL)". Kirti teaches this limitation (i.e. Security monitoring and control system 102 may perform processing to discover application usage and a measure of security for applications and users of those application ... events about third-party apps may be stored in a repository. Event information may include a time stamp about the event, user information (e.g., a username or email ID), a third-party appname (link->app details), sanctioned appinstance name, IP address, and geolocation information, [0126]; an application may request access to a web page from a resource server based on a URL identifying a requested resource, [0061]; other cloud applications such as Office 365, GitHub, Workday, and various Google apps may be supported using retrieval mechanisms specific to the application. Furthermore, processes for retrieving software defined security configuration data can be automated or manual based on target cloud provider support, [0094]; supplemental information can be generated using techniques disclosed herein, such as reverse lookup of the URL or IP address, [0157]; The security monitoring and control system can perform analysis and correlation, including use of one or more data sources, to determine information about an application, [0009]; Security monitoring and control system may use one or more policies (e.g., security policies) to control access permitted to applications by a device with respect to a computing environment of an organization, [0077]). It would have been obvious to one of ordinary skill of the art having the teaching of Herzog, Kirti before the effective filing date of the claimed invention to modify the system of Herzog to include the limitations as taught by Kirti. One of ordinary skill in the art would be motivated to make this combination in order to provide, by an identity management module, identify services, such as access management and authorization services in cloud infrastructure system in view of Kirti ([0283]), as doing so would give the added benefit of providing the identity management module which may control information about customers who wish to utilize the services provided by the cloud infrastructure system. Such information can include information that authenticates the identities of such customers and information that describes which actions those customers are authorized to perform relative to various system resources, as taught by Kirti ([0283]). As to claims 3, 13, Herzog teaches the service database stores identifier for each of the known software services, a vector representing each of the known software services and domain name of each of the known software services (i.e. the reference set of software application ... may be automatically selected as the reference computing device, col. 23, line 52 to col. 24, line 3; fingerprint vector database 724 may be produced by providing fingerprints in the corpus to trained fingerprint vector model 722 and storing their respective vector representations as fingerprint vector database 724, col. 30, lines 22-36); domain name system (DNS) servers that associate a domain name of computational instance 322 with one or more Internet Protocol (IP) addresses of data center 400A may re-associate the domain name with one or more IP addresses of data center 400B, col. 14, lines 58-67). As to claims 4, 14, Herzog teaches the processor further computers similarity score of results of the search as a function of outputs of the similarity comparison and a rank of the results in the search (i.e. Determining the ranking of the computing devices may involve, for example, ranking the computing devices from most similar to least similar. Additionally or alternatively, determining the ranking of the computing device may involve including in the ranked list computing devices associated with corresponding similarity values that exceed a threshold similarity value, and excluding from the ranked list computing devices associated with corresponding similarity values that are equal to or below the threshold similarity value, col. 34, lines 46-55). As to claims 5, 15, Herzog teaches the processor is configured to perform an audit of software services in an organization, wherein the audit begins by collecting the data records and outputting approval of disapproval for using a specific software service of the software services in the organization (i.e. the instructions may include scripts configured to install and/or uninstall relevant software applications from the corresponding computing devices, col. 33, lines 48-65; to instruct deletion of one or more unauthorized software applications, col. 26, lines 3-18; For example, compliant software applications may be indicated using a first color (and/or shown in a first table), missing software applications may be indicated using a second color (and/or shown in a second table), and/or unauthorized software applications, col. 33, lines 19-29). As to claims 6, 16, Herzog teaches in case the domain name of the software service does not appear in the service database as related to the known software service, the processor is configured add a new software service record to the service database, the new software service record comprising the domain name, description of the software service extracted from the search results and a vector representing the description (i.e. The corresponding set of software applications may change as new software applications are installed, and/or existing software applications are deleted and/or updated, col. 1, lines 34-49; A variety of methods and/or ML algorithms could be applied to identify clusters within a set of fingerprints and/or to assign fingerprints (e.g., fingerprints of newly-discovered applications and/or devices) to already-identified clusters, col. 28, line 65 to col. 29, line 12). As to claims 7, 17, Herzog teaches the database is an internet search engine (i.e. The aPaaS system may also support a rich set of pre-defined functionality that can be added to applications. These features include support for searching, email, templating, workflow design, reporting, analytics, social media, scripting, mobile-friendly output, and customized GUIs, col. 7, lines 17-21; The request may be based on, for example, a user selection of one or more software applications to be deleted and/or one or more software applications to be installed on corresponding computing devices, col. 33, lines 40-47; Based on and/or in response to reception of the request at arrow 804, mapping application 600 may be configured to transmit, to persistent storage 802, a request for representations of software applications installed on the computing devices, col. 31, lines 20-34). As to claims 8, 18, Kirti teaches the database stored content copied from internet web pages (i.e. A resource may be requested and accessed using an application. For example, an application may request access to a web page from a resource server based on a URL identifying a requested resource. Resources may be provided by one or more computing systems, e.g., a resource server that provides access to one or more resources, [0061]). As to claims 9, 19, Herzog teaches the information on software services of the candidate software services list includes a name, a domain and description (i.e. Event information may include a time stamp about the event, user information (e.g., a username or email ID), a third-party appname (link->app details), sanctioned appinstance name, IP address, and geolocation information, [0126]; other cloud applications such as Office 365, GitHub, Workday, and various Google apps may be supported using retrieval mechanisms specific to the application, [0094]; supplemental information can be generated using techniques disclosed herein, such as reverse lookup of the URL or IP address, [0157]; The security monitoring and control system can perform analysis and correlation, including use of one or more data sources, to determine information about an application, [0009]; Security monitoring and control system may use one or more policies (e.g., security policies) to control access permitted to applications by a device with respect to a computing environment of an organization, [0077]). As to claims 10, 20, Herzog teaches the numeric vector comprises a predefined number of characters from a predefined number of search results (i.e. A fingerprint vector may include, be based on, and/or be represented using one or more word vectors associated with one or more character strings ... Since the corpus of textual records may be based on process attributes of software applications and/or other computer-generated character strings, some of the words may be non-dictionary words that have semantic meaning in the context of one or more computing devices and/or systems, but that might not be meaningful outside of this context, col. 26, line 65 to col. 27, line 18). Response to Arguments Applicant's arguments with respect to claims 1, 3-11, 13-20 have been considered but are moot in view of the new ground(s) of rejection. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MIRANDA LE whose telephone number is (571)272-4112. The examiner can normally be reached M-F 7AM-5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kavita Stanley can be reached on 571-272-8352. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MIRANDA LE/ Primary Examiner, Art Unit 2153