DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/19/2020 has been entered.
 
Response to Amendment
Claims 1, 8 and 15 have been amended. Claims 1-21 are currently pending.

Response to Arguments
Applicant’s arguments with respect to claim 1 have been considered but are moot in view of new grounds of rejections. Applicants remaining arguments are based on Applicant's arguments against claim 1, discussed above.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-5, 8-12 and 15-19 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kikuchi et al., US 20090193497-A1 (hereinafter “Kikuchi ‘497”).
Per claim 1 (independent):
Kikuchi ‘497 discloses: A computer-implemented method for managing network communication, comprising: responsive to receipt of traffic from a server to a client: parsing content of the traffic; and injecting additional content into original content of the server response to override an action of the original content (FIG. 1, [0052], “for instrumentation and enforcement mechanisms for web content … incoming HTML documents, such as document 112, possibly with JavaScript code embedded therein, are intercepted by the instrumentation proxy 114” [Emphasis added.];[0054], “the instrumentation proxy 114 receives policy input, in the form of rewriting rules 108” [Emphasis added.]; [0057], “security module 118 is incorporated into the Web contents being instrumented by instrumentation proxy 114 … the instrumented contents 120 are delivered to and rendered inside the client browser 122. In one embodiment, runtime checks can be invoked during the rendering at client browser 122 for security policy enforcement”; FIG. 4, [0066], “the flow of code execution for instrumented document 402 … redirector functions 454 of security module 404 may be called from the rewritten code 406. These functions dispatch the execution to appropriate transition functions 456 using runtime information”; [0072], “the rewriting process for an instrumentation proxy … the rewriters parser 140. Transformed ASTs are converted into HTML and JavaScript by the code generator 146 before being fed to a browser that originally requested the content” [Emphasis added.] where the incoming HTML documents 112 embedded with JavaScript code (original content) accessed by the browser 122 (client) is intercepted by the instrumentation proxy 114 in which transformed ASTs produced by the parser 140 depending on the original document 112 are converted into HTML and JavaScript by rewriting the original document (injecting additional content), depending on the rewriting rules 108, for outputting the instrumented contents 120 to the browser. Note that the instrumented contents 120 rendered at the browser 122 may redirect or stop (override) the actions against security policy.);
wherein the original content includes program code corresponding to a JavaScript programming language, and the action includes execution of a JavaScript evaluation function of the JavaScript programming language (Table 3, [0074], “The second column shows the corresponding syntactic forms of the code pieces to be rewritten. Here AM refers to monitored actions … The third column shows the target code pieces used to replace the original code pieces” [Emphasis added.]; [0075], “methods and properties added into incoming contents are put within a security module, which is named as _pm in the table … the monitored syntactic construct is replaced with a call to either a redirector function … or a transition function” [Emphasis added.]; [0081], “a special test _pm. isEval ( ) is used to identify calls to eval; upon eval, code is produced to evaluate the instrumented argument Einstr” [Emphasis added.] where a particular action in the original document 112 are monitored with a rewritten JavaScript/HTML function such as __pm.isEval() (See the third column in TABLE 3), which is to identify calls to eval in the JavaScripte code.);
such that when the client executes the content of the traffic, the client executes the additional content to communicate parameters associated with execution of the action to an inspection service to determine if the action is malicious (FIG. 1, [0057], “the instrumented contents 120 are delivered to during the rendering at client browser 122 for security policy enforcement” [Emphasis added.]; [0058], “the instrumentation framework … supports the instrumentation of runtime-generated contents (e.g., HTML documents and JavaScript code such as runtime-generated document 116) at runtime on demand” [Emphasis added.]; FIG. 4, [0066], “the flow of code execution for instrumented document 402 … redirector functions 454 of security module 404 may be called from the rewritten code 406. These functions dispatch the execution to appropriate transition functions 456 using runtime information”; FIG. 27, [0188], “Upon most policy violations, notification messages may overlay rendered web content.” [Emphasis added.] where the client browser 122 renders (executes) the instrumented contents 120 to send the runtime-generated document 116 (parameters) for the instrumentation proxy 114 (inspection service) to change a flow of code execution based on the rewriting rules 108. Note that a security warning message would be overlaid in web content (See FIG. 27) if there is a policy violation, i.e., the action is malicious.).

Per claim 2 (dependent on claim 1):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Kikuchi ‘497 discloses: The method of claim 1, wherein the inspection service executes locally on a security device that performs the steps of parsing content of the traffic and injecting additional content into original content of the server response (FIG. 1, [0052], “instrumentation proxy 114 is deployed either as a proxy server in between browsers and web content, or as part of browsers themselves”).

Per claim 3 (dependent on claim 1):

Kikuchi ‘497 discloses: The method of claim 1, wherein the inspection service executes remotely from a security device that performs the steps of parsing content of the traffic and injecting additional content into original content of the server response (FIG. 1, [0052], “instrumentation proxy 114 is deployed either as a proxy server in between browsers and web content, or as part of browsers themselves”).

Per claim 4 (dependent on claim 1):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Kikuchi ‘497 discloses: The method of claim 1, such that the client further, in response to determining that the content includes additional content that overrides the action of the original content, executes the action during inspection of the action by the inspection service (TABLE 3, FIG. 1, [0057], “the instrumented contents 120 are delivered to and rendered inside the client browser 122. In one embodiment, runtime checks can be invoked during the rendering at client browser 122 for security policy enforcement” [Emphasis added.]; [0058], “the instrumentation framework … supports the instrumentation of runtime-generated contents (e.g., HTML documents and JavaScript code such as runtime-generated document 116) at runtime on demand” [Emphasis added.] where the instrumented contents 120 rewritten with the rewriting rules 108 (additional content) is rendered at the client browser 122 that may execute monitored actions associated with the rewriting templates 110 (See TABLE 3) in order to provide the instrumentation proxy 114 (inspection service) with runtime-generated contents.).

Per claim 5 (dependent on claim 4):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 4 above, incorporated herein by reference.
Kikuchi ‘497 discloses: The method of claim 4, such that the client further: receives an indication from the inspection service regarding whether the action is malicious; and if the indication from the inspection service indicates the action is malicious, communicates a warning to the user indicating that the action is malicious (FIG. 27, [0188], “Upon most policy violations, notification messages may overlay rendered web content. FIG. 27 illustrates one embodiment of a user alert overlaying web content in a user interface” [Emphasis added.]).

Per claim 8 (independent):
The limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Per claim 9 (dependent on claim 8):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 8 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 2 and the claim(s) is/are rejected for the reasons detailed with respect to claim 2.

Per claim 10 (dependent on claim 8):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 8 above, incorporated herein by reference.


Per claim 11 (dependent on claim 8):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 8 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 4 and the claim(s) is/are rejected for the reasons detailed with respect to claim 4.

Per claim 12 (dependent on claim 11):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 11 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 5 and the claim(s) is/are rejected for the reasons detailed with respect to claim 5.

Per claim 15 (independent):
The limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Per claim 16 (dependent on claim 15):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 15 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 2 and the claim(s) is/are rejected for the reasons detailed with respect to claim 2.

Per claim 17 (dependent on claim 15):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 15 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 3 and the claim(s) is/are rejected for the reasons detailed with respect to claim 3.

Per claim 18 (dependent on claim 15):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 15 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 4 and the claim(s) is/are rejected for the reasons detailed with respect to claim 4.

Per claim 19 (dependent on claim 18):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 18 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 5 and the claim(s) is/are rejected for the reasons detailed with respect to claim 5.

Claim(s) 6-7, 13-14 and 20-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kikuchi ‘497 and McDougal et al., US-20120266245-A1 (hereinafter “McDougal ‘245”).
Per claim 6 (dependent on claim 1):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
The method of claim 1, such that the client further, in response to determining that the content includes additional content that overrides the action of the original content, (TABLE 3, FIG. 1, [0057], “the instrumented contents 120 are delivered to and rendered inside the client browser 122. In one embodiment, runtime checks can be invoked during the rendering at client browser 122 for security policy enforcement” [Emphasis added.]; [0058], “the instrumentation framework … supports the instrumentation of runtime-generated contents (e.g., HTML documents and JavaScript code such as runtime-generated document 116) at runtime on demand” [Emphasis added.] where the instrumented contents 120 rewritten with the rewriting rules 108 (additional content) is rendered at the client browser 122 that may execute monitored actions associated with the rewriting templates 110 (See TABLE 3) in order to provide the instrumentation proxy 114 (inspection service) with runtime-generated contents.).
Kikuchi ‘497 does not disclose but McDougal ‘245 discloses: delays the action ([0026], ll. 1-3, 7-11, “When operating in an active mode, system 100 may delay one or more operations while the malware process is proceeding, depending on the context in which system 100 is operating … when system 100 is operating in an active mode in a context where files are being uploaded, system 100 may stop a file from being uploaded until the malware detection process applied to the file has been completed” [Emphasis added.]).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Kikuchi ‘497 with the delay of the action as taught by McDougal ‘245 because a determination that the file is suspected malware may invoke an advanced malware analysis workflow to be followed by more suitable workflows such as notifying a user or an administrator by postponing executing the action [0044].

Per claim 7 (dependent on claim 6):
Kikuchi ‘497 and McDougal ‘245 discloses the elements detailed in the rejection of claim 6 above, incorporated herein by reference.
Kikuchi ‘497 discloses: The method of claim 6, such that the client further: receives an indication from the inspection service regarding whether the action is malicious; and if the indication from the inspection service indicates the action is malicious, blocks execution of the action (FIG. 27, [0188], “Upon most policy violations, notification messages may overlay rendered web content. FIG. 27 illustrates one embodiment of a user alert overlaying web content in a user interface” [Emphasis added.]; [0191], “the blocking nature of the dialogue box … A user could choose either to allow the action, to suppress the action and continue with the remainder content, or to stop rendering altogether”).

Per claim 13 (dependent on claim 8):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 8 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 6 and the claim(s) is/are rejected for the reasons detailed with respect to claim 6.

Per claim 14 (dependent on claim 13):
Kikuchi ‘497 and McDougal ‘245 discloses the elements detailed in the rejection of claim 13 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 7 and the claim(s) is/are rejected for the reasons detailed with respect to claim 7.

Per claim 20 (dependent on claim 15):
Kikuchi ‘497 discloses the elements detailed in the rejection of claim 15 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 6 and the claim(s) is/are rejected for the reasons detailed with respect to claim 6.

Per claim 21 (dependent on claim 20):
Kikuchi ‘497 and McDougal ‘245 discloses the elements detailed in the rejection of claim 20 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 7 and the claim(s) is/are rejected for the reasons detailed with respect to claim 7.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANGSEOK PARK whose telephone number is (571)272-4332.  The examiner can normally be reached on Monday-Thursday 7:30-5:30 and Alternate Fridays 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on (571) 272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained 




/SANGSEOK PARK/Examiner, Art Unit 2494                                                                                                                                                                                         
/Kevin Bechtel/Primary Examiner, Art Unit 2491