DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is the responsive to the communication filed on 02/19/2020.




Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 22-24,30-32,34-35,39 and 40-41 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-3, and 4-5 and 8 -9,11-14 and of U.S. Patent  in view of Nachenberg US 8,019,689 . Although the claims at issue are not identical, they are not patentably distinct from each other because
As per claim 34, the patent claim 1  does not disclose provide a notification to a user that the requesting site is either safe or unsafe based on the comparison of the trusted site identifiers with the requesting site identifiers; and permit the user to submit sensitive information if the requesting site is determined to be safe.
 	However, Nachenberg discloses provide a notification to a user that the requesting site is either safe or unsafe based on the comparison of the trusted site identifiers with the requesting site identifiers ( col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe and col 5, lines, 60-65, displaying a message warning the user of the site’s URL has a poor reputation); and 
 	permit the user to submit sensitive information if the requesting site is determined to be safe (col 9, lines 32-38 If 624 the web site 118 has a good reputation, an embodiment of the security module 116 allows, i.e. permit, any submissions and/or other transactions to proceed without generating an alert. If 624, on the other hand, the site 118 has a bad reputation, an embodiment of the security module 116 generates 626 an alert and optionally blocks, i.e. prevent, the submission of PII to the site. ) or prevent the user from submitting sensitive information if the requesting site is determined to be unsafe ( col 6, lines 5-10, the alert generation module 314 displays an alert warning the user that it is inadvisable to enter PII and offers to block , i.e. prevent, transmission of the PII).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of permitting user for accessing the website of patent, based on the teaching of determining the site is phishing bases on the score of trustworthy of Nachenberg, because doing so would prevent to get into the spoof sites, thus to provide legitimate web site to secure content.
 	As per claims 35, 39, 40-41, those claims rejected in view of patent claims 2-5.

As per claim 22, the patent claim 8  does not disclose provide a notification to a user that the requesting site is either safe or unsafe based on the comparison of the trusted site identifiers with the requesting site identifiers; and permit the user to submit sensitive information if the requesting site is determined to be safe.
 	However, Nachenberg discloses provide a notification to a user that the requesting site is either safe or unsafe based on the comparison of the trusted site identifiers with the requesting site identifiers ( col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe and col 5, lines, 60-65, displaying a message warning the user of the site’s URL has a poor reputation); and 
 	permit the user to submit sensitive information if the requesting site is determined to be safe (col 9, lines 32-38 If 624 the web site 118 has a good reputation, an embodiment of the security module 116 allows, i.e. permit, any submissions and/or other transactions to proceed without generating an alert. If 624, on the other hand, the site 118 has a bad reputation, an embodiment of the security module 116 generates 626 an alert and optionally blocks, i.e. prevent, the submission of PII to the site. ) or prevent the user from submitting sensitive information if the requesting site is determined to be unsafe ( col 6, lines 5-10, the alert generation module 314 displays an alert warning the user that it is inadvisable to enter PII and offers to block , i.e. prevent, transmission of the PII).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of permitting user for accessing the website of patent, based on the teaching of determining the site is phishing bases on the score of trustworthy of Nachenberg, because doing so would prevent to get into the spoof sites, thus to provide legitimate web site to secure content.

As per claims 23,24,30-32, those claims rejected in view of patent claims 9,11-14.

 Instant application # 16/732604
Patent# 10,536,449

34. A method for warning a user as to whether interaction with a site is safe or unsafe, the method comprising: 

providing a system comprising a processor coupled to a non-transitory memory containing instructions executable by the processor to cause the system to: 
query a data store to obtain one or more trusted site identifiers of a trusted site in response to a requesting site prompting a user for sensitive information; 





compare the trusted site identifiers with a corresponding number of identifiers of the requesting site; 

provide a notification to a user that the requesting site is either safe or unsafe based on the comparison of the trusted site identifiers with the requesting site identifiers; and 
permit the user to submit sensitive information if the requesting site is determined to be safe or 

prevent the user from submitting sensitive information if the requesting site is determined to be unsafe. 








35. The method of claim 34, wherein the sensitive information comprises user login credentials. 


39. The method of claim 38, wherein the identifying includes comparing the suspicion score to a threshold. 

40. The method of claim 38, wherein determining the suspicion score includes graphically comparing a screen image of the requesting site to a screen image of the trusted site, the suspicion score is determined, at least in part, based on the graphical comparison. 

41. The method of claim 38, wherein the suspicion score is a similarity metric determined based on a degree of similarity between a display representation of the requesting site identifier and a display representation of the trusted site identifier















22. A system for warning a user as to whether interaction with a site is safe or unsafe, the system comprising: a data store comprising trusted site identifiers of trusted sites; and a processor coupled to a non-transitory memory containing instructions executable by the processor to cause the system to: query a data store to obtain one or more trusted site identifiers of a trusted site in response to a requesting site prompting a user for sensitive information; compare the trusted site identifiers with a corresponding number of identifiers of the requesting site; provide a notification to a user that the requesting site is either safe or unsafe based on the comparison of the trusted site identifiers with the requesting site identifiers; and permit the user to submit sensitive information if the requesting site is determined to be safe or prevent the user from submitting sensitive information if the requesting site is determined to be unsafe. 













23. The system of claim 22, wherein the sensitive information comprises user login credentials. 






. 
29. The system of claim 26, wherein determining the suspicion score includes graphically comparing a screen image of the requesting site to a screen image of the trusted site, the suspicion score is determined, at least in part, based on the graphical comparison. 
30. The system of claim 26, wherein the suspicion score is a similarity metric determined based on a degree of similarity between a display representation of the requesting site identifier and a display representation of the trusted site identifier. 
31. The system of claim 22, wherein the preventing of the user from submitting sensitive information comprises blocking the user from entering the sensitive information into an associated field provided by the requesting site when the requesting site identifiers do not match the trusted site identifiers. 
32. The system of claim 22, wherein the requesting site identifiers and trusted site identifiers comprise any one of Uniform Resource Locators, Uniform Resource Identifiers, Internet Protocol addresses, domain names, and a combination thereof. 






1. A method for warning a user that login credentials they entered for a site is restricted to another, sensitive site, the method comprising: 
providing a system comprising a browser plugin and a processor coupled to a non-transitory memory containing instructions executable by the processor to cause the browser plugin to: 
query, via the browser plugin, a data store with a user's login credentials to obtain one or more trusted site identifiers of a trusted site associated with the login credentials, the querying being in response to the user entering the login credentials at a requesting site, which prompted the user for their login credentials; 
compare, via the browser plugin, the trusted site identifiers with a corresponding number of identifiers of the requesting site to identify whether the requesting site is an unsafe site, wherein the comparing comprises determining a suspicion score and identifying whether the requesting site is an unsafe site and is not safe for the user's login credentials based, at least in part, on a correlation of the suspicion score to a threshold; 

block, via the browser plugin, the user from submitting the entered login credentials to the requesting site, identified as being unsafe, based on the comparison of the trusted site identifiers with the requesting site identifiers; and warn, via the browser plugin, the user that the login credentials they entered are restricted to another, sensitive site based on the comparison of the requesting site identifiers and trusted site identifiers. 

    2. The method of claim 1, wherein the querying includes querying the data store as the user is entering in each character of their login credentials. 
    
3. The method of claim 1, wherein the requesting site is identified as the unsafe site when the suspicion score is in a specified range of values. 
    4. The method of claim 1, wherein determining the suspicion score includes graphically comparing a screen image of the requesting site to a screen image of the trusted site, the suspicion score is determined, at least in part, based on the graphical comparison. 

    5. The method of claim 1, wherein the suspicion score is a similarity metric determined based on a degree of similarity between a display representation of the requesting site identifier and a display representation of the trusted site identifier. 
    



   








 


8. A system for warning a user that login credentials they entered for a site is restricted to another, sensitive site, the system comprising: a data store storing a user's login credentials and trusted site identifiers of trusted sites associated with the login credentials; a browser plugin communicatively coupled to the data store; and a processor coupled to a non-transitory memory containing instructions executable by the processor to cause the browser plugin to: in response to the user entering login credentials at a requesting site, which prompted the user for their login credentials, query the data store with the user's login credentials to obtain one or more trusted site identifiers associated with the login credentials; compare the trusted site identifiers with a corresponding number of identifiers of the requesting site to identify whether the requesting site is an unsafe site, wherein the comparing comprises determining a suspicion score and identifying the requesting site is an unsafe site that is not safe for the user's login credentials based, at least in part, on a correlation of the suspicion score to a threshold; block the user from submitting the entered login credentials to the requesting site, identified as being unsafe, based on the comparison of the trusted site identifiers with the requesting site identifiers; and warn the user that the login credentials they entered are restricted to another, sensitive site based on the comparison of the requesting site identifiers and trusted site identifiers. 
    9. The system of claim 8, wherein the browser plugin queries the data store as the user is entering in each character of their login credentials. 
    



    11. The system of claim 8, wherein the browser plugin determines the suspicion score by graphically comparing a screen image of the requesting site to a screen image of the trusted site, the suspicion score is determined, at least in part, based on the graphical comparison. 

    12. The system of claim 8, wherein the suspicion score is a similarity metric determined based a degree of similarity between a display representation of the requesting site identifier and a display representation of the trusted site identifier. 
    13. The system of claim 8, wherein the browser plugin blocks the user from submitting the entered login credentials to the requesting site when the requesting site identifiers do not match the trusted site identifiers. 


    14. The system of claim 8, wherein the requesting site identifiers and trusted site identifiers are any one of Uniform Resource Locators, Uniform Resource Identifiers, Internet Protocol addresses, domain names, and a combination thereof. 





  	
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 22-28, and 30-39 are rejected under 35 U.S.C. 103 as being unpatentable over Nachenberg US 8,019,689 in view of Leahy et al US 2006/0021031.

 	As per claim 22, Nachenberg discloses a system for warning a user as to whether interaction with a site is safe or unsafe, the system comprising: 
 	a data store comprising trusted site identifiers of trusted sites (col 3, lines 1-5, stored on a web server ); and 
 	a processor  ( fig.2,  numeral 202 processor with the security module 116 ) coupled to a non-transitory memory containing instructions executable by the processor to cause the system to: 
 	query a data store to obtain one or more trusted site identifiers of a trusted site in response to a requesting site prompting a user for sensitive information ( col 3, lines, 1-5, download as obtaining a web page as a trusted site that allow a user of the client 112 to submit PII to the site 118 as the trusted site ); 
 	compare the trusted site identifiers with a corresponding number of identifiers of  the requesting site ( claim 13, compare the reputation score for the web site 118  to the reputation scores of other web sites to which the client has submitted the same PII to determine whether the web site is less trustworthy than the other web sites; and generate an alert at the client responsive to a determination that the web site is less trustworthy than the other web sites to which the client has submitted the same PII and col 4, lines 1-5,  web sites 118 to use whitelists, blacklists, and/or certain heuristics to track the trustworthiness of the sites).
 	provide a notification to a user that the requesting site is either safe or unsafe based on the comparison of the trusted site identifiers with the requesting site identifiers ( col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe and col 5, lines, 60-65, displaying a message warning the user of the site’s URL has a poor reputation); and 
 	permit the user to submit sensitive information if the requesting site is determined to be safe (col 9, lines 32-38 If 624 the web site 118 has a good reputation, an embodiment of the security module 116 allows, i.e. permit, any submissions and/or other transactions to proceed without generating an alert. If 624, on the other hand, the site 118 has a bad reputation, an embodiment of the security module 116 generates 626 an alert and optionally blocks, i.e. prevent, the submission of PII to the site. ) or prevent the user from submitting sensitive information if the requesting site is determined to be unsafe ( col 6, lines 5-10, the alert generation module 314 displays an alert warning the user that it is inadvisable to enter PII and offers to block , i.e. prevent, transmission of the PII).  
 	Nachenberg does not explicitly disclose a processor to compare the trusted site identifiers with a corresponding number of identifiers of the requesting site.

 	However, Leachy explicitly disclose a processor to compare the trusted site identifiers with a corresponding number of identifiers of the requesting site ( par 0022 a client toolbar application executes on a user's PC in conjunction with a web browser application. The client toolbar application includes a comparator module to compare the URL of a downloaded document with the URLs in a list of URLs associated with known trusted sites. If the comparator module determines that the URL of the downloaded document matches a URL in the list of trusted sites, a visual display indicator indicates to the user that the downloaded document is associated with a trusted site.).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of determining the site is phishing bases on the score of trustworthy of Nachenberg, based on the teaching of comparing the URL with the trusted sites by the comparator module of the web browser application of Leahy, because doing so would prevent to get into the spoof sites, thus to provide legitimate web site to secure content ( par 0005).

 	As per claim 23, Nachenberg in view of Leahy discloses the system of claim 22, wherein the sensitive information comprises user login credentials ( Nachenberg, col 3, lines, 1-5, download as obtaining a web page as a trusted site that allow a user of the client 112 to submit PII, credentials, to the site 118 as the trusted site).  
 	As per claim 24, Nachenberg in view of Leahy discloses the system of claim 23, wherein the trusted site is associated with the user login credentials ( Nachenberg, col 3, lines, 1-5, download as obtaining a web page as a trusted site that allow a user of the client 112 to submit PII, credentials, to the site 118 as the trusted site).  
 	As per claim 25, Nachenberg in view of Leahy discloses The system of claim 24, wherein the querying includes querying the data store as the user is entering in each character of user login credentials (Nachenberg, col 3, lines, 1-5, download as obtaining a web page as a trusted site that allow a user of the client 112 to submit PII, querying the site, credentials, to the site 118 as the trusted site).  
 	As per claim 26, Nachenberg in view of Leahy discloses the system of claim 22, wherein the comparing includes: determining a suspicions score  ( Nachenberg, abstract, The reputation server computes a reputation score, i.e. suspicions score, for the web site based on the number and type of PII submissions to it);  identifying the requesting site is an unsafe site that is not safe for the user's login credentials, based on the suspicion score ( Nachenberg, col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe and col 5, lines, 60-65, displaying a message warning the user of the site’s URL has a poor reputation); and wherein the blocking includes blocking the user from submitting their login credentials to the unsafe site ( Nachenberg, col 6, lines 5-10, the alert generation module 314 displays an alert warning the user that it is inadvisable to enter PII and offers to block , i.e. prevent, transmission of the PII).  

 	As per claim 27, Nachenberg in view of Leahy discloses the system of claim 26, wherein the identifying includes comparing the suspicion score to a threshold (Nachenberg,  col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the client’s 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe).  
 	As per claim 28, Nachenberg in view of Leahy discloses the system of claim 26, wherein the requesting site is identified as the unsafe site when the suspicion score is in a specified range of values ( Nachenberg, col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe and security module 116 receives information from the reputation server 110 describing reputation scores for web sites 118 visited by the client 112 and generates alerts if the user attempts to submit PII to a site having a low reputation score).  

 	As per claim 30, Nachenberg in view of Leahy discloses the system of claim 26, wherein the suspicion score is a similarity metric determined based on a degree of similarity between a display representation of the requesting site identifier and a display representation of the trusted site identifier (Nachenberg, col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe  ).  
 	As per claim 31, Nachenberg in view of Leahy discloses the system of claim 22, wherein the preventing of the user from submitting sensitive information comprises blocking the user from entering the sensitive information into an associated field provided by the requesting site when the requesting site identifiers do not match the trusted site identifiers (  Nachenberg,  col 6, lines 5-10, the alert generation module 314 displays an alert warning the user that it is inadvisable to enter PII and offers to block , i.e. prevent, transmission of the PII  in view of Leahy, par 0022 a client toolbar application executes on a user's PC in conjunction with a web browser application. The client toolbar application includes a comparator module to compare the URL of a downloaded document with the URLs in a list of URLs associated with known trusted sites. If the comparator module determines that the URL of the downloaded document matches a URL in the list of trusted sites, a visual display indicator indicates to the user that the downloaded document is associated with a trusted site  ).  
 	As per claim 32, Nachenberg in view of Leahy discloses the system of claim 22, wherein the requesting site identifiers and trusted site identifiers comprise any one of Uniform Resource Locators, Uniform Resource Identifiers, Internet Protocol addresses, domain names, and a combination thereof (Nachenberg, col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe and col 5, lines, 60-65, displaying a message warning the user of the site’s URL has a poor reputation ).  
 	As per claim 33, Nachenberg in view of Leahy discloses the system of claim 22, wherein the providing of the notification to a user that the requesting site is either safe or unsafe comprises warning the user that any sensitive information entered in a field provided by the requesting site is are restricted to another ( Nachenberg, col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe), sensitive site based on the comparison of the requesting site identifiers and trusted site identifiers ( Leahy, par 0022 a client toolbar application executes on a user's PC in conjunction with a web browser application. The client toolbar application includes a comparator module to compare the URL of a downloaded document with the URLs in a list of URLs associated with known trusted sites. If the comparator module determines that the URL of the downloaded document matches a URL in the list of trusted sites, a visual display indicator indicates to the user that the downloaded document is associated with a trusted site).  

 	As per claim 34, Nachenberg disclose a method for warning a user as to whether interaction with a site is safe or unsafe (col 6, lines 5-10, the alert generation module 314 displays an alert warning the user that it is inadvisable to enter PII and offers to block , i.e. prevent, transmission of the PII ), the method comprising: 
 	providing a system comprising a processor coupled to a non-transitory memory containing instructions executable by the processor (fig.2,  numeral 202 processor with the security module 116  ) to cause the system to: 
 	query a data store to obtain one or more trusted site identifiers of a trusted site in response to a requesting site prompting a user for sensitive information ( col 3, lines, 1-5, download as obtaining a web page as a trusted site that allow a user of the client 112 to submit PII to the site 118 as the trusted site ); 
 	compare the trusted site identifiers with a corresponding number of identifiers of  the requesting site ( claim 13, compare the reputation score for the web site 118  to the reputation scores of other web sites to which the client has submitted the same PII to determine whether the web site is less trustworthy than the other web sites; and generate an alert at the client responsive to a determination that the web site is less trustworthy than the other web sites to which the client has submitted the same PII and col 4, lines 1-5,  web sites 118 to use whitelists, blacklists, and/or certain heuristics to track the trustworthiness of the sites).
 	provide a notification to a user that the requesting site is either safe or unsafe based on the comparison of the trusted site identifiers with the requesting site identifiers ( col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe and col 5, lines, 60-65, displaying a message warning the user of the site’s URL has a poor reputation); and 
 	permit the user to submit sensitive information if the requesting site is determined to be safe (col 9, lines 32-38 If 624 the web site 118 has a good reputation, an embodiment of the security module 116 allows, i.e. permit, any submissions and/or other transactions to proceed without generating an alert. If 624, on the other hand, the site 118 has a bad reputation, an embodiment of the security module 116 generates 626 an alert and optionally blocks, i.e. prevent, the submission of PII to the site. ) or prevent the user from submitting sensitive information if the requesting site is determined to be unsafe ( col 6, lines 5-10, the alert generation module 314 displays an alert warning the user that it is inadvisable to enter PII and offers to block , i.e. prevent, transmission of the PII).  
 	Nachenberg does not explicitly disclose a processor to compare the trusted site identifiers with a corresponding number of identifiers of the requesting site.

 	However, Leachy explicitly disclose a processor to compare the trusted site identifiers with a corresponding number of identifiers of the requesting site ( par 0022 a client toolbar application executes on a user's PC in conjunction with a web browser application. The client toolbar application includes a comparator module to compare the URL of a downloaded document with the URLs in a list of URLs associated with known trusted sites. If the comparator module determines that the URL of the downloaded document matches a URL in the list of trusted sites, a visual display indicator indicates to the user that the downloaded document is associated with a trusted site.).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of determining the site is phishing bases on the score of trustworthy of Nachenberg, based on the teaching of comparing the URL with the trusted sites by the comparator module of the web browser application of Leahy, because doing so would prevent to get into the spoof sites, thus to provide legitimate web site to secure content (par 0005). 

 	As per claim 35, Nachenberg in view of Leahy discloses The method of claim 34, wherein the sensitive information comprises user login credentials( Nachenberg, col 3, lines, 1-5, download as obtaining a web page as a trusted site that allow a user of the client 112 to submit PII, credentials, to the site 118 as the trusted site).  

 	As per claim 36, Nachenberg in view of Leahy discloses The method of claim 35, wherein the trusted site is associated with the user login credentials( Nachenberg, col 3, lines, 1-5, download as obtaining a web page as a trusted site that allow a user of the client 112 to submit PII, credentials, to the site 118 as the trusted site).  

 	As per claim 37, Nachenberg in view of Leahy discloses The method of claim 36, wherein the querying includes querying the data store as the user is entering in each character of user login credentials(Nachenberg, col 3, lines, 1-5, download as obtaining a web page as a trusted site that allow a user of the client 112 to submit PII, querying the site, credentials, to the site 118 as the trusted site ).  

 	As per clam 38, Nachenberg in view of Leahy discloses the method of claim 34, wherein the comparing includes:  5Attorney I)ockcl No.: MIME-014/01US2 33305/136 Serial No.: 16/732,604determining a suspicions score  ( Nachenberg, abstract, The reputation server computes a reputation score, i.e. suspicions score, for the web site based on the number and type of PII submissions to it);  identifying the requesting site is an unsafe site that is not safe for the user's login credentials, based on the suspicion score ( Nachenberg, col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe and col 5, lines, 60-65, displaying a message warning the user of the site’s URL has a poor reputation); and wherein the blocking includes blocking the user from submitting their login credentials to the unsafe site ( Nachenberg, col 6, lines 5-10, the alert generation module 314 displays an alert warning the user that it is inadvisable to enter PII and offers to block , i.e. prevent, transmission of the PII).  
 
 	As per claim 39, Nachenberg in view of Leahy discloses The method of claim 38, wherein the identifying includes comparing the suspicion score to  a threshold(Nachenberg,  col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe).  



Claims 29 and 40-41 are rejected under 35 U.S.C. 103 as being unpatentable over Nachenberg US 8,019,689 in view of Leahy et al US 2006/0021031 in view of Brown et al US 9,344,449.

 	As per claim 29, Nachenberg in view of Leahy discloses the system of claim 26, wherein determining the suspicion score of the requesting site to a screen image of the trusted site, the suspicion score is determined, the trusted site(Nachenberg, col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe ).  
 	 The combination fails to discloses wherein determining the suspicion score includes graphically comparing a screen image of the requesting site to a screen image of the trusted site, the suspicion score is determined, at least in part, based on the graphical comparison.
 	However, Brown discloses wherein determining the suspicion score includes graphically comparing a screen image of the requesting site to a screen image of the trusted site, the suspicion score is determined, at least in part, based on the graphical comparison ( Fig.11, col 14, lines 12-28 screenshot 1100 in which an intermediate webpage is displayed in accordance with an aspect of the embodiments. When a user clicks on the a replaced web link in e-mail, which has replaced the original web link, the user's web browser is not directed to the original webpage if the corresponding risk score is above a predetermined threshold as previously discussed, e.g., with process 900 as shown in FIG. 9. In such a case, the user is presented with an intermediate (speed bump) webpage 1100. Intermediate webpage 1100 typically provides pertinent details to enable the user to make an informed choice as to whether or not to proceed to the original website. When the original webpage is potentially malicious and intermediate webpage 1100 is displayed, warning 1101 is shown.).
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of determining the site is phishing bases on the score of trustworthy of Nachenberg, based on the teaching of comparing the URL with the trusted sites by the comparator module of the web browser application of Leahy, based on the teaching of displaying confidence score of the webpage ,  because doing so would warn the user above potentially malicious webpage ( col 14, lines 26-28).

 	
 	As per claim 40, Nachenberg in view of Leahy discloses the method of claim 38, wherein determining the suspicion score of the requesting site to a screen image of the trusted site, the suspicion score is determined, the trusted site(Nachenberg, col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe ).  
 	 The combination fails to disclose wherein determining the suspicion score includes graphically comparing a screen image of the requesting site to a screen image of the trusted site, the suspicion score is determined, at least in part, based on the graphical comparison.
 	However, Brown discloses wherein determining the suspicion score includes graphically comparing a screen image of the requesting site to a screen image of the trusted site, the suspicion score is determined, at least in part, based on the graphical comparison ( Fig.11, col 14, lines 12-28 screenshot 1100 in which an intermediate webpage is displayed in accordance with an aspect of the embodiments. When a user clicks on the a replaced web link in e-mail, which has replaced the original web link, the user's web browser is not directed to the original webpage if the corresponding risk score is above a predetermined threshold as previously discussed, e.g., with process 900 as shown in FIG. 9. In such a case, the user is presented with an intermediate (speed bump) webpage 1100. Intermediate webpage 1100 typically provides pertinent details to enable the user to make an informed choice as to whether or not to proceed to the original website. When the original webpage is potentially malicious and intermediate webpage 1100 is displayed, warning 1101 is shown.).
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of determining the site is phishing bases on the score of trustworthy of Nachenberg, based on the teaching of comparing the URL with the trusted sites by the comparator module of the web browser application of Leahy, based on the teaching of displaying confidence score of the webpage ,  because doing so would warn the user above potentially malicious webpage ( col 14, lines 26-28).

As per claim 41, Nachenberg in view of Leahy discloses the method of claim 38, wherein the suspicion score is a similarity metric determined based on a degree of similarity between  the requesting site identifier and the trusted site identifier(Nachenberg, col 3, lines 34-39, The reputation server 110 provides the reputation scores, i.e.  for the web sites 118 to the clients 112, and the clients (and users of the clients) use the scores to guide behaviors with respect to whether to provide PII to the sites that might be a phishing site or other type of untrustworthy site i.e. unsafe ).  
 	 The combination fails to disclose wherein the suspicion score is a similarity metric determined based on a degree of similarity between a display representation of the requesting site identifier and a display representation of the trusted site identifier. 	However, Brown discloses wherein the suspicion score is a similarity metric determined based on a degree of similarity between a display representation of the requesting site identifier and a display representation of the trusted site identifier( Fig.11, col 14, lines 12-28 screenshot 1100 in which an intermediate webpage is displayed in accordance with an aspect of the embodiments. When a user clicks on the a replaced web link in e-mail, which has replaced the original web link, the user's web browser is not directed to the original webpage if the corresponding risk score is above a predetermined threshold as previously discussed, e.g., with process 900 as shown in FIG. 9. In such a case, the user is presented with an intermediate (speed bump) webpage 1100. Intermediate webpage 1100 typically provides pertinent details to enable the user to make an informed choice as to whether or not to proceed to the original website. When the original webpage is potentially malicious and intermediate webpage 1100 is displayed, warning 1101 is shown.).
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of determining the site is phishing bases on the score of trustworthy of Nachenberg, based on the teaching of comparing the URL with the trusted sites by the comparator module of the web browser application of Leahy, based on the teaching of displaying confidence score of the webpage ,  because doing so would warn the user above potentially malicious webpage ( col 14, lines 26-28).



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Nahari et al US 2010/0306819 a server provide interactive phishing detection at the initiation of the user. Detection of phishing is based on the user's comparison of a visual indicator sent from the server to the client device with a another identical looking visual indicator displayed, for example, on a trusted website. Several security measures may be employed such as changing the visual indicator periodically, generating the visual indicator in a random manner, and authenticating the client device to the server before the server will transmit the visual indicator to the client device. User comparison of the website-displayed visual indicator with the user's client device user interface-displayed visual indicator may facilitate user verification of authenticity of a software application.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314.  The examiner can normally be reached on EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ABU S SHOLEMAN/Primary Examiner, Art Unit 2495