DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
This communication is in response to the Amendment filed 01/05/2021.

Response to Arguments
Claims 21 – 38 are pending in this Office Action. After a further search and a thorough examination of the present application, claims 21 – 38 remain rejected. The 103 and Double Patenting rejections are maintained
Applicant's arguments filed with respect to claims 21 – 38 have been fully considered but they are not persuasive. 

Applicant argues that Eisen is non-analogous prior art. Applicant repetitively presents the similar arguments from parent applications. Applicant argues that the claimed invention and Eisen are addressing different problems as to different types of operations using different techniques and executed at different locations within a network.
In response to Applicant’s argument, the Examiner disagrees and submits that Eisen is an analogous art. In regards with a comparison of the functions the applicant argues how Eisen functions is very different from the claimed invention. The applicants state that the claimed invention is directed to crawling a website, which is a client-side operation. In response to the argument that Eisen, on the other hand, is directed to operations performed on a server and are used to detect attacks the examiner presents that according to paragraphs 31 – 32 of Eisen (US 2007/0234409 A1) the operations performed in Eisen are done on the computer or the server. It states that the fingerprint collector and the session collector may be described as a computer program residing in the memory of computer or server that is designed to extract device fingerprint information from the data or information exchanged between a (Web) server. Therefore it is seen that while Eisen operations are server-side as argued by the applicant, they however may be performed at the client side computer as well. Therefore the function of detecting vulnerabilities/attacks is client-side operation in Eisen. Accordingly, the claimed invention and Eisen are directed to similar functions performed on the client side. In regards with the argument that the technology described by Eisen resides on the server-side of the client-server11 interaction and is used to detect12 actual attacks, the claimed technology emulates a client and is used to test a web application:13 the examiner presents that according to paragraphs 31 – 32 of Eisen (US 2007/0234409 A1) the operations performed in Eisen are done on the computer or the server. It states that the fingerprint collector and the session collector may be described as a computer program residing in the memory of computer or server that is designed to extract device fingerprint information from the data or information exchanged between a (Web) server. Therefore it is seen that while Eisen operations are server-side and they may be performed at the client side computer as well. In arguing that they are different type of operations and techniques applicant states that the instant application synchronizes requests, however Examiner submits that this language is not recited in the claim. Since the operations performed in Eisen may be on the computer client side or on server, Eisen is an analogous art.

Applicant argues that there are problems with the Examiner’s analysis on regards with the limitation “determining whether a new request exists that is associated with the selected link” and since the Eisen does not teach the “determining operation” it cannot teach “the selecting is based upon the determining”.
In response to Applicant’s argument, the Examiner submits that Examiner made typographical error in reproducing twice the claim recitation of “determining whether a new request exists that is associated with the selected link”.  On page 5 of office action in rejection regarding claim 21 examiner rejects the limitation “determining whether a new request exists that is associated with the selected link” under Eisen with citations using figures and paragraphs from Eisen. Examiner admits to the typographical error of saying amongst other limitations of the claim that Eisen does not explicitly teach “determining whether a new request exists that is associated with the selected link”. If the 103 rejection in whole for claim 21 is looked at it is clear that the “determining whether a new request exists that is associated with the selected link” is rejected as being taught in Eisen and so is the selecting based on the determining.
Remaining claims in instant application recite the same subject matter and for the same reasons as cited above the rejection is maintained. Hence, Applicant’s arguments do not distinguish the claimed invention over the prior art of record. In light of the foregoing arguments, the 103 rejections are maintained.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21, 23 – 26, 27, 29 – 32, 33 and 35 – 38 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 5 and 6 of U.S. Patent No. 9,569,534. Although the claims at issue are not identical, they are not patentably distinct from each other because they are obvious variants of each other.
The correspondence between the current claims and the patent claims is as follows:
Claims 21, 23, 24, 27, 29, 30, 33, 35 of the instant application correspond to claim 1 of the patent. 
Claims 25, 31, 37 of the instant application correspond to claim 5 of the patent. 
Claims 26, 32 and 38 of the instant application correspond to claim 6 of the patent. 
In re Karlson (CCPA) 136 USPQ 184, decided January 16, 1963 (“Omission of element and its function in combination is obvious expedient if remaining elements perform same functions as before.”).

Claims 22, 28 and 34 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 9,569,534 in view of International Publication Number WO 2008/054849 A2 issued to Eisen. 

Regarding claim 22, the patent claim teaches all of the limitations of the current claim 22, except for creating the new request identifier based upon no new request existing associated with the selected link.”
However, Eisen suggests this concept in paragraph 20 and paragraph 37 lines 2 – 8 (Eisen teaches creating a session ID when the user visits a web site, closes a browser and reopens the same web site, removing the session ID at a certain point and creating a new session ID, etc.).  At the time the invention was made, it would have been obvious to a person of ordinary skill in the data processing art to incorporate Eisen’s concept into claim 22 of the current application, for the benefit of saving processing cost and/or avoiding duplicative records.
Claims 28 and 34 are rejected based on the rationale discussed in rejecting claim 22.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 21 – 24, 26 – 30, 32 – 36 and 38 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over International Publication Number WO 2008/054849 A2 issued to Eisen further in view of U.S. Patent Number 6,584,569 issued to Reshef et al. further in view of web document titled “What is a hash map in programming and where can it be used” written by Chris et al. (http://stackoverflow.com/questions/2592043/what-is-a-hash-map-in-programming-and-where-can-it-be-used).

Regarding claim 21, Eisen discloses,
A computer-implemented method of crawling a website, comprising:
determining whether there is a new request that is associated with a selected link (Figure 3 and paragraph 34 lines 2 – 12: For a particular online session, a persistent Session ID is assigned and maintained for a particular user device.  The user device should exhibit the same fingerprint throughout the session to suggest that no communications exchanged with a Web server came from or were redirected to another device.  A first fingerprint can be compared against a second fingerprint.  One, two or more fingerprints may be collected with device fingerprint collectors during any selected time interval of a session, at any selected web page that may be requested and viewed by a user through a browser. Eisen teaches monitoring the user-to-web server environment for new web page requests that may be compared to a previous request made at the beginning of a session);

creating a new request identifier and saving an entry in a table (paragraph 34 lines 2 – 12: For a particular online session, a persistent Session ID is assigned and maintained for a particular user device.  The user device should exhibit the same fingerprint throughout the session to suggest that no communications exchanged with a Web server came from or were redirected to another device.  A first fingerprint can be compared against a second fingerprint.  One, two or more fingerprints may be collected with device fingerprint collectors during any selected time interval of a session, at any selected web page that may be requested and viewed by a user through a browser, Figure 3 and paragraph 37 lines 2 – 8:  A server has a database memory for storing customer transactions with corresponding session information.  The session information may include a plurality of Session IDs and each transaction may have a Session ID and a plurality of user fingerprints obtained or collected at different times during the session or at different locations/pages of the bank Web site [Wingdings font/0xE0]  Eisen teaches storing session IDs and fingerprints of the requests in a table); and
updating a prior request associated with the selected link (paragraph 34 lines 16 – 18: If the first fingerprint matches the second fingerprint with respect to the same session ID, then the user may be allowed to proceed to another Web page or portion of a site [Wingdings font/0xE0] Eisen teaches, if the subsequent request is determined to have originated from the same user (hence not a "new” but “same” request), the user may proceed to another Web page which has a new link value), wherein
the selecting is based upon the determining (Figure 3 and paragraph 34 lines 2 – 12: For a particular online session, a persistent Session ID is assigned and maintained for a particular user device.  The user device should exhibit the same fingerprint throughout the session to suggest that no communications exchanged with a Web server came from or were redirected to another device.  A first fingerprint can be compared against a second fingerprint.  One, two or more fingerprints may be collected with device fingerprint collectors during any selected time interval of a session, at any selected web page that may be requested and viewed by a user through a browser.  Eisen teaches monitoring the user-to-web server environment for new web page requests that may be compared to a previous request made at the beginning of a session).
Eisen does not explicitly teach,
recording a current page in the website being crawled in a list of explored pages; 
extracting links from the current page; and
selecting a next link to analyze to form a selected link.
However, Reshef teaches,
recording a current page in the website being crawled in a list of explored pages (column 4 lines 39 – 40 and column 5 lines 45 – 47: Reshef teaches crawling over or traversing some or all of the links in a target web site, column 5 lines 54 – 55: Reshef teaches a LinkDB, which is a log storing the links that were traversed); 
extracting links from the current page (column 4 lines 57 – 58: Reshef teaches a data structure for holding all links extracted from a particular web page); and
selecting a next link to analyze to form a selected link (column 5 lines 45 – 47; 57 – 58; 64 – 65 and column 6 line 1: Reshef teaches crawling/traversing all of the links in a target web site, selecting a link from the data structure holding the extracted links and analyzing the selected link.  The link selection process includes a conditional loop for testing whether or not the WorkQueue is empty).
At the time the invention was made, it would have been obvious to a person of ordinary skill in the data processing art to incorporate Reshef’s disclosure into Eisen’s overall method, for the benefit of automatically crawling web pages to extract links for analysis, and detecting potential application-level vulnerabilities or security flaws.
Eisen also does not explicitly teach the concept of storing an entry in a hashmap.
th, 2010, programmers subscribed to stackoverlow.com (“Chris et al.”)  recognized the use of hashmap to store data for faster, more efficient retrieval (see answers posted by Chris and mikek).  At the time the invention was made, it would have been obvious to a person of ordinary skill in the data processing art to incorporate the hashmap in Eisen's overall method, for the benefit of quick and efficient data retrieval. 
Claims 27 and 33 are rejected based on the rationale discussed in rejecting claim 21.

Regarding claim 22, The method of claim 21, wherein
the creating the new request identifier is selected and is based upon no new request existing that is associated with the selected link (Eisen, paragraph 37 lines 2 – 8).

Regarding claim 23, The method of claim 22, wherein
the prior request is updated with a new link value found in the new request (Eisen, paragraph 34 lines 16 – 18: If the first fingerprint matches the second fingerprint with respect to the same session ID, then the user may be allowed to proceed to another Web page or portion of a site [Wingdings font/0xE0] Eisen teaches, if the subsequent request is determined to have originated from the same user, the user may proceed to another Web page which as a new link value).

Regarding claim 24. The method of claim 21, wherein
the updating the prior request is selected and is based upon the new request existing (Eisen, paragraph 34 lines 16 – 18).
Regarding claim 26. The method of claim 24, wherein

Claims 28 – 30 and 32 and 34 – 36 and 38 are rejected based on the rationale discussed in rejecting claims 22 – 24 and 26.

Claims 25, 31 and 37 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over International Publication Number WO 2008/054849 A2 issued to Eisen, in view of U.S. Patent Number 6,584,569 issued to Reshef et al. further in view of a web document titled “What is a hash map in programming and where can it be used” written by Chris et al., further in view of U.S. Publication Number 2007/0033264 issued to Edge et al.

Regarding claim 25, Eisen, Reshef and Chris disclose the method of claim 24 as discussed above.  
Eisen also discloses saving an entry including a requestID and request (Figure 3).
Eisen, Reshef and Chris do not explicitly disclose associating the request with an HTML context of the request.
However, the concept of associating a request with an HTML context had been well known in the data processing art prior to Applicant’s invention.  For instance, Edge discloses analyzing the HTTP request and determining the context of the page requested in at least paragraphs 38, 46 and 66 – 67.  At the time the invention was made, it would have been obvious to a person of ordinary skill in the data processing art to incorporate Edge's concept into Eisen, Reshef, and Chris’ overall method, for the benefit of determining the context of the webpage requested, thus identifying user intent/interest. 
Claims 31 and 37 are rejected based on the rationale discussed in rejecting claim 25.


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NAVNEET K GMAHL whose telephone number is 571-272-5636.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mark Featherstone can be reached on 571-270-3750. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/NAVNEET GMAHL/Examiner, Art Unit 2166                                                                                                                                                                                                        Dated: 4/6/2021






	
	
	
	
	
	/MARK D FEATHERSTONE/               Supervisory Patent Examiner, Art Unit 2166