Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is responsive to application and preliminary amendment filed on 8/21/2019. Claims 1, 6, 13 and 20 are independents. Claims 1-20 are currently pending.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

Claim 20 in this application using language  “means for identifying…”, “means for determining…” and “means for generating…” are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. The closest description is found in para. 0031, 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
Because this/these claim limitations are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-5 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims do not fall within at least one of the four categories of patent eligible subject matter because claim 1 directly recite “a site redirector”, “a site verifier” and “a URL encoder”. The three items when interpreted broadly could be software. Further, the specification does not limit these elements of the claim to include or to be only hardware element. Therefore claims 1 is rejected.
Claims 2-5 are dependent claims of claim 1. The claims do not provide cure for claim 1 and therefore they are rejected as well.
	
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-10, 13-17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Bejerasco et al. (US 20170070460 A1), hereinafter Bejerasco, in view of Tibeica et al. (US 20130185802 A1), hereinafter Tibeica.

 Regarding claims 1, 6, 13 and 20, Bejerasco teaches an apparatus to deconflict user authorization to navigate to a website (FIG. 3 and 4), the apparatus comprising:
a site redirector to identify a first request to be transmitted from a client device (FIG. 3 and para. 0028, In step 300 a user device 1 receives a communication message) to a destination site identified by a uniform resource locator (URL) (FIG. 3 and para. 0029, In 302, the user device 1 analyses the contents of the received communication message for hyperlinks ... URLs. FIG. 3 and para. 0030, In case the user device 1 determines that a specific URL can be trusted, 316 can be entered directly where access to the web page is allowed and the web page is rendered to the display of the user device 1);
a site verifier to determine whether the first request indicates that a user has authorized navigation to the destination site (FIG. 3, 4 and para. 0031, FIG. 4 shows an example of a warning message. In an embodiment, the user can be allowed an opportunity to add the blocked URL to the whitelist. If the user device detects a request  to add the URL to the whitelist, then access to the blocked URL may be allowed); and 
a URL encoder to, in response to determining that the user has authorized the navigation to the destination site (FIG. 3, 4 and para. 0031, If the user device detects a request to add the URL to the whitelist), the site redirector to transmit a second request  to a network security monitor (FIG. 4, 6 and para. 0031 and 0044, in addition to adding the URL to the whitelist, the user may be requested to notify the server system 3 that the URL has been whitelisted), the second request to indicate to the network security monitor that the user has authorized the navigation to the destination site, the second request including the URL (FIG. 4 and para. 0031, the user may be requested to notify the server system 3 that the URL has been whitelisted. This enables the server system 3 to improve its ratings).
Bejerasco does not explicitly disclose generate a data field based on an address  of a domain of the destination site, the second request including the data field. However, in an analogous art, Tibeica teaches generate a data field based on an address of a domain of the destination site (FIG. 6 and para. 0033, responsive to  a user requests to access an online document (e.g. a webpage), the respective client system 14 may send a target indicator 40 to anti-fraud server 16 ... Exemplary target indicators 40 comprise a uniform resource locator ( URL) of a target webpage, ... , and an IP address of a target Internet domain ... a size and/or timestamp of the target document), the second request including the data field (FIG. 6 and para. 0033, When a user requests to access an online document (e.g. a webpage), the respective client system 14 may send a target indicator 40 to anti-fraud server 16).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Bejerasco and Tibeica because since the type and methods of online fraud evolve rapidly, successful detection may benefit from the development   of new fraud identifying tests (Tibeica,  para. 0006).

 Regarding claims 2, 7 and 14, the combination of Bejerasco and Tibeica teaches all of the limitations of claims 1, 6 and 13, as described above. Bejerasco further teaches an exception list datastore (FIG. 3 and para. 0030, the user device 1 checks whether the requested URL can be found on a whitelist. The whitelist is a list of URLs that are being provided access to even though the reputation of the URL may be rated suspicious or unsafe. FIG. 6 and para. 0041, a whitelist of allowed web resources [in the UE]), wherein the site verifier is to, in response to determining that the user has authorized the navigation to the destination site, add an identifier of the domain of the destination site to the exception list datastore (FIG. 4 and para. 0031, FIG. 4 shows and  example of a warning message. In an embodiment the user can be allowed an opportunity to add the blocked URL to the whitelist. If the user device detects a request to add the URL to the whitelist, then access to the blocked URL may be allowed).

 Regarding claims 3, 8 and 15, the combination of Bejerasco and Tibeica teaches all of the limitations of claims 1, 6 and 13, as described above. Bejerasco further teaches wherein the site verifier is to, in response to determining that the user has not authorized the navigation to the destination site (FIG. 4 and para. 0031, the user can be  allowed an opportunity to add the blocked URL to the whitelist. Thus the user may choose not to add the blocked URL to the whitelist), determine whether the first request is to be blocked (FIG. 3 and para. 0031, if the URL is not whitelisted, then 314 is entered where access to the web page is blocked).

 Regarding claims 4, 9 and 16, the combination of Bejerasco and Tibeica teaches all of the limitations of claims 3, 8 and 15, as described above. Bejerasco further teaches wherein the site redirector is to, in response to determining that the first request  should be blocked (FIG 3. and para. 0031, if the URL is not whitelisted, then 314 is entered where access to the web page is blocked. In an embodiment, the user device displays an indication to the display about the blocked URL. FIG. 4 shows and example of a warning message), cause a prompt to be displayed requesting the user to authorize  the navigation to the destination site (FIG. 4 and para. 0031, the user can be allowed an opportunity to add the blocked URL to the whitelist. If the user device detects a request to add the URL to the whitelist, then access to the blocked URL may be allowed).

 Regarding claims 5, 10 and 17, the combination of Bejerasco and Tibeica teaches all of the limitations of claims 3, 8 and 15, as described above. Bejerasco further teaches wherein the site redirector is to, in response to determining that the first request should not be blocked, transmit the first request to the destination site (FIG. 3 and para. 0030 and 0031, In case the user device 1 determines that a specific URL can be trusted, 316 can be entered directly where access to the web page is allowed and the web page is rendered to the display of the user device 1 ... if the URL is on the whitelist and even though logging in elements are found, 316 is entered, where access to the web page is allowed).

Claims 11, 12, 18 and 19 are rejected under 35 U.S.C. 103 §§.as being unpatentable over Bejerasco in view of Tibeica, as applied in the claims above, further in view of     Ahmed et al. (US 9712503 B1), hereinafter Ahmed.

 Regarding claims 11 and 18, the combination of Bejerasco and Tibeica teaches all of the limitations of claims 6 and 13, as described above.
The combination of Bejerasco and Tibeica does not explicitly disclose wherein the instructions, when executed, further cause the at least one processor to generate the data field by: calculating a timestamp of the first request; encoding the timestamp and the domain of the destination site; computing a token of the encoded timestamp, the encoded domain of the destination site, and a key; and combining the domain of the        destination site, the timestamp, and the token to form the data field. However, in an analogous art, Ahmed teaches wherein the instructions, when executed, further cause the at least one processor to generate the data field by: calculating a timestamp of the first request; encoding the timestamp and the domain of the destination site; computing a token of the encoded timestamp, the encoded domain of the destination site, and a key; and combining the domain of the destination site, the timestamp, and the token to form the data field (col 7 In 63 - col 8 In 8, the key derivation function may use a time stamp, either from the instructions from the migration authority, or a time stamp of when    the key derivation function is performed. A key derivation function may derive keys using a concatenation of a time stamp with a nonce and/or one or more identifiers, such   as of the destination host IP address and/or other migration authority provided identifiers. Some example identifiers in addition to an IP address may include a hash of a public key certificate, a hash of a public key, a fully qualified domain name (FQDN), or the like).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Bejerasco, Tibeica and Ahmed because it would support the desired services are dynamically scalable to meet the changing load for the services at any given time (Ahmed, background section).

 Regarding claims 12 and 19, the combination of Bejerasco, Tibeica and Ahmed teaches all of the limitations of claims 11 and 18, as described above. Ahmed further teaches wherein the key is a pre-shared key (col 3 In 47 - col 4 In 3, The communications may be encrypted. The encryption may include, for example, public key cryptography. In public key cryptography, a public key may be published that may be used by others to encrypt electronic communication contents and may be used to verify signatures performed by the corresponding private key. By keeping a secret, private key corresponding to a public key, electronic communications encrypted with the public key may be decrypted and signatures applied can be verified with the public key).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Bejerasco,Tibeica and Ahmed because it would support the desired services are dynamically   scalable to meet the changing load for the services at any given time.

References Cite Not Used
	 Lee et al. (US 20200067977 A1 ) teaches a method for Countering phishing attacks by generating multiple synthetic victims, where each of the synthetic victims includes synthetic victim information that represents a computer user identity and includes associated sensitive information, where the computer user identity and its associated sensitive information are fictitious in that they are not known to be associated with a legitimate computer user, providing any of the synthetic victim information of the synthetic victims to a computer-hosted phishing site, storing the synthetic victim information in a computer-accessible database, receiving from a computer-hosted target site information provided to the computer-hosted target site by a requestor, identifying in the computer-accessible database synthetic victim information matching the requestor information, and notifying the computer-hosted target site that the requestor information is of a synthetic victim..
	Ding et al. (CN 108512849 A) teaches a method for handshake in a secure session, comprising: obtaining a first handshake request timestamp encrypted domain information and access time corresponding to searching the first target key corresponding to said first time stamp, The first target key of the encrypted domain information is decrypted when received first decryption failure instruction, obtaining the second target key in the key list according to the second target key to decrypting the encrypted domain information when receiving the decryption succeeds instruction, the handle of the target server. the handshake method, when the first decryption is successful, according to the second target key is decrypted, avoids the problem that, time of the server end synchronization is distributed in a loosely coupled, namely possible presence level or second level of error, the server will be a new key to decrypt the client end encryption sent by the time domain information cannot be decrypted.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHU CHUN GAO whose telephone number is (571)270-5999. The examiner can normally be reached on Monday - Thursday 6:00-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KRISTINE KINCAID can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHU CHUN GAO/ 	Examiner, Art Unit 2437 
	/ALI S ABYANEH/           Primary Examiner, Art Unit 2437                                                                                                                                                                                             50