DETAILED ACTION
1.	This action is responsive to communications regarding the applicant’s amendments and arguments, filed on 01/14/2021.
2. 	Claims 1-12, 15-25 and 28 are pending.
Notice of Pre-AIA  or AIA  Status
3. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Response to Arguments and Amendments
4.	Applicant’s arguments, see page 1-2 on the remark, filed 01/14/2021, with respect to the rejection(s) of claim(s) 1-12, 15-25 and 28 under 103 rejection have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Mehrak Hamzeh (US 8073895).
5.	Applicant’s arguments filed on 01/14/2021, with respect to the 35 U.S.C 112 second paragraph rejections of claims 1-12 have been fully considered and persuasive. Therefore, the rejections of claims 1-12 have been withdrawn.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

s 1-4, 12, 15-18 and  28 are rejected under 35 U.S.C. 103 as being unpatentable over Kelly Berger (US 20110283196), in view of Mehrak Hamzeh (US 8073895), hereinafter Mehrak.

	Regarding claim 1:
	Berger discloses displaying by a terminal, a target web page a Web page generation module 400 for dynamically generating a series of RSVP Web pages 505 (Berger, Fig.5, paragraph 55); wherein the target web page comprises a first control element is implemented by the terminal and; the first control element is implemented by the terminal and configured to acquire an account identifier for an account a user may take a picture of the QR code or other bar code format which may be scanned to link to the RSVP website with a mobile device 451 and a browser application (or other application) on the user's mobile device may interpret the QR code to link to the RSVP website. In one embodiment, the QR code and/or the URL may be shortened versions of the real URL and, upon selecting the shortened version, the user's web browser may be redirected by the online stationery service 100 to the actual URL of the RSVP Website 505 (Berger, paragraph 55). Examiner interprets the QR code or other bard code format is equivalent with an account identifier for an account.  A second control element; the second control element is configured to correlate the account identifier and an operation request for executing the operation request without logging in the account after the operation request is correlated with the account identifier and wherein the operation request is for an operation with respect to the account other than operations related to logging into the account  in one embodiment, the name field may be a drop-down menu from which the invitee may select his/her name (i.e., the menu having been previously populated with invitee names from the user's stationery order). In one embodiment, the host may specify a certain maximum number of guests for each invitee. In Such a case, up to the maximum number may be selected by the invitee under “total number of guests.” (Berger, column 74).  Examiner interprets a window in Fig.2 that allow the host to invite guests by using guests’ email, name and specify the maximum number guests is equivalent with the second control element and operation request without logging in the account limitations in claim 1. 
 However, Berger fails to teach response to a trigger action on the second control element, searching, by the terminal, the terminal to determine whether an account identifier corresponding to the 
Mehrak teaches response to a trigger action on the second control element, searching, by the terminal, the terminal to determine whether an account identifier corresponding to the target web page is stored locally at the terminal; in response to determining that the account identifier corresponding to the target web page is stored locally at the terminal, acquiring and displaying, by the terminal, the account identifier corresponding to the target web page at the first control element the pop-up window 206 can also include a number of input fields 208 for receiving user input, including but not limited to, a recipient identifier such as a cellphone number, the sender's name or other identifier, a message to be delivered to the recipient or for storage in a database, or other information. The user may deliver the selected content 205 to one or more recipients, either by entering one or more recipient identifiers in the pop-up window, or by repeatedly selecting the content item 204 to be delivered. The pop-up window 206 also includes an action control 210 such as a graphical “send' button, for activating a delivery process of the selected content item 204 as indicated in the selected content representation 205 (Mekrak, column 4, [lines 7-18]), and sending, by the terminal, the account identifier corresponding to the target web page and the operation request that is correlated by the second control element to a server corresponding to the target web page the delivery process sends the content data and other information to a mobile device 212 as selected by the user. The mobile device includes a display 214 capable of viewing the content data 207. In some implementation, the wireless version of the content data 207 is a compressed or smaller version of the content data that defines the object 204 in the webpage 202 (Mekrak, column 4, [lines 19-26]). Examiner interprets that cellphone number, sender’s name is account identifier limitation, and the object 204 in the webpage 202 is target web page corresponding with the account identifier limitation in claim 1. The webpage 202 is stored at the recipient device, but the recipient cannot access to any contents without permission.  The sender has to give the recipient permission by send message with identifier then the 

Regarding claim 2:
Berger discloses the second control element is not configured to capture authentication data for logging into the account corresponding to the account identifier the invitee receives the invitation and, at 612, the invitee uses the URL and/or QR code to connect to the RSVP website. At 613, the invitee submits his/her RSVP response and, at 614, the invitee is prompted to link to the website or to set up an account in order to access the RSVP website in the future (Berger, paragraph 58).

Regarding claim 3:
Berger discloses wherein the first control element is in a hidden state before acquiring the account identifier corresponding to the target web page at 622, the user clicks on the event link and, at 613, views and/or edits the RSVP page (e.g., by submitting an RSVP response). At 621b, rather than linking initially to the invitee's home page, the invitee may go directly to the RSVP website using the URL and/or QR code described above (e.g., from the paper invitation and/or email message sent to the invitee) (Berger, paragraph 59). 

Regarding claim 4:
Berger discloses displaying the first control element in response to obtaining multiple stored account32 Client Reference No.: A10721 Attorney Docket No.: 5OGL-259195 identifiers corresponding to the target web page displaying the multiple stored account identifiers in the first control element; and using, in response to a selection instruction of a user, an account identifier selected by the user as the account identifier for the first control element the invitee in this case may specify all relevant information Such as his/her name, email address, number of guests and whether or not the invitee will attend. In one embodiment, the name field may be a drop-down menu from which the invitee may select his/her name (i.e., the menu having been previously populated with invitee names from the user's stationery order) (Berger, paragraph 74). 

Regarding claim 12:
Berger discloses wherein the trigger action is not previously associated with the account identifier the name field may be a drop-down menu from which the invitee may select his/her name (i.e., the menu having been previously populated with invitee names from the user's stationery order) (Berger, paragraph 74).

Regarding claim 15:
Claim 15 is rejected under the same reason set forth in rejection of claim 1.

Regarding claim 16:
Claim 16 is rejected under the same reason set forth in rejection of claim 2.

Regarding claim 17:
Claim 17 is rejected under the same reason set forth in rejection of claim 3.

Regarding claim 18:
Claim 18 is rejected under the same reason set forth in rejection of claim 4.

Regarding claim 28:
Claim 28 is rejected under the same reason set forth in rejection of claim 1.

7.	Claims 5, 6, 9, 10, 11, 19, 20, 23, 24, 25 are rejected under 35U.S.C 103 as being unpatentable over Kelly Berger (US 20110283196), in view of Mehrak Hamzeh (US 8073895), and further in view of Daniel Fung (US 20040230536), hereinafter Daniel.

Regarding claim 5:
	Berger, Mehrak, and Daniel displaying the first control element in response to that no stored account identifier corresponding to the target web page is found; and receiving an account identifier entered by a user in the first control element once this virtual form 220 is completed, the servlet 218 submits the form 220 as a login script 222 to the destination web site 218.just as if someone filled out the form 220 manually. The destination web site then sends either a confirmation page or an error page 226 back to a central web site servlet 228, which may be the same servlet as the servlet 218. The servlet 228 then parses the page 226 to determine whether or not the login operation was successful or unsuccessful (Daniel, column 8, [lines 5-15]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Berger with of Daniel in order to provide secure e-commerce transactions via a user device, such a cellphone, PDA device (Daniel, column 34, [lines 15]).

Regarding claim 6:
Berger, Mehrak, and Daniel disclose wherein in response to the trigger action on the second control element, searching, by the terminal, the terminal to determine whether an account identifier corresponding to the target web page is stored locally at the terminal comprises the pop-up window 206 can also include a number of input fields 208 for receiving user input, including but not limited to, a recipient identifier such as a cellphone number, the sender's name or other identifier, a message to be delivered to the recipient or for storage in a database, or other information. The user may deliver the selected content 205 to one or more recipients, either by entering one or more recipient identifiers in the pop-up window, or by repeatedly selecting the content item 204 to be delivered. The pop-up window 206 also includes an action control 210 such as a graphical “send' button, for activating a delivery process of the selected content item 204 as indicated in the selected content representation 205 (Mekrak, column 4, [lines 7-18]), monitoring the trigger action on the second control element; and if the trigger action meets a preset trigger condition, searching the terminal to determine whether the account identifier corresponding to the target web page is stored locally at the terminal at step 1610, it is determined whether or not the user meets all of the required criteria for modifications. If any attribute or condition of the modifications is either unclear or includes spelling and/or grammatical errors, modifications are denied and an error issuing bank response 1024 is returned to the central controller 1006 and the central controller 1006 sends an appropriate response 1020 to the user at step 1612 (Daniel, column 22, [lines 46-52]). Examiner interprets that cellphone number, sender’s name is account identifier limitation, and the object 204 in the webpage 202 is target web page corresponding with the account identifier limitation in claim 1. The webpage 202 is stored at the recipient device, but the recipient cannot access to any contents without permission.  The sender has to give the recipient permission by send message with identifier then the recipient input the identifier, then webpage 202 will display content that sender want to share with the recipient.   It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Berger with of Daniel in order to provide secure e-commerce transactions via a user device, such a cellphone, PDA device (Daniel, column 34, [lines 15]).

Regarding claim 9:
Berger, Mehrak, and Daniel disclose herein if the trigger action meets the preset trigger condition, searching the terminal to determine whether the account identifier corresponding to the target web page is stored locally at the terminal comprises: sending the trigger action to the server corresponding to the target web page, causing the server to determine whether the trigger action meets the preset trigger condition and return a determination result; and if the received determination result returned by the server is positive, searching the terminal to determine whether the account identifier corresponding to the target web page is stored locally at the terminal transaction/confirmation data 1006S includes data, such as data for tracking all central controller credit/debit card, user and Subordinate, transaction/confirmation activity, etc. Licensee/affiliate data 1006t includes data, such as data for logging licensee affiliate names, identification numbers, etc., and data for tracking licensee affiliate transactions garnered through a contract relationship with the central web site. Conditional modification data 1006m includes data, such as data for logging licensee/affiliate names, id numbers, etc., and data for tracking licensee/affiliate transactions garnered through a contract relationship with the central web site (Daniel, column 18, [lines 30-41]). It would have been 

Regarding claim 10:
Berger, Mehrak, and Daniel disclose wherein the method further comprises: receiving an identification code returned by the server, wherein the identification code is generated by the server when the trigger action meets the preset trigger condition, and the identification code corresponds to a session at which the identification code is generated; and wherein sending the account identifier corresponding to the target web page and the operation request that is correlated by the second control element to the server corresponding to the target web page comprises: sending an identifier of the session between the terminal and the server, the identification code, the account identifier corresponding to the target web page, and the operation request to the server in a payment processing server 3606 at a processing facility 3604, transaction data can be checked against data in the dormant payment card account update file or activation signal 3612 stored in a payment processor web services server 3610. Accordingly, the transaction can be accepted 3608 to create an approval code 3616 or denied 3614. In an exemplary embodiment, the consumer device3602 can initiate an online transaction, for example, after auto login is performed and the dormant payment card update file 3612 is sent from the single sign on host. The payment authorization can be accepted and processed to create the approval code 3616 (Daniel, column 40, [lines 27-39]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Berger with of Daniel in order to provide secure e-commerce transactions via a user device, such a cellphone, PDA device (Daniel, column 34, [lines 15]).

Regarding claim 11:
	Berger and Daniel disclose after a processing result returned by the server is received, determining a display style corresponding to a type of the processing result, wherein the processing result is obtained34 Client Reference No.: A10721 Attorney Docket No.: 5OGL-259195 by the server according to the account identifier corresponding to the target webpage and if the resulting message is intelligible, then the same key must have encrypted the message, authenticating that the issuing bank interface 1010 must have indeed been the author of the issuing bank response 1024 (Daniel, column 24, [lines 55-58]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Berger with of Daniel in order to provide secure e-commerce transactions via a user device, such a cellphone, PDA device (Daniel, column 34, [lines 15]).
	

Regarding claim 19:
Claim 19 is rejected under the same reason set forth in rejection of claim 5.

Regarding claim 20:
Claim 20 is rejected under the same reason set forth in rejection of claim 6.

Regarding claim 23:
Claim 23 is rejected under the same reason set forth in rejection of claim 9.

Regarding claim 24:
Claim 24 is rejected under the same reason set forth in rejection of claim 10.

Regarding claim 25:
Claim 25 is rejected under the same reason set forth in rejection of claim 11.

8.	Claims 7-8, 21, 22 are rejected under 35U.S.C 103 as being unpatentable over Kelly Berger (US 20110283196), in view of Mehrak Hamzeh (US 8073895), and further in view of Andreas Wittenstein (US 8627479), hereinafter Andreas.


	Berger and Andreas disclose wherein the second control element is a slide control element; and monitoring the trigger action on the second control element comprises: monitoring a slide parameter of the second control element, wherein the slide parameter comprises at least one sub parameter of: slide frequency, slide speed, or slide duration website transactions during a data-collection period Such as one hour, or in continual mode, for incrementally updating the models on the fly with a sliding window, for example by adding each transaction or each minute's worth of transactions as it occurs, and removing each transaction or increment of transactions as it ages beyond the data-collection period of, say, one hour. When operating in continual mode, switch 17190 changes the increment to negative one to remove an atomic event record, and changes the increment to the negative of the instance count 16220 to remove an event type record from the running frequencies, as specified by remove flag 17180 remove an atomic event record, and changes the increment to the negative of the instance count 16220 to remove an event type record from the running frequencies, as specified by remove flag 17180 (Andreas, column 32, [lines 58-67]), and further the anomalous event duration detector determines an event to be anomalously brief if the observed duration is less than the predicted duration minus a duration threshold 20110 or by another test. In the preferred embodiment, the duration threshold is Zero, in order to postpone threat decisions until the anomaly of the entire session can be compared to the anomaly of all other sessions. Alternatively, if the number of detected attacks is expected to be substantially greater than threat processors 1080 (See FIG. 1) can handle, then the duration threshold can be adjusted upwards to throttle the least threatening events. The anomalous event duration detector is used as an efficiency optimization in embodiments where it reduces the computation time or other resource demands. Prediction combiner 20120 combines the individual event frequency predictions 20060 and corresponding event duration predictions 20080 into a single predicted event frequency 20130 and a single corresponding predicted event duration 20140. The prediction combiner is detailed under FIG. 26. Event frequency scorer 20150 compares predicted event frequency 20130 with observed event frequency 20020, taking frequency threshold 20170 into account, and outputs frequency anomaly score 20160. In one embodiment, the event frequency scorer is switched off if duration anomaly score 20190 is below duration threshold 20110, for computational efficiency (Andreas, column 37, [lines 6-30]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Sang with of Andreas in order to detecting and defending against attacks on websites, including attacks through third-party websites (Andreas, column 1, [lines 15-16]).

	Regarding claim 8:
	Berger and Andreas disclose wherein if the trigger action meets the preset trigger condition searching the terminal to determine whether the account identifier corresponding to the target web page is stored locally at the terminal comprises: determining, if the slide parameter comprises the slide frequency, whether the slide frequency is greater than a preset frequency threshold, to obtain a determination result corresponding to the slide frequency; determining, if the slide parameter comprises the slide speed, whether the slide speed is greater than a preset speed threshold, to obtain a determination result corresponding to the slide speed; determining, if the slide parameter comprises the slide duration, whether the slide duration is less than a preset duration threshold, to obtain a determination result corresponding to the slide duration; and if the determination results for the slide parameter are all positive, searching the terminal to determine whether the account identifier corresponding to the target web page is stored locally at the terminal event frequency scorer 20150 compares predicted event frequency 20130 with observed event frequency 20020, taking frequency threshold 20170 into account, and outputs frequency anomaly score 20160. In one embodiment, the event frequency scorer is Switched off if duration anomaly score 20190 is below duration threshold 20110, for computational efficiency. The event frequency scorer is discussed in greater detail under FIG. 27. Event duration scorer 20180 compares predicted event duration 20140 with observed event duration 20040, taking duration threshold 20110 into account, and outputs duration anomaly score 20190. In one embodiment, the event duration scorer is switched off if the frequency anomaly score is below frequency threshold 20170, for computational efficiency. The event duration scorer is discussed in greater detail under FIG. 28. Event anomaly scorer 20200 inputs frequency anomaly score 20160 and duration anomaly score 20190, and outputs event anomaly score 18060. If either the frequency anomaly score or the duration anomaly score is nonpositive, the event anomaly scorer outputs an event anomaly score of Zero. In the preferred embodiment, the event anomaly scorer combines the frequency anomaly score and duration anomaly score by multiplying them together, where the resulting product can be interpreted as the point-wise mutual information between the terms of the event, weighted by the anomalousness briefness of the event (Andreas, column 37, [lines 25-50]).

Regarding claim 21:
Claim 21 is rejected under the same reason set forth in rejection of claim 7.

Regarding claim 22:
Claim 22 is rejected under the same reason set forth in rejection of claim 8.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication from the examiner should be directed to Thanh Le whose telephone number is 571-272-8556. The examiner can normally be reached on Monday-Friday 8:00a.m to 5p.m. EST
 Nickerson Jeffrey L can be reached on (469) 295-9235.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either obtained from either Private PAIR or Public PAIR. Status information for unpublished application is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov . Should you have question on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automatic information system, call 800-786-9199 (In USA or CANADA) or 571-272-1000.
/THANH H LE/Examiner, Art Unit 2432                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491