DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

                                             Examiner’s Amendment

2.	Authorization for the Examiner’s Amendment was given in an interview with the Applicant’s representative, John D. Pemberton (Reg. No. 45,749), on July 20, 2021.
3.	Claims 1, 8, 15, 23, 26, and 29 have been amended by the Applicant, Claims 22, 25, and 28 have been canceled by the Applicant. The following Examiner’s amendment is listed below:

                                                                    Claims

1. (Currently Amended) A method comprising: 
    identifying a website;
    determining scripts associated with the website using a webextension application programming interface;
    blocking the website if a script associated with the website is blacklisted; 
    obtaining a string format of each of the determined scripts associated with the website using an Extensible Markup Language/Hypertext Transfer Protocol request;

    blocking the website if the specific script is related to cryptomining malware; and 
    sending one or more uniform resource locators associated with the website to a security engine for further analysis when usage of a computer processing unit increases more than a threshold amount over a predetermined amount of time during access to the website; and 
    communicating, to a user, an option to allow access to the website when usage of the computer processing unit increases more than the threshold amount during access to the website.

8. (Currently Amended) At least one non-transitory computer-readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:
    identify a website;
    determine scripts associated with the website using a webextension application programming interface;
    block the website if a script associated with the website is blacklisted; 
    obtain a string format of each of the determined scripts associated with the website using an Extensible Markup Language/Hypertext Transfer Protocol request;
    analyze the string format of each of the determined scripts to determine if a specific script is related to cryptomining malware;
    block the website if the specific script is related to cryptomining malware; and 
    send one or more uniform resource locators associated with the website to a security engine for further analysis when an application and/or scripts related to the website cause usage of a 
     communicate, to a user, an option to allow access to the website when usage of the computer processing unit increases more than the threshold amount during access to the website.

15. (Currently Amended) An apparatus to determine a presence of cryptomining malware, the apparatus comprising: 
     memory;
     at least one processor; and
     a security engine, the security engine configured to: 
     identify a website;
     determine one or more uniform resource locators associated with the website using a webextension application programming interface;
     block the website if a uniform resource locator associated with the website is blacklisted;
     determine scripts associated with the website; block the website if a script associated with the website is blacklisted; 
     obtain a string format of each of the determined scripts associated with the website using an Extensible Markup Language/Hypertext Transfer Protocol request;
     analyze the string format of each of the determined scripts to determine if a specific script is related to cryptomining malware;
     block the website if the specific script is related to cryptomining malware; and 
     send one or more uniform resource locators associated with the website to a security engine for further analysis when an application and/or scripts related to the website cause usage of a 
     communicate, to a user, an option to allow access to the website when usage of the computer processing unit increases more than the threshold amount during access to the website.

22. (Canceled) 

23. (Currently Amended) The method of Claim 1 

25. (Canceled)

26. (Currently Amended) The at least one computer-readable medium of Claim 8 

28. (Canceled)

29. (Currently Amended) The apparatus of Claim 15 





                                               Reasons for Allowance

4.    Claims 1, 6-8, 13-15, 19-21, 23-24, 26-27, and 29-30 are allowable.
5.    The following is an Examiner’s statement of reasons for allowance:
       The present invention is directed to a system and method that discloses cryptomining malware (or cryptocurrency mining malware, cryptojacking, etc.), is a relatively new term that refers to software programs and malware components developed to take over a computer's 
      Through the use of browser-injected mining scripts, users become unwilling participants the moment they load a compromised website. The website can include scripts that run in the background, which makes them extremely difficult to detect. For some scripts, the users cannot tell when the scripts are running and the scripts only run for as long as the user is on the website. However, some scripts allow the mining to continue even after the website has been closed by creating a hidden pop-up window. The hidden pop-up window can be hidden from the user's view such as sized to fit under a taskbar. The malware can tap into the resources of the user's computers and cause a degradation in computer performance and components. What is needed is a system and method to help identify malware, especially cryptomining malware.
 6.   The prior art Hazay et al. (2019/0364057) discloses enable detection of web-servers or remote servers or other network entities or network elements, which injects or add a cryptocurrency mining script (or program code, or malware code) in to a content that is served to an end-user device, such as a web-page or HTML code or to a non-cryptocurrency-related JavaScript code. Hazay discloses that a web-server may be used to inject or to add cryptocurrency mining code into web-pages or content that is served to web-browsers and/or that is parsed or executed by web-browsers. Accordingly, the present invention may monitor electronic devices which perform or which start to perform cryptocurrency mining operations; “blocking the website if the specific script is related to cryptomining malware; and sending one or more uniform resource locators associated with the website to a security engine for further analysis when usage of a computer processing unit increases more than a threshold amount over a predetermined amount of time during access to the website; and communicating, to a user, an option to allow access to the website when usage of the computer processing unit increases more than the threshold amount during access to the website”.    
7.     The Non-patent literature of Mursch (Title: How To Find Cryptojacking Malware) teaches finding malware is easy and various queries can be used to locate it.  Mursch teaches the once the cryptojacking can be found by running a query to determine which sites are cryptomining.  Mursch does not teach “blocking the website if the specific script is related to cryptomining malware; and sending one or more uniform resource locators associated with the website to a security engine for further analysis when usage of a computer processing unit increases more than a threshold amount over a predetermined amount of time during access to the website; and communicating, to a user, an option to allow access to the website when usage of the computer processing unit increases more than the threshold amount during access to the website”.

Therefore the claims are allowable over the cited prior art.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."



Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791.  The examiner can normally be reached on M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR 



7/20/2021


 /J.E.J/ Examiner, Art Unit 2439


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439