Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION
Claims 1-20 are presented for examination. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


3.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gomez (US pat. App. Pub. 20150007330) and in view of Yang et al hereinafter Yang .    
4.	As per claims 1, 9, and 16, Gomez discloses a computer-implemented method, an apparatus, and a storage media comprising: obtaining, from a user device of a plurality of user devices associated with an organization, to install a browser extension for a browser of the user device; generating, for the browser extension, a risk score that is based on risk values for each of one or more permissions requested by the browser extension (paragraphs: 10, 22-24, and 37, wherein it emphasizes that generating the risk score for browser extension based on risk values for each permitted browser extension); determining whether the browser extension satisfies risk standards of the organization by comparing the risk score to a threshold value for the organization; and in response to determining that the browser extension satisfies the risk standards, automatically adding the browser extension to a whitelist of permitted extensions for approved installation on the plurality of user devices (paragraphs: 11-13, 26-27, and 41-46; wherein it elaborates if the browser extension satisfies the risk standards comparing the risk score to a threshold value then it will be added to the browser extension of permitted list). Although, Gomez mentions risk score for browser extension and important of satisfying the risk score to the threshold value for the organization to approval for the browser extension. He does not specifically mention a request to install a browser extension for a browser, wherein the request comprises an extension identifier and a business justification for the browser extension. In the same field of endeavor, Yang and Prakash discloses a request to install a browser extension for a browser of the user device, wherein the request comprises an extension identifier and a 
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Yang and Prakash’s teachings a request to install a browser extension for a browser of the user device, wherein the request comprises an extension identifier and a business justification for the browser extension with the teachings of Gomez, for the purpose of effectively protecting the browser extension from unauthorized intruders.  
5.	As per claim 2, Gomez discloses the computer-implemented method comprising generating a risk assessment report by: accessing, via an application programming interface, information pertaining to the browser extension from a browser extension store; and analyzing the information to generate the risk assessment report (paragraphs: 8, 40, 51). 
6.	As per claim 3, Gomez discloses the computer-implemented method wherein the information comprises one or more of: manifest information, permission information, content security policy, and extension metadata (paragraphs: 21, 43, 46). 
7.	As per claim 4, Gomez discloses the computer-implemented method, wherein analyzing the information comprises determining whether the browser extension includes one or more of: a vulnerability in a third-party library, a dangerous function, and a dangerous entry point (paragraphs: 12, 37, and 42). 
8.	As per claim 5, Gomez discloses the computer-implemented method comprising: in response to automatically whitelisting the browser extension, transmitting an instruction to the user device to install the browser extension (paragraphs: 10, 29, 39). 

10.	As per claim 7, Gomez discloses the computer-implemented method comprising: determining that an updated version of the browser extension is available; generating, for the updated version of the browser extension, an updated risk score that is based on risk values for each of one or more permissions requested by the updated version of the browser extension; determining whether the updated version of the browser extension satisfies risk standards of the organization by comparing the updated risk score to a threshold value for the organization; and in response to determining that the browser extension does not satisfy the risk standards, removing the browser extension from the whitelist (paragraphs: 11, 24, 35). 
11.	As per claim 8, Gomez discloses the computer-implemented method, wherein the request comprises a business justification for installation of the browser extension (paragraphs: 14, 25, and 45). 
12.	 Claims 10-15, and 17-20 are listed all the same elements of claims 2-9. Therefore, the supporting rationales of the rejection to claims 2-9 apply equally as well to claims 10-15, and 17-20. 

Citation of References
13. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action: 

Mossoba et al (US pat. App. Pub. 20200195626): elaborates herein generally related to a system and method for assessing a fraud risk. In one embodiment, a method for assessing a fraud risk is disclosed herein. A web browser extension executing on the computing device identifies an account associated with the computing device. The web browser extension detects that the computing device navigated to a web page hosted by a third party server. The web browser extension determines that the third party server prompted the computing device to opt into two-factor authentication functionality. The web browser extension determines that the computing device did not opt into the two-factor authentication functionality. The web browser extension prompts, via an application programming interface (API), an organization computing system to update a fraud metric associated with the account.  

Conclusion

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436