DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to application 17/037,265 filed on 9/29/2020.
Claims 1-14 have been examined and are pending in this application. 
The examiner notes the IDSs filed has been considered. 

Claim Objections
Claims 2-14 are objected to because of the following informalities:  
Regarding Claims 2-14; claims 2-14 recites in the preamble “A method as recited...” . The examiner notes for better clarity to further amend the preamble to “The method as recited....” as the claim is referring back to A method claim. Appropriate correction is required.










Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 1, 2, 5, 6, 7, 9, and 11-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Burns et al. (US 8,621,621 B1) in view of Giuliani et al. (US 2014/0281919 A1).

Regarding Claim 1;
Burns discloses method of disabling malware on a user computer (FIG. 1 and col. 1, lines 48-col. 2, lines 11), said method comprising: 
(FIG. 1 – Security Injection System (i.e., protector server) and col. 1, lines 48-col. 2, lines 11 - As depicted in FIG. 1, the content requested by the computing device may include a web page, and the content source may include a web server... The security injection system may receive the web page from the content source and inject security content into the web page. The security injection system may forward the web page to the computing device, and the computing device may proceed to view the web page in a web browser and col. 2, lines 54-57 - ...server...); 
inserting protection code or a reference to said protection code into said Web page to produce a modified Web page (FIG. 1 and col. 1, lines 48-col. 2, lines 11 - The web browser may execute the injected security content in the web page, which may include a process capable of detecting the malicious content without exposing the computing device to the malicious content. Upon detecting the malicious content, the injected security content may, for example, notify the computing device of the malicious so that the malicious content may be removed, quarantined, or otherwise prevented from operating within the computing device. As such, one or more of the implementations described herein provide solutions for protecting computing devices against viruses, spyware, and other type of malicious content and col. 6, lines  61-67 - In such a scenario, security injection system 240 may, therefore, identify security content written in JavaScript for injecting security content into the web page.); and
 returning said modified Web page to said user computer (FIG. 1 and FIG. 6 – Provide Modified Web Page and FIG. 7), wherein said protection code is arranged to 
[capable of detecting malicious content without exposing the computing device to the malicious content] (col. 2, lines 1-2);

	...
	calculating, at an integrity server, a server fingerprint of data of said Web page; 
returning said modified Web page to said user computer, wherein said protection code is arranged to
calculate a client fingerprint of said data of said modified Web page displayed on said user computer, and 
send said client fingerprint from said user computer to said integrity server; and 
comparing, by said integrity server, said client fingerprint with said server fingerprint and taking action if said fingerprints are different.
	However, in an analogous art, Giuliani teaches 
...
	calculating, at an integrity server, a server fingerprint of data of said Web page (Giuliani, [0035] - For instance, a service provider, such as a banking institution, may create one or more websites having one or more web pages that have been made accessible to clients or customers. The service provider may choose to create a digital fingerprint of a web page, a website, and/or resources, such as documents, that are made available to users. For example, the service provide may create a digital fingerprint of web pages in which sensitive information is received, such as a login screen webpage. This digital fingerprint is stored as a server-side fingerprint for later retrieval);
[inserting protection code or a reference to said protection code into said Web page to produce a modified Web page] (Giuliani, [0037] – The code injector may be any device or module that provides a capability to manipulate and manage internet protocol traffic... inject a script);
returning said modified Web page to said user computer, wherein said protection code is arranged to (Giuliani, [0036] - Moreover, the service provider may cause a client-side executable code, such as script, to be inserted into the web content and/or web page code, associated with the web page to be fingerprinted. The inserted client-side executable code, once received at a client computer system, creates a client-side fingerprint of the web page rendered and/or presented to a user and [0037] - For example, code injector 408 may intercept, inspect, and/or transform the inbound and outbound internet protocol traffic. One example of a code injector may be a device utilizing one or more iRules that intercept, inspect, and transform inbound or outbound traffic to inject a script 428, such as a JavaScript, into the content 412. As will be discussed later, the script 428, or client-side executing code that is injected or added into the content 412, may cause a digital fingerprint 422 of a web page rendered or displayed at the computer system 108 to be created. Once a script 428 has been added to the content 412, the content 412 and script 428, now referenced as content and script 416, may be delivered to the computer system 108 via the communication network 112 as content and script);
calculate a client fingerprint of said data of said modified Web page displayed on said user computer (Giuliani, [0036] - The inserted client-side executable code, once received at a client computer system, creates a client-side fingerprint of the web page rendered and/or presented to a user), and 
send said client fingerprint from said user computer to said integrity server (Giuliani,[0036] - The client-side fingerprint is then sent to the server so that the client-side fingerprint and the server-side fingerprint can be compared); and 
(Giuliani,[0036] -  The client-side fingerprint is then sent to the server so that the client-side fingerprint and the server-side fingerprint can be compared. If there exist any discrepancies between the client-side fingerprint and the server-side fingerprint, the user and/or the service provider may be alerted and/or notified. Additionally, other protective measures, such as page redirection, may occur if the two fingerprints do not match.). 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Giuliani to the protector server and inserting a protection code of Burns to include calculating, at an integrity server, a server fingerprint of data of said Web page;  returning said modified Web page to said user computer, wherein said protection code is arranged to calculate a client fingerprint of said data of said modified Web page displayed on said user computer, and send said client fingerprint from said user computer to said integrity server; and comparing, by said integrity server, said client fingerprint with said server fingerprint and taking action if said fingerprints are different in order to apply such teaches to the protection code of Burns
One would have been motivated to combine the teachings of Giuliani to Burns to do so as it provides / allows ensure that a web page a user is viewing is the web page that a service provider indented them to see (Giuliani, [0005]). 




Regarding Claim 2;
Burns and Giuliani disclose the method to Claim 1.
	Burns further discloses further comprising: receiving, at said protection server, a request form said user computer for said Web page (FIG. 1 – Computer Device → Content Request → Security Injection System); and forwarding said request to said origin Web server (FIG. 1 Security Injection System → Content Request → Content Source).

Regarding Claim 5;
Burns and Giuliani disclose the method to Claim 1.
	Giuliani further discloses wherein said protection code is further arranged to calculate said client fingerprint after said data is displayed to said user on said user computer (Giuliani, [0036] - The inserted client-side executable code, once received at a client computer system, creates a client-side fingerprint of the web page rendered and/or presented to a user and [0039] - Thus, web content contained in content and script 416 may be rendered and/or displayed on computer system 108. Upon rendering and/or displaying the content 412, the script 428 containing executable code may be executed on the computer system 108).

Regarding Claim 6;
Burns and Giuliani disclose the method to Claim 1.
Burns further discloses ...said protector server (FIG. 1)
Giuliani further teaches wherein said integrity server is part of said [code injector] (Giuliani, [0037] and [0038] - Alternatively, or in addition, the capability to inject or add a client-side script 428 to content 412 may reside within server 104.).


Regarding Claim 7;
Burns and Giuliani disclose the method to Claim 1.
Burns further discloses wherein said protection code is inserted into said Web page such that said protection code executes before any other code in said modified Web page executes in said browser (col. 6, lines 14-25 - Content injection module 520 may provide functionality with respect to injecting security content. For example, content injection module 520 may enable security injection system 240 to inject security content into a web page or another type of data structure. In one example, content injection module 520 may cooperate with code analysis module 510 to determine a location within the web page for injecting the security content and injecting the security content into the web page. Injecting the proper security content at the proper location within the web page may help ensure that the security content is executed by the browser at an appropriate time (e.g., before any potentially malicious content is executed) and col. 7, lines 1-16 - In one example, security injection system 240 may identify the location within the content that will be executed by the browser first (e.g., at or near the top of the web page).).


Regarding Claim 9;
Burns and Giuliani disclose the method to Claim 1.
Giuliani further teaches wherein said data includes a form of said Web page, a number of forms of said Web page, said Web page, a DOM (document object model) of said Web page, a link of said Web page, or an element of said Web page (Giuliani, [0025] – DOM... elements... forms... and [0026]).

Regarding Claim 11;
Burns and Giuliani disclose the method to Claim 1.
Burns further discloses wherein said protection code is further arranged to not determine whether any malware does exist on said user computer (col. 7, lines 60-col. 8, lines 4 - As mentioned above, the security content may be capable of detecting the malicious content in the web page, notifying computing device 210 of the malicious content, and/or protecting computing device 210 form the malicious content... In some implementations, inserting the security content at or near the top of web page 7108 may ensure that the security content is executed prior to the malicious content, thereby providing the security content to establish a safe execution environment for detecting the malicious code without permitting the malicious content to harm computing device 210).  As noted the malicious content exists on the web page so the protection code is arranged to not determine if malware does exist on said user computer as it detects with respect to the web page.



Regarding Claim 12;
Burns and Giuliani disclose the method to Claim 1.
Burns further discloses wherein no additional software is necessary on said user computer in order to detect said malware (col. 7, lines 23-25 – executed by the browser). As noted by using a browser no additional software is necessary.

Regarding Claim 13;
Burns and Giuliani disclose the method to Claim 1.
Burns further discloses wherein no additional software is necessary on said origin Web server in order to detect said malware (Burns, FIG. 1 – Security Injection System and Content Source).  As noted the security injection system injects the injected security content so the Content Source does not focus on detecting malware.

Regarding Claim 14;
Burns and Giuliani disclose the method to Claim 7.
Burns further discloses wherein said protection code executes when said browser begins executing code in said modified Web page (col. 6, lines 14-25 - Content injection module 520 may provide functionality with respect to injecting security content. For example, content injection module 520 may enable security injection system 240 to inject security content into a web page or another type of data structure. In one example, content injection module 520 may cooperate with code analysis module 510 to determine a location within the web page for injecting the security content and injecting the security content into the web page. Injecting the proper security content at the proper location within the web page may help ensure that the security content is executed by the browser at an appropriate time (e.g., before any potentially malicious content is executed) and col. 7, lines 1-16 - In one example, security injection system 240 may identify the location within the content that will be executed by the browser first (e.g., at or near the top of the web page).).

Claim 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Burns et al. (US 8,621,621 B1) in view of Giuliani et al. (US 2014/0281919 A1) and further in view of Zhao et al.  (US 2016/0147992 A1).

Regarding Claim 3;
Burns and Giuliani disclose the method to Claim 2.
	Burns and Giuliani fail to explicitly disclose further discloses wherein said request identifies a domain of said origin Web server, and wherein said request is received at said protector server by virtue of a DNS (Domain Name System) entry that directs said request to said protector server.
	However, in an analogues art, Zhao further teaches wherein said request identifies a domain of said origin Web server, and wherein said request is received at said protector server by virtue of a DNS entry that directs said request to said protector server (Zhao, [0111] - Intermediary computer may intercept a request from browser, generate a new and/or modified request, and send the new and/or modified request to web infrastructure 305 and [0113] - Intermediary computer may be a server computer that one or more domain name servers or other elements of the domain name system ("DNS") identify in DNS records as a destination network address associated with one or more internet domain names... Based on using DNS to resolve the domain name in a request to a network address, intermediary computer may forward the request, or a modified request, to a server computer in web infrastructure, such as original web server computer).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Zhao to the request of Burns and Giuliani to include wherein said request identifies a domain of said origin Web server, and wherein said request is received at said protector server by virtue of a DNS entry that directs said request to said protector server. 
One would have been motivated to combine the teachings of Zhao to Burns and Giuliani in order to provide for improving the security of client computers executing instructions received from server computers (Zhao, [0001]).

Claim(s) 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Burns et al. (US 8,621,621 B1) in view of Giuliani et al. (US 2014/0281919 A1) and further in view of Liske (US 2009/0271866 A1).

Regarding Claim 4;
Burns and Giuliani disclose the method to Claim 1.
	Burns and Giuliani both disclose wherein said protection code is further arranged to... (Burns, col. 1, lines 48-col. 2, lines 11 and Giuliani, [0037]).
Burns and Giuliani fail to explicitly disclose establish itself as the lowest entry in an event handler stack of said Web page
 (Liske, [0052] - This invention protects against malicious form-grabbing software and stops it from capturing passwords and other data. Initially, software in accordance with the present invention installs itself at the 0 ring level for all browser events within a stack) is arranged to:
establish itself as the lowest entry in an event handler stack of said Web page (Liske, [0052] - This invention protects against malicious form-grabbing software and stops it from capturing passwords and other data. Initially, software in accordance with the present invention installs itself at the 0 ring level for all browser events within a stack ... The software in accordance with the present invention installs itself to the stack last, to ensure it is called first to prevent any key logger logic from circumventing the protection and [0055] – This embodiment of the invention affects the current ... event handler upon each IE event or the equivalent event handler in other types of browsers and [0065]-[0067] – Internet Explorer... Set a hook at 0 ring in the API Stack).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Liske to the protection code of Burns and Giuliani to include wherein said protection code is arranged to: establish itself as the lowest entry in an event handler stack of said Web page. 
One would have been motivated to combine the teachings of Liske to Burns and Giuliani in order to provide protection against the operation of malware commonly used in identify-theft and cyber-fraud (Liske, [0003]).

Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Burns et al. (US 8,621,621 B1) in view of Giuliani et al. (US 2014/0281919 A1)and further in view of Lee (US 8,677,481 B1).

Regarding Claim 8;
Burns and Giuliani disclose the method to Claim 1.
	Burns and Giuliani fail to explicitly disclose wherein said Web page includes said reference, said method further comprising: retrieving said protection code using said reference before executing said protection code in said browser.
However, in an analogous art, Lee teaches wherein [a] Web page includes said reference and said method further comprising: retrieving said protection code using said reference before executing said protection code is said browser (Lee, FIG. 6 -Receive portal page —> Download verifier using portal page and col. 7, lines 4-9 - URL of the web page verifier).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Lee to the protection code of Burns and Giuliani to include wherein [a] Web page includes said reference and said method further comprising: retrieving said protection code using said reference before executing said protection code is said browser. 
One would have been motivated to combine the teachings of Lee to Burns and Giuliani in order to provide checking malicious changes to web pages (Lee, col. 1, lines 5-9).




Claim 10  is/are rejected under 35 U.S.C. 103 as being unpatentable over Burns et al. (US 8,621,621 B1) in view of Giuliani et al. (US 2014/0281919 A1)and further in view of Baghdasaryan et al. (US 2014/0189360 A1).
 
Regarding Claim 10;
Burns and Giuliani disclose the method to Claim 1.
Giuliani teaches concepts of a client fingerprint (Giuliani, FIG. 7).
Burns and Giuliani fail to explicitly disclose further comprising: determining that said client [response] is not received at said integrity server; and taking an action when it is determined said client [response] is not received by said integrity server.
However, in an analogous art, Baghdasaryan teaches further comprising: determining that said client [response] is not received at said ... server (Baghdasaryan, [0080] - In one embodiment, the random challenge comprises a randomly generated code such as a cryptographic nonce. In current systems, after a server transmits a random challenge to the client, if the client does not respond within a specified timeout period, the random challenge is no longer valid and the client will receive an error in response to a subsequent authentication attempt (e.g., the user will swipe a finger on the fingerprint reader and be denied); and taking an action when it is determined said client [response] is not received by said ... server (Baghdasaryan, [0080] - In one embodiment, the random challenge comprises a randomly generated code such as a cryptographic nonce. In current systems, after a server transmits a random challenge to the client, if the client does not respond within a specified timeout period, the random challenge is no longer valid and the client will receive an error in response to a subsequent authentication attempt (e.g., the user will swipe a finger on the fingerprint reader and be denied);
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Baghdasaryan to the integrity server of Burns and Giuliani to include further comprising: determining that said client [response] is not received at said ... server and taking an action when it is determined said client [response] is not received by said ... server.
One would have been motivated to combine the teachings of Baghdasaryan to Burns and Giuliani in order to provide transaction singing within an authentication framework so no transaction states need to be maintained (Baghdasaryan. [0002])

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385.  The examiner can normally be reached on Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/KARI L SCHMIDT/Primary Examiner, Art Unit 2439