DETAILED ACTION

Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The present office action is responsive to communications received on 5/7/2021. Applicant cancelled claims 4, 11 and 18. Claims 1-3, 5-10, 12-17 and 19-20 are pending.

Response to Arguments
Applicant’s arguments filed 5/7/2021, drawing filed 8/11/2021, and with this Examiner's Amendment, have been fully considered and are persuasive. All previous objections and rejections have been withdrawn.

Examiner's Amendment
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given by Mr. Michael Fainberg on 8/12/2021. An examiner's amendment to the record appears below, which is based on claims submitted 5/7/2021.

1.	(Currently Amended) A method for secure online authentication, comprising:
determining, by a secure device, that a connection is being established between a browser application installed on a computer system and a protected website by analyzing web requests from the , wherein the secure device queries a plugin of the browser application to determine that the connection is being established with the protected website;
obtaining, at the secure device, information for the protected website when a request for authentication is received from the protected website;
establishing a protected data transmission channel between the secure device and the protected website, wherein establishing the protected data transmission channel comprises at least:
requesting, by the secure device, information related to a last virus protection activity of the computer system; and
	determining settings of the protected data transmission channel based on a plurality of rules, wherein the settings of the protected data transmission channel include at least encryption requirements and connection requirements and wherein the plurality of rules determine the settings of the protected data transmission channel;
receiving one or more authentication certificates from the protected website using the protected data transmission channel having the determined settings;
verifying validity of the one or more authentication certificates;
responsive to the one or more authentication certificates being verified, performing authentication and transmitting, from the device, authentication data stored on the device to the protected website; 
in response to successful authentication from the protected website, transmitting a new session identifier from the device to the browser application for enabling access to the protected website; and
requesting that the browser application dispatch the new session identifier to the protected website in response to the connection being established via the web requests.

2.	(Original) The method of claim 1, further comprising:


3.	(Original) The method of claim 1, wherein the one or more authentication certificates is a tree of certificates. 

4. 	(Cancelled) 
5.	(Currently Amended) The method of claim [[4]] 1, further comprising:
	saving a list of protected websites at the device or the plugin.

6.	(Previously Presented) The method of claim 5, further comprising:
	downloading the list of protected websites when the secure device is connected to  the computer system where the browser application is installed; and
saving the list to the device.

7.	(Original) The method of claim 1, further comprising:
	obtaining headers or a list of downloaded scripts when establishing the protected data transmission channel; 
	calculating a hash sum of the headers or the list of downloaded scripts;
	comparing the hash sum with hash sums stored on the secure device;
	in response to nonmatching hash sums, disconnecting the protected data transmission channel. 

8.	(Currently Amended) A system for secure online authentication, comprising:

determine, by a secure device, that a connection is being established between a browser application installed on the system and a protected website by analyzing web requests from the browser application, wherein the secure device queries a plugin of the browser application to determine that the connection is being established with the protected website;
obtain, at the secure device, information for the protected website when a request for authentication is received from the protected website;
establish a protected data transmission channel between the secure device and the protected website, wherein the hardware processor configured to establish the protected data transmission channel is further configured to:
request, by the secure device, information related to a last virus protection activity of the 
determine settings of the protected data transmission channel based on a plurality of rules, wherein the settings of the protected data transmission channel include at least encryption requirements and connection requirements and wherein the plurality of rules determine the settings of the protected data transmission channel;
receive one or more authentication certificates from the protected website using the protected data transmission channel having the determined settings;
verify validity of the one or more authentication certificates;
responsive to the one or more authentication certificates being verified, perform authentication and transmitting, from the device, authentication data stored on the device to the protected website; 
in response to successful authentication from the protected website, transmit a new session identifier from the device to the browser application for enabling access to the protected website; and
request that the browser application dispatch the new session identifier to the protected website 

9.	(Original) The system of claim 8, wherein the hardware processor is further configured to:
	in response to the one or more authentication certificates being not verified, disconnect the protected transmission channel. 

10.	(Original) The system of claim 8, wherein the one or more authentication certificates is a tree of certificates. 

11. 	(Cancelled).

12.	(Currently Amended) The system of claim [[11]] 8, wherein the hardware processor is further configured to:
	save a list of protected websites at the device or the plugin.

13.	(Currently Amended) The system of claim 12, wherein the hardware processor is further configured to:
	download the list of protected websites when the secure device is connected to [[a computer]] the system where the browser application is installed; and
save the list to the device.

14.	(Original) The system of claim 8, wherein the hardware processor is further configured to:
	obtain headers or a list of downloaded scripts when establishing the protected data transmission channel; 

	compare the hash sum with hash sums stored on the secure device;
	in response to nonmatching hash sums, disconnect the protected data transmission channel.

15.	(Currently Amended) A non-transitory medium storing instructions thereon for secure online authentication, the medium comprising:
determining, by a secure device, that a connection is being established between a browser application installed on a computer system and a protected website by analyzing web requests from the browser application, wherein the secure device queries a plugin of the browser application to determine that the connection is being established with the protected website;
obtaining, at the secure device, information for the protected website when a request for authentication is received from the protected website;
establishing a protected data transmission channel between the secure device and the protected website, wherein establishing the protected data transmission channel comprises at least:
requesting, by the secure device, information related to a last virus protection activity of the computer system; and
determining settings of the protected data transmission channel based on a plurality of rules, wherein the settings of the protected data transmission channel include at least encryption requirements and connection requirements and wherein the plurality of rules determine the settings of the protected data transmission channel;
receiving one or more authentication certificates from the protected website using the protected data transmission channel having the determined settings;
verifying validity of the one or more authentication certificates;

in response to successful authentication from the protected website, transmitting a new session identifier from the device to the browser application for enabling access to the protected website; and
requesting that the browser application dispatch the new session identifier to the protected website in response to the connection being established via the web requests.

16.	(Original) The medium of claim 15, further comprising:
	in response to the one or more authentication certificates being not verified, disconnecting the protected transmission channel. 

17.	(Original) The medium of claim 15, wherein the one or more authentication certificates is a tree of certificates. 

18. 	(Cancelled). 

19.	(Currently Amended) The medium of claim [[18]] 15, further comprising:
	downloading a list of protected websites when the secure device is connected to [[a]] the computer system where the browser application is installed; and
saving the list to the device.

20.	(Original) The medium of claim 15, further comprising:
	obtaining headers or a list of downloaded scripts when establishing the protected data 
	calculating a hash sum of the headers or the list of downloaded scripts;
	comparing the hash sum with hash sums stored on the secure device;
	in response to nonmatching hash sums, disconnecting the protected data transmission channel. 

Allowable Subject Matter
The claims 1-3, 5-10, 12-17 and 19-20 are allowed.
This communication warrants no examiner's reason for allowance, as applicant's reply makes evident the reason for allowance, satisfying the record as whole as required by rule 37 CFR 1.104 (e). In this case, the substance of applicant's remarks in the Amendment filed on 5/7/2021 point out the reasons claims are patentable over the prior art of record. Thus, the reason for allowance is in all probability evident from the record and no statement for examiner's reason for allowance is necessary (see MPEP 1302.14).
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20120329388 A1, "NFC-Enabled Devices to Store and Retrieve Portable Application-Specific Personal Information for Use with Computational Platforms", by Royston, teaches that prior to providing a user's account credentials or other access control information to 
US 20160021108 A1, "Rule sets for client-applied encryption in communications networks", by Houston, teaches that a rule set for client-applied encryption is created and deployed to a client device by a network device over a communications network. Encryption applied by the client in accordance with the rule set may form the basis of a secure connection in which encrypted information is encapsulated and tunneled across a network that includes a wired or wireless interface through which the client obtains network connectivity. The client monitors operating conditions, including operating conditions of the communications network, client device, and/or service provider. The rule set includes one or more rules that may be used by the client in combination with the detected operating conditions to select the appropriate encryption protocol for the secure connection.
US 7613445 B1, "Cost control system for access to mobile services", by Stanev, teaches that the server can send information, such as virus definition updates, software patches, etc., across the networks and to the mobile devices. Additionally, the mobile devices can send out information or make requests (e.g., send out event reports regarding the last virus scan conducted, send requests for software updates, etc.) across the networks to the server or to other devices or computers.
US 20170206351 A1, “Mobile device security monitoring and notification”, by Jay, teaches that Android OS devices may be operated in a common criteria (CC) mode that enables 
US 20070005777 A1, “Client web service access”, by Fremantle, teaches that the policy file may contain details for the client of response time requirements, security level requirements, transaction requirements, cost requirements, availability requirements, application layer protocol requirements, additional information requirements, and/or web service implementation requirements.
US 9356804 B1, “Policy-based network connection resource selection”, by Passaglia, teaches that the first set of web socket connection policies or the second set of web socket connection policies includes at least one of an encryption connection policy, a compression connection policy, a latency connection policy, a throughput connection policy, a cost policy, a roaming allowed policy, a short-lived policy, a request response only policy, a secure connection requirement policy, a WiFi requirement policy, or a priority policy.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAN YANG whose telephone number is (408)918-7638. The examiner can normally be reached on Monday to Friday, 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/H.Y./Examiner, Art Unit 2493

/PETER C SHAW/Primary Examiner, Art Unit 2493