DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined and are pending.
Examiner Comments

Claim 14 is directed towards a system claim with a “scan engine” and has been analyzed for 35 USC 101. The claim states: a system for detecting a phishing message comprising a scan engine. “Engine” is being interpreted as software. No 35 USC 101 deemed necessary since specification states: Implementation of the method and system of the present disclosure involves performing or completing certain selected tasks or steps manually, automatically, or a combination thereof. Moreover, according to actual instrumentation and equipment of preferred embodiments of the method and system of the present disclosure, several selected steps could be implemented by hardware or by software on any operating system of any firmware or a combination thereof. For example, as hardware, selected steps of the disclosure could be implemented as a chip or a circuit. As software, selected steps of the disclosure could be implemented as a plurality of software instructions being executed by a computer using any suitable operating system. In any case, selected steps of the method and system of the disclosure could be described as being performed by a data processor, such as a computing platform for executing a plurality of instructions (p. 10, para 2).

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/27/2020 and 04/04/2021 were filed.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure. See lines 1 and 2.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc.  In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.
Claim Objections
Claims 1, 11, 13-14, and 16 objected to because of the following informalities:  
Claim 1, lines 5 and 10: clarify "the message"; suggest "the phishing message;"   appears to be another message. 
Claim 2, line 2: spell out the first instance of “...CSS of the webpage...” as: Cascading Style Sheets (CSS).
Claim 11, line 2: antecedent basis for "the message recipient IP address range."
Claim 13, lines 1 and 2: clarify "the message"; suggest "the phishing message;" appears to be another message.  
Claim 14, lines 5 and 6: “...adapted to detect...adapted to download...;” indicates intentional use language. Recommends deletion, as to use active voice.
Claim 14, lines 5 and 9: clarify "the message"; suggest "the phishing message;” appears to be another message.  
Claim 16, line 5: antecedent basis for "the message recipient IP address range." 
Claim 15, line 8: spell out the first instance of “...CSS of the webpage...” as: Cascading Style Sheets (CSS).
Appropriate correction is required.
CLAIM INTERPRETATION
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “a fetcher...software modules...” in claims 1 and 14.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


In claims 10 and 19, the phrase “can be” renders the claim indefinite because it is unclear whether the limitations following the phrase are part of the claimed invention. See MPEP 2173.05(d).
In claims 2, 4, 6, 15, and 16, the phrase "a combination of the above" renders the claim indefinite because it is unclear whether the limitations preceding the phrase are part of the claimed invention. See MPEP 2173.05(d).
Claims 1 and 14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim limitation “a fetcher...software modules...” invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed  The specification is devoid of adequate structure to perform the claimed function of download and analyze a webpage. At most, the specification states the fetcher is “adapted to” download and analyze a webpage; and software “modules” for detection of phishing that may run on computing devices [paras 0029, 0054, and 0056].  It is unclear whether the claim limitation is modified by sufficient structure for performing the claimed function. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 

(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3, 5-14, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al., hereinafter (“Smith”), US PG Publication (20160191548 A1), in view Goutal, US PG Publication (20180278627 A1).
Regarding claims 1 and 14, Smith teaches a method for detecting a phishing message comprising; and a system for detecting a phishing message comprising: [Smith et al 20160191548A1, ¶0037: typical form of phishing attacks occur in the form of malicious emails sent to user containing links or references to illegitimate web pages (a phishing message), etc.
a.    a scan engine; [Smith et al 20160191548A1, ¶¶0038 and 0066: An apparatus/system/method provided for fraud detection; monitors and detect legitimacy of emails or email content, links, images, videos, etc. Performs routine and continual crawling (a scan engine) to collect information associated with suspect activity] and
b.    a fetcher; [Smith, ¶0066: apparatus/system/method provided for fraud detection with a collection process (a fetcher) accesses an initial webpage through standard HTTP request and downloads its content for analysis.]
a.    providing a phishing detector comprising a scan engine and a fetcher, wherein the scan engine and the fetcher are software modules running on at least one computing device; [Smith, See Fig. 2, 3, and 4 ¶¶0038-0039 and 0065-0066: An apparatus/system/method provided for fraud detection (a phishing detector); where aforementioned malicious web content could be identified by a scoring engine, monitors and detect legitimacy of emails or email content, links, images, videos, etc. Performs routine and continual crawling (a scan engine) to collect information associated with suspect activity; with a collection process (a fetcher) accesses an initial webpage through standard HTTP request and downloads its content for analysis. Each of the devices in the network are computers, mobile device, PDAs, etc. may first pass through or be subject to one or more security devices or applications, such as a proxy server 119 or firewall 111.]
b.    detecting a URL in the message by the scan engine; [Smith, ¶0101: Security device 824 and system 814 may be operatively coupled or may communicate data based on  URL blacklists]
c.    resolving the URL to a webpage by the scan engine; [Smith, See ¶¶0038 and 0066: continual crawling (a scan engine); ¶0073: using standard Domain Name Service (DNS) lookup operations (resolving the URL), it may be determined that domains 411, 412, and/or 413 are hosted by various IP addresses; as a result catalog URL 300, along with various constituent parts of the URL 300.  The domains and/or IP addresses may be further queried to reveal additional information, such as the web page 310 (a webpage) registrants 420.]
d.    downloading the webpage by the fetcher; [See Smith, See Fig. 2, 3, and 4 ¶¶0038-0039 and 0065-0066: ...downloads web page content for analysis.]
While Smith teaches the scan engine [See Smith, ¶¶0038 and 0066: continual crawling (a scan engine)] and the downloaded webpage [See Smith, See Fig. 2, 3, and 4 ¶¶0038-0039 and 0065-0066: ...downloads web page]; however, Smith fails to explicitly teach but Goutal teaches 
e.    analysis of the downloaded webpage by the fetcher to determine whether the webpage is a phishing webpage; wherein when the webpage is determined to be a phishing webpage, deleting the message by the scan engine. [Goutal, ¶0002: Spear phishing performs thorough study of the enterprise drawing from sources of information such as: corporate website. ¶¶0019-0020: attacker finds email address of CEO and accountant of corporate website; as stated spear phishing attack relies on impersonation. ¶¶0147 and 0153-0154: Features vectors may also include a binary value that indicate the text/html part of an email. The affected model status determines through “learning”, if the classification receives email likely malicious at B43; B47 carries out a true positive (TP) reported to Email Spoofing & spear phishing Protection Layer (ESPL) service 108 and malicious received email may be deleted. Examiner, interprets the identified email with html portion as a spear phishing attack analogous to a phishing webpage.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of method and system for misuse detection of Smith before him or her by including the teachings of detection of email spoofing and spear phishing attacks of Goutal. The motivation/suggestion would have been obvious to try the updates of the SVN model to repeatedly determine upon receipt of each email is potential phishing attack(s) [Goutal, ¶0154]. 

Smith teaches wherein the analysis comprises analyzing the HTML structure and HTML code for similarities to known phishing kits. [Smith, ¶0075: web page 310 displays several hyperlinks 311-314, from which additional URLs 320, 330, and 340 may be gleaned; HTTP requests may be made to each such URL analysis of the content of each associated website. Further analysis of binary information of executable file 450 (HTML code) where comparison of part 450 (HTML structure) of executable file with virus signature 460 (known phishing kits).]
Regarding claims 5 and 11, the combination of Smith and Goutal teach claim 1 as described above.
Smith teaches wherein the analysis comprises performing machine learning based analysis of the language used on the webpage. [Smith, ¶0099: further machine learning to identify false positives.]

Regarding claim 6, the combination of Smith and Goutal teach claim 1 as described above.
Smith teaches wherein the method for the downloading of the webpage is selected from the group consisting of:
a.    the webpage is downloaded multiple times each using a different source IP address; [Smith, ¶0037: phishing attacks occurs in the form of malicious emails sent to users containing links or references to illegitimate web pages, illegitimate web content]
b.    the webpage is downloaded using multiple user agents; [Smith, ¶0070: downloaded webpage content is analyzed] and
c.    a combination of the above. [Smith, ¶0109: Various computer languages or protocols such an algorithm, scripts, etc. are used to assess information present in source document. Document downloaders 910 could take any form, such as in information-seeking/delivering web crawlers, email monitoring software, or any other form of hardware, software, or combination thereof.]
Regarding claim 7, the combination of Smith and Goutal teach claim 5 as described above.
Smith teaches wherein the machine learning based analysis of the webpage language is based on one or more of word counting, term frequency-inverse document frequency, or cluster counting of GloVe (Global Vectors for Word Representation). [Smith, ¶0110: Word expressions often perform the “heavy lifting” of the scoring process. Word expressions are usually mathematical equations, where the variables in the equations might represent, for example, a number of occurrences of keywords, patterns, or otherwise identifiably potentially malicious trends in the digital media document text. The word expression engine is usually optimized to efficiently search for thousands of various patterns in a document.]


Smith teaches further comprising URL analysis by the scan engine for one or more of suspicious characteristics, URL metadata, or suspicious URLs. [Smith, ¶0071: RL 300 may be selected on account of previously known information about the content hosted by that URL—for example, evidence of pirating of copyright-protected media such as movies, music or software—or the suspicious web page 310 may be encountered randomly through the previously mentioned web crawling operations.]

Regarding claim 9, the combination of Smith and Goutal teach claim 1 as described above. 
Smith teaches wherein the method for the downloading of the webpage comprises: by the fetcher, executing redirect code to resolve the destination web page. [See Smith, ¶¶ 0065-0066: ...downloads web page content for analysis.]
Regarding claim 11, the combination of Smith and Goutal teach claim 1 as described above. 
Smith teaches wherein the webpage is downloaded using an IP address from the message recipient IP address range. [Smith, ¶074: he range of IP addresses 430 may also be considered a “link,” since it may be inferred that other IP addresses (not listed) falling within that range or associated with a similar geographical IP range may be suspect.]

Regarding claim 13, the combination of Smith and Goutal teach claim 1 as described above. 
However, the combination of Smith and Goutal fail to explicitly teach but Hou teaches wherein the message is in a user inbox and the deleting of the message comprises removing the message from the user inbox. [Goutal, ¶0153: I If the classification indicates that the received email is likely legitimate, the received email may be moved to the recipient's inbox as shown at B44. According to one embodiment, if the user, after having read the email or even without reading the email, reports that the received email is likely malicious, a false negative (FN) may be reported to the centralized ESPL service 108, the SVM model may be updated, as may be the code that builds the features vector and/or the code that builds the contact model, as generally shown at 222 in FIG. 2A, and the email deleted as shown at B49.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Smith and Goutal before him or her by including the teachings of method and system for downloading content of Hou. The motivation/suggestion would have been obvious to try the features of classification to identify which message should be removed [Hou, ¶¶0023, 0025 and 0028]. 
Claims 2 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al., hereinafter (“Smith”), US PG Publication (20160191548 A1), in view Goutal, US PG Publication (20180278627 A1), in view of Wright et al., hereinafter (), US PG Publication (20180063190 A1), in view of Lindsay, US PG Publication (20180247483 A1).
Regarding claims 2, the combination of Smith and Goutal teach claim 1 as described above.
Smith teaches wherein the analysis is selected from the group consisting of:
b.    performing machine learning based image analysis of images found on the webpage to match the images to known genuine phishing target logos; [Smith, ¶¶0038 and 0099: fraud detection of emails, email content: links, images, videos, etc. through use of machine learning]
While Smith teaches performing analysis of web forms on the web page [See Smith, ¶0089: In certain embodiments, “behavioral analysis” may encompass any type of analysis similar to that which would be performed on URLs, domain names, IP addresses, or similar links during the crawling and collection operations. ¶¶0262-0263: identify a spear phishing target attack where a false web page reproduce portion of the web pages such as: login and/or password boxes.]; however, the combination of Smith and Goutal fail to explicitly teach but Wright teaches
a.    performing analysis of the CSS of the webpage and comparison of the webpage CSS to the CSS of known phishing pages or genuine webpages of known phishing page brands/targets; [Wright et al 20180063190 A1, ¶0014: (2) an attacker copies the target website--including the tattler code--in order to setup an attack website (e.g., a phishing website); ¶0015: (4) the target website receives referrer data indicating information regarding the previous website (e.g., the attack website) that directed the victim to the target website; (6) the legitimacy of the attack website is evaluated (e.g., by comparing referrer data and/or other website monitoring data with known attack website information);  and ¶0019: Tattler includes JavaScript code, including HTML, CSS, etc.; collects, analyzes, and/or transmits website monitoring data when executed.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Smith and Goutal before him or her by including the teachings of a method for identifying phishing websites and hindering associated activity of Wright. The motivation/suggestion would have been obvious to try tattler code to analyze web pages and referrer data [Wright, ¶¶0014-0015]. 
However, the combination of Smith, Goutal, and Wright fail to explicitly teach but Lindsay teaches 
c.    performing analysis of web forms for credential submission on the webpage; [Lindsay 20180247483, ¶0197: the PIN Safety Service 808 regarding the user's account or can be supplemented by accessing the security database 810 as needed. While the required data can be obtained and processed in any of several ways known to those in the art, the submitted user credentials received in the attempted transaction with the merchant 828 are compared with the known credentials that the credit card company 812 associates with the user 802 ] and
d.    a combination of the above. [Lindsay 20180247483, ¶0204: Preventing Phishing and Fake Login Pages by anti-phishing scheme requires convert validation action to verify website being operated by legitimate party.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Smith, Goutal, and Wright before him or her by including the teachings of a security systems for protecting an asset of Lindsay. The motivation/suggestion would have been obvious to try reduce the risk of others stealing login information using fake login pages or fake sites designed to look like a trusted site such as a bank's login page [Lindsay, ¶0204]. 

Regarding claim 15, the combination of Smith, Goutal, Wright, and Lindsay teach claim 14 as described above.
Smith teaches wherein the analysis is selected from the group consisting of:
a. computing webpage fingerprints for multiple HTML page elements and comparing the webpage fingerprints to existing webpage fingerprints of known phishing page targets and known phishing sites; [Wright et al 20180063190 A1, ¶0031: S110 include generating digital fingerprints for visitors of the attack website. A digital fingerprint preferably identifies an individual based on web browser data, device data, other website monitoring data, and/or other suitable information associated with the individual. Attack website visitor fingerprints can be compared against known attacker digital fingerprints (e.g., in S132) in identifying attackers and/or illegitimate attack websites.]
b.    performing image analysis and comparison of the page favicon of the webpage to favicons known to be used in phishing pages and also genuine favicons of known phishing page targets; [Wright et al 20180063190 A1, ¶0056: In this variation, automatically classifying a potential attack website can include generating one or more models for distinguishing between non-attack websites and attack websites; where attack website features can include: URL features (e.g., favicon)]
c.    performing machine learning based image analysis and comparison of the webpage or parts of the webpage to known phishing pages or genuine webpages or parts of genuine webpages of known phishing page targets/brands; [Wright et al 20180063190 A1, ¶0056: Attack website features can be extracted from website monitoring data (e.g., collected in S110), attack website activity (e.g., monitored in S150), and/or any suitable data. Attack website features can include: URL features (e.g., favicon, host name, URL shortening usage...website code features In an example, S132 can include generating a machine learning classifier model that outputs whether a website is an attack website or a non-attack website, and/or outputs a ranking (e.g., a score of 1-10) of the legitimacy of the website.]
d.    performing analysis of the CSS of the webpage and comparison of the webpage CSS to the CSS of known phishing pages or genuine webpages of known phishing page brands/targets; [Wright et al 20180063190 A1, ¶0014: (2) an attacker copies the target website--including the tattler code--in order to setup an attack website (e.g., a phishing website); ¶0015: (4) the target website receives referrer data indicating information regarding the previous website (e.g., the attack website) that directed the victim to the target website; (6) the legitimacy of the attack website is evaluated (e.g., by comparing referrer data and/or other website monitoring data with known attack website information);  and ¶0019: Tattler includes JavaScript code, including HTML, CSS, etc.; collects, analyzes, and/or transmits website monitoring data when executed. ]
e.    performing machine learning based image analysis of images found on the webpage to match the images to known genuine phishing target logos; [Smith, ¶¶0038 and 0099: fraud detection of emails, email content: links, images, videos, etc. through use of machine learning]
While Smith teaches performing analysis of web forms on the web page [See Smith, ¶0089: In certain embodiments, “behavioral analysis” may encompass any type of analysis similar to that which would be performed on URLs, domain names, IP addresses, or similar links during the crawling and collection operations. ¶¶0262-0263: identify a spear phishing target attack where a false web page reproduce portion of the web pages such as: login and/or password boxes.]; however, the combination of Smith and Goutal fail to explicitly teach but Lindsay teaches
g.    performing analysis of web forms for credential submission on the webpage; [Wright et al 20180063190 A1, ¶0024: activation of the tattler may function also function to collect attack website activity that, in some embodiments, includes user activity while visiting the attack website in which the user activity includes providing user credentials and the like. In the case that the tattler detects a visitor providing credentials to the attack website, the tattler may function to capture the credentials data and specifically] and
h.    a combination of the above. [Lindsay 20180247483, ¶0204: Preventing Phishing and Fake Login Pages by anti-phishing scheme requires convert validation action to verify website being operated by legitimate party.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Smith and Goutal before him or her by including the teachings of a security systems for protecting an asset of Lindsay. The motivation/suggestion would have been obvious to try reduce the risk of others stealing login information using fake login pages or fake sites designed to look like a trusted site such as a bank's login page [Lindsay, ¶0204]. 
Regarding claims 16, the combination of Smith and Goutal teach claim 14 as described above.
Smith teaches wherein the method for the downloading of the webpage is selected from the group consisting of:
a.    the webpage is downloaded multiple times each using a different source IP address; [Smith, ¶0037: phishing attacks occurs in the form of malicious emails sent to users containing links or references to illegitimate web pages, illegitimate web content]
b.    the webpage is downloaded using an IP address form the message recipient IP address range; [Smith, ¶0070: downloaded webpage content is analyzed; ¶0074: the range of IP addresses 430 may also be considered a “link,” since it may be inferred that other IP addresses (not listed) falling within that range or associated with a similar geographical IP range may be suspect.] and
d.    a combination of the above. [Smith, ¶0109: Various computer languages or protocols such an algorithm, scripts, etc. are used to assess information present in source document. Document downloaders 910 could take any form, such as in information-seeking/delivering web crawlers, email monitoring software, or any other form of hardware, software, or combination thereof.]

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Smith et al., hereinafter (“Smith”), US PG Publication (20160191548 A1), in view Goutal, US PG Publication (20180278627 A1), in view of Lindsay, US PG Publication (20180247483 A1).

Regarding claim 4, the combination of Smith and Goutal teach claim 1 as described above.
Smith teaches wherein the analysis is selected from the group consisting
of:
a.    computing webpage fingerprints for multiple HTML page elements and comparing the webpage fingerprints to existing webpage fingerprints of known phishing page targets and known phishing sites; [Smith, ¶0265: scanning emails containing multiple forms; ¶0267: metadata helps in identifying potentially malicious parties by comparison of various forms of electronic signatures]
b.    performing image analysis and comparison of the page favicon of the webpage to favicons known to be used in phishing pages and also genuine favicons of known phishing page targets; [Lindsay, ¶¶0206, 0209 and 0219-0220: FIG. 19 depicts a portion of graphical user interface 1000 that illustrates some aspects of a system in which a user (not shown) can verify that a Web site or other electronic interface is legitimate, or in other words, that it is operated by an authorized service as opposed to being sham for extracting information from a user. Modified favicon 1020 displayed can be accessed to determine if accessing legitimate Web site.]
c.    performing machine learning based image analysis and comparison of the webpage or parts of the webpage to known phishing pages or genuine webpages or parts of genuine webpages of known phishing page targets/brands; [Smith, ¶0253: the receiving server of the call (e.g., the server that owns the legitimate site bank.com) compares the requested Web page's information to the legitimate Web page's information. The compared information can include IP addresses, URLs, and/or domains,] and
d.    a combination of the above. [See Smith, ¶0253: The compared information can include IP addresses, URLs, and/or domains, or any combination thereof]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Smith and Goutal before him or her by including the teachings of a security systems for protecting an asset of Lindsay. The motivation/suggestion would have been obvious to try reduce the risk of others stealing login information using fake login pages or fake sites designed to look like a trusted site such as a bank's login page [Lindsay, ¶0204]. 

Claims 10, 12, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al., hereinafter (“Smith”), US PG Publication (20160191548 A1), in view Goutal, US PG Publication (20180278627 A1), in view of Hou, US PG Publication (20130332585 A1).

However, the combination of Smith and Goutal fail to explicitly teach but Hou teaches wherein the method for the downloading of the webpage comprises: when the URL does not resolve, attempting multiple times to resolve the webpage over a configurable period of time until the webpage can be downloaded. [Hou, ¶¶0023, 0025 and 0028: When the relationship is established, the identification code of the content related information includes a timestamp. Download engine of portal site configured to download acquire the real URL of the content, and download the content to the terminal which wants to download the content according to the acquired real URL. ¶0035]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Smith and Goutal before him or her by including the teachings of method and system for downloading content of Hou. The motivation/suggestion would have been obvious to try the features of the portal site when attempting downloads [Hou, ¶¶0023, 0025 and 0028]. 


However, the combination of Smith and Goutal fail to explicitly teach but Hou teaches wherein site content that is encrypted or obfuscated is decrypted and executed in order to generate the page HTML. [Hou 20130332585 A1, ¶0090: determining whether to obfuscate elements of the requested resource (e.g., obfuscating an email address such that it will be displayed on the rendered page but obfuscated from the page source]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Smith and Goutal before him or her by including the teachings of method and system for downloading content of Hou. The motivation/suggestion would have been obvious to try the obfuscating elements of rendered web page [Hou, ¶0090]. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Prince et al (US 20110282997 A1) discloses custom responses for resource unavailable errors.
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH W TAYLOR whose telephone number is (571)270-0682.  The examiner can normally be reached on Monday-Friday, 9:45-5:45.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Sakinah White Taylor/Examiner, Art Unit 2497