DETAILED ACTION

Currently pending claims are 1 – 20.

Claim Objection
Claim 16 is objected to because of the following informalities (and Examiner respectfully request to correct as follows): “at least one processor” should be replaced with “at least one hardware processor (or at least one processor device)” – Examiner notes this is because a computer processor could be a software processor (e.g. a Microsoft WORD processor).  Appropriate correction(s) is (are) required.  // “A computer processor” may include the “software processor” (e.g. a word processor) //

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 3 & 16 are rejected under 35 U.S.C. 112(b)  or pre-AIA  35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112), regards as the invention because: 
(a) the claim language such as “avoids reliance on any subjective analysis by a human” is considered to be unclear and ambiguous in its meaning regarding “exactly mental activity on human’s consciousness to determine what existing in a human’s mind and to what level as relevant to a subjective analysis”; 
(b) the claim language such as “avoids reliance on any detonation virtual machine” is considered to be unclear and ambiguous in its meaning regarding “exactly how to measure a detonating level as relevant (or sufficient) to the claim language of detonation virtual machine when making a security analysis”; besides,
(c)   As such, the claim languages (as presented above) are considered to be unclear and ambiguous in its negative meaning of its context because it makes unclear exactly where the boundaries (metes and bound) of the inventive subject matter are for the claimed invention to be sought and it does not make clear what the Applicant intends the invention of claimed subject matter to be directed towards – e.g. “the URL security analysis method avoids reliance on any detonation virtual machine as a basis for disallowing use of the analyzed URL substring; or the URL security analysis method avoids reliance on any subjective analysis by a human as a basis for disallowing use of the analyzed URL substring”.  As such, Examiner does not believe that such an claim limitation would make clear exactly where the boundaries of the inventive subject matter are for the claimed invention to be directed to. Per MPEP 2173.05(i) particular in review of In re Schechter, it appears that the negative limitation "renders the claim indefinite because it [is] an attempt to claim the invention by excluding what the inventors did not invent rather than distinctly and particularly pointing out what they did invent." and as such metes and bound of the claim cannot be determined.  See § MPEP 2173.05(b).  Any other claims not addressed are rejected by virtue of their dependency.  
Likewise, Claims 9 & 10 are rejected under 35 U.S.C. 112(b)  or pre-AIA  35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112), regards as the invention because the claim language such as “ascertaining a rarity characteristic of the URL substring” is considered to be unclear and ambiguous in its meaning regarding “exactly how to measure a rarity level as relevant (or sufficient) to the claim language of ascertaining a rarity characteristic of the URL substring.  Any other claims not addressed are rejected by virtue of their dependency.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
 (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1 – 7, 10, & 16 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Zhang et al. (U.S. Patent 2010/0251380).  

As per claim 1, Zhang teaches a uniform resource locator (URL) security analysis system, comprising:  
5a memory; 
a processor in operable communication with the memory, the processor configured to perform URL security analysis steps which include 
(a) obtaining a URL substring (Zhang: Figure 1 / S-101  & Para [0021]), 
(b) automatically comparing the URL substring to at least one malice pattern (Zhang: see above & Para [0039] / [0038]: comparing the URL substring by matching of a regular expression to an address of a suspected phishing website), 
(c) assigning a 10maliciousness risk indicator to the URL substring based on a result of the comparing, thereby making the URL substring an analyzed URL substring (Zhang: see above & Para [0039] and Para [0042]: assigning (marking) a 10maliciousness risk indicator to a target URL substring based on a result of the comparing with a website to be protected), and 
(d) enhancing security of a guarded system based on at least the maliciousness risk indicator by performing at least one of the following (Zhang: see above):  
15disallowing use of the analyzed URL substring by the guarded system when the maliciousness risk indicator places the analyzed URL substring in a high risk category (Zhang: see above & Para [0042]), 
allowing use of the analyzed URL substring by the guarded system when the maliciousness risk indicator places the analyzed 20URL substring in a low risk category (Zhang: see above & Para [0042]), or 
feeding the analyzed URL substring and the maliciousness risk indicator back into the security analysis system as at least a partial basis for security analysis of at least one other URL substring (Zhang: see above & Para [0037] / [0042]: storing and feeding the maliciousness risk indicator (Para [0042]) back into the system analysis database as a base line of a preset list of phishing websites or the websites to be protected such that other URL substring(s) can be compared with (Para [0037])).  

As per claim 9 (PART I / 2), the claim limitations are met as the same reasons as that set forth in the paragraph above regarding to claim 1 with the exception of the feature(s) of automatically determining an encoding characteristic of the URL substring (Zhang: see above & Para [0056]: using a computer to automatically distinct the encoding difference between an English letter “o” and a numeric valie “0” even though they have visual similarities to avoid using human visual decision on the charcaters of URL substring (e.g. between an English letter “o” and a numeric valie “0”) when they are displayed on a computer).

As per claim 16, the claim limitations are met as the same reasons as that set forth in the paragraph above regarding to claim 1 with the exception of the feature(s) to avoid reliance on any subjective analysis by a human as a basis for disallowing use of the analyzed URL substring (Zhang: see above & Para [0056]: avoid using human visual decision on the charcaters of URL substring (e.g. between an English letter “o” and a numeric valie “0”) when they are displayed on a computer and instead, by using a computer to automatically distinct the encoding difference between an English letter “o” and a numeric valie “0” even though they have visual similarities).

As per claim 2, the claims contain(s) similar limitations to claim(s) 1 and thus is/are rejected with the same rationale.

As per claim 3, Zhang teaches the URL security analysis system avoids reliance on any subjective analysis by a human as a basis for allowing or disallowing use of the analyzed URL substring by the guarded system (Zhang: see above & Para [0056]: avoid using human visual decision on the charcaters of URL substring (e.g. between an English letter “o” and a numeric valie “0”) when they are displayed on a computer and instead, by using a computer to automatically distinct the encoding difference between an English letter “o” and a numeric valie “0” even though they have visual similarities).    

As per claim 4, 10Zhang teaches wherein the at least one malice pattern includes a predefined malice pattern (Zhang: see above & Para [0037]: a pre-set malice pattern stored at the database).  

As per claim 5, 10Zhang teaches wherein the at least one malice pattern includes 20an unexpected language malice pattern (Zhang: see above & Para [0057]: (e.g.) an unexpected prononciation in an English word).  

As per claim 6, 10Zhang teaches wherein the at least one malice pattern includes 20a typo squatting malice pattern (Zhang: see above & Para [0057]: (e.g.) a TYPO of “taobao”.com with “taoba”.com).  

As per claim 7, 10Zhang teaches wherein the at least a query parameter malice pattern (Zhang: see above & Para [0007] Line 1 – 6 and Para [0058] – [0059]).

As per claim 10, 10Zhang teaches automatically ascertaining a rarity characteristic of the URL substring, and wherein the ascertaining is based at least in part on a context of the URL substring (Zhang: see above & Para [0058]: (e.g.) a subsidiary company taobao  of Alibaba is very rare to be identified or recognized in public as “tao-bao” instead “taoba”).  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 8, 12, 13, 17 & 18 are rejected under 35 U.S.C.103 as being unpatentable over Zhang et al. (U.S. Patent 2010/0251380), in view of Huang et al. (U.S. Patent 10,778,702).  

As per claim 8, Huang (& 10Zhang) teaches the malice pattern includes an 5inferred malice pattern (Zhang: see above) || (Huang: Abstract & Col. 6 Line 18 – 24, Col. 19 Line 5 – 9 and Col. 10 Line 24 – 29 / Line 45 – 54: identifying and classifying malicious domain names or URL patterns which are inferred from the traning data, wherein each of the classifiers is a probability decision tree that has been developed and trained using training data from domains (URLs) of know classification and feature vetors of the unknown domains to compute a respective probability that an unclassified domain is malicious).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification that a malice URL pattern includes an 5inferred malice pattern because Huang teaches to alternatively, effectively and securely identify and classify malicious domain names or URL patterns which are inferred from the traning data, wherein each of the classifiers is a probability decision tree that has been developed and trained using training data from domains (URLs) of know classification and feature vetors of the unknown domains to compute a respective probability that an unclassified domain is malicious (see above) within the Zhang’s system of comparing the URL substring by matching of a regular expression to an address of a suspected phishing (malicious) website (see above).

As per claim 12, Huang (& 10Zhang) teaches automatically calculating a count of subdomains in the URL substring which is above a specified subdomain count threshold (Zhang: see above) || (Hunag: Figure 8 / E-806 & Col. 2 Line 55 – 64 and Col. 6 Line 51 – 60: determing whether the number (a count) of subdomains components (i.e. one of a plurality of feature vectors) associated with previous web crawling exceeding an appropriate threshold).  See the same rationale of combination applied herein as above in rejecting the claim 8.

As per claim 13, Huang (& 10Zhang) teaches automatically ascertaining rarity characteristics of the URL substring based on 60a string in the URL substring which has an occurrence likelihood below a specified string occurrence likelihood threshold (Zhang: see above) || (Huang: Abstract & Col. 10 Line 24 – 29 / Line 45 – 54 and Col. 6 Line 58 – 60: identifying and classifying a malicious domain name or URL patterns based on a probability decision tree by using training data from domains (URLs) of know classification and feature vetors of the unknown domains to compute a respective probability (occurrence likelihood) for determining whether an unclassified domain is malicious).  See the same rationale of combination applied herein as above in rejecting the claim 8.

As per claim 17, Huang (& 10Zhang) teaches feeding the analyzed URL substring and a label based on at least the maliciousness risk indicator into a machine learning model, thereby tuning the model for use in a subsequent analysis of at least one other 5URL substring (Zhang: see above) || (Hunag: see above & Col. 10 Line 36 – 41: feeding into a machine learning model).  See the same rationale of combination applied herein as above in rejecting the claim 8.

As per claim(s) 18, the claims contain(s) similar limitations to claim(s) 5, 6 & 8 and thus is/are rejected with the same rationale. See the same rationale of combination applied herein as above in rejecting the claim 8.


Claims 9, 14 & 15 are rejected under 35 U.S.C.103 as being unpatentable over Zhang et al. (U.S. Patent 2010/0251380), in view of Pereira et al. (U.S. Patent 11,025,648).  

As per claim 9 (PART II /2), the claim limitations are met as the same reasons as that set forth in the paragraph above regarding to claim 1 with the exception of the feature(s) of automatically locating a dictionary characteristic of the URL substring (Zhang: see above) || (Pereira: Abstract & Figure 2, Col. 5 Line 8 – 18, Col. 2 Line 60 – 65 and Col. 14 Line 16 – 21: (e.g.) detecting a malicious URL (e.g. groups of non-existance NXDOMAIN) based on a DDGA technique – i.e. Dictionary domain generation algorithm that attempts to bypass a URL blacklisting checking).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of automatically locating a dictionary characteristic of the URL substring because Pereira teaches to alternatively, effectively and securely detecting a malicious URL based on a DDGA technique – i.e. Dictionary domain generation algorithm (e.g. groups of non-existance NXDOMAIN) that attempts to bypass a URL blacklisting checking (see above) within the Zhang’s system of comparing the URL substring by matching of a regular expression to an address of a suspected phishing (malicious) website (see above).

As per claim 14, Pereira (& 10Zhang) teaches URL substrings in the set include a shared path structure with different domains (Pereira: see above & Col. 5 Line 8 – 18: an intersection (or shared structure) associated with different domains that are generated from DDGA techniques to bypass a URL blacklisting checking). See the same rationale of combination applied herein as above in rejecting the claim 9.

As per claim 15, Pereira (& 10Zhang) teaches a string in the URL substring which is within a specified string metric distance of an entry in a dictionary of natural language words (Pereira: see above & Col. 14 Line 16 – 42, Col. 17 Line 4 – 8 and Col. 13 Line 37 – 45: a likelihood of an entry in a dictionary of natural language words is depending on a threshold number of edge connections (i.e. intersections) against a list of natural language words based upon a graph-based technique to detect malicious gropups of NXDOMAINS – this is consistent with the disclosure of the instant specification (SPEC-PG.PUB: Para [00258])).  See the same rationale of combination applied herein as above in rejecting the claim 9.  

Claim 11 is rejected under 35 U.S.C.103 as being unpatentable over Zhang et al. (U.S. Patent 2010/0251380), in view of Roelker et al. (U.S. Patent 2008/0276316).  

As per claim 11, Roelker (& 10Zhang) teaches automatically determining a use of base64 encoding in the URL substring (Zhang: see above) || (Roelker: Para [0029] and Para [0046]: detecting malicious URLs from an intrusion detection system (IDS) by decoding the parameter field using base64 before inspecting a parameter field when a target URL is sent across the network in encoded form).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of determining a use of base64 encoding in the URL substring because Roelker teaches to alternatively, effectively and securely detect malicious URLs from an intrusion detection system (IDS) by decoding the parameter field using base64 before inspecting a parameter field when a target URL is sent across the network in encoded form (see above) within the Zhang’s system of comparing the URL substring by matching of a regular expression to an address of a suspected phishing (malicious) website (see above).


Claims 19 – 20 are rejected under 35 U.S.C.103 as being unpatentable over Zhang et al. (U.S. Patent 2010/0251380).  

As per claim 19 – 20, 10Zhang teaches comparing the URL substring to at least six or ten of the malice patterns (Zhang: see abobe & Para [0036] – [0039]: comparing the URL substring to a pre-set list of malicious websites collected and stored at a database – As such, Examiner notes how many malice patterns (i.e. the number of the malice patterns) to be compared with is merely a design choice and does not render any unique patentable feature of inventive novelty). 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The examiner can normally be reached Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2323 – 2021
---------------------------------------------------