DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in reply to applicant’s correspondence of 10/06/2021.
Claims 1, 6, 9, 13, 16, and 22 have been amended.  
Claims 7 and 14 are cancelled.
Claims 1 – 6, 8 – 13, and 15 – 22 are allowed.    


Information Disclosure Statement
The information disclosure statements (IDS) dated 07/07/2021, 07/07/2021, and 07/07/2021 have been received and considered.

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Michael Feirstein on November 24th, 2021.
The application has been amended as follows: 
CLAIMS:

1.	(Currently Amended) A system for protecting uniform resource locators (URLs) comprising:

one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising:
detecting a first request to access a protected URL from a client computing device;
providing, to the client computing device, a second request for a URL password, wherein the second request includes a nonce comprising a server-generated string;
receiving, from the client computing device and in response to the second request, the URL password including a parameter computable by the client computing device using a hash-based computation, wherein the parameter, when used as a key in the hash-based computation on the nonce provided to the client computing device, enables a signature having a prefix associated with the protected URL to be produced by the client computing device; and
redirecting the first request to the protected URL upon determining that the received URL password is valid for the protected URL by confirming the parameter used in the hash-based computation on the nonce results in the signature having the prefix.

2.	(Previously presented) The system of claim 1, wherein the hash-based computation is performed in response to a challenge-response problem provided in a codebook downloadable by the client computing device.

3.	(Previously presented) The system of claim 2, wherein the URL password is determined to be valid when i) the codebook is determined to not be expired, ii) the URL password is not found in a cache of previously used passwords, iii) the URL password is a proper response to the challenge-response problem, and iv) the challenge-response problem solved by the URL password is associated with the protected URL in the codebook that matches the first request.



5.	(Previously presented) The system of claim 2, wherein the challenge-response problem is a hash-based message authentication code (HMAC) operation.

6.	(Currently Amended) The system of claim 1, wherein:
the hash-based computation is a HMAC operation that uses a SHA-256 function as a hash function of the HMAC operation; and
the parameter is a 256-bit value.

7.	(Canceled)

8.	(Previously presented) The system of claim 6, wherein the received URL password is validated when the system generates the signature having the prefix upon using the 256-bit value to sign the nonce with the SHA-256 function.

9.	(Currently Amended) A method for protecting URLs, the method comprising:
detecting a request to access a protected URL from a client computing device;
providing, to the client computing device, a nonce comprising a server-generated string;
receiving, from the client computing device, a URL password based on a codebook downloaded by the client computing device, the URL password including a parameter computable by the client computing device using a hash-based computation, wherein the parameter, when used as a key in the hash-based computation on the nonce provided to the client computing device, enables a signature having a prefix associated with the protected URL to be produced by the client computing device;
determining that the codebook on which the received URL password is based is not expired;
determining that the received URL password is not found in a cache of previously used URL passwords;

redirecting the request to the protected URL.

10.	(Previously presented) The method of claim 9, wherein the hash-based computation is performed in response to a challenge-response problem provided in the codebook downloaded by the client computing device.

11.	(Previously presented) The method of claim 10, wherein the challenge-response problem is associated with the protected URL.

12.	(Previously presented) The method of claim 10, wherein the challenge-response problem is an HMAC operation.

13.	(Currently Amended) The method of claim 12, wherein:
the hash-based computation is a HMAC operation that uses a SHA-256 function as a hash function of the HMAC operation; and
the parameter is a 256-bit value.

14.	(Canceled)

15.	(Previously presented) The method of claim 13, wherein the determining that the received URL password is valid includes generating the signature having the prefix upon using the 256-bit value to sign the nonce with the SHA-256 function.

16.	(Currently Amended) A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause performance of operations comprising:
detecting a first request to access a protected URL from a client computing device;
 comprising a server-generated string;
receiving, from the client computing device and in response to the second request, the URL password including a parameter computable by the client computing device using a hash-based computation, wherein the parameter, when used as a key in the hash-based computation on the nonce provided to the client computing device, enables a signature having a prefix associated with the protected URL to be produced by the client computing device; and
redirecting the first request to access to the protected URL upon determining that the received URL password is valid for the protected URL by confirming the parameter used in the hash-based computation on the nonce results in the signature having the prefix.

17.	(Previously presented) The non-transitory machine-readable medium of claim 16, wherein the hash-based computation is performed in response to a challenge-response problem provided in a codebook downloadable by the client computing device.

18.	(Previously presented) The non-transitory machine-readable medium of claim 17, wherein the URL password is further determined to be valid when i) the codebook is determined to not be expired, ii) the URL password is not found in a cache of previously used passwords, iii) the URL password is a proper response to the challenge-response problem, and iv) the challenge-response problem solved by the URL password is associated with the protected URL in the codebook that matches the first request.

19.	(Previously presented) The non-transitory machine-readable medium of claim 17, wherein the challenge-response problem is associated with the protected URL.

20.	(Previously presented) The non-transitory machine-readable medium of claim 16, wherein the hash-based computation is a HMAC operation that uses a SHA-256 function as a hash function of the HMAC operation, and the parameter is a 256-bit value.

21.	(Previously presented) The system of claim 1, wherein the operations further comprise generating a byte array, wherein the nonce comprises the byte array.

22.	(Currently Amended) The non-transitory machine-readable medium of claim [[16]]20, wherein the determining that the received URL password is valid for the protected URL includes generating the signature having the prefix upon using the 256-bit value to sign the nonce with the SHA-256 function.


Examiner’ Statement of Reasons for Allowance
The following is an examiner’s statement of the reasons for indication of the allowable claimed subject matter.
Rudraraju (US 2015/0052584) (hereafter Rudraraju) discloses a method for delivering web resources to user devices, the method comprising: receiving a plurality of resource requests for a web resource, each resource request being received from a respective user device; and, for each resource request for the web resource, sending an authorization request to an access server, the authorisation request including authorisation data comprising user identification information. Further, there is provided method for authorizing delivery of web resources, the method comprising: receiving an authorisation request from a content delivery network, the request including authorisation data comprising user identification information; authorising the authorization request based on the authorisation data; and, returning a response to the content delivery network based on the authorisation, wherein if the authorisation is negative the response includes an address of an alternative web resource different from the requested web resource.
 a method for aiding a user in recalling and generating a password. Many times it is easier for a user to remember a place, phrase, person, or other piece of information based on a certain context. The present invention allows for generating a password based on contextual information provided by the user. By providing a context type and a pass phrase, a secure password can be generated. The invention also provides a mechanism for "fuzzy matching", in which a user only needs to provide a password that is close enough to a stored password to gain access to a website or service.
Fenton et al. (US 2013/0198516) (hereafter Fenton) discloses a method of pairing an unregistered device with a virtual identity may include, at a first repository: receiving a request from the unregistered device, sending a pairing code and an identifier to the unregistered device, receiving the pairing code from a registered device, and sending the identifier to the registered device. The method may also include, at a second repository, receiving the pairing code and secret information from the registered device, receiving the pairing code in a transmission associated with the unregistered device, associating the unregistered device with the virtual identity using the pairing code, and sending the secret information to the unregistered device.
Orshansky et al. (US 2020/0052913) (hereafter Orshansky) discloses a method, system and computer program product for reducing the amount of helper data that needs to be stored using two innovative techniques. The first technique uses bit-error rate (BER)-aware lossy compression. By treating a fraction of reliable bits as unreliable, it effectively reduces the size of the reliability mask. With the view of practical costs of production-time error characterization, the second technique enables economically feasible across-temperature per-bit BER evaluation for use in a number of fuzzy extractor optimizations based on bit-selection to reduce overall BER (with or without subsequent compression) using room temperature only production-time characterization.
Supramaniam et al. (US 8635373 ) (hereafter Supramaniam) discloses apparatus, systems, methods, and related computer program products for synchronizing distributed states amongst a plurality of entities and authenticating devices to access information and/or services provided by a remote server. Synchronization techniques include client devices and remote servers storing buckets of information. The client device sends a subscription request to the remote serve identifying a bucket of information and, when that bucket changes, the remote server sends the change to the client device.
The prior art of record do not explicitly disclose, in light of other features recited in independent claim 1:
detecting a first request to access a protected URL from a client computing device;
providing, to the client computing device, a second request for a URL password, wherein the second request includes a nonce comprising a server-generated string;
receiving, from the client computing device and in response to the second request, the URL password including a parameter computable by the client computing device using a hash-based computation, wherein the parameter, when used as a key in the hash-based computation on the nonce provided to the client computing device, enables a signature having a prefix associated with the protected URL to be produced by the client computing device; and
redirecting the first request to the protected URL upon determining that the received URL password is valid for the protected URL by confirming the parameter used in the hash-based computation on the nonce results in the signature having the prefix
Claims 9 and 16 discloses a method and a medium, respectively, which are substantially equivalent to the system of claim 1 and are allowed by the same reasons. Claims 2 – 6, 8, 10 – 15, and 17 – 22 each depend on respective base claim.  Accordingly, claims 1 – 6, 8 – 13, and 15 – 22 are allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313) 446-6530. The examiner can normally be reached on Monday to Thursday 8am- 5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

/V.I.G./
Examiner, Art Unit 2431

/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431