DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 12/23/2021.
In the instant Amendment, claims 2, 12 and 22 are independent claims. Claims 2-6, 8-17 and 19-23 have been examined and are pending. This Action is made Final.

Terminal Disclaimer
The terminal disclaimer filed on 12/23/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US Patent 10,289,836 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Response to Arguments
The Double Patenting rejection towards Claims 2-6, 8-17, and 19-23 is withdrawn as a Terminal Disclaimer has been filed.
Applicant’s arguments filed on 12/23/2021, with respect to 35 U.S.C. 103, have been fully considered but they are not persuasive
Applicant Argues: ...Thus, Newstadt appears to be disclosing a system that helps to identify and remove sensitive data.
Examiner’s Response: In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
The examiner respectfully notes that Bartik was shown to disclose determining the change in integrity of security of the webpage based on the data, (FIG. 2 and [0029]-[0030] – key point extraction algorithm to match the two screen shots and [0031] – histogram comparison using a histogram based algorithm between the previously produced screenshots and [0032]-[0033] – The text maybe extracted from the HTML DOM or extracted from the screen shot using Optical Character recognition (OCR)... and [0041]-[0044] – bank data).   Thus, as constructed from the citations Bartik provides the ability to perform a webpage comparison (see Bartik, [0040] and [0045]) using histogram comparisons (see Bartik, [0029]-[0030]).  This can be done for webpage based on data being financial or personal information (see Bartik, [0041]).  The examiner respectfully notes that Shekyan was combined prior to Newstadt. The examiner further sought to combine Newstadt to teach known concepts of determining the (Newstadt, col. 6, lines 12-26 - one embodiment, a plug-in comprising an underlying object structure (e.g., Document Object Model) for representing the web pages 134 organized in various formats (e.g., Markup Language (e.g., HTML or XML)/JavaScript based content as well as content in a related format) enables the web access engine 130 to parse the web pages 134 in order to identify any sensitive data. In one embodiment, a plug-in describes a logical or semantic structure (e.g., XML schemas, Document Type Definition and the like) of the web pages 134, which is used by the web access engine 130 to parse the rendered content to identify a disclosure of any sensitive data associated with a particular user).  The examiner notes Newsday teaches known elements of the ability to parse rendered code to determine if any sensitive data is identified on a page (see Newstadt, col. 6, lines 12-26).  Thus, clearly showing obtaining data based on the rendered code.  The examiner respectfully noted that it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Newstadt with the analyzing the rendered code and determining the change in integrity of security of the webpage based on... data of Bartik in view of Shekyan to include determining the ...  integrity of security of the webpage based on the data, which is obtained by the rendered code ... being financial information or personal information, thus representing “type”.  More clearly, a person of ordinary skill in the art would be able to incorporate the teachings of Newstadt parsing rendered code to determine nay sensitive data on a page to the teachings of Bartik in view of Shekyan’s comparison to determine a change in integrity of the webpage as it provides / allows for monitoring sensitive data on a computer network (Newstadt, [0004]).  Therefore the examiner finds this argument not persuasive.  

Applicant Argues:  In short, in Shekyan, the security vulnerability is based on an unsecured channel being used. In Bartik, a customer's antivirus software may provide an alert, if the customer enters username, password, or credit card data into a website that may be suspicious, that triggers the phishing identification program 110a, 1105 algorithms. In Newstadt, a system helps to identify and remove sensitive data but does not discuss anything regarding a security vulnerability of a webpage, but rather a security vulnerability of having data on an unsecured webpage. Applicant submits nothing in Shekyan indicates that the type of data being transmitted indicates a security vulnerability of the webpage. Furthermore, nothing in Bartik indicates that the type of data being transmitted indicates a security vulnerability. For example, in Bartik, it is antivirus software that sets a flag when the antivirus software determines that certain data has been entered into a website that is suspicious. Additionally, nothing in Newstadt indicates that a webpage including or transmitting sensitive information indicates that the webpage has a security vulnerability. Thus, nothing in Bartik, Shekyan, nor Newstadt teaches or suggests anything regarding financial information or personal information being transmitted indicating a security vulnerability of a webpage.
Examiner’s Response: In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
The examiner respectfully notes that Bartik determining the change in integrity of security of the webpage based on the data, being financial information or personal information (see Bartik, [0029]-[0030] and [0032]-[0033]).  The examiner respectfully notes that Bartik discloses that a customer can enter username, password, or credit card data into a website that may be suspicious ... thus triggering the phishing identification program algorithm (see Bartik, [0041]).  Thus representing the data.  Further, such triggering begins in the comparison in Bartik.  The examiner sought to combine Shekyan to teach concepts of analyzing, at the computing system, the rendered code to determine a code portion of the rendered code configured to establish a network connection and transmit data obtained by the rendered code over the network connection (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report ) thus clearly Shekyan processes the rendered code in which a determination is made the change in integrity of security of the webpage based on data, which is transmitted by the network connection established by the code portion(Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report and [0023]-[0024] - Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption) (i.e., as reasonably constructed data), injected scripts, UI redress, cross site scripting flaws, etc. and [0026] - As discussed above, a security vulnerability might be that a specified resource that the page's source code accesses communicates via an unsecure channel).  These elements would be combined to the teachings of Bartik’s comparison steps.  The examiner further sought Newstadt to teach known concepts of determining the integrity of security of the webpage based on the data, which is obtained by the rendered code being financial information or personal information (Newstadt, col. 6, lines 12-26 - one embodiment, a plug-in comprising an underlying object structure (e.g., Document Object Model) for representing the web pages 134 organized in various formats (e.g., Markup Language (e.g., HTML or XML)/JavaScript based content as well as content in a related format) enables the web access engine 130 to parse the web pages 134 in order to identify any sensitive data. In one embodiment, a plug-in describes a logical or semantic structure (e.g., XML schemas, Document Type Definition and the like) of the web pages 134, which is used by the web access engine 130 to parse the rendered content to identify a disclosure of any sensitive data associated with a particular user).  The examiner notes Newstadt teaches known elements of the ability to parse rendered code to determine if any sensitive data is identified on a page (see Newstadt, col. 6, lines 12-26).  Thus, clearly showing obtaining data based on the rendered code.  Thus a person of ordinary skill in the art would be 
Applicant Argues:  In contrast, claim 2 recites “determining the change in integrity of security of the webpage based on the data, which is obtained by the rendered code and transmitted by the network connection established by the code portion, being financial information or personal information.” Claim 12 recites analogous elements. Thus, the cited combination of references fails to teach or suggest all of the elements of claims 2 and 12.
Examiner’s Response:  The examiner disagrees for the reasons set forth above. 
Applicant Argues:  Thus, Burns appears to describe a system code is injected into a webpage to help to detect malicious software content. The location of injection of the code may be based on the execution  chronology of the webpage. Nothing in Burns discloses that the security of the webpage is based on when execution of a particular portion of code occurs. Rather, Burns only appears to disclose that execution of code is considered when injecting code to help detect malicious software content. Thus, Burns fails to teach or suggest "to determine a change in integrity of security of the webpage in response to execution of a code portion of the rendered code occurring within a particular time during execution of the rendered code, the particular time defined based on an execution order of the rendered code," as recited by claim 22. Furthermore, Burns does not remedy the deficiencies of Bartik and Shekyan. Burns merely indicates that execution chronology is used to determine when to inject code. Burns does not discuss determining timing of execution of a code portion configured to establish a network connection and transmit data over network connection. Nor does Burns indicate that timing of execution of a code portion configured to establish a network connection and transmit data over network connection may be used to determine a change in integrity of security of the webpage. Burns merely teaches to determine an execution chronology of a webpage for insertion of code and thus fails to remedy the deficiencies of Bartik and Shekyan, which also fail to teach or suggest timing of execution of a code portion configured to establish a network connection and transmit data over network connection may be used to determine a change in integrity of security of the webpage. Thus, the cited combination of references fails to teach or suggest all of the elements of claim 22.
Examiner’s Response: In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
The examiner respectfully notes that Bartik determining the change in integrity of security of the webpage based on the data, being financial information or personal information (see Bartik, [0029]-[0030] and [0032]-[0033]).  The examiner respectfully the triggering the phishing identification program algorithm (see Bartik, [0041]) thus beginning the comparison.  The examiner notes that Shekyan teaches concepts of analyzing, at the computing system, the rendered code to determine a code portion of the rendered code configured to establish a network connection and transmit data obtained by the rendered code over the network connection (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report ) thus clearly Shekyan processes the rendered code in which a determination is made the change in integrity of security of the webpage based on data, which is transmitted by the network connection established by the code portion(Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report and [0023]-[0024] - Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption) (i.e., as reasonably constructed data), injected scripts, UI redress, cross site scripting flaws, etc. and [0026] - As discussed above, a security vulnerability might be that a specified resource that the page's source code accesses communicates via an unsecure channel).  These elements would be combined to the teachings of Bartik’s comparison steps. The examiner sought to combine Burns to teach ... execution of a code portion of the (Burns, col. 7, lines 1-16 - In one example, security injection system 240 may identify the location within the content that will be executed by the browser first (e.g., at or near the top of the web page). In one example, the security injection system 240 may determine an execution chronology corresponding to the content (e.g., which portion of the content will be executed by the web browser first, which portion of the content will be executed by the web browser second, etc.), identify portions of the content that may be more likely to include malicious content, and identify the location for injecting the content based on the execution chronology and/or the likelihood of malicious content corresponding to each portion of the content).  As reasonably a first, second, etc. executed chronologically is reasonably constructed to be a particular time defined based on an execution order.  Thus a person of ordinary skill in the art would be able to combine Bartik to incorporate Shekyan and Burns to produce a combination that would read on applicant’s aforementioned limitation.   The examiner notes when combined Bartik’s system would trigger a comparison in which Skeyan’s teachings of processing rendered code (i.e., rendered code being finalized instructions to layout presentation of the webpage and the rendered code including elements not represented in the source code) for identifying security vulnerabilities. From here the examiner would note such analysis could include concepts of Burn in which determining an execution chronology corresponding to the content (e.g., which portion of the content will be executed by the web browser first, which portion of the content will be executed by the web browser second, etc.), identify portions of the content that may be more likely to include malicious content, and identify the location for injecting the content based on the execution chronology and/or the likelihood of malicious content corresponding to each portion of the content).  Thus Bartik in view of Shekyan and Burns clearly show in combination suggest timing of execution of a code portion configured to establish a network connection and transmit data over network connection may be used to determine a change in integrity of security of the webpage.  Therefore the examiner finds this argument not persuasive. 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 5, 8, 11, 12, 15-16, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bartik et al. (US 2019/0068638 A1) in view of Shekyan et al. (US 2018/0048671 A1) and Newstadt et al. (US 8,407,766 B1).

Regarding Claim 2;
Bartik discloses a method to monitor integrity of webpages (FIG. 2), the method comprising: 
obtaining, at a computing system, rendered code generated using source code of a webpage (FIG. 2 – Render Downloaded Content and Product Screenshots of Suspicious URL and Domain Landing Page URL and [0028] and [0043]), the source code obtained in response to a request to a webserver that hosts the webpage (FIG. 2 – Make HTTP Requests to Suspicious URL and Domain Landing Page URL and Download Linked Content and [0028] and [0042]), the rendered code being finalized instructions to layout presentation of the webpage and the rendered code including elements not represented in the source code without parsing and/or (FIG. 2 and [0028] – ...produce a screenshot of the final rendered page... and [0043]);
analyzing, at the computing system, the rendered code... (FIG. 2 and [0029]-[0030] – key point extraction algorithm to match the two screen shots and [0031] – histogram comparison using a histogram based algorithm between the previously produced screenshots and [0032]-[0033] – The text maybe extracted from the HTML DOM or extracted from the screen shot using Optical Character recognition (OCR)... and [0041]-[0044]);
 (FIG. 2 and [0029]-[0030] – key point extraction algorithm to match the two screen shots and [0031] – histogram comparison using a histogram based algorithm between the previously produced screenshots and [0032]-[0033] – The text maybe extracted from the HTML DOM or extracted from the screen shot using Optical Character recognition (OCR)... and [0041]-[0044] – bank data); and 
in response to a change in the integrity of security of the webpage... (FIG. 2).
Bartik fails to explicitly disclose 
analyzing, at the computing system, the rendered code to determine a code portion of the rendered code configured to establish a network connection and transmit data obtained by the rendered code over the network connection; 

analyzing, at the computing system, the rendered code to determine a code portion of the rendered code configured to establish a network connection and transmit data obtained by the rendered code over the network connection.
and ...generating an alert regarding the integrity of security of the webpage.
However, in an analogous art, Shekyan similarly teaches:
obtaining, at a computing system, rendered code generated using source code of a webpage, the source code obtained in response to a request to a webserver that hosts the webpage the rendered code being finalized instructions to layout presentation of the webpage and the rendered code including elements not represented in the source code ... (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code and [0023]-[0024]);
analyzing, at the computing system, the rendered code to determine a code portion of the rendered code configured to establish a network connection and transmit data obtained by the rendered code over the network connection (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report and [0023] - Instead, code analysis logic 220 processes the rendered source code to identify one or more security vulnerabilities (310). One or more content hardening actions may then be taken by content hardening logic 224 to address at least some of the identified security vulnerabilities (312). The hardened source code (e.g., output code 228) is then delivered to the requesting client (313) and [0024] - Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption) (i.e., as transmission of data obtained by the rendered code), injected scripts, UI redress, cross site scripting flaws, etc. and [0026] - As discussed above, a security vulnerability might be that a specified resource that the page's source code accesses communicates via an unsecure channel)
or determining the change in integrity of security of the webpage based on (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report and [0023]-[0024] - Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption) (i.e., as reasonably constructed data), injected scripts, UI redress, cross site scripting flaws, etc. and [0026] - As discussed above, a security vulnerability might be that a specified resource that the page's source code accesses communicates via an unsecure channel); and
 in response to a change in the integrity of security of the webpage (Shekyan, FIG. 3 - Generate Security Report), generating an alert regarding the integrity of security of the webpage (Shekyan, FIG. 3 and [0023]-[0024] and [0042] - Such reports may be generated even where automatic modification of at least some of the web page source code is already taking place. For example, the web site operator might be notified when a new security vulnerability has been identified before any further content hardening action is taken).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Shekyan with the analyzing the rendered code Bartik to include analyzing, at the computing system, the rendered code to determine a code portion of the rendered code configured to establish a network connection and transmit data obtained by the rendered code over the network connection; determining the change in integrity of security of the webpage based on ... data, which is ... transmitted by the network connection established by the code portion; and in response to a change in the integrity of security of the webpage.
One would have been motivated to combine the teachings of Shekyan to Bartik to do so as it provides / allows for processing the rendered code to identify an unsecure channel corresponding to a resource identified by the source code (Shekyan, [0004]).
	Further, in an analogous art, Newstadt teaches or determining the (Newstadt, col. 6, lines 12-26 - one embodiment, a plug-in comprising an underlying object structure (e.g., Document Object Model) for representing the web pages 134 organized in various formats (e.g., Markup Language (e.g., HTML or XML)/JavaScript based content as well as content in a related format) enables the web access engine 130 to parse the web pages 134 in order to identify any sensitive data. In one embodiment, a plug-in describes a logical or semantic structure (e.g., XML schemas, Document Type Definition and the like) of the web pages 134, which is used by the web access engine 130 to parse the rendered content to identify a disclosure of any sensitive data associated with a particular user).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Newstadt with the analyzing the rendered code and determining the change in integrity of security of the webpage based on... data of Bartik and Shekyan to include determining the ...  integrity of security of the webpage based on the data, which is obtained by the rendered code ... being financial information or personal information, thus representing “type”.
One would have been motivated to combine the teachings of Newstadt to Bartik and Shekyan and to do so as it provides / allows for monitoring sensitive data on a computer network (Newstadt, [0004]).

Regarding Claim 5;
Bartik and Shekyan and Newstadt disclose the method to Claim 2.
Bartik further teaches wherein ... are available in the rendered code but are not available in the source code (FIG. 2 and [0026] - The phishing identification program may view the end result that a user can see (i.e., the screen shots of the URLs) and may not fall victim to the cybercriminal planting invisible document object management (DOM) elements not seen by the user and [0029]-[0030] – key point extraction algorithm to match the two screen shots and [0031] – histogram comparison using a histogram based algorithm between the previously produced screenshots and [0032]-[0033] – The text maybe extracted from the HTML DOM or extracted from the screen shot using Optical Character recognition (OCR)...).
Shekyan further teaches wherein the code portion is available in the rendered code but are not available in the source code (Shekyan, [0023] - Instead, code analysis logic 220 processes the rendered source code to identify one or more security vulnerabilities (310). One or more content hardening actions may then be taken by content hardening logic 224 to address at least some of the identified security vulnerabilities (312). The hardened source code (e.g., output code 228) is then delivered to the requesting client (313) and [0024] - According to a particular implementation, analysis of the rendered source code includes building a source list of specified resources that are accessed by the page's source code (e.g., by examining the headers associated with the calls to the specified resources). As will be understood, the specified resources can correspond to any of a wide variety of objects, files, code, etc., including, for example, scripts (e.g., JavaScript, VBScript, Dart, etc.), styles (e.g., CSS styles), images, fonts, and containers (e.g., resources that can render various content types, e.g., flash files, pdfs, media files, etc.). The code analysis logic determines for each of the specified resources whether it represents one of a plurality of security vulnerabilities. Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption), injected scripts, UI redress, cross site scripting flaws, etc.).

Regarding Claim 8;
Bartik and Shekyan and Newstadt disclose the method to Claim 2.
Bartik and Shekyan both disclose/teach further comprising obtaining, from the webserver at the computing system, the source code of the webpage, wherein obtaining the rendered code (Bartik, FIG. 2 and Shekyan, FIG. 3).

Regarding Claim(s) 11; claim(s) 11 is/are directed to a/an non-transitory computer-readable media associated with the method claimed in claim(s) 2. Claim(s) 11 is/are similar in scope to claim(s) 2, and is/are therefore rejected under similar rationale.

Regarding Claim(s) 12, 16, and 19; claim(s) 12, 16, and 19; is/are directed to a/an system associated with the method claimed in claim(s) 2, 5 and 8. Claim(s) 12, 16, and 19; is/are similar in scope to claim(s) 2, 5 and 8, and is/are therefore rejected under similar rationale.

Regarding Claim 15;
Bartik and Shekyan and Newstadt disclose the system to Claim 12.
Shekyan further discloses wherein the portions of the code in the rendered code include one or more of tags, scripts, characters, calls, and functions (Shekyan, [0024] - According to a particular implementation, analysis of the rendered source code includes building a source list of specified resources that are accessed by the page's source code (e.g., by examining the headers associated with the calls to the specified resources). As will be understood, the specified resources can correspond to any of a wide variety of objects, files, code, etc., including, for example, scripts (e.g., JavaScript, VBScript, Dart, etc.), styles (e.g., CSS styles), images, fonts, and containers (e.g., resources that can render various content types, e.g., flash files, pdfs, media files, etc.). The code analysis logic determines for each of the specified resources whether it represents one of a plurality of security vulnerabilities. Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption), injected scripts, UI redress, cross site scripting flaws, etc.).

Claims 3-4  and 13-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bartik et al. (US 2019/0068638 A1) in view of Shekyan et al. (US 2018/0048671 A1) and Newstadt et al. (US 8,407,766 B1) and further in view of Burns et al. (US 8,621,621 B1).  

Regarding Claim 3;
Bartik and Shekyan and Newstadt disclose the method to Claim 2.
Bartik further discloses analyzing, at the computing system, the rendered code to determine a change in integrity of security of the webpage based on ... data (FIG. 2 and [0029]-[0030] – key point extraction algorithm to match the two screen shots and [0031] – histogram comparison using a histogram based algorithm between the previously produced screenshots and [0032]-[0033] – The text maybe extracted from the HTML DOM or extracted from the screen shot using Optical Character recognition (OCR)... and [0044]);
	Shekyan further teaches wherein the analyzing the rendered code to determine a change in integrity of security of the webpage is based on both the data caused to be transmitted by the code potion (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report and [0023]-[0024] - Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption) (i.e., as reasonably constructed type of data), injected scripts, UI redress, cross site scripting flaws, etc. and [0026] - As discussed above, a security vulnerability might be that a specified resource that the page's source code accesses communicates via an unsecure channel) and the ... execution of the code portion occurring within ... execution of the rendered code (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report and [0023] - Instead, code analysis logic 220 processes the rendered source code to identify one or more security vulnerabilities (310). One or more content hardening actions may then be taken by content hardening logic 224 to address at least some of the identified security vulnerabilities (312). The hardened source code (e.g., output code 228) is then delivered to the requesting client (313) and [0024] - Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption, injected scripts, UI redress, cross site scripting flaws, etc. and [0026] - As discussed above, a security vulnerability might be that a specified resource that the page's source code accesses communicates via an unsecure channel)  .
Further, in an analogous art, Newstadt teaches analyzing, at the computing system, the rendered code to determine ... integrity of security of the webpage based on the data (Newstadt, col. 6, lines 12-26 - one embodiment, a plug-in comprising an underlying object structure (e.g., Document Object Model) for representing the web pages 134 organized in various formats (e.g., Markup Language (e.g., HTML or XML)/JavaScript based content as well as content in a related format) enables the web access engine 130 to parse the web pages 134 in order to identify any sensitive data. In one embodiment, a plug-in describes a logical or semantic structure (e.g., XML schemas, Document Type Definition and the like) of the web pages 134, which is used by the web access engine 130 to parse the rendered content to identify a disclosure of any sensitive data associated with a particular user).
Bartik and Shekyan and Newstadt further the ... execution of the code portion occurring within the particular time during execution of the rendered code.  
(Burns, col. 7, lines 1-16 - In one example, security injection system 240 may identify the location within the content that will be executed by the browser first (e.g., at or near the top of the web page). In one example, the security injection system 240 may determine an execution chronology corresponding to the content (e.g., which portion of the content will be executed by the web browser first, which portion of the content will be executed by the web browser second, etc.), identify portions of the content that may be more likely to include malicious content, and identify the location for injecting the content based on the execution chronology and/or the likelihood of malicious content corresponding to each portion of the content).  As reasonably a first, second, etc. executed chronologically is reasonably constructed to be a particular time defined based on an execution order.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Burns with the analyzing the rendered code of Bartik and Shekyan and Newstadt to apply to the rendered code the concepts of determining a change in integrity of security of the webpage based on execution of the code portion of the 
(Burns, col. 7, lines 1-16). 

Regarding Claim 4;
Bartik and Shekyan and Newstadt and Burns disclose the method to Claim 3.
Shekyan further teaches wherein the code potion is associated with malware or not included in the source code of the webpage ([0024] - Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption), injected scripts, UI redress, cross site scripting flaws, etc).

Regarding Claim(s) 13 and 14; claim(s) 13 and 14; is/are directed to a/an system associated with the method claimed in claim(s) 3 and 4. Claim(s) 13 and 14; is/are similar in scope to claim(s) 3 and 4, and is/are therefore rejected under similar rationale.

Claims 6 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bartik et al. (US 2019/0068638 A1) in view of Shekyan et al. (US 2018/0048671 A1) and Newstadt et al. (US 8,407,766 B1) and further in view of Sharma et al. (US 2006/0085132 A1).

Regarding Claim 6;
Bartik and Shekyan and Newstadt disclose the method to Claim 2.
(Bartik, FIG. 2 and Shekyan, FIG. 3).
Bartik and Shekyan and Newstadt fail to explicitly disclose analyzing... is further based on changes between the rendered code and the previous rendered code of the web page, the previous rendered code generated before the rendered code is obtained.  
	However, in an analogous art, Sharma teaches analyzing... is further based on changes between the ... code and the previous ... code of the web page, the previous ... code generated before the ... code is obtained (Sharma, FIG. 15 and [0072]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sharma with the analyzing the rendered code of Bartik and Shekyan and Newstadt to include analyzing... is further based on changes between the ... code and the previous ... code of the web page, the previous ... code generated before the ... code is obtained. 
One would have been motivated to combine the teachings of Sharma to Bartik and Shekyan and Newstadt and to do so as it provides / allows for reducing false positives within an automated software-testing environment using a comparator module, a filter application module, and a preview generator module (Sharma, [0001]).

Regarding Claim(s) 17; claim(s) 17 is/are directed to a/an system associated with the method claimed in claim(s) 6. Claim(s) 17 is/are similar in scope to claim(s) 6, and is/are therefore rejected under similar rationale.

Claims 9 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bartik et al. (US 2019/0068638 A1) in view of Shekyan et al. (US 2018/0048671 A1) and Newstadt et al. (US 8,407,766 B1) and further in view of Lu (US 2015/0244738 A1).

Regarding Claim 9;
Bartik and Shekyan and Newstadt disclose the method to Claim 8.
Bartik and Shekyan and Newstadt fail to explicitly disclose wherein before the source code of the webpage is obtained, the integrity of security of the source code of the webpage is evaluated at the webserver that hosts the source code of the webpage.
However, in an analogous art, Lu teaches wherein before the source code of the webpage is obtained, the integrity of security of the source code of the webpage is evaluated at the webserver that hosts the source code of the webpage (Lu, [0016] and [0027] – monitoring malicious link injection into website source code... is monitored in real time)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lu with the analyzing the rendered code of Bartik and Shekyan and Newstadt to include wherein before the source code of the webpage is obtained, the integrity of security of the source code of the webpage is evaluated at the webserver that hosts the source code of the webpage.
 One would have been motivated to combine the teachings of Lu to Bartik and Shekyan and Newstadt and to do so as it provides / allows for reducing false positives within an automated software-testing environment using a comparator module, a filter application module, and a preview generator module (Sharma, [0001]).

Regarding Claim(s) 20; claim(s) 20 is/are directed to a/an system associated with the method claimed in claim(s) 9. Claim(s) 20 is/are similar in scope to claim(s) 9, and is/are therefore rejected under similar rationale.

Claims 10 and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bartik et al. (US 2019/0068638 A1) in view of Shekyan et al. (US 2018/0048671 A1) and Newstadt et al. (US 8,407,766 B1) and further in view of Smith et al. (US 9,148,445 B2).

Regarding Claim 10;
Bartik and Shekyan and Newstadt disclose the method to Claim 2.
Bartik and Shekyan both disclose/teach further comprising the rendered code being generated based on the source code... and the [rendered code] including elements not represented in the ... the source code without parsing and/or executing ... the source code (Bartik, FIG. 2 and Shekyan, FIG. 3).
Bartik and Shekyan and Newstadt fail to explicitly disclose wherein the source code of the webpage includes a reference to remotely called code, the [rendered code] being generated based on the source code and the remotely called code and the [rendered code] including elements not represented in the remotely called code and the source code....
However, in an analogous art, Smith teaches wherein the source code of the webpage includes a reference to remotely called code, [a Web page] being generated based on the source code and the remotely called code and [the Web page] including elements not represented in the remotely called code and the source code ... (Smith, col. 2, lines 46-col. 3, lines 1 – valid element is returned).

One would have been motivated to combine the teachings of Smith to Bartik and Shekyan and Newstadt and to do so as it provides / allows for monitoring and detecting the misuse of legitimate Web code and content (Smith, col. 1, lines 27-36).

Regarding Claim(s) 21; claim(s) 21 is/are directed to a/an system associated with the method claimed in claim(s) 10. Claim(s) 21 is/are similar in scope to claim(s) 10, and is/are therefore rejected under similar rationale.
 
Claims 22 and 23  is/are rejected under 35 U.S.C. 103 as being unpatentable over Bartik et al. (US 2019/0068638 A1) in view of Shekyan et al. (US 2018/0048671 A1) and further in view of Burns et al. (US 8,621,621 B1).  

Regarding Claim 22;
Bartik discloses a method to monitor integrity of webpages (FIG. 2), the method comprising: 
obtaining, at a computing system, rendered code generated using source code of a webpage (FIG. 2 – Render Downloaded Content and Product Screenshots of Suspicious URL and Domain Landing Page URL and [0028] and [0043]), the source code obtained in response FIG. 2 – Make HTTP Requests to Suspicious URL and Domain Landing Page URL and Download Linked Content and [0028] and [0042]), the rendered code being finalized instructions to layout presentation of the webpage and the rendered code including elements not represented in the source code without parsing and/or executing the source code (FIG. 2 and [0028] – ...produce a screenshot of the final rendered page... and [0043]);
 analyzing, at the computing system, the rendered code to determine a change in integrity of security of the webpage ... (FIG. 2 and [0029]-[0030] – key point extraction algorithm to match the two screen shots and [0031] – histogram comparison using a histogram based algorithm between the previously produced screenshots and [0032]-[0033] – The text maybe extracted from the HTML DOM or extracted from the screen shot using Optical Character recognition (OCR)... and [0044]); and 
in response to a change in the integrity of security of the webpage (FIG. 2).
Bartik fails to explicitly disclose analyzing... in response to execution of a code portion of the rendered code occurring within a particular time during execution of the rendered code the particular time defined based on execution order of the rendered code, the code portion configured to establish a network connection and transmit data obtained by the rendered source code over the network connection; and ...generating an alert regarding the integrity of security of the webpage.
However, in an analogous art, Shekyan, similarly, teaches obtaining, at a computing system, rendered code generated using source code of a webpage, the source code obtained in response to a request to a webserver that hosts the webpage the rendered code being finalized instructions to layout presentation of the webpage and the rendered code including elements not (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code and [0023]-[0024])
analyzing, at the computing system, the rendered code to determine a change in integrity of security of the webpage in response to execution of...  [a] code portion configured to establish a network connection and transmit data obtained by the rendered source code over the network connection (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report and [0023]-[0024] - As will be understood, the specified resources can correspond to any of a wide variety of objects, files, code, etc., including, for example, scripts (e.g., JavaScript, VBScript, Dart, etc.), styles (e.g., CSS styles), images, fonts, and containers (e.g., resources that can render various content types, e.g., flash files, pdfs, media files, etc.). The code analysis logic determines for each of the specified resources whether it represents one of a plurality of security vulnerabilities. Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption) (i.e., data obtained and transmitted over the network connection), injected scripts, UI redress, cross site scripting flaws, etc.);
and in response to a change in the integrity of security of the webpage (Shekyan, FIG. 3 - Generate Security Report), generating an alert regarding the integrity of security of the webpage (Shekyan, FIG. 3 and [0023]-[0024] and [0042] - Such reports may be generated even where automatic modification of at least some of the web page source code is already taking place. For example, the web site operator might be notified when a new security vulnerability has been identified before any further content hardening action is taken).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Shekyan with the (Shekyan, [0004]).
However, in an analogous art, Burns teaches ... execution of a code portion of the rendered code occurring within a particular time during execution of the (Burns, col. 7, lines 1-16 - In one example, security injection system 240 may identify the location within the content that will be executed by the browser first (e.g., at or near the top of the web page). In one example, the security injection system 240 may determine an execution chronology corresponding to the content (e.g., which portion of the content will be executed by the web browser first, which portion of the content will be executed by the web browser second, etc.), identify portions of the content that may be more likely to include malicious content, and identify the location for injecting the content based on the execution chronology and/or the likelihood of malicious content corresponding to each portion of the content).  As reasonably a first, second, etc. executed chronologically is reasonably constructed to be a particular time defined based on an execution order.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Burns with the analyzing the rendered code of Bartik and Shekyan to apply to the rendered code the concepts of 
One would have been motivated to combine the teachings of Burns to Bartik and Shekyan and to do so as it provides / allows for identifying portions of the content... to include malicious content (Burns, col. 7, lines 1-16). 

Regarding Claim 23;
Bartik and Shekyan and Burns disclose the method to Claim 22.
Bartik and Shekyan both disclose/teach further comprising obtaining, from the webserver at the computing system, the source code of the webpage, wherein obtaining the rendered code includes generating the rendered code using the source code (Bartik, FIG. 2 and Shekyan, FIG. 3).
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/Primary Examiner, Art Unit 2439