Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Amendment filed on 01/07/2022. Claims 1-25 are currently pending and have been considered below. Claim 1, 9 and 17 are independent claim. Claims 1, 3, 9, 11, 17 and 19 have been amended. No claim has been added new.

Priority
The application is a CON of PCT/CN2019/107676 filed on 09/25/2019.

Remarks and response
Applicant’s arguments filed in the amendments on 01/07/2022 have been fully considered but are moot in view of new grounds of rejection. Applicant presents arguments regarding the presence or absence of claimed limitations in the prior art. However, applicant has amended the claims and in doing so has changed the scope. New grounds of rejection, necessitated by applicant's amendments, are outlined below.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 1-25 are rejected under 35 U.S.C. 103 as being unpatentable over Soghoian (US Patent No 8,220,047 B1) in view of Florencio (US Patent Application Publication No 2007/0006305 A1) and further in view of Alfonseca (US Patent Application Publication No 2009/0063462 A1). 

Regarding Claim 1, Soghoian discloses a computer system comprising: 
a memory (Soghoian, Fig-1, element 114); and 
at least one processor coupled to the memory and configured to (Soghoian, Fig-1, element 112):
recognize a user input field of a web site displayable in a browser, the web site identified as a security risk based on a whitelist of web site addresses (Soghoian, col 4, line 5-10, to deceive the user, the phishing window may include a message instructing the user to follow a link or URL in the electronic document to an untrusted electronic documents such as an untrusted webpage to verify their private information. Col 4, 
determine that a sequence of characters within the user input field matches one or more entries in a list of partial passwords in response to the web site being identified as a security risk (Soghoian, col 5, line 45-50, the user may enter various sequences of numbers, letters and symbols when interacting with user computer. Col 12, line 15-25, the trigger module may generate a trigger event corresponding to a home address from the account information and a low complexity username and password from the complexity information. The detection module may determine that the APS may conduct further processing to determine whether to take an action to protect the private information after identifying in the user input data stream, the home address, one or more characters of the username, and one or more characters of the password. Col 12, line 45-50, trigger module may generate a trigger event when only a few of the characters of the private information are identified in a user input data stream. Col 16, line 10-20); and 
prevent the user from entering additional characters into the user input field in response to the determination, to block receipt of the 
Soghoian does not explicitly teach the following limitation that Florencio teaches:
partial password (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store).
Soghoian in view of Florencio are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “preventing phishing attack”. It would have been obvious to a person of ordinary skill in the art 
Soghoian in view of Florencio does not explicitly teach the following limitation that Alfonseca teaches:
wherein the list of partial passwords is an enumeration of all combinations of sub-strings of a user credential (Alfonseca, Fig-2, ¶[0032]- ¶[0038], each word in the data store can be associated with one or more substring. Each of the substrings can include one or more consecutive letters of the word. The word “kontrollfunktion” can be splitted into sub-string as “k”, “ko”, “kont”, “kontr” etc. The splitting engine can add a first morpheme to the beginning and end of each of the one or more first substrings to create one or more second substring).
Soghoian in view of Florencio and further in view of Alfonseca are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “preventing phishing attack”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Soghoian in view of Florencio and Alfonseca to include the idea of including one or more search term in 

Regarding Claim 2, Soghoian in view of Florencio and Alfonseca discloses the computer system of claim 1, wherein the at least one processor is further configured to perform the determination in response to a count of characters in the sequence of characters exceeding a threshold (Soghoian, col 16, line 10-20, the detection module may monitor the user input data stream for “bob” and “ca” or “bo” and “cat” within 50 characters of one another).

Regarding Claim 3, Soghoian in view of Florencio and Alfonseca discloses the computer system of claim 1, wherein the web site is displayable in a first security context, and the at least one processor is further configured to: 
obtain the user credential in a second security context, the second security context separate from the first security context such that the second security context prevents receipt of user input by the web site (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server 
authenticate the user credential with a rule server (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store); 
obtain the whitelist of web site addresses from the rule server in response to the authentication (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store. ¶[0046], the 
obtain the list of partial passwords from the rule server in response to the authentication, wherein the one or more entries in the list of partial passwords are encrypted (Florencio, ¶[0068], the encryption module can encrypt or protect information from the user interface. ¶[0069], the encryption module can create a hash of the user name. The security of the hash can be further improved by adding a salt. ¶[0070], to avoid security breaches through attacks using precomputed hash tables, a client specific salt is added to the password).

Regarding Claim 4, Soghoian in view of Florencio and Alfonseca discloses the computer system of claim 3, wherein the determination further comprises performing, by the at least one processor: 
encrypting the sequence of characters (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store); and 


Regarding Claim 5, Soghoian in view of Florencio and Alfonseca discloses the computer system of claim 1, wherein the at least one processor is further configured to provide a warning to the user in response to the determination (¶[0046], the security server can cause a warning to be displayed that indicates that the user should exercise additional caution before submitting security credential).

Regarding Claim 6, Soghoian in view of Florencio and Alfonseca discloses the computer system of claim 1, wherein the web site addresses are uniform resource locators (Soghoian, col 4, line 5-10, to deceive the user, the phishing window may include a message instructing the user to follow a link (URL) in the electronic document to an untrusted electronic document. Also col 7, line 15-20, the forwarding 

Regarding Claim 7, Soghoian in view of Florencio and Alfonseca discloses the computer system of claim 1, wherein the partial password is a sub-string of the user credential that excludes one or more characters (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store).

Regarding Claim 8, Soghoian in view of Florencio and Alfonseca discloses the computer system of claim 1, wherein the at least one processor is further configured to delete characters within the user input field in response to the determination (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each 

Regarding Claim 9, Soghoian discloses a method of securing user credentials comprising: 
recognizing, by a computer system, a user input field of a web site displayable in a browser, the web site identified as a security risk based on a whitelist of web site addresses (Soghoian, col 4, line 5-10, to deceive the user, the phishing window may include a message instructing the user to follow a link or URL in the electronic document to an untrusted electronic documents such as an untrusted webpage to verify their private information. Col 4, line 35-45, the phisher may use the username and password to access the user’s email, an online banking account and/or online gaming account to steal information, money or other valuable things. Phishing websites may all be attempting to deceive the user into disclosing the private information such as username, password, credit card number, address, social security number or other similar private information); 
determining, by the computer system, that a sequence of characters within the user input field matches one or more entries in a list of partial passwords in response to the web site being identified as a 
preventing, by the computer system, the user from entering additional characters into the user input field in response to the determination, to block receipt of the password by the web site (Soghoian, col 13, line 40-50, Fig-5, the action module of APS may compare a communication address of the untrusted electronic document with a whitelist of trusted addresses for trusted electronic documents. Col 14, line 1-10, the action module of the APS may take an action to protect the private information. The action may be one or more of instructing the transmission module to stop data transmission across the network, instructing the message module to display a message to the user, 
Soghoian does not explicitly teach the following limitation that Florencio teaches:
partial password (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store).
Soghoian in view of Florencio are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “preventing phishing attack”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Soghoian in view of Florencio to include the idea of providing a phishing protection module to improve the security because in phishing attacks the victims unknowingly or unwittingly assists the attacker by voluntarily providing his security credentials such as username and password to the attacker (Florencio, ¶[0004]).

wherein the list of partial passwords is an enumeration of all combinations of sub-strings of a user credential (Alfonseca, Fig-2, ¶[0032]- ¶[0038], each word in the data store can be associated with one or more substring. Each of the substrings can include one or more consecutive letters of the word. The word “kontrollfunktion” can be splitted into sub-string as “k”, “ko”, “kont”, “kontr” etc. The splitting engine can add a first morpheme to the beginning and end of each of the one or more first substrings to create one or more second substring).
Soghoian in view of Florencio and further in view of Alfonseca are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “preventing phishing attack”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Soghoian in view of Florencio and Alfonseca to include the idea of including one or more search term in response to a query to identify potential words that are applicable. It will include the idea of providing a phishing protection module to improve the security because in phishing attacks the victims unknowingly or unwittingly assists the attacker by voluntarily providing his security credentials such as username and password to the attacker.


Regarding Claim 10, Soghoian in view of Florencio and Alfonseca discloses the method of claim 9, wherein the determining is performed in response to a count of characters in the sequence of characters exceeding a threshold (Soghoian, col 16, line 10-20, the detection module may monitor the user input data stream for “bob” and “ca” or “bo” and “cat” within 50 characters of one another).

Regarding Claim 11, Soghoian in view of Florencio and Alfonseca discloses the method of claim 9, wherein the web site is displayable in a first security context, the method further comprising: 
obtaining the user credential  in a second security context, the second security context separate from the first security context such that the second security context prevents receipt of user input by the web site (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store. ¶[0046], the security server can cause a warning to be displayed that indicates that the user should exercise additional caution before submitting security credential); 

obtaining the whitelist of web site addresses from the rule server in response to the authentication (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store. ¶[0046], the security server can cause a warning to be displayed that indicates that the user should exercise additional caution before submitting security credential); and 
obtaining the list of partial passwords from the rule server in response to the authentication, wherein the one or more entries in the list of partial passwords are encrypted (Florencio, ¶[0068], the encryption module can encrypt or protect information from the user interface. 

Regarding Claim 12, Soghoian in view of Florencio and Alfonseca discloses the method of claim 11, wherein the determining further comprises: 
encrypting the sequence of characters (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store); and 
comparing the encrypted sequence of characters to the one or more encrypted entries in the list of partial passwords to find a match (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with 

Regarding Claim 13, Soghoian in view of Florencio and Alfonseca discloses the method of claim 9, further comprising providing a warning to the user in response to the determination (Florencio, ¶[0046], the security server can cause a warning to be displayed that indicates that the user should exercise additional caution before submitting security credential).

Regarding Claim 14, Soghoian in view of Florencio and Alfonseca discloses the method of claim 9, wherein the method is executed by a plug-in associated with the web browser (Florencio, ¶[0025], the phishing prevention system can be implemented as an add-on component, such as a plugin, for a web browser).

Regarding Claim 15, Soghoian in view of Florencio and Alfonseca discloses the method of claim 9, wherein the web site addresses are uniform resource locators (Soghoian, col 4, line 5-10, to deceive the user, the phishing window may include a message instructing the user to follow a link (URL) in the electronic document to an untrusted electronic document. Also col 7, line 15-20, the forwarding information also may indicate that the user entered an address (URL) in an address bar of a 

Regarding Claim 16, Soghoian in view of Florencio and Alfonseca discloses the method of claim 9, wherein the partial password is a sub-string of the user credential that excludes one or more characters (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store).

Regarding Claim 17, Soghoian discloses a non-transitory computer readable medium storing executable sequences of instructions to secure user credentials, the sequences of instructions comprising instructions to: 
recognize a user input field of a web site displayable in a browser, the web site identified as a security risk based on a whitelist of web site addresses (Soghoian, col 4, line 5-10, to deceive the user, the phishing window may include a message instructing the user to follow a link or URL in the electronic document to an untrusted electronic documents 
determine that a sequence of characters within the user input field matches one or more entries in a list of partial passwords in response to the web site being identified as a security risk (Soghoian, col 5, line 45-50, the user may enter various sequences of numbers, letters and symbols when interacting with user computer. Col 12, line 15-25, the trigger module may generate a trigger event corresponding to a home address from the account information and a low complexity username and password from the complexity information. The detection module may determine that the APS may conduct further processing to determine whether to take an action to protect the private information after identifying in the user input data stream, the home address, one or more characters of the username, and one or more characters of the password. Col 12, line 45-50, trigger module may generate a trigger event when only a few of the characters of the private information are identified in a user input data stream. Col 16, line 10-20); and 

Soghoian does not explicitly teach the following limitation that Florencio teaches:
partial password (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store).
Soghoian in view of Florencio are analogous art because they are from the “same field of endeavor” and are from the same “problem 
Soghoian in view of Florencio does not explicitly teach the following limitation that Alfonseca teaches:
wherein the list of partial passwords is an enumeration of all combinations of sub-strings of a user credential (Alfonseca, Fig-2, ¶[0032]- ¶[0038], each word in the data store can be associated with one or more substring. Each of the substrings can include one or more consecutive letters of the word. The word “kontrollfunktion” can be splitted into sub-string as “k”, “ko”, “kont”, “kontr” etc. The splitting engine can add a first morpheme to the beginning and end of each of the one or more first substrings to create one or more second substring).
Soghoian in view of Florencio and further in view of Alfonseca are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “preventing phishing attack”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the 

Regarding Claim 18, Soghoian in view of Florencio and Alfonseca discloses the computer readable medium of claim 17, wherein the sequences of instructions further include instructions to perform the determination in response to a count of characters in the sequence of characters exceeding a threshold (Soghoian, col 16, line 10-20, the detection module may monitor the user input data stream for “bob” and “ca” or “bo” and “cat” within 50 characters of one another).

Regarding Claim 19, Soghoian in view of Florencio and Alfonseca discloses the computer readable medium of claim 17, wherein the web site is displayable in a first security context and the sequences of instructions further include instructions to: 
obtain the user credential in a second security context, the second security context separate from the first security context such that the second security context prevents receipt of user input by the web site 
authenticate the user credential with a rule server (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store); 
obtain the whitelist of web site addresses from the rule server in response to the authentication (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted 
obtain the list of partial passwords from the rule server in response to the authentication, wherein the one or more entries in the list of partial passwords are encrypted (Florencio, ¶[0068], the encryption module can encrypt or protect information from the user interface. ¶[0069], the encryption module can create a hash of the user name. The security of the hash can be further improved by adding a salt. ¶[0070], to avoid security breaches through attacks using precomputed hash tables, a client specific salt is added to the password).

Regarding Claim 20, Soghoian in view of Florencio and Alfonseca discloses the computer readable medium of claim 19, wherein the sequences of instructions further include instructions to: 
encrypt the sequence of characters (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, 
compare the encrypted sequence of characters to the one or more encrypted entries in the list of partial passwords to find a match (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store).

Regarding Claim 21, Soghoian in view of Florencio and Alfonseca discloses the computer readable medium of claim 17, wherein the sequences of instructions further include instructions to provide a warning to the user in response to the determination (Florencio, ¶[0046], the security server can cause a warning to be displayed that indicates that the user should exercise additional caution before submitting security credential).

Regarding Claim 22, Soghoian in view of Florencio and Alfonseca discloses the computer readable medium of claim 17, wherein the sequences of instructions are included in a plug-in associated with the 

Regarding Claim 23, Soghoian in view of Florencio and Alfonseca discloses the computer readable medium of claim 17, wherein the web site addresses are uniform resource locators (Soghoian, col 4, line 5-10, to deceive the user, the phishing window may include a message instructing the user to follow a link (URL) in the electronic document to an untrusted electronic document. Also col 7, line 15-20, the forwarding information also may indicate that the user entered an address (URL) in an address bar of a browser and may not have been redirected by an electronic document. Also Florencio, ¶[0025]).

Regarding Claim 24, Soghoian in view of Florencio and Alfonseca discloses the computer readable medium of claim 17, wherein the partial password is a sub-string of the user credential that excludes one or more characters (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of 

Regarding Claim 25, Soghoian in view of Florencio and Alfonseca discloses the computer readable medium of claim 17, wherein the sequences of instructions further include instructions to delete characters within the user input field in response to the determination (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store).

Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in office action. Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the 
In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F (7:30 - 5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFRY PWU can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 




/WASIKA NIPA/           Primary Examiner, Art Unit 2433