DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

      Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 03/10/2020, 12/17/2020 and 01/26/2021 were filed before the mailing date of this office action.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 

Claim 15 and its dependent claims 16-20 are rejected because the claimed inventions are directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the “computer readable storage medium”, under the broadest reasonable definition, may encompass transitory signals and carrier waves.
It should be further noted that the applicant did not define the term “computer readable storage medium” to explicitly exclude carrier waves or transitory signals. 


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6-8, 13-15 and 20 are rejected under 35 USC § 103 as being unpatentable over USPAT No. 10333972 B2 to Li et al. (hereinafter Li), and further in view of US-20120036580 A1 to Gorny et al. (hereinafter Gorny) 

Regarding claim 1:
Li discloses:
A method for detecting a hidden link in a website, comprising: 
periodically obtaining, for each target URL of a target website, all URL association tags and all attribute content of the URL association tags from a response page of the target URL (see ¶07: “A method for detecting hidden content of a web page”,
¶48: “… the URL is loaded … a returned HTML code is parsed, and other elements of a web page, e.g. CSS, JavaScript are loaded.”, 
¶49: “… a DOM tree and a render tree are generated.”, and 
¶50: “…  it is determined whether all HTML tag nodes included in the DOM tree are included in the render tree.”); 
detecting, if the URL is not in the preset security URL set, whether the attribute content of the URL association tag includes a preset hidden link attribute feature (see ¶52: “… it is determined whether there are several <a> tag nodes in the hidden tag nodes of the DOM tree.”); and
determining, if the attribute content includes the preset hidden link attribute feature, that the URL corresponding to the attribute content of the URL association tag is a hidden link (see ¶52-53: “If there are several <a> tag nodes in the hidden tag nodes of the DOM tree, processing at 208 is performed… At 208, it is determined that the web page is hung with a hidden chain.”).
However, Li failed to explicitly disclose the following limitation taught by Grony:
detecting, for each of the URL association tags, whether a URL corresponding to attribute content of the URL association tag is in a preset security URL set (see Grony ¶62: “Web page content analysis may include …  JavaScript execution (e.g. to extract links or other vulnerabilities that may not be visible to a user viewing a webpage containing the JavaScript) … links of the form <a href= ”someword”>someword</a> and the string "someword” is not one of a set of common strings that are known to be safe strings …”).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Li to incorporate the functionality of the web site vulnerability and infection scanning process to analyze web page content and links found on the pages as disclosed by Gorny, such modification would provide detection and extraction of both dynamic (JavaScript generated) and static hidden links in a web page. 

Regarding claim 6:
The combination of Li and Gorny disclose:
(see Gorny ¶62: “Web page content analysis may include flash decoding (e.g. to extract links that may be visible to a user viewing the flash generated web page); JavaScript execution (e.g. to extract links or other vulnerabilities that may not be visible to a user viewing a webpage containing the JavaScript) …links of the form "<a href=”someword”>someword</a> and the string "someword” is not one of a set of common strings that are known to be safe strings … ”).  

Regarding claim 7:
The combination of Li and Gorny disclose:
The method according to claim 6, wherein the method further comprises: if a hidden link false positive instruction sent by the website server is received, updating the preset security URL set according to the hidden link URL (see Gorny ¶66: “An objective of link post processing may be to determine if each new link found in the selective scanning is a white list (safe, good), black list (malware, spam), or below risk threshold (neither black or white list). “, 
¶69: “Each new link is processed … to update black and white lists for use in the next invocation of selective web site scanning.”, and
¶70: “Links that have been captured from webpages that have been flagged as containing malware … are separately aggregated, sorted, and processed in a similar manner as the link post processing process …”). 

Regarding claims 8 and 13-14: 
Claims 8 and 13-14 recite substantially the same limitations as claims 1and 6-7, respectively, in the form of a hidden link detection device implementing the corresponding method, therefore, they are rejected under the same rationale.

Regarding claims 15 and 20: 
Claims 15 and 20 recite substantially the same limitations as claims 1 and 6, respectively, in the form of a computer readable storage medium for storing instructions to execute the corresponding method, therefore, they are rejected under the same rationale.

Claims 2-5, 9-12 and 16-19 are rejected under 35 USC § 103 as being unpatentable over Li, Gorny and further in view of USPAT No. 10198408 B1 to Commisso 
Regarding claim 2:
The combination of Li and Gorny disclose the method according to claim 1, but failed to explicitly disclose the following limitations taught by Commisso:
 wherein, before periodically obtaining, for each target URL of a target website, all URL association tags and all attribute content of the URL association tags from a response page of the target URL, the method further comprises: 
initiating an access request to a home page of the target website, and determining, as the target URLs, all URLs in the home page that include a domain name of the target website (see Commisso ¶20: “… a target web site is identified and spidered. The spidering of a web site involves analyzing the web site to identify each one of the web pages that make up the web site.”, and 
¶35: “The output generated by the spidering process … includes a list of URLs for each web page in the web site under the target domain name.”); 
and successively initiating an access request to each target URL, and adding, to the target URLs, all URLs in a response page of each target URL that include a domain name of the target website (see Commisso ¶21: “After the web site has been spidered, in step 102 the content of each web page identified by the spider is retrieved and rendered. This may be performed … by downloading the content of each web page and rendering the content using a suitable rendering engine …”, and 
¶31: “The spider continues recursing through the web site's links … until all web pages belonging to the web site have been identified. As such, the spider recursively crawls through each web page in the web site in order to identify each web page making up the web site.”).  

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Li and Gorny to incorporate the functionality of the method for spidering a target web site to identify a number of web pages making up the target web site as disclosed by Commisso, such modification would enable to download all the web pages that make up a website, and detect and mitigate hidden malicious links in a website. 



Regarding claim 3:
The combination of Li and Gorny disclose the method according to claim 1, but failed to explicitly disclose the following limitation taught by Commisso: 
wherein the step of detecting whether a URL corresponding to the attribute content of the URL association tag is in a preset security URL set comprises: 
detecting whether the URL corresponding to the attribute content of the URL association tag is in a catalog of the target website, or whether URL domain name 22Attorney Docket No. 5232.140 information in the attribute content of the URL association tag is in a preset domain name whitelist (see Commisso ¶34: “… the sitemap.xml file can be parsed to identify all web pages listed therein and the results compared against the result of the spidering process to find any orphaned web pages that, although belonging to the web site, are not linked to by other web pages of the web site (i.e., web pages that are not accessible in the navigation hierarchy starting with the domain name's main page). If such orphaned web pages are identified, follow-up HTTP requests can be made by the spider to parse those web pages to ensure that the web pages actually exist (in a catalog) before adding them to the result of the spidering process.”).  

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Li and Gorny to incorporate the functionality of the method for parsing the sitemap.xml (domain name whitelist) file to identify all the web pages listed in the website as disclosed by Commisso, such modification would enable to compare results of the spidering process with URLs in the whitelist, and identify hidden URL links in a web page.   

Regarding claim 4:
The combination of Li and Gorny disclose the method according to claim 1, but failed to explicitly disclose the following limitation taught by Commisso:
wherein the step of detecting whether the attribute content of the URL association tag includes a preset hidden link attribute feature comprises: detecting whether tag information in the attribute content of the URL association tag is tag meta or whether the attribute content of the URL association tag matches a preset html hidden link library (see Commisso ¶66: “The SEO inspection involves analyzing the web page's contents to identify the contents of SEO-related meta-tags in the source code of the web page. Example SEO-related meta-tags include “<title>”, “<description>”, and “<keywords>”.”, and  
¶57: “… the text inspector would capture the href target for the parent tag, as well as display attributes of the tag (e.g., styles associated with the active, hover, never visited, and visited states of the tag).”).  

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Li and Gorny to incorporate the functionality of the text inspector script to inspect a particular DOM element looking for text content matching a particular signature that would capture anchor (href) tags, and meta-data inspectors to identify the contents of meta-tags in the source code of the web page as disclosed by Commisso, such modification would enable to identify the non-displayed useful meta-tags from the hidden potentially malicious links (anchor-tags) .   

Regarding claim 5:

wherein, after detecting whether the attribute content of the URL association tag includes a preset hidden link attribute feature, the method further comprises: 
if the attribute content does not include the preset hidden link attribute feature, obtaining a multi-layer outer tag of the URL association tag and attribute content of the multi-layer outer tag from the response page of the target URL (see Commisso p48: “… a DOM of a rendered web page can be inspected and parsed … the current element being inspected is identified within the DOM of the rendered web page … the element is analyzed to determine whether the element is displayed on the web page. 
… the z-index position of the element … can be utilized to determine whether a particular element … is displayed in the rendered web page or whether it is hidden. If the element is not displayed on the web page … the parsing process will move on to the next element in the DOM …”); 
successively detecting whether the attribute content of the multi-layer outer tag includes the preset hidden link attribute feature (see Commisso ¶48: “In the event that the element being inspected has descendant nodes within the DOM, step 314 may involve transitioning to one of those descendant nodes and again performing the parsing/inspection process.”); 
and if it is detected that a target outer layer tag includes the preset hidden link attribute feature, stopping detection and determining that the URL corresponding to the URL association tag is a hidden link (see Commisso ¶57: “… the text inspector would also determine whether the displayed text has an ancestor tag that includes a tag with an href … the text inspector would capture the href target for the parent tag, as well as display attributes of the tag (e.g., styles associated with the active, hover, never visited, and visited states of the tag). The href and the style attributes would then be associated with the displayed text.”).  

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Li and Gorny to incorporate the functionality of the DOM parser to determine whether a DOM element includes text, images, backgrounds, or widgets as disclosed by Commisso, such modification would enable to successively parse a web page and extract, identify and mitigate malicious hidden links.    

Regarding claims 9-12: 
Claims 9-12 recite substantially the same limitations as claims 2-5, respectively, in the form of a hidden link detection device implementing the corresponding method, therefore, they are rejected under the same rationale. 

Regarding claims 16-19: 
Claims 16-19 recite substantially the same limitations as claims 2-5, in the form of a computer readable storage medium for storing instructions to execute the corresponding method, therefore, they are rejected under the same rationale.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  

Aliyev et al.  (US-PGPUB No. 2021/0021639 A1)- disclosed a method and electronic device for displaying a web page, which enables the harmfulness of a link included in a web page to be examined in advance before the link is selected, thereby ensuring stability.
Cho et al. (US-PGPUB No. 2016/0065613 A1)- disclosed a system and method for detecting malicious code based on the Web, and handle the spread of malicious code or abuse as a transit website via a webpage that is hacked using security vulnerability.  
Grancharov et al. (US-PGPUB 2004/0143787 A1)- disclosed a system and method for resolving Universal Resource Locators (URLs). The URL resolving system examines the script code to obtain URLs from the examination output in the context of website crawling.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Matthias Habtegeorgis whose telephone number is (571)272-1916. The examiner can normally be reached on 8:00am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ashok B Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/M.H./Examiner, Art Unit 2491 


/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491