DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 4/22/2022 has been entered.
As per instant Amendment, claims 2, 3, 12, 13 and 22 have been amended; claims 2, 12 and 22 are independent claims. Claims 2-6, 8-17 and 19-23 have been examined and are pending in this application. This Action is made Non-Final. 

Response to Arguments
Applicant’s arguments filed on 4/22/2022, with respect to 35 U.S.C. 103, have been fully considered but they are not persuasive
Applicant Argues: Applicant submits that Shekyan is not concerned with the type of information included in the data. Nothing in Shekyan discusses that security vulnerability exists based on the type of information included in the data. Rather, Shekyan appears to discloses that security vulnerability exists is the data is transmitted over a secure channel as encrypted data or an unsecure channel as clear text data. 
The Office Action appears to contend that Shekyan disclosing "communication via unsecure channels (e.g., clear text vs. encryption)" implies that Shekyan is concerned with a type of data, or the information contained in the data. Nothing in Shekyan implies that Shekyan is concerned with the type of information contained in the data. Rather, the phrase (e.g., clear text vs. encryption), is merely another way to describe whether a channel is secure or unsecure. For example, the term "clear text" may be defined as data that "is transmitted or stored text that has not been   subjected to encryption and is not meant   to be encrypted."  See https://www.techtarget.com/whatis/definition/cleartext. Thus, Shekyan teaches or suggests security vulnerability exists based on data being sent over an unsecure channel or being unencrypted. Nothing in Shekyan discusses that security vulnerability exists based on the type of information included in the data.
The Office Action, on pages 15 and 16, appears to rely on Newstadt as disclosing determining integrity of security of the webpage based on the data, which is obtained by the rendered code being financial information or personal information in col. 6, lines 12-26. 
...
Applicant submits nothing in Shekyan indicates that the type of data being transmitted indicates a security vulnerability of the webpage. Furthermore, nothing in Bartik indicates thatPage 9 of 15 the type of data being transmitted indicates a security vulnerability. For example, in Bartik, it is antivirus software that sets a flag when the antivirus software determines that certain data has been entered into a website that is suspicious. Additionally, nothing in Newstadt indicates that a webpage including or transmitting sensitive information indicates that the webpage has a
security vulnerability. Thus, nothing in Bartik, Shekyan, nor Newstadt teaches or suggests anything regarding financial information or personal information being transmitted indicating a security vulnerability of a webpage.
Examiner’s Response:  The examiner respectfully disagrees as a newly proposed combination teaches the aforementioned features thus this argument is moot; however the examiner respectfully notes that Bartik determining the change in integrity of security of the webpage based on the data, being financial information or personal information (see Bartik, [0029]-[0030] and [0032]-[0033]).  The examiner respectfully notes that Bartik discloses that a customer can enter username, password, or credit card data into a website that may be suspicious ... thus triggering the phishing identification program algorithm (see Bartik, [0041]).  Thus representing the data.  Further, such triggering begins in the comparison in Bartik.  The examiner sought to combine Shekyan to teach concepts of analyzing, at the computing system, the rendered code to determine a code portion of the rendered code configured to establish a network connection and transmit data obtained by the rendered code over the network connection (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report ) thus clearly Shekyan processes the rendered code in which a determination is made the change in integrity of security of the webpage based on data, which is transmitted by the network connection established by the code portion(Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report and [0023]-[0024] - Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption) (i.e., as reasonably constructed data), injected scripts, UI redress, cross site scripting flaws, etc. and [0026] - As discussed above, a security vulnerability might be that a specified resource that the page's source code accesses communicates via an unsecure channel).  These elements would be combined to the teachings of Bartik’s comparison steps.   Thus, while Shekyan is concerned with transmission of data it lacks the type of data, however none the less does cover performance of transmit data obtained by the rendered code over the network connection (i.e., for the analyzing step).
The examiner has found a newly found reference Newstadt et al. (US 8,875,284 A1) to clearly teach type of data being transmitted i.e., determining the change in integrity (FIG. 3 – Network Activity → YES → Network Content Transmitted → YES → Network Content includes personal identifiable information → YES and col. 8, lines 3-14 - Conversely, if the malicious code delivers personal identifiable information over the Internet to a malicious site, e.g., for use by a criminal, the malicious code is PII malicious code. In one embodiment, all malicious code is considered PII malicious code and Claim 1).  The newly found reference of Newstadt et al. (US 8,875,284 A1) clearly teaches a change in integrity based on code transmitting personal information over the network connection established by a code portion. The examiner notes such concepts could be combined to the teachings of analyzing of rendered code of webpage of Bartik and Shekyan as Bartik discloses determining the change in integrity of security of the webpage based on the data, being financial information or personal information (see Bartik, [0029]-[0030] and [0032]-[0033]) and analyzing, at the computing system, the rendered code to determine a code portion of the rendered code configured to establish a network connection and transmit data obtained by the rendered code over the network connection (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report ).  
Therefore the examiner finds this argument not persuasive and further moot in view of new grounds of rejection.
Applicant Argues: Applicant does not necessarily agree with how the Office Action combined the references. However, the references combined as suggested by the Office Action does not teach or suggest all of the elements of claim 2...
However, to properly reject a method claim, the cited combination must perform the method in the same manner. It is not enough that the same result is achieved. 
Applicant submits that the system suggested by the Office Action does not identify a security vulnerability in the same way as required by claim 2. Claim 2 requires that "determining the change in integrity of security of the webpage in response to the data being financial information or personal information, such that the change in integrity of security is determined in response to the financial information or the personal information being transmitted."
...
For example, in the system suggested by the Office Action, data being financial information would be identified as a security vulnerability, regardless of whether the data is transmitted. In contrast, in claim 2, the data being financial information is not sufficient to be identified as a security vulnerability. For example, financial data could be obtained, but if not transmitted no security vulnerability would be identified. 
Furthermore, in the system suggested by the Office Action, if not considering the type of the data, an action by the system would only be identified as a security vulnerability if data is transmitted over an unsecure network. In contrast, in claim 2 it does not matter if the network is secure or unsecure, rather claim 2 is concerned with whether the data being transmitted is financial or personal information. 
As there is no teaching or suggestion from any of the references regarding the methodology recited in claim 2 to determine the change in integrity of security of the webpage, the only way the system suggested by the Office Action may perform the method recited by claim 2 is relying on impermissible hindsight bias. As such, Applicant submits that the cited combination of references fails to teach or suggest all of the elements of claims 2. Claim 12 recites analogous elements. Thus, the cited combination of references fails to teach or suggest all of the elements of claims 2 and 12.
Examiner’s Response:  The examiner respectfully disagrees as a newly proposed combination teaches the aforementioned features thus this argument is moot; The examiner notes a newly found reference Newstadt et al. (US 8,875,284 A1) is shown now clearly teach type of data being transmitted i.e., determining the change in integrity (FIG. 3 – Network Activity → YES → Network Content Transmitted → YES → Network Content includes personal identifiable information → YES and col. 8, lines 3-14 - Conversely, if the malicious code delivers personal identifiable information over the Internet to a malicious site, e.g., for use by a criminal, the malicious code is PII malicious code. In one embodiment, all malicious code is considered PII malicious code and Claim 1).    Thus, again Bartik discloses determining the change in integrity of security of the webpage based on the data, being financial information or personal information (see Bartik, [0029]-[0030] and [0032]-[0033]) thus would trigger as taught by Shekyan analyzing, at the computing system, the rendered code to determine a code portion of the rendered code configured to establish a network connection and transmit data obtained by the rendered code over the network connection (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report ).  Further, by applying the new teachings of Newstadt et al. (US 8,875,284 A1) the analysis of code, i.e., as taught by Shekyan, can be based on the newly cited teachings of Newstadt et al. (US 8,875,284 A1).  Thus clearly teaching considering the type of the data being transmitted based on the analyzing of rendered code.  More clearly one of ordinary skill in the art could apply the teachings of Newstadt et al. (US 8,875,284 A1) as one of the steps in Process rendered code → Generate Security Report in Shekyan.  Therefore the examiner finds this argument not persuasive.  
Further, in response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper.  See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971).  As noted above such a reconstruction is proper as it is knowledge which was within the level of ordinary skill in the art.



Applicant Argues: Claim 22 recites "analyzing, at a computing system, the rendered code to determine a change in integrity of security of the webpage in response to a timing of execution of a code portion of the rendered code occurring outside of an expected particular time during execution of the rendered code, the particular time defined based on an execution order of the rendered code, the code portion configured to establish a network connection and transmit data obtained by the rendered code over the network connection."
...
Thus, Burns fails to teach or suggest "determine a change in integrity of security of the webpage in response to a timing of execution of a code portion of the rendered code occurring outside of an expected particular time during execution of the rendered code," as recited by claim 22.
Examiner’s Response: The argument is moot in view of new grounds of rejection.  











Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 5, 8, 11, 12, 15-16, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bartik et al. (US 2019/0068638 A1) in view of Shekyan et al. (US 2018/0048671 A1) and Newstadt et al. (US 8,875,284 A1).

Regarding Claim 2;
Bartik discloses a method to monitor integrity of webpages (FIG. 2), the method comprising: 
obtaining, at a computing system, rendered code generated using source code of a webpage (FIG. 2 – Render Downloaded Content and Product Screenshots of Suspicious URL and Domain Landing Page URL and [0028] and [0043]), the source code obtained in response to a request to a webserver that hosts the webpage (FIG. 2 – Make HTTP Requests to Suspicious URL and Domain Landing Page URL and Download Linked Content and [0028] and [0042]), the rendered code being finalized instructions to layout presentation of the webpage and the rendered code including elements not represented in the source code without parsing and/or executing the source code (FIG. 2 and [0028] – ...produce a screenshot of the final rendered page... and [0043]);
analyzing, at the computing system, the rendered code... (FIG. 2 and [0029]-[0030] – key point extraction algorithm to match the two screen shots and [0031] – histogram comparison using a histogram based algorithm between the previously produced screenshots and [0032]-[0033] – The text maybe extracted from the HTML DOM or extracted from the screen shot using Optical Character recognition (OCR)... and [0041]-[0044]);
 (FIG. 2 and [0029]-[0030] – key point extraction algorithm to match the two screen shots and [0031] – histogram comparison using a histogram based algorithm between the previously produced screenshots and [0032]-[0033] – The text maybe extracted from the HTML DOM or extracted from the screen shot using Optical Character recognition (OCR)... and [0041]-[0044] – bank data); and 
in response to a change in the integrity of security of the webpage... (FIG. 2).
Bartik fails to explicitly disclose 
analyzing, at the computing system, the rendered code to determine a code portion of the rendered code configured to establish a network connection and transmit data obtained by the rendered code over the network connection; 
determining a change in integrity of security of the webpage based on timing of execution of the code portion of the rendered code occurring outside of an expected particular time during execution of the rendered code, the particular time defined based on an execution order of the rendered code or determining the change in integrity of security of the webpage based in response to the data, being financial information or personal information, such that the change in integrity of security is determined in response to the financial information or the personal information being transmitted over the network connection established by the code portion;
and ...generating an alert regarding the integrity of security of the webpage.
However, in an analogous art, Shekyan similarly teaches:
obtaining, at a computing system, rendered code generated using source code of a webpage, the source code obtained in response to a request to a webserver that hosts the webpage the rendered code being finalized instructions to layout presentation of the webpage and the rendered code including elements not represented in the source code ... (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code and [0023]-[0024]);
analyzing, at the computing system, the rendered code to determine a code portion of the rendered code configured to establish a network connection and transmit data obtained by the rendered code over the network connection (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report and [0023] - Instead, code analysis logic 220 processes the rendered source code to identify one or more security vulnerabilities (310). One or more content hardening actions may then be taken by content hardening logic 224 to address at least some of the identified security vulnerabilities (312). The hardened source code (e.g., output code 228) is then delivered to the requesting client (313) and [0024] - Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption) (i.e., as transmission of data obtained by the rendered code), injected scripts, UI redress, cross site scripting flaws, etc. and [0026] - As discussed above, a security vulnerability might be that a specified resource that the page's source code accesses communicates via an unsecure channel)
(Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report and [0023]-[0024] - Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption) (i.e., as reasonably constructed data), injected scripts, UI redress, cross site scripting flaws, etc. and [0026] - As discussed above, a security vulnerability might be that a specified resource that the page's source code accesses communicates via an unsecure channel); and
 in response to a change in the integrity of security of the webpage (Shekyan, FIG. 3 - Generate Security Report), generating an alert regarding the integrity of security of the webpage (Shekyan, FIG. 3 and [0023]-[0024] and [0042] - Such reports may be generated even where automatic modification of at least some of the web page source code is already taking place. For example, the web site operator might be notified when a new security vulnerability has been identified before any further content hardening action is taken).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Shekyan with the analyzing the rendered code Bartik to include analyzing, at the computing system, the rendered code to determine a code portion of the rendered code configured to establish a network connection and transmit data obtained by the rendered code over the network connection; determining the change in integrity of security of the webpage based on ... data, which is ... transmitted by the network connection established by the code portion; and in response to a change in the integrity of security of the webpage.
One would have been motivated to combine the teachings of Shekyan to Bartik to do so as it provides / allows for processing the rendered code to identify an unsecure channel corresponding to a resource identified by the source code (Shekyan, [0004]).
However, in an analogous art, Newstadt teaches: (FIG. 3 – Network Activity → YES → Network Content Transmitted → YES → Network Content includes personal identifiable information → YES and col. 8, lines 3-14 - Conversely, if the malicious code delivers personal identifiable information over the Internet to a malicious site, e.g., for use by a criminal, the malicious code is PII malicious code. In one embodiment, all malicious code is considered PII malicious code and Claim 1)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Newstadt with the analyzing the rendered code and determining the change in integrity of security of the webpage based on... data of Bartik and Shekyan to include or determining the change in integrity 
One would have been motivated to combine the teachings of Newstadt to Bartik and Shekyan and to do so as it provides / allows for malicious code detected on a host computer system is remediated. (Newstadt, col. 1, lines 45-53).

Regarding Claim 5;
Bartik and Shekyan and Newstadt disclose the method to Claim 2.
Bartik further teaches wherein ... are available in the rendered code but are not available in the source code (FIG. 2 and [0026] - The phishing identification program may view the end result that a user can see (i.e., the screen shots of the URLs) and may not fall victim to the cybercriminal planting invisible document object management (DOM) elements not seen by the user and [0029]-[0030] – key point extraction algorithm to match the two screen shots and [0031] – histogram comparison using a histogram based algorithm between the previously produced screenshots and [0032]-[0033] – The text maybe extracted from the HTML DOM or extracted from the screen shot using Optical Character recognition (OCR)...).
Shekyan further teaches wherein the code portion is available in the rendered code but are not available in the source code (Shekyan, [0023] - Instead, code analysis logic 220 processes the rendered source code to identify one or more security vulnerabilities (310). One or more content hardening actions may then be taken by content hardening logic 224 to address at least some of the identified security vulnerabilities (312). The hardened source code (e.g., output code 228) is then delivered to the requesting client (313) and [0024] - According to a particular implementation, analysis of the rendered source code includes building a source list of specified resources that are accessed by the page's source code (e.g., by examining the headers associated with the calls to the specified resources). As will be understood, the specified resources can correspond to any of a wide variety of objects, files, code, etc., including, for example, scripts (e.g., JavaScript, VBScript, Dart, etc.), styles (e.g., CSS styles), images, fonts, and containers (e.g., resources that can render various content types, e.g., flash files, pdfs, media files, etc.). The code analysis logic determines for each of the specified resources whether it represents one of a plurality of security vulnerabilities. Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption), injected scripts, UI redress, cross site scripting flaws, etc.).



Regarding Claim 8;
Bartik and Shekyan and Newstadt disclose the method to Claim 2.
Bartik and Shekyan both disclose/teach further comprising obtaining, from the webserver at the computing system, the source code of the webpage, wherein obtaining the rendered code includes generating the rendered code using the source code (Bartik, FIG. 2 and Shekyan, FIG. 3).

Regarding Claim(s) 11; claim(s) 11 is/are directed to a/an non-transitory computer-readable media associated with the method claimed in claim(s) 2. Claim(s) 11 is/are similar in scope to claim(s) 2, and is/are therefore rejected under similar rationale.

Regarding Claim(s) 12, 16, and 19; claim(s) 12, 16, and 19; is/are directed to a/an system associated with the method claimed in claim(s) 2, 5 and 8. Claim(s) 12, 16, and 19; is/are similar in scope to claim(s) 2, 5 and 8, and is/are therefore rejected under similar rationale.

Regarding Claim 15;
Bartik and Shekyan and Newstadt disclose the system to Claim 12.
Shekyan further discloses wherein the portions of the code in the rendered code include one or more of tags, scripts, characters, calls, and functions (Shekyan, [0024] - According to a particular implementation, analysis of the rendered source code includes building a source list of specified resources that are accessed by the page's source code (e.g., by examining the headers associated with the calls to the specified resources). As will be understood, the specified resources can correspond to any of a wide variety of objects, files, code, etc., including, for example, scripts (e.g., JavaScript, VBScript, Dart, etc.), styles (e.g., CSS styles), images, fonts, and containers (e.g., resources that can render various content types, e.g., flash files, pdfs, media files, etc.). The code analysis logic determines for each of the specified resources whether it represents one of a plurality of security vulnerabilities. Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption), injected scripts, UI redress, cross site scripting flaws, etc.).

Claims 6 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bartik et al. (US 2019/0068638 A1) in view of Shekyan et al. (US 2018/0048671 A1) and Newstadt et al. (US 8,875,284 A1) and further in view of Sharma et al. (US 2006/0085132 A1).

Regarding Claim 6;
Bartik and Shekyan and Newstadt disclose the method to Claim 2.
Bartik and Shekyan both disclose/teach further wherein analyzing the rendered code to determine a change in integrity of security of the web page... (Bartik, FIG. 2 and Shekyan, FIG. 3).
Bartik and Shekyan and Newstadt fail to explicitly disclose analyzing... is further based on changes between the rendered code and the previous rendered code of the web page, the previous rendered code generated before the rendered code is obtained.  
	However, in an analogous art, Sharma teaches analyzing... is further based on changes between the ... code and the previous ... code of the web page, the previous ... code generated before the ... code is obtained (Sharma, FIG. 15 and [0072]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sharma with the analyzing the rendered code of Bartik and Shekyan and Newstadt to include analyzing... is further based on changes between the ... code and the previous ... code of the web page, the previous ... code generated before the ... code is obtained. 
One would have been motivated to combine the teachings of Sharma to Bartik and Shekyan and Newstadt and to do so as it provides / allows for reducing false positives within an automated software-testing environment using a comparator module, a filter application module, and a preview generator module (Sharma, [0001]).

Regarding Claim(s) 17; claim(s) 17 is/are directed to a/an system associated with the method claimed in claim(s) 6. Claim(s) 17 is/are similar in scope to claim(s) 6, and is/are therefore rejected under similar rationale.








Claims 9 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bartik et al. (US 2019/0068638 A1) in view of Shekyan et al. (US 2018/0048671 A1) and Newstadt et al. (US 8,875,284 A1) and further in view of Lu (US 2015/0244738 A1).

Regarding Claim 9;
Bartik and Shekyan and Newstadt disclose the method to Claim 8.
Bartik and Shekyan and Newstadt fail to explicitly disclose wherein before the source code of the webpage is obtained, the integrity of security of the source code of the webpage is evaluated at the webserver that hosts the source code of the webpage.
However, in an analogous art, Lu teaches wherein before the source code of the webpage is obtained, the integrity of security of the source code of the webpage is evaluated at the webserver that hosts the source code of the webpage (Lu, [0016] and [0027] – monitoring malicious link injection into website source code... is monitored in real time)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lu with the analyzing the rendered code of Bartik and Shekyan and Newstadt to include wherein before the source code of the webpage is obtained, the integrity of security of the source code of the webpage is evaluated at the webserver that hosts the source code of the webpage.
 One would have been motivated to combine the teachings of Lu to Bartik and Shekyan and Newstadt and to do so as it provides / allows for reducing false positives within an automated software-testing environment using a comparator module, a filter application module, and a preview generator module (Sharma, [0001]).

Regarding Claim(s) 20; claim(s) 20 is/are directed to a/an system associated with the method claimed in claim(s) 9. Claim(s) 20 is/are similar in scope to claim(s) 9, and is/are therefore rejected under similar rationale.

Claims 10 and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bartik et al. (US 2019/0068638 A1) in view of Shekyan et al. (US 2018/0048671 A1) and Newstadt et al. (US 8,875,284 A1) and further in view of Smith et al. (US 9,148,445 B2).

Regarding Claim 10;
Bartik and Shekyan and Newstadt disclose the method to Claim 2.
Bartik and Shekyan both disclose/teach further comprising the rendered code being generated based on the source code... and the [rendered code] including elements not represented in the ... the source code without parsing and/or executing ... the source code (Bartik, FIG. 2 and Shekyan, FIG. 3).
Bartik and Shekyan and Newstadt fail to explicitly disclose wherein the source code of the webpage includes a reference to remotely called code, the [rendered code] being generated based on the source code and the remotely called code and the [rendered code] including elements not represented in the remotely called code and the source code....
However, in an analogous art, Smith teaches wherein the source code of the webpage includes a reference to remotely called code, [a Web page] being generated based on the source code and the remotely called code and [the Web page] including elements not represented in the remotely called code and the source code ... (Smith, col. 2, lines 46-col. 3, lines 1 – valid element is returned).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Smith with the analyzing the rendered code of Bartik and Shekyan and Newstadt to include wherein the source code of the webpage includes a reference to remotely called code, [a Web page] being generated based on the source code and the remotely called code and [the Web page] including elements not represented in the remotely called code and the source code. 
One would have been motivated to combine the teachings of Smith to Bartik and Shekyan and Newstadt and to do so as it provides / allows for monitoring and detecting the misuse of legitimate Web code and content (Smith, col. 1, lines 27-36).

Regarding Claim(s) 21; claim(s) 21 is/are directed to a/an system associated with the method claimed in claim(s) 10. Claim(s) 21 is/are similar in scope to claim(s) 10, and is/are therefore rejected under similar rationale.
 







Claims 22 and 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bartik et al. (US 2019/0068638 A1) in view of Shekyan et al. (US 2018/0048671 A1) and Burns et al. (US 8,621,621 B1) and Jordan et al. (US 2018/0373869 A1).

Regarding Claim 22;
Bartik discloses a method to monitor integrity of webpages (FIG. 2), the method comprising: 
obtaining, at a computing system, rendered code generated using source code of a webpage (FIG. 2 – Render Downloaded Content and Product Screenshots of Suspicious URL and Domain Landing Page URL and [0028] and [0043]), the source code obtained in response to a request to a webserver that hosts the webpage (FIG. 2 – Make HTTP Requests to Suspicious URL and Domain Landing Page URL and Download Linked Content and [0028] and [0042]), the rendered code being finalized instructions to layout presentation of the webpage and the rendered code including elements not represented in the source code without parsing and/or executing the source code (FIG. 2 and [0028] – ...produce a screenshot of the final rendered page... and [0043]);
 analyzing, at the computing system, the rendered code to determine a change in integrity of security of the webpage ... (FIG. 2 and [0029]-[0030] – key point extraction algorithm to match the two screen shots and [0031] – histogram comparison using a histogram based algorithm between the previously produced screenshots and [0032]-[0033] – The text maybe extracted from the HTML DOM or extracted from the screen shot using Optical Character recognition (OCR)... and [0044]); and 
in response to a change in the integrity of security of the webpage (FIG. 2).
Bartik fails to explicitly disclose analyzing... in response a timing of  execution of a code portion of the rendered code occurring outside an expected particular time during execution of the rendered code the particular time defined based on execution order of the rendered code, the code portion configured to establish a network connection and transmit data obtained by the rendered source code over the network connection; and ...generating an alert regarding the integrity of security of the webpage.
However, in an analogous art, Shekyan, similarly, teaches obtaining, at a computing system, rendered code generated using source code of a webpage, the source code obtained in response to a request to a webserver that hosts the webpage the rendered code being finalized instructions to layout presentation of the webpage and the rendered code including elements not represented in the source code ... (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code and [0023]-[0024])
analyzing, at the computing system, the rendered code to determine a change in integrity of security of the webpage in response to execution of...  [a] code portion configured to establish a network connection and transmit data obtained by the rendered source code over the network connection (Shekyan, FIG. 3 – Receive source code and header(s) → Render source code → Process rendered code → Generate Security Report and [0023]-[0024] - As will be understood, the specified resources can correspond to any of a wide variety of objects, files, code, etc., including, for example, scripts (e.g., JavaScript, VBScript, Dart, etc.), styles (e.g., CSS styles), images, fonts, and containers (e.g., resources that can render various content types, e.g., flash files, pdfs, media files, etc.). The code analysis logic determines for each of the specified resources whether it represents one of a plurality of security vulnerabilities. Examples of such security vulnerabilities include but are not limited to communication via unsecure channels (e.g., clear text vs. encryption) (i.e., data obtained and transmitted over the network connection), injected scripts, UI redress, cross site scripting flaws, etc.);
and in response to a change in the integrity of security of the webpage (Shekyan, FIG. 3 - Generate Security Report), generating an alert regarding the integrity of security of the webpage (Shekyan, FIG. 3 and [0023]-[0024] and [0042] - Such reports may be generated even where automatic modification of at least some of the web page source code is already taking place. For example, the web site operator might be notified when a new security vulnerability has been identified before any further content hardening action is taken).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Shekyan with the method of Bartik to include analyzing, at the computing system, the rendered code to determine a change in integrity of security of the webpage based on data caused to be transmitted by code for network connection or when execution of the code for the network connection occurs within execution of the rendered code and ...generating an alert regarding the integrity of security of the webpage. Such a combination would provide users with a means for processing the rendered code to identify an unsecure channel corresponding to a resource identified by the source code (Shekyan, [0004]).
However, in an analogous art, Burns teaches ... a time of execution of a code portion of the (Burns, col. 7, lines 1-16 - In one example, security injection system 240 may identify the location within the content that will be executed by the browser first (e.g., at or near the top of the web page). In one example, the security injection system 240 may determine an execution chronology corresponding to the content (e.g., which portion of the content will be executed by the web browser first, which portion of the content will be executed by the web browser second, etc.), identify portions of the content that may be more likely to include malicious content, and identify the location for injecting the content based on the execution chronology and/or the likelihood of malicious content corresponding to each portion of the content).  As reasonably a first, second, etc. executed chronologically is reasonably constructed to be a particular time defined based on an execution order.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Burns with the analyzing the rendered code of Bartik and Shekyan to apply to the rendered code the concepts of ... a time of execution of a code portion of the 
One would have been motivated to combine the teachings of Burns to Bartik and Shekyan and to do so as it provides / allows for identifying portions of the content... to include malicious content (Burns, col. 7, lines 1-16). 
Further, in an analogous art, Jordan teaches [concepts] ...a change in integrity... in response to timing of execution of a code portion of the... code occurring outside of an expected particular time during execution of the code (Jordan, [0058] - In one or more embodiments, if during the execution of Step 300, a pre-determined time interval is exceeded, then to be consistent with a conservative approach to abstract interpretation (i.e., avoiding the generation of a false negative), a report is generated indicating that the document includes potentially malicious code. Similarly, if a pre-determined amount of computational (e.g., memory) resources is exceeded, then a report is generated indicating that the document includes potentially malicious code).
Since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself - that is in the substitution of the timing of execution of a code portion of the... code occurring outside of an expected particular time during execution of the code of the Jordan reference(s) for the a time of execution of a code portion of the 

Regarding Claim 23;
Bartik and Shekyan and Burns and Jordan disclose the method to Claim 22.
Bartik and Shekyan both disclose/teach further comprising obtaining, from the webserver at the computing system, the source code of the webpage, wherein obtaining the rendered code includes generating the rendered code using the source code (Bartik, FIG. 2 and Shekyan, FIG. 3).









Allowable Subject Matter
Claim 3, 4, 13 and 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/Primary Examiner, Art Unit 2439