DETAILED ACTION
This action is in response to amendments filed 2/9/2022. Claims 1-20 are pending with claims 1, 8 and 15 having been amended.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Maor (US 2009/0172389) in view of Cini (US 2010/0195825) in view of Haworth et al (US 2018/0026947).
With respect to claim 1 Maor teaches a method for protecting data input to a web-based application, the method comprising: 	
executing, within a web browser being executed by a computer system, a web- based application (see Maor Paragraph 0037 i.e. The browser 418 is the software that the user 402 normally executes on the computer 404 to browse web sites on the internet), wherein executing the web-based application comprises: 
tagging one or more data fields as sensitive (see Maor Paragraph 0037 i.e. User 402 is a person who is using computer 404 to browse a remote site for which secured input is desired. The user 402 wishes to secure the input using personal guard technology in order to send sensitive information (for example, as part of a transaction) to the remote server 406); and 
identifying, by the web-based application being executed within the web browser, a keystroke entry being input to the one or more data fields tagged as sensitive within the web- based application (see Maor Paragraph 0038-0040 i.e. User 402 enters this data via input device 414 (i.e. keyboard) secretly and securely, and the ME 416 encrypts the data (for example, into "blob2"). The encrypted data is then sent via the browser 418 and/or plug in 420 software to the server 406 (for example, as "message2")); 
prior to storing the keystroke entry in memory mapped to the web browser, encrypting, by the web-based application being executed within the web browser, the keystroke entry (see Maor Paragraph 0038 i.e. User 402 enters this data via input device 414 secretly and securely, and the ME 416 encrypts the data (for example, into "blob2"). The encrypted data is then sent via the browser 418 and/or plug in 420 software to the server 406 (for example, as "message2")); 
storing, by the web browser, the encrypted entry to memory (see Maor Paragraph 0038 i.e. User 402 enters this data via input device 414 secretly and securely, and the ME 416 encrypts the data (for example, into "blob2"). The encrypted data is then sent via the browser 418 and/or plug in 420 software to the server 406 (for example, as "message2"), 
presenting, by the web browser, a representation of the keystroke entry in the data field tagged as sensitive (See Maor Paragraph 0040 i.e. the secured input allows the user to enter and manipulate the data, and user data may be clearly shown in window 504 or fully or partially blocked by using, for example, "********", but in any case whether the data is shown or not shown in window 504 it cannot be read by any software application running on the user's computer or by a hacker trying to use keylogger software and/or other malware); and 
transmitting, by the web-based application being executed within the web browser, the encrypted entry to the remote server system (See Maor Paragraph 0040 i.e. When data is encrypted by the ME, it is sent to the server of the web site (for example, a bank web site as shown in FIG. 5). The server of the web site is the only one who can decrypt the data and obtain the ID and/or passcode data, for example).
While Maor teaches encrypting the sensitive date so that only the server of the web site is able to decrypt the data and obtain the ID and/or passcode data. 
Maor does not teach wherein the keystroke entry is never stored to memory of the computer system in an unencrypted form or fetching a public key from a remote server system and using the fetched public key to generate an encrypted entry.
Cini teaches wherein the keystroke entry is never stored to memory of the computer system in an unencrypted form (see Cini paragraph 0027 i.e. the keyboard encryption system enables encryption of keystrokes prior to their entry into a remote desktop. A hardware device is attached via a keyboard cable to a keyboard at one end and to a keyboard socket on the computer on the other end. A remote desktop connection allows for communication between the remote desktop and a remote desktop server).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Cini to have encrypt the keystroke entry before the data is transmitted to the host computer as a way to provide a keyboard encryption system that is compatible with any type of computer keyboard, any computer operating system, and any remote desktop protocol. (see Cini paragraph 0017 and 0020). Therefore one would have been motivated to have encrypted the keyboard keystroke entry before the data is transmitted to the computer.

Haworth teaches fetching a public key from a remote server system (see Haworth 0019 i.e. The KED is operable to accept a public key transmitted over a network from a server) and using the fetched public key to generate an encrypted entry (see Haworth paragraph 0033 i.e.  when activated or turned on, the device encrypts keystrokes using public asymmetric encryption after it has received the remote server public key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Haworth to have used the received sever public key as a way to encrypt data so that only the server can decrypt the data with its private key as a way to securely send the data (see Haworth paragraph 0033). Therefore one would have been motivated to have to have to encrypt data with the servers public key before sending the data to the server so that only the server can decrypt the data with its private key.

	
With respect to claim 2 Maor teaches the method for protecting data input to the web-based application of claim 1, but does not disclose wherein encrypting, by the web-based application being executed within the web browser, the keystroke entry using the fetched public key to generate the encrypted entry further comprises: adding a salt value to the keystroke entry to form the encrypted entry.
Haworth teaches wherein encrypting, by the web-based application being executed within the web browser, the keystroke entry using the fetched public key to generate the encrypted entry further comprises: adding a salt value to the keystroke entry to form the encrypted entry (see Haworth paragraph 0056 i.e. The encryption seed acts as an initialization point for the encryptions, ensuring that even if the same set up characters were encrypted more than once, their form after encryption would not be the same).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Haworth to have used seed ensuring that even if the same set up characters were encrypted more than once, their form after encryption would not be the same (see Haworth paragraph 0033). Therefore one would have been used a salt seed during encrypting to ensuring that even if the same set up characters were encrypted more than once, their form after encryption would not be the same.

With respect to claim 3 Maor teaches the method for protecting data input to the web-based application of claim 1, the method further comprising: 
decrypting, by the remote server system, the encrypted entry to generate a decrypted entry (See Maor Paragraph 0040 i.e. When data is encrypted by the ME, it is sent to the server of the web site (for example, a bank web site as shown in FIG. 5). The server of the web site is the only one who can decrypt the data and obtain the ID and/or passcode data, for example); 
determining, by the remote server system, a portion of the decrypted entry to return to the web-based application; and transmitting, by the remote server system, the portion of the decrypted entry to the web-based application (See Maor Paragraph 0040 i.e. the secured input allows the user to enter and manipulate the data, and user data may be clearly shown in window 504 or fully or partially blocked by using, for example, "********", but in any case whether the data is shown or not shown in window 504 it cannot be read by any software application running on the user's computer or by a hacker trying to use keylogger software and/or other malware).

With respect to claim 4 Maor teaches the method for protecting data input to the web-based application of claim 3, but does not disclose wherein decrypting, by the remote server system, the encrypted entry to generate the decrypted entry further comprises: transmitting, by the web-based application being executed within the web browser, an identifier associated with the fetched public key along with the encrypted entry to the remote server system, identifying, by the remote server system, a private key based on the identifier associated with the fetched public key; decrypting, by the remote server system, the encrypted entry using the private key to generate the decrypted entry; and  removing, by the remote server system, a salt value from the decrypted entry.
Haworth teaches wherein decrypting, by the remote server system, the encrypted entry to generate the decrypted entry further comprises: transmitting, by the web-based application being executed within the web browser, an identifier associated with the fetched public key along with the encrypted entry to the remote server system, identifying, by the remote server system, a private key based on the identifier associated with the fetched public key; decrypting, by the remote server system, the encrypted entry using the private key to generate the decrypted entry (see Haworth paragraph 0073 i.e. The proxy server is configured to run a plugin which examines the input streams on the connections, and looks for specific patterns in the incoming streams. When the plugin detects a pair of patterns, it decrypts the encapsulated bytes using the server's own public and private key. This operation completes the PKI asymmetric decryption process. It reconstructs the stream by removing the specific patterns and replacing the encapsulated bytes with the decrypted bytes. The resulting stream is forwarded to the real site web/application server); and removing, by the remote server system, a salt value from the decrypted entry (see Haworth paragraph 0056 i.e. The encryption seed acts as an initialization point for the encryptions, ensuring that even if the same set up characters were encrypted more than once, their form after encryption would not be the same).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Haworth to have used the received sever public key as a way to encrypt data so that only the server can decrypt the data with its private key as a way to securely send the data (see Haworth paragraph 0033). Therefore one would have been motivated to have to have to encrypt data with the servers public key before sending the data to the server so that only the server can decrypt the data with its private key.

With respect to claim 5 Maor teaches the method for protecting data input to the web-based application of claim 3, wherein transmitting, by the remote server system, the portion of the decrypted entry to the web- based application further comprises: 
tagging, by the remote server system, the portion of the decrypted entry as sensitive (See Maor Paragraph 0040 i.e. When data is encrypted by the ME, it is sent to the server of the web site (for example, a bank web site as shown in FIG. 5). The server of the web site is the only one who can decrypt the data and obtain the ID and/or passcode data, for example); 
generating, by the remote server system, a sensitive representation of the portion of the decrypted entry; and transmitting, by the remote server system, the sensitive representation of the portion of the decrypted entry to the web-based application (See Maor Paragraph 0040 i.e. the secured input allows the user to enter and manipulate the data, and user data may be clearly shown in window 504 or fully or partially blocked by using, for example, "********", but in any case whether the data is shown or not shown in window 504 it cannot be read by any software application running on the user's computer or by a hacker trying to use keylogger software and/or other malware).

With respect to claim 6 Maor teaches the method for protecting data input to the web-based application of claim 1, but does not disclose wherein fetching the public key from the remote server system comprises: requesting, by the remote server system, a key pair from a key management system, wherein the key pair comprises the public key and a corresponding private key; generating, by the key management system, the key pair; and transmitting, by the remote server system, the public key to the web-based application being executed within the web browser.
Haworth teaches wherein fetching the public key from the remote server system comprises: requesting, by the remote server system, a key pair from a key management system, wherein the key pair comprises the public key and a corresponding private key; generating, by the key management system, the key pair; and transmitting, by the remote server system, the public key to the web-based application being executed within the web browser (See Haworth paragraph 0078 i.e. The second capability includes management of a public/private key encryption pair. The private key is used for decrypting the encrypted keystrokes in the proxied calls. The proxy server exposes the public key by providing a rest endpoint. The rest endpoint is preferably a GET call to https://<server name>:<server port>/keiPublicKey. The public/private key supplied by the proxy server is signed by a certificate authority controlled by the operator of the application server).	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Haworth to have used the received sever public key as a way to encrypt data so that only the server can decrypt the data with its private key as a way to securely send the data (see Haworth paragraph 0033). Therefore one would have been motivated to have to have to encrypt data with the servers public key before sending the data to the server so that only the server can decrypt the data with its private key.

With respect to claim 7 Maor teaches the method for protecting data input to the web-based application of claim 1, wherein the one or more data fields tagged as sensitive is selected from the group consisting of: a credit card number data field; a bank account number data field; and a password data field (see Maor Paragraph 0034 i.e. When funneling the sensitive data via the ME 242, the ME 242 actually encrypts the sensitive data that the user 210 types, for example, before the software running on computer 202 obtains the data (for example, sensitive data such as credit card numbers, phone numbers, full name, addresses, etc.) In this manner, when the software that runs on the host processor, for example, of computer 202 is handling the data it is already encrypted and is therefore not usable for keyloggers in an attempt to steal the data via arrow 236 by the hacker 212).

With respect to claim 8 Maor teaches a system for protecting data input to a web-based application, the system comprising: one or more processors; and memory readable by the one or more processors and that stores therein a set of instructions which, when executed by the one or more processors, causes the system to: 	
execute, within a web browser being executed by a computer system, a web- based application (see Maor Paragraph 0037 i.e. The browser 418 is the software that the user 402 normally executes on the computer 404 to browse web sites on the internet), wherein executing the web-based application comprises: 
tagging one or more data fields as sensitive (see Maor Paragraph 0037 i.e. User 402 is a person who is using computer 404 to browse a remote site for which secured input is desired. The user 402 wishes to secure the input using personal guard technology in order to send sensitive information (for example, as part of a transaction) to the remote server 406); and 
identify, by the web-based application being executed within the web browser, a keystroke entry being input to the one or more data fields tagged as sensitive within the web- based application (see Maor Paragraph 0038-0040 i.e. User 402 enters this data via input device 414 (i.e. keyboard) secretly and securely, and the ME 416 encrypts the data (for example, into "blob2"). The encrypted data is then sent via the browser 418 and/or plug in 420 software to the server 406 (for example, as "message2")); 
prior to storing the keystroke entry in memory mapped to the web browser, encrypting, by the web-based application being executed within the web browser, the keystroke entry (see Maor Paragraph 0038 i.e. User 402 enters this data via input device 414 secretly and securely, and the ME 416 encrypts the data (for example, into "blob2"). The encrypted data is then sent via the browser 418 and/or plug in 420 software to the server 406 (for example, as "message2")); 
storing, by the web browser, the encrypted entry to memory (see Maor Paragraph 0038 i.e. User 402 enters this data via input device 414 secretly and securely, and the ME 416 encrypts the data (for example, into "blob2"). The encrypted data is then sent via the browser 418 and/or plug in 420 software to the server 406 (for example, as "message2"), 
presenting, by the web browser, a representation of the keystroke entry in the data field tagged as sensitive (See Maor Paragraph 0040 i.e. the secured input allows the user to enter and manipulate the data, and user data may be clearly shown in window 504 or fully or partially blocked by using, for example, "********", but in any case whether the data is shown or not shown in window 504 it cannot be read by any software application running on the user's computer or by a hacker trying to use keylogger software and/or other malware); and 
transmitting, by the web-based application being executed within the web browser, the encrypted entry to the remote server system (See Maor Paragraph 0040 i.e. When data is encrypted by the ME, it is sent to the server of the web site (for example, a bank web site as shown in FIG. 5). The server of the web site is the only one who can decrypt the data and obtain the ID and/or passcode data, for example).
While Maor teaches encrypting the sensitive date so that only the server of the web site is able to decrypt the data and obtain the ID and/or passcode data. 
Maor does not teach wherein the keystroke entry is never stored to memory of the computer system in an unencrypted form or fetching a public key from a remote server system and using the fetched public key to generate an encrypted entry.
Cini teaches wherein the keystroke entry is never stored to memory of the computer system in an unencrypted form (see Cini paragraph 0027 i.e. the keyboard encryption system enables encryption of keystrokes prior to their entry into a remote desktop. A hardware device is attached via a keyboard cable to a keyboard at one end and to a keyboard socket on the computer on the other end. A remote desktop connection allows for communication between the remote desktop and a remote desktop server).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Cini to have encrypt the keystroke entry before the data is transmitted to the host computer as a way to provide a keyboard encryption system that is compatible with any type of computer keyboard, any computer operating system, and any remote desktop protocol. (see Cini paragraph 0017 and 0020). Therefore one would have been motivated to have encrypted the keyboard keystroke entry before the data is transmitted to the computer.
Haworth teaches fetching a public key from a remote server system (see Haworth 0019 i.e. The KED is operable to accept a public key transmitted over a network from a server) and using the fetched public key to generate an encrypted entry (see Haworth paragraph 0033 i.e.  when activated or turned on, the device encrypts keystrokes using public asymmetric encryption after it has received the remote server public key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Haworth to have used the received sever public key as a way to encrypt data so that only the server can decrypt the data with its private key as a way to securely send the data (see Haworth paragraph 0033). Therefore one would have been motivated to have to have to encrypt data with the servers public key before sending the data to the server so that only the server can decrypt the data with its private key.

With respect to claim 9 Maor teaches the system for protecting data input to the web-based application of claim 8, but does not disclose wherein the instructions to encrypt, by the web-based application being executed within the web browser, the keystroke entry using the fetched public key to generate the encrypted entry further comprise instructions which, when executed by the one or more processors, causes the system to: add, by the web-based application being executed within the web browser, a salt value to the keystroke entry to form the encrypted entry 
Haworth teaches wherein the instructions to encrypt, by the web-based application being executed within the web browser, the keystroke entry using the fetched public key to generate the encrypted entry further comprise instructions which, when executed by the one or more processors, causes the system to: add, by the web-based application being executed within the web browser, a salt value to the keystroke entry to form the encrypted entry (see Haworth paragraph 0056 i.e. The encryption seed acts as an initialization point for the encryptions, ensuring that even if the same set up characters were encrypted more than once, their form after encryption would not be the same).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Haworth to have used seed ensuring that even if the same set up characters were encrypted more than once, their form after encryption would not be the same (see Haworth paragraph 0033). Therefore one would have been used a salt seed during encrypting to ensuring that even if the same set up characters were encrypted more than once, their form after encryption would not be the same.

With respect to claim 10 Maor teaches the system for protecting data input to the web-based application of claim 8, wherein the system further comprises a remote server system, wherein the remote server system is configured to: decrypt the encrypted entry to generate a decrypted entry (See Maor Paragraph 0040 i.e. When data is encrypted by the ME, it is sent to the server of the web site (for example, a bank web site as shown in FIG. 5). The server of the web site is the only one who can decrypt the data and obtain the ID and/or passcode data, for example); 
determining, by the remote server system, a portion of the decrypted entry to return to the web-based application; and transmitting, by the remote server system, the portion of the decrypted entry to the web-based application (See Maor Paragraph 0040 i.e. the secured input allows the user to enter and manipulate the data, and user data may be clearly shown in window 504 or fully or partially blocked by using, for example, "********", but in any case whether the data is shown or not shown in window 504 it cannot be read by any software application running on the user's computer or by a hacker trying to use keylogger software and/or other malware).

With respect to claim 11 Maor teaches the system for protecting data input to the web-based application of claim 10, but does not disclose wherein to decrypt the encrypted entry to generate the decrypted entry the remote server system is further configured to: receive an identifier associated with the fetched public key along with the encrypted entry; identify a private key based on the identifier associated with the fetched public key; decrypt the encrypted entry using the private key to generate the decrypted entry; and remove a salt value from the decrypted entry.
Haworth teaches wherein to decrypt the encrypted entry to generate the decrypted entry the remote server system is further configured to: receive an identifier associated with the fetched public key along with the encrypted entry; identify a private key based on the identifier associated with the fetched public key; decrypt the encrypted entry using the private key to generate the decrypted entry (see Haworth paragraph 0073 i.e. The proxy server is configured to run a plugin which examines the input streams on the connections, and looks for specific patterns in the incoming streams. When the plugin detects a pair of patterns, it decrypts the encapsulated bytes using the server's own public and private key. This operation completes the PKI asymmetric decryption process. It reconstructs the stream by removing the specific patterns and replacing the encapsulated bytes with the decrypted bytes. The resulting stream is forwarded to the real site web/application server); and remove a salt value from the decrypted entry (see Haworth paragraph 0056 i.e. The encryption seed acts as an initialization point for the encryptions, ensuring that even if the same set up characters were encrypted more than once, their form after encryption would not be the same).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Haworth to have used the received sever public key as a way to encrypt data so that only the server can decrypt the data with its private key as a way to securely send the data (see Haworth paragraph 0033). Therefore one would have been motivated to have to have to encrypt data with the servers public key before sending the data to the server so that only the server can decrypt the data with its private key.

With respect to claim 12 Maor teaches he system for protecting data input to the web-based application of claim 10, wherein to transmit the portion of the decrypted entry the remote server system is further configured to: tag the portion of the decrypted entry as sensitive (See Maor Paragraph 0040 i.e. When data is encrypted by the ME, it is sent to the server of the web site (for example, a bank web site as shown in FIG. 5). The server of the web site is the only one who can decrypt the data and obtain the ID and/or passcode data, for example); generate a sensitive representation of the portion of the decrypted entry; and transmit the sensitive representation of the portion of the decrypted entry to the web-based application (See Maor Paragraph 0040 i.e. the secured input allows the user to enter and manipulate the data, and user data may be clearly shown in window 504 or fully or partially blocked by using, for example, "********", but in any case whether the data is shown or not shown in window 504 it cannot be read by any software application running on the user's computer or by a hacker trying to use keylogger software and/or other malware).

With respect to claim 13 Maor teaches the system for protecting data input to the web-based application of claim 8, but does not disclose wherein the system further comprises a remote server system, wherein the remote server system is configured to: request a key pair from a key management system, wherein the key pair comprises the public key and a corresponding private key; transmit the public key to the web-based application being executed within the web browser.
Haworth teaches wherein the system further comprises a remote server system, wherein the remote server system is configured to: request a key pair from a key management system, wherein the key pair comprises the public key and a corresponding private key; transmit the public key to the web-based application being executed within the web browser (See Haworth paragraph 0078 i.e. The second capability includes management of a public/private key encryption pair. The private key is used for decrypting the encrypted keystrokes in the proxied calls. The proxy server exposes the public key by providing a rest endpoint. The rest endpoint is preferably a GET call to https://<server name>:<server port>/keiPublicKey. The public/private key supplied by the proxy server is signed by a certificate authority controlled by the operator of the application server).	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Haworth to have used the received sever public key as a way to encrypt data so that only the server can decrypt the data with its private key as a way to securely send the data (see Haworth paragraph 0033). Therefore one would have been motivated to have to have to encrypt data with the servers public key before sending the data to the server so that only the server can decrypt the data with its private key.

With respect to claim 14 Maor teaches the system for protecting data input to the web-based application of claim 8, wherein the one or more data fields tagged as sensitive is selected from the group consisting of: a credit card number data field; a bank account number data field; and a password data field (see Maor Paragraph 0034 i.e. When funneling the sensitive data via the ME 242, the ME 242 actually encrypts the sensitive data that the user 210 types, for example, before the software running on computer 202 obtains the data (for example, sensitive data such as credit card numbers, phone numbers, full name, addresses, etc.) In this manner, when the software that runs on the host processor, for example, of computer 202 is handling the data it is already encrypted and is therefore not usable for keyloggers in an attempt to steal the data via arrow 236 by the hacker 212).

With respect to claim 15 Maor teaches a non-transitory processor-readable medium, comprising processor-readable instructions configured to cause one or more processors to: execute, within a web browser being executed by a computer system, a web- based application (see Maor Paragraph 0037 i.e. The browser 418 is the software that the user 402 normally executes on the computer 404 to browse web sites on the internet), wherein executing the web-based application comprises: 
tagging one or more data fields as sensitive (see Maor Paragraph 0037 i.e. User 402 is a person who is using computer 404 to browse a remote site for which secured input is desired. The user 402 wishes to secure the input using personal guard technology in order to send sensitive information (for example, as part of a transaction) to the remote server 406); and 
identify, by the web-based application being executed within the web browser, a keystroke entry being input to the one or more data fields tagged as sensitive within the web- based application (see Maor Paragraph 0038-0040 i.e. User 402 enters this data via input device 414 (i.e. keyboard) secretly and securely, and the ME 416 encrypts the data (for example, into "blob2"). The encrypted data is then sent via the browser 418 and/or plug in 420 software to the server 406 (for example, as "message2")); 
prior to storing the keystroke entry in memory mapped to the web browser, encrypting, by the web-based application being executed within the web browser, the keystroke entry (see Maor Paragraph 0038 i.e. User 402 enters this data via input device 414 secretly and securely, and the ME 416 encrypts the data (for example, into "blob2"). The encrypted data is then sent via the browser 418 and/or plug in 420 software to the server 406 (for example, as "message2")); 
storing, by the web browser, the encrypted entry to memory (see Maor Paragraph 0038 i.e. User 402 enters this data via input device 414 secretly and securely, and the ME 416 encrypts the data (for example, into "blob2"). The encrypted data is then sent via the browser 418 and/or plug in 420 software to the server 406 (for example, as "message2"), 
presenting, by the web browser, a representation of the keystroke entry in the data field tagged as sensitive (See Maor Paragraph 0040 i.e. the secured input allows the user to enter and manipulate the data, and user data may be clearly shown in window 504 or fully or partially blocked by using, for example, "********", but in any case whether the data is shown or not shown in window 504 it cannot be read by any software application running on the user's computer or by a hacker trying to use keylogger software and/or other malware); and 
transmitting, by the web-based application being executed within the web browser, the encrypted entry to the remote server system (See Maor Paragraph 0040 i.e. When data is encrypted by the ME, it is sent to the server of the web site (for example, a bank web site as shown in FIG. 5). The server of the web site is the only one who can decrypt the data and obtain the ID and/or passcode data, for example).
While Maor teaches encrypting the sensitive date so that only the server of the web site is able to decrypt the data and obtain the ID and/or passcode data. Maor does not teach wherein the keystroke entry is never stored to memory of the computer system in an unencrypted form or fetching a public key from a remote server system and using the fetched public key to generate an encrypted entry.
Cini teaches wherein the keystroke entry is never stored to memory of the computer system in an unencrypted form (see Cini paragraph 0027 i.e. the keyboard encryption system enables encryption of keystrokes prior to their entry into a remote desktop. A hardware device is attached via a keyboard cable to a keyboard at one end and to a keyboard socket on the computer on the other end. A remote desktop connection allows for communication between the remote desktop and a remote desktop server).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Cini to have encrypt the keystroke entry before the data is transmitted to the host computer as a way to provide a keyboard encryption system that is compatible with any type of computer keyboard, any computer operating system, and any remote desktop protocol. (see Cini paragraph 0017 and 0020). Therefore one would have been motivated to have encrypted the keyboard keystroke entry before the data is transmitted to the computer.
Haworth teaches fetching a public key from a remote server system (see Haworth 0019 i.e. The KED is operable to accept a public key transmitted over a network from a server) and using the fetched public key to generate an encrypted entry (see Haworth paragraph 0033 i.e.  when activated or turned on, the device encrypts keystrokes using public asymmetric encryption after it has received the remote server public key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Haworth to have used the received sever public key as a way to encrypt data so that only the server can decrypt the data with its private key as a way to securely send the data (see Haworth paragraph 0033). Therefore one would have been motivated to have to have to encrypt data with the servers public key before sending the data to the server so that only the server can decrypt the data with its private key.

With respect to claim 16 Maor teaches the non-transitory processor-readable medium of claim 15, but does not disclose wherein the processor-readable instructions to encrypt, by the web-based application being executed within the web browser, the keystroke entry using the fetched public key to generate the encrypted entry further cause the one or more processors to: add a salt value to the keystroke entry to form the encrypted entry 
Haworth teaches wherein the processor-readable instructions to encrypt, by the web-based application being executed within the web browser, the keystroke entry using the fetched public key to generate the encrypted entry further cause the one or more processors to: add a salt value to the keystroke entry to form the encrypted entry  (see Haworth paragraph 0056 i.e. The encryption seed acts as an initialization point for the encryptions, ensuring that even if the same set up characters were encrypted more than once, their form after encryption would not be the same).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Haworth to have used seed ensuring that even if the same set up characters were encrypted more than once, their form after encryption would not be the same (see Haworth paragraph 0033). Therefore one would have been used a salt seed during encrypting to ensuring that even if the same set up characters were encrypted more than once, their form after encryption would not be the same.

With respect to claim 17 Maor teaches the non-transitory processor-readable medium of claim 15, wherein the processor-readable instructions further cause the one or more processors to: decrypt the encrypted entry to generate a decrypted entry(See Maor Paragraph 0040 i.e. When data is encrypted by the ME, it is sent to the server of the web site (for example, a bank web site as shown in FIG. 5). The server of the web site is the only one who can decrypt the data and obtain the ID and/or passcode data, for example); 
determining, by the remote server system, a portion of the decrypted entry to return to the web-based application; and transmitting, by the remote server system, the portion of the decrypted entry to the web-based application (See Maor Paragraph 0040 i.e. the secured input allows the user to enter and manipulate the data, and user data may be clearly shown in window 504 or fully or partially blocked by using, for example, "********", but in any case whether the data is shown or not shown in window 504 it cannot be read by any software application running on the user's computer or by a hacker trying to use keylogger software and/or other malware).

With respect to claim 18 Maor teaches the non-transitory processor-readable medium of claim 17, but does not disclose wherein the processor-readable instructions to decrypt the encrypted entry to generate the decrypted entry further cause the one or more processors to: transmit, by the web-based application being executed within the web browser, an identifier associated with the fetched public key along with the encrypted entry to the remote server system; identify a private key based on the identifier associated with the fetched public key; decrypt the encrypted entry using the private key to generate the decrypted entry; and remove a salt value from the decrypted entry.
Haworth teaches wherein to decrypt the encrypted entry to generate the decrypted entry the remote server system is further configured to: receive an identifier associated with the fetched public key along with the encrypted entry; identify a private key based on the identifier associated with the fetched public key; decrypt the encrypted entry using the private key to generate the decrypted entry (see Haworth paragraph 0073 i.e. The proxy server is configured to run a plugin which examines the input streams on the connections, and looks for specific patterns in the incoming streams. When the plugin detects a pair of patterns, it decrypts the encapsulated bytes using the server's own public and private key. This operation completes the PKI asymmetric decryption process. It reconstructs the stream by removing the specific patterns and replacing the encapsulated bytes with the decrypted bytes. The resulting stream is forwarded to the real site web/application server); and remove a salt value from the decrypted entry (see Haworth paragraph 0056 i.e. The encryption seed acts as an initialization point for the encryptions, ensuring that even if the same set up characters were encrypted more than once, their form after encryption would not be the same).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maor in view of Haworth to have used the received sever public key as a way to encrypt data so that only the server can decrypt the data with its private key as a way to securely send the data (see Haworth paragraph 0033). Therefore one would have been motivated to have to have to encrypt data with the servers public key before sending the data to the server so that only the server can decrypt the data with its private key.

With respect to claim 19 Maor teaches the non-transitory processor-readable medium of claim 17, wherein the processor-readable instructions to transmit the decrypted entry to the web-based application further cause the one or more processors to: tag the portion of the decrypted entry as sensitive (See Maor Paragraph 0040 i.e. When data is encrypted by the ME, it is sent to the server of the web site (for example, a bank web site as shown in FIG. 5). The server of the web site is the only one who can decrypt the data and obtain the ID and/or passcode data, for example); generate a sensitive representation of the portion of the decrypted entry; and transmit the sensitive representation of the portion of the decrypted entry to the web-based application (See Maor Paragraph 0040 i.e. the secured input allows the user to enter and manipulate the data, and user data may be clearly shown in window 504 or fully or partially blocked by using, for example, "********", but in any case whether the data is shown or not shown in window 504 it cannot be read by any software application running on the user's computer or by a hacker trying to use keylogger software and/or other malware).

With respect to claim 20 Maor teaches the non-transitory processor-readable medium of claim 15, wherein the one or more data fields tagged as sensitive is selected from the group consisting of: a credit card number data field; a bank account number data field; and a password data field (see Maor Paragraph 0034 i.e. When funneling the sensitive data via the ME 242, the ME 242 actually encrypts the sensitive data that the user 210 types, for example, before the software running on computer 202 obtains the data (for example, sensitive data such as credit card numbers, phone numbers, full name, addresses, etc.) In this manner, when the software that runs on the host processor, for example, of computer 202 is handling the data it is already encrypted and is therefore not usable for keyloggers in an attempt to steal the data via arrow 236 by the hacker 212).

Prior Art of Record
	Mokashi et al (10,699,023) teaches real-time data encryption using an encryption profile that enables a customer to specify the type of data to encrypt and the encryption keys to use when encrypting the data. A profile editor that a customer (e.g., a customer of a content provider) can use to create and manage encryption profiles that can be used to encrypt data can be provided. A profile editor or set of request parameters can allow customers to configure content distributions and associate encryption keys with a profile to encrypt user sensitive data
	Pemmaraju (US 2007/0182714) teaches a system for foiling a keylogger by creating a custom keyboard driver and passing the keystrokes directly to the browser in an encrypted format. The browser (which is used to access the Internet) has a component that decrypts the keystroke before it is sent to the website. Thus the present invention enables the user to go to any website and enter sensitive information (passwords, credit card numbers, etc.) without the keystrokes being intercepted by Keyloggers.
	Cini (US 2010/0195825) teaches a keyboard encryption system that enables encryption of keystrokes prior to their entry into a remote desktop. An encryption device is attached via a keyboard cable to a keyboard at one end and to a keyboard socket on a computer on the other end. A remote desktop connection allows for communication between the computer and a remote desktop server. The encryption device contains encryption software to encrypt each keystroke as it is received. The encryption device contains a unique serial number that allows it recognized by decryption software installed on the remote desktop server

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        
/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492