Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

RCE filed on 04/11/2022 is acknowledged. Claims 1-25 are currently pending and have been considered below. Claim 1, 9 and 17 are independent claim. Claims 1, 9 and 17 have been amended. No claim has been added new. No claim is cancelled.

Priority
The application is a CON of PCT/CN2019/107676 filed on 09/25/2019.

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/11/2022 has been entered.

Remarks and response
Applicant’s arguments filed in the amendments on 04/11/2022 have been fully considered but are moot in view of new grounds of rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 1-2, 5-10, 13-18 and 21-25 are rejected under 35 U.S.C. 103 as being unpatentable over Soghoian (US Patent No 8,220,047 B1) in view of Alfonseca (US Patent Application Publication No 2009/0063462 A1) and further in view of Chougle (US Patent Application Publication No 2016/0253492 A1). 

Regarding Claim 1, Soghoian discloses a computer system comprising: 
a memory (Soghoian, Fig-1, element 114); and 
at least one processor coupled to the memory and configured to (Soghoian, Fig-1, element 112):
recognize a user input field of a web site displayable in a browser, the web site identified as a security risk based on a whitelist of web site addresses (Soghoian, col 4, line 5-10, to deceive the user, the phishing window may include a message instructing the user to follow a link or URL in the electronic document to an untrusted electronic document such as an untrusted webpage to verify their private information. Col 4, line 35-45, the phisher may use the username and password to access the user’s email, an online banking account and/or online gaming account to steal information, money or other valuable things. Phishing websites may all be attempting to deceive the user into disclosing the private information such as username, password, credit card number, address, social security number or other similar private information); 
determine that a sequence of characters within the user input field matches one or more entries in a list of partial passwords in response to the web site being identified as a security risk (Soghoian, col 5, line 45-50, the user may enter various sequences of numbers, letters and symbols when interacting with user computer. Col 12, line 15-25, the trigger module may generate a trigger event corresponding to a home address from the account information and a low complexity username and password from the complexity information. The detection module may determine that the APS may conduct further processing to determine whether to take an action to protect the private information after identifying in the user input data stream, the home address, one or more characters of the username, and one or more characters of the password. Col 12, line 45-50, trigger module may generate a trigger event when only a few of the characters of the private information are identified in a user input data stream. Col 16, line 10-20); and 
prevent the user from entering additional characters into the user input field in response to the determination, to block receipt of the user credential by the web site (Soghoian, col 13, line 40-50, Fig-5, the action module of APS may compare a communication address of the untrusted electronic document with a whitelist of trusted addresses for trusted electronic documents. Col 14, line 1-10, the action module of the APS may take an action to protect the private information. The action may be one or more of instructing the transmission module to stop data transmission across the network, instructing the message module to display a message to the user, authenticating the server 106 and other actions to protect the user’s private information. Also col 16, line 10-30); 
Soghoian does not explicitly teach the following limitation that Alfonseca teaches:
wherein the list of partial passwords is an enumeration of all combinations of sub-strings of a user credential (Alfonseca, Fig-2, ¶[0032]- ¶[0038], each word in the data store can be associated with one or more substring. Each of the substrings can include one or more consecutive letters of the word. The word “kontrollfunktion” can be splitted into sub-string as “k”, “ko”, “kont”, “kontr” etc. The splitting engine can add a first morpheme to the beginning and end of each of the one or more first substrings to create one or more second substring).
Soghoian in view of Alfonseca are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “preventing phishing attack”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Soghoian in view of Alfonseca to include the idea of including one or more search term in response to a query to identify potential words that are applicable. It will include the idea of providing a phishing protection module to improve the security because in phishing attacks the victims unknowingly or unwittingly assists the attacker by voluntarily providing his security credentials such as username and password to the attacker.
Soghoian in view of Alfonseca does not explicitly teach the following limitation that Chougle teaches:
credential that excludes a number of characters, wherein the number of characters is set to a difference between a length of the user credential and a threshold count of entered characters (Chougle, Fig-5, ¶[0027], a character counter is initialized to zero during startup of local password application. After a character is input in step 502, the character counter is incremented in the next step. The character counter value is then tested in step 506 to determine whether the character count has reached the predetermined threshold value. If not, local password application returns to step 502 to input another character. ¶[0037], a character count threshold is balancing the number of characters of a password that could potentially be revealed with the likelihood that false matches may occur between a valid user name and the character string entered by the user).
Soghoian in view of Alfonseca and further in view of Chougle are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “preventing phishing attack”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Soghoian in view of Alfonseca and Chougle to include the idea of including one or more search term in response to a query to identify potential words that are applicable. It will include the idea of providing a phishing protection module to improve the security because in phishing attacks the victims unknowingly or unwittingly assists the attacker by voluntarily providing his security credentials such as username and password to the attacker.

Regarding Claim 2, Soghoian in view of Alfonseca and further in view of Chougle discloses the computer system of claim 1, wherein the at least one processor is further configured to perform the determination in response to a count of characters in the sequence of characters exceeding a threshold (Soghoian, col 16, line 10-20, the detection module may monitor the user input data stream for “bob” and “ca” or “bo” and “cat” within 50 characters of one another).

Regarding Claim 5, Soghoian in view of Alfonseca and further in view of Chougle discloses the computer system of claim 1, wherein the at least one processor is further configured to provide a warning to the user in response to the determination (Chougle, ¶[0028], the user name field is cleared and an alert is generated. ¶[0029], the alert to the user generated may take a number of forms: an audible alert or visible alert).

Regarding Claim 6, Soghoian in view of Alfonseca and further in view of Chougle discloses the computer system of claim 1, wherein the web site addresses are uniform resource locators (Soghoian, col 4, line 5-10, to deceive the user, the phishing window may include a message instructing the user to follow a link (URL) in the electronic document to an untrusted electronic document. Also col 7, line 15-20, the forwarding information also may indicate that the user entered an address (URL) in an address bar of a browser and may not have been redirected by an electronic document).

Regarding Claim 7, Soghoian in view of Alfonseca and further in view of Chougle discloses the computer system of claim 1, wherein the partial password is a sub-string of the user credential that excludes one or more characters (Chougle, Fig-5, ¶[0027], a character counter is initialized to zero during startup of local password application. After a character is input in step 502, the character counter is incremented in the next step. The character counter value is then tested in step 506 to determine whether the character count has reached the predetermined threshold value. If not, local password application returns to step 502 to input another character. ¶[0037], a character count threshold is balancing the number of characters of a password that could potentially be revealed with the likelihood that false matches may occur between a valid user name and the character string entered by the user).

Regarding Claim 8, Soghoian in view of Alfonseca and further in view of Chougle discloses the computer system of claim 1, wherein the at least one processor is further configured to delete characters within the user input field in response to the determination (Chougle, Fig-5, ¶[0027], a character counter is initialized to zero during startup of local password application. After a character is input in step 502, the character counter is incremented in the next step. The character counter value is then tested in step 506 to determine whether the character count has reached the predetermined threshold value. If not, local password application returns to step 502 to input another character. ¶[0037], a character count threshold is balancing the number of characters of a password that could potentially be revealed with the likelihood that false matches may occur between a valid user name and the character string entered by the user).

Regarding Claim 9, Soghoian discloses a method of securing user credentials comprising: 
recognizing, by a computer system, a user input field of a web site displayable in a browser, the web site identified as a security risk based on a whitelist of web site addresses (Soghoian, col 4, line 5-10, to deceive the user, the phishing window may include a message instructing the user to follow a link or URL in the electronic document to an untrusted electronic documents such as an untrusted webpage to verify their private information. Col 4, line 35-45, the phisher may use the username and password to access the user’s email, an online banking account and/or online gaming account to steal information, money or other valuable things. Phishing websites may all be attempting to deceive the user into disclosing the private information such as username, password, credit card number, address, social security number or other similar private information); 
determining, by the computer system, that a sequence of characters within the user input field matches one or more entries in a list of partial passwords in response to the web site being identified as a security risk (Soghoian, col 5, line 45-50, the user may enter various sequences of numbers, letters and symbols when interacting with user computer. Col 12, line 15-25, the trigger module may generate a trigger event corresponding to a home address from the account information and a low complexity username and password from the complexity information. The detection module may determine that the APS may conduct further processing to determine whether to take an action to protect the private information after identifying in the user input data stream, the home address, one or more characters of the username, and one or more characters of the password. Col 12, line 45-50, trigger module may generate a trigger event when only a few of the characters of the private information are identified in a user input data stream. Col 16, line 10-20); and 
preventing, by the computer system, the user from entering additional characters into the user input field in response to the determination, to block receipt of the user credential by the web site (Soghoian, col 13, line 40-50, Fig-5, the action module of APS may compare a communication address of the untrusted electronic document with a whitelist of trusted addresses for trusted electronic documents. Col 14, line 1-10, the action module of the APS may take an action to protect the private information. The action may be one or more of instructing the transmission module to stop data transmission across the network, instructing the message module to display a message to the user, authenticating the server 106 and other actions to protect the user’s private information. Also col 16, line 10-30).
Soghoian does not explicitly teach the following limitation that Alfonseca teaches:
wherein the list of partial passwords is an enumeration of all combinations of sub-strings of a user credential (Alfonseca, Fig-2, ¶[0032]- ¶[0038], each word in the data store can be associated with one or more substring. Each of the substrings can include one or more consecutive letters of the word. The word “kontrollfunktion” can be splitted into sub-string as “k”, “ko”, “kont”, “kontr” etc. The splitting engine can add a first morpheme to the beginning and end of each of the one or more first substrings to create one or more second substring).
Soghoian in view of Alfonseca are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “preventing phishing attack”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Soghoian in view of Alfonseca to include the idea of including one or more search term in response to a query to identify potential words that are applicable. It will include the idea of providing a phishing protection module to improve the security because in phishing attacks the victims unknowingly or unwittingly assists the attacker by voluntarily providing his security credentials such as username and password to the attacker.
Soghoian in view of Alfonseca does not explicitly teach the following limitation that Chougle teaches:
credential that excludes a number of characters, wherein the number of characters is set to a difference between a length of the user credential and a threshold count of entered characters (Chougle, Fig-5, ¶[0027], a character counter is initialized to zero during startup of local password application. After a character is input in step 502, the character counter is incremented in the next step. The character counter value is then tested in step 506 to determine whether the character count has reached the predetermined threshold value. If not, local password application returns to step 502 to input another character. ¶[0037], a character count threshold is balancing the number of characters of a password that could potentially be revealed with the likelihood that false matches may occur between a valid user name and the character string entered by the user).
Soghoian in view of Alfonseca and further in view of Chougle are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “preventing phishing attack”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Soghoian in view of Alfonseca and Chougle to include the idea of including one or more search term in response to a query to identify potential words that are applicable. It will include the idea of providing a phishing protection module to improve the security because in phishing attacks the victims unknowingly or unwittingly assists the attacker by voluntarily providing his security credentials such as username and password to the attacker.

Regarding Claim 10, Soghoian in view of Alfonseca and further in view of Chougle discloses the method of claim 9, wherein the determining is performed in response to a count of characters in the sequence of characters exceeding a threshold (Soghoian, col 16, line 10-20, the detection module may monitor the user input data stream for “bob” and “ca” or “bo” and “cat” within 50 characters of one another).

Regarding Claim 13, Soghoian in view of Alfonseca and further in view of Chougle discloses the method of claim 9, further comprising providing a warning to the user in response to the determination (Chougle, ¶[0028], the user name field is cleared and an alert is generated. ¶[0029], the alert to the user generated may take a number of forms: an audible alert or visible alert).

Regarding Claim 14, Soghoian in view of Alfonseca and further in view of Chougle discloses the method of claim 9, wherein the method is executed by a plug-in associated with the web browser (Chougle, ¶[0028], the user name field is cleared and an alert is generated. ¶[0029], the alert to the user generated may take a number of forms: an audible alert or visible alert).

Regarding Claim 15, Soghoian in view of Alfonseca and further in view of Chougle discloses the method of claim 9, wherein the web site addresses are uniform resource locators (Soghoian, col 4, line 5-10, to deceive the user, the phishing window may include a message instructing the user to follow a link (URL) in the electronic document to an untrusted electronic document. Also col 7, line 15-20, the forwarding information also may indicate that the user entered an address (URL) in an address bar of a browser and may not have been redirected by an electronic document).

Regarding Claim 16, Soghoian in view of Alfonseca and further in view of Chougle discloses the method of claim 9, wherein the partial password is a sub-string of the user credential that excludes one or more characters (Chougle, Fig-5, ¶[0027], a character counter is initialized to zero during startup of local password application. After a character is input in step 502, the character counter is incremented in the next step. The character counter value is then tested in step 506 to determine whether the character count has reached the predetermined threshold value. If not, local password application returns to step 502 to input another character. ¶[0037], a character count threshold is balancing the number of characters of a password that could potentially be revealed with the likelihood that false matches may occur between a valid user name and the character string entered by the user).

Regarding Claim 17, Soghoian discloses a non-transitory computer readable medium storing executable sequences of instructions to secure user credentials, the sequences of instructions comprising instructions to: 
recognize a user input field of a web site displayable in a browser, the web site identified as a security risk based on a whitelist of web site addresses (Soghoian, col 4, line 5-10, to deceive the user, the phishing window may include a message instructing the user to follow a link or URL in the electronic document to an untrusted electronic documents such as an untrusted webpage to verify their private information. Col 4, line 35-45, the phisher may use the username and password to access the user’s email, an online banking account and/or online gaming account to steal information, money or other valuable things. Phishing websites may all be attempting to deceive the user into disclosing the private information such as username, password, credit card number, address, social security number or other similar private information); 
determine that a sequence of characters within the user input field matches one or more entries in a list of partial passwords in response to the web site being identified as a security risk (Soghoian, col 5, line 45-50, the user may enter various sequences of numbers, letters and symbols when interacting with user computer. Col 12, line 15-25, the trigger module may generate a trigger event corresponding to a home address from the account information and a low complexity username and password from the complexity information. The detection module may determine that the APS may conduct further processing to determine whether to take an action to protect the private information after identifying in the user input data stream, the home address, one or more characters of the username, and one or more characters of the password. Col 12, line 45-50, trigger module may generate a trigger event when only a few of the characters of the private information are identified in a user input data stream. Col 16, line 10-20); and 
prevent the user from entering additional characters into the user input field in response to the determination, to block receipt of the user credential by the web site (Soghoian, col 13, line 40-50, Fig-5, the action module of APS may compare a communication address of the untrusted electronic document with a whitelist of trusted addresses for trusted electronic documents. Col 14, line 1-10, the action module of the APS may take an action to protect the private information. The action may be one or more of instructing the transmission module to stop data transmission across the network, instructing the message module to display a message to the user, authenticating the server 106 and other actions to protect the user’s private information. Also col 16, line 10-30).
Soghoian does not explicitly teach the following limitation that Alfonseca teaches:
wherein the list of partial passwords is an enumeration of all combinations of sub-strings of a user credential (Alfonseca, Fig-2, ¶[0032]- ¶[0038], each word in the data store can be associated with one or more substring. Each of the substrings can include one or more consecutive letters of the word. The word “kontrollfunktion” can be splitted into sub-string as “k”, “ko”, “kont”, “kontr” etc. The splitting engine can add a first morpheme to the beginning and end of each of the one or more first substrings to create one or more second substring).
Soghoian in view of Alfonseca are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “preventing phishing attack”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Soghoian in view of Alfonseca to include the idea of including one or more search term in response to a query to identify potential words that are applicable. It will include the idea of providing a phishing protection module to improve the security because in phishing attacks the victims unknowingly or unwittingly assists the attacker by voluntarily providing his security credentials such as username and password to the attacker.
Soghoian in view of Alfonseca does not explicitly teach the following limitation that Chougle teaches:
credential that excludes a number of characters, wherein the number of characters is set to a difference between a length of the user credential and a threshold count of entered characters (Chougle, Fig-5, ¶[0027], a character counter is initialized to zero during startup of local password application. After a character is input in step 502, the character counter is incremented in the next step. The character counter value is then tested in step 506 to determine whether the character count has reached the predetermined threshold value. If not, local password application returns to step 502 to input another character. ¶[0037], a character count threshold is balancing the number of characters of a password that could potentially be revealed with the likelihood that false matches may occur between a valid user name and the character string entered by the user).
Soghoian in view of Alfonseca and further in view of Chougle are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “preventing phishing attack”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Soghoian in view of Alfonseca and Chougle to include the idea of including one or more search term in response to a query to identify potential words that are applicable. It will include the idea of providing a phishing protection module to improve the security because in phishing attacks the victims unknowingly or unwittingly assists the attacker by voluntarily providing his security credentials such as username and password to the attacker.

Regarding Claim 18, Soghoian in view of Alfonseca and further in view of Chougle discloses the computer readable medium of claim 17, wherein the sequences of instructions further include instructions to perform the determination in response to a count of characters in the sequence of characters exceeding a threshold (Soghoian, col 16, line 10-20, the detection module may monitor the user input data stream for “bob” and “ca” or “bo” and “cat” within 50 characters of one another).

Regarding Claim 21, Soghoian in view of Alfonseca and further in view of Chougle discloses the computer readable medium of claim 17, wherein the sequences of instructions further include instructions to provide a warning to the user in response to the determination (Chougle, ¶[0028], the user name field is cleared and an alert is generated. ¶[0029], the alert to the user generated may take a number of forms: an audible alert or visible alert).

Regarding Claim 22, Soghoian in view of Alfonseca and further in view of Chougle discloses the computer readable medium of claim 17, wherein the sequences of instructions are included in a plug-in associated with the web browser (Chougle, ¶[0028], the user name field is cleared and an alert is generated. ¶[0029], the alert to the user generated may take a number of forms: an audible alert or visible alert).

Regarding Claim 23, Soghoian in view of Alfonseca and further in view of Chougle discloses the computer readable medium of claim 17, wherein the web site addresses are uniform resource locators (Soghoian, col 4, line 5-10, to deceive the user, the phishing window may include a message instructing the user to follow a link (URL) in the electronic document to an untrusted electronic document. Also col 7, line 15-20, the forwarding information also may indicate that the user entered an address (URL) in an address bar of a browser and may not have been redirected by an electronic document).

Regarding Claim 24, Soghoian in view of Alfonseca and further in view of Chougle discloses the computer readable medium of claim 17, wherein the partial password is a sub-string of the user credential that excludes one or more characters (Chougle, Fig-5, ¶[0027], a character counter is initialized to zero during startup of local password application. After a character is input in step 502, the character counter is incremented in the next step. The character counter value is then tested in step 506 to determine whether the character count has reached the predetermined threshold value. If not, local password application returns to step 502 to input another character. ¶[0037], a character count threshold is balancing the number of characters of a password that could potentially be revealed with the likelihood that false matches may occur between a valid user name and the character string entered by the user).

Regarding Claim 25, Soghoian in view of Alfonseca and further in view of Chougle discloses the computer readable medium of claim 17, wherein the sequences of instructions further include instructions to delete characters within the user input field in response to the determination (Chougle, Fig-5, ¶[0027], a character counter is initialized to zero during startup of local password application. After a character is input in step 502, the character counter is incremented in the next step. The character counter value is then tested in step 506 to determine whether the character count has reached the predetermined threshold value. If not, local password application returns to step 502 to input another character. ¶[0037], a character count threshold is balancing the number of characters of a password that could potentially be revealed with the likelihood that false matches may occur between a valid user name and the character string entered by the user).

Claim 3-4, 11-12 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Soghoian (US Patent No 8,220,047 B1) in view of Alfonseca (US Patent Application Publication No 2009/0063462 A1) and further in view of Chougle (US Patent Application Publication No 2016/0253492 A1) and further in view of Florencio (US Patent Application Publication No 2007/0006305 A1). 

Regarding Claim 3, Soghoian in view of Alfonseca, Chougle and further in view of Florencio discloses the computer system of claim 1, wherein the web site is displayable in a first security context, and the at least one processor is further configured to: 
obtain the user credential in a second security context, the second security context separate from the first security context such that the second security context prevents receipt of user input by the web site (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store. ¶[0046], the security server can cause a warning to be displayed that indicates that the user should exercise additional caution before submitting security credential); 
authenticate the user credential with a rule server (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store); 
obtain the whitelist of web site addresses from the rule server in response to the authentication (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store. ¶[0046], the security server can cause a warning to be displayed that indicates that the user should exercise additional caution before submitting security credential); and 
obtain the list of partial passwords from the rule server in response to the authentication, wherein the one or more entries in the list of partial passwords are encrypted (Florencio, ¶[0068], the encryption module can encrypt or protect information from the user interface. ¶[0069], the encryption module can create a hash of the user name. The security of the hash can be further improved by adding a salt. ¶[0070], to avoid security breaches through attacks using precomputed hash tables, a client specific salt is added to the password).
Soghoian in view of Alfonseca and Chougle and further in view of Florencio are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “preventing phishing attack”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Soghoian in view of Alfonseca, Chougle and Florencio to include the idea of providing a phishing protection module to improve the security because in phishing attacks the victims unknowingly or unwillingly assists the attacker by voluntary providing his security credentials such as username and password to the attacker.

Regarding Claim 4, Soghoian in view of Alfonseca and Chougle and further in view of Florencio discloses the computer system of claim 3, wherein the determination further comprises performing, by the at least one processor: 
encrypting the sequence of characters (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store); and 
comparing the encrypted sequence of characters to the one or more encrypted entries in the list of partial passwords to find a match (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store).

Regarding Claim 11, Soghoian in view of Alfonseca and Chougle and further in view of Florencio discloses the method of claim 9, wherein the web site is displayable in a first security context, the method further comprising: 
obtaining the user credential in a second security context, the second security context separate from the first security context such that the second security context prevents receipt of user input by the web site (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store. ¶[0046], the security server can cause a warning to be displayed that indicates that the user should exercise additional caution before submitting security credential); 
authenticating the user credential with a rule server (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store); 
obtaining the whitelist of web site addresses from the rule server in response to the authentication (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store. ¶[0046], the security server can cause a warning to be displayed that indicates that the user should exercise additional caution before submitting security credential); and 
obtaining the list of partial passwords from the rule server in response to the authentication, wherein the one or more entries in the list of partial passwords are encrypted (Florencio, ¶[0068], the encryption module can encrypt or protect information from the user interface. ¶[0069], the encryption module can create a hash of the user name. The security of the hash can be further improved by adding a salt. ¶[0070], to avoid security breaches through attacks using precomputed hash tables, a client specific salt is added to the password).

Regarding Claim 12, Soghoian in view of Alfonseca and Chougle and further in view of Florencio discloses the method of claim 11, wherein the determining further comprises: 
encrypting the sequence of characters (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store); and 
comparing the encrypted sequence of characters to the one or more encrypted entries in the list of partial passwords to find a match (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store).

Regarding Claim 19, Soghoian in view of Alfonseca and Chougle and further in view of Florencio discloses the computer readable medium of claim 17, wherein the web site is displayable in a first security context and the sequences of instructions further include instructions to: 
obtain the user credential in a second security context, the second security context separate from the first security context such that the second security context prevents receipt of user input by the web site (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store. ¶[0046], the security server can cause a warning to be displayed that indicates that the user should exercise additional caution before submitting security credential); 
authenticate the user credential with a rule server (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store); 
obtain the whitelist of web site addresses from the rule server in response to the authentication (Florencio, ¶[0043], the security server can receive a vector that includes all legitimate domains that share the same password. The security server can compare the instant use of the security credential with information from the trusted site data store to determine whether the user is entering security credentials a t a trusted site. ¶[0044], the security server can compare the received security credentials against entries in a phishing site data store. ¶[0046], the security server can cause a warning to be displayed that indicates that the user should exercise additional caution before submitting security credential); and 
obtain the list of partial passwords from the rule server in response to the authentication, wherein the one or more entries in the list of partial passwords are encrypted (Florencio, ¶[0068], the encryption module can encrypt or protect information from the user interface. ¶[0069], the encryption module can create a hash of the user name. The security of the hash can be further improved by adding a salt. ¶[0070], to avoid security breaches through attacks using precomputed hash tables, a client specific salt is added to the password).

Regarding Claim 20, Soghoian in view of Alfonseca and Chougle and further in view of Florencio discloses the computer readable medium of claim 19, wherein the sequences of instructions further include instructions to: 
encrypt the sequence of characters (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store); and 
compare the encrypted sequence of characters to the one or more encrypted entries in the list of partial passwords to find a match (Florencio, ¶[0074], when a key press event occurs, the encryption module takes the last 7 characters in the FIFO buffer, concatenates those characters with the client specific salt, and recursively computes the hash of this string N times. For each entry in the user credential data store, the encryption module concatenates the resulting hash string with the entry-specific salt, computes the hash of that string and compares the hash with the appropriate entry of the user credential data store).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-Form 892).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F, 8 am to 5 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/WASIKA NIPA/           Primary Examiner, Art Unit 2433