Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Response to Amendment
Applicant's submission filed on 3/21/2022 has been entered.   Claims 23-42 are pending.  
 Response to Arguments
Applicant’s arguments with respect to claims 23, 37 and 42 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 23-26, 28-29 and 31-42 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Hubbard et al. (US 2008/0133540 hereinafter Hubbard) in view of Hiroshi et al. (JP 2006221242 A, pages 1-33, herein after Hiroshi).
Regarding claim 23, Hubbard discloses a method for using a scanning facility executing on processing circuitry, the method comprising: 
receiving a request for a file from a client at the scanning facility, the request including an outbound network request from the client to a network location for the file specified by a Uniform Resource Identifier (URI) including a domain for the URI (FIG. 3 & 11, ¶ [0052]-[0053], [0101]; i.e. the gateway server module receives outgoing URL requests for website or webpage, for example, www.gouglecom/page2.html, from the workstation module); 
saving contextual information from the request at the scanning facility, wherein the contextual information includes first locale information specifying a first location associated with the domain for the URI (FIG. 3, ¶ [0054], [0101], [0103]-[0104]; i.e. storing information about URLs in the categorized URL/content database including the domain names of URL host in particular country); 
examining the request for compliance with a management policy at the scanning facility (FIG. 3, ¶ [0054]-[0055]; i.e. determining whether the URL request is permitted based on a policy module); 
in response to the request, retrieving the file from the network location and transmitting the file to the scanning facility (FIG. 3, ¶ [0054], [0062]-[0063]; i.e. retrieving/obtaining the webpage identified in the URL request from the website and transmitting the webpage to the content filtering module); 
extracting second locale information from the file, the second locale information indicating a source of the file, the source including at least one of a geographic location, a business location, a residence location, and author, and a machine (FIG. 3 & 11, ¶ [0062]-[0063]; i.e. parsing the returned webpage and identifying URL links and comparing each URL link or item of content to the URL/content database wherein the URL indicating the website or the source of the web page);
presenting the second locale information and the file to the scanning facility (FIG. 3 & 11, ¶ [0062]-[0063], [0090]; i.e. providing the URL and the webpage to the analyzing module); and 
analyzing, with the scanning facility, the information from the request and the file responsive to the request to detect whether the content item includes restricted content based on one or more locale restrictions of the management policy (FIG. 3, ¶ [0055]-[0056], [0062]-[0063], [0101]; i.e. analyzing the outgoing URL request and the content of the page returned in response to the URL request to identify malicious information based on reputation score generated from the geo-location data associated with the URL).
Hubbard does not explicitly discloses analyzing the first locale information specifying the first location from the request comparatively with the second locale information extracted from the file responsive to the request.
However, Hiroshi discloses analyzing the first locale information specifying the first location from the request comparatively with the second locale information extracted from the file responsive to the request (FIG. 1 & 3, page 4, ¶ 4, “FIG. 3 shows…The web page information table G122(U242) stores information related to appearance information on the screen in association with the address of the regular web page based on an input/registration instruction from the user terminal U1 (or (U2). In this embodiment, the address G1221 (U2421) and link information G1222 (U2422) to the storage location of appearance information data in which the web page is made one appearance information”; i.e. the gateway G1 receives an input or request for a webpage from user U1 or U2 and stores the address and/or link to the storage location of the webpage. Pages 5 - 6 “when the communication unit G11 receives information from the communication network N2 (S307), it is determined whether the control unit G15 has received a web page (S308)…If the control means G15 determines that the web page is received (Y in S308), the comparison means G13 converts the format of this web page into the same format of this web page into the same format as the web page appearance information G123 stored in the information storage means G12 (S309). Then, it is determined whether there is something with a high degree of similarity in appearance compared to the web page appearance information G123 stored in the information storage means G12 (S310)”.  Page 6, ¶ 4 “…Referring to S310, an address G1221 corresponding to the file name G1222 of the web page appearance information G123 determined to have a high degree of similarity is acquired, and compared with the address of the receive web page to determine whether the addresses are the same.  (S313) If the addresses are the same (Y in S313), the web page is a regular web page, so the process proceeds to S315…”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Hiroshi’s teaching into Hubbard in order to determine at the time of a connection or in real-time whether the website that a user requests is a legitimate website to prevent authentication information from being stolen (Hiroshi, page 2).
Regarding claim 24, Hubbard in view of Hiroshi discloses the method of claim 23, wherein the contextual information further includes one or more of a known alphanumeric string within the request from the client and a sequence of alphanumeric strings in a series of client requests (Hubbard, ¶ [0045], [0073]).
Regarding claim 25, Hubbard in view of Hiroshi discloses the method of claim 23, wherein access to the URI directs a user to another web page (Hubbard, ¶ [0049]).
Regarding claim 26, Hubbard in view of Hiroshi discloses the method of claim 23 wherein analyzing includes analyzing header information for the file responsive to the request to detect whether the file includes restricted content from a list of restrictions in the management policy (Hubbard, ¶ [0096]).
Regarding claim 28, Hubbard in view of Hiroshi discloses the method of claim 23, further comprising executing the scanning facility on a remote threat management facility (Hubbard, FIG. 3).
Regarding claim 29, Hubbard in view of Hiroshi discloses the method of claim 23, further comprising, when the file includes restricted content, blocking the restricted content from the client (Hubbard, ¶ [0064]).
Regarding claim 31, Hubbard in view of Hiroshi discloses the method of claim 23, wherein contextual information includes path information in the request (Hubbard, ¶ [0101]).
Regarding claim 32, Hubbard in view of Hiroshi discloses the method of claim 23, wherein the contextual information includes a registered domain name for an organization (Hubbard, ¶ [0104]).
Regarding claim 33, Hubbard in view of Hiroshi discloses the method of claim 23, wherein the contextual information includes header information in the request (Hubbard, ¶ [0095]).
Regarding claim 34, Hubbard in view of Hiroshi discloses the method of claim 23, wherein the contextual information includes data indicating a source of the request (Hubbard, FIG. 5, ¶ [0065]).
Regarding claim 35, Hubbard in view of Hiroshi discloses the method of claim 23, wherein the contextual information includes header information for the file retrieved in response to the request (Hubbard, ¶ [0095]-[0096]).
Regarding claim 36, Hubbard in view of Hiroshi discloses the method of claim 23 wherein the contextual information includes a plurality of network addresses for a prior sequence of client requests (Hubbard, FIG. 11, ¶ [0101]).
Regarding claim 37, see claim 23 above for the same reasons of rejections.
Regarding claim 38, see claim 24 above for the same reasons of rejections.
Regarding claim 39, Hubbard in view of Hiroshi discloses the computer program product of claim 37, wherein the contextual information further includes a changed portion of the request relative to other requests (Hubbard, ¶ [0101]).
Regarding claim 40, see claim 25 above for the same reasons of rejections.
Regarding claim 41, see claim 26 above for the same reasons of rejections.
Regarding claim 42, Hubbard discloses a system comprising: 
one or more hardware processors (FIG. 3, ¶ [0138]); 
a non-transitory computer readable medium comprising instructions executable by the one or more hardware processors (FIG. 3, ¶ [0139]); and 
a scanning facility configured to receive a request for a file from a client, the request including an outbound network request from the client to a network location specified by a Uniform Resource Identifier (URI) including a domain for the URI(FIG. 3, ¶ [0052]-[0053]; i.e. the gateway server module receives outgoing URL requests from the workstation module), the scanning facility further configured to save contextual information from the request including first locale information specifying the first location associated with the domain for the URI (FIG. 3, ¶ [0054], [0101], [0103]-[0104]; i.e. storing information about URLs in the categorized URL/content database including the domain names of URL host in particular country), to examine the request for compliance with a management policy at the scanning facility (FIG. 3, ¶ [0054]-[0055]; i.e. determining whether the URL request is permitted based on a policy module), to retrieve the file responsive to the request to extract second locale information from the file, the second locale information indicating a source of the file, the source including at least one of a geographic location, a business location, a residence location, an author, and a machine (FIG. 3 &11, ¶ [0054], [0062]-[0063]; i.e. parsing the returned webpage and identifying URL links and comparing each URL link or item of content to the URL/content database wherein the URL indicating the website or the source of the web page), and to analyze the information from the request and the file responsive to the request to detect whether the file includes restricted content based on one or more locale restrictions of the management policy (FIG. 3, ¶ [0055]-[0056], [0062]-[0063]; i.e. analyzing the outgoing URL request and the content of the page returned in response to the URL request to identify malicious information).
Hubbard does not explicitly discloses analyzing the first locale information specifying the first location from the request comparatively with the second locale information extracted from the file responsive to the request.
However, Hiroshi discloses analyzing the first locale information specifying the first location from the request comparatively with the second locale information extracted from the file responsive to the request (FIG. 1 & 3, page 4, ¶ 4, “FIG. 3 shows…The web page information table G122(U242) stores information related to appearance information on the screen in association with the address of the regular web page based on an input/registration instruction from the user terminal U1 (or (U2). In this embodiment, the address G1221 (U2421) and link information G1222 (U2422) to the storage location of appearance information data in which the web page is made one appearance information”; i.e. the gateway G1 receives an input or request for a webpage from user U1 or U2 and stores the address and/or link to the storage location of the webpage. Pages 5 - 6 “when the communication unit G11 receives information from the communication network N2 (S307), it is determined whether the control unit G15 has received a web page (S308)…If the control means G15 determines that the web page is received (Y in S308), the comparison means G13 converts the format of this web page into the same format of this web page into the same format as the web page appearance information G123 stored in the information storage means G12 (S309). Then, it is determined whether there is something with a high degree of similarity in appearance compared to the web page appearance information G123 stored in the information storage means G12 (S310)”.  Page 6, ¶ 4 “…Referring to S310, an address G1221 corresponding to the file name G1222 of the web page appearance information G123 determined to have a high degree of similarity is acquired, and compared with the address of the received web page to determine whether the addresses are the same.  (S313) If the addresses are the same (Y in S313), the web page is a regular web page, so the process proceeds to S315…”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Hiroshi’s teaching into Hubbard in order to determine at the time of a connection or in real-time whether the website that a user requests is a legitimate website to prevent authentication information from being stolen (Hiroshi, page 2).
Claims 27 and 30 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Hubbard et al. (US 2008/0133540 hereinafter Hubbard) in view of Hiroshi and further in view of Sinn et al. (US 2009/0064335 hereinafter Sinn).
Regarding claim 27, Hubbard in view of Hiroshi discloses the method of claim 23.
Hubbard in view of Hiroshi does not explicitly disclose further comprising executing the scanning facility on the client.
However, Sinn discloses executing the scanning facility on the client (¶ [0018], [0056]).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Sinn’s teaching into Hubbard in view of Hiroshi in order to provide effective ways of detecting, preventing and handling malicious information in real-time (Sinn, ¶ [0002]-[0004]). 
Regarding claim 30, Hubbard in view of Hiroshi discloses the method of claim 23.
Hubbard in view of Hiroshi does not explicitly disclose further comprising when the content item includes restricted content, performing a remedial action on the client in response to the restricted content.
However, Sinn discloses when the content item includes restricted content, performing a remedial action on the client in response to the restricted content (¶ [0018], [0043]).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Sinn’s teaching into Hubbard in view of Hiroshi in order to provide effective ways of detecting, preventing and handling malicious information in real-time (Sinn, ¶ [0002]-[0004]). 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHI D NGUY whose telephone number is (571)270-7311.  The examiner can normally be reached on Monday-Friday 9-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-270-8311.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/C.D.N/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435