DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-7 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter because the claimed device comprises only software components thus lacking at least one hardware element and therefore found to be non-statutory. The system comprises "A system for detecting page impersonation in phishing attacks, comprising: an application programming interface (API) comprising machine-readable program code for causing, when executed, a computer to perform the following process steps”.  Although “a computer” is claimed, a computer could be software only.  Examiner suggests adding that the device comprises a processor and a memory or that the processor is a hardware processor in Claims 1-7 to overcome the rejection under 35 USC 101.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-5, 8-12, and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al., (US 20190104154 A1) hereinafter referred to as Kumar in view of Gupta et al., (US 20140359760 A1) hereinafter referred to as Gupta.
Regarding Claims 1, 8, and 15, Kumar discloses A system for detecting page impersonation in phishing attacks, comprising: an application programming interface (API) comprising machine-readable program code for causing, when executed, a computer to perform the following process steps: automatically analyzing the body of an e-mail message to detect an embedded universal resource locator (URL); automatically extracting the embedded URL; [paragraph 0065, the object may be, for example, an email message (email) wherein the content of the email includes a URL. In such an embodiment in which the object is an email, the method 300 may include an optional step of extracting the URL from the email] 
automatically capturing a screenshot of a website referenced by the embedded URL; [paragraph 0066, the method 300 continues analysis of the object by obtaining a screenshot of the webpage to which the URL resolves] 
automatically comparing the captured screenshot with a record screenshot…wherein the record screenshot corresponds a trusted site; [paragraph 0069, which performs an image comparison between the URL screenshot and a screenshot of the webpage corresponding to the feature vector having the highest confidence – the “webpage corresponding to the feature vector having the highest confidence” is the “trusted site”] 
and when the captured screenshot does not match the record screenshot, marking the embedded URL as safe. [paragraph 0070, when the result of the image comparison is greater than or equal to the predefined threshold e.g., indicating a match of the two screenshots meets or exceeds the predefined threshold (yes at block 316), the method 300 determines the subject URL is a phishing URL (block 320) and subsequently generates and issues an alert (block 322) – teaches that when the comparison results in a match, then it is determined that the URL is unsafe. Therefore, the inverse would be true that when the comparison does not match, then the URL is deemed safe]
Kumar does not explicitly teach without any preprocessing of the captured screenshot.
Gupta teaches without any preprocessing of the captured screenshot, [paragraphs 0042-0046, capture visual information and…wherein capturing visual information comprises: rendering the webpage with a pre-defined fixed resolution to provide a rendered webpage; customizing the rendered webpage into a pre-defined fixed format to provide a customized webpage; and taking a snapshot of the customized webpage; compare the visual information…with visual information…of a webpage stored in the webpage database] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Gupta with the disclosure of Kumar. The motivation or suggestion would have been “for protecting computer system user's data against phishing” by providing multiple comparison means. (paragraph 0002)
Regarding Claims 2, 9, and 16, Kumar teaches further comprising: when the captured screenshot matches the record screenshot, determining if a domain of the embedded URL corresponds to a trusted domain. [paragraph 0066, a comparison with one or more entries of a whitelist and/or a comparison with one or more entries of a blacklist – there is a comparison of the extracted URL with entries of a whitelist which are “trusted domains”. Although Kumar teaches that the step of comparing the extracted URL with entries of a whitelist and/or a blacklist is performed before a captured screenshot is compared with a record screenshot, it is reasonable that either the comparison of the URL’s could be done after the screenshot comparisons or in additional to a comparison prior to a screenshot comparison. The reason for this would be a double-check of the extracted URL if the screenshot comparison indicates a possible unsafe URL]
Regarding Claims 3, 10, and 17, Kumar discloses further comprising: when the domain of the embedded URL corresponds to the trusted domain, marking the embedded URL as safe. [paragraph 0066, a comparison with one or more entries of a whitelist and/or a comparison with one or more entries of a blacklist – there is a comparison of the extracted URL with entries of a whitelist which are “trusted domains”. If there is a match to an entry on the whitelist, then the URL would be deemed as benign or “safe”]
Regarding Claims 4, 11, and 18, Kumar discloses further comprising: when the domain of the embedded URL does not correspond to the trusted domain, marking the e-mail message as a page impersonation attempt. [paragraph 0066, a comparison with one or more entries of a whitelist and/or a comparison with one or more entries of a blacklist – there is a comparison of the extracted URL with entries of a whitelist and/or a blacklist. If the URL does not match entries on the whitelist but matches an entry on the blacklist, this URL would be deemed as a “phishing attack” which is a “page impersonation attempt”]
Regarding Claims 5, 12, and 19, Kumar discloses further comprising: a page impersonation database storing data associated with the trusted site, wherein the trusted site data includes: a trusted URL, a trusted domain corresponding to the trusted URL, [paragraph 0066, a comparison with one or more entries of a whitelist and/or a comparison with one or more entries of a blacklist – the whitelist contains trusted URLs and their domains] 
and the record screenshot. [paragraph 0069, The webpage having the highest confidence based OD the analysis using the model is provided to, e.g., the CV image comparator 120 as seen in FIG. 2, which performs an image comparison between the URL screenshot and a screenshot of the webpage corresponding to the feature vector having the highest confidence (block 314) – the “screenshot of the webpage corresponding to the feature vector having the highest confidence” is the “record screenshot”]

Claims 6-7, 13-14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar in view of Gupta, as applied to Claims 1, 8, and 15, respectively, above, and further in view of Pam et al., (US 20140215626 A1) hereinafter referred to as Pam.
Regarding Claims 6 and 13, the combination of Kumar and Gupta does not explicitly teach further comprising: receiving a URL designating a contributed site from a user; and storing the contributed site in the page impersonation database.
Pam teaches further comprising: receiving a URL designating a contributed site from a user; and storing the contributed site in the page impersonation database. [paragraph 0042, If the user suspects the document (e.g., web page) as being a spoofed or fraudulent page, the user may report this to the fraud tracking system 12 using the toolbar (e.g., clicking on a link or icon)] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Pam with the disclosures of Kumar and Gupta. The motivation or suggestion would have been “for tracking fraudulent activities related to spoof sites in a network-based commerce system” (paragraph 0002), and observed by a user (paragraph 0042).
Regarding Claims 7 and 14, the combination of Kumar and Gupta does not explicitly teach further comprising: automatically capturing a screenshot of the contributed site; and storing the screenshot for the contributed site in the page impersonation database.
Pam teaches further comprising: automatically capturing a screenshot of the contributed site; and storing the screenshot for the contributed site in the page impersonation database. [paragraph 0049, a screen shot of the actual document, or web page, is captured and stored with the spoof site tracking record 84] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Pam with the disclosures of Kumar and Gupta. The motivation or suggestion would have been “for tracking fraudulent activities related to spoof sites in a network-based commerce system” (paragraph 0002), and observed by a user (paragraph 0042).
Regarding Claim 20, the combination of Kumar and Gupta does not explicitly teach wherein the process steps further comprise: receiving a URL designating a contributed site from a user; automatically capturing a screenshot of the contributed site; and storing the contributed site and the screenshot of the contributed site in the page impersonation database.
Pam teaches wherein the process steps further comprise: receiving a URL designating a contributed site from a user; [paragraph 0042, If the user suspects the document (e.g., web page) as being a spoofed or fraudulent page, the user may report this to the fraud tracking system 12 using the toolbar (e.g., clicking on a link or icon)] 
automatically capturing a screenshot of the contributed site; [paragraph 0049, a screen shot of the actual document, or web page, is captured] 
and storing the contributed site and the screenshot of the contributed site in the page impersonation database. [paragraph 0049, and stored with the spoof site tracking record 84]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Pam with the disclosures of Kumar and Gupta. The motivation or suggestion would have been “for tracking fraudulent activities related to spoof sites in a network-based commerce system” (paragraph 0002), and observed by a user (paragraph 0042).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923. The examiner can normally be reached M-F 10am-6pm CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ANDREW J STEINLE/Primary Examiner, Art Unit 2497