DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1-20 are pending and have been examined.

Claim Rejections - 35 USC § 103
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


5.	The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

6.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

7.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Amrutkar et al., US 2015/0067,853, Yang et al., US 11,194,914 and Official Notice taken as detailed infra.

	As for claim 1, Amrutkar teaches a system for computer security of a computer-based device (abstract), the system comprising:
	a device protected by the system for computer security (abstract, [0037]); 
	software running on the device ([0007], [0047], [0125]) detects an attempt to run a script in a browser ([0008]: system detects noscript content in an accessed webpage, [0057]: system detects JavaScript in code of an accessed webpage. The presence of noscript or JavaScript content in the webpage code reads on an attempt to run a script in a browser) and responsive to the attempt to run the script in the browser, the software running on the device scans the script to determine if the script contains an infinite alert ([0008], [0024]: system scans for and extracts for analysis things such as API calls, keywords, and noscript content) and,
	if the script contains the infinite alert, the software running on the device prevents execution of the script ([0110]: If a webpage at a URL is found to contain potentially malicious script, loading of the webpage, reading on execution of the script, is blocked and a warning message is displayed to the user), if the script does not contains the infinite alert, the software running on the device allows execution of the script ([0110]: if a webpage is found to be benign according to kAYO, the system allows the webpage to be rendered in the browser, reading on allowing execution of the script).
 	Yang teaches the additional features not taught by Amrutkar wherein, while the script runs, the software running on the device monitors calls to one or more browser functions and analyzes calls made to the one or more browser functions and if the calls made to the one or more browser functions indicate that the scrip contains the infinite alert, the software running on the device kills the script (fig. 1, col. 3 line 64 through 4 line 2: hooking is used by the system to intercept function calls, col. 5 lines 8-10 and 25-30: system scans and detects security issues at runtime, col. 5 lines 35-41: system records all JavaScript events including calls to a function stack, col. 6 lines 28-32: system may force termination of the JavaScript if security issues are detected. Fig. 3, col. 8 lines 33-60: JavaScript is allowed to execute and issue API calls, the API invocations are used to generate a JavaScript execution trace, the trace is analyzed for security issues, col. 9 lines 25-30: system may disable the JavaScript code if a security issue is detected.) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have incorporated this feature into the invention of Amrutkar. It would have been desirable to do so since the use of dynamic analysis of function calls would enhance the ability of Amrutkar’s system to detect malicious script and reduce false positive results.
	As for claim 2, the combination of Amrutkar and Yang teaches the system of claim 1. Amrutkar teaches the additional features wherein the software running on the device scans the script to determine if the script contains the infinite alert by looking for toll free numbers in the script ([0066]: specific phone numbers are scanned for as a part of the kAYO feature set.)

	As for claim 3, the combination of Amrutkar and Yang teaches the system of claim 1. Amrutkar teaches the additional features wherein the software running on the device scans the script to determine if the script contains the infinite alert by looking for specific keywords in the script ([0080]: specific keywords such as “Bank” or “Login” are scanned for).

	As for claim 4, the combination of Amrutkar and Yang teaches the system of claim 3. Official Notice may be taken that the feature not explicitly taught by the combination wherein the specific keywords are one or more keywords from the group consisting of “Support,” “Microsoft,” and “Tech Support” is a feature that is old and well known to one of ordinary skill in the art. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have incorporated this feature into the invention represented by the combination. It would have been desirable to do so since scanning for these specific keywords would enhance the effectiveness of the combination by way of detecting keyword commonly used by phishing websites.
	As for claim 5, the combination of Amrutkar and Yang teaches the system of claim 1. Amrutkar teaches the additional features wherein, wherein the script is a JavaScript ([0073]: embedded JavaScript code is detected).

	As for claim 6, the combination of Amrutkar and Yang teaches the system of claim 1. Amrutkar teaches the additional features wherein after the software running on the device prevents the execution of the script, the software running on the device presents a message and waits for an acknowledgment of the message ([0110]: If a webpage at a URL is found to contain potentially malicious script, loading of the webpage, reading on execution of the script, is blocked and a warning message is displayed to the user, the user may by given the option to load the webpage, reading on execution of the script).

	As for claim 7, the combination of Amrutkar and Yang teaches the system of claim 1. Yang teaches the feature where calls to browser functions are monitored (fig. 3, col. 8 lines 33-60: JavaScript is allowed to execute and issue API calls, the API invocations are used to generate a JavaScript execution trace, the trace is analyzed for security issues). The combination of Amrutkar and Yang does not explicitly teach the feature wherein the one or more browser functions comprises a function to issue an alert, a function to enter full-screen mode, and a function to increase a system volume level. However, Official Notice may be taken that this feature is old and well known to one of ordinary skill in the art.  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have incorporated this feature into the invention represented by the combination. It would have been desirable to do so since scanning for these specific browser functions would enhance the effectiveness of the combination by way of detecting browser functions commonly used by phishing websites.

	As for claims 8-14, these claims are drawn to the method tat corresponds to the device of claims 1-7. Claims 8-14 recite substantially the same limitations as claims 1-7 and are rejected on the same basis.

	As for claims 15-20, these claims are drawn to the computer program embodied in a tangible computer-readable medium that corresponds to the device of claims 1-7. Claims 15-20 recite substantially the same limitations as claims 1-7 and are rejected on the same basis.

Conclusion
8.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Paul E. Callahan whose telephone number is (571) 272-3869.  The examiner presently works a part-time schedule and can normally be reached from 9am to 5pm on the first Monday and Tuesday and the second Thursday and Friday of the USPTO bi-week schedule.
The examiner’s email address is: Paul.Callahan1@USPTO.GOV
If attempts to reach the examiner by telephone are unsuccessful, the Examiner's supervisor, Kristine Kincaid, can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is: (571) 273-8300.
          Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/PAUL E CALLAHAN/Examiner, Art Unit 2437