Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/03/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-4, 8-11 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Hu et al., “Collaborative Privacy for Web Applications”, 10 January 2019, hereinafter “Hu”, in view of Burns et al. (US8621621B1), hereinafter “Burns”, and further in view of Boodman et al. (US8,200,962), hereinafter “Boodman”.
Regarding claim 1, Hu discloses:
A computer-implemented method (Hu pp. 3-12, sections III-VI), comprising:
establishing a code package (Hu page 4, left column, see “Fig. 1 Injection Template” showing a general template; and also, Hu page 4, right column, see “Fig. 2. Outgoing data interception and modification” for a more specific snippet to redefine an XMLHttpRequest.send method) to be injected into a web page, wherein the code package comprises at least one element (Hu page 4, left column, see Fig. 1’s “…documentElement…” code entry), wherein the at least one element includes a first script (Hu page 4, left column, within the paragraph beginning as “As a general template, …” and within the two additional paragraphs thereafter, “…The script modeled in Figure 1 can be injected into a web page, before the DOM is constructed, …we combine two payload injections, …Outgoing Payload …script that overwrites XMLHttpRequest.send [and] ….Incoming Payload …script that overwrites XMLHttpRequest.open”; the Outgoing Payload script is depicted in Hu Fig. 2) 
injecting the at least one element to the web page (Hu page 4, left column, see “2) Outgoing Payload: The outgoing interception payload …injects a JavaScript snippet similar to that in Figure 2 into the DOM….”) to execute the first script, wherein an execution of the first script comprises generating a script element (Hu page 4, left column, see “2) Outgoing Payload: The outgoing interception payload …injects a JavaScript snippet similar to that in Figure 2 into the DOM …this snippet redefines the XMLHttpRequest.send method,….”) which comprises one or more secrets (Hu page 4, left column, see “2) Outgoing Payload: The outgoing interception payload queries the user for an encryption key…”; and see also, Hu page 4, right column, within “Fig. 2. Outgoing data interception and modification”, see “encrypt_algorithm(outgoing_data new-entered-chars, key)”);
appending the script element to the web page (Hu page 4, left column, see “2) Outgoing Payload: The outgoing interception payload …injects a JavaScript snippet similar to that in Figure 2 into the DOM of the underlying page (injecting into an underlying page is interpreted as appending to the underlying page); and

Hu does not disclose, but Burns (also in the browser injection art) teaches that executing browser executing security content at a specific (e.g., preferred) timing (e.g., at a beginning of content) is advantageous.   As a result of such teaching, it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Hu’s arrangement to have security content “…to be executed before executing a code of the web page”.  Regarding support, Burns (Burns column 7, line 67 to column 8, line 4) teaches an arrangement  “…inserting the security content at or near the top of web page 7108 may ensure that the security content is executed prior to the malicious content, thereby providing the security content to establish a safe execution environment for detecting the malicious code without permitting the malicious content to harm computing device 210.”    Motivation for modifying would have been to (Burns column 7, line 67 to column 8, line 2) better “…ensure that the security content is executed prior to the malicious content, thereby providing …a safe execution environment....”.
Hu and Burns do not disclose, but Boodman (also directed to the browser extension art) teaches a browser extension arrangement which inserts and later deletes a browser extension’s “script element” from a web page.  As a result, it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Hu’s to include an arrangement for “deleting the script element from the web page”.   Regarding support, while Hu’s browser extension runs (Hu page 1, right column, first full paragraph) an encryption mechanism to encrypt outgoing data and decrypt incoming data while remaining transparent to the user, Boodman similarly teaches (column 6, lines 12-19) that a browser extension may include “…a long-running script to manage some task or state (often without being displayed to the user 190)…”, and where “…’content_scripts’ include a script (e.g., JavaScript, etc.) that are executed within the context of another web page…”; regarding “deleting the script element”,  Boodman even further teaches (Boodman column 15, lines 23-32) “…Upon becoming aware that the browser extension 132 has terminated, the web browser 124 may restore or alter its functionality to the same state as if the browser extension 132 had not been loaded or executed. … In various embodiments, any altered web pages (e.g., web page 182) may not be re-rendered until the web page is explicitly re-loaded…”.  The Office’s position is that a re-loading of the web page would overwrite (and thus delete) any previous “script element” additions and/or alterations to the web page, as were made previously by the browser extension.  Motivation for modifying would have been (Boodman column 15, lines 25-26) to “…restore or alter its functionality to the same state as if the browser extension 132 had not been loaded or executed.
Claim 8’s medium-type claim corresponds to claim 1’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
Claim 15’s system-type claim corresponds to claim 1’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
As per claim 2, Hu, Burns and Boodman rendered the method of base claim 1 obvious as detailed above.  Hu further discloses that blocks of Unicode characters that are used in Hu’s secret “substitution cipher” are produced using a random number generator.  Accordingly, it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, via Hu’s disclosure, for a Hu/Burns/Boodman combination having been arranged “…wherein the one or more secrets are generated by a random number generator”.   Regarding support, Hu page  6, right column, within the paragraph which begins with “As an example…”, see “…a pseudorandom number generator (PRNG) that produces a permutation of the Unicode characters…”.   It is noted that features disclosed by the primary Hu reference would have been included ab initio within the recited combination upon consideration of the primary reference.
Claim 9’s medium-type claim corresponds to claim 2’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
Claim 16’s system-type claim corresponds to claim 2’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
As per claim 3, Hu, Burns and Boodman rendered the method of base claim 1 obvious as detailed above.  Hu further discloses communication and handler subject matter relevant to Applicant’s claim 3 features/limitations, wherein it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, via Hu’s disclosure, for a Hu/Burns/Boodman combination having been arranged as “…further comprising: receiving one or more communication elements in response to the one or more secrets; and attaching a handler to the one or more communication elements”.  Regarding support, Hu discloses: (Hu page 1, right column, first full paragraph) an “…encryption layer between clients and providers that cryptographically protects user data…”; (Hu page 2, left column, second full paragraph) “…a robust mechanism for encrypting/decrypting user data within collaborative environments that utilize the XMLHttpRequest API…”; regarding Hu’s “encryption interface” and specifically the outgoing payloads (Hu page 4, left column, last paragraph)  states a “…snippet redefines the XMLHttpRequest.send method, [and] the new method is subsequently applied to all XMLHttpRequest uses and is executed every time XMLHttpRequest.send is called”; and, further regarding Hu’s “encryption interface” and specifically the incoming payloads, Hu (Hu page 4, right column, second last full paragraph) states “…our redefinition of the getter function of this property allows the Server-stored ciphertext to be intercepted and decrypted into plaintext before being displayed”.  Under a broadest reasonable interpretation (BRI) of the claim element “communication elements”, Hu’s XMLHttpRequests are being imperpreted as a communication element.  Further, under a BRI of the claim element “handler”, Hu’s “encryption interface”, “XMLHttpRequest.send” and/or “getter method” are being interpreted as a handler.     It is noted that features disclosed by the primary Hu reference would have been included ab initio within the recited combination upon consideration of the primary reference.
Claim 10’s medium-type claim corresponds to claim 3’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
Claim 17’s system-type claim corresponds to claim 3’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
As per claim 4, Hu, Burns and Boodman rendered the method of base claims 1 and 3 obvious as detailed above.  Hu further discloses “anonymous” related subject matter relevant to Applicant’s claim 4 features/limitations, wherein it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, via Hu’s disclosure, for a Hu/Burns/Boodman combination to be arranged “…wherein the script element comprises an immediately-invoked anonymous function”.  Regarding support, Hu further discloses that under its encryption interface, (Hu page 12, right column, Conclusions section) “…the user’s data privacy is preserved both during transmission and at rest with the provider.”  Further, regarding outgoing payloads (Hu page 4, left column, last paragraph) states a “…snippet redefines the XMLHttpRequest.send method, [and] the new method is subsequently applied to all XMLHttpRequest uses and is executed every time XMLHttpRequest.send is called”.  It is noted that features disclosed by the primary Hu reference would have been included ab initio within the recited combination upon consideration of the primary reference.
Claim 11’s medium-type claim corresponds to claim 4’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
Claim(s) 5-7, 12-14 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hu et al., “Collaborative Privacy for Web Applications”, 10 January 2019, hereinafter “Hu”, in view of Burns et al. (US8621621B1), hereinafter “Burns”, further in view of Boodman et al. (US8,200,962), hereinafter “Boodman”, and still further in view of Hernandez et al. (EP3614292A1), hereinafter “Hernandez”.
As per claim 5, Hu, Burns and Boodman rendered the method of base claims 1 and 3 obvious as detailed above.  Hu further teaches “anonymous” subject matter relevant to Applicant’s claim 5 features/limitations, wherein it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Hu’s arrangement to include “further comprising: generating a channel for a message communication with the web page by using the one or more communication elements attached with the handler”.  Hu does not disclose, but Hernandez teaches (including with respect to browser implementations) that (Hernandez, para. [0003]) “…A link is created between a first and a second party. The links include the conditions under which a communication channel can be established with the second party for the transportation of data of the first party via the link. The conditions may include conditions of timing and/or usage. …A communications channel is established between the first and second parties based upon the link to transport data associated with the first party. Either of first or second parties may initiate establishment of the communications channel.”  Motivation for modifying would have been to (Hernandez para. [0003]) better establish a link customized with conditions of at least one of the parties to the communications link/channel.
Claim 12’s medium-type claim corresponds to claim 5’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
Claim 18’s system-type claim corresponds to claim 5’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
As per claim 6, various combinations of Hu, Burns, Boodman and Hernandez rendered the method of base claims 1, 3 and 5 obvious as detailed above.  Hu does not disclose, but Hernandez teaches (including with respect to browser implementations) various communication, vector, encrypting and channeling subject matter relevant to the features/limitations of claim 6, wherein it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Hu’s arrangement to include an arrangement “…wherein the message communication comprises: generating an initialization vector; encrypting a message by using the initialization vector and the one or more secrets; and sending the message using the channel”.  Regarding support, Hernandez teaches (Hernandez, para. [0038]) “…Encryption unit 120 can use various encryption methods. For example, encryption unit 120 may use a block cipher for encryption. For example, the block cipher may be used together with an initialization vector. The initialization vector may be stored together with the encrypted file, e.g., by prepending it. Alternatively, the initialization vector may be stored in the manifest…”.  Motivation for modifying would have been to utilize an enhanced encryption method as taught by Hernandez para. [0038], e.g., to prevent an attacker from decrypting any data even with a stolen secret (e.g., encryption key), as the attacker still would not have the initialization vector.
Claim 13’s medium-type claim corresponds to claim 6’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
Claim 19’s system-type claim corresponds to claim 6’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
As per claim 7, various combinations of Hu, Burns, Boodman and Hernandez rendered the method of base claims 1, 3 and 5 obvious as detailed above.  Hernandez further teaches subject matter relevant to the various features of Applicant’s claim 7 features/limitations, wherein it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Hu’s arrangement to include Hernandez’s teachings to result in an arrangement “…wherein the message communication comprises: receiving a message from the web page using the channel; identifying the handler in the one or more communication elements; decrypting the message by identifying an initialization vector and the one or more secrets, wherein the initialization vector is generated by an injected code which is created when executing the first script; and processing the message when the initialization vector is identified.”  Regarding support, as set forth previously within claim 3 discussions, Hu’s “encryption interface”, “XMLHttpRequest.send” and/or “getter method” are encompassed within a BRI of the claim element “handler”.  Hernandez teaches (including with respect to browser implementations) that (Hernandez, para. [0089]) “…the first party may send the information to the second party via a confidential, and optionally authenticated channel.”  Hernandez further teaches (Hernandez paragraph [0081] ”To encrypt a file, the first party may derive a bkey-bit encryption key and a biv-bit initialization vector for that file…”.  Hernandez’s “encryption key” represents a secret, which is used together with Hernandez’s “initialization vector” for encryption.  If Hernandez’s file is encrypted using the “encryption key” secret and “initialization vector”, it is necessarily so that Hernandez’s file is decrypted using the “encryption key” secret and “initialization vector”.  Motivation for modifying would have been to utilize an enhanced encryption method as taught by Hernandez para. [0038], e.g., to prevent an attacker from decrypting any data even with a stolen secret (e.g., encryption key), as the attacker still would not have the initialization vector.
Claim 14’s medium-type claim corresponds to claim 7’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
Claim 20’s system-type claim corresponds to claim 7’s method-type claim, and is therefore rejected with the same rationale and motivation as applied above.
Conclusion
The prior art made of record and listed on the attached Form PTO-892 not relied upon is considered pertinent to applicant's disclosure.  For example, some Form PTO-892-listed references include:
Colton et al. (US2013041986A1) relates to development of Web-sites and Web-applications, and more specifically, relates to JavaScript proxies and meta-proxies.
Chauhan (US20200153818A1) relates to systems and methods for redirection of launch requests for local applications to corresponding remote applications.
Qureshi (US20140298403A1) relates to computer hardware and software for providing mobile device management functionalities.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PAUL J SKWIERAWSKI whose telephone number is (571)272-2642. The examiner can normally be reached M-F 8:00am-4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Supervisory Primary Examiner (SPE) YIN-CHEN SHAW can be reached on (571)272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like 
assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Paul Skwierawski/
Examiner, Group Art Unit 2498

/JOHN B KING/              Primary Examiner, Art Unit 2498