The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is in response to the communication filed on 08/11/2022. Claims 1-27 were pending in the application.  Claims 1-2, 5-10, 13-18 and 21-27 have been allowed. Claim 1, 9 and 17 are independent claims. Claims 3-4, 11-12, 19-20 are cancelled.
Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. Authorization for this examiner’s amendment was given in a telephone conversation with Michael Albaneze on August 19th, 2022 followed by an e-mail.
The application has been amended as follows: 

1.  (Currently Amended) A computer system comprising:
	a memory; and
	at least one processor coupled to the memory and configured to:
recognize a user input field of a web site displayable in a browser, the web site identified as a security risk based on a whitelist of web site addresses, wherein the web site is displayable in a first security context;
	determine that a sequence of characters within the user input field matches one or more entries in a list of partial passwords in response to the web site being identified as a security risk, wherein the list of partial passwords is an enumeration of all combinations of sub-strings of a user credential that excludes a number of characters, wherein the number of characters excluded from the enumeration of the all combinations of sub-strings of the user credential in the list of partial passwords is set to a difference between a length of the user credential and a threshold count of entered characters;
	obtain the user credential in a second security context, the second security context separate from the first security context such that the second security context prevents receipt of user input by the web site;
	authenticate the user credential with a rule server;
	obtain the whitelist of web site addresses from the rule server in response to the authentication; 
	obtain the list of partial passwords from the rule server in response to the authentication, wherein the one or more entries in the list of partial passwords are encrypted;
	encrypt the sequence of characters;
	compare the encrypted sequence of characters to the one or more encrypted entries in the list of partial passwords to find a match; and
	prevent the user from entering additional characters into the user input field in response to the determination, to block receipt of the user credential by the web site.

2.  (Original) The computer system of claim 1, wherein the at least one processor is further configured to perform the determination in response to a count of characters in the sequence of characters exceeding a threshold.

3.  (Cancelled)

4.  (Cancelled)

5.  (Original) The computer system of claim 1, wherein the at least one processor is further configured to provide a warning to the user in response to the determination.

6.  (Original) The computer system of claim 1, wherein the web site addresses are uniform resource locators.

7.  (Original) The computer system of claim 1, wherein the partial password is a sub-string of the user credential that excludes one or more characters.

8.  (Original) The computer system of claim 1, wherein the at least one processor is further configured to delete characters within the user input field in response to the determination.

9.  (Currently Amended) A method of securing user credentials comprising: 
	recognizing, by a computer system, a user input field of a web site displayable in a web browser, the web site identified as a security risk based on a whitelist of web site addresses, wherein the web site is displayable in a first security context;
	determining, by the computer system, that a sequence of characters within the user input field matches one or more entries in a list of partial passwords in response to the web site being identified as a security risk, wherein the list of partial passwords is an enumeration of all combinations of sub-strings of a user credential that excludes a number of characters, wherein the number of characters excluded from the enumeration of the all combinations of sub-strings of the user credential in the list of partial passwords is set to a difference between a length of the user credential and a threshold count of entered characters; 
	obtaining, by the computer system, the user credential in a second security context, the second security context separate from the first security context such that the second security context prevents receipt of user input by the web site;
	authenticating, by the computer system, the user credential with a rule server;
	obtaining, by the computer system, the whitelist of web site addresses from the rule server in response to the authentication; and
	obtaining, by the computer system, the list of partial passwords from the rule server in response to the authentication, wherein the one or more entries in the list of partial passwords are encrypted;
	encrypting, by the computer system, the sequence of characters;
	comparing, by the computer system, the encrypted sequence of characters to the one or more encrypted entries in the list of partial passwords to find a match; and
	preventing, by the computer system, the user from entering additional characters into the user input field in response to the determination, to block receipt of the user credential by the web site.

10.  (Original) The method of claim 9, wherein the determining is performed in response to a count of characters in the sequence of characters exceeding a threshold.

11.  (Cancelled)

12.  (Cancelled)

13.  (Original) The method of claim 9, further comprising providing a warning to the user in response to the determination.

14.  (Original) The method of claim 9, wherein the method is executed by a plug-in associated with the web browser.

15.  (Original) The method of claim 9, wherein the web site addresses are uniform resource locators.

16.  (Original) The method of claim 9, wherein the partial password is a sub-string of the user credential that excludes one or more characters.

17.  (Currently Amended) A non-transitory computer readable medium storing executable sequences of instructions to secure user credentials, the sequences of instructions comprising instructions to: 
	recognize a user input field of a web site displayable in a web browser, the web site identified as a security risk based on a whitelist of web site addresses, wherein the web site is displayable in a first security context;
	determine that a sequence of characters within the user input field matches one or more entries in a list of partial passwords in response to the web site being identified as a security risk, wherein the list of partial passwords is an enumeration of all combinations of sub-strings of a user credential that excludes a number of characters, wherein the number of characters excluded from the enumeration of the all combinations of sub-strings of the user credential in the list of partial passwords is set to a difference between a length of the user credential and a threshold count of entered characters;
	obtain the user credential in a second security context, the second security context separate from the first security context such that the second security context prevents receipt of user input by the web site;
	authenticate the user credential with a rule server;
	obtain the whitelist of web site addresses from the rule server in response to the authentication; 
	obtain the list of partial passwords from the rule server in response to the authentication, wherein the one or more entries in the list of partial passwords are encrypted;
	encrypt the sequence of characters;
	compare the encrypted sequence of characters to the one or more encrypted entries in the list of partial passwords to find a match; and
	prevent the user from entering additional characters into the user input field in response to the determination, to block receipt of the user credential by the web site.

18.  (Original) The computer readable medium of claim 17, wherein the sequences of instructions further include instructions to perform the determination in response to a count of characters in the sequence of characters exceeding a threshold.

19.  (Cancelled)

20.  (Cancelled)

21.  (Original) The computer readable medium of claim 17, wherein the sequences of instructions further include instructions to provide a warning to the user in response to the determination.

22.  (Original) The computer readable medium of claim 17, wherein the sequences of instructions are included in a plug-in associated with the web browser.

23.  (Original) The computer readable medium of claim 17, wherein the web site addresses are uniform resource locators.

24.  (Original) The computer readable medium of claim 17, wherein the partial password is a sub-string of the user credential that excludes one or more characters.

25.  (Original) The computer readable medium of claim 17, wherein the sequences of instructions further include instructions to delete characters within the user input field in response to the determination.

26.  (New) The computer system of claim 1, further comprising a virtual desktop and/or a virtual application, wherein the user credential comprises a password that provides access to the virtual desktop and/or virtual application.

27.  (New) The computer system of claim 1, wherein the authentication further comprises providing, by the at least one processor, a token to the rule server, wherein the token is based on a password which is different from the user credential.


EXAMINER’S REASONS FOR ALLOWANCE
Claims 1-2, 5-10, 13-18, 21-27 are allowed. Claims 3-4, 11-12 and 19-20 are cancelled. The following is an examiner’s statement of reasons for allowances:   
The Applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). The grounds of claim rejection was reconsidered and withdrawn based on the substance of applicant’s amendments, remarks and arguments (see remarks, filed 08/11/2022, page no. 8-10), as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
The prior art of record Soghoian (US Patent No 8,220,047 B1) teaches the untrusted electronic document may use other types of deceptive messages and may request other types of private information from the user. If the user discloses the private information in response to the untrusted electronic document, the phisher may then use the private information to fraudulently gain access to the user's account.
But none of the reference mentioned above teaches “obtaining, by the computer system, the user credential in a second security context, the second security context separate from the first security context such that the second security context prevents receipt of user input by the web site; authenticating, by the computer system, the user credential with a rule server; obtaining, by the computer system, the whitelist of web site addresses from the rule server in response to the authentication; and obtaining, by the computer system, the list of partial passwords from the rule server in response to the authentication, wherein the one or more entries in the list of partial passwords are encrypted; encrypting, by the computer system, the sequence of characters; comparing, by the computer system, the encrypted sequence of characters to the one or more encrypted entries in the list of partial passwords to find a match”.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F, 8 am to 5 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/WASIKA NIPA/           Primary Examiner, Art Unit 2433