Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Office Action is in response to the instant Application 17/141,685 filed on 1/5/2021. Claims 1-20 are pending. This Office Action is Non-Final.

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 1/5/2021, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-4, 7 and 12-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sebesta (US 2020/0092333) in view of Chien  (US 2009/0064337).

	As per claim 1, Sebesta teaches a computing platform, comprising: at least one processor; a communication interface communicatively coupled to the at least one processor; and memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to (Sebesta, Paragraph 0018 recites “The UE 101 can further include, for example, coupled to the UI 102 and display 103, a programmable processor device (not separately visible in FIG. 1) coupled to a memory device (not separately visible in FIG. 1) that can store processor executable instructions that, when executed, can configure the processing device to implement function blocks, and perform processes and operations thereof.”):
	send, via the communication interface, to a browser extension on a computing device, rule information including a set of rules defining reportable behavior of network traffic associated with a website (Sebesta, Paragraph 0036 recites “The browser application 104 can then implement the CSR RPT logic 117 according to the received CSR 113” The browser application would read on the browser extension. And the contest source rule (CSR), will have been received from the server.),
	receive, via the communication interface, from the browser extension on the computing device, report information, wherein the report information includes an identification of a loaded web page associated with the website that exhibits the reportable behavior defined by at least one rule of the set of rules in the rule information and an indication of which rules of the set of rules have been met (Sebesta, Paragraph 0036 recites “If a malicious extension tries to manipulate the browser application 104 constructed DOM of the victim application page from 108, the rules established by the CSR 113 can block the attempt and send the CSR VRPT report to, for example, the CSRV engine 118 supported by the second server 119.”).
	But fails to teach based on receiving the report information, assign a risk score for the identified loaded web page; determine that the risk score is above a predetermined threshold; and in response to determining that the risk score is above the predetermined threshold, send, via the communication interface, to the browser extension on the computing device, one or more commands directing the browser extension on the computing device to close the identified loaded web page.
	However, in an analogous art Chien teaches based on receiving the report information, assign a risk score for the identified loaded web page (Chien, Paragraph 0025 recites “In one implementation, the heuristic engine 406 aggregates these scores for the object properties for each web page to represent a collective risk level for the web page.”);
	determine that the risk score is above a predetermined threshold; and in response to determining that the risk score is above the predetermined threshold, send, via the communication interface, to the browser extension on the computing device, one or more commands directing the browser extension on the computing device to close the identified loaded web page (Chien, Paragraph 0025 recites “Then, the heuristic engine 406 compares the aggregated score to an adjustable threshold for each web page. If the aggregated score exceeds the adjustable threshold, then the web page is deemed malicious and the scanning of the source code of the web page terminates.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Chien’s method and apparatus for preventing web page attacks with Sebesta’s content policy based notification of application users about malicious browser plugins because the use of terminating a website based on score would prevent the use of a malicious website.
	
	As per claim 2, Sebesta in combination with Chien teaches the computing platform of claim 1, Chien further teaches wherein assigning the risk score for the identified loaded web page comprises evaluating a combination of rules of the set of rules indicated as being met (Chien, Paragraph 0025 recites “In one implementation, the heuristic engine 406 aggregates these scores for the object properties for each web page to represent a collective risk level for the web page.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Chien’s method and apparatus for preventing web page attacks with Sebesta’s content policy based notification of application users about malicious browser plugins because the use of terminating a website based on score would prevent the use of a malicious website.

	As per claim 3, Sebesta in combination with Chien teaches the computing platform of claim 1, Chien further teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: cause the browser extension on the computing device to monitor the network traffic to and from the website (Chien, Paragraph 0032 recites “The network device 800 is configured to couple to a network 814 and also one or more client computers. Thus, all network traffic between the client computers and the network 814 travels through the network device 800.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Chien’s method and apparatus for preventing web page attacks with Sebesta’s content policy based notification of application users about malicious browser plugins because the use of terminating a website based on score would prevent the use of a malicious website.
	
	As per claim 4, Sebesta in combination with Chien teaches the computing platform of claim 1, Chien further teaches wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website exhibits a similarity to a known or suspected malicious behavior defined as a reportable behavior by the set of rules (Chien, Paragraph 0025 recites “For instance, suppose a particular type of an anomaly is assumed to be of high risk and thus is initially assigned a high score. However, through field testing, suppose this anomaly is later found to be benign or less risky than other anomalies. Then, the score can be adjusted to reflect this changed circumstance. Similarly, the threshold can be adjusted, if the heuristic engine 406 wrongly labels too many web pages to be malicious.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Chien’s method and apparatus for preventing web page attacks with Sebesta’s content policy based notification of application users about malicious browser plugins because the use of terminating a website based on score would prevent the use of a malicious website.

	As per claim 7, Sebesta in combination with Chien teaches the computing platform of claim 1, Chien further teaches wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is sending data over hypertext transfer protocol (HTTP) (Chien, Paragraph 0021 recites “ Throughout this disclosure, various terms relating to the Internet and network related technologies are used, such as Hypertext Markup Language ("HTML"), Hypertext Transfer Protocol ("HTTP"), Uniform Resource Locator ("URL"), Transmission Control Protocol (TCP)/Internet Protocol (IP), and Network Address Translation ("NAT"). ”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Chien’s method and apparatus for preventing web page attacks with Sebesta’s content policy based notification of application users about malicious browser plugins because the use of terminating a website based on score would prevent the use of a malicious website.

	As per claim 12, Sebesta in combination with Chien teaches the computing platform of claim 1, Sebesta further teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
cause the browser extension on the computing device to load the rule information upon startup of a browser (Sebesta, Paragraph 0036 recites “The browser application 104 can then implement the CSR RPT logic 117 according to the received CSR 113” The browser application would read on the browser extension. And the contest source rule (CSR), will have been received from the server.).
	
	As per claim 13, Sebesta in combination with Chien teaches the computing platform of claim 1, Sebesta further teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: add a rule to or remove a rule from the rule information including the set of rules defining reportable behavior of network traffic associated with the website; and update the rule information based on the addition or removal of the rule (Sebesta, Paragraph 0049 recites “Referring again to FIG. 4, the flow 400 can proceed from 402 to 403 where the web application can update, based on IDI, a CSR associated with the requested web page or requested web application data to include a user identifier, e.g., can update CSR 113 with the above-described web application user ID 115.”).

Regarding claims 14 and 20, claims 14 and 20 are directed to a method and a non-transitory readable medium associated with the system of claim 1. Claims 14 and 20 are of similar scope to claim 1, and are therefore rejected under similar rationale.

	Regarding claim 15, claim 15 is directed to a similar method associated with the system of claim 2 respectively. Claim 15 is similar in scope to claim 2, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 16, claim 16 is directed to a similar method associated with the system of claim 3 respectively. Claim 16 is similar in scope to claim 3, respectively, and are therefore rejected under similar rationale. 
	
	Regarding claim 17, claim 17 is directed to a similar method associated with the system of claim 4 respectively. Claim 17 is similar in scope to claim 4, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 18, claim 18 is directed to a similar method associated with the system of claim 13 respectively. Claim 18 is similar in scope to claim 13, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 19, claim 19 is directed to a similar method associated with the system of claim 12 respectively. Claim 19 is similar in scope to claim 12, respectively, and are therefore rejected under similar rationale. 




Claim(s) 5 and 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sebesta (US 2020/0092333) and Chien  (US 2009/0064337) and in further view of Krig et al. (US 2014/0201528).

	As per claim 5, Sebesta in combination with Chien teaches the computing platform of claim 1, but fails to teach wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is connecting to a server in a high-risk country or area.
	However, in an analogous art Krig teaches wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is connecting to a server in a high-risk country or area (Krig, Paragraph 0025 recites “For example, a connection 130 to a server hosting textual, image, video, or other media or multimedia content may be allowed unless the connection 130 has determined characteristics corresponding to a specific rule to block (such as a connection to or through a blacklisted country) while a connection 130 to a server acting as a tracking server--which attempts to track the behavior of individual computer users across multiple web pages or web sites--may be blocked, or the user may be asked whether to block, unless the tracking server or tracking servers appear on a whitelist of allowed tracking servers.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Krig’s techniques to monitor connection paths on networked devices with Sebesta’s content policy based notification of application users about malicious browser plugins because the use monitoring connections to high risk locations to prevent any loss of data.

	As per claim 6, Sebesta in combination with Chien teaches the computing platform of claim 1, but fails to teach wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is sending data to an unexpected or unknown destination.
	However, in an analogous art Krig teaches wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is sending data to an unexpected or unknown destination (Krig, Paragraph 0025 recites “For example, a connection 130 to a server hosting textual, image, video, or other media or multimedia content may be allowed unless the connection 130 has determined characteristics corresponding to a specific rule to block (such as a connection to or through a blacklisted country) while a connection 130 to a server acting as a tracking server--which attempts to track the behavior of individual computer users across multiple web pages or web sites--may be blocked, or the user may be asked whether to block, unless the tracking server or tracking servers appear on a whitelist of allowed tracking servers.” An unknown location would be an obvious variation of blacklisted country).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Krig’s techniques to monitor connection paths on networked devices with Sebesta’s content policy based notification of application users about malicious browser plugins because the use monitoring connections to high risk locations to prevent any loss of data.

Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sebesta (US 2020/0092333) and Chien  (US 2009/0064337) and in further view of Caldwell (US 11,288,359). 

	As per claim 8, Sebesta in combination with Chien teaches the computing platform of claim 1, but fails to teach wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is transmitting information using an unspecified security protocol.
	However, in an analogous art Caldwell teaches wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is transmitting information using an unspecified security protocol (Caldwell, Col. 26 Lines 34-44 recites “ In one embodiment, the trigger that the breach module 304 detects that is indicative of a potential or actual security breach includes detecting a login to the user's account from one of an unknown device, an unknown location, and an unknown internet protocol address; identifying activity associated with the user's account since the last login; identifying changes in the user's account information that were not initiated by the user; receiving one or more electronic messages (e.g., emails, text messages, push notifications, and/or the like) from the one or more websites that indicate a possible security breach; and/or the like.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Caldwell’s Automatic Account Protection with Sebesta’s content policy based notification of application users about malicious browser plugins because the use being able to detect unknown protocols would help ensure data is not breached.

Claim(s) 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sebesta (US 2020/0092333) and Chien  (US 2009/0064337) and in further view of Fong-Jones (US 8,656,465).

	As per claim 9, Sebesta in combination with Chien teaches the computing platform of claim 1, but fails to teach wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is setting cookies with wildcard domains.
	However, in an analogous art Fong-Jones teaches wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is setting cookies with wildcard domains (Fong-Jones, Col. 10 Lines 23-34 recites “For instance, when an application is installed, the user may not be asked to specify permissions of the application. However, at a later time, when the application attempts to access a resource, security client 21 may at that time prompt the user to specify permissions for the resource. In some examples, permissions by default may only extend to a single requested resource, such as a URL, but may be expanded by the user to a domain or wildcard. In some examples, the requesting application may not expand the requested resource to a domain or wildcard.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Fong-Jones’s Userspace Permissions Service with Sebesta’s content policy based notification of application users about malicious browser plugins because the use of being able to specify permissions helps to customize permissions based on particular websites.

Claim(s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sebesta (US 2020/0092333) and Chien  (US 2009/0064337) and in further view of Li et al. (US 2012/0131438).

	As per claim 10, Sebesta in combination with Chien teaches the computing platform of claim 1, but fails to teach wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is using unsafe keywords.
	However, in an analogous art Li teaches wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is using unsafe keywords (Li, Paragraph 0066 recites “When presetting the score for a high risk rule, if the score can be set to a specific value, then a web page with content matching this particular high risk rule may be deemed inappropriate for publishing. For example, a pre-set score of 2 or 1 of a high risk characteristic word represents that the web page content containing the high risk characteristic word is unsafe or unreliable”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Li’s Method And System Of Web Page Content Filtering with Sebesta’s content policy based notification of application users about malicious browser plugins because the use of looking for unsafe words helps to prevent potentially malicious web content.

Claim(s) 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sebesta (US 2020/0092333) and Chien  (US 2009/0064337) and in further view of Bhalla et al. (US 2020/0159525).

	As per claim 11, Sebesta in combination with Chien teaches the computing platform of claim 1, but fails to teach wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is using known vulnerable third-party libraries.
	However, in an analogous art Bhalla teaches wherein receiving the report information from the browser extension on the computing device comprises receiving information indicating that the loaded web page associated with the website is using known vulnerable third-party libraries (Bhalla, Paragraph 0050 recites “Risks can further be introduced in the use of these context repositories, either by incorporation of a vulnerability at the time of development or by use or integration of a dynamic library or portion thereof, wherein a vulnerability is introduced later and awareness of the introduced vulnerability may only be brought to the attention of developers if the software asset workflow identifies and considers the risk of that vulnerable library throughout the software lifecycle”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Bhalla’s automation of task identification in a software lifecycle with Sebesta’s content policy based notification of application users about malicious browser plugins because the use of identifying vulnerable libraries is essential is understanding risk to a system.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

RODERICK . TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439