DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



Information Disclosure Statement

2.	The information disclosure statement (IDS) submitted on 12/29/2020, 7/19/2021, 10/08/2021, 4/13/2022, and 5/23/2022 was filed. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	Claims 1-24 are rejected under 35 U.S.C. 103 as being unpatentable over
Pub.No.: US 2007/0199054 A! to Florencio et al(hereafter referenced as Florencia), in view of Pub.No.: US 2014/0181529 A1 to Joyce, III(hereafter referenced as Joyce).
Regarding claim 1, Florencio discloses “a computer system comprising: a memory; and at least one processor coupled to the memory and configured to: recognize a uniform resource locator (URL) to which a web browser is navigating as a URL for which protection is to be provided”(the phishing detection server component can then obtain its own version directly (e.g., using the URL), and compares the two hashes [par.0013]), “the recognition based on an absence of the URL from a history of visited URLs for which a password has been entered”(in one example, once a URL and/or domain is identified as a non-trusted site, user(s) are not permitted to provide any protected credential at that site [par.0014]); “extract a sequence of characters entered into a website associated with the URL” (a potential credential is received”(at 420, a buffer of key strokes (e.g. sequence of characters entered) actually entered  is examined. [par.0075]), “the extraction performed in response to the recognition; compare an encryption of the extracted sequence of characters to one or more entries in a list of encrypted partial passwords” (at 430, a determination is made at as to whether the potential credential matches the key strokes entered [par.0075]).


Florencio does not explicitly disclose “wherein a character length of the encryption  of the extracted sequence of characters is chosen to match a character length of the encrypted partial passwords ; and perform a security action in response to a match resulting from the comparison”
However, Joyce in an analogous art discloses “wherein a character length of the encryption(encryption module 409) of the extracted sequence of characters is chosen to match a character length of the encrypted partial passwords(plaintext-password-packet 400 is passed to encryption-module 409 Joyce [par.0078])” ; “and perform a security action in response to a match resulting from the comparison” (password match Joyce[Fig.5/item 526]).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Florencio’s phishing detection system which uses a phishing detection server component and compares the two hashes with Joyce’s password verification system in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Florencio teaches a phishing detection system for the purposes of security, Joyce teaches a password verification system to prevent phishing, and both are from the same field of endeavor.
Regarding claim 2 in view of claim 1, the references combined disclose “wherein the list of encrypted partial passwords is generated by detection of passwords provided to visited websites over a selected period of time and encrypting the detected passwords”(protected credential store 140 can be any Suitable or appropriate data store, such as a text file, a database, a linked list, or a data structure. In one example, the protected credential store 140 [par.0035]).

Regarding claim 3 in view of claim 1, the references combined disclose “wherein the list of encrypted partial passwords is generated by obtaining a list of passwords from a web browser database of saved passwords and encrypting the passwords in the obtained list of passwords”(protected credential store 140 can be any Suitable or appropriate data store, such as a text file, a database, a linked list, or a data structure. In one example, the protected credential store 140 [par.0035]).
Regarding claim 4 in view of claim 1, the references combined disclose “wherein the recognition is further based on a match of the URL to an entry in a list of suspect URLs, the list of suspect URLs generated by a URL reputation manager” (A non-limiting list of information PEM300 might use to select from the plurality of cryptographic-secret 306S is comprised of webpage-URL 200, submission-URL 263, data contained within challenge-data-text 264 or an SSL certificate associated with webpage-URL 200 Joyce[par.0163]).
Regarding claim 5 in view of claim 1, the references combined disclose “wherein the at least one processor is further configured to monitor a rate at which the sequence of characters is entered and”(credential component 150 identifies and stores credential(s) in the protected credential Store 140 Florencio[par.0034]), “in response to the monitored rate exceeding a threshold keystroke rate” (examine buffer of keystrokes entered Florencio [Fig.4/item 420]), “disable the security alert and provide a warning that a malicious agent may be hosted on the computer system “(is potential credential a match Florencio[Fig.4/item 430], if yes store credential Florencio [Fig.4/item 450], if no do not store Florencio [Fig.4/item 440]).
Regarding claim 6 in view of claim 1, the references combined disclose “wherein the at least one processor is further configured to detect an operation to paste a character string and use the character string as the extracted sequence of characters” (the phishing detection server component can then obtain its own version directly (e.g., using the URL), and compares the two hashes Florencio[par.0013]).
Regarding claim 7 in view of claim 1, the references combined disclose “wherein the at least one processor is further configured to suppress the security alert if the input field is associated with a label that indicates a password entry is requested” (an unusually high number of user name-password-message 288s that result failed authentication-state 529s will alert the server 112 to a brute force password cracking attempt Joyce[par.0174]).
Regarding claim 8 in view of claim 1, the references combined disclose “wherein the at least one processor is further configured to provide the security alert if the input field is associated with a label that does not indicate a password entry is requested” (an unusually high number of user name-password-message 288s that result failed authentication-state 529s will alert the server 112 to a brute force password cracking attempt Joyce[par.0174]). 
Regarding claim 9, Florencio discloses “a method for protection of user credentials comprising: recognizing, by a computer system, a uniform resource locator (URL) to which a web browser is navigating” (the phishing detection server component can then obtain its own version directly (e.g., using the URL), and compares the two hashes [par.0013], “as a URL for which protection is to be provided, the recognition based on an absence of the URL from a history of visited URLs for which a password has been entered” (in one example, once a URL and/or domain is identified as a non-trusted site, user(s) are not permitted to provide any protected credential at that site [par.0014]); “extracting, by the computer system, a sequence of characters entered into a website associated with the URL, the extraction performed in response to the recognition” (a potential credential is received”(at 420, a buffer of key strokes (e.g. sequence of characters entered) actually entered  is examined. [par.0075]); “comparing, by the computer system, an encryption of the extracted sequence of characters to one or more entries in a list of encrypted partial passwords”(at 430, a determination is made at as to whether the potential credential matches the key strokes entered [par.0075]).
Florencio does not explicitly disclose  “wherein a character length of the encryption of the extracted sequence of characters is chosen to match a character length of the encrypted partial passwords; and performing, by the computer system, a security action in response to a match resulting from the comparison”
However, Joyce in an analogous art discloses “wherein a character length of the encryption(encryption module 409) of the extracted sequence of characters is chosen to match a character length of the encrypted partial passwords(plaintext-password-packet 400 is passed to encryption-module 409 Joyce [par.0078])” ; “and performing, by the computer system, a security action in response to a match resulting from the comparison” (password match Joyce[Fig.5/item 526]).


Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Florencio’s phishing detection system which uses a phishing detection server component and compares the two hashes with Joyce’s password verification system in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Florencio teaches a phishing detection system for the purposes of security, Joyce teaches a password verification system to prevent phishing, and both are from the same field of endeavor.
Regarding claim 10 in view of claim 9, the references combined disclose “wherein the list of encrypted partial passwords is generated by detection of passwords provided to visited websites over a selected period of time and encrypting the detected passwords” (protected credential store 140 can be any Suitable or appropriate data store, such as a text file, a database, a linked list, or a data structure. In one example, the protected credential store 140 [par.0035]).
Regarding claim 11 in view of claim 9, the references combined disclose “wherein the list of encrypted partial passwords is generated by obtaining a list of passwords from a web browser database of saved passwords and encrypting the passwords in the obtained list of passwords” (protected credential store 140 can be any Suitable or appropriate data store, such as a text file, a database, a linked list, or a data structure. In one example, the protected credential store 140 [par.0035]).



Regarding claim 12 in view of claim 9, the references combined disclose “wherein the recognition is further based on a match of the URL to an entry in a list of suspect URLs, the list of suspect URLs generated by a URL reputation manager” (A non-limiting list of information PEM300 might use to select from the plurality of cryptographic-secret 306S is comprised of webpage-URL 200, submission-URL 263, data contained within challenge-data-text 264 or an SSL certificate associated with webpage-URL 200 Joyce[par.0163])  
Regarding claim 13 in view of claim 9, the references combined disclose “further comprising monitoring a rate at which the sequence of characters is entered and” (credential component 150 identifies and stores credential(s) in the protected credential Store 140 Florencio[par.0034]), “in response to the monitored rate exceeding a threshold keystroke rate” (examine buffer of keystrokes entered Florencio [Fig.4/item 420], “disable the security alert and provide a warning that a malicious agent may be hosted on the computer system” (at 430, a determination is made at as to whether the potential credential matches the key strokes entered [par.0075]). 
Regarding claim 14 in view of claim 9, the references combined disclose “further comprising detecting a character string paste operation and using the character string as the extracted sequence of characters”(the phishing detection server component can then obtain its own version directly (e.g., using the URL), and compares the two hashes Florencio[par.0013]).

Regarding claim 15 in view of claim 9, the references combined disclose “further comprising suppressing the security alert if the input field is associated with a label that indicates a password entry is requested” (an unusually high number of user name-password-message 288s that result failed authentication-state 529s will alert the server 112 to a brute force password cracking attempt Joyce[par.0174]).
Regarding claim 16 in view of claim 9, the references combined disclose “further comprising providing the security alert if the input field is associated with a label that does not indicate a password entry is requested” (an unusually high number of user name-password-message 288s that result failed authentication-state 529s will alert the server 112 to a brute force password cracking attempt Joyce[par.0174]).  
Regarding claim 17, Florencio discloses “a non-transitory computer readable medium storing executable sequences of instructions to provide protection of user credentials, the sequences of instructions comprising instructions to: recognize a uniform resource locator (URL) to which a web browser is navigating as a URL for which protection is to be provided” (the phishing detection server component can then obtain its own version directly (e.g., using the URL), and compares the two hashes [par.0013]), “the recognition based on an absence of the URL from a history of visited URLs for which a password has been entered” (in one example, once a URL and/or domain is identified as a non-trusted site, user(s) are not permitted to provide any protected credential at that site [par.0014]), “extract a sequence of characters entered into a website associated with the URL” (a potential credential is received”(at 420, a buffer of key strokes (e.g. sequence of characters entered) actually entered  is examined. [par.0075]), “the extraction performed in response to the recognition; compare an encryption of the extracted sequence of characters to one or more entries in a list of encrypted partial passwords” (at 430, a determination is made at as to whether the potential credential matches the key strokes entered [par.0075]). 
Florencio does not explicitly disclose “wherein a character length of the encryption of the extracted sequence of characters is chosen to match a character length of the encrypted partial passwords; and perform a security action in response to a match resulting from the comparison.
However, Joyce in an analogous art discloses “wherein a character length of the encryption(encryption module 409) of the extracted sequence of characters is chosen to match a character length of the encrypted partial passwords(plaintext-password-packet 400 is passed to encryption-module 409 Joyce [par.0078])” ; “and perform a security action in response to a match resulting from the comparison” (password match Joyce[Fig.5/item 526]).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Florencio’s phishing detection system which uses a phishing detection server component and compares the two hashes with Joyce’s password verification system in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Florencio teaches a phishing detection system for the purposes of security, Joyce teaches a password verification system to prevent phishing, and both are from the same field of endeavor.

Regarding claim 18 in view of claim 17, the references combined disclose “wherein the list of encrypted partial passwords is generated by detection of passwords provided to visited websites over a selected period of time and encrypting the detected passwords” (protected credential store 140 can be any Suitable or appropriate data store, such as a text file, a database, a linked list, or a data structure. In one example, the protected credential store 140 [par.0035]).
Regarding claim 19 in view of claim 17, the references combined disclose “wherein the list of encrypted partial passwords is generated by obtaining a list of passwords from a web browser database of saved passwords and encrypting the passwords in the obtained list of passwords” (protected credential store 140 can be any Suitable or appropriate data store, such as a text file, a database, a linked list, or a data structure. In one example, the protected credential store 140 [par.0035]). 
Regarding claim 20 in view of claim 17, the references combined disclose “wherein the recognition is further based on a match of the URL to an entry in a list of suspect URLs, the list of suspect URLs generated by a URL reputation manager” (A non-limiting list of information PEM300 might use to select from the plurality of cryptographic-secret 306S is comprised of webpage-URL 200, submission-URL 263, data contained within challenge-data-text 264 or an SSL certificate associated with webpage-URL 200 Joyce[par.0163]).
Regarding claim 21 in view of claim 17, the references combined disclose “wherein the sequences of instructions further include instructions to monitor a rate at which the sequence of characters is entered and” (credential component 150 identifies and stores credential(s) in the protected credential Store 140 Florencio[par.0034]), “in response to the monitored rate exceeding a threshold keystroke rate” (examine buffer of keystrokes entered Florencio [Fig.4/item 420]), “disable the security alert and provide a warning that a malicious agent may be hosted on the computer system” (is potential credential a match Florencio[Fig.4/item 430], if yes store credential Florencio [Fig.4/item 450], if no do not store Florencio [Fig.4/item 440]).
Regarding claim 22 in view of claim 17, the references combined disclose “wherein the sequences of instructions further include instructions to detect an operation to paste a character string and use the character string as the extracted sequence of characters” (the phishing detection server component can then obtain its own version directly (e.g., using the URL), and compares the two hashes Florencio[par.0013]).
Regarding claim 23 in view of claim 17, the references combined disclose “wherein the sequences of instructions further include instructions to suppress the security alert if the input field is associated with a label that indicates a password entry is requested”(an unusually high number of user name-password-message 288s that result failed authentication-state 529s will alert the server 112 to a brute force password cracking attempt Joyce[par.0174]).




Regarding claim 24 in view of claim 17, the references combined disclose “wherein the sequences of instructions further include instructions to provide the security alert if the input field is associated with a label that does not indicate a password entry is requested” (an unusually high number of user name-password-message 288s that result failed authentication-state 529s will alert the server 112 to a brute force password cracking attempt Joyce[par.0174]).


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL D ANDERSON whose telephone number is (571)270-5159. The examiner can normally be reached Mon-Fri 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL D ANDERSON/Examiner, Art Unit 2433         

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433