DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 08/02/2022. In the instant Amendment, claims 1, 8, 10-11, 18 and 20 have been amended. Claims 1, 11 and 20 are independent claims.  Claims 1-20 have been examined and are pending. This Action is made FINAL.

	
Response to Arguments
The rejections of claims 1-20 under 35 U.S.C. § 101 still maintain. 
Regarding Applicant' s argument that the claims recite an improvement in a technical field, the Examiner respectfully disagrees. The Applicant further argues the claims improve the field of detecting hacking activities. The argument is not persuasive. 
The Examiner respectfully submits that the claims do not recite any active steps that could be considered as applying the abstract idea into a practical application or being significantly more.  As recited in claims 1, 11 and 20, the method/system/computer readable medium includes the operations: “categorizing a plurality of web pages,” “identifying one or more attributes,” “analyzing the one or more attributes” and “identifying hacking activity.” However, the claims do not recite any other steps to apply the “analyzed” and “identified” results into a practical application to protect the system or improve technical field.  Similarly, dependent claims 2-10 and 12-19 do not recite any operations that utilize the analyzed and identified results into a practical application.  In addition, the claims do not recite any other limitations that could be considered as significantly more (see the 35 U.S.C. 101 Rejection section below for detail).  As a result, the 101 rejection of claims 1-20 as being directed to an abstract idea without being integrated into a practical application or significantly more is maintained.
Applicants’ arguments with respect to claims 1-20 have been considered but are moot in view of the new ground(s) of rejection.  
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (313) 446-6644 to schedule an interview.


Claim Rejections- 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter as being directed to an abstract idea without being integrated into a practical application or significantly more. 
Regarding Claims 1, 11 and 20, the claims are directed to an abstract idea as the claims reciting the limitations “identifying hacking activity based on the results of the analysis;” The aforementioned steps are "mental process" as broadly interpreted said steps could be performed in the human mind. Therefore, the claim recites an abstract idea.
Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that utilize determination result into a practical application. It's noted that the claims recite additional elements (i.e., computing device, storage device). However, said additional elements are recited at a high level of generality (i.e., as a generic processor performing a generic computer function of determining operation etc.,) such that it amounts no more than mere instructions to apply the exception or abstract idea using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Therefore, the claims are not integrated into a practical application nor significantly more. 
Also, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. See US Applications US 20170041330, US 20170212875. As discussed above, the additional elements recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter.
Regarding claims 2-10 and 12-19, the claims are also rejected under 35 U.S.C 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims are directed to abstract idea without being integrated into a practical application nor being significantly more.

	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 9, 11-16 and 19-20 are rejected under 35 U.S.C. 103 as being patentable over Hunt et al. (“Hunt,” US 20170041330, published on 02/09/2017) and in view of Foresti et al. (“Foresti,” US 20170212875, published on 07/27/2017) 

Regarding Claim 1;
Foresti discloses a method for detecting hacking activities, the method comprising (par 0008; a system for fraud detection, such as phishing of websites):
categorizing a plurality of web pages of a web site providing bank services using a trained semantic model (par 0015; a page profiler server receive one or more webpages; par 0038; the webpage include a request(s) and associated input field(s) for user social security numbers, credit card numbers, addresses, and other personally identifying information; par 0069; the page checking engine analyze the content of the webpage and categorize the webpage based on its content. For example, the page checking engine determine that mobile banking website is a financial website whereas a website, such as Amazon.com, is a retail shopping website), and 
wherein the semantic model uses at least one resource identifier of a web page as an input and generates a web page category as an output (par 0015; a page profiler server receive one or more webpages; par 0038; the webpage include a request(s) and associated input field(s) for user social security numbers, credit card numbers, addresses, and other personally identifying information; par 0069; the page checking engine analyze the content of the webpage and categorize the webpage based on its content. For example, the page checking engine determine that mobile banking website is a financial website whereas a website, such as Amazon.com, is a retail shopping website); 
identifying one or more attributes of an interaction between a user and bank services (par 0010; a user interact with a browser on the user device and request a webpage; par 0034; the page checking engine identify and obtain one or more images from the webpage; par 0038; the webpage include a request(s) and associated input field(s) for user social security numbers, credit card numbers, addresses, and other personally identifying information);
analyzing the one or more identified attributes by comparing the one or more identified attributes with known attributes of hacking interactions based on a corresponding web page category (par 0038; fig. 4; the page checking engine analyze the content of the webpage [] the webpage include a request(s) and associated input field(s) for user social security numbers, credit card numbers, addresses, and other personally identifying information; par 0076; generating a temporary page profile associated with a webpage [] comparing the temporary page profile to the one or more baseline page profiles; determining that the temporary page profile does not match the one or more baseline page profiles; and generating an alert to display to a user indicating that fraud has been detected for the webpage); and 
identifying hacking activity based on the results of the analysis (par 0076; generating a temporary page profile associated with a webpage [] comparing the temporary page profile to the one or more baseline page profiles; determining that the temporary page profile does not match the one or more baseline page profiles; and generating an alert to display to a user indicating that fraud has been detected for the webpage).
Hunt discloses using a checking engine, wherein the checking engine uses at least one resource identifier of a web page as an input and generates a web page category as an output as recited above, but do not explicitly disclose semantic model; wherein the categorizing a plurality of web pages based at least on juxtapositioning of particular words contained within the plurality of web pages.
However, in an analogous art, Foresti discloses filtering of content system/method that includes:
semantic model (Foresti: par 0034; a semantic mapping technique based on a semantic data model);
wherein the categorizing a plurality of web pages based at least on juxtapositioning of particular words contained within the plurality of web pages (Foresti: par 0028; when a user retrieves a web page, the filter client applies the filter to the content of the web page [] the feature vector for an article may include the type of the web page, the keywords of the article, the author of the article; par 0045; if content selected by a user includes the words “football,” “score,” and “turkey,” the semantic map may be used to identify “touchdown” as a score for football and may identify that a turkey is the mascot of the football team of University Y [according to google: Juxtaposition in literary terms is the showing contrast by concepts placed side by side].The semantic map may also provide a categorization of a website and sub-website by mapping URIs of web pages to their categories (e.g., sports or news). The categories may be identified by a web crawler as it crawls the web).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Foresti with the method/system of Hunt to include semantic model; wherein the categorizing a plurality of web pages based at least on juxtapositioning of particular words contained within the plurality of web pages. One would have been motivated to receives from a user a selection of content of a first document that the user wants to be obscured when the documents are displayed. The filter client sends to a filter server filter information that includes content information derived from the selected content (Foresti: abstract).

Regarding Claim 2; 
The combination of Hunt and Foresti disclose the method of claim 1,
Hunt further discloses wherein the one or more attributes comprise at least: a user activity attribute identifying an action to be performed at the time of the interaction with the bank services, a resource identifier attribute identifying the resource used by the user to perform the action, a device identifier attribute identifying a device used by the user to perform the action (Hunt: par 0010; a user interact with a browser on the user device and request a webpage; par 0069; the page checking engine generate a temporary page profile associated with the webpage based on the different information obtained while processing the webpage; par 0014; the page checker component add the domain or URL associated with the temporary page profile; par 0034; the page checking engine identify and obtain one or more images from the webpage; par 0038; the webpage may include a request(s) and associated input field(s) for user social security numbers, credit card numbers, addresses, and other personally identifying information).

Regarding Claim 3
The combination of Hunt and Foresti disclose the method of claim 1,
Hunt further discloses wherein the action to be performed at the time of the interaction comprises at least: user's navigation of the website, user focusing on a navigational element of one of the plurality of webpages, user entering data into one of the plurality of webpages, user sending data to a clipboard, a change in a state of at least one of the plurality of web pages, user interacting with an interface element of one of the plurality of webpages (Hunt: par 0010; a user interact with a browser on the user device and request a webpage; par 0016; in conjunction with the web browser of the mobile device. The user utilize the browser to navigate to a webpage; par 0069; the page checking engine analyze the content of the webpage and categorize the webpage based on its content. For example, the page checking engine determine that mobile banking website is a financial website whereas a website, such as Amazon.com, is a retail shopping website; par 0038; the webpage include a request(s) and associated input field(s) for user social security numbers, credit card numbers, addresses, and other personally identifying information); 

Regarding Claim 4
The combination of Hunt and Foresti disclose the method of claim 2,
Hunt further discloses wherein the resource identifier attribute is identified by determining at least one of: address of a web page used for the interaction with the bank services, a plurality of keywords associated with the web page, a list of lexemes generated based on the text contained within the web site, and metadata associated with the web page (Hunt: par 0022; a user may interact with a user device. The user may initiate a browser and request a webpage. A page checking component, such as a page checking engine, reside on the user device and initiated when a triggering event occurs [] the triggering event include comparing the website or URL to a list of known webpages).

Regarding Claim 5
The combination of Hunt and Foresti disclose the method of claim 2,
Hunt discloses wherein the device identifier attribute is identified by determining at least one of: browser information of the browser used for the interaction with the bank services, application information associated with one or more applications interacting with the browser, and device information of the device used for the interaction with the bank services (Hunt: par 0010; a user interact with a browser on the user device and request a webpage; par 0034; the page checking engine identify and obtain one or more images from the webpage; par 0038; the webpage include a requests and associated input fields for user social security numbers, credit card numbers, addresses, and other personally identifying information; par 0069; the page checking engine analyze the content of the webpage and categorize the webpage based on its content. For example, the page checking engine determine that mobile banking website is a financial website whereas a website, such as Amazon.com, is a retail shopping website);

Regarding Claim 6
The combination of Hunt and Foresti disclose the method of claim 2,
Hunt further discloses wherein analyzing the one or more identified attributes comprises categorizing the one or more identified attributes into one or more categories (par 0015; a page profiler server receive one or more webpages; par 0038; the webpage include a request(s) and associated input field(s) for user social security numbers, credit card numbers, addresses, and other personally identifying information; par 0069; the page checking engine analyze the content of the webpage and categorize the webpage based on its content. For example, the page checking engine determine that mobile banking website is a financial website whereas a website, such as Amazon.com, is a retail shopping website; par 0076; generating a temporary page profile associated with a webpage [] comparing the temporary page profile to the one or more baseline page profiles).

Regarding Claim 9; 
The combination of Hunt and Foresti disclose the method of claim 1, 
Foresti discloses wherein categorizing the plurality of web pages further comprises categorizing the particular words using a word significance indicator and a word weight factor (Foresti: par 0027; the content features may include keyword features such as the keyword “University Y” and the keyword “turkey.” Each of the features may also have an associated feature weight indicating importance of the feature to the filter. For example, the keyword feature for “turkey,” the mascot of University Y, may have a higher weight than the keyword feature for “University Y” if all the content selected by users for the “turkey” filter included the mascot name; 0045; if content selected by a user includes the words “football,” “score,” and “turkey,” the semantic map may be used to identify “touchdown” as a score for football and may identify that a turkey is the mascot of the football team of University Y. The semantic map provide a categorization of a website and sub-website by mapping URIs of web pages to their categories (e.g., sports or news). The categories may be identified by a web crawler as it crawls the web).
One would have been motivated to receives from a user a selection of content of a first document that the user wants to be obscured when the documents are displayed. The filter client sends to a filter server filter information that includes content information derived from the selected content (Foresti: abstract).


Regarding Claim 11;
This Claim recites a system that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  

	
Regarding Claim 12;
This Claim recites a system that perform the same steps as method of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2.  

Regarding Claim 13;
This Claim recites a system that perform the same steps as method of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.  

Regarding Claim 14;
This Claim recites a system that perform the same steps as method of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4.  




Regarding Claim 15;
This Claim recites a system that perform the same steps as method of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.  

Regarding Claim 16;
This Claim recites a system that perform the same steps as method of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.  

Regarding Claim 19;
This Claim recites a system that perform the same steps as method of Claim 9, and has limitations that are similar to Claim 9, thus are rejected with the same rationale applied against claim 9.  

Regarding Claim 20;
This Claim recites a non-transitory computer readable medium that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  




Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Hunt et al. (US 20170041330) and in view of Foresti et al. (US 20170212875) and further in view of Patrich et al. (“Patrich,” US 20190281064, published on 09/12/2019)

Regarding Claim 7;
The combination of Hunt and Foresti disclose the method of claim 6, 
The combination of Hunt and Foresti disclose all the limitations as recited above, but do not explicitly disclose wherein categorizing the user activity attribute further comprises identifying an actor performing the action and wherein the actor includes a person or a robot.
However, in an analogous art, Patrich discloses restricting access to web resources system/method that includes:
wherein categorizing the user activity attribute further comprises identifying an actor performing the action and wherein the actor includes a person or a robot (Patrich: par 0025; when a requestor visits a webpage, website access information may be obtained by the website access tracker. The website access information includes, for example, a network identifier (e.g., an Internet Protocol (IP) address) of a requestor, an identifier of the website being accessed, and an access time. Using the website access information, the web robot detector may classify one or more particular access requestors as web robots. For instance, if a particular access requestor has visited numerous websites during a given time period based on the obtained website access information, a determination may be made that the particular access requestor should be classified as a web robot).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Patrich with the method/system of Hunt and Foresti to include wherein categorizing the user activity attribute further comprises identifying an actor performing the action and wherein the actor includes a person or a robot. One would have been motivated to base on at least the website access information, it may be determined that a particular access requestor has accessed a number of different websites in a given time period. As a result, the particular access requestor classified as a web robot (Patrich: abstract).

Regarding Claim 17;
This Claim recites a system that perform the same steps as method of Claim 7, and has limitations that are similar to Claim 7, thus are rejected with the same rationale applied against claim 7.  

Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Hunt et al. (US 20170041330) and in view of Foresti et al. (US 20170212875) and further in view of Onut et al. (“Onut,” US 20210120035, filed on 10/22/2019)

Regarding Claim 8;
The combination of Hunt and Foresti disclose the method of claim 1, 
The combination of Hunt and Foresti disclose all the limitations as recited above, but do not explicitly disclose wherein the plurality of web pages is further categorized based on frequency of occurrence of particular words contained within the plurality of web pages.  
However, in an analogous art, Onut discloses detection of phishing internet link system/method that includes:
wherein the plurality of web pages is further categorized based on frequency of occurrence of particular words contained within the plurality of web pages (Onut: par 0025; words with similar meanings are close to each other in the vector space. For instance, the words “car” and “truck” have two similar vectors in the vector space, because they are two instances of the same category; par 0023; the word parser applies a divide-and-conquer algorithm to split the processed hostname into a list of words based on Zipf's law. The Zipf's law captures the probability of occurrence of a word based on its rank in a given frequency table (i.e., the frequency of any word is inversely proportional to its rank in the frequency table). The frequency table is generated by counting the frequency of words appearing in a large text corpus and sorting the words in a descending order by frequency. The frequency table includes words, a frequency rank of each word, and an occurrence probability of each word).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Onut with the method/system of Hunt and Foresti to include wherein the plurality of web pages is further categorized based on frequency of occurrence of particular words contained within the plurality of web pages. One would have been motivated to convert the list of words into a list of word vectors; calculating an average word vector of the list of word vectors; and providing a phishing score for the average vector, indicating a probability of the internet link being a phishing internet link (Onut: ABSTRACT).

Regarding Claim 18;
This Claim recites a system that perform the same steps as method of Claim 8, and has limitations that are similar to Claim 8, thus are rejected with the same rationale applied against claim 8.  

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Hunt et al. (US 20170041330) and in view of Foresti et al. (US 20170212875) and further in view of KOHAVI et al. (“KOHAVI,” US 20200036751, published on 01/30/2020)

Regarding Claim 10; 
The combination of Hunt and Foresti disclose the method of claim 9, 
The combination of Hunt and Foresti disclose all the limitations as recited above, but do not explicitly disclose wherein the word weight factor is calculated using a calculated Time Frequency (TF) Inverse Document Frequency (IDF)  value associated with the corresponding word.  
However, in an analogous art, KOHAVI discloses phishing detection system/method that includes:
wherein the word weight factor is calculated using a calculated Time Frequency (TF) Inverse Document Frequency (IDF) value associated with the corresponding word (KOHAVI: par 0018; the neural network analysis is based on one or more of word counting, term frequency—inverse document frequency; par 0022; attempting Multiple times to resolve the webpage over a configurable period of time to detect phishing pages that are intentionally kept offline following delivery and brought online after a few minutes or hours);
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of KOHAVI with the method/system of Hunt and Foresti to include wherein the word weight factor is calculated using a calculated Time Frequency (TF) Inverse Document Frequency (IDF) value associated with the corresponding word. One would have been motivated to prevention of phishing attacks and more specifically for a phishing detection system featuring real time retrieval, analysis and assessment of phishing webpages (KOHAVI: abstract).
 






Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham  can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/C.W./
Examiner, Art Unit 2439        


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439