DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



Information Disclosure Statement

2.	The information disclosure statement (IDS) submitted on 6/07/2021, 10/08/2021, and 4/13/2022 was filed. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Information Disclosure Statement

3.	The information disclosure statement (IDS) submitted on 6/07/2021, 10/08/2021, and 4/13/2022 was filed.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


4.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over 
Pub.No.: US 2007/0006305 A1 to Florencio et al(hereafter referenced as Florencio) in view of Pub.No.: US 2011/0055593 A1 to Lurey et al(hereafter referenced as Lurey).
Regarding claim 1, Florencio discloses “a computer system comprising: a memory; and at least one processor coupled to the memory and configured to: receive a sequence of characters within a field of a web browser” (user interface 110 can be a web browser [par.0026]) , the field being associated with a password entry field served to the web browser from a website” (HTML forms support the use of data input fields for usernames and passwords that are passed from a web browser to a web server through invocation of the HTTP POST command [par.0032]); “store  the received sequence of characters and send an alternate sequence of characters to the website”(the protected credential data store 140 can be any Suitable or appropriate data store, such as a text file, a database, a linked list, or a data structure [par.0035]), “encrypt the received sequence of characters to generate a received encrypted partial password; compare the received encrypted partial password to one or more entries in a list of encrypted partial passwords” (two fields are hashes of the password and user name in which the encryption module 630 can create a hash, Such as an SHA-1 hash of the user name [par.0069]).
Florencio does not explicitly disclose “and in response to the comparison resulting in a difference, delete the previously sent alternate sequence of characters, and provide a password comprising the stored sequence of characters to the website” 
However, Lurey discloses “and in response to the comparison resulting in a difference, delete the previously sent alternate sequence of characters (send delete request and subscription to server Lurey [Fig.18/item 2072]), “and provide a password comprising the stored sequence of characters to the website”(provide stored password information Lurey [Fig.3/item 300])
Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Florencio’s phishing detection client component comprising password and encryption with Lurey’s password protection technique in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Florencio teaches a process to protect a client via a detection component which includes password protection and encryption, Lurey also discloses a password protection component which stores the sequence to a location, and both are from the same field of endeavor



Regarding claim 2 in view of claim 1, the references combined disclose “wherein the at least one processor is further configured to send a sequence of backspace characters to the website to delete the previously sent alternate sequence of characters” (send delete request and subscription to server Lurey [Fig.18/item 2072]).
Regarding claim 3 in view of claim 1, the references combined disclose “wherein the alternate characters are sent to cause a cursor advance associated with each received character” (for each key typed, the character corresponding to the typed key is placed in a data buffer Such as a first-in, first-out (FIFO) buffer 160 of a user interface 170 Florencio [par.0033]).
Regarding claim 4 in view of claim 1, the references combined disclose “wherein the at least one processor is further configured to perform a security action in response to the comparison resulting in a match” (protection module 220 determines that a user has entered protected security credentials, for example, by finding a match between the hash function value and an entry in the protected credential data store 230 Florencio [par.0050]).
Regarding claim 5 in view of claim 1, the references combined disclose “wherein the at least one processor is further configured to detect passwords provided to visited websites over a selected period of time and encrypt the detected passwords to generate the list of encrypted partial passwords” (web browser, detects when passwords and userids are used on a web page Florencio [par.0078])

Regarding claim 6 in view of claim 1, the references combined disclose “wherein the at least one processor is further configured to identify a uniform resource locator (URL) associated with the website” (Once the user has selected the link, a block 2002 causes the browser to link to the selected URL Lurey[par.0108]) ; “determine an absence of the URL from a history of visited URLs for which a password has been entered; and recognize the URL as a URL for which protection is to be provided based on the determination” (is autofill correct and complete Lurey [Fig.14/item 2008]).
Regarding claim 7 in view of claim 1, the references combined disclose “wherein the at least one processor is further configured to identify a URL associated with the website” (Once the user has selected the link, a block 2002 causes the browser to link to the selected URL Lurey[par.0108]) ; “receive a list of suspect URLs generated by a URL reputation manager; match the URL to an entry in the list; and recognize the URL as a URL for which protection is to be provided based on the match” (Once the user has selected the link, a block 2002 causes the browser to link to the selected URL Lurey[par.0108])
Regarding claim 8, Florencio discloses “a computer system comprising: a memory; and at least one processor coupled to the memory and configured to: detect login elements served to a web browser from a website”(protection module web browser, detects when passwords and userids are used on a web page [par.0078]), “the login elements including a password entry field”(as appropriate or required by context, security credentials can include a username, a password, or a username-password pair [par.0030]) ; “generate an overlay of the login elements” (as appropriate or required by context, security credentials can include a username, a password, or a username-password pair [par.0030]); “receive a sequence of characters within a password entry field of the overlay”(For each key typed, the character corresponding to the typed key is placed in a data buffer Such as a first-in, first-out (FIFO) buffer 115 of the user interface 110 [par.0033]); “encrypt the received sequence of characters to generate a received encrypted partial password”(the list of user names can be hashed, encrypted [par.0060]) ; “compare the received encrypted partial password to one or more entries in a list of encrypted partial passwords”(the computed hash function values from the credential module 120 is compared to entries in the list of protected credentials [par.0038]).
Florencio does not explicitly disclose “and in response to the comparison resulting in a difference, provide a password comprising the received sequence of characters to the password entry field of the login elements served from the website” 
However, Lurey discloses “and in response to the comparison resulting in a difference, provide a password comprising the received sequence of characters to the password entry field of the login elements served from the website”(provide stored password information Lurey [Fig.3/item 300])
Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Florencio’s phishing detection client component comprising password and encryption with Lurey’s password protection technique in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Florencio teaches a process to protect a client via a detection component which includes password protection and encryption, Lurey also discloses a password protection component which stores the sequence to a location, and both are from the same field of endeavor
Regarding claim 9 in view of claim 8, the references combined disclose “wherein the at least one processor is further configured to perform a security action in response to the comparison resulting in a match” (protection module 220 determines that a user has entered protected security credentials, for example, by finding a match between the hash function value and an entry in the protected credential data store 230 Florencio [par.0050]). 
Regarding claim 10 in view of claim 8, the references combined disclose “wherein the overlay mimics the login elements served from the website” (web browser, detects when passwords and userids are used on a web page Florencio [par.0078])
Regarding claim 11 in view of claim 8, the references combined disclose “wherein the at least one processor is further configured to detect passwords provided to visited websites over a selected period of time and encrypt the detected passwords to generate the list of encrypted partial passwords” (web browser, detects when passwords and userids are used on a web page Florencio [par.0078])
Regarding claim 12 in view of claim 8, the references combined disclose “wherein the at least one processor is further configured to identify a uniform resource locator (URL) associated with the website” (Once the user has selected the link, a block 2002 causes the browser to link to the selected URL Lurey[par.0108]); “determine an absence of the URL from a history of visited URLs for which a password has been entered; and recognize the URL as a URL for which protection is to be provided based on the determination.” (is autofill correct and complete Lurey [Fig.14/item 2008]).
Regarding claim 13 in view of claim 8, the references combined disclose “wherein the at least one processor is further configured to identify a URL associated with the website” (Once the user has selected the link, a block 2002 causes the browser to link to the selected URL Lurey[par.0108]); “receive a list of suspect URLs generated by a URL reputation manager; match the URL to an entry in the list; and recognize the URL as a URL for which protection is to be provided based on the match.” (protection module 220 determines that a user has entered protected security credentials, for example, by finding a match between the hash function value and an entry in the protected credential data store 230 Florencio [par.0050]).
Regarding claim 14, Florencio discloses “a computer system comprising: a memory; a user interface; and at least one processor coupled to the memory and configured to: receive a message from a remote web browser” (user interface 110 can be a web browser [par.0026]), “the message indicating a change of input focus to a password entry field served to the remote web browser from a website” (HTML forms support the use of data input fields for usernames and passwords that are passed from a web browser to a web server through invocation of the HTTP POST command [par.0032]); “receive a sequence of characters from the user interface; store the received sequence of characters and send an alternate sequence of characters to the remote browser” (the protected credential data store 140 can be any Suitable or appropriate data store, such as a text file, a database, a linked list, or a data structure [par.0035]; “encrypt the received sequence of characters to generate a received encrypted partial password; compare the received encrypted partial password to one or more entries in a list of encrypted partial passwords” (two fields are hashes of the password and user name in which the encryption module 630 can create a hash, Such as an SHA-1 hash of the user name [par.0069]).
Florencio does not explicitly disclose “and in response to the comparison resulting in a difference, provide a password comprising the stored sequence of characters to the remote browser.” 
However, Lurey discloses “and in response to the comparison resulting in a difference, provide a password comprising the stored sequence of characters to the remote browser.”(provide stored password information Lurey [Fig.3/item 300])
Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Florencio’s phishing detection client component comprising password and encryption with Lurey’s password protection technique in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Florencio teaches a process to protect a client via a detection component which includes password protection and encryption, Lurey also discloses a password protection component which stores the sequence to a location, and both are from the same field of endeavor
Regarding claim 15 in view of claim 14, the references combined disclose “wherein the at least one processor is further configured to send a sequence of backspace characters to the website to delete the previously sent alternate sequence of characters, in response to the comparison resulting in a difference” (send delete request and subscription to server Lurey [Fig.18/item 2072]).
Regarding claim 16 in view of claim 14, the references combined disclose “wherein the alternate characters are sent to cause a cursor advance associated with each received character” (for each key typed, the character corresponding to the typed key is placed in a data buffer Such as a first-in, first-out (FIFO) buffer 160 of a user interface 170 Florencio [par.0033]).
Regarding claim 17 in view of claim 14, the references combined disclose “wherein the at least one processor is further configured to perform a security action in response to the comparison resulting in a match” (protection module 220 determines that a user has entered protected security credentials, for example, by finding a match between the hash function value and an entry in the protected credential data store 230 Florencio [par.0050]).
Regarding claim 18 in view of claim 14, the references combined disclose “wherein the at least one processor is further configured to detect passwords provided to visited websites over a selected period of time and encrypt the detected passwords to generate the list of encrypted partial passwords” (web browser, detects when passwords and userids are used on a web page Florencio [par.0078])
Regarding claim 19 in view of claim 14, the references combined disclose “wherein the at least one processor is further configured to identify a uniform resource locator (URL) associated with the website” (Once the user has selected the link, a block 2002 causes the browser to link to the selected URL Lurey[par.0108]); determine an absence of the URL from a history of visited URLs for which a password has been entered; and recognize the URL as a URL for which protection is to be provided based on the determination”(is autofill correct and complete Lurey [Fig.14/item 2008]).
Regarding claim 20 in view of claim 14, the references combined disclose “wherein the at least one processor is further configured to identify a URL associated with the website” (Once the user has selected the link, a block 2002 causes the browser to link to the selected URL Lurey[par.0108]; “receive a list of suspect URLs generated by a URL reputation manager; match the URL to an entry in the list; and recognize the URL as a URL for which protection is to be provided based on the match” (protection module 220 determines that a user has entered protected security credentials, for example, by finding a match between the hash function value and an entry in the protected credential data store 230 Florencio [par.0050]).

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL D ANDERSON whose telephone number is (571)270-5159. The examiner can normally be reached Mon-Fri 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL D ANDERSON/Examiner, Art Unit 2433           

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433