DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on October 14, 2022 has been entered. 
         Response to arguments
 Claims 1, 8 and 15 have been amended. No claim has been cancelled. No claim has been added. Therefore, claims 1-20 are pending. 
Claims 1-20 are rejected under over Watanabe, US pat. No 7609629 in view of Gardner, US pat. No 8312543 in further view of CAHN, US pat. No 20190370856. The reasons of obviousness are below.    
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1- 20 are rejected under 35 U.S.C 103 as being unpatentable over Watanabe, US pat. No 7609629 in view of Gardner, US pat. No 8312543. 

Claims 1, 8, 15. Watanabe discloses a method, (See abstract; A network controller, capable of high-speed extraction of malicious traffic from networks and determining characteristics of such traffic) comprising: monitoring web traffic until a threshold of network traffic is collected; (See col 2, lines 39-45; a network controller includes a unit for accumulating the number of packets for each arbitrary itemset contained in the header portion of packets to be transferred, and a unit for determining whether an accumulated value obtained by the accumulating unit exceeds a predetermined threshold) determining a plurality of location characteristics corresponding to the network traffic, (See   col 5, lines 16-23;   the CPU 109 generates traffic information from the content of the packet stored in the packet buffer 114 (step 503). The traffic information is generated by extracting a source IP address, a destination IP address, a source port number, a destination port number, and a protocol number contained in an IP header, as well as a TCP header or a UDP header of the packet (E,g.,location characteristics). Elements of traffic information are not limited to the above, and other elements may be added if necessary.) monitoring traffic information corresponding to the plurality of location characteristics until a threshold of traffic information is collected: (See col 6, lines 3-7; When an appropriate number of traffic information generated in step 503 accumulates in the memory 110, the CPU 109 configures the information into traffic information 505 and transmits it to the specific traffic detection and control section 107) and blocking  the incoming web traffic from reaching the client device based on the location profile when the incoming web traffic corresponds to impermissible web traffic. (See col 6, lines 29-35; at the specific traffic detection and control section 107, when the CPU 116 receives notification of the transfer of traffic information 505 in the processing of step 504, the CPU 116 performs an analysis of traffic information 505, and upon detecting inappropriate traffic generates a flow control configuration information 510 for performing either prohibition or rate limiting on the traffic)
Watanabe does not disclose wherein each of the plurality of location characteristics corresponds to a parameter or characteristic of a website or application program interface (API) that the network traffic is associated with;

generating, by a processing device, a location profile that denies incoming web traffic above a security threshold from reaching a client device, the location profile based on the plurality of location characteristics and the plurality of content flags;  
However, Gardner discloses wherein each of the plurality of location characteristics corresponds to a parameter or characteristic of a website or application program interface (API) that the network traffic is associated with; (See Gardner, col 2, lines 1-7; The modules further comprise a reputation determination module configured to determine a reputation of the website in response to detecting the cookie in the network traffic stream) 
generating, by a processing device, a location profile that denies incoming web traffic above a security threshold from reaching a client device , the location profile based on the plurality of location characteristics and the plurality of content flags;  (See Gardner, col 2, lines 1-7;  The computer program modules comprise a traffic monitoring module configured to monitor a network traffic stream directed to a client from a website, and cookie inspection module configured to detect presence of  a cookie associated with the website  in the network traffic stream. The modules further comprise a reputation determination module configured to determine a reputation of the website in response to detecting the cookie in the network traffic stream, a cookie response module configured to selectively block the cookie based on the determined reputation of the website.  See also col 6, 8-19; This blocking can be performed by removing the detected cookie from the network stream so that the network traffic containing the cookie does not reach the browser module 112 (or add-in to which the cookie is directed))
Watanabe and Gardner are analogous art because they are from the same field of endeavor which information security. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Watanabe with the teaching of Gardner to include the marked data because it would have been to selectively blocking cookies in network communications. (See Gardner, col 1, lines 5-9)

 
Claims 2, 9, 16. The combination of Watanabe, and Gardner discloses the method of claim 1, wherein blocking the impermissible web traffic comprises: determining that the impermissible web traffic comprises known location characteristic in the location profile; (See Watanabe, col 5, lines 16-23; the CPU 109 generates traffic information from the content of the packet stored in the packet buffer 114 (step 503). The traffic information is generated by extracting a source IP address, a destination IP address, a source port number, a destination port number, and a protocol number contained in an IP header, as well as a TCP header or a UDP header of the packet (E, g., location characteristics) determining a flag of the known location characteristic, (See Gardner, col 1, lines 1-7; reputation score) 
Watanabe and Gardner are analogous art because they are from the same field of endeavor which information security. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Watanabe with the teaching of Gardner to include the marked data because it would have been to selectively blocking cookies in network communications. (See Gardner, col 1, lines 5-9)
Claims 3, 10, 17 , The combination of Watanabe,  MARGALIT and CAHN discloses the method of claim 1, further comprising: determining that permissible web traffic comprises a known location characteristic in the location profile; (See Watanabe, col 11, lines 45-48) determining a flag of the known location characteristic; (See Gardner, col 1, lines 1-7; reputation score) determining that the flag indicates that a content of the known location characteristic is permissible according to the location profile, allowing the permissible web traffic to reach the client device in response to determining that the flag is permissible. (See Gardner, col 1, lines 1-7; reputation score) 
Watanabe and Gardner are analogous art because they are from the same field of endeavor which information security. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Watanabe with the teaching of Gardner to include the marked data because it would have been to selectively blocking cookies in network communications. (See Gardner, col 1, lines 5-9)
Claims 4, 11, 18. The combination of Watanabe and Gardner discloses the method of claim 1, wherein the threshold of network traffic corresponds to a predetermined a number of network requests to at least one of: different internet protocol (IP) addresses, different user-agent settings, or a time period. (See Watanabe, Col 5, lines 16-20)
Claims 5, 12. The combination of Watanabe and Gardner discloses the method of claim 1, wherein the threshold of traffic information corresponds to a predetermined a number of network requests comprising a specific location characteristic. (See Col 9, lines 19-25; Computers under DDoS attack receive communication requests at the same port number from a multitude of computers. Therefore, when a large quantity of packets sharing a certain combination of a destination IP address and a destination port number is observed) 
Claims 6, 13, 19. The combination of Watanabe and Gardner discloses the method of claim 1, wherein each of the plurality of location characteristics comprises an identification of at least one of a host, uniform resource locator (URL), method, query string parameter, body parameter, or cookie of the website or the application program interface (API) that the network traffic is associated with. (See Gardner, col 1, lines 5-9)  
Watanabe and Gardner are analogous art because they are from the same field of endeavor which information security. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Watanabe with the teaching of Gardner to include the marked data because it would have been to selectively blocking cookies in network communications. (See Gardner, col 1, lines 5-9)
Claims 7, 14, 20. The combination of Watanabe and Gardner discloses the method of claim 1, wherein the location profile identifies a plurality of location characteristics and corresponding allowable content. (See Watanabe, Col 12, lines 43-60) 
                                                             Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
 Kleiner, US pat.No 20190044914, title “ Direct-Connect Web Endpoint “
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSNEL JEUDY whose telephone number is (571)270-7476. The examiner can normally be reached M-F 10:00-8:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arani T Taghi can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Date: 6/14/2022
/JOSNEL JEUDY/Primary Examiner, Art Unit 2438