Detailed Action

1.	This Office Action is responsive to the Application 17/851,809 filed 06/28/2022.  Claims 1-20 are presented for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority

2.	Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, or 365(c) is acknowledged.  

Information Disclosure Statement

3.	The information disclosure statements (IDSes) submitted on 08/09/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Specification

4.	The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant's cooperation is requested in correcting any errors of which applicant may become aware in the specification.
5.	The disclosure is objected to because of the following informalities:
On page 1, under section “Cross-Reference to Related Applications”, the cited copending applications should be updated with current statuses such as U.S. Patent Application Serial No., the filing date, U.S. Patent No., and the issued date.
	Appropriate correction is required.

Claim Objections

6.	Claim 20 is objected to because of the following informalities:
	On line 2 of claim 20: “the http response,” should be “the http response message,”.
	On line 3 of claim 20: “the http response header” should be “the http response message”.  Appropriate correction is required.

Double Patenting

7.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
8.	Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-17 of U.S. Patent No. 11,411,918.  

For example:
Instant application 17/851,809
U.S. Patent No. 11,411,918
Claim 1. A method performed by a client device, comprising: 
receiving a series of network messages from a web server, two or more messages of the series of network messages indicating uniform resource locators (URLs) retrieved by a web application; 





determining, based on the series of network messages, a type of the web application, including a name of the web application, by identifying a sequence of the URLs, comparing the sequence of the URLs to respective sequences of URLs retrieved by known web applications, determining, based on the comparing, a matching sequence of URLs, and determining, based on the matching URL sequence of URLs, the type of web application; 








identifying an action based on the type of web application; and 

performing the action.
Claim 1. A method performed by a client device, comprising: 
receiving a series of network messages from a web server, two or more messages of the series of network messages indicating uniform resource locators (URLs) retrieved by a web application; 

determining, based on the series of network messages: a type of hyper-text transfer protocol (http) server application of the web server including a name of the http server application and a version of the http server application, a type of the web application, including a name of the web application, by identifying a sequence of the URLs, comparing the sequence of the URLs to respective sequences of URLs retrieved by known web applications, determining, based on the comparing, a matching sequence of URLs, and determining, based on the matching URL sequence of URLs, the type of web application, and a type of interpreted language used to implement the web server including a name of the interpreted language; 
generating, based on the type of http server application, type of web application, and type of interpreted language, a risk score of the web server; 
identifying a security policy; 

determining, based on the identified security policy and the risk score, an action; and 

performing the determined action.


9.	Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1-17 of U.S. Patent No. 11,411,918 contain every element of claims 1-20 of the instant application and thus anticipate the claims of the instant application.  Claims of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting.  A later application claim is not patently distinct from an earlier claim if the later claim is anticipated by the earlier claim.
	“A later patent claim is not patentably distinct from an earlier patent claim if the later claim obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus)”. ELI LILLY AND COMPANY vs. BARR LABORATORIES INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).


Allowable Subject Matter

10.	Claims 1-20 are allowable over the prior arts.

11.	The following is an examiner's statement of reasons for allowance:
In interpreting the currently amended claims, in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of records.
Prior Art Daswani et al. (US 8,683,584) teaches a method and system for performing a risk assessment of a web site, wherein a plurality of elements included in the web site is categorized. The risk posed by the presence of at least some of the plurality of elements is assessed. Example elements include third party content and out- of-date web applications. A risk assessment report is provided as output (Abstract).
Prior Art Bach et al. (US 2016/0078231 A1) teaches an automated software vulnerability scanning and notification system and method provide an automated detection and notification regarding a software vulnerability. The operation of the system and the method includes obtaining software vulnerability information, periodically scanning a web application and a corresponding web server associated with an operator, and evaluating the periodic scans relative to the software vulnerability information to detect software vulnerabilities. Upon detection of a software vulnerability, a notification message is provided automatically to the operator regarding the software vulnerability (Abstract).
Prior Art Ross et al. (US 2009/0119769 A1) teaches a method employing an XSS filter, wherein the filter in the browser will allow the server to disable the XSS filter for a particular response by sending a specific HTTP response header ([0039]). Ross also teaches an HTTP response is received, a check is made for an HTML MIME type. If the response includes an HTML MIME type, the filter also checks the referrer header in the HTTP request. If the same referrer, it is same-site scripting and passes the response since no further filtering needs to be performed ([0045]).
The prior art of records, individually or in combination, fail to explicitly teach or render obvious that a method, system and non-transitory computer readable storage medium to perform the steps of: receiving a series of network messages from a web server, two or more messages of the series of network messages indicating uniform resource locators (URLs) retrieved by a web application; determining, based on the series of network messages, a type of the web application, including a name of the web application, by identifying a sequence of the URLs, comparing the sequence of the URLs to respective sequences of URLs retrieved by known web applications, determining, based on the comparing, a matching sequence of URLs, and determining, based on the matching URL sequence of URLs, the type of web application; identifying an action based on the type of web application; and performing the action, as set forth in the independent claims 1, 8 and 12.


12.	Further references of interest are cited on Form PTO-892, which is an attachment to this Office Action.

13.	A shortened statutory period for reply to this action is set to expire THREE (3) months from the mailing date of this communication.  See 37 CFR 1.134.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUANG N NGUYEN whose telephone number is (571) 272-3886. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s SPE, Wing Chan, can be reached at (571) 272-7493.  The fax phone number for the organization is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/QUANG N NGUYEN/Primary Examiner, Art Unit 2441