DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
	This office action responds to the amendments filed on September 21, 2022 for application 17/230,310.  Claims 1 and 8 were amended, claims 5 and 12 were cancelled, and claims 1-4, 6-11, and 13-14 remain pending in the application.
Response to Arguments
	The Examiner has fully considered the Applicant’s arguments filed on September 21, 2022, and the Examiner responds as provided below.
	Regarding the Applicant’s response at pages 6 and 7 of the Remarks that concerns the § 103 rejection of independent claims 1 and 8, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to claims 1 and 8 because the arguments do not apply to one of the references currently used in the rejection of the aforementioned claims as detailed below.
	Regarding the Applicant’s response at page 7 of the Remarks that concerns the patentability of dependent claims 2-4, 6-7, 9-11, and 13-14, the argument for patentability rests upon the patentability of the respective independent claims.  Because the independent claims are not patentable over the prior art of record, the dependent claims are similarly not allowable.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The following conventions apply to the mapping of the prior art to the claims:
Italicized text – claim language.
Parenthetical plain text – Examiner’s citation and explanation.
Quotation marks – language quoted from a prior art reference.
Underlining – language quoted from a claim.
Brackets – material altered from either a prior art reference or a claim, which includes the Examiner’s explanation that relates a claim limitation to the quoted material of a reference.
Braces – a limitation taught by another reference, but the limitation is presented with the mapping of the instant reference for context.
Numbered superscript – a first phrase to be moved upwards to the primary reference analysis.
Lettered superscript – a second phrase to be moved after the movement of the first phrase from which it was lifted, or more succinctly, move numbered material first, lettered material last.

A.	Claims 1-4, 6-11, and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Johns (US 2016/0028743, “Johns”) in view of Ruoti et al. (MessageGuard: A Browser-based Platform for Usable, Content-Based Encryption Research, see attached NPL document).
Regarding Claim 1
Johns discloses
A method (abstract, Figs. 3 & 6) comprising: 
storing, at a storage device communicatively coupled to a computer, one or more operations (¶ [0146], “Generally, a processor will receive instructions and data from a read-only memory or a random access memory or both. Elements of a computer [that are coupled] may include at least one processor for executing instructions [as operations] and one or more memory devices [as storage device[s]] for storing instructions and data.”) to be executed for a web browser (¶ [0148], “Implementations may be implemented [and thereby executed] in a computing system that includes a back-end component, e.g., as a data server, or that includes a middleware component, e.g., an application server, or that includes a front-end component, e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation, or any combination of such back-end, middleware, or front-end components.”); 
generating, at the computer, a…1 document object model (DOM) by a component of a web page (Fig. 1, ¶ [0018], “More specifically, the page 110 is assumed, for the sake of the example, to be a webpage provided in good faith by a legitimate provider, so that the widget 108A [as a component] should be free to provide any relevant third party service provided by the widget provider server 106 when embedded in [and is thereby a component of] the [web] page 110;” and ¶¶ [0023]-[0025], “For example, as shown, the browser application 116 [at the computer] may include a conventional rendering engine 126, that is configured to receive page related code from the page generator 122 and the widget generator 104, for rendering thereof within the browser window 114. For example, the rendering engine 126 may receive hypertext markup language (HTML) code from the page generator 122, and may parse the HTML code to construct [and thereby generate] a document object model (DOM), that may then be traversed by the rendering engine 126 to render the malicious page 112.”) to be displayed in the web browser using the one or more of the stored operations (¶ [0023], “For example, as shown, the browser application 116 may include a conventional rendering engine 126, that is configured to receive [from a storage medium] page related code [as operations from the page generator 122 and the widget generator 104, for rendering thereof [and thereby displaying] within the browser window 114.), 
2 …; 
instantiating, by the component of the web page (Fig. 1, ¶ [0018]) {that receives the sensitive data or restricted data at the computer (Ruoti p. 6, 16)}, an inline frame (iFrame) (Fig. 2, ¶¶ [0048]-[0049], “Then, when a page 212 is rendered in conjunction with the page context 202, a frame 214 may be included [and thereby instantiate[ed]] within the page 212 for purposes of embedding a widget 216 provided in conjunction with the widget context 204 and the widget script 210,” and “In more detail, in the example, the frame 214 generally represents an inline frame, or iframe, that is associated with a node of the DOM tree of the DOM 206, and that is commonly used to achieve the type of seamless embedding of the widget 216 described above.”) with a same domain as the component (¶ [0049], “For example, the frame 214 may refer to a uniform resource locator (URL) [as a domain] of the widget 216 [as the component, thus having the same domain as the iFrame], and/or may include a uniquely-assigned identifier provided by the DOM 206 for uniquely identifying the widget 216;” ¶ [0041], “For example, the widget provider [that is related to the respective instantiated iframe] might include a provider of business software, a government entity, a news outlet or organization, a bank or other financial services provider, and ecommerce site, or virtually any entity which might benefit from a widespread adoption of its widgets across a number of different web domains and associated pages,” and ¶¶ [0039]-[0040], “In particular, for example, such widgets should be understood to potentially be associated with associated DOM models, which themselves may be rendered by the rendering engine 126, and subject to security policies of the security manager 130.”);  
displaying, on a display communicatively coupled to the computer, the web page (Fig. 1, ¶¶ [0023]-[0025]) to receive the sensitive data or restricted data (¶ [0041], “For example, the widget provider might include a provider of business software, a government entity, a news outlet or organization, a bank or other financial services provider [that possesses sensitive data or restricted data], and ecommerce site, or virtually any entity which might benefit from a widespread adoption of its widgets across a number of different web domains and associated pages.”) via the instantiated iFrame (Fig. 2, ¶¶ [0048]-[0049]) from an input device communicatively coupled to the computer for a component of the web page (¶ [0024], “For example, it should be appreciated that the DOM [for a component of the web page] generally represents a language independent, cross platform technique for providing objects within web documents (e.g., HTML documents, eXtensible Markup Language (XML) documents, and other available markup languages), in a manner which governs the ways in which the end user sees [via a display[]] and otherwise interacts [via an input device communicatively coupled to the computer] with a rendered page.”); 
3 ….
Johns doesn’t disclose
	1 …closed shadow {document object model (DOM)}…
	2 wherein the closed shadow DOM is configured to receive sensitive data or restricted data;
	3 preventing, using the instantiated iFrame, an application program interface (API) of a web browser that displays the web page from being changed by third-party operations.
Ruoti, however, discloses
	1 …closed shadow {document object model (DOM)… (p. 16, “Shadow DOM is the one approach that does not rely on a standard security model, but instead requires developers to modify the JavaScript environment to prevent websites from accessing the contents of a ShadowRoot,” and by “prevent[ing] websites from accessing the contents of a ShadowRoot” of a Shadow DOM, a closed shadow DOM is created); and 
	2 wherein the closed shadow DOM (p. 16) is configured to receive sensitive data or restricted data (p. 16, “The iFrame and standalone website strategies rely on the browser’s same-origin policy for security [36], [37]. As part of this policy, browsers ensure that code executing on an arbitrary website is unable to access or modify content hosted on a different domain (i.e., iFrame, standalone website). This is an important model that provides security for much of the web [3],” i.e., when content within an iFrame cannot be “access[ed] or modif[ied]” by another website, then then sensitive data can be received; p. 14, “Since iFrames are a part of the browser’s DOM [or closed shadow DOM], it is trivial to integrate them with websites;” p. 18, “Where possible, the front end uses the Shadow DOM to position overlays (i.e., styling, not security);” and p. 6, “Read overlays are used to display [received] sensitive information [as sensitive data]  to the user, and a compose overlay allows users to encrypt sensitive information before sending it to the website. Each overlay is displayed within an iframe [associated with the Shadow DOM for “position[ing] overlays”] and uses the browser’s same-origin policy to protect its contents [comprising sensitive data or restricted data] from the website;”);
	3 preventing, using the instantiated iFrame, an application program interface (API) of a web browser that displays the web page from being changed by third-party operations  (Figs. 2 & 3, p. 6, “Each overlay [as an application program interface] is displayed [as a web page] within an [instantiated] iframe and uses the [web] browser’s same-origin policy to protect its contents [from being changed] from the website [that can be used by a third party to implement operations;” and “Since the front end component does not exist as part of MessageGuard’s protected origin, it cannot directly access the packager, key management, or overlay components. Instead, it is limited to communicating with the overlay component using the web messaging API [27].” i.e., the “overlay” comprises an application program interface that displays a web page and the overlay is protected, and thus cannot be changed, by means of the protection provided by the “front end”).
	Regarding the combination of Johns and Ruoti, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the web-page system of Johns to have included the iFrame feature of Ruoti. One of ordinary skill in the art would have been motivated to incorporate the security features of Ruoti because Ruoti teaches that “Based on our analysis of each of these approaches, iFrames are the implementation strategy best suited to work across all operating systems and browsers (including mobile). Additionally, iFrame-based security overlays have security and usability that are greater than or equal to that of other approaches.”  See Ruoti p. 4.
Regarding Claim 2
Johns in view of Ruoti (“Johns-Ruoti”) discloses the method of claim 1, and Johns further discloses
wherein the one or more operations comprise at least one selected from the group consisting of: 
creating an element of the web page (createElement), 
setting a value for an attribute on a specified element of the web page (setAttribute), 
attaching a shadow DOM tree to an element (attachShadow), 
adding a node to an end of a list of child nodes of a parent node (appendChild), and 
adding an event handler to listen for an event and execute an operation when the event occurs (addEventListener) (¶¶ [0078]-[0079], Table 1, “That is, Table 1 should be understood to represent example DOM methods [as operations] and properties that are native to a particular type of the browser application 508.”).  
Regarding Claim 3
Johns-Ruoti discloses the method of claim 2, and Johns further discloses
further comprising: retrieving, at the computer from the storage device (¶¶ [0144]-[0146], “Implementations may be implemented as a computer program product, i.e., a computer program tangibly embodied in an information carrier, e.g., in a machine-readable storage device, for execution by, or to control the operation of, data processing apparatus, e.g., a programmable processor, a computer, or multiple computers.”), 
at least one of the one or more operations based on an application (¶ [0023], “For example, as shown, the browser application 116 may include a conventional rendering engine 126, that is configured to receive [and thereby retriev[e]] page related code [as operations based on the browser application] from the page generator 122 and the widget generator 104, for rendering thereof within the browser window 114”).  
Regarding Claim 4
Johns-Ruoti discloses the method of claim 1, and Ruoti further discloses
further comprising: prohibiting other web components from accessing the instantiated iFrame using the closed shadow DOM (p. 16, “Shadow DOM is the one approach that does not rely on a standard security model, but instead requires developers to modify the JavaScript environment to prevent websites [and thereby web components] from accessing the contents of a ShadowRoot [and thus the instantiated iFrame],” and by “prevent[ing] websites from accessing the contents of a ShadowRoot” of a Shadow DOM, a closed shadow DOM is created and prohibits other web components from accessing the instantiated iFrame; and Figs. 2 & 3, p. 6, “Each overlay is displayed within an [instantiated] iframe and uses the browser’s same-origin policy to protect its contents [and thereby prohibit other web components from accessing the instantiate iFrame] from the website.”). 
Regarding the combination of Johns and Ruoti, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 4.
Regarding Claim 6
Johns-Ruoti discloses the method of claim 1, and Johns further discloses 
further comprising: preventing the instantiated iFrame from being available to the rest of the web page (¶ [0052], “Then, the protection script 208 may be configured to communicate, using appropriate APIs of the DOM 206, that the widget script 210 has been disabled, and that the widget script 210 will not be enabled and/or included within the frame 214 of the page 212,” and ¶ [0054], “if the protection script 208 does not receive permission for its inclusion within the page context 202, then the protection manager 102 may refuse to enable [which prevent[s] … availab[ility] to the rest of the web page] or include the widget 216 within the frame 214 of the page 212”) 
based on the closed shadow DOM (¶¶ [0052]-[0055], “the widget generator 104 and the protection manager 102 may provide the widget script 210 and the protection script 208, respectively, in conjunction with a providing of the closed shadow DOM 206 of the page 212 to the browser application 116 of the client system 118.”).  

Regarding Claim 7
Johns-Ruoti discloses the method of claim 1, and Johns further discloses
wherein the sensitive data or restricted data is at least one selected from the group consisting of: a password, bank account information, credit card information, financial account information (¶ [0041], “For example, the widget provider might include a provider of business software, a government entity, a news outlet or organization, a bank or other financial services provider [that possesses sensitive data or restricted data], and ecommerce site, or virtually any entity which might benefit from a widespread adoption of its widgets across a number of different web domains and associated pages.”), personal medical information, and personal identification information.  
Regarding Claims 8-11 and 13-14
With respect to claims 8-11 and 13-14, a corresponding reasoning as given earlier for claims 1-4 and 6-7 applies, mutatis mutandis, to the subject matter of claims 8-11 and 13-14. Therefore, claims 8-11 and 13-14 are rejected, for similar reasons, under the grounds set forth for claims 1-4 and 6-7. 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491