DETAILED ACTION
This is a continuation of application Nos. 15/447,009 and 16/344,731.
Claims 1-20 rejected under nonstatutory double patenting.
Claims 1-5, 7-12, and 14-19 are rejected under 35 USC § 103.
Claims 6, 13, and 20 objected to as allowable dependent claims.


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,733,376 B2 and claims 1-18 of U.S. Patent No. 11,200,375 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the claimed subject matter corresponds as follows:
Current Application
'376 Patent
'375 Patent
1, 8, 15
1
1
2, 9, 16
7
2
3, 10, 17
8
3
4, 11, 18
5
1
5, 12, 19
9
6
6, 13, 20
5
1
7, 14
7
7




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 7-10, and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over Kolam et al., U.S. PG-Publication No. 2015/0143223 A1, in view of Kesteren, Cross-Origin Resource Sharing, W3C, 16 January 2014, 1-16 (retrieved from https://www.w3.org/TR/2014/REC-cors-20140116).

Claim 1
	Kolam discloses a method for presenting cross-site auto-play media. [FUNCTIONAL LANGUAGE: INTENDED USE] The preamble recites an intention for using the method with the intended use of presenting auto-play media. When the body of a claim sets forth all limitations of the claimed invention and the preamble merely states the purpose or intended use of the invention, "then the preamble is not considered a limitation and is of no significance to claim construction." Statements in the preamble reciting the purpose of intended use of a claimed invention are evaluated by determining "whether the recited purpose of intended use results in a structural difference . . . between the claimed invention and the prior art." MPEP 2111.02(II). The body of the claim does not recite steps specific to auto-play media, because the recited limitations are applicable to all generic cross-site media. Thus, the intended use of auto-play media recited in the preamble is not considered a limitation and is of no significance to claim construction.
Kolam discloses a method for rendering a webpage comprising "dependent resources" (e.g. images, videos, audio clips). Kolam, ¶¶ 19-20. The references dependent resources are "hosted on multiple domains." Id. at ¶¶ 22-23. 
	Kolam discloses the method comprising: receiving, by a client device, a content element associated with a first domain, the content element comprising an identifier of a media content element. Kolam discloses a web browser 102 running on a computing device (i.e. client device) that receives "content corresponding to [a] webpage" (i.e. first content item). Id. at ¶ 17. The webpage comprises references to a dependent resource (i.e. identifier of a media item). Id. at ¶¶ 20-23; FIGS. 2-3.
Kolam discloses determining, by the client device, that the media content element is associated with a second domain different from the first domain. Kolam discloses that the "various domains associated with the referenced dependent resources of a web page can be determined by parsing the webpage." FIG. 3 illustrates an exemplary embodiment wherein web browser 102 makes a "same-origin request to domain 1" for a web page and "must make cross-domain requests to domain 2, domain 3 and domain 4" for the referenced dependent resources. Id. at ¶¶ 23-24.
	Kolam discloses generating, by the client device and in response to determining that the media content element is associated with a second domain different from the first domain, a request. Kolam discloses that web browser 102 makes separate GET requests for cross-domain resources, wherein the cross-domain requests are Cross-Origin Resource Sharing (CORS) requests. Id. at ¶¶ 24-27. 
	Kolam discloses transmitting, by the client device to a data processing system associated with the first domain, the request. In one embodiment, web browser 102 on the client device "may communicate with other domains on the Internet 110 though a proxy server 108" (i.e. a data processing system associated with the first domain). Id. at ¶ 29.
Kolam discloses receiving, by the client device from the data processing system, a response to the request. Web browser 120 uses a "parent browsing context" associated with an origin domain with "embedded nested browsing contexts . . . associated with a domain that is different from the origin domain." To access cross-domain resources, the nested browsing context "make GET requests to the respective domains through the proxy server 108" and "receive the requested resources from the respective domains." The nested browsing context uses same-origin requests to obtain resources from the cross-domain website and thus no CORS security validation is performed at the cross-domain website." Id. at ¶¶ 31-32. FIG. 10 illustrates an embodiment of the method, wherein a CORS request (342, i.e. first request) is made, and a determination "whether the CORS authorization header is present in the response received." If the authorization header is not present, the method send a same-origin request (348, i.e. second request) to obtain resources from other domains for embedding into a nested browsing context. 
Kolam discloses inserting, by the client device and based on contents of the response, the media content element into primary content; and presenting, by the client device, the media content element on the primary content. The parent browsing context fetches cross-domain resources and renders the content in an inline frame of the web browser. Id. at ¶ 33.
	Kolam does not expressly disclose a request with two domain names, the request including a predefined identifier indicating that the client device is configured to restrict cross-domain redirection.
Kesteren discloses a request with two domain names. Kesteren is the W3C document defining the CORS mechanism to enable client-side cross-origin requests. Kesteren, 1. Kesteren discloses that a CORS cross-origin request takes parameters for the "request URL" (i.e. first domain), indicating a domain to be fetched; and the "referrer source" URL (i.e. second domain), indicating a domain used as the "override referrer source" when the "manual redirect flag" is set. Id. at 11; 13 (7.1.5 Cross-Origin Request with Preflight; 7.1.7 Generic Cross-Origin Request Algorithms).
	Kesteren discloses the request including a predefined identifier indicating that the client device is configured to restrict cross-domain redirection. A cross-origin request uses a predefined "manual redirect flag" parameter, indicating that "redirects are not to be automatically followed." Id. at 9 (7.1 Cross-Origin Request).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the cross-domain resource retrieval method of Kolam to incorporate the CORS standard as taught by Kesteren. One of ordinary skill in the art would be motivated to integrate the CORS standard into Kolam, with a reasonable expectation of success, in order to implement the resource retrieval method using an industry standardized specification as recommended by the W3C.

Claim 2
	Kesteren discloses wherein the request is an initial request, further comprising: setting, based on the request being an initial request, a content-type header of the request to a textual content-type header. Kesteren discloses that a "simple header" contains the header field name "Content-Type" and header field value media type "text/plain." Kesteren, 4.

Claim 3
	Kesteren discloses wherein the request is a request subsequent to an initial request, further comprising: setting, based on the request being subsequent to the initial request, a content-type header of the request to a non-textual content-type header. Kesteren discloses that a "simple header" contains the header field name "Content-Type" and header field value media type "multipart/form-data." Kesteren, 4. One of ordinary skill in the art recognizes that the multipart/form-data content type can be used to transfer encoded data (i.e. non-text data).

Claim 7
	 Kolam discloses wherein the response is a first response, further comprising: determining that a second response identifies a domain different from the first domain and is configured to redirect the client device; and discarding the second response. Kolam discloses that "the CORS request is communicated to proxy server 108 and further onto the requested domain on the Internet." The domain returns a CORS response to proxy server 108, wherein a firewall "may strip or remove the CORS authorization header from the response." The requesting web browser 102 "no longer has the necessary CORS authorization header" and "believes it is denied access to the resources on the requested domain," i.e. the response is discarded. Id. at ¶ 29.

Claims 8-10 and 14
	Claims 8-10 and 14 recite a system configured to perform the steps of the method recited in claims 1-3 and 7. Accordingly, claims 8-10 and 14 are rejected as indicated in the rejection of claims 1-3 and 7.

Claims 15-17
	Claims 15-17 recite a medium storing instructions for performing the steps of the method recited in claims 1-3. Accordingly, claims 15-17 are rejected as indicated in the rejection of claims 1-3.


Claims 4-5, 11-12, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kolam et al., U.S. PG-Publication No. 2015/0143223 A1, in view of Kesteren, Cross-Origin Resource Sharing, W3C, 16 January 2014, 1-16 (retrieved from https://www.w3.org/TR/2014/REC-cors-20140116), further in view of Du et al., U.S. PG-Publication No. 2015/0213259 A1.

Claim 4
	Du discloses extracting a body of the response from the contents of the response; and determining whether the body includes the media content element or a redirect address. Du discloses "a web service sandbox system providing a user agent with a secure mechanism to retrieve content from a web service hosted in another domain … to bypass same-origin policy restrictions." Du, ¶ 6. The web service interface "accepts messages specifying input arguments … and returns responses that may be used by the requesting client (e.g., content). An initial request for information is "made by the user agent" and "is sent to the sandbox service using a cross-domain call." The sandbox service then "makes a call to the web service based on the initial request" and "then processes the response from the web service" to generate "a new message containing the substantive content that is sent to the user agent." Id. at ¶¶ 21-22. The sandbox service comprises a "response parsing operation 310" that "parses and interprets the response from the web service." A "threat mitigation operation 312" operates to interpret and execute elements of the response, i.e. determine whether the body includes the media content element. Id. at ¶ 32.
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the cross-domain content request method of Kolam/Kesteren to incorporate the sandbox parsing service for cross-domain content as taught by Du. One of ordinary skill in the art would be motivated to integrate the sandbox parsing service for cross-domain content into Kolam/Kesteren, with a reasonable expectation of success, in order to ensure that "the user agent web session and the user's system remain service because the sandbox service restricts passing script elements back to the user agent." Du, ¶ 8.

Claim 5
	Du discloses wherein the body includes the media content element, further comprising: decoding the media content element. Du discloses decoding (e.g. interpreting and executing) script elements of the response , in order to generate "safe" content, that is "re-encoded without any script elements for transfer to the user agent." Thus, the ultimate output of the response parsing operation "is the content received from the web service in non-script HTML elements that pose no risk of malicious code execution when rendered by the user agent." Du, ¶ 32.

Claims 11-12
	Claims 11-12 recite a system configured to perform the steps of the method recited in claims 4-5. Accordingly, claims 11-12 are rejected as indicated in the rejection of claims 4-5.

Claims 18-19
	Claims 18-19 recite a medium storing instructions for performing the steps of the method recited in claims 4-5. Accordingly, claims 18-19 are rejected as indicated in the rejection of claims 4-5.


Allowable Subject Matter
Claims 6, 13, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FRANK D MILLS whose telephone number is (571)270-3172. The examiner can normally be reached M-F 10-6 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAVITA PADMANABHAN can be reached on (571)272-8352. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FRANK D MILLS/Primary Examiner, Art Unit 2176                                                                                                                                                                                                        December 13, 2022