DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1, 6, 7, 15, 18 and 20 are currently amended.
Claims 1-4, 6-8, 10-12, 15-20 are pending.
Claims 5, 9, 13 and 14 are cancelled.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 02/02/2026 has been entered.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1, 4, 6-8, 10-12, 15-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
The claims when analyzed under 2019 Revised Patent Subject Matter Eligibility Guidance, are directed to abstract idea.
Claim 1 for example, recites a method and, therefore, is a process.
The claim recites the limitation of “receiving…a request…”; “analyzing…the request…; “accessing an activity log for user…”; “analyzing…the activity log…”; “identifying set of actions…”; “identifying…a token…”; “analyzing…set of actions…”; “determining a type of actions…”; “authenticating the user…via the token…”; “requesting permission…to authenticate the user”; These limitations, under broadest reasonable interpretation are directed performance of the limitation in a human mind or using pen and paper and business methods/administrator activities. ”Authenticating the user…” and “requesting permission to authenticate the user…” are merely admin activities. That is, nothing in the claim element precludes the step from practically being performed in the mind or using pen and paper. For example, the claim encompasses a human simply “receiving…a request…”; “analyzing…the request…; “accessing an activity log for user…”; “analyzing…the activity log…”; “identifying set of actions…”; “identifying…a token…”; “analyzing…set of actions…”; “determining a type of actions…”; “authenticating the user…via the token…”; “requesting permission…to authenticate user”. Thus, the claim recites a mental process and/or using pen and paper when analyzed under step 2A prong 1.
Claim is further analyzed in step 2A prong 2, to evaluate whether the claim as a whole integrates the recited judicial exception into a practical application of the exception. This evaluation is performed by identifying whether there are any additional elements recited in the claim beyond the judicial exception, and evaluating those additional elements individually and in combination to determine whether the claim as a whole integrates the exception into a practical application. However, each of the remaining limitation “a network”; ”a computing device” (Claim 1, 6, 15, 18, 20) ; “a device of a user” (claim 1, 6, 7, 10, 15, 18, 19, 20); “a network resource”; “a non-transitory computer-readable medium” (claim 15), “a processor” (claim 15 and 20);, “ appears to be generic computer functions which do not constitute meaningful limitations that would amount to significantly more than the abstract idea. The combination of these additional element is no more than generic computer functions. Thus, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limitations on practicing the abstract idea.
Claim is additionally analyzed under Step 2B to evaluates whether the claim as a whole amount to significantly more than the recited exception, whether any additional element, or combination of additional elements, adds an inventive concept to the claim. When claims evaluated under step 2B, it is no more than what is well-understood, routine, conventional activity in the field. The specification does not provide any indication anything other than a generic computer component. The mere “receiving…a request…”; “analyzing…the request…; “accessing an activity log for user…”; “analyzing…the activity log…”; “identifying set of actions…”; “identifying…a token…”; “analyzing…set of actions…”; “determining a type of actions…”; “authenticating the user…via the token…”; “requesting permission…to authenticate user” is a well-understood, routing and conventional function when it is claimed in a merely generic manner as it is here.
Independent claims 15 and 20 include limitations similar to the limitations of claim 1 and is rejected under 35 U.S.C. 101 as being directed to abstract idea for the same reasons discussed above with respect to claim 1.
Regarding Claims 2 and 16, further recites: “authenticating a BCookie” These limitations merely elaborate on the abstract idea identified in the independent claims. Simply verifying information of user’s previous activities or verifying list of frequently visited websites. It could be done by a person looking at list of websites on paper.
No additional elements are introduced in claim 2 and claim 12 that would integrate the judicial exception into a practical application. As a whole, claim 2 and claim 12 fails to integrate the judicial exception into a practical application is found non‐statutory under 35 U.S.C. 101 with the addition of the abstract idea.
Regarding Claims 3 and 17 recites: “receiving approval from the user…”; “authenticating a BCookie …”; These limitations merely elaborate on the abstract idea identified in the independent claims. Simply verifying information of user’s previous activities or verifying list of frequently visited websites.
No additional elements are introduced in claim 3 and claim 17 that would integrate the judicial exception into a practical application. As a whole, claim 3 and claim 17 fails to integrate the judicial exception into a practical application is found non‐statutory under 35 U.S.C. 101 with the addition of the abstract idea.
Regarding Claim 4 recites: Claims 4 do not add any additional abstract ideas and/or elements as already present, respectively, in claims 1. For that reason, claim 4 is rejected using the same rational as claims 1.
Regarding Claim 6 recites: “receiving…a request…”; “analyzing…the request…”; These limitations merely elaborate on the abstract idea identified in the independent claims. Simply receiving request and verifying request.
No additional elements are introduced in claim 1 that would integrate the judicial exception into a practical application. As a whole, claim 6 fails to integrate the judicial exception into a practical application is found non‐statutory under 35 U.S.C. 101 with the addition of the abstract idea.
Regarding Claim 10 recites: “determining… that the user does not have an account with a service provide…”; “identifying network information related to the user and the user device…”; “creating a user profile…”; “tracking comprises storing BCookies for visited network resources to the user profile…”. These limitations merely elaborate on the abstract idea identified in the independent claims. Simply creating a user profile by determining activity logs and tracking BCookies for the network resources frequently visited by user .
No additional elements are introduced in claim 1 that would integrate the judicial exception into a practical application. As a whole, claim 10 fails to integrate the judicial exception into a practical application is found non‐statutory under 35 U.S.C. 101 with the addition of the abstract idea.
Regarding Claim 12 recites: “requesting…content…”; “receiving…content…”; “communicating…content to the user for display on a page. These limitations merely elaborate on the abstract idea identified in the independent claims. Simply requesting content (any information) by writing on the paper using pen, receiving the requested content and displaying (copying) it on the any surface (e.g. blackboard or on the paper) using pen/chalkboard.
No additional elements are introduced in claim 1 that would integrate the judicial exception into a practical application. As a whole, claim 12 fails to integrate the judicial exception into a practical application is found non‐statutory under 35 U.S.C. 101 with the addition of the abstract idea.
Regarding Claim 18, Claims 18 do not add any additional abstract ideas and/or elements as already present, respectively, in claims 6 and 7. For that reason, claim 18 is rejected using the same rational as claims 6 and 7.
Regarding Claim 19, Claims 19 do not add any additional abstract ideas and/or elements as already present, respectively, in claim 10. For that reason, claim 19 is rejected using the same rational as claim 10.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim 1, 4, 6-8, 10-12, 15-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1, 3, 15 and 20 recites “non-logged in users”. It is unclear that the user “never logged-in” or “session is expired”. From the specification, the meets and bounds of “non-logged in users” is unclear.
Dependent claims 2-4, 10-12, 7, 8, 16-19 does not cure deficiencies of their corresponding parent claims, therefor dependent claims 2-4, 10-12, 7, 8, 16-19 are rejected under same rationale as their dependent claims.
Claim 1, 3, 15 and 20 recites “logged in users”. It is unclear that the user “is still logged in” or “user stayed logged in”, “session is not expired”. From the specification, the meets and bounds of “logged in users” is unclear.
Dependent claims 2-4, 10-12, 7, 8, 16-19 does not cure deficiencies of their corresponding parent claims, therefor dependent claims 2-4, 10-12, 7, 8, 16-19 are rejected under same rationale as their dependent claims.
Claim 1, 4, 15 and 20 recites “non-logged in activity”. It is unclear that what is “non-logged in activity” means. Is it an activities where user don’t need to logged in? or is it activity logs for the users which are “non-logged in”? From the specification, the meets and bounds of “non-logged in activity” is unclear.
Dependent claims 2-4, 10-12, 7, 8, 16-19 does not cure deficiencies of their corresponding parent claims, therefor dependent claims 2-4, 10-12, 7, 8, 16-19 are rejected under same rationale as their dependent claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-4, 9, 11, 15, 16, 17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over ONG (U. S. PGPub. No. 2012/0246553 A1) (hereinafter “ONG”) in view of Holfelder et al. (U. S. Pat. No. 8,578,036 B1) (hereinafter “Holfelder”) and Hoen, IV et al. (U. S. PGPub. No. 2015/0186993 A1) (hereinafter “Hoen”); and further in view of Bridge et al (U. S. Pat. No. 9,231,935 B1) (hereinafter “Bridge”).
Regarding claim 1, ONG teaches:
receiving, over a network by a computing device, from a device of a user executing a browser application, a request for a network resource (ONG: [0044], sends an HTTP request for a requested web page on that web server via the connection)
analyzing, by the computing device, the request, to determine whether the requested network resource enables non-logged in users to access at least a portion of content of the requested network resource (ONG (20120246553: [0049], a typical client device 138 will try to request all the images, scripts, CSS files, and other content required to display the designated web page [0055], the designated web page may be a welcome page that allows non-logged in users to view a news portal provided by an external news agency);
ONG does not explicitly disclose:
accessing, by the computing device, in response to a determination that the requested network resource enables non-logged in users to access at least a portion of the requested network resource's content, an activity log for the user, the user activity log comprising information associated with a browser session of the user;
However, in an analogous art, Holfelder teaches:
in response to a determination that the requested network resource enables non-logged in users to access at least a portion of the requested network resource's content, (Holfelder: [Col 3, lines 29-33], A user uses browser 114 to request resources 108 over network 102. For example, a user requests resource 108 by typing the website address associated with resource 108 that is stored on web server 104…[Col 3, lines 41-42], (17) The response message for resource 108 may include cookies 110 (also referred to as "HTTP cookies", "web cookies" or "browser cookies").
accessing, by the computing device, (Holfelder (Us 8, 5, 78, 036 B1): [Col 5, lines 3-5-6], a cookie that tracks the browsing activities (=activity logs) of a user is a third-party cookie. Advertisers may use a third-party cookie to determine websites that a user frequently visits. [Col 8, line 63-66], (57) In screenshot 200, cookie information specific to each cookie 110 may be separated into tabs, such as cookie tabs 206. A user may click on each tab 206 and access information specific to each cookie 110., the user activity log comprising information associated with a browser session of the user (Holfelder: [Col 9, lines 33-40], cookie tab 206 also displays meta-information (=information associated with a browser session) associated with each cookie 110. As described herein, meta-information associated with each cookie 110 is included in cookie description file 112 using, for example, key-value pairs. Meta-information for cookie 110 may be presented using meta-information display 210. Meta-information may include a cookie description 122),
It would be obvious to a person having ordinary skill in the art, before the effective filing date of the invention, to modify ONG’ s method of accessing web page by sending an http request to the web server by applying Holfelder’s method of accessing meta-information which includes of each cookie in order to track browsing activities of a user and improve comprehensive analytics on user interests and browsing trends.
ONG in view of Holfelder does not teach:
analyzing, by the computing device, the activity log,
and identifying a set of actions performed by the user prior to the request for the network resource, the set of actions being respective to at least one other network resource, the set of actions occurring during the browser session prior to the request for the network resource;
analyzing, by the computing device, the set of actions,
and determining a type of the actions,
However, an analogous art, Hoen teaches:
analyzing, by the computing device, the activity log (Hoen: [0013] In still further specific embodiments of the apparatus, the user activity tracking module is further configured to record and store the plurality of actions including an order in which the plurality of user actions are taken within the user interface during a user session),
and identifying a set of actions performed by the user prior to the request for the network resource, the set of actions being respective to at least one other network resource, the set of actions occurring during the browser session prior to the request for the network resource (Hoen: [0053] The memory 14 of apparatus 10 additionally stores user activity tracking module 28 The user activity tracking module 28 is configured to track a plurality, and in some embodiments all, of the user actions 30 that the user takes within the user interfaces 20 and log the user actions 30, in a corresponding user activity log 32. In addition, the user activity log 32 logs the user actions 30 in the order 70 in which the actions occurred so as to provide a road map of exactly what occurred and when during the user's session with the work assignment user interfaces 20. [0063] At Event 92, a determination is made that a user has conducted an action (i.e., provided an input) associated with the user interface. The user actions may include, but are not limited to, logging-on to a user session, connecting to a queue, opening an account in a queue, closing out of an account, disconnecting from a queue, logging-off from the user session and the like))
and analyzing, by the computing device, the set of actions (Hoen: [0014], The method further includes determining that a user has conducted an action associated with the user interface and recording, an entry in a user activity log that tracks a plurality of actions that a user conducts in association with the user interface), and determining a type of the actions (Examiner is interpreting “log-in action associated with the user logging into the user interface and a session log-out action associated with the user logging out of the user” are the “type of the actions” as disclosed in paragraph [0016], determining further includes determining that the user has conducted a session log-in action associated with the user logging into the user interface and a session log-out action associated with the user logging out of the user interface. In such embodiments of the method, the step of recording further includes recording an entry in the user activity log that tracks the session log-in action and the session log-out action),
A person having ordinary skill in the art, before the effective filling data of the invention would have found it obvious to modify ONG in view of Holfelder by applying the well-known teaching as disclosed by Hoen of tracking user’s activities in order to recording the plurality of user’s actions are taken within the user interface during a user session. The motivation is to comprehensive tracking data used to gauge user/associated performance, productivity, security and better manage resources (Hoen: [Abastract]).
ONG in view of Holfelder and Hoen does not explicitly disclose:
further identifying, by the computing device, based on the analysis of the activity log, a token for the browser session; and
such that when the type of actions corresponds to a login to a secure account on the at least one other network resource without an explicit logout by the user, authenticating the user to the network resource via the token, and
when the type of actions corresponds to non-logged in activity, requesting permission from the device of the user to authenticate the user to the network resource.
However, in an analogous art, Bridge disclose:
further identifying, by the computing device, based on the analysis of the activity log, a token for the browser session (Bridge: [Col 2, lines 19-21], A login token, which is associated with the session of the web service and includes an expiration date for the session, is tracked. [Col 5, lines 14-21], (20) The login token, in particular, is a data file that is used by the browser to authenticate the user each time the user attempts to use the web service. The data or parameters within a login token may include, but is not limited to, a name, a directory path of the web service, a web domain of the web service, and an expiration date. Such parameters can be used to identify and associate a login token with the web service that generated it.)
such that, when the type of actions corresponds to login to a secure account without an explicit logout by the user (Bridge: Examiner is interpreting that user is logged in and authenticated until without explicit logout. “Type of actions” is used is logged in until explicit logout by the user. [Col 5, lines 23-27], A session of a web service can correspond to any period of time in which the user is authenticated and thus, permitted access to features and services offered by the web service. Login tokens generally persist on the user's computing device until they expired), authenticating the user to the network resource via the token (Bridge: Examiner interpreting login token as Bcookies because a browser cookie is commonly used to authenticate users and manage sessions for network resources, cited in paragraph [Col 9, lines 58-67 – Col 10, lines 1-3], (42) In an embodiment, login token manager 230 tracks the login tokens at client 110 using login token watch list 235. In a further embodiment, login token manager 230 uses login token watch list 235 to determine the expiration of web service sessions and login tokens….login token watch list 235 is a file, for example, in text data format, stored at client 110….login tokens stored at client 110 and used by browser 115 to authenticate the user with a particular web service, including, for example, web service 145).
and when the type of actions corresponds to non-logged in activity (Bridge: [Col 7, lines 53-56], (34) Browser 115 requests a login page from web service 145 if the user has not previously been authenticated for web service 145 (e.g., if this is the first time the user is logging into web service 145), requesting permission from the device of the user to authenticate the user to the network resource (Bridge: [Col 4, lines 63-65], The user's login credentials are submitted by the browser to the web service in order to authenticate the user at the web service. [Col 7, lines 65-67] – [Col 8, lines 1-3], Upon receiving the login page from web service 145, browser 115 can display the login page in a content area of browser 115. The displayed login page may include a login form with one or more login fields. The user at browser 115 may then enter login credentials into the login fields using a user input device).
A person having ordinary skill in the art, before the effective filling data of the invention would have found it obvious to modify ONG in view of Holfelder and Hoen by applying the well-known teaching as disclosed by Bridge of authentication user using tokens. The motivation is to prevent fraudulent user in order to gain access to the user’s web service account by phishing scams involving web site forgeries with forged login pages used to fraudulently acquire sensitive information from users (Brideg: [Col 1, lines 1-6]).
Regarding claim 2, ONG in view of Holfelder, Hoen and Bridge teaches:
The method of claim 1 (see rejection of claim 1 above),
wherein the authentication of the user to the network resource comprises authenticating a BCookie for network resource based on a BCookie for the secure account (Bridge: [Col 5, lines 9-16], Such tokens can be any type of data file or set of data objects that can be stored at the user's computing device. An example of a token includes, but is not limited to, a web or browser cookie (= Bcookies). (20) The login token, in particular, is a data file that is used by the browser to authenticate the user each time the user attempts to use the web service. [Col 5, lines 28-39], (21) The user is permitted access to the web service and its features without having to submit login credentials via the login page as long as the login token (and the session) have not expired. However, once the login token expires, the user's browser will delete it from the user's computer and the login credentials will have to be resubmitted once again to authenticate the user. Embodiments enable tracking login tokens associated with various web services used by the user and automatically submitting, without user intervention, login credentials to the appropriate web service upon the expiration of a session/login token, thereby renewing the web service session and login token)
A person having ordinary skill in the art, before the effective filling data of the invention would have found it obvious to modify ONG in view of Holfelder and Hoen by applying the well-known teaching as disclosed by Bridge of authentication user using tokens. The motivation is to prevent fraudulent user in order to gain access to the user’s web service account by phishing scams involving web site forgeries with forged login pages used to fraudulently acquire sensitive information from users (Brideg: [Col 1, lines 1-6]).
Regarding claim 3, ONG in view of Holfelder, Hoen and Bridge teaches:
The method of claim 1 (see rejection of claim 1 above),
receiving approval from the user to authenticate the network resource (Bridge: [Col 17, lines 5-17], (77) Once the user has been authenticated by submitting the relevant login credentials to the web service and the user has accepted the option to stay logged in to the web service (step 316 of method 300), then the login credentials can be submitted automatically, without the user's intervention, to the web service. As described above, the login credentials are submitted as a background operation or process, in which the actual submission is transparent to the user. Thus, each time a session and login token of the web service expires, the login credentials are automatically submitted to the web service in order to renew or refresh the login token and the session of the web service) and authenticating a BCookie for the network resource (Bridge: Examiner interpreting login token as Bcookies because a browser cookie is commonly used to authenticate users and manage sessions for network resources, cited in paragraph [Col 5, lines 9-12], Such tokens (can be any type of data file or set of data objects that can be stored at the user's computing device. An example of a token includes, but is not limited to, a web or browser cookie. [Col 5, lines 14-16], (20) The login token (=Bcookies), in particular, is a data file that is used by the browser to authenticate the user each time the user attempts to use the web service)
A person having ordinary skill in the art, before the effective filling data of the invention would have found it obvious to modify ONG in view of Holfelder and Hoen by applying the well-known teaching as disclosed by Bridge of authentication user using tokens. The motivation is to prevent fraudulent user in order to gain access to the user’s web service account by phishing scams involving web site forgeries with forged login pages used to fraudulently acquire sensitive information from users (Brideg: [Col 1, lines 1-6]).
Regarding claim 4, ONG in view of Holfelder, Hoen, and Bridge teaches:
The method of claim 1 (see rejection of claim 1 above),
wherein the non-logged in activity comprises a login to a secure account (Bridge: [Col 6, lines 59-61], (29) The login fields may be used by the user to enter login information, such as, for example, login credentials (e.g., username and password). [Col 7, lines 53-56], (34) Browser 115 requests a login page from web service 145 if the user has not previously been authenticated for web service 145 (e.g., if this is the first time the user is logging into web service 145)).
and an explicit logout to the secure account (Bridge: [Col 12, lines 51-58], the user may have either voluntarily or involuntarily “logged out” of the web service, in which case the user is no longer authenticated at the web service and the current session of web service is completed. For example, the user may be involuntarily logged out (=explicitly logout) by web service 145 if the user's account (or login credentials) associated with web service 145 has expired and thus, the user's login credentials can no longer be used to authenticate the user at web service 145.
A person having ordinary skill in the art, before the effective filling data of the invention would have found it obvious to modify ONG in view of Holfelder and Hoen by applying the well-known teaching as disclosed by Bridge of login to into the web service and once token expired, user will be logged out by the web service. The motivation is to prevent fraudulent user in order to gain access to the user’s web service account by phishing scams involving web site forgeries with forged login pages used to fraudulently acquire sensitive information from users (Brideg: [Col 1, lines 1-6]).
Regarding claim 11, ONG in view of Holfelder, Hoen and Bridge teaches:
The method of claim 1 (see rejection of claim 1 above),
wherein said browser session of the user is a current browser session (Bridge: [Col 5, lines 23-27], A session of a web service can correspond to any period of time in which the user is authenticated and thus, permitted access to features and services offered by the web service. Login tokens generally persist on the user's computing device until they expire. [Col 5, lines 28-31], (21) The user is permitted access to the web service and its features without having to submit login credentials via the login page as long as the login token (and the session) have not expired. [Col 5, lines 34-39], Embodiments enable tracking login tokens associated with various web services used by the user and automatically submitting, without user intervention, login credentials to the appropriate web service upon the expiration of a session/login token, thereby renewing the web service session and login token).
A person having ordinary skill in the art, before the effective filling data of the invention would have found it obvious to modify ONG in view of Holfelder by applying the well-known teaching as disclosed by Bridge of determining if session is expired using session token. The motivation is to prevent fraudulent user in order to gain access to the user’s web service account by phishing scams involving web site forgeries with forged login pages used to fraudulently acquire sensitive information from users (Brideg: [Col 1, lines 1-6]).
Regarding claim 15, this claim contains limitations found within that of claim 1 and the same rationale of rejection is used where applicable.
Regarding claim 16, this claim contains limitations found within that of claim 2 and the same rationale of rejection is used where applicable.
Regarding claim 17, this claim contains limitations found within that of claim 4 and the same rationale of rejection is used where applicable.
Regarding claim 20, this claim contains limitations found within that of claim 1 and 15, and the same rationale of rejection is used where applicable.
Claim(s) 6 is rejected under 35 U.S.C. 103 as being unpatentable over ONG (U. S. PGPub. No. 2012/0246553 A1) (hereinafter “ONG”) in view of Holfelder et al. (U. S. Pat. No. 8,578,036 B1) (hereinafter “Holfelder”) and Hoen, IV et al. (U. S. PGPub. No. 2015/0186993 A1) (hereinafter “Hoen”) and Bridge et al (U. S. Pat. No. 9,231,935 B1) (hereinafter “Bridge”); and in further view of Dunjic et al. (U. S. Pat. No. 11,108,762 B2) (hereinafter “Dunjic”);
Regarding claim 6, ONG in view of Holfelder, Hoen and Bridge teaches:
The method of claim 1 (see rejection of claim 1 above),
The ONG in view of Holfelder, Hoen and Bridge does not explicitly disclose:
receiving, over the network by the computing device, from the device of the user executing the browser application, a request for a different network resource;
and analyzing, by the computing device, the request for the different network resource, to determine whether the requested different network resource wherein the type of network resource is a high-security resource that requires a login to access its content.
receiving, over the network by the computing device, from the device of the user executing the browser application, a request for a different network resource(Dunjic: [Col 13, lines 4-6], . A client application may make an API request to a resource server to effect a transfer of data between two or more different accounts (different network resouces);
and analyzing, by the computing device, the request for the different network resource, to determine whether the requested different network resource is a high-security resource that requires a login to access its content (Dunjic (11,108,762 B2): [Col 4, lines 24-28], the client application 102 may have a credential that must be authenticated for the client application 102 to be granted permission to access the protected resource 140. The client application 102 has an identifier uniquely identifying the client application 102. [Col 5, lines 1-8], (35) The login web service 134 provides authentication verification. Specifically, the login web service 134 may authenticate a user of the electronic device 100 based on verifying user and/or client credentials received from the electronic device 100. The login web service 134 may enforce multi-factor authentication policies (if the user has not already been authenticated), and may maintain a record of authenticated users).
A person having ordinary skill in the art, before the effective filing date of the invention, would have found it obvious to modify ONG in view of Holfelder, Hoen and Bridge by applying the well-known technique as disclosed by Dunjic of enforcing multi-factor authentication in order to authenticating and authorizing user for accessing a protected resource. The motivation is to preserving the anonymity of sensitive account information that may be appropriated by a malicious attacker (Dunjic: [Col 3, lines 54-56]).
Claim(s) 7-8, 12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over ONG (U. S. PGPub. No. 2012/0246553 A1) (hereinafter “ONG”) in view of Holfelder et al. (U. S. Pat. No. 8,578,036 B1) (hereinafter “Holfelder”) and Hoen, IV et al. (U. S. PGPub. No. 2015/0186993 A1) (hereinafter “Hoen”) and Bridge et al (U. S. Pat. No. 9,231,935 B1) (hereinafter “Bridge”); and in further view of Dunjic et al. (U. S. Pat. No. 11,108,762 B2) (hereinafter “Dunjic”); Venkatakrishnan et al (U. S. PGPub. No. 2017/0316400 A1) (hereinafter “Venkatakrishnan”) and Miller et al (U.S. PGPub. No. 2021/0006630 A1) (hereinafter “Miller”).
Regarding claim 7, ONG in view of Holfelder, Hoen and Bridge teaches:
The method of claim 6 (see rejection of claim 6 above),
ONG in view of Holfelder, Hoen and Bridge does not explicitly disclose:
determining, in response to a determination that the requested different network resource is a high-security resource that requires a login to access its content, a type of the browser session, the type of browser session being based on information related to the user device, wherein such that,
However, in an analogous art, Dunjic teaches:
determining, in response to a determination that the requested different network resource is a high-security resource that requires a login to access its content (Dunjic: [Col 5, lines 1-8], (35) the login web service 134 may authenticate a user of the electronic device 100 based on verifying user and/or client credentials received from the electronic device 100. The login web service 134 may enforce multi-factor authentication policies (if the user has not already been authenticated), and may maintain a record of authenticated users),
A person having ordinary skill in the art, before the effective filing date of the invention, would have found it obvious to modify ONG in view of Holfelder, Hoen and Bridge by applying the well-known technique as disclosed by Dunjic of enforcing multi-factor authentication in order to authenticating and authorizing user for accessing a protected resource. The motivation is to preserving the anonymity of sensitive account information that may be appropriated by a malicious attacker (Dunjic: [Col 3, lines 54-56]).
ONG in view of Holfelder, Hoen and Bridge, Dunjic does not explicitly disclose:
Determining a type of the browser session, the type of browser session being based on information related to the user device, wherein, when the type of browser session is a private session or shared session
However, in an analogous art, Miller, teaches:
Determining a type of the browser session, the type of browser session being based on information related to the user device, wherein, when the type of browser session is a private session or shared session (Miller: [0049], provides for determining if devices or browsers appears on the IP address of a private network such as that of a person’s home wired/wireless network or mobile hotspot they are more likely to be owned or operated by the same individual (=private) and determining whether devices appear public network such as if devices or browsers appear on the IP address of a public network such as coffee shop or library then they are not owned or operated by the same or single individual (=shared)).
A person having ordinary skill in the art, before the effective filing date of the invention, would have found it obvious to modify ONG in view of Holfelder, Hoen and Bridge, Dunjic by applying the well-known technique as disclosed by Miller of determining the type of browser session. The motivation is to delivering Internet content and advertising (Miller: [0001])
ONG in view of Holfelder, Hoen, Bridge, Dunjic and Miller does not explicitly disclose:
modifying a login page of the different network resource by automatically checking a stay signed-in box by default based on type of browser session is private session, modifying and communicating the login page by adding a private login option if type of browser session is shared session,
However, in an analogous art, Venkatakrishnan teaches:
modifying a login page of the different network resource by automatically checking a stay signed-in box by default based on type of browser session is private session (Venkatakrishnan: [0037] provides for opt into a “one touch” feature provided by payment service provider. if user want to be remembered by payment service provider and to opt in for faster payment then user can select the selectable option (Sign-in box) which allow the user to compete transaction using the payment service provider without requesting login credentials). In the example illustrated in FIG. 5, the user has opted to be remembered by the payment service provider),
modifying and communicating the login page by adding a private login option if type of browser session is shared session (Venkatakrishnan: [0037] provides for login page displayed on webpage executing on the user device to point the payment provider server. Webpage is a login page including prompt that request the user to enter her user credentials into login webpage for authentication purpose).
A person having ordinary skill in the art, before the effective filing date of the invention, would have found it obvious to modify ONG in view of Holfelder, Hoen, Bridge, Dunjic and Miller by applying the well-known technique as disclosed by Venkatakrishnan of requesting user to login into merchant’s application. The motivation is to securely access a merchant application (Venkatakrishnan: [0019]).
Regarding claim 8, ONG in view of Holfelder, Hoen, Bridge, Dunjic, Miller and Venkatakrishnan system teaches:
The method of claim 7 (see rejection of claim 7 above),
However, Venkatakrishnan teaches:
wherein the login page is modified to remove the stay signed-in box such that a login via the modified login page is treated as if the stay signed-in box is checked (Venkatakrishnan: [0037], provides by selecting the selectable option, the user may opt into a "one touch" feature provided by the payment service provider, which allows the user to request from a merchant application that a transaction be completed using the payment service provider once and authenticating the user without requesting her user credentials (without showing user a login page to enter credentials which implies to removing “stay-signed-in box”).
A person having ordinary skill in the art, before the effective filing date of the invention, would have found it obvious to modify ONG in view of Holfelder, Hoen, Bridge, Dunjic, Miller by applying the well-known technique as disclosed by Venkatakrishnan of one touch feature which allows the user to access merchant application to complete the transaction. The motivation is to securely access a merchant application (Venkatakrishnan: [0019]).
Claim(s) 1-4, 9, 11, 15, 16, 17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over ONG (U. S. PGPub. No. 2012/0246553 A1) (hereinafter “ONG”) in view of Holfelder et al. (U. S. Pat. No. 8,578,036 B1) (hereinafter “Holfelder”) and Hoen, IV et al. (U. S. PGPub. No. 2015/0186993 A1) (hereinafter “Hoen”); in view of Bridge et al (U. S. Pat. No. 9,231,935 B1) (hereinafter “Bridge”), and further in view of Venkatakrishnan et al (U. S. PGPub. No. 2017/0316400 A1) (hereinafter “Venkatakrishnan”)
Regarding claim 12, ONG in view of Holfelder, Hoen, Bridge teaches:
The method of claim 1 (see rejection of claim 1 above),
ONG in view of Holfelder, Hoen, Bridge does not explicitly teach:
requesting, over the network, third party digital content based at least on information related to the browser session;
receiving, over the network, the third-party digital content;
and communicating, over the network, the third-party digital content to the user for display on a page of the network resource during the browser session.
However, in an analogous art, Venkatakrishnan teaches:
requesting, over the network, third party digital content based at least on information related to the browser session (Venkatakrishnan: [0045], provides for requests by the user to complete a transaction using the payment service provider (=third party content));
receiving, over the network, the third-party digital content (Venkatakrishnan: [0062], provides for receiving checkout information and renders the appropriate checkout information on a display of user device).
and communicating, over the network, the third-party digital content to the user for display on a page of the network resource during the browser session (Venkatakrishnan: [0062], provides for receiving checkout information and renders the appropriate checkout information on a display of user device).
A person having ordinary skill in the art, before the effective filing date of the invention, would have found it obvious to modify ONG in view of Holfelder, Hoen, Bridge by applying the well-known technique as disclosed by Venkatakrishnan of secure communication with third party and accessing data content of the third party. The motivation is to securely access a merchant application (Venkatakrishnan: [0019]).
Regarding claim 18, this claim contains limitations found within that of claims 6 and 7 and the same rationale of rejection is used where applicable.
Claim(s) 10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over ONG (U. S. PGPub. No. 2012/0246553 A1) (hereinafter “ONG”) in view of Holfelder et al. (U. S. Pat. No. 8,578,036 B1) (hereinafter “Holfelder”) and Hoen, IV et al. (U. S. PGPub. No. 2015/0186993 A1) (hereinafter “Hoen”) and Bridge et al (U. S. Pat. No. 9,231,935 B1) (hereinafter “Bridge”); and further in view of Giglio et al (U.S. PGPub. No. 2018/0316656 A1).
Regarding claim 10, ONG in view of Holfelder, Hoen, Bridge teaches:
The method of claim 1 (see rejection of claim 1 above),
wherein said tracking comprises storing BCookies for visited network resources to the user profile (Bridge: [Col 5, lines 11-12], An example of a token includes, but is not limited to, a web or browser cookie. [Col 5, lines 34-39], Embodiments enable tracking login tokens associated with various web services used by the user and automatically submitting, without user intervention, login credentials to the appropriate web service upon the expiration of a session/login token, thereby renewing the web service session and login token);
ONG in view of Holfelder, Hoen, Bridge fails to teach:
determining, based at least in part on analysis of the user activity log, that the user does not have an account with a service provider that provides the network resource;
identifying network information related to the user and the user device and creating a user profile based on the network information, the user profile corresponding to a virtual ID for the user, wherein when the user is detected on the network, the virtual ID is retrieved and used to track the user's network activity,
Giglio, in similar field of endeavor teach:
determining, based at least in part on analysis of the user activity log, that the user does not have an account with a service provider that provides the network resource (Giglio: [0035], provides for detecting the user interaction inputting the user identifier, the client device and application can provide the user identifier) that the user does not have an account with a service provider that provides the network resource; [0039] determine that the received user identifier is not associated with preexisting account of merchant system).
identifying network information related to the user and the user device (Giglio: [0036], provides for identification system to determine user identifier associated with previous account).
and creating a user profile based on the network information, the user profile corresponding to a virtual ID for the user, wherein when the user is detected on the network, the virtual ID is retrieved and used to track the user's network activity, (Giglio: [0036] query the database to determine the user identifier (virtual ID) is associated with a preexisting account of the merchant system or not. [0039], provides the identification system to create the provisional account within the database of the merchant system).
A person having ordinary skill in the art, before the effective filing date of the invention, would have found it obvious to modify ONG in view of Holfelder, Hoen, Bridge by applying the well-known technique as disclosed by determining if user have a preexisting account of the merchant system or not and if user does not have a preexisting account, then create provisional account of that user. The motivation is to avoid at least some of the friction associated with conventional purchase processes of software products (Giglio: [0005]) and to provide a merchant system for providing software products to a user in a streamlined process that defers the need for users to create a full user account (e.g., setting a password) prior to making a purchase (Giglio: [0015]).
Regarding claim 19, the claim contains limitation found within that of claim 10, and same rationale of rejection is used where applicable.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Warrick et al. (U. S. PGPub. No. 2014/0344890 A1): A captive portal system includes a login database, a web server, and a name server. The name server receives a DNS request from a user device, queries the login database to determine whether the user device is logged in, and responds to the DNS request with the IP address of the web server as a resolved IP address of the specified domain name when the user device is not logged in. The web server accepts a connection request from the user device to the IP address of the web server, receives an HTTP request specifying a non-local target URL from the user device, queries the login database to determine whether the user device is logged in according to the source address of the user device, and acts as a transparent proxy between the user device and the non-local target URL when the user device is logged in.
Khalil et al. (U. S. Pat. No. 9,537,661 B2): A device may receive an authentication request generated based on a request to access a service. The authentication request may include a user identifier. The device may identify a mobile device associated with the user identifier. The device may authenticate the mobile device, and may generate an access notification based on authenticating the mobile device. The access notification may include information relating to the request to access the service. The device may provide the access notification to the mobile device, and may receive an access response from the mobile device. The access response may indicate whether to permit access to the service. The device may cause access to the service to be permitted when the access response indicates to permit access to the service, or may cause access to the service to be denied when the access response indicates to deny access to the service.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RUPALI DHAKAD whose telephone number is (571)270-3743. The examiner can normally be reached M-F 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at 5712705143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/R.D./Examiner, Art Unit 2437
/ALI S ABYANEH/Primary Examiner, Art Unit 2437
Prosecution Insights