DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
No information disclosure statement(s) (IDS) was filed before the mailing date of this office action. Accordingly, no information disclosure statement is being considered by the examiner.
Response to Arguments
Applicant’s arguments, see Remarks, filed 09/25/2025, with respect to the rejection(s) of independent claims 1, 7 and 8 under 35 USC § 103, and under 35 USC § 112 have been fully considered but are not persuasive.
On page 10/14 of the Remarks, the Applicant argues “a memory is indeed sufficient structure”, arguing the interpretation of claim 1 under 35 USC 112(f). The Examiner respectfully disagrees with the Applicant’s argument. As the Applicant indicated in the argument, Applicant’s claim 1 recites a memory that stores the claimed modules (JavaScript detection module, JavaScript restriction module and JavaScript enablement module), which implies the modules themselves are “source codes” (software). The Examiner re-asserts that the modules are coupled with functional language without reciting (comprising) sufficient structure themselves to perform the respective recited functions, and are not preceded by a structural modifier. The memory is recited in the claim to store the modules. However, the modules themselves do not recite any specific hardware that perform the claimed limitations. Thus, the Examiner did not find the Applicant’s argument persuasive, and the claim limitations are being interpreted under 35 U.S.C. 112(f).
With regards to the 112(b) rejection of claim 1 for being indefinite, the Examiner reasserts that the Specification indicates that each module of the claimed modules can be implemented as either hardware or software, as pointed out by the Examiner in the most recent final office action. Paragraph [0024] of the Specification discloses the modules can be implemented in source code stored in non-transitory memory executed by a processor, or alternatively, the modules can be implemented in hardware with microcode. Thus, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph. The Examiner recommends to amend the claim so that each module is implemented in hardware with microcode, as taught in paragraph [0024] of the Specification.
On page 12/14 of the Remarks, with regards to the rejection of claim 1 under 35 U.S.C. 112(a), the Applicant argues “one of ordinary skill in the art will clearly understand how a network device controlling an Internet gateway can restrict communication from clients, as the communication is simply not forwarded”, arguing the lack of written description rejection. The Examiner re-asserts that there is not sufficient written disclosure of information or algorithm to perform the claimed limitations, and the content in the Specification is a repetition of the claim language without providing sufficient information. The Applicant’s argument of “one of ordinary skill in the art will clearly understand …” is not persuasive.
On page 13/14 of the Remarks, the Applicant argues the combination of references Talmor, Rosenthal, Merrill and Raley fails to teach or disclose the limitations as recited in claim 1. The Examiner asserts that the combination of references Talmor, Rosenthal and Merrill still teaches the limitations of amended claims 1 and 7-8, as indicated in the current Office Action. Applicant contends that claim 1’s recitations “involve protection local clients from local Man-in-the-Browser attacks and detects outbound issues”, however said recitations are directly recited within claim 1. Instead, claim 1’s preamble recites an intended use of the “network device” by reciting “… for detecting an remediating local web browser Man-in-the-Browser (MITB) security breaches”, which does not patentability distinguish the “network device” from at least the teachings of Talmor, as cited below. Therefore, the Examiner did not find the Applicant’s argument persuasive.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) are: “a JavaScript detection module”, “a JavaScript restriction module” and “a JavaScript enablement module” in claim 1.
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. Paragraph [0024] of the current Application discloses “The modules can be implemented in source code stored in non-transitory memory executed by a processor. Alternatively, the modules can be implemented in hardware with microcode.”, which is a clear indication that the modules could be implemented as software, and there is no mention of “a java enablement module” in the current Application’s Specification.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-2, 5-6 and 7-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claims 1 and 7-8 recite the limitation "the remote web page" in lines 36-37, 28 and 29, respectively. There is insufficient antecedent basis for the "the remote web page” in the claims.
Claims 2 and 5 recite the limitation "the confidential web page" in lines 3-4 and 1-2, respectively. There is insufficient antecedent basis for the "the confidential web page” in the claims.
Claim 6 recites the limitation "a second confidential web page" in line 2. There is insufficient antecedent basis for the "a second confidential web page” since it implies there was “a first confidential web page” prior to the claimed "a second confidential web page” in the claim.
Claim 8 recites the limitation "the plurality of clients," in line 11. There is insufficient antecedent basis for the "the plurality of clients," in the claim.
Claim limitation (claim 1) “a JavaScript detection module to detect a request for a … web page …; a JavaScript restriction module to … restrict subsequent communication; a JavaScript enablement module … to send an alert message to a process;” invokes 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. Paragraph [0024] of the Specification discloses the modules can be implemented in source code stored in non-transitory memory executed by a processor, or alternatively, the modules can be implemented in hardware with microcode. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph;
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-2 and 5-6 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 1 recites the limitation “a network interface communicatively coupled to the processor and to the enterprise network and to a wide area network (WAN)”, and Paragraph [0039] of the current Applicant’s Specification (hereinafter “the Specification”) discloses “The I/O port 640 further comprises a user interface 642 and a network interface 644. The user interface 642 can output to a display device and receive input from, for example, a keyboard. The network interface 644 (e.g., an RF antennae) connects to a medium such as Ethernet or Wi-Fi for data input and output.”. The Examiner asserts that there is not sufficient information or algorithm to perform the claimed limitation, restrict subsequent communication from the specific network device, except repeating the claim language in the specification. The Examiner has considered the teachings in paragraph [0043] of the Specification where a user accesses a system in the World Wide Web (WWW) through a network such as the internet. The Examiner asserts that claimed “WAN” in the claim would not be supported by the disclosure of the Internet, as the “WAN” may refer to networks that exclude the Internet. The Examiner recommends to amend the claim to recite “Internet”, or a similar supported network, instead of “WAN” to overcome this rejection under 35 U.S.C. 112(a).
Claims 1-2 and 5-6 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 1 recites the limitation “a JavaScript restriction module to, … restrict subsequent communication from the specific network device”, and Paragraph [0031], (and Fig. 5 step 520), of the current Applicant’s Specification (hereinafter “the Specification”) discloses “At step 520, a JavaScript restriction module, responsive to detecting that JavaScript has been disabled, restricts subsequent communication by the network device.”. The Examiner asserts that there is not sufficient information or algorithm to perform the claimed limitation, restrict subsequent communication from the specific network device, except repeating the claim language in the specification. Claim 1 also recites the limitations “detect a request for a confidential web page on a specific network device” and “send an alert message to a process of the specific network device”. However, the Specification in paragraph [0030] discloses “At step 410, a request for a confidential web page is detected by an access point, gateway, or other firewall device.”, and in paragraph [0031] discloses “At step 530, an alert is sent for JavaScript to be enabled, either manually by a user of a station or automatically by a process on the station.”. The Examiner asserts that the teachings in the Specification are just repetitions of the claim language, and thus there is not sufficient information or algorithm provided as to how to perform the claimed limitations.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2 and 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over USPAT No. 10721269 B1 to Talmor et al. (hereinafter “Talmor”), US-PGPUB No. 2014/0129860 A1 to Rosenthal, and further in view of US-PGPUB No. 2008/0175377 A1 to Merrill
Regarding claim 1:
Talmor discloses:
A network device (col 3, line 7: “… a network traffic management device 110 …”, see Fig. 2) on an enterprise network (see Fig. 1, LAN 104) that connects with a plurality of clients (see Fig. 1, Client Devices 106) over a Wi-Fi network (see Fig. 1, Network 108, col.3, lines 54-57: “… network 108 may include local area networks (LANs), … and other types and numbers of network types.”), […], the network device comprising:
a processor (see Fig. 2, device Processor 200);
a network interface (see Fig. 2, Network Interface 204) communicatively coupled to the processor (see Fig. 2, device Processor 200 coupled to Network Interface 204) and to the enterprise network (see Fig. 1, LAN 104 coupled to Device 110 which incorporates Network Interface 204) and to a wide area network (WAN) (see Fig. 1, Network 108, and col 3, lines 54-55: “network 108 may include … wide area networks (WANs), …”), wherein the plurality of clients locally execute JavaScript (col 8, lines 12-13: “… requesting client devices 106 process the challenges (e.g., JavaScript)”); and
a memory (see Fig. 2, Device Memory 218), communicatively coupled to the processor (see Fig. 2, Device Memory 218 coupled to Device Processor 200) and storing modules executable by the processor (see Fig. 2, Device Memory 218 storing Security Module 210), the memory comprising:
a JavaScript detection module (see Fig. 1, Security Module 210) to detect an outgoing request for a web page (col 7, line 9: “client requests destined for particular servers,”) from the enterprise network by a specific client of the plurality of clients (see Fig. 3, block 300, Receive Request for Server, col 10, lines 54-55: “… device 110 may receive a request for access to the server 102 from a client device such as the client device 106 …”, see Fig. 3, step 300), and in response, transmit an HTML code snippet downstream (see Fig. 3, Return Request to Client Device with Java Script, step 308) to a browser running on the specific client (col 3, lines 35-36: “… client devices 106 run Web browsers …”) to determine whether JavaScript is enabled or disabled locally at the specific client (see Fig. 3, decision block 310, “YES” branch (JavaScript enabled), “NO” branch (JavaScript not enabled));
a JavaScript restriction module (see Fig. 1, Security Module 210) to, responsive to detecting that JavaScript has been locally disabled at the specific client (see Fig. 3, decision block 310, the “NO” branch (JavaScript not enabled, JavaScript Disabled), see also col 8, lines 56-62: “Many client devices that may perform attacks, such as denial of service or brute force attacks, may not be capable of processing the JavaScript in the request and therefore will not send a response to the network device 110. Thus, client devices that … have JavaScript disabled … may not be served by the application server 102.”), restrict subsequent local communication from the specific client (col 11, lines 8-10: “If no response is received, the network traffic management device 110 ends the routine without requesting access to the server 102 (312).”, see Fig. 3, step 312, END),
wherein the JavaScript restriction module, responsive to detecting that JavaScript has been locally disabled (see Fig. 3, decision block 310, “NO” branch (JavaScript not enabled)), requires enabling of JavaScript to continue to the remote web page (col 11, lines 8-10: “If no response is received, the network traffic management device 110 ends the routine without requesting access to the server 102 (312).”), and responsive to detecting that JavaScript has not been disabled, allowing the request for the (col 11, lines 6-8: “If the response is received, the network traffic management device 110 may send the request to the server 102 (306).”, see Fig. 3, step 306, Send Request to Server); and
a JavaScript enablement module (col 6, lines 40-42: “… implementing security module 210 to perform one or more portions of the processes illustrated in FIGS. 3-4 for protecting servers …”) […]
[wherein the JavaScript enablement module] receives an indication that JavaScript has been enabled at the specific client (col 11, lines 37-50: “… the network traffic management device 110 selects a JavaScript challenge code (408).… The execution of the challenge results in a cookie being included in a response to the network traffic management device 110. The response with the cookie is received by the network traffic management device 110 (412) (implies the JavaScript challenge code was executed by the specific network device which indicates JavaScript is enabled on the specific network device).”), and in response, transmits the remote web page to the browser running on the specific client (col 11, lines 54-59: “Once the response is received, the network traffic management device 110 may compare the data in the cookie … with the expected results of the computational challenge to determine if the result is correct (414). If the result is correct, the request is sent to the server 102.”).
However, Talmor does not explicitly disclose the following limitation taught by Rosenthal:
[a JavaScript enablement module] […] to send an alert message (Rosenthal, ¶10: “In response to a trigger, the apparatus also causes the shared worker application to send a signal to the operating system comprising wake up instructions,”) to the specific client (Rosenthal, see Fig. 3, Mobile Device 10), the message requesting automatic enablement of JavaScript (Rosenthal, ¶68: “if the deciphering of the wake up instructions determines that the signal from the shared worker application instructed a partial system wake up, the apparatus 20 embodied by the computing device 10 may also be configured to cause a partial system wake up. … a partial system wake up may include enabling JavaScript …”), prior to allowing access to the remote web page (Rosenthal, ¶67: “… The web page or web application may utilize one or more JavaScript applications. … both the web page or web application and the corresponding JavaScript will be enabled, and will thus, execute normally.”),
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Talmor to incorporate the functionality of the shared worker application of to send a signal to the operating system comprising wake up instructions to automatically enable JavaScript, as disclosed by Rosenthal, such modification would allow the system to enable JavaScript to provide access to some legitimate visitors that may simply have disabled the execution of client-side scripts on their browsers.
The combination of Talmor and Rosenthal does not explicitly disclose the following limitation taught by Merrill:
[…] for detecting and remediating local web browser Man-in-the Browser (MITB) security breaches (Merrill, ¶74: “… detect man-in-the-browser attacks and deny fraudulently manipulated transactions.”)
wherein a MITB browser extension is executing on the browser in an attempt to compromise data of the browser (Merrill, ¶74: “… The rogue browser extension changes transaction information in an attempt to re-route funds to an unauthorized third party. … detect man-in-the-browser attacks and deny fraudulently manipulated transactions.”),
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Talmor and Rosenthal to incorporate the functionality of the method to implement a browser plug-in to append a digital signature for a submitted transaction to verify the integrity of the transaction, as disclosed by Merrill, into the security module of Talmor, such modification would allow the system (the security module of Talmor) to detect man-in-the-browser attacks from rogue browser extensions and implement proper mitigation actions.
Regarding claim 2:
The combination of Talmor, Rosenthal and Merrill discloses:
The network device of claim 1, further comprising wherein JavaScript is transmitted to the browser of the specific network device based on the confidential web page (Talmor, ¶31: “Challenge insertion could be turned on and off for specific server resources, such as … particular URIs … automatically …”).
Regarding claim 7:
Claim 7 substantially recites the same limitations as claim 1 in the form of a method implementing the corresponding functionalities, therefore it is rejected by the same rationale.
Regarding claim 8:
Talmor discloses:
A non-transitory computer-readable media (col 6, lines 27-29: “Device memory 218 comprises computer readable media, namely computer readable or processor readable storage media …”) in a network device (col 3, line 7: “… a network traffic management device 110 …”, see Fig. 2) on an enterprise network (see Fig. 1, LAN 104) that connects with a plurality of stations (see Fig. 1, client devices 106) over a Wi-Fi network (see Fig. 1, Network 108, col.3, line 44-col.4, line 7) for sensitive data transfers (col 7, line 9: “client requests destined for particular servers,”, col 4, lines 3-6: “… the network 108 … data may travel between client devices 106, Web application servers 102 and network traffic management device 110, …”), when executed by a processor (see Fig. 2, device Processor 200), performs a method (see the method of Fig. 3) […], the method comprising the steps of:
In addition to the above limitations, claim 8 substantially recites the same limitations as claim 1 in the form of a non-transitory computer-readable media for an artificial intelligence model-based data delivery for low battery stations co-existing with high-bandwidth stations within the plurality of stations, therefore it is rejected by the same rationale.
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Talmor, Rosenthal, Merrill, and further in view of US-PGPUB No. 2002/0108050 A1 to Raley et al. (hereinafter “Raley”)
Regarding claim 5:
The combination of Talmor, Rosenthal and Merrill discloses the network device of claim 1, but does not explicitly disclose the following limitation taught by Raley discloses:
wherein the confidential web page comprises a log in page (Raley, ¶80-83: “… client computer 230 … requests document 222 from distributor server 220 … distributor server 220 then informs client computer 230 that document 222 is protected and client computer 230 needs to have security module 237 to render document 222 … transaction aggregator 160 requests and collects various user information …The method of FIG. 11 permits a user to log on to a new Web site to initiate a transaction.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Talmor, Rosenthal and Merrill to incorporate the capability of the server to store web pages having a plurality of protected documents, and the functionality of the management module to prohibit access to the protected documents when the UI module is not installed, or limit access to only documents specified as being freely distributable, as disclosed by Raley, into the security module of Talmor, such modification would allow the system (the security module of Talmor) to control the distribution of electronic documents over the Web.
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Talmor, Rosenthal, Merrill, and further in view of USPAT No. 8613089 B1 to Holloway et al. (hereinafter “Holloway”)
Regarding claim 6:
The combination of Talmor, Rosenthal and Merrill discloses the network device of claim 1, but does not explicitly disclose the following limitation taught by Holloway:
wherein a second request (Holloway, col 25, line 10: “… a subsequent request …”) for a second confidential web page is detected, and bypassing JavaScript enablement checks, within a predetermined period of time (Holloway, col 25, lines 10-15: “If a subsequent request is received at the proxy server prior to the time expiring, then the same challenge will be presented to the visitor without testing whether the answer was correct. After the time period of the cache (5860 milliseconds) has expired, the proxy server begins to accept answers to the challenge.”, see Fig. 11, client-side script 1110).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Talmor, Rosenthal and Merrill to incorporate the functionality of the proxy server to receive a request that includes a client-side script code, and cache the request for a predetermined number of milliseconds based on a number of specified milliseconds in the code, as disclosed by Holloway, such modification would allow the system to avoid frequent computation of challenges during each request, thus improving efficiency of the system .
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHIAS HABTEGEORGIS whose telephone number is (571)272-1916. The examiner can normally be reached M-F 8am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William R. Korzuch can be reached on (571)272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.H./Examiner, Art Unit 2491
/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491