Prosecution Insights
Last updated: July 17, 2026
Application No. 17/405,828

AUTOMATED HARDENING OF SENSITIVE TRANSACTIONS

Final Rejection §103
Filed
Aug 18, 2021
Priority
Mar 23, 2021 — IN 202141012341
Examiner
MAHMOUDI, RODMAN ALEXANDER
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
McAfee LLC
OA Round
6 (Final)
80%
Grant Probability
Favorable
7-8
OA Rounds
0m
Est. Remaining
96%
With Interview

Examiner Intelligence

Grants 80% — above average
80%
Career Allowance Rate
197 granted / 247 resolved
+21.8% vs TC avg
Strong +17% interview lift
Without
With
+16.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
18 currently pending
Career history
269
Total Applications
across all art units

Statute-Specific Performance

§101
2.5%
-37.5% vs TC avg
§103
81.6%
+41.6% vs TC avg
§102
1.9%
-38.1% vs TC avg
§112
5.7%
-34.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 247 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendments This communication is in response to the amendments filed on 5 February 2026: Claims 1, 20 and 39 are amended. Claims 15-19, 21-34, 37 and 41-62 are canceled. Claims 1-14, 20, 35-36 and 38-40 are pending. Response to Arguments In response to Applicant’s remarks filed on 5 February 2026: a. Applicant’s arguments that the cited references, taken alone or together, do not appear to disclose contextually increasing security for a first tab of a web browser without altering security for a second tab has been fully considered but is deemed not-persuasive. Applicant’s attention is directed to Ashley, Column 1, Lines 32 – 38, see “To give some privacy protection to the user and to provide enhanced management, some browsers have introduced the concept of compartmentalization. FIG. 1 illustrates prior art compartmentalization where a single person has a work persona, a social persona and a shopping persona. Each persona may have separate cookies, bookmarks, search history, search engine utilization, tracker, tabs and plug-ins”. Applicant’s attention is further directed to Ashley, Column 1, Lines 39 – 49, see “One example is Firefox®, which through its multi-account container extension, allows a user to create different tabs in their Firefox® browser for different aspects of their life, e.g. personal, work, banking, shopping and so on. The Firefox® extension separates its website storage into these tab-specific containers, e.g. so that tracking cookies downloaded by one container are not available to other containers. This compartmentalization makes management of online transactions more convenient for the user and makes it more difficult for data brokers to track users across these containers”, which is analogous to contextually increasing a sensitivity level for a first tab of the web browser without altering security for a second tab of the web browser, due to implementing tab-specific containers, ultimately increasing the sensitivity level for a first tab (e.g., banking) without altering security for a second tab (e.g., social). Also, Ashley discloses multiple tabs which provide different browser-based online transactions that have different context defined by contextual factors different from the contextual factors of other tabs (e.g., tracking cookies are separate for each container). Applicant’s attention is further directed to Ashley, Column 3, Lines 61 – 67 and Column 4, Lines 1 – 10, see “A key privacy concept is the use of digital personas for compartmentalization or grouping of service interactions. Rather than a user performing all service interactions with the one identity, the user will create multiple digital personas and use them for different purposes. Each persona has its own unique identity attributes that may include…virtual private network (VPN) configuration…Each persona should be used for a limited and specific purpose”, which is analogous to an increased security measure for a first tab of the web browser selected from tunneling the tab’s content through a virtual private network (VPN), due to the digital personas (e.g., different tabs on a web browser) having different identity attributes based on the purpose of the tab. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Ranalli et al. (U.S. PGPub 2014/0129447), hereinafter Ranalli, in view of Dixon et al. (U.S. PGPub. 2006/0253458), hereinafter Dixon, in further view of Ashley et al. (U.S. Patent 11,860,984), hereinafter Ashley. Regarding claim 1, Ranalli teaches A computing apparatus, comprising: a hardware platform comprising a processor and a memory (Ranalli, FIG. 8, which comprises a hardware platform comprising a processor and a memory); and instructions encoded within the memory to (Ranalli, Paragraph [0080], see “…The drives and the associated computer-readable storage media provide nonvolatile storage of computer-readable instructions…”): identify a first browser-based online transaction (Ranalli, Paragraph [0033], see “The system handles new users via an automated user registration process…when a new user first clicks an action button, the system can prompt the user to create and fund an account…The system can remember the account credential as valid for the duration of the user’s browser session…”, which is being read as identifying a first browser-based online transaction), comprising a user filling in a web form in a first tab of a web browser (Ranalli, Paragraph [0018], see “…the system can operate without asking a user to register any personal identity information or by only asking for some minimal amount of personal identity information…”) (Ranalli, Paragraph [0033], see “…New users are directed to a secure portal where registration takes less than 60 seconds to complete…”, which comprises filling in a “web form” of some sort in a first tab of a web browser); according to a plurality of contextual factors, determine that the first browser- based online transaction is a sensitive transaction (Ranalli, Paragraph [0025], see “…When a user clicks a purchase button embedded by a merchant in a web-page, e-mail, PDF or mobile-application, for example, the purchase button triggers an HTTPS request from the user’s browser to a secure transaction node to approve or deny the purchase…”, which is being read as determining that the first browser-based online transaction is a sensitive transaction according to a plurality of contextual factors (purchase button triggering the HTTPS request)), Ranalli does not teach the following limitation(s) as taught by Dixon: wherein the plurality of contextual factors include a reputation for a domain name associated with the first browser-based online transaction (Dixon, Paragraph [0097], see “…The reputation service host may, for example, monitor an address or URL entered into an address bar of a browser application associated with the client 102, and, after the user has entered the address, the reputation service host 112 may provide an alert to the user that the Website that the user is about to interact with has a reputation for downloading spyware, malware, or other unwanted content…The client may be presented with a warning…”, where “URLs” are analogous to being associated with the domain name and where the plurality of contextual factors include a reputation for a domain name associated with the transaction (i.e., URL entered into an address bar of a browser application)). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, by implementing techniques comprising of the plurality of contextual factors including a reputation for a domain name associated with the online transaction, disclosed of Dixon. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of the plurality of contextual factors including a reputation for a domain name associated with the online transaction. This allows for better security management by evaluating each domain name or URL associated with the domain name with a reputation service in order to dictate which URL/domain names are sensitive and/or secure. Dixon is deemed as analogous art due to the art disclosing techniques of the plurality of contextual factors including a reputation for a domain name associated with the online transaction (Dixon, Paragraph [0097]). Ranalli as modified by Dixon do not teach the following limitation(s) as taught by Ashley according to the determination, contextually increase a sensitivity level for the first tab of the web browser without altering sensitivity for a second tab of the web browser, wherein increasing the sensitivity level comprises implementing at least one increased security measure for the first tab of the web browser selected from tunneling the tab’s content through a virtual private network (VPN), enabling a secure domain name resolution protocol, sandboxing the tab, or providing a graphical warning to the user, and wherein the second tab provides a second browser-based online transaction that has a context defined by contextual factors different from the contextual factors for the first browser-based online transaction and has not been determined to be a sensitive transaction (Ashley, Column 1, Lines 32 – 38, see “To give some privacy protection to the user and to provide enhanced management, some browsers have introduced the concept of compartmentalization. FIG. 1 illustrates prior art compartmentalization where a single person has a work persona, a social persona and a shopping persona. Each persona may have separate cookies, bookmarks, search history, search engine utilization, tracker, tabs and plug-ins”) (Ashley, Column 1, Lines 39 – 49, see “One example is Firefox®, which through its multi-account container extension, allows a user to create different tabs in their Firefox® browser for different aspects of their life, e.g. personal, work, banking, shopping and so on. The Firefox® extension separates its website storage into these tab-specific containers, e.g. so that tracking cookies downloaded by one container are not available to other containers. This compartmentalization makes management of online transactions more convenient for the user and makes it more difficult for data brokers to track users across these containers”, which is analogous to contextually increasing a sensitivity level for a first tab of the web browser without altering security for a second tab of the web browser, due to implementing tab-specific containers, ultimately increasing the sensitivity level for a first tab (e.g., banking) without altering security for a second tab (e.g., social). Also, Ashley discloses multiple tabs which provide different browser-based online transactions that have different context defined by contextual factors different from the contextual factors of other tabs (e.g., tracking cookies are separate for each container)) (Ashley, Column 3, Lines 61 – 67 and Column 4, Lines 1 – 10, see “A key privacy concept is the use of digital personas for compartmentalization or grouping of service interactions. Rather than a user performing all service interactions with the one identity, the user will create multiple digital personas and use them for different purposes. Each persona has its own unique identity attributes that may include…virtual private network (VPN) configuration…Each persona should be used for a limited and specific purpose”, which is analogous to an increased security measure for a first tab of the web browser selected from tunneling the tab’s content through a virtual private network (VPN), due to the digital personas (e.g., different tabs on a web browser) having different identity attributes based on the purpose of the tab). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, and techniques disclosed of Dixon, by implementing techniques comprising of contextually increasing a sensitivity level for a first tab of the web browser without altering security for a second tab of the web browser, wherein the increased sensitivity level for the first tab includes tunneling the tab through a VPN, and wherein the second tab provides a second browser-based online transaction, disclosed of Ashley. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of contextually increasing a sensitivity level for a first tab of the web browser without altering security for a second tab of the web browser, wherein the increased sensitivity level for the first tab includes tunneling the tab through a VPN, and wherein the second tab provides a second browser-based online transaction. This allows for better security management and a more user-friendly environment by increasing the sensitivity for a high-risk tab while keeping the settings for a low-risk one untouched without disrupting a user’s workflow. Ashley is deemed as analogous art due to the art disclosing techniques of contextually increasing a sensitivity level for a first tab of the web browser without altering security for a second tab of the web browser, wherein the second tab provides a second browser-based online transaction (Ashley, Column 1, Lines 32 – 49). Claims 2, 4, 6-7 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Ranalli, in view of Dixon, in further view of Ashley, in further view of Shahidzadeh et al. (U.S. Patent 10,572,874), hereinafter Shahid. Regarding claim 2, Ranalli as modified by Dixon and further modified by Ashley do not teach the following limitation(s) as taught by Shahid: The computing apparatus of claim 1, wherein the sensitivity level is selected from a set of discrete sensitivity levels (Shahid, Column 11, Lines 35 – 39, see “The authorization token depends on the desired policy of the transaction that can have a discrete identifier for the associated required level of assurance and a plurality of predetermined Contextual Factors set by the policy orchestrator”, where “discrete identifier for the associated required level of assurance” is being read as the sensitivity level (required level of assurance) is selected from a set of discrete sensitivity levels (i.e., selecting the discrete identifier for the associated required level of assurance)). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon, and techniques disclosed of Ashley, by implementing techniques of the sensitivity level being selected from a set of discrete sensitivity levels, disclosed of Shahid. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of the sensitivity level being selected from a set of discrete sensitivity levels. This allows for better precision and control for selecting sensitivity levels for each tab in order to eliminate subjective guesswork when it comes to specific tab security. Shahid is deemed as analogous art due to the art disclosing techniques of the sensitivity level being selected from a set of discrete sensitivity levels (Shahid, Column 11, Lines 35 – 39). Regarding claim 4, Ranalli as modified by Dixon and further modified by Ashley do not teach the following limitation(s) as taught by Shahid: The computing apparatus of claim 1, wherein one of the plurality of contextual factors is a task type (Shahid, Column 9, Lines 33 – 44, see “…The desired level of assurance (LOA) of each associated transaction or session, for example at login or individually within a login session may vary and hence require real time response as a function of the associated LOA required for each transaction or each level of access within the session. For example, a login session for an online banking service (a typical example of an RP) may require not only a credential-based trust model (e.g., simple user name and password) for general login and looking at balance history but may need a dynamic transaction-based model where additional factor(s) are required to transact a transfer or payment”, where “transact a transfer or payment” is being read as comprising a task type). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon, and techniques disclosed of Ashley, by implementing techniques of one of the plurality of contextual factors being a task type, disclosed of Shahid. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of one of the plurality of contextual factors being a task type. This allows for better security management and a better framework for associating specific tasks with respective sensitivity levels. Shahid is deemed as analogous art due to the art disclosing techniques of one of the plurality of contextual factors being a task type (Shahid, Column 9, Lines 33 – 44). Regarding claim 6, Ranalli as modified by Dixon and further modified by Ashley do not teach the following limitation(s) as taught by Shahid: The computing apparatus of claim 1, wherein one of the plurality of contextual factors is a network on which the first online transaction occurs (Shahid, Column 8, Lines 16 – 25, see “Contextual Identifiers (or Contextual Factors): may be part of the verification process and may include the following multifactors used singularly or in different combinations: location, biometrics, user habits, user locations, spatial, body embedded devices, smart tattoos, dashboard of user’s car, user’s television (TV), user’s home security digital fingerprint, Domain Name System (DNS), Virtual Private Network (VPN), and the like”, where “VPN” is being read as comprising a network on which the online transaction occurs). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon, and techniques disclosed of Ashley, by implementing techniques of the plurality of contextual factors being a network on which the first online transaction occurs, disclosed of Shahid. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of the plurality of contextual factors being a network on which the first online transaction occurs. This allows for better security management and a better framework for associating specific networks with respective sensitivity levels. Shahid is deemed as analogous art due to the art disclosing techniques of the plurality of contextual factors being a network on which the first online transaction occurs (Shahid, Column 8, Lines 16 – 25). Regarding claim 7, Ranalli as modified by Dixon and further modified by Ashley do not teach the following limitation(s) as taught by Shahid: The computing apparatus of claim 1, wherein one of the plurality of contextual factors is a device context (Shahid, Column 8, Lines 16 – 25, see “Contextual Identifiers (or Contextual Factors): may be part of the verification process and may include the following multifactors used singularly or in different combinations: location, biometrics, user habits, user locations, spatial, body embedded devices, smart tattoos, dashboard of user’s car, user’s television (TV), user’s home security digital fingerprint, Domain Name System (DNS), Virtual Private Network (VPN), and the like”, where “body embedded devices” is being read as comprising device context). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon, and techniques disclosed of Ashley, by implementing techniques of one of the plurality of contextual factors being a device context, disclosed of Shahid. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of one of the plurality of contextual factors being a device context. This allows for better security management and a better framework for associating specific devices with respective sensitivity levels. By combining device context with other contextual factors, the system can deliver a more intelligent and efficient sensitivity level for the specific device. Shahid is deemed as analogous art due to the art disclosing techniques of one of the plurality of contextual factors being a device context (Shahid, Column 8, Lines 16 – 25). Regarding claim 10, Ranalli as modified by Dixon and further modified by Ashley do not teach the following limitation(s) as taught by Shahid: The computing apparatus of claim 1, wherein contextually increasing security comprises adding one or more layers of authentication (Shahid, Column 9, Lines 33 – 44, see “…The desired level of assurance (LOA) of each associated transaction or session, for example at login or individually within a login session may vary and hence require real time response as a function of the associated LOA required for each transaction or each level of access within the session. For example, a login session for an online banking service (a typical example of an RP) may require not only a credential-based trust model (e.g., simple user name and password) for general login and looking at balance history but may need a dynamic transaction-based model where additional factor(s) are required to transact a transfer or payment”, where “may need a dynamic transaction-based model where additional factor(s) are required to transact a transfer or payment” is being read as contextually increasing security (i.e., higher level of assurance) comprises adding one or more layers of authentication). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon, and techniques disclosed of Ashley, by implementing techniques of contextually increasing security comprises adding one or more layers of authentication, disclosed of Shahid. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of contextually increasing security comprises adding one or more layers of authentication. This allows for better security management by creating a defense-in-depth strategy that protects against breaches whilst enhancing user experience. Shahid is deemed as analogous art due to the art disclosing techniques of contextually increasing security comprises adding one or more layers of authentication (Shahid, Column 9, Lines 33 – 44). Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Ranalli, in view of Dixon, in further view of Ashley, in further view of Lothman et al. (U.S. PGPub. 2022/0301044), hereinafter Lothman. Regarding claim 3, Ranalli as modified by Dixon and further modified by Ashley do not teach the following limitation(s) as taught by Lothman: The computing apparatus of claim 1, wherein one of the plurality of contextual factors is a user profile (Lothman, Paragraph [0105], see “…The request interpretation component 602 can further infer if there are any relevant features associated with a new booking request based on the user defined required criteria, the user’s profile data, the user rental history, and other contextual factors associated with the receive request…”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon and techniques disclosed of Ashley, by implementing techniques of one of the plurality of contextual factors being a user profile, disclosed of Lothman. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of one of the plurality of contextual factors being a user profile. This allows for better security management by evaluating the users’ profile to implement respective security measures on the user’s transaction. If the user is not-trusted, the evaluation can result in implementing additional security factors into their transaction. Lothman is deemed as analogous art due to the art disclosing techniques of one of the plurality of contextual factors being a user profile (Lothman, Paragraph [0105]). Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Ranalli, in view of Dixon, in further view of Ashley, in further view of Martin et al. (U.S. Patent 9,794,293), hereinafter Martin. Regarding claim 5, Ranalli as modified by Dixon and further modified by Ashley do not teach the following limitation(s) as taught by Martin: The computing apparatus of claim 1, wherein one of the plurality of contextual factors is an online service associated with the first online transaction (Martin, Column 2, Lines 63 – 65, see “the threat level is determined based on a level of sensitivity of files/services that are accessed by a data/transaction”, where “level of sensitivity of files/services that are accessed by a data/transaction” is analogous to a factor comprising a service associated with the transaction). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon and techniques disclosed of Ashley, by implementing techniques of one of the plurality of contextual factors being an online service associated with the online transaction, disclosed of Martin. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of one of the plurality of contextual factors being an online service associated with the online transaction. This allows for better security management by evaluating the online service associated with the online transaction in order to implement the respective security measures based on the online service providing the transaction. If the online service is not-trusted, the evaluation can result in implementing additional security factors for the transaction. Martin is deemed as analogous art due to the art disclosing techniques of one of the plurality of contextual factors being an online service associated with the online transaction (Martin, Column 2, Lines 63 – 65). Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Ranalli, in view of Dixon, in further view of Ashley, in further view of Shahidzadeh et al. (U.S. Patent 11,455,641), hereinafter Shahid #2. Regarding claim 8, Ranalli as modified by Dixon and further modified by Ashley do not teach the following limitation(s) as taught by Shahid #2: The computing apparatus of claim 1, wherein one of the plurality of contextual factors is a browser context (Shahid #2, Abstract, see “…Method for calculating individual transaction risk based on contextual factors such as user behavior, device, browser and the network traffic and request for authentication by account owner…”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon, and techniques disclosed of Ashley, by implementing techniques of one of the pluralities of contextual factors being a browser context, disclosed of Shahid #2. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of one of the plurality of contextual factors being a browser context. This allows for better security management by evaluating the browser context associated with the transaction in order to implement respective security measures based on the browser. If the browser is not-trusted, the evaluation can result in implementing additional security factors for the transaction. Shahid #2 is deemed as analogous art due to the art disclosing techniques of one of the plurality of contextual factors being a browser context (Shahid #2, Abstract). Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Ranalli, in view of Dixon, in further view of Ashley, in further view of Nitsan, in further view of Schultz (U.S. PGPub. 2021/0127257). Regarding claim 9, Ranalli as modified by Dixon and further modified by Ashley do not teach the following limitation(s) as taught by Schultz: The computing apparatus of claim 1, wherein contextually increasing security comprises disabling a key logger or screen grabber (Schultz, Claim 6, see “…wherein controlling the one or more client devices further comprises…enabling and disabling a key and screen logger application”, where “controlling the one or more client devices” is analogous to increasing security for the client device, which comprises disabling a key and screen logger). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon and techniques disclosed of Ashley, by implementing techniques of contextually increasing security comprises disabling a key logger or screen grabber, disclosed of Schultz. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of contextually increasing security comprises disabling a key logger or screen grabber. This allows for better security management since disabling a key logger could prevent unauthorized entities from capturing a user’s credentials during a login. Schultz is deemed as analogous art due to the art disclosing techniques of contextually increasing security comprises disabling a key logger or screen grabber (Schultz, Claim 6). Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Ranalli, in view of Dixon, in further view of Ashley, in further view of ILINCIC et al. (U.S. PGPub. 2021/0256111), hereinafter Ilincic. Regarding claim 11, Ranalli as modified by Dixon and further modified by Ashley do not teach the following limitation(s) as taught by Ilincic: The computing apparatus of claim 1, wherein contextually increasing security comprises auto-filling or clearing at least one field of a web form that calls for personally-identifiable information (Ilincic, Paragraph [0027], see “…The password manager application 114 can interface with a browser on the first user device 102, the browser extension 108 on the first user device 102, and/or the server 106 to achieve secure login features such as automatically filling in information, without the user having to enter it, such as web forms, personal data, personal identification numbers (PINs), access codes, usernames and passwords”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon and techniques disclosed of Ashley, by implementing techniques wherein contextually increasing security comprises auto-filling or clearing at least one field of a web form that calls for personally-identifiable information, disclosed of Ilincic. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising wherein contextually increasing security comprises auto-filling or clearing at least one field of a web form that calls for personally-identifiable information. This allows for better security management by automatically filling a field of a web form that calls for personally-identifiable information, instead of having the user type in their personally-identifiable information in cases where an unauthorized entity implemented a key logger on the user’s end. Ilincic is deemed as analogous art due to the art disclosing techniques wherein contextually increasing security comprises auto-filling or clearing at least one field of a web form that calls for personally-identifiable information (Ilincic, Paragraph [0027]). Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Ranalli, in view of Dixon, in further view of Ashley, in further view of Ilincic, in further view of Naderi (U.S. PGPub. 2012/0054593). Regarding claim 12, Ranalli as modified by Dixon and further modified by Ashley and Ilincic do not teach the following limitation(s) as taught by Naderi: The computing apparatus of claim 11, wherein the at least one field is a non-mandatory field (Naderi, Paragraph [0045], see “In step 208 the user may receive a form wizard setup dialog allowing the user to select optional fields that may be filled by the form wizard”, which is analogous to auto-filling at least one non-mandatory field (optional)). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon, techniques disclosed of Ashley and techniques disclosed of Ilincic, by implementing techniques of the at least one field being a non-mandatory field, disclosed of Naderi. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of the at least one field being a non-mandatory field. This allows for a more user-friendly environment by allowing the system to automatically fill and/or clear a non-mandatory field in a web form for the user’s behalf. Naderi is deemed as analogous art due to the art disclosing techniques of the at least one field being a non-mandatory field (Naderi, Paragraph [0045]). Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Ranalli, in view of Dixon, in further view of Ashley, in further view of Brown et al. (U.S. PGPub. 2016/0226897), hereinafter Brown. Regarding claim 13, Ranalli as modified by Dixon and further modified by Ashley do not teach the following limitation(s) as taught by Brown: The computing apparatus of claim 1, wherein contextually increasing security comprises hardening a web browser environment (Brown, Claim 14, see “…launching a hardened virtual web browser, wherein the hardened web browser is different from a previous web browser previously executing; and accessing the original web page via the hardened web browser”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon and techniques disclosed of Ashley, by implementing techniques wherein contextually increasing security comprises hardening a web browser environment, disclosed of Brown. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising wherein contextually increasing security comprises hardening a web browser environment. This allows for better security management by hardening a web browser environment to prevent information from being exposed, which ultimately enhances its security and privacy. Brown is deemed as analogous art due to the art disclosing techniques wherein contextually increasing security comprises hardening a web browser environment (Brown, Claim 14). Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Ranalli, in view of Dixon, in further view of Ashley, in further view of Bazzinotti et al. (U.S. Patent 7,444,415), hereinafter Bazzinotti. Regarding claim 14, Ranalli as modified by Dixon and further modified by Ashley do not teach the following limitation(s) as taught by Bazzinotti: The computing apparatus of claim 1, wherein contextually increasing security comprises enabling a VPN tunnel (Bazzinotti, Column 3, Lines 39 – 42, see “…The two-layers of authentication increase security enabling the VPN device to keep the tunnel to the network open while maintaining security against unauthorized users”, which is analogous to increasing security comprises enabling a VPN tunnel). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Dixon, and techniques disclosed of Ashley, by implementing techniques wherein contextually increasing security comprises enabling a VPN tunnel, disclosed of Bazzinotti. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising wherein contextually increasing security comprises enabling a VPN tunnel. This allows for better security management by enabling a VPN tunnel to prevent information from being exposed, which ultimately enhances the transactions security and privacy. Bazzinotti is deemed as analogous art due to the art disclosing techniques wherein contextually increasing security comprises enabling a VPN tunnel (Bazzinotti, Column 3, Lines 39 – 42). Claims 20 and 39-40 are rejected under 35 U.S.C. 103 as being unpatentable over Ranalli, in view of Shahid, in further view of Ashley. Regarding claim 20, Ranalli teaches One or more tangible, nontransitory computer-readable storage media having stored thereon executable instructions to (Ranalli, Paragraph [0085]): identify a first browser-based online transaction within a first tab of a web browser for an end-user device (Ranalli, Paragraph [0033], see “The system handles new users via an automated user registration process…when a new user first clicks an action button, the system can prompt the user to create and fund an account…The system can remember the account credential as valid for the duration of the user’s browser session…”, which is being read as identifying a first browser-based online transaction), wherein the first online transaction comprises a user filling in a web form (Ranalli, Paragraph [0018], see “…the system can operate without asking a user to register any personal identity information or by only asking for some minimal amount of personal identity information…”) (Ranalli, Paragraph [0033], see “…New users are directed to a secure portal where registration takes less than 60 seconds to complete…”, which comprises filling in a “web form” of some sort in a first tab of a web browser); based on the plurality of contextual factors, determine that the first browser-based online transaction is a sensitive transaction (Ranalli, Paragraph [0025], see “…When a user clicks a purchase button embedded by a merchant in a web-page, e-mail, PDF or mobile-application, for example, the purchase button triggers an HTTPS request from the user’s browser to a secure transaction node to approve or deny the purchase…”, which is being read as determining that the first browser-based online transaction is a sensitive transaction according to a plurality of contextual factors (HTTPS request)); Ranalli does not teach the following limitation(s) as taught by Shahid: compute or receive a plurality of contextual factors associated with the first tab (Shahid, Column 6, Lines 15 – 18, see “…a means for authenticating at the LOA Server an entity up to a predetermined LOA using a plurality of contextual factors to be provided on demand from the LOA Provider device…”, which is being read as receiving a plurality of contextual factors associated with the online transaction) (Shahid, Column 8, Lines 16 – 25, see “Contextual Identifiers (or Contextual Factors): may be part of the verification process and may include the following multifactors used singularly or in different combinations: location, biometrics, user habits, user locations, spatial, body embedded devices, smart tattoos, dashboard of user’s car, user’s television (TV), user’s home security digital fingerprint, Domain Name System (DNS), Virtual Private Network (VPN), and the like”, where “body embedded devices” is being read as comprising device context). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, by implementing techniques of computing or receiving a plurality of contextual factors associated with a first tab, disclosed of Shahid. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of computing or receiving a plurality of contextual factors associated with a first tab. This allows for better security management and an improved user experience by understanding the context of a specific tab in order to provide the necessary security and personalized assistance for the user. Shahid is deemed as analogous art due to the art disclosing techniques of computing or receiving a plurality of contextual factors associated with a first tab (Shahid, Column 6, Lines 15 – 18). Ranalli as modified by Shahid do not teach the following limitation(s) as taught by Ashley: according to the determination, specifically increase a sensitivity level for the first tab without altering sensitivity for a second tab of the web browser, wherein increasing the sensitivity level comprises implementing at least one increased security measure for the first tab of the web browser selected from tunneling the tab’s content through a virtual private network (VPN), enabling a secure domain name resolution protocol, sandboxing the tab, or providing a graphical warning to the user, and wherein the second tab provides a second browser-based online transaction that has a context defined by contextual factors different from the contextual factors for the first tab (Ashley, Column 1, Lines 32 – 38, see “To give some privacy protection to the user and to provide enhanced management, some browsers have introduced the concept of compartmentalization. FIG. 1 illustrates prior art compartmentalization where a single person has a work persona, a social persona and a shopping persona. Each persona may have separate cookies, bookmarks, search history, search engine utilization, tracker, tabs and plug-ins”) (Ashley, Column 1, Lines 39 – 49, see “One example is Firefox®, which through its multi-account container extension, allows a user to create different tabs in their Firefox® browser for different aspects of their life, e.g. personal, work, banking, shopping and so on. The Firefox® extension separates its website storage into these tab-specific containers, e.g. so that tracking cookies downloaded by one container are not available to other containers. This compartmentalization makes management of online transactions more convenient for the user and makes it more difficult for data brokers to track users across these containers”, which is analogous to contextually increasing a sensitivity level for a first tab of the web browser without altering security for a second tab of the web browser, due to implementing tab-specific containers, ultimately increasing the sensitivity level for a first tab (e.g., banking) without altering security for a second tab (e.g., social). Also, Ashley discloses multiple tabs which provide different browser-based online transactions that have different context defined by contextual factors different from the contextual factors of other tabs (e.g., tracking cookies are separate for each container)) (Ashley, Column 3, Lines 61 – 67 and Column 4, Lines 1 – 10, see “A key privacy concept is the use of digital personas for compartmentalization or grouping of service interactions. Rather than a user performing all service interactions with the one identity, the user will create multiple digital personas and use them for different purposes. Each persona has its own unique identity attributes that may include…virtual private network (VPN) configuration…Each persona should be used for a limited and specific purpose”, which is analogous to an increased security measure for a first tab of the web browser selected from tunneling the tab’s content through a virtual private network (VPN), due to the digital personas (e.g., different tabs on a web browser) having different identity attributes based on the purpose of the tab). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, and techniques disclosed of Shahid, by implementing techniques comprising of specifically increasing a sensitivity level for a first tab of the web browser without altering sensitivity for a second tab of the web browser, wherein the second tab provides a second browser-based online transaction, disclosed of Ashley. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of specifically increasing a sensitivity level for a first tab of the web browser without altering sensitivity for a second tab of the web browser. This allows for better security management and a more user-friendly environment by increasing the sensitivity for a high-risk tab while keeping the settings for a low-risk one untouched without disrupting a user’s workflow. Ashley is deemed as analogous art due to the art disclosing techniques of contextually increasing a sensitivity level for a first tab of the web browser without altering security for a second tab of the web browser, wherein the second tab provides a second browser-based online transaction (Ashley, Column 1, Lines 32 – 49). Regarding claim 39, Ranalli teaches A method of providing holistic transaction security on an end-user device, comprising: identifying, on the end-user device, a browser-based online transaction (Ranalli, Paragraph [0033], see “The system handles new users via an automated user registration process…when a new user first clicks an action button, the system can prompt the user to create and fund an account…The system can remember the account credential as valid for the duration of the user’s browser session…”, which is being read as identifying a first browser-based online transaction) comprising a user filling in a web form within a first tab of a web browser (Ranalli, Paragraph [0018], see “…the system can operate without asking a user to register any personal identity information or by only asking for some minimal amount of personal identity information…”) (Ranalli, Paragraph [0033], see “…New users are directed to a secure portal where registration takes less than 60 seconds to complete…”, which comprises filling in a “web form” of some sort in a first tab of a web browser); determining, based on the plurality of contextual factors, that the browser-based online transaction is a sensitive transaction (Ranalli, Paragraph [0025], see “…When a user clicks a purchase button embedded by a merchant in a web-page, e-mail, PDF or mobile-application, for example, the purchase button triggers an HTTPS request from the user’s browser to a secure transaction node to approve or deny the purchase…”, which is being read as determining that the first browser-based online transaction is a sensitive transaction according to a plurality of contextual factors (HTTPS request)); Ranalli does not teach the following limitation(s) as taught by Shahid: computing or receiving a plurality of contextual factors associated with the first tab (Shahid, Column 6, Lines 15 – 18, see “…a means for authenticating at the LOA Server an entity up to a predetermined LOA using a plurality of contextual factors to be provided on demand from the LOA Provider device…”, which is being read as receiving a plurality of contextual factors associated with the online transaction) (Shahid, Column 8, Lines 16 – 25, see “Contextual Identifiers (or Contextual Factors): may be part of the verification process and may include the following multifactors used singularly or in different combinations: location, biometrics, user habits, user locations, spatial, body embedded devices, smart tattoos, dashboard of user’s car, user’s television (TV), user’s home security digital fingerprint, Domain Name System (DNS), Virtual Private Network (VPN), and the like”, where “body embedded devices” is being read as comprising device context). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, by implementing techniques of computing or receiving a plurality of contextual factors associated with a first tab, disclosed of Shahid. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of computing or receiving a plurality of contextual factors associated with a first tab. This allows for better security management and an improved user experience by understanding the context of a specific tab in order to provide the necessary security and personalized assistance for the user. Shahid is deemed as analogous art due to the art disclosing techniques of computing or receiving a plurality of contextual factors associated with a first tab (Shahid, Column 6, Lines 15 – 18). Ranalli as modified by Shahid do not teach the following limitation(s) as taught by Ashley: according to the determination, specifically increasing a sensitivity level for the first tab without altering sensitivity for a second tab that provides a second browser-based online transaction, wherein increasing the sensitivity level comprises implementing at least one increased security measure for the first tab of the web browser selected from tunneling the tab’s content through a virtual private network (VPN), enabling a secure domain name resolution protocol, sandboxing the tab, or providing a graphical warning to the user, and wherein the second tab has a context defined by contextual factors different from the first tab (Ashley, Column 1, Lines 32 – 38, see “To give some privacy protection to the user and to provide enhanced management, some browsers have introduced the concept of compartmentalization. FIG. 1 illustrates prior art compartmentalization where a single person has a work persona, a social persona and a shopping persona. Each persona may have separate cookies, bookmarks, search history, search engine utilization, tracker, tabs and plug-ins”) (Ashley, Column 1, Lines 39 – 49, see “One example is Firefox®, which through its multi-account container extension, allows a user to create different tabs in their Firefox® browser for different aspects of their life, e.g. personal, work, banking, shopping and so on. The Firefox® extension separates its website storage into these tab-specific containers, e.g. so that tracking cookies downloaded by one container are not available to other containers. This compartmentalization makes management of online transactions more convenient for the user and makes it more difficult for data brokers to track users across these containers”, which is analogous to contextually increasing a sensitivity level for a first tab of the web browser without altering security for a second tab of the web browser, due to implementing tab-specific containers, ultimately increasing the sensitivity level for a first tab (e.g., banking) without altering security for a second tab (e.g., social). Also, Ashley discloses multiple tabs which provide different browser-based online transactions that have different context defined by contextual factors different from the contextual factors of other tabs (e.g., tracking cookies are separate for each container)) (Ashley, Column 3, Lines 61 – 67 and Column 4, Lines 1 – 10, see “A key privacy concept is the use of digital personas for compartmentalization or grouping of service interactions. Rather than a user performing all service interactions with the one identity, the user will create multiple digital personas and use them for different purposes. Each persona has its own unique identity attributes that may include…virtual private network (VPN) configuration…Each persona should be used for a limited and specific purpose”, which is analogous to an increased security measure for a first tab of the web browser selected from tunneling the tab’s content through a virtual private network (VPN), due to the digital personas (e.g., different tabs on a web browser) having different identity attributes based on the purpose of the tab). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, and techniques disclosed of Shahid, by implementing techniques comprising of specifically increasing a sensitivity level for a first tab of the web browser without altering sensitivity for a second tab of the web browser, wherein the second tab provides a second browser-based online transaction, disclosed of Ashley. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of specifically increasing a sensitivity level for a first tab of the web browser without altering sensitivity for a second tab of the web browser. This allows for better security management and a more user-friendly environment by increasing the sensitivity for a high-risk tab while keeping the settings for a low-risk one untouched without disrupting a user’s workflow. Ashley is deemed as analogous art due to the art disclosing techniques of contextually increasing a sensitivity level for a first tab of the web browser without altering security for a second tab of the web browser, wherein the second tab provides a second browser-based online transaction (Ashley, Column 1, Lines 32 – 49). Regarding claim 40, Ranalli as further modified by Ashley do not teach the following limitation(s) as taught by Shahid: The method of claim 39, wherein the sensitivity level is selected from a set of discrete sensitivity levels (Shahid, Column 11, Lines 35 – 39, see “The authorization token depends on the desired policy of the transaction that can have a discrete identifier for the associated required level of assurance and a plurality of predetermined Contextual Factors set by the policy orchestrator”, where “discrete identifier for the associated required level of assurance” is being read as the sensitivity level (required level of assurance) is selected from a set of discrete sensitivity levels (i.e., selecting the discrete identifier for the associated required level of assurance)). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, and techniques disclosed of Ashley, by implementing techniques of the sensitivity level being selected from a set of discrete sensitivity levels, disclosed of Shahid. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising of the sensitivity level being selected from a set of discrete sensitivity levels. This allows for better precision and control for selecting sensitivity levels for each tab in order to eliminate subjective guesswork when it comes to specific tab security. Shahid is deemed as analogous art due to the art disclosing techniques of the sensitivity level being selected from a set of discrete sensitivity levels (Shahid, Column 11, Lines 35 – 39). Claim 35 is rejected under 35 U.S.C. 103 as being unpatentable over Ranalli, in view of Shahid, in further view of Ashley, in further view of Petry et al. (U.S. PGPub. 2020/0228561), hereinafter Petry. Regarding claim 35, Ranalli as modified by Shahid and further modified by Ashley do not teach the following limitation(s) as taught by Petry: The one or more tangible, nontransitory computer-readable media of claim 20, wherein contextually increasing security comprises handling the first online transaction via a remote cloud-based browser (Petry, Paragraph [0152], see “…a cloud browser may operate as a standalone browser and/or within a dedicated cloud browsing environment…a cloud browser may transparently push and/or publish data to a user device, and may be implicitly triggered based on actions performed on a user device and/or by a third-party employing a cloud browser to deliver and/or inoculate content delivered to a user device”, where “content” is analogous to comprising an online transaction, wherein contextually increasing security comprises handling the content via a remote cloud-based browser). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Shahid and techniques disclosed of Ashley, by implementing techniques wherein contextually increasing security comprises handling the online transaction via a remote cloud-based browser, disclosed of Petry. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising wherein contextually increasing security comprises handling the online transaction via a remote cloud-based browser. This allows for better security management by allowing the online transaction to be handled by a remote cloud-based browser, which ultimately improves data security and protection against malicious code on the browser. Petry is deemed as analogous art due to the art disclosing techniques wherein contextually increasing security comprises handling the online transaction via a remote cloud-based browser (Petry, Paragraph [0152]). Claims 36 and 38 are rejected under 35 U.S.C. 103 as being unpatentable over Ranalli, in view of Shahid, in further view of Ashley, in further view of BAUGHMAN et al. (U.S. PGPub. 2018/0077120), hereinafter Baughman. Regarding claim 36, Ranalli as modified by Shahid and further modified by Ashley do not teach the following limitation(s) as taught by Baughman: The one or more tangible, nontransitory computer-readable media of claim 20, wherein determining the sensitivity level comprises querying a cloud reputation service for a category of a URL associated with the first online transaction (Baughman, FIG. 4, which illustrates a virtualized/cloud computing environment comprising the evaluation/reputation service) (Baughman, Paragraph [0082], see “…a search operation is performed using a reputation database, such as, for example by using a local database 1023a or remotely located database 1023b, to identify, collect, and/or acquire reputation data of the domain…The reputation data may be reputation data in relation to the domain name itself, URLs associated with the domain name…The reputation data may include ratings for various categories, such as email practices, website content, privacy policies and practices, fraudulent activities, domain name related complains, overall reputation, etc.”, where “The reputation data may include ratings for various categories” is analogous to querying a reputation service for a category of a URL (i.e., included in the reputation data) associated with the transaction) (Baughman, Paragraph [0085], see “…a reputation score may be calculated according to the assigned values for generating a response or answer to the trustworthy query…”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Shahid and techniques disclosed of Ashley, by implementing techniques wherein determining the sensitivity level comprising querying a cloud reputation service for a category of a URL associated with the online transaction, disclosed of Baughman. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising wherein determining the sensitivity level comprising querying a cloud reputation service for a category of a URL associated with the online transaction. This allows for better security management by having the method query a cloud reputation service for a category of a URL associated with the online transaction, where the reputation is inherently being recorded in a database for future transactions in order to prevent the same malicious intents from reoccurring. Baughman is deemed as analogous art due to the art disclosing techniques wherein determining the sensitivity level comprising querying a cloud reputation service for a category of a URL associated with the online transaction (Baughman, Paragraph [0082]). Regarding claim 38, Ranalli as modified by Shahid and further modified by Ashley do not teach the following limitation(s) as taught by Baughman: The one or more tangible, nontransitory computer-readable media of claim 20, wherein determining the sensitivity level comprises querying a cloud reputation service for a reputation of at least one of a URL, a browser extension, an application, a merchant, or a public network (Baughman, FIG. 4, which illustrates a virtualized/cloud computing environment comprising the evaluation/reputation service) (Baughman, Paragraph [0082], see “…a search operation is performed using a reputation database, such as, for example by using a local database 1023a or remotely located database 1023b, to identify, collect, and/or acquire reputation data of the domain…The reputation data may be reputation data in relation to the domain name itself, URLs associated with the domain name…The reputation data may include ratings for various categories, such as email practices, website content, privacy policies and practices, fraudulent activities, domain name related complains, overall reputation, etc.”, where “The reputation data may be reputation data in relation to…URLs associated with the domain name” is analogous to querying a reputation service for a reputation of at least one of a URL) (Baughman, Paragraph [0085], see “…a reputation score may be calculated according to the assigned values for generating a response or answer to the trustworthy query…”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Ranalli, techniques disclosed of Shahid and techniques disclosed of Ashley, by implementing techniques wherein determining the sensitivity level comprises querying a cloud reputation service for a reputation of at least one of a URL, a browser extension, an application, a merchant, or a public network, disclosed of Baughman. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for automated hardening of sensitive transactions, comprising wherein determining the sensitivity level comprises querying a cloud reputation service for a reputation of at least one of a URL, a browser extension, an application, a merchant, or a public network. This allows for better security management by having the method query a cloud reputation service for a reputation of at least a URL, where the reputation is inherently being recorded in a database for future transactions in order to prevent the same malicious intents from reoccurring. Baughman is deemed as analogous art due to the art disclosing techniques wherein determining the sensitivity level comprises querying a cloud reputation service for a reputation of at least one of a URL (Baughman, Paragraph [0082]). Conclusion THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747. The examiner can normally be reached on M-F 11:00am – 7:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /RODMAN ALEXANDER MAHMOUDI/Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

Show 21 earlier events
Feb 28, 2025
Final Rejection mailed — §103
May 28, 2025
Notice of Allowance
Jul 28, 2025
Response after Non-Final Action
Aug 06, 2025
Response after Non-Final Action
Nov 05, 2025
Non-Final Rejection mailed — §103
Jan 30, 2026
Interview Requested
Feb 05, 2026
Response Filed
Jun 01, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12651053
APP PROFILE VERIFICATION SETUP
2y 0m to grant Granted Jun 09, 2026
Patent 12645780
VEHICLE CONTROL DEVICE, SYSTEM, AND METHOD
2y 0m to grant Granted Jun 02, 2026
Patent 12647432
Quantification of Adversary Tactics, Techniques, and Procedures using Threat Attribute Groupings and Correlation
1y 10m to grant Granted Jun 02, 2026
Patent 12632559
OPEN-SOURCE SOFTWARE VULNERABILITY ANALYSIS
7y 9m to grant Granted May 19, 2026
Patent 12632533
INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM
2y 3m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

7-8
Expected OA Rounds
80%
Grant Probability
96%
With Interview (+16.7%)
2y 9m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 247 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month