Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the amendment filed 10/21/2025. Claims 1-21 are pending. Claims 1 (a machine) and 13 (a machine accessible device) are independent.
Response to Arguments
Applicant's arguments filed 10/21/2025 have been fully considered but they are not persuasive.
On pages 8-9 of the remarks, Applicant notes that Fig. 22 of the present Application details “an image of an artist” 2206 with a user prompt to “Click the Artist’s Hand by Pepsi” 2202 using a customized pointer “an image of a Pepsi can” and states: “In the illustrated example below, a user has to move the pointer, shown as a beverage can, to an outstretched hand of a musical artist.”
Examiner agrees that Akula in view of Turgeman do not disclose a CAPTCHA test that utilizes a trademarked brand as a mouse pointer or tests a user’s ability to select a portion of a picture.
However, this embodiment is not claimed.
Instead, the claim has been amended on 10/21/2025 to require “prompt identifying a graphical item within the display to which the tailored image (any image used to signify the pointer) is to be moved … correct response.” A submit button is a graphical item. Interpreting the graphical item to be a submit button or similar is consistent with Applicant’s specification figures 4A-B and 6A-B which illustrated the correct response being a button.
Web forms and CAPTCHAs are well known in the art as users are well versed in interfacing with both web forms and CAPTCHAs that may be used to test that the user is not an automated entity. The key difference with the CAPTCHAs are not that there is a correct or incorrect location within the web form but in the CAPTCHA test, or task, given to the user.
In the present response Applicant contends that the test is interpreting the meaning of an image; however, no image is required by the claim.
In response to applicant's argument that the references fail to show certain features of the invention, it is noted that the features upon which applicant relies (i.e., the embodiment of Fig. 22) are not recited in the rejected claim(s). Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
For at least the reasons above, Applicant’s remarks are not persuasive.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 2, 4-7, and 10-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Akula et al., US 2016/0055329 (filed 2014-12), in view of Turgeman, US 2016/0321689 (filed 2016-07).
As to claim 1, Akula discloses a machine comprising:
A bot security apparatus comprising:
(“The request may be a request for an image or a request for a webpage. Responsive to this request, the TCE creates a traceable image based upon multiple image elements.” Akula ¶ 9)
a memory device storing a plurality of challenge files for determining if a webpage user is a human or a bot, each of the challenge files including a display element, (“selecting a plurality of image elements from a set of image elements, and combining the selected plurality of image elements to form the traceable image… each of the set of image elements comprises a representation of a line or a curve.” Akula ¶¶ 11-12. see also ¶ 33)
… (See Akula ¶¶ 113-115 discussing scaling the trace image based on time) and
a location of the display element that corresponds to a correct response; (“storing a set of coordinates of the formed traceable image in a memory (volatile or non-volatile)” Akula ¶ 145. See also Akula ¶ 95 discussing generating reference points from the image element construction.)
(“a “Submit” button may be provided, which when selected, indicates that the entry of trace input has been completed.” Akula ¶ 78. See also ¶¶ 96)
a security processor communicatively coupled to the memory device, the security processor configured to: (see Akula Fig. 12 showing hardware embodiments)
receive an indication message that a webpage of an application server is to be transmitted to a client device, (“the computing device 104 retrieves a webpage for a website provided by a web server, and the source code of the webpage identifies a resource provided by the TCE 102 (e.g., includes a URL of an image provided by the TCE 102).” Akula ¶ 40)
select a challenge file from the memory device, for presentation at the client device in conjunction with the webpage (“selecting a plurality of image elements from a set of image elements, and combining the selected plurality of image elements to form the traceable image… each of the set of image elements comprises a representation of a line or a curve.” Akula ¶¶ 11-12. see also ¶ 33)
transmit at least some information from the challenge file to cause the display element and … to be displayed on the client device and …, (“receiving data for a traceable image from the server computing device.” Akula ¶ 131. See Akula ¶ 158, captcha provided via TCE/captcha server or web server.)
receive a response message corresponding to at least one of a pointer selection or pointer movement made by the changed pointer at the client device in relation to the display element, (“a message is transmitted to the server computing device including user trace input data.” Akual ¶ 135, see also ¶ 159)
compare information within the response message to the location corresponding to the correct response for the selected challenge file, (“At block 755, the flow 700 includes determining whether the trace of the traceable image (made by the user) is within an error tolerance range of the set of coordinates associated with the traceable image (e.g., stored at block 730).” Akula ¶ 148)
if the information within the response message matches or is included within the location corresponding to the correct response for the selected challenge file, transmit a correct answer message, and (“block 770 includes transmitting a previously-sought resource (by the user) to the computing device when the trace is within the error tolerance range” Akula ¶ 150)
if the information within the response message does not match or is not included within the location corresponding to the correct response for the selected challenge file, transmit an incorrect answer message. (“but sending the computing device a different resource when the trace is not within the error tolerance range. This different resource may comprise, in some embodiments, another traceable image for another improved traceable image CAPTCHA, a query for a type of authentication data that is known to the user, and/or an error message.” Akula ¶ 150)
Akula does not explicitly disclose:
a user prompt,
pointer information including a tailored image,
, the user prompt identifying a graphical item within the display element to which the tailored image is to be moved as the location of the display element that corresponds to the correct response;
the user prompt
a pointer to be changed in appearance as specified by the pointer information
Turgeman discloses:
(“The web-server of the computerized service may serve code, for example HTML code, that the Web browser of the end-user device may parse and may display and/or execute. In accordance with the present invention, for example, a JavaScript code or code-portion may be served to the Web-browser of the end-user device; or may otherwise be “called from” or loaded from an HTML page that is served to the end-user device.” Turgeman ¶ 33. “this mechanism may be implemented, for example, using JavaScript or other suitable scripting language or applet, without necessarily requiring installation of a particular software module on the end-user device.” Turgeman ¶ 82, also ¶ 81)
pointer information including a tailored image
(“the system may present a log-in or sign-in page or form (or, other suitable form that may have a Submit or Login button, or similar button or UI or GUI). Once the system detects that the “username” field and the “password” field have been filled (e.g., they contain characters), the system may automatically divide or modify or replace the mouse pointer (or other suitable UI pointer) into two pointers, for example, a “real” mouse pointer (e.g., shaped as a regular arrow or arrow-head), and a “fake” mouse pointer (e.g., shaped as a cross or other suitable object or shape); this may optionally be performed by a suitable client-side or server-side code, such as mouse-pointer replacement code, mouse-pointer modifier code, on-screen-pointer replacement code, on-screen-pointer modifier code, or the like. The “real” mouse pointer may be seen by human users, but may not be detected by a “bot” or automated script or computer program;” Turgeman ¶ 80. See also Turgeman ¶¶ 81 and 82: “the original mouse pointer may be replaced with a new mouse pointer, comprising a large transparent square; one region or corner of the square may display an arrow or arrow-head of a mouse pointer…. using JavaScript or other suitable scripting language or applet”)
, the user prompt identifying a graphical item within the display element (“a log-in screen of the computerized service may be used for injecting one or more interferences” Turgeman ¶ 68. “(e.g., on a “Submit” button)” Turgeman ¶ 80. See also ¶¶ 62 and 88)
to which the tailored image is to be moved as the location of the display element that corresponds to the correct response; (“This fixed offset may allow a human user to correctly click on a “submit” button, while causing a “bot” or automated script to “miss” a submit button and to click on screen areas that are non-responsive to clicks.” Turgeman ¶ 82)
a pointer to be changed in appearance as specified by the pointer information
(“this may optionally be performed by a suitable client-side or server-side code” Turgeman ¶ 80. “End-user device 181 may comprise a user-interactions tracker 183, for example, implemented as JavaScript code included in (or triggered from) HTML page(s) that are served by server 182” Turgeman ¶ 30, also ¶ 33)
a user prompt,…,the user prompt (“a log-in screen of the computerized service may be used for injecting one or more interferences” Turgeman ¶ 68. “The human user may see the “real” mouse pointer, and may aim it (move it) correctly to the “submit” button, and a click or double-click by the human user may thus register correctly. In contrast, the “bot” or automated script may not detect the “real” mouse pointer, and instead may identify and/or may control only the “fake” mouse pointer which has an offset distance from the “real” mouse pointer; and thus, the “bot” or automated script may fail to perform a “click” or a “double-click” at the right on-screen location (e.g., on a “Submit” button)” Turgeman ¶ 80)
A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Akula with Turgeman by utilizing an interface or other prompt to inform the user of the authentication task and by providing a cloned invisible pointer for user input. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Akula with Turgeman in order to detect automated bots and prevent ddos attacks on authentication systems or other sensitive servers, see Tugreman ¶¶ 27, 78, 94, and 95.
As to claim 13, Akula discloses a readable device comprising:
A machine-accessible device having instructions stored thereon that, when executed, cause a machine to at least: (see Akula Fig. 12 showing hardware embodiments)
select a challenge for display on a client device in conjunction with a webpage or online content, the challenge including a display element, (“selecting a plurality of image elements from a set of image elements, and combining the selected plurality of image elements to form the traceable image… each of the set of image elements comprises a representation of a line or a curve.” Akula ¶¶ 11-12. see also ¶ 33) …;
provide the challenge causing the display element and … (“receiving data for a traceable image from the server computing device.” Akula ¶ 131. See Akula ¶ 158, captcha provided via TCE/captcha server or web server.)
receive a response message corresponding to at least one of a pointer selection or pointer movement made by the stylized pointer at the client device in relation to the display element; (“a message is transmitted to the server computing device including user trace input data.” Akual ¶ 135, see also ¶ 159)
compare information within the response message to correct response stored in an answer file or field that is related to the selected challenge; (“At block 755, the flow 700 includes determining whether the trace of the traceable image (made by the user) is within an error tolerance range of the set of coordinates associated with the traceable image (e.g., stored at block 730).” Akula ¶ 148)
when the information within the response message matches or is included within the specified correct location stored in the answer file or field, provide a correct answer message; and (“block 770 includes transmitting a previously-sought resource (by the user) to the computing device when the trace is within the error tolerance range” Akula ¶ 150)
when the information within the response message does not matches or is not included within the specified correct location stored in the answer file or field, provide an incorrect answer message. (“but sending the computing device a different resource when the trace is not within the error tolerance range. This different resource may comprise, in some embodiments, another traceable image for another improved traceable image CAPTCHA, a query for a type of authentication data that is known to the user, and/or an error message.” Akula ¶ 150)
Akula does not explicitly disclose:
a user prompt, and stylized pointer information that corresponds to the display element, the stylized pointer information including a tailored image;
, the user prompt identifying a graphical item within the display element to which the tailored image is to be moved as the location of the display element that corresponds to the correct response;
the user prompt to be displayed on the client device and a pointer to be stylized in appearance as specified by the pointer information;
Turgeman discloses:
a user prompt, and (“a log-in screen of the computerized service may be used for injecting one or more interferences” Turgeman ¶ 68. “The human user may see the “real” mouse pointer, and may aim it (move it) correctly to the “submit” button, and a click or double-click by the human user may thus register correctly. In contrast, the “bot” or automated script may not detect the “real” mouse pointer, and instead may identify and/or may control only the “fake” mouse pointer which has an offset distance from the “real” mouse pointer; and thus, the “bot” or automated script may fail to perform a “click” or a “double-click” at the right on-screen location (e.g., on a “Submit” button)” Turgeman ¶ 80)
, the user prompt identifying a graphical item within the display element (“a log-in screen of the computerized service may be used for injecting one or more interferences” Turgeman ¶ 68. “(e.g., on a “Submit” button)” Turgeman ¶ 80. See also ¶¶ 62 and 88)
to which the tailored image is to be moved as the location of the display element that corresponds to the correct response; (“This fixed offset may allow a human user to correctly click on a “submit” button, while causing a “bot” or automated script to “miss” a submit button and to click on screen areas that are non-responsive to clicks.” Turgeman ¶ 82)
stylized pointer information that corresponds to the display element, the stylized pointer information including a tailored image; (“automatically divide or modify or replace the mouse pointer (or other suitable UI pointer) into two pointers, for example, a “real” mouse pointer (e.g., shaped as a regular arrow or arrow-head), and a “fake” mouse pointer (e.g., shaped as a cross or other suitable object or shape);” Turgeman ¶¶ 80-82)
the user prompt to be displayed on the client device and a pointer to be stylized in appearance as specified by the pointer information; (Turgeman ¶¶ 80-82. See also Turgeman ¶¶ 30 and 33)
A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Akula with Turgeman by utilizing an interface or other prompt to inform the user of the authentication task and by providing a cloned invisible pointer for user input. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Akula with Turgeman in order to detect automated bots and prevent ddos attacks on authentication systems or other sensitive servers, see Tugreman ¶¶ 27, 78, 94, and 95.
As to claim 2, Akula in view of Gurgeman discloses the machine of claim 1 and further discloses:
wherein the indication message is received from the application server or a load balancer (“the computing device 104 transmits the request 128 to the TCE 102 executing at the server computing devices 208. This request 128 may be transmitted responsive to a user interacting with a webpage 204 displayed by a browser 202 via a display, and may comprise an HTTP GET message. In some embodiments, the request 128 is generated by the browser 202 responsive to the browser 202 earlier receiving the webpage 204 (from the web server 206 or from a different source, such as a third part web server utilizing a service provided by the TCE 102) that includes a reference to an image (e.g., an <IMG> element within the source code of the webpage 204). Thus, the request 128 may comprise an HTTP GET message seeking the identified image resource, which the browser 202 seeks in order to render the webpage 204.” Akula ¶ 64. “the request 128 is received by the web server 206, which determines that the request 128 is for a traceable image for an improved CAPTCHA, and issues a request, at circle B, to the image generation module 210 of the TCE 102 for a traceable image. In some embodiments, the issued request comprises some or all of the request 128 received from the computing device 104,” Akula ¶ 65)
and includes an identifier of a generic challenge that is related to the webpage (the HTTP get message, and also the login of Turgeman ¶ 68.), and wherein the challenge file selected by the security processor corresponds to the generic challenge (the IMG reference in the source code) and the at least some of the information from the challenge file is transmitted to the application server or the load balancer for replacement of the generic challenge. (“At circle E, the generated traceable image (and optionally the unique identifier associated with the generated traceable image) is returned to the web server 206,” Akula ¶ 73, Circle E being in response to the request 128 for an element of a webpage, which is placed in the webpage, thereby ‘replacing’ the original webpage/challenge, Turgeman ¶ 68, with additional CAPTCHA/pointer modifications.).
As to claim 4, Akula in view of Turgeman discloses the machine of claim 1 and further discloses:
wherein the security processor transmits the correct answer message to the application server, which causes the application server to at least one of transmit the webpage to the client device, transmit a second webpage to the client device, or transmit content related to the webpage to the client device. (“at circle K. In some embodiments, the verification module 212 returns a Boolean-type response (e.g., a Yes/No or True/False or 0/1) value to indicate whether the trace is a valid human trace, but in some embodiments the verification module 212 identifies what resource should be returned to the computing device 104 based upon the result of the determination. For example, in some embodiments, when the determination indicates that the trace is valid (i.e., the received user trace input data does fall within the error tolerance range), the verification module 212 identifies a resource that the computing device 104 is to be sent, which may be defined according to configuration or based upon one or more previous messages sent by the computing device 104 seeking a particular resource that is “protected” by the traceable image CAPTCHA.” Akula ¶ 85)
As to claim 5, Akula in view of Turgeman discloses the machine of claim 1 and further discloses:
wherein the security server transmits the incorrect answer message to the application server, which causes the application server to at least one of terminate a connection to the webpage with the client device, terminate a session with the client device, or block the client device. (“when the determination indicates that the trace is not valid, the verification module 212 may instruct the web server 206 to return a newly-generated traceable image for another CAPTCHA,” Akula ¶ 85. “but sending the computing device a different resource when the trace is not within the error tolerance range. This different resource may comprise, in some embodiments, another traceable image for another improved traceable image CAPTCHA, a query for a type of authentication data that is known to the user, and/or an error message.” Akula ¶ 150)
As to claim 6, Akula in view of Turgeman discloses the machine of claim 1 and further discloses:
wherein the incorrect message includes at least some information from another challenge file that is selected by the security processor for display on the client device. (“when the determination indicates that the trace is not valid, the verification module 212 may instruct the web server 206 to return a newly-generated traceable image for another CAPTCHA, which may trigger the web server 206 to return as the response message 134 (at circle L) another webpage identifying a new traceable image (and thus lead to another request 128), or may trigger the web server 206 to proactively request the generation of a new traceable image CAPTCHA (e.g., at circle B) from the image generation module 210, and return the new traceable image CAPTCHA as part of response message 134 at circle L.” Akula ¶ 85.)
As to claim 7, Akula in view of Turgeman discloses the machine of claim 1 and further discloses:
wherein the display element (See Akula Fig. 2, web page 204 comprising the traceable image 114) and the user prompt (“a log-in screen of the computerized service may be used for injecting one or more interferences” Turgeman ¶ 68. “The human user may see the “real” mouse pointer, and may aim it (move it) correctly to the “submit” button, and a click or double-click by the human user may thus register correctly. In contrast, the “bot” or automated script may not detect the “real” mouse pointer, and instead may identify and/or may control only the “fake” mouse pointer which has an offset distance from the “real” mouse pointer; and thus, the “bot” or automated script may fail to perform a “click” or a “double-click” at the right on-screen location (e.g., on a “Submit” button)” Turgeman ¶ 80) are displayed in the webpage (Both Akula and Turgeman are webpages) or in a popup window over the webpage.
As to claim 10, Akula in view of Turgeman discloses the machine of claim 1 and further discloses:
wherein locations of the display element are specified by coordinates (“At circle 3, with the generated traceable image 124 ready, the TCE 102 transmits data for the traceable image 130 back through the communication network(s) 110 destined to the computing device 104. This data 130 may comprise an image file of the generated traceable image 124, multiple image files (e.g., each of the selected image elements 122), and/or representations of the generated traceable image 124 (e.g., JavaScript commands and/or sets of coordinate values).” Akula ¶ 47) and the location of the correct response includes at least one of a coordinate or a set of coordinates. (“the TCE 102 makes this determination by determining distances between data points of the reference set of coordinates and a received set of coordinates of the user trace input data 132” Akula ¶ 55)
As to claim 11, Akula in view of Turgeman discloses the machine of claim 1 and further discloses:
wherein the pointer information includes at least one of a pointer file or instructions for changing properties of the pointer at the client device. (“the system may present a log-in or sign-in page or form (or, other suitable form that may have a Submit or Login button, or similar button or UI or GUI). Once the system detects that the “username” field and the “password” field have been filled (e.g., they contain characters), the system may automatically divide or modify or replace the mouse pointer (or other suitable UI pointer) into two pointers, for example, a “real” mouse pointer (e.g., shaped as a regular arrow or arrow-head), and a “fake” mouse pointer (e.g., shaped as a cross or other suitable object or shape); this may optionally be performed by a suitable client-side or server-side code, such as mouse-pointer replacement code, mouse-pointer modifier code, on-screen-pointer replacement code, on-screen-pointer modifier code, or the like. The “real” mouse pointer may be seen by human users, but may not be detected by a “bot” or automated script or computer program;” Turgeman ¶ 80)
As to claim 12, Akula in view of Turgeman discloses the machine of claim 1 and further discloses:
wherein the pointer information is specified to correspond to the respective display element of the challenge file. (“the system may present a log-in or sign-in page or form (or, other suitable form that may have a Submit or Login button, or similar button or UI or GUI). Once the system detects that the “username” field and the “password” field have been filled (e.g., they contain characters), the system may automatically divide or modify or replace the mouse pointer (or other suitable UI pointer) into two pointers, for example, a “real” mouse pointer (e.g., shaped as a regular arrow or arrow-head), and a “fake” mouse pointer (e.g., shaped as a cross or other suitable object or shape); this may optionally be performed by a suitable client-side or server-side code, such as mouse-pointer replacement code, mouse-pointer modifier code, on-screen-pointer replacement code, on-screen-pointer modifier code, or the like. The “real” mouse pointer may be seen by human users, but may not be detected by a “bot” or automated script or computer program;” Turgeman ¶ 80)
As to claim 14, Akula in view of Turgeman discloses the CRM of claim 13 and further discloses:
wherein the challenge or the answer file or field includes a time threshold, and the machine-accessible device has instructions stored thereon that, when executed, cause the machine to at least:
start a timer when the challenge is provided; (“A timeout value may be set as a maximum number of modifications allowed to be done before the CAPTCHA is deemed invalid” Akula ¶ 105)
if the response message is received before the elapsed time of the timer has reached the time threshold, perform the comparison that uses the information within the response message; and (“the client-side CAPTCHA code, when submitting user trace input data (e.g., a set of coordinates of a trace), may also transmit an indicator describing what modifications, if any, were performed to the presented traceable image” Akula ¶ 108)
if the elapsed time of the timer has reached or exceeded the time threshold, determine the challenge was not successfully completed and provide at least one of the incorrect message or a timeout message. (“A timeout value may be set as a maximum number of modifications allowed to be done before the CAPTCHA is deemed invalid” Akula ¶ 105)
As to claim 15, Akula in view of Turgeman discloses the CRM of claim 13 and further discloses:
wherein the challenge or the answer file or field includes a click threshold, (“determines whether the trace input 325 is valid by utilizing a validity rule indicating that no corresponding points may differ by more than a particular distance. In the above example using Euclidean distance measures, a maximal acceptable point distance value may be configured, and if any of the individual point distances meet or exceed that value, then the trace is invalid…. a validity rule may indicate that only when a defined number of the points (e.g., 2, 5, 20) deviates from the maximal acceptable point distance value is the trace deemed invalid.” Akula ¶ 102)
and the machine-accessible device has instructions stored thereon that, when executed, cause the machine to at least:
…
that are below or meet the click threshold; and (Akula ¶ 102)
disregard the response messages that sequentially exceed the click threshold. (“the trace deemed invalid” Akula ¶ 102).
Akula in view of Turgeman, as combined in claim 13 does not explicitly disclose:
receive sequential multiple response messages, each response message including a location of the pointer during a pointer selection;
perform the comparison using the information within the earliest, sequentially received response messages
Turgeman further discloses:
receive sequential multiple response messages, each response message including a location of the pointer during a pointer selection;
(“The data describing the user interactions may be sent or uploaded, for example, every pre-defined time interval (e.g., every second, or every 3 or 5 or 10 seconds), or once a buffer of interactions is filled (e.g., once 20 keystrokes are logged; once 6 mouse-clicks are logged). Other suitable methods may be used to monitor and log user interactions.” Turgeman ¶ 33)
perform the comparison using the information within the earliest, sequentially received response messages (“the comparator/matching module 104 may compare the features characterizing the current session of the current user, to features characterizing known automatic fraudulent mechanisms, known as malware or “bot” mechanisms” Turgeman ¶ 38)
A person of ordinary skill in the art before the effective filing date of the claimed invention would have further combined Akula with Turgeman by providing continuous monitoring of the users trace inputs of Akula. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further combine Akula with Turgeman in order to provide indications of bot activity to the server, separate from the completion of the trace itself, allowing the server to inspect the input patterns of the user’s system, Turgeman ¶ 38.
As to claim 16, Akula in view of Turgeman discloses the CRM of claim 13 and further discloses:
wherein the response message includes an identifier of the selected challenge, and wherein the identifier is used to determine the answer file or field for the comparison that uses the information within the response message.
(“At circle G, the web server 206 returns the data for the traceable image 130 (e.g., the image file or a set of instructions for generating the image). This data, in some embodiments, further includes the unique identifier of the generated traceable image and/or the stored client-side CAPTCHA code 218.” Akula ¶ 75).
As to claim 17, Akula in view of Turgeman discloses the CRM of claim 13 and further discloses:
having instructions stored thereon that, when executed, cause the machine to at least: determine a generic challenge related to the webpage or the online content for the client device; (“The human user may see the “real” mouse pointer, and may aim it (move it) correctly to the “submit” button, and a click or double-click by the human user may thus register correctly. In contrast, the “bot” or automated script may not detect the “real” mouse pointer, and instead may identify and/or may control only the “fake” mouse pointer which has an offset distance from the “real” mouse pointer; and thus, the “bot” or automated script may fail to perform a “click” or a “double-click” at the right on-screen location (e.g., on a “Submit” button)” Turgeman ¶ 80)
select the challenge based on the generic challenge; and (“Once the system detects that the “username” field and the “password” field have been filled (e.g., they contain characters), the system may automatically divide or modify or replace the mouse pointer (or other suitable UI pointer) into two pointers, for example, a “real” mouse pointer (e.g., shaped as a regular arrow or arrow-head), and a “fake” mouse pointer (e.g., shaped as a cross or other suitable object or shape);” Turgeman ¶ 80)
cause the generic challenge to be replaced with the selected challenge. (“At circle E, the generated traceable image (and optionally the unique identifier associated with the generated traceable image) is returned to the web server 206,” Akula ¶ 73, Circle E being in response to the request 128 for an element of a webpage, which is placed in the webpage, thereby ‘replacing’ the original webpage/challenge, Turgeman ¶ 68, with additional CAPTCHA/pointer modifications.).
As to claim 18, Akula in view of Turgeman discloses the CRM of claim 17 and further discloses:
having instructions stored thereon that, when executed, cause the machine to at least provide at least one of the correct answer message or the incorrect answer message to an application server that at least one of (i) hosts the webpage or the online content for the client device, or (ii) transmits the webpage or the online content to the client device. (“at circle K. In some embodiments, the verification module 212 returns a Boolean-type response (e.g., a Yes/No or True/False or 0/1) value to indicate whether the trace is a valid human trace, but in some embodiments the verification module 212 identifies what resource should be returned to the computing device 104 based upon the result of the determination. For example, in some embodiments, when the determination indicates that the trace is valid (i.e., the received user trace input data does fall within the error tolerance range), the verification module 212 identifies a resource that the computing device 104 is to be sent, which may be defined according to configuration or based upon one or more previous messages sent by the computing device 104 seeking a particular resource that is “protected” by the traceable image CAPTCHA.” Akula ¶ 85)
As to claim 19, Akula in view of Turgeman discloses the CRM of claim 17 and further discloses:
wherein the generic challenge includes metadata identifying content for the challenge, and wherein the challenge is selected based on the metadata. (“Once the system detects that the “username” field and the “password” field have been filled (e.g., they contain characters), the system may automatically divide or modify or replace the mouse pointer (or other suitable UI pointer) into two pointers, for example, a “real” mouse pointer (e.g., shaped as a regular arrow or arrow-head), and a “fake” mouse pointer (e.g., shaped as a cross or other suitable object or shape);” Turgeman ¶ 80).
As to claim 20, Akula in view of Turgeman discloses the CRM of claim 17 and further discloses:
wherein the content identified by the metadata includes at least one of advertising content, a person's name, a product brand, or a challenge type. (“Once the system detects that the “username” field and the “password” field have been filled (e.g., they contain characters), the system may automatically divide or modify or replace the mouse pointer (or other suitable UI pointer) into two pointers, for example, a “real” mouse pointer (e.g., shaped as a regular arrow or arrow-head), and a “fake” mouse pointer (e.g., shaped as a cross or other suitable object or shape);” Turgeman ¶ 80).
As to claim 21, Akula in view of Turgeman discloses the CRM of claim 13 and further discloses:
wherein providing the correct answer message causes a webpage or the online content to be provided to or displayed on the client device. (“ … select a resource to be provided the client device 104 based upon the result of the validation.” Akula ¶ 160. “at circle K. In some embodiments, the verification module 212 returns a Boolean-type response (e.g., a Yes/No or True/False or 0/1) value to indicate whether the trace is a valid human trace, but in some embodiments the verification module 212 identifies what resource should be returned to the computing device 104 based upon the result of the determination. For example, in some embodiments, when the determination indicates that the trace is valid (i.e., the received user trace input data does fall within the error tolerance range), the verification module 212 identifies a resource that the computing device 104 is to be sent, which may be defined according to configuration or based upon one or more previous messages sent by the computing device 104 seeking a particular resource that is “protected” by the traceable image CAPTCHA.” Akula ¶ 85)
Claim(s) 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Akula et al., US 2016/0055329 (filed 2014-12), in view of Turgeman, US 2016/0321689 (filed 2016-07), and Kuperman et al., US 2017/0223049 (filed 2017-01)
As to claim 3, Akula in view of Turgeman discloses the machine of claim 1 and further discloses:
… a generic challenge, “a log-in screen of the computerized service may be used for injecting one or more interferences” (the HTTP get message of Akula. Also, Turgeman ¶ 68.)
wherein the challenge file selected by the security processor corresponds to the generic challenge, and wherein the security processor replaces the generic challenge with the at least some of the information from the challenge file (from the web server 206 or from a different source, such as a third part web server utilizing a service provided by the TCE 102) that includes a reference to an image (e.g., an <IMG> element within the source code of the webpage 204). Thus, the request 128 may comprise an HTTP GET message seeking the identified image resource, which the browser 202 seeks in order to render the webpage 204.” Akula ¶ 64. Replacing the reference in the http get message with the challenge) and transmits the at least some of the information from the challenge file to at least one of the client device or the application server. (“At circle G, the web server 206 returns the data for the traceable image 130 (e.g., the image file or a set of instructions for generating the image). This data, in some embodiments, further includes the unique identifier of the generated traceable image and/or the stored client-side CAPTCHA code 218.” Akula ¶ 75)
Akula in view of Turgeman discloses several server architectures including those of Figure 2 and 9a. However, Akula in view of Turgeman does not disclose that the CAPTCHA administering system receives the webpage, as claimed:
wherein the indication message is received from the application server and includes the webpage and
Kuperman discloses that it was known to use a proxy server to modify webpages sent to a client, as claimed:
wherein the indication message is received from the application server and includes the webpage and
(“To challenge 600A the client 605 with a CCF, the proxy 305 modifies the response 603 from the host 145 by injecting 606 executable code into the host response 603.” Kuperman ¶ 99).
A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Akula in view of Turgeman with Kuperman by providing the aspects of the TCE of Akula in a proxy by injecting the CAPTCHA challenge into the webpage, as done in Kuperman ¶ 99. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Akula in view of Turgeman with Kuperman in order to block malicious clients from impacting the performance of the host, Kuperman ¶ 55, and thereby prevent ddos attacks.
Claim(s) 8 and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Akula et al., US 2016/0055329 (filed 2014-12), in view of Turgeman, US 2016/0321689 (filed 2016-07) and Qvarfordt et al., US 2008/0127302 (filed 2006-08).
As to claim 8, Akula in view of Turgeman discloses the machine of claim 1 and further discloses:
wherein the display element is specified in at least one of an image file (“each of the set of image elements 120 may be an image file (e.g., a PNG, JPG, GIF, TIFF, RAW, BMP, or any other type of raster, vector, stereo, or compound image file)” Akula ¶ 68.), a video file, an audio file, a multimedia file, a java file, or a plug-in file, ….
Akula in view of Turgeman does not disclose:
and wherein the display element shows at least one item comprising a person, an animal, a character, a scene, or a vehicle.
Qvarfordt discloses:
and wherein the display element shows at least one item comprising a person, an animal, a character, a scene, or a vehicle. (“FIG. 6 depicts an example of a multi-layer CAPTACH wherein the solution is divided and distributed among various layers, in this example, two layers 603 and 605. In this example there is also a background layer 601 and an obstruction foreground layer 607. Any of the layers can be moving under any of the methods described above, e.g., closed loop animation, user interaction, etc.” Qvarfordt ¶ 49. “and various random words are flashing on the screen, e.g., "cat" in FIG. 8a. When the subject matter of the video changes, e.g., the person in the video is seated” Qvarfordt ¶ 51. See also Fig. 10 and ¶ 35)
A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Akula in view of Turgeman with Qvarfordt by incorporating a plurality of layers into the captcha including obfuscation layers comprising scenes, characters, or animals. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Akula in view of Turgeman with Qvarfordt in order to make a CAPTCHA that is easy for a human to understand but difficult for a machine due to reliance on human perception, e.g. Qvardfordt ¶¶ 9-12.
As to claim 9, Akula in view of Turgeman and Qvardfordt discloses the machine of claim 8 and further discloses:
wherein the display element includes instructions that cause at least part of the shown item to change in appearance in response to a mouse-over or hover by the pointer in relation to a location of the item shown in the display element. (“the motion can be automatic, i.e., a continuous loop, or manual in response to a user's command. A manual motion can be, for example, the clip plays a number of frames in response to a user's mouse click, or motion is made in response to user's "dragging" of selected layer using a mouse or other input device, or a specific motion that depends on the user's action, e.g., foreground moves to left upon left-mouse click and to the right upon right-mouse click.” Qvarfordt ¶ 35)
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Johansson et al., US 9,652,604, disclosing an image-based CAPTCHA with a prompt.
Chow et al., US 8,875,239, disclosing an image-based CAPTCHA with a prompt.
Isaacs, US 8,875,239, disclosing an image-based CAPTCHA with a prompt.
Fritz et al., US 8,505,071, disclosing an image-based CAPTCHA with a prompt.
Hachey, US 2010/0325706, disclosing an image-based CAPTCHA with a prompt.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165. The examiner can normally be reached M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached at (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL W CHAO/Primary Examiner, Art Unit 2492