ENTERPRISE BROWSER SYSTEM

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statements (IDS) submitted on 2/28/2024, 11/13/2024, 11/21/2024, and 7/15/2025 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/24/2025 has been entered. Response to Arguments Applicant's arguments, see pages 7-8, filed 12/24/2025, with respect to the rejection of claims 1, 7, 9, 10, 12, 13, 16, 23, 24, and 27 under 35 USC 103 have been fully considered but they are not persuasive. Regarding the argument: “Claim 1 recites "wherein the web browser is configured to require ... one or more policies to be validated before the web browser is allowed to perform one or more predefined operations," which the Examiner alleges is taught by Chauhan at Fig. 9 and para. 0138 … “… While Chauhan states in various places that policies may, for example, be "set," "received," "implemented," "enforced," "applied," and "executed," Chauhan does not teach or suggest, in Fig. 9, para. 0138, or elsewhere, validating policies as claim 1 recites …” Examiner respectfully disagrees. The prior art of CHUHAN teaches a process of determining whether a client application in an embedded browser is capable of enforcing defined policies. If not, the application is not permitted to execute actions through the browser. This certainly meets the broadest reasonable interpretation of the claims, which merely recite “policies configured to control any aspect of the web browser” and “policies to be validated.” Examiner notes that the specification provides no details which would narrow the interpretation of said validation. Indeed, forms of the term “validate” appear only twice times in the specification in the context of policies (pages 1 and 8), and in those instances essentially repeat the vague claim language. This rejection is maintained. Regarding the argument: “Claim 12 is amended herewith to recite a policy condition that relates to a source that provided a URL to the web browser …” Examiner notes that this argument is not directed to any particular aspect of the prior art or mapping thereof, and thus is given a cursory review along with the subject matter of the associated claim. Examiner notes that additional arguments are directed to the alleged allowability of claims based on their dependency to already-argued claims, and will not be addressed. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 7, 10, 12, 13, 16, 23, and 24 are rejected under 35 U.S.C. 103 as being unpatentable over CHAUHAN (Doc ID US 20200082024 A1), and further in view of HARAKI (Doc ID JP 2000242604 A). Regarding claim 1: CHAUHAN teaches: A web browser system comprising: at least one processor; and a memory storing instructions executable by the at least one processor ([0033] "… Non-volatile memory 128 stores ... computer instructions of operating system 115 and/or applications 116 are executed by processor(s) 103 ...") to implement a web browser, the web browser including a browser and rendering engine configured to send and receive data via a computer network ([0087] "The embedded browser 410 can include elements and functionalities of a web browser application or engine. The embedded browser 410 can locally render network application(s) as a component or extension of the client application."), and a policy engine configured to implement one or more policies configured to control any aspect of the web browser, the data, a computer that hosts the web browser, and any devices that are accessible to the computer ([0039] "... allow the client application to perform or facilitate policy-based management ..., application control), wherein the web browser is configured as an executable file that is created by compiling computer software instructions that implement the browser and rendering engine and the policy engine ([0038] "... A client application executing on a client device can allow a user to access applications (apps) that are served from and/or hosted on one or more servers .... A browser that is embedded ... can render to the user a network application …."), wherein the web browser is configured to require a user of the web browser to be authenticated (Fig 9 and [0138] "… In operation 903, the web service can redirect the HTTP client to a gateway service for authentication.") and one or more policies to be validated before the web browser is allowed to perform one or more predefined operations (Fig 9 and [0138] "... in operation 909, the gateway service can determine if the CEB is ... capable of enforcing defined application policies. If so ... the CEB is allowed access to the web service, and can enforce the defined policies."), wherein the web browser is configured to receive the policies via the computer network ([0059] "… The application management framework 314 requests policy information from client agent 304, which in turn requests it from gateway server 306."), CHAUHAN does NOT teach: wherein the policies are encrypted, before they are sent to the web browser via the computer network, for decryption using a decryption key that is uniquely associated with an identity that is associated with the user of the web browser, and wherein the decryption key is provided to the web browser via the computer network after the user is authenticated. HARAKI teaches: wherein the policies are encrypted, before they are sent to the web browser via the computer network, for decryption using a decryption key that is uniquely associated with an identity that is associated with the user of the web browser ([0029] "... S6 checks the user identity. … and whether or not the user is qualified to download the content." and [0031] "… The decryption key is created based on the authentication ID received from the client …"), and wherein the decryption key is provided to the web browser via the computer network after the user is authenticated ([0032] "… Thus, the server 1 can transmit the encrypted content and the decryption key created in the S8 to the client 2."). Implementing policies which control aspects of a web browser, requiring user authentication to operate the web browser, validating the policies before actions are taken by the web browser, and receiving the policies from an external source are known techniques in the art, as demonstrated by CHAUHAN. Further, encrypting data using a key associated with a specific user, and transmitting the key for use in decryption after authenticating the user are known techniques in the art, as demonstrated by HARAKI. It would have been obvious to a person having ordinary skill in the art (PHOSITA) before the effective filing date of the claimed invention to modify the secure web browser of CHAUHAN with the user key of HARAKI with the motivation to tailor specific decrypted policies to specific users. It is obvious to use the user’s identity to supply an encryption key that can also be used to decrypt the policies after the suer is authenticated. Regarding claim 7: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 wherein any of the policies includes a policy condition that relates to a category associated with a website accessed by the web browser (CHAUHAN [0098] "… enable an enterprise to implement a content filtering policy in which, for example, employees are blocked from accessing certain web sites …"). Regarding claim 10: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 wherein any of the policies includes a policy condition that relates to any characteristic of identity of the user of the web browser (CHAUHAN [0109] "… the access gateway can ... retrieve a stored list of network applications matched with the user profile and/or the identity of the user). The list can correspond to a list of network applications sanctioned for the user."). Regarding claim 12: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 wherein any of the policies includes a policy condition that relates to a source that provided a Uniform Resource Locator (URL) to the web browser (CHAUHAN [0123] "[0123] The secure browser plug-in 516 may be able to implement network detection in order to identify whether or not to redirect internal URLs to external URLs."). Regarding claim 13: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 wherein any of the policies includes a policy enforcement action that requires performing any of data loss prevention (DLP) techniques, antivirus techniques, or antimalware techniques to the data (CHAUHAN [0039] "… This visibility can allow the client application to perform or facilitate policy-based management (e.g., including data loss prevention (DLP) capabilities) ..."). Regarding claim 16: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 wherein any of the policies includes a policy enforcement action that requires controlling client-side user interactions with a website (CHAUHAN [0098] "… enable an enterprise to implement a content filtering policy in which, for example, employees are blocked from accessing certain web sites …"). Regarding claim 23: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 wherein the web browser is specifically configured to operate with one or more target applications (CHAUHAN [0126] "... web browser application 522 may navigate to the requested network application in full-screen mode, and can render the requested network application."). Regarding claim 24: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 23 wherein the policies are specifically adapted for use with the one or more target applications (CHAUHAN [0039] "… the local CEB can provide ... a controlled system for deploying web and SaaS applications through the CEB, and... set policies or configurations via the CEB for performing any of the forgoing activities."). Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over CHAUHAN (Doc ID US 20200082024 A1) and HARAKI (Doc ID JP 2000242604 A) as applied to claim 1 above, and further in view of SCHNEIDER et al (Doc ID US 9331995 B2). Regarding claim 4: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN and HARAKI does NOT teach: wherein the web browser is configured to receive, via the computer network, browser settings associated with the authenticated user, wherein the browser settings are encrypted, before they are sent to the web browser via the computer network, for decryption using the decryption key. SCHNEIDER teaches: wherein the web browser is configured to receive, via the computer network, browser settings associated with the authenticated user (Col 3 line 67 - col 4 line 4 "… The configuration data 134 may configure the app 122 according to who the user 102 is; for example, certain features may be enabled or disabled for a given user."), wherein the browser settings are encrypted, before they are sent to the web browser via the computer network, for decryption using the decryption key (Col 4 lines 20-36 "... a hash-based message authentication code (HMAC) may be computed by concatenating the configuration data 134 with the challenge code 132 .... the configuration data 134 and the challenge code 132 may be encrypted and the resulting ciphers may be combined ..." and col 4 lines 45-48 "In a step 412, a communication 136 is sent to the user 102. ... communication 136 comprises the configuration data 134 and the verification value 134a."). Acquiring settings from a profile and encrypting those settings are known techniques in the art, as demonstrated by SCHNEIDER. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI and MOUSSEAU with the settings encryption method of SCHNEIDER with the motivation to make it difficult or impossible for an intruder into the system to view the contents of the settings. It is obvious to encrypt all configuration aspects of a browser designed for secure operation. Claims 5, 6, 20, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over CHAUHAN (Doc ID US 20200082024 A1) and HARAKI (Doc ID JP 2000242604 A) as applied to claim 1 above, and further in view of LIM et al (Doc ID US 10303892 B1). Regarding claim 5: The combination of CHAUHAN AND HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN AND HARAKI does NOT teach: wherein the web browser is configured to at least partially evaluate any of the policies that apply to the data in parallel to receiving the data. LIM teaches this limitation: Col 8 lines 17-22 "When the data protection client intercepts an application program operation, it sends the application program operation... to a policy engine to perform policy evaluation." Evaluating policies in conjunction with processing the data they apply to is a known technique in the art, as demonstrated by LIM. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the policy evaluation method of LIM with the motivation to ensure that any policies meant to govern incoming data are evaluated against that data before the data processing is complete. It is obvious to prevent potentially harmful data to complete processing before any policy can act on it. Regarding claim 6: The combination of CHAUHAN AND HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN AND HARAKI does NOT teach: wherein the web browser is configured to at least partially evaluate any of the policies that apply to the data in parallel to receiving the data and in parallel to providing any portion of the data to the browser and rendering engine. LIM teaches: wherein the web browser is configured to at least partially evaluate any of the policies that apply to the data in parallel to receiving the data (Col 8 lines 17-22 "When the data protection client intercepts an application program operation, it sends the application program operation... to a policy engine to perform policy evaluation.") and in parallel to providing any portion of the data to the browser and rendering engine (Col 8 lines 29-35 "A data protection client enforces a policy effect of policy evaluation .... If policy effect is ALLOW, ... do nothing, .... If policy effect is DENY, ... block an application program operation."). Evaluating policies in conjunction with processing the data they apply to and before the data is provided to the bowser are known techniques in the art, as demonstrated by LIM. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the policy encryption method of LIM with the motivation to prevent an unauthorized user from having read access to policies in place on a secured system. It is obvious to encrypt the policies so that an unauthorized user cannot see them and potentially gain information on circumventing them. Regarding claim 20: The combination of CHAUHAN AND HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN AND HARAKI does NOT teach: wherein the web browser further includes an auditor configured to record any actions attempted or performed by the user when using the web browser. LIM teaches this limitation: Col 18 lines 28-39 "... the functions of a data protection client ... include: ... document access or use operations on information or a document; ... and auditing (or logging) information or document access or use activities, policy decisions or policy enforcement activities." Recording actions taken by a user using the system is a known technique in the art, as demonstrated by LIM. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the user action recording method of LIM with the motivation to log actions taken by a user during a session for later review in the event illicit actions are taken. It is obvious for an enterprise browser concerned with data security to log the actions of its users. Regarding claim 21: The combination of CHAUHAN AND HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN AND HARAKI does NOT teach: wherein the web browser further includes an auditor configured to record any actions attempted or performed by the web browser when the web browser is used by the user. LIM teaches this limitation: Col 18 lines 28-39 "... the functions of a data protection client ... include: ... document access or use operations on information or a document; ... and auditing (or logging) information or document access or use activities, policy decisions or policy enforcement activities." Recording actions taken by a terminal using the system is a known technique in the art, as demonstrated by LIM. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the browser action recording method of LIM with the motivation to log actions taken by a user during a session for later review in the event illicit actions are taken. It is obvious for an enterprise browser concerned with data security to log the actions of its terminals regardless of their current user. Claims 8 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over CHAUHAN (Doc ID US 20200082024 A1) and HARAKI (Doc ID JP 2000242604 A) as applied to claim 1 above, and further in view of MOEN et al (Doc ID US 20070220599 A1). Regarding claim 8: The combination of CHAUHAN AND HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN AND HARAKI does NOT teach: wherein any of the policies includes a policy condition that relates to a risk level associated with a website accessed by the web browser. MOEN teaches this limitation: [0004] "… resource is deemed to be noncompliant with ... policies (e.g., because it is suspected of containing a computer virus or to be from a restricted site), the content may be blocked from entering the corporate network." Relating a risk level to websites visited by a user is a known technique in the art, as demonstrated by MOEN. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the risk level method of MOEN with the motivation to prevent users from visiting websites deemed too high risk. It is obvious in an enterprise browser system to prevent potentially dangerous websites from being visited and then potentially compromising the security of the system. Regarding claim 14: The combination of CHAUHAN AND HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN and HARAKI does NOT teach: wherein any of the policies includes a policy enforcement action that requires changing or otherwise manipulating the data prior to rendering the data or providing the data to the user. MOEN teaches this limitation: [0038] "… a plug-in application downloaded ... to the ... Web browser ... is configured to add contextual information to such requests so that the proxy can better determine which, if any, traffic policies apply thereto …" Altering data in some way prior to rendering it is a known technique in the art, as demonstrated by MOEN. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the data manipulation method of MOEN with the motivation to change incoming data is whatever way necessary to facilitate rendering it for view. It is obvious to perform such measures as adding or removing metadata to data prior to rendering to accomplish this. Claims 11, 19, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over CHAUHAN (Doc ID US 20200082024 A1) and HARAKI (Doc ID JP 2000242604 A) as applied to claim 1 above, and further in view of QURESHI et al (Doc ID US 20140006347 A1). Regarding claim 11: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN and HARAKI does NOT teach: wherein any of the policies includes a policy condition that relates to any characteristic of identity of a network that is accessible to the web browser. QURESHI teaches this limitation: [0193] "… The tunneling mediator ... can be configured to log ... the actual data sent through the resource network connection, ... the times at which a user requested access to one or more enterprise resources 130, etc. Analytics can be generated from the logged data. The mobile device management system 126 can set rules based on such analytics." Assigning web browsing policies related to network identity is a known technique in the art, as demonstrated by QURESHI. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the network identity policy method of QURESHI with the motivation to monitor the identity of networks being connected to. It is obvious to monitor or outright prevent connecting to networks which may be unknown or risky to the system. Regarding claim 19: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN and HARAKI does NOT teach: wherein any of the policies includes a policy enforcement action that requires any of disabling, hiding, or masking a predefined element of a webpage. QURESHI teaches this limitation: [0474] "… The secure VM 350C can implement a set of policies (such as ... prevention of access to certain URLs, prevention of access to certain APIs etc.) …" Preventing or hiding access to certain aspects of a visited webpage is a known technique in the art, as demonstrated by QURESHI. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the web page blocking method of QURESHI with the motivation to monitor or prevent access to certain untrusted or risky aspects of a visited website. It is obvious to accomplish this by blocking certain URLs which may be part of a web page, or preventing certain APIs from functioning. Regarding claim 22: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN and HARAKI does NOT teach: wherein the web browser further includes an auditor configured to record any network activity detectable by the web browser. QURESHI teaches this limitation: [0391] "... the secure mobile gateway 128 can include a repository 410 of logged data. ... Such logged data can include ... data indicative of documents downloaded to the mobile device 120, ... records of websites or other network resources accessed by particular mobile devices 120 ..." Recording network activity by a browser is a known technique in the art, as demonstrated by QURESHI. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the network activity monitoring method of QURESHI with the motivation to log activity by a user during a session for later review in the event illicit actions are taken. It is obvious for an enterprise browser concerned with data security to log the network activity of its terminals regardless of their current user. Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over CHAUHAN (Doc ID US 20200082024 A1) and HARAKI (Doc ID JP 2000242604 A) as applied to claim 1 above, and further in view of BANGA et al (Doc ID US 20140259159 A1). Regarding claim 15: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN and HARAKI does NOT teach: wherein any of the policies includes a policy enforcement action that requires, prior to rendering the data or providing the data to the user, converting the data from a first format to at least second format that eliminates a portion of the data, and then converting the converted data to the first format. BANGA teaches this limitation: [0024] "... a sterilized copy of the digital file is created from the intermediate copy. The sterilized copy ... has been converted back into the original file format." and [0043] "… A rule may also state what type of intermediate format a particular file format should be converted into ..." Converting data from a first format to a second and then back to a first format is a known technique in the art, as demonstrated by BANGA. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the data scrubbing method of BANGA with the motivation to temporarily reformat data into a form more easily manipulated by the system before reconverting it back to its original form prior to rendering. It is obvious to do this in order to perform such actions as scrubbing data for sensitive or harmful information or scripts. Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over CHAUHAN (Doc ID US 20200082024 A1) and HARAKI (Doc ID JP 2000242604 A) as applied to claim 1 above, and further in view of SINGH et al (Doc ID US 20150161177 A1). Regarding claim 17: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN and HARAKI does NOT teach: wherein any of the policies includes a policy enforcement action that requires hiding a browser tab that is closed by the user and showing the hidden browser tab when the user next attempts to access a website or other content associated with the hidden browser tab. SINGH teaches this limitation: [0037] "... When the user causes the browser to navigate to the page resource that has been background rendered, the contents of ... a hidden tab or background tab are transitioned into the tab the user was viewing …" Hiding a browser tab until the user returns to that web resource is a known technique in the art, as demonstrated by SINGH. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the browser tab hiding method of SINGH with the motivation to provide a more streamlined user experience. It is obvious to hide browser tabs temporarily in order to prevent clutter, and unhiding the tabs when the resource is accessed again saves computational resources from having to redownload many static aspects of the resource. Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over CHAUHAN (Doc ID US 20200082024 A1) and HARAKI (Doc ID JP 2000242604 A) as applied to claim 1 above, and further in view of GADDAM et al (Doc ID US 20210160247 A1). Regarding claim 18: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN and HARAKI does NOT teach: wherein any of the policies includes a policy enforcement action that requires disabling a predefined application programming interface (API) of the web browser. GADDAM teaches this limitation: [0075] "… These trust scores can be used by a policy engine to determine a resource access policy, such as disabling the API or revoking the API key." Implementing a policy that disables an API is a known technique in the art, as demonstrated by GADDAM. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the API disabling method of GADDAM with the motivation to cut off access to the browser’s API. It is obvious to do this in order to secure the browser in the event there is an attack directed through its API shared with other applications. Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over CHAUHAN (Doc ID US 20200082024 A1) and HARAKI (Doc ID JP 2000242604 A) as applied to claim 1 above, and further in view of MUMMIGATTI et al (Doc ID US 20190015974 A1). Regarding claim 25: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN and HARAKI does NOT teach: wherein any of the policies are defined and enforced using robotic process automation (RPA) techniques. MUMMIGATTI teaches this limitation: [0013] "... include a policy and rule validation RPA bot configured to determine one or more policies or rules to apply ... and insure [sic] that the processing of the event case adheres to the one or more policies or rules." Implementing a policy that is implemented through RPA techniques is a known technique in the art, as demonstrated by MUMMIGATTI. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the RPA policy method of MUMMIGATTI with the motivation to provide an interface between the browser and robotic automation aspects of the enterprise. It is obvious to create policies to this effect, and for those policies are enforced on actions performed through RPA actions. Claim 26 is rejected under 35 U.S.C. 103 as being unpatentable over CHAUHAN (Doc ID US 20200082024 A1) and HARAKI (Doc ID JP 2000242604 A) as applied to claim 1 above, and further in view of LIM et al (Doc ID US 10303892 B1) and CHIKKALA et al (Doc ID US 20200394234 A1). Regarding claim 26: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN and HARAKI does NOT teach: wherein the web browser is configured to implement multiple different profiles that are isolated from one another, each of the profiles has its own data including policies, cookies, cache, and local storage, and the different profiles are associated with any of different and concurrently-displayed browser tabs, different and concurrently-executing processes, and different and concurrently- executing browser instances. LIM teaches: wherein the web browser is configured to implement multiple different profiles that are isolated from one another (Col 38 lines 36-38 "A user profile manager 807 allows ... user configurations to be customized in per user basis."), each of the profiles has its own data including policies, cookies, cache, and local storage (Col 38 lines 38-42 "A user profile is stored in a secured viewing server ... that manages user identities."), and Creating segregated user profiles that each contain their own associated data is a known technique in the art, as demonstrated by LIM. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the user profile method of LIM with the motivation to allow certain aspects of the browser to be customized on a per-user basis. It is obvious to segregate user profiles both for user experience and to more easily distinguish actions taken on the system by different users. The combination of CHAUHAN, HARAKI, and LIM does NOT teach: the different profiles are associated with any of different and concurrently-displayed browser tabs, different and concurrently-executing processes, and different and concurrently- executing browser instances. CHIKKALA teaches this limitation: [0062] "… The user profile keeps information, which is unique to the user, i.e. because of tab groups that the user has manually defined …" Associating different browser tabs and browser instances with different user profiles is a known technique in the art, as demonstrated by CHIKKALA. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN, HARAKI, and LIM with the user profile tab association method of CHIKKALA with the motivation to keep some amount of persistence between user sessions. It is obvious when a terminal may be shared by multiple users to allow certain aspects of a previous session to be continued when a previous user logs back in. Claims 30 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over CHAUHAN (Doc ID US 20200082024 A1) and HARAKI (Doc ID JP 2000242604 A) as applied to claim 1 above, and further in view of CHOULES et al (Doc ID US 20190026458 A1). Regarding claim 30: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN and HARAKI does NOT teach: wherein the web browser is configured to validate one or more signed policies. CHOULES teaches this limitation: [0092] "… the LVD 104 may validate the local enforcement policy by confirming that the local enforcement policy is signed by the MVD 102." Validating a signed policy is a known technique in the art, as demonstrated by CHOULES. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the signed policy validation of CHOULES with the motivation to include signed policies among the policies being validated. Regarding claim 30: The combination of CHAUHAN and HARAKI teaches: The web browser system according to claim 1 The combination of CHAUHAN and HARAKI does NOT teach: wherein the web browser is configured to validate one or more encrypted policies. CHOULES teaches this limitation: [0074] "… the MVD 102 can validate the local enforcement policy by decrypting an encrypted version of the local enforcement policy …" Validating an encrypted policy is a known technique in the art, as demonstrated by CHOULES. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the authentication enabled web browser of CHAUHAN and HARAKI with the encrypted policy validation of CHOULES with the motivation to include encrypted policies among the policies being validated. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. SULLIVAN et al (Doc ID US 20070240202 A1) teaches a similar method of authenticated access to internet access. However, it is based on a gateway system for accessing a browser, as opposed to the claimed method of securing the browser itself. Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON BINCZAK whose telephone number is (703)756-4528. The examiner can normally be reached M-F 0800-1700. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571) 270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BB/Examiner, Art Unit 2437 /BENJAMIN E LANIER/Primary Examiner, Art Unit 2437