DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Applicant’s Election and Response to Restriction Requirement filed on 03/05/2026.
In response to the restriction requirement mailed on 02/04/2026, the Applicant has elected species I, claims 2 and 4-16, without traverse for prosecution. As per the Applicant’s Election and Response to Restriction Requirement, claims 17-25 are canceled; claims 26-29 are newly added, and claims 3-16 have been renumbered. Claims 1-16 and 26-29 have been examined and are pending in this application.
Priority
Acknowledgment is made of Applicant’s claim for priority under 35 U.S.C. 119 (e) to Provisional Paten Application No. 62/446,659, filed on 02/17/2023.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim(s) 1, 9, and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Beaumont et al. (US 2021/0342759; Hereinafter “Beaumont”) in view of Shurtleff et al. (US 2020/0162503; Hereinafter “Shurtleff”).
Regarding claim 1, Beaumont teaches a non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for controlling web sessions, the operations comprising:
identifying, a browser component executing on an endpoint device, navigation by a user to a web application, the web application including at least one interface element (Beaumont: Claim 1, generating, by the computing hardware and based on the state of the browser application, a graphical user interface for the browser application by configuring a first navigation element on the graphical user interface and excluding a second navigation element from the graphical user interface, wherein: the first navigation element is configured for navigating to a first display element that presents a first privacy policy dataset, and the second navigation element is configured for navigating to a second display element that presents a second privacy policy dataset; transmitting, by the computing hardware, a first instruction to the browser application causing the browser application to present the graphical user interface on the user device);
identifying an interaction with the at least one interface element by the user (Beaumont: Para. [0016], wherein actively monitoring the user context of the user as the user provides the one more system inputs comprises recording a first user input provided within a graphical user interface that occurs prior to submission of the one or more system inputs by the user, and recording a second user input provided within the graphical user interface that occurs after the user provides the first user input and before the user submits the one or more system inputs,);
determining whether the interaction with the at least one interface element triggers the at least one rule (Beaumont: Para. [0012], analyzing web browser data in response to detecting the user activation of the control to determine: a geographical location parameter associated with a geographical location of a computing device executing the web browser, a language parameter associated with a language used on the website, and an entity parameter associated with an entity associated with the website; generating a request for privacy policy content, the request comprising the geographical location parameter, the language parameter, and the entity parameter; transmitting the request to a remote computing system for use in executing, by the remote computing system, a privacy policy determination rules engine to evaluate a plurality of privacy policy rules based on the geographical location parameter, the language parameter, and the entity parameter to determine an applicable privacy policy;); and
based on a determination that the interaction with the at least one interface element triggers the at least one rule, causing a control action to be performed (Beaumont: Para. [0012], receiving the applicable privacy policy from the remote computing system; and presenting a portion of the applicable privacy policy in the web browser. Para. [0016]).
Beaumont does not explicitly teach accessing, based on an identifier of the at least one interface element, at least one rule associated with the at least one interface element;
In an analogous art, Shurtleff teaches accessing, based on an identifier of the at least one interface element, at least one rule associated with the at least one interface element (Shurtleff: Para. [0088], The graphical user interface 400C can include one or more views, panes, cards, containers, widgets, or other user interface elements, with each user interface element 460 representing an IoT device exhibiting one or more anomalies. Each IoT device user interface element 460 can include a device name 462, a device policy 464 (which can be similar to the device policy 450), and an upload traffic indicator 466 and a download traffic indicator 468 (which can be similar to the throughput trend indicators 448 or can represent the number of standard deviations of other current network traffic metrics from other historical network traffic metrics). Para. [0093], In this example, the overview user interface element 480 can also include remedial action selection user interface elements 482 that enable the end user to take remedial actions for the compromised or potentially compromised IoT device, such as to apply a specific network policy to the IoT device (e.g., quarantine, black list, white label, copy snapshot, etc.). In some embodiments, selection of a particular network policy can cause the client application to prompt whether to apply the selected policy to all devices within the same device group as the IoT device.)
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Shurtleff with the system and method of Beaumont to include accessing, based on an identifier of the at least one interface element, at least one rule associated with the at least one interface element because this functionality enables a user interface for identifying and remediating devices that exhibit anomalous behavior (Shurtleff: Para. [0001]).
Regarding claim 9, Beaumont, in combination with Shurtleff, teaches the non-transitory computer readable medium of claim 1. Beaumont, in combination with Shurtleff, does not explicitly teach wherein the control action includes locking the endpoint device (Shurtleff: Para. [0041], The monitoring and remediation subsystem 216 may also deploy device-based policies for a specific type of device, class of devices, or classes of devices, such as rules relating to device states (e.g., open/closed or locked/unlocked state for doors, windows, physical locks, etc., which can be absolute states or states lasting for a specified duration and/or states occurring within a particular time of day); and other device-specific information discussed throughout the present disclosure.)
Regarding claim 14, Beaumont, in combination with Shurtleff, teaches the non-transitory computer readable medium of claim 1, wherein the identifier of the at least one interface element includes at least one of a name of the at least one interface element or an indicator of a position of the at least one interface element (Shurtleff: Para. [0088], The graphical user interface 400C can include one or more views, panes, cards, containers, widgets, or other user interface elements, with each user interface element 460 representing an IoT device exhibiting one or more anomalies. Each IoT device user interface element 460 can include a device name 462, a device policy 464 (which can be similar to the device policy 450), and an upload traffic indicator 466 and a download traffic indicator 468 (which can be similar to the throughput trend indicators 448 or can represent the number of standard deviations of other current network traffic metrics from other historical network traffic metrics). Para. [0093], In this example, the overview user interface element 480 can also include remedial action selection user interface elements 482 that enable the end user to take remedial actions for the compromised or potentially compromised IoT device, such as to apply a specific network policy to the IoT device (e.g., quarantine, black list, white label, copy snapshot, etc.). In some embodiments, selection of a particular network policy can cause the client application to prompt whether to apply the selected policy to all devices within the same device group as the IoT device.).
Regarding claim 15, Beaumont, in combination with Shurtleff, teaches the non-transitory computer readable medium of claim 1, wherein:
the at least one interface element includes a first interface element and a second interface element, and the interaction with the at least one interface element includes an interaction with the first interface element and an interaction with the second interface element by the user (Shurtleff: Fig 4D, Para. [0112], At step 512, the IoT management system can present a detailed representation of an IoT device of the remediation interface, such as in response to a selection of a user interface element of the remediation interface that corresponds to the IoT device. The detailed representation can include a plurality of user interface elements in which each user interface element can represent an action to be performed relating to the IoT device, including remedial actions (e.g., throttle bandwidth/throughput, quarantine, black last, white list or white label, reroute traffic, etc.) or network administrative actions (e.g., ping, ifconfig, traceroute, netstat, tcpdump, etc.). FIG. 4D illustrates an example of a graphical user interface for the detailed representation of the IoT device that may require remediation.); and
the determination whether the interaction with the at least one interface element triggers the at least one rule is based on the interaction with the first interface element and the interaction with the second interface element (Shurtleff: Fig. 4D, Para. [0114], In some embodiments, the IoT management system may automatically apply the policies or rules the moment an IoT device has been marked for remediation. In other embodiments, the IoT management system can prescribe a recommended course of action and perform an action selected by an end user. In still other embodiments, the IoT management system can utilize a combination of these approaches (e.g., automatically throttling bandwidth/throughput or quarantining a compromised or potentially compromised device and prompting the end user to perform additional remediation). The policies and rules the IoT management system can automatically enforce versus prompting for user approval may depend on factors such as the type of the device, the security group of the device, the device's subnet address, the device's physical location, the device's security score, the type or severity of the vulnerability, and other factors discussed throughout the present disclosure.).
Regarding claim 16, Claim 16 is rejected under the same rational as claim 1.
Claim(s) 2-8, 10-13, and 26-29 are rejected under 35 U.S.C. 103 as being unpatentable over Beaumont et al. (US 2021/0342759; Hereinafter “Beaumont”) in view of Shurtleff et al. (US 2020/0162503; Hereinafter “Shurtleff”) in view of Cohen (US 2024/0291863).
Regarding claim 2, Beaumont, in combination with Shurtleff, teaches the non-transitory computer readable medium of claim 1. Beaumont, in combination with Shurtleff, does not explicitly teach wherein the interaction with the at least one interface element includes a value being input by the user and wherein determining whether the interaction with the at least one interface element triggers the at least one rule includes determining whether the value triggers the at least one rule.
In an analogous art, Cohen teaches wherein the interaction with the at least one interface element includes a value being input by the user and wherein determining whether the interaction with the at least one interface element triggers the at least one rule includes determining whether the value triggers the at least one rule (Cohen: Para. [0236], Hidden display element 6-302 may be allocated to the same or similar region of a display as visibly presented web element 6-304 (e.g., displaying a text “Transfer Money”). However, a layer (e.g., set using a z-index display parameter) for hidden display element 6-302 may be higher (e.g., a z-index of 2) than a layer for visibly presented web element 6-304 (e.g., a z-index of 1). Consequently, a user attempting to click on visibly presented web element 6-304 may be tricked into clicking on hidden display element 6-302 instead, triggering one or more actions (e.g., malicious actions) associated with hidden display element 6-302. Para. [0246], An occurrence of an input event may be detected by an event listener associated with a user interface for a computing device (e.g., as shown in FIG. 3) and configured to invoke an action in response to the impulse or signal. Some examples of an input event may include clicking a button web element using an electronic mouse, submitting data in a form web element using a keyboard device, checking a checkbox web element by touching a touch-sensitive screen, or entering text into a field using a microphone configured with a speech recognition application. [a dollar amount of money to transfer meets the value limitation] Para. [0138], A return value of a function may be required to conform to a specific format (e.g., data type, size, number of arguments, range of allowed values) expected by the code invoking the function. Para. [0138], For example, the return value for a function determining if an input is a number (e.g., isNaN( )) may be a binary type, e.g., True if the input is a number and False if the input is not a number. Para. [0164], A length threshold may include, for example, a particular number of characters, letters, symbols, values, digits, lines, HTML elements, or other quantification of computer-readable data. Para. [0341]-[0346])
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Cohen with the system and method of Beaumont and Shurtleff to include wherein the interaction with the at least one interface element includes a value being input by the user and wherein determining whether the interaction with the at least one interface element triggers the at least one rule includes determining whether the value triggers the at least one rule because this functionality provides for exploit prevention and malicious code neutralization (Cohen: Para. [0002]).
Regarding claim 3, Beaumont, in combination with Shurtleff and Cohen, teaches the non-transitory computer readable medium of claim 2, wherein determining whether the value triggers the at least one rule includes at least one of: determining whether the value is within an accepted range of values or determining whether the value includes at least one restricted value (Cohen: Para. [0246], An occurrence of an input event may be detected by an event listener associated with a user interface for a computing device (e.g., as shown in FIG. 3) and configured to invoke an action in response to the impulse or signal. Some examples of an input event may include clicking a button web element using an electronic mouse, submitting data in a form web element using a keyboard device, checking a checkbox web element by touching a touch-sensitive screen, or entering text into a field using a microphone configured with a speech recognition application. [a dollar amount of money to transfer meets the value limitation] Para. [0138], A return value of a function may be required to conform to a specific format (e.g., data type, size, number of arguments, range of allowed values) expected by the code invoking the function. Para. [0138], For example, the return value for a function determining if an input is a number (e.g., isNaN( )) may be a binary type, e.g., True if the input is a number and False if the input is not a number. Para. [0164], A length threshold may include, for example, a particular number of characters, letters, symbols, values, digits, lines, HTML elements, or other quantification of computer-readable data. Para. [0341]-[0346]).
Regarding claim 4, Beaumont, in combination with Shurtleff and Cohen, teaches the non-transitory computer readable medium of claim 2, wherein the control action includes changing the value to a modified value, wherein the modified value does not trigger the at least one rule (Cohen: Para. [0092], If the source is determined to be suspect, the execution may be suspended or modified before damage occurs. Para. [0098], For example, the API invocation may be intercepted using a patch (e.g., a piece of code) to override the original functionality of the API invocation. The patch may, for example, change the scheduling of one or more tasks associated with the API invocation, e.g., to delay or postpone performing certain tasks until the API may be examined, or the source of the API may be validated. As another example, the patch may modify one or more arguments associated with the API invocation, e.g., by adding or removing an arguments, or by changing a value of an argument, e.g., to facilitate in testing the validity of the API invocation.).
Regarding claim 5, Beaumont, in combination with Shurtleff, teaches the non-transitory computer readable medium of claim 1. Beaumont, in combination with Shurtleff, does not explicitly teach wherein the control action includes restricting an interaction with at least one additional interface element of the web application by the user.
In an analogous art, Cohen teaches wherein the control action includes restricting an interaction with at least one additional interface element of the web application by the user (Cohen: Para. [0098], In some embodiments, the one or more instructions blocking the API invocation may be associated with a cybersecurity agent. A cyber security agent may be a module, program, or other portion of software associated with carrying out operations to enhance security of a computing environment, such as a web browsing environment. In some embodiments, the cybersecurity agent may be implemented by injecting into code (e.g., into the executable code including the API invocation) instructions to instantiate the cybersecurity agent. For example, the instructions may be inserted into a top portion of the executable code such that the cybersecurity agent is instantiated (e.g., thereby implementing the virtual barrier) before other instructions are executed. The cybersecurity agent may scan the executable code to identify and intercept the API invocation. In some embodiments, a cybersecurity application configured with the browser application running on the computing device and/or with a cybersecurity server in communication with the computing device may inject the cybersecurity agent into the executable code including the API invocation.).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Cohen with the system and method of Beaumont and Shurtleff to include wherein the control action includes restricting an interaction with at least one additional interface element of the web application by the user because this functionality provides for exploit prevention and malicious code neutralization (Cohen: Para. [0002]).
Regarding claim 6, Beaumont, in combination with Shurtleff teaches the non-transitory computer readable medium of claim 1. Beaumont, in combination with Shurtleff does not explicitly teach wherein the control action includes causing a message to be presented to the user, the message indicating the interaction with the at least one interface element triggers the at least one rule.
In an analogous art, Cohen teaches wherein the control action includes causing a message to be presented to the user, the message indicating the interaction with the at least one interface element triggers the at least one rule (Cohen: Para. [0101], In some embodiments, the trigger event may include a network request. A network request may include one or more of a fetch event requesting information from a server (e.g., associated with a current website, a cross-origin request directed to a server associated with a different website), an abort request (e.g., for cancelling fetch requests), a request associated with web socket connections (e.g., open, message, error, and close)).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Cohen with the system and method of Beaumont and Shurtleff to include wherein the control action includes causing a message to be presented to the user, the message indicating the interaction with the at least one interface element triggers the at least one rule because this functionality provides for exploit prevention and malicious code neutralization (Cohen: Para. [0002]).
Regarding claim 7, Beaumont, in combination with Shurtleff and Cohen, teaches the non-transitory computer readable medium of claim 6, wherein causing the message to be presented includes causing the message to be overlaid on the web application (Cohen: Para. [0184], Consistent with disclosed embodiments, in response to the determined existence of a difference between the first DOM tree and the second DOM tree, the at least one processor may generate a notification, which may be for display in a user interface (e.g., configured to be displayed on a display within an interface, as discussed above regarding a user interface). A notification may include text, an icon, a window, a field, a list, a diagram, or any visual indication related to executable code. For example, a notification may include text within a pop-up window overlaid onto a web browser page. In some embodiments, a notification may indicate a potential untrusted code injection, which may include at least one of code added to an execution process, code added within an execution process, unexpected code, an unexpected functionality, a portion of code within an HTML document, code associated with a node of a DOM tree, or any code identified to have a potential to cause an unexpected or malicious effect on a device.).
Regarding claim 8, Beaumont, in combination with Shurtleff, teaches the non-transitory computer readable medium of claim 1. Beaumont, in combination with Shurtleff, does not explicitly teach wherein the control action includes causing transmission of an alert indicating the at least one rule has been triggered.
In an analogous art, Cohen teaches wherein the control action includes causing transmission of an alert indicating the at least one rule has been triggered (Cohen: Para. [0184], Consistent with disclosed embodiments, in response to the determined existence of a difference between the first DOM tree and the second DOM tree, the at least one processor may generate a notification, which may be for display in a user interface (e.g., configured to be displayed on a display within an interface, as discussed above regarding a user interface). A notification may include text, an icon, a window, a field, a list, a diagram, or any visual indication related to executable code. For example, a notification may include text within a pop-up window overlaid onto a web browser page. In some embodiments, a notification may indicate a potential untrusted code injection, which may include at least one of code added to an execution process, code added within an execution process, unexpected code, an unexpected functionality, a portion of code within an HTML document, code associated with a node of a DOM tree, or any code identified to have a potential to cause an unexpected or malicious effect on a device. [notification may include an alert]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Cohen with the system and method of Beaumont and Shurtleff to include wherein the control action includes causing transmission of an alert indicating the at least one rule has been triggered because this functionality provides for exploit prevention and malicious code neutralization (Cohen: Para. [0002]).
Regarding claim 10, Beaumont, in combination with Shurtleff, teaches the non-transitory computer readable medium of claim 1. Beaumont, in combination with Shurtleff, does not explicitly teach wherein the operations further include validating an identity of the user.
In an analogous wherein the operations further include validating an identity of the user (Cohen: Para. [0127], he interception may prevent the native API from accessing system resources (e.g., thereby implementing a virtual barrier between the native API and the system resources). In some embodiments, the wrapped API may include instruction to invoke one or more procedures to thwart a cybersecurity threat, such as to perform validation checks, data integrity tests, authentication and authorization checks, and any other test to prevent a cybersecurity threat. Para. [0326], Para. [0343]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Cohen with the system and method of Beaumont and Shurtleff to include wherein the operations further include validating an identity of the user because this functionality provides for exploit prevention and malicious code neutralization (Cohen: Para. [0002]).
Regarding claim 11, Beaumont, in combination with Shurtleff and Cohen, teaches the non-transitory computer readable medium of claim 10, wherein determining whether the interaction with the at least one interface element triggers the at least one rule is based on the identity of the user (Cohen: Para. [0351], For example, form 8-200 may be a presentation of content included in and/or referenced by code 8-104 of FIG. 8-1. Form 8-200 may present a login form to a user, prompting the user to enter authenticating credentials into a username input field 8-202 and password input field 8-204. A software agent (e.g., agent 8-106) may determine that a functionality associated with username input field 8-202 and password input field 8-204 is not valid. For example, the software agent may detect a code for stealing text entered into username input field 8-202 and password input field 8-204, thereby stealing the authenticating credentials. In response, the software agent may disable input fields and display an alert 8-206. [username meets identity limitation]).
Regarding claim 12, Beaumont, in combination with Shurtleff and Cohen, teaches the non-transitory computer readable medium of claim 10, wherein the control action includes triggering an additional authentication of the identity of the user (Cohen: Para. [0127], he interception may prevent the native API from accessing system resources (e.g., thereby implementing a virtual barrier between the native API and the system resources). In some embodiments, the wrapped API may include instruction to invoke one or more procedures to thwart a cybersecurity threat, such as to perform validation checks, data integrity tests, authentication and authorization checks, and any other test to prevent a cybersecurity threat. Para. [0326], Para. [0343]).
Regarding claim 13, Beaumont, in combination with Shurtleff, teaches the non-transitory computer readable medium of claim 1, wherein the control action includes storing information identifying at least one of the user or the interaction with the at least one interface element (Shurtleff: Para. [0061], The remediation data store 228 can store data relating to remediation for IoT devices, such as remediation history, device profile information, remediation actions, and so forth.).
Regarding claim 26, Claim 26 is rejected under the same rational as claim 2.
Regarding claim 27, Claim 27 is rejected under the same rational as claim 5.
Regarding claim 28, Claim 28 is rejected under the same rational as claim 10.
Regarding claim 29, Claim 29 is rejected under the same rational as claim 11.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Patent No.: 10,997,246 by Perkins et al.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Nelson Giddins whose telephone number is (571)272-7993. The examiner can normally be reached on Monday - Friday, 9:00 AM - 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached at (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/NELSON S. GIDDINS/ Primary Examiner, Art Unit 2408