Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This communication is in response to: Application filed on December 20th, 2023
Claims 1-29 are pending claims.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 4, 10, 13 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 4 recites the limitation "untrusted website code definition elements”. There is insufficient antecedent basis for this limitation in the claim. Claim 4 is accordingly indefinite because a skilled artisan cannot determine with reasonable certainty whether "untrusted website code definition elements" is: (a) a typographical error for "untrusted website code components," (b) a new and distinct category of untrusted code not previously introduced. The Office suggests amending claim 4 to “untrusted website code components”.
Claim 10 recites the limitation "the one or more corresponding trusted website code components”. There is insufficient antecedent basis for this limitation in the claim. Claim 10 is accordingly indefinite because a skilled artisan cannot determine with reasonable certainty whether "trusted website code definition elements" is: (a) a typographical error for "untrusted website code components," (b) a new and distinct category of trusted code not previously introduced. The Office suggest amending claim 10 to “trusted website code definition elements”.
Claim 13 recites the limitation "the trusted root website code definition element” and “the untrusted root website code component”. There is insufficient antecedent basis for this limitation in the claim. Claim 13 is accordingly indefinite because a skilled artisan cannot determine with reasonable certainty whether claim 13 intends to: (a) incorporate the “root” subject matter of claim 12, (b) to introduce new “trusted root” and “untrusted root” elements without first establishing them. The Office suggest amending claim 10 to “trusted website code definition elements”. The Office suggests amending claim 13 to depend from claim 12.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cui, US PG PUB# 2014/0095974 (hereinafter Cui) in view of Appleton, US PG PUB# 2008/0301643 (hereinafter Appleton).
As for independent claim 1:
Cue discloses a website building system configured to enable rendering of a hybrid website interface based on at least one trusted website code definition element and at least one untrusted website code component, the website building system comprising at least one processor and at least one non-transitory memory comprising program code, the at least one non-transitory memory and the program code configured to, with the at least one processor, cause the website building system to at least:
provide a primary execution environment configured to execute one or more trusted website code definition elements (0021-0022, 0026, 0029, Cui discloses web browser architecture with base domain, isolated domain and third party domain. Base domain, client web server, and mashup component repository work together to present interface from the business service provider to run in a secure environment. Also see business object editor to enable a user to see and edit business object data in 0031. The base domain executing the trusted base webpage code is a primary execution environment for trusted website code definition elements);
provide one or more sandbox execution environments configured to execute one or more untrusted website code components (0022, 0027, 0032-0033, Cui discloses isolated domain and mashup server work together to allow a mashup application to run in a secure environment. This prevent nefarious code and problem as discussed in 0019);
Cui does not disclose provide one or more proxy transformation components that are configured to communicatively link the one or more untrusted website code components to at least one of the one or more trusted website code definition elements; cause rendering of the hybrid website interface following execution of the at least one trusted website code definition element and the one or more untrusted website code components via the one or more proxy transformation components. Appleton discloses provide one or more proxy transformation components that are configured to communicatively link the one or more untrusted website code components to at least one of the one or more trusted website code definition elements; cause rendering of the hybrid website interface following execution of the at least one trusted website code definition element and the one or more untrusted website code components via the one or more proxy transformation components in 0038, 0062-0065, 0068. In the cited sections Appleton discloses host side and stub side proxy objects, a map router manages communication with the maps application, a module router manages communication with the various modules. Host objects may be generated from information provided by a mapplet stub and behavior may be tracked by a mapplet stub. Appleton further discloses communications between modules use remote procedure calls with ephemeral connections where a request that expect a response supplies details about how it expects to receive the response. Accordingly it would have been obvious before the effective filing date of the claimed invention to a skilled artisan to modify the method of Cui single container HTML to incorporate the teaching of Appleton of paired host object and stub proxy and dual router communication system, thus provided a structured multi-component communication between trusted and untrusted web code (Appleton, 0038, 0063).
As for dependent claim 2:
Cui-Appleton discloses the website building system of claim 1, wherein the one or more proxy transformation components comprise at least one primary execution environment proxy transformation component and at least one sandbox execution environment proxy transformation component (0036-0039, Cui discloses container and a sandbox component, see mashup -iframe script communication through the bridge). Appleton, 0063, map router operated in the mapplet-iframe context, sandbox side proxy. Accordingly it would have been obvious before the effective filing date of the claimed invention to a skilled artisan to modify the method of Cui single container HTML to incorporate the teaching of Appleton of paired host object and stub proxy and dual router communication system, thus provided a structured multi-component communication between trusted and untrusted web code (Appleton, 0038, 0063).
As for dependent claim 3:
Cui-Appleton discloses the website building system of claim 2, wherein providing the primary execution environment and providing the one or more sandbox execution environments comprises mapping a rendering order of the one or more trusted website code definition elements and the one or more untrusted website code components across the execution environments (Cui, 0040-0044, discloses an ordered sequence of HTML, context, and a callback messages that govern the sequence in which the mashup and base webpage render. Appleton discloses cross boundary communication in 0064-0065. Accordingly it would have been obvious before the effective filing date of the claimed invention to a skilled artisan to modify the method of Cui single container HTML to incorporate the teaching of Appleton of paired host object and stub proxy and dual router communication system, thus provided a structured multi-component communication between trusted and untrusted web code (Appleton, 0038, 0063).
As for dependent claim 4:
Cui-Appleton discloses the website building system of claim 3, wherein one or more primary execution environment proxy transformation components operate in the primary execution environment and are configured as placeholders of the one or more corresponding untrusted website code definition elements in the rendering order (Cui, 0043-0044, web service is called at service provide and the service provider sends a response back to mashup backend. The response may then be sent to container.html).
As for dependent claim 5:
Cui-Appleton discloses the website building system of claim 4, wherein a first trusted website code definition element executing in the primary execution environment is configured to: receive a triggering event; and transmit the triggering event downstream to a subsequent primary execution environment proxy transformation component executing in the primary execution environment, the subsequent primary execution environment proxy transformation component communicating a message to its corresponding untrusted website code component executing in a first sandbox execution environment (0037-0039, Cui discloses that the base webpage receives events and forwards them through the container bridge to the mashup iframe).
As for dependent claim 6:
Cui-Appleton discloses the website building system of claim 5, wherein the triggering event is a client event originating from a user interaction with a browser operating on a client device (0015, 0031, 0037, Cui discloses user interaction with the browser drive the application. The users interact with the business editor, user input elements, and a webpage controls to trigger updates/messages 0037).
As for dependent claim 7:
Cui-Appleton discloses the website building system of claim 3, wherein a first untrusted website code component executes in a first sandbox execution environment, wherein an output of the execution of the first untrusted website code component comprises tracked data, and wherein the tracked data is communicated to a corresponding primary execution environment proxy transformation component executing in the primary execution environment (0036-0039, 0041, Cui discloses that the mashup iframe posts messages back through the container bridge to the base domain).
As for dependent claim 8:
Cui-Appleton discloses the website building system of claim 7, wherein, during execution, the first untrusted website code component performs a simulated rendering of itself (Cui, 0034, shows messages may be rendered in a web browser).
As for dependent claim 9:
Cui-Appleton discloses the website building system of claim 7, wherein, during execution, the corresponding primary execution environment proxy transformation component provides the tracked data as input data to a subsequent trusted website code definition element in the rendering order (0038-0039, Cui discloses that callback data routed through the containers bridge drives subsequent DOM updates on the base webpage. Appleton, 0065 discloses router mediated forwarding of tracked data to the next service handles in the rendering order. Accordingly it would have been obvious before the effective filing date of the claimed invention to a skilled artisan to modify the method of Cui single container HTML to incorporate the teaching of Appleton of paired host object and stub proxy and dual router communication system, thus provided a structured multi-component communication between trusted and untrusted web code (Appleton, 0038, 0063).
As for dependent claim 10:
Cui-Appleton discloses the website building system of claim 3, wherein one or more sandbox execution environment proxy transformation components operate in a first sandbox execution environment and are configured as placeholders of the one or more corresponding trusted website code components in the rendering order (Appleton, 0062-0063, discloses mapplet stub holds stub proxies that emulate host objects in the opposing trusted context and a module router operates on the sandbox side standing in for the trusted maps application components from the mapplet’s point). Accordingly it would have been obvious before the effective filing date of the claimed invention to a skilled artisan to modify the method of Cui single container HTML to incorporate the teaching of Appleton of paired host object and stub proxy and dual router communication system, thus provided a structured multi-component communication between trusted and untrusted web code (Appleton, 0038, 0063).
As for dependent claim 11:
Cui-Appleton discloses the website building system of claim 10, wherein a second untrusted website code component executes in a second, separate sandbox execution environment (Appleton, 0062-0063, discloses multiple mapplets from different domains, each running in its own iframe/sandbox. Accordingly it would have been obvious before the effective filing date of the claimed invention to a skilled artisan to modify the method of Cui single container HTML to incorporate the teaching of Appleton of paired host object and stub proxy and dual router communication system, thus provided a structured multi-component communication between trusted and untrusted web code (Appleton, 0038, 0063).
As for dependent claim 12:
Cui-Appleton discloses the website building system of claim 3, wherein the rendering order comprises at least a trusted root website code definition element of the primary execution environment and an untrusted root website code component of a first sandbox execution environment (Cui, 0030-0034, discloses base webpage, trusted root, embeds mash up application via container.HTML and iframe / sandbox).
As for dependent claim 13:
Cui-Appleton discloses the website building system of claim 3, wherein the program code is further configured to, with the at least one processor, cause the website building system to at least:
receive a code execution request, the code execution request triggering an execution instruction to the trusted root website code definition element of the primary execution environment and the trusted root website code definition element transmitting another execution instruction to the untrusted root website code component of the first sandbox execution environment (Cui, 0030-0034, 0041, discloses the trusted root, base webpage, receives the execution request and transmits another section instruction to the untrusted root, mashup, in the sandbox).
As for dependent claim 14:
Cui-Appleton discloses the website building system of claim 1, wherein at least one of the one or more untrusted website code components comprises a third-party application or third-party code (Cui, 0017-0018, see third party and partner key user, third party domain hosting)
As for dependent claim 15:
Cui-Appleton discloses the website building system of claim 1, wherein at least one of the one or more untrusted website code components comprises untested or insufficiently tested code (Cui, 0019, see unsafe code and security).
As for dependent claim 16:
Cui-Appleton discloses the website building system of claim 1, wherein a first untrusted website code component comprises a presentation code subcomponent and a logic code subcomponent (0033, Cui discloses that the mashup application is a markup language document (presentation) combining data from multiple sources, with webpage described as a SILVERLIGHT, also see subcomponent and executable script/bytecode in 0031).
As for dependent claim 17:
Cui-Appleton discloses the website building system of claim 16, wherein the website building system further comprises a Jcompiler, the Jcompiler configured to: extract declarative programming language expressions from the presentation code subcomponent of the first untrusted website code component;
compile the extracted declarative programming language expressions to form a secure code component executing in the primary execution environment; and form the one or more proxy transformation components from the presentation code subcomponent of the first untrusted website code component, the one or more proxy transformation components executing in the primary execution environment (Cui, 0041, discloses JavaScript, Flash application, mashup model retrieved and transmitted back to mashup framework. See mashup backed and application executing within base webpage).
As for dependent claim 18:
Cui-Appleton discloses the website building system of claim 1, wherein a first trusted website code definition element of the one or more trusted website code definition elements comprises declarative programming language expressions (Cui, 0031, base webpage elements include text, images, and web applications, 0033 markup language doc).
As for dependent claim 19:
The website building system of claim 18, wherein the first trusted website code definition element is configured to define a function that accepts tracked data (Cui, 0043-0044, Cui discloses container.HTML includes function definition and functions that accept data. Appleton discloses tracking and behavior in 0038).
As for dependent claim 20:
Cui-Appleton discloses the website building system of claim 18, wherein the first trusted website code definition element comprises instructions configured to be compiled into logic instructions (Cui, 0031, 0033, see SILVERLIGHT, MXML is compiled into executable bytecode logic at build time. Cui discloses Silverlight application).
As for dependent claim 21:
An Official Notice is taken that static analysis of declarative web code for verification of security was well know in in the art before the effective filing date to a skilled artisan. HMTL validators tools are common, also see Silverlight release as mentioned by Cui in 0031, 0033. Thus the limitation would have been obvious to a skilled artisan before the effective filing date: website building system of claim 18, wherein the declarative programming language expressions are verifiable via static analysis.
As for dependent claim 22:
Cui-Appleton discloses the website building system of claim 1, wherein the program code is further configured to, with at least one processor, cause the website building system to at least: analyze a plurality of website code structures configured to render the hybrid website interface; parse the plurality of website code structures; and programmatically determine and categorize at least one website code structure as a trusted website code definition element and at least one other website code structure as an untrusted website code component (Appleton, 0062-0065). Accordingly it would have been obvious before the effective filing date of the claimed invention to a skilled artisan to modify the method of Cui single container HTML to incorporate the teaching of Appleton of paired host object and stub proxy and dual router communication system, thus provided a structured multi-component communication between trusted and untrusted web code (Appleton, 0038, 0063).
As for dependent claim 23:
An Official Notice is taken that the use of a trained machine learning models to programmatic categorize computer code or web content would have been known in the art before the effective filing date. The use of supervised machine learning classifiers, ML classifiers are well known since at least 2018. Thus it would have been obvious to a skilled artisan before the effective filing date to add a trained machine learning model to Cui in view of Appleton for the purpose of programmatically categorizing website code structures as trusted or untrusted. The following limitations would have been obvious at the time of the effective filing date: wherein the website building system comprises one or more trained machine learning models to programmatically determine and categorize the at least one website code structure as a trusted website code definition element and the at least one other website code structure as an untrusted website code component.
As for dependent claim 24:
Cui-Appleton discloses the website building system of claim 1, wherein an execution output of the primary execution environment creates or updates a structure in a Document Object Model (DOM) of the hybrid website interface (Cui, 0033-0036, discloses JavaScript manipulates the DOM, container.HTML page).
As for dependent claim 25:
Cui-Appleton discloses the website building system of claim 24, wherein the DOM of the hybrid website interface is associated with at least one document data structure, the at least one document data structure comprises one or more of a tree-structured data structure, a forest-structured data structure, a federated architecture data structure, a graph data structure, a referential table, an object database, a flat data structure, a hash table, or a combination thereof (Cui, 0033, DOM is inherently a tree structured da structure, and Cui discloses browser-rendered DOM trees, HTML).
As for dependent claim 26:
Cui-Appleton discloses the website building system of claim 1, wherein rendering of the hybrid website interface is a client-side rendering (Cui, 0029 and 0022, base web page and mashup iframe)
As for dependent claim 27:
Cui-Appleton discloses the website building system of claim 1, wherein rendering of the hybrid website interface is a server-side rendering (0026, 0029, Cui discloses web browser architecture with base domain, isolated domain and third party domain).
As for independent claim 28, 29:Claims 28 and 29 contains substantial subject matter as claimed in claim 1 and are respectfully rejected along the same rationale.
It is noted that any citation to specific, pages, columns, lines, or figures in the prior art references and any interpretation of the references should not be considered to be limiting in any way. A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. In re Heck, 699 F.2d 1331, 1332-33,216 USPQ 1038, 1039 (Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006, 1009, 158 USPQ 275, 277 (CCPA 1968)).
The Examiner notes MPEP § 2144.01, that quotes In re Preda, 401 F.2d 825,159 USPQ 342, 344 (CCPA 1968) as stating “in considering the disclosure of a reference, it is proper to take into account not only specific teachings of the reference but also the inferences which one skilled in the art would reasonably be expected to draw therefrom.” Further MPEP 2123, states that “a reference may be relied upon for all that it would have reasonably suggested to one having ordinary skill the art, including nonpreferred embodiments. Merck & Co. v. Biocraft Laboratories, 874 F.2d 804, 10 USPQ2d 1843 (Fed. Cir.), cert. denied, 493 U.S. 975 (1989).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID PHANTANA ANGKOOL whose telephone number is (571) 272-2673. The examiner can normally be reached M-F, 7:00-3:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, can Adam Queler be reached on 571-272-4140. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/David Phantana-angkool/Primary Examiner, Art Unit 2172