Secret Replacement for Web Browsers

DETAILED ACTION Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/27/2026 has been entered. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed 01/27/2026 have been fully considered but they are not persuasive. Regarding the currently amended claim 1, Applicant argues that Rodgers does not disclose the limitation “..wherein the intercepted transmission of genuine secret occurs between the secret management application and the browser component.” In response, Examiner respectfully disagrees, and submits that although Rodgers does not explicitly uses the word “browser” throughout its disclosure, but Rodgers discloses that a local resource may be an HTTPS resource (at least column 9, lines 14-19). In addition, figure 6, steps 602 & 604 discloses “..the proxy may receive an access request directed to a local resource that is a web server, via Hypertext Transfer Protocol (HTTP), including placeholder credentials. The proxy may then, after substituting the placeholder credentials with the local resource credentials, use HTTP secure (also referred to as HTTP over Transport Layer Security (TLS) or HTTP over Secure Socket Layer (SSL)) to transmit the access request to the local resource” and “..the proxy sends the access request with the local resource credentials to the local resource….the access request may use a secure communication protocol (e.g., HTTPS) in order to protect the local resource credentials during transmission” (column 13, lines 33-66). HTTPs is also implicitly used when transmitting the local resource credentials and the placeholder credentials to the application as discussed in figure 5 (at least column 11, line 32-column 12, line 60). HTTPS is a component of browser, and clearly the intercepted transmission of the genuine secrets occurs between the secret management application (app at the local resource) and the browser component (HTTPs). Thus, contrasting to the Applicant’s argument, Rodgers still discloses the limitation argue above. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-3 and 5-21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Rodgers et al. (US Patent 9,531,715 B1-hereinafter Rodgers). Regarding claim 1, Rodgers discloses a non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for replacing secrets for use with browser components, the operations comprising: requesting, by a secret management application running in conjunction with a browser component, a genuine secret (at least figures 4A, 4B, 5 & 6, step 606, column 13, lines 54-60, an app at the local resource (secret management application) inherently requests for local resource credentials); determining, by a secret replacement module separate from the secret management application, that the genuine secret is being transmitted from the secret management application to a secret consuming application (at least figure 5, column 11, lines 19-53, management service 100 & proxy 492 are collectively interpreted as corresponding to the recited ‘secret replacement module’. The management service 100 and proxy 492 are clearly separate from the app at the local resource (secret management application). The management service 100 & proxy 492 determine that local resource credentials are being transmitted to the application 490 (secret consuming application) when the local resource credentials are issued or rotated/changed); based on at least one rule, determining, by the secret replacement module, that the genuine secret should be intercepted (at least figure 5, steps 502 & 504, column 11, lines 43-56, column 12, lines 38-61, i.e.: based on a rule to isolate the local resource credentials from the secret consuming application, the management service & proxy determine a placeholder credential should be used in place of the local resource credentials); based on the determination that the genuine secret should be intercepted, intercepting, by the secret replacement module, the genuine secret (at least figure 5, steps 502 & 504, column 11, lines 43-56, column 12, lines 38-61, the management service & proxy determine that a placeholder should be used), wherein the intercepting the genuine secret occurs on a communication path between the secret management application and the browser component (at least figure 4A & 4B, i.e.: the interception of the local resource credentials occurs between the collectively management service & proxy and the local resource or the computing device affiliated with the local resource); based on the interception, creating, by the secret replacement module, a replacement secret (at least column 11, lines 43-47, column 12, lines 7-18, the placeholder credential is created/generated); sending, by the secret replacement module to the secret consuming application, the replacement secret in lieu of the genuine secret, wherein the replacement secret is created by and provided from a secret replacement module that has determined, based on at least one rule, that the genuine secret should be replaced and has intercepted a transmission of the genuine secret from the secret management application to the secret consuming application (at least figure 5, step 504, column 12, lines 49-61, the management service 100 & proxy collectively interpreted as corresponding the recited ‘secret replacement module’. The management service and proxy collectively generates placeholder credentials (at least column 11, lines 43-45), & sending to the application 490 (secret consuming application) that requires access to local resource, placeholder credentials, wherein the placeholder credentials are created and provided from the management service & proxy (secret replacement module) that determines that the local resource credentials should be replaced/removed from transmission of credentials sent from the local resource or computing device affiliated with the local resource); and enabling the secret consuming application to utilize the replacement secret to attempt to perform a secured action, wherein the secret replacement module intercepts the attempt and replaces the replacement secret with the genuine secret to complete the attempt (at least figures 4A, 4B & 6, column 12, line 62-column 13, line 43, enabling application 490 to use placeholder credentials to attempt to access local resources. Placeholder credentials being replaced with local resource credentials). Regarding claim 2, Rodgers discloses the non-transitory computer readable medium of claim 1. wherein the secret replacement module is configured to store secrets in a protected manner associated with the browser component (at least column 2, lines 61-67 and column 8, lines 63-67, local resource credentials are kept separate from the application). Regarding claim 3, Rodgers discloses the non-transitory computer readable medium of claim 2. Rodgers also discloses the protected manner is controlled by an external service or application (at least figures 4A & 4B, column 2, lines 61-67 & column 8, lines 63-67, the protected manner in which local resource credentials are kept is controlled by the proxy). Regarding claim 5, Rodgers discloses the non-transitory computer readable medium of claim 1. Rodgers also discloses the secret replacement module is configured to operate according to one or more configuration parameters (at least column 9, lines 14-36, the collective management service & proxy is configured to operate according local resource credentials required for a particular local resource). Regarding claim 6, Rodgers discloses the non-transitory computer readable medium of claim 5. wherein the secret replacement module is configured to operate according to one or more configuration parameters to determine whether to replace the genuine secret (at least column 9, lines 14-36; column 12, lines 7-37; and column 13, lines 15-18, i.e.: the collective management service & proxy operates according to one or more settings to determine whether to replace the local resource credentials). Regarding claim 7, Rodgers discloses the non-transitory computer readable medium of claim 5. Rodgers also discloses the one or more configuration parameters include at least one of: a definition of the secured action, a network resource name, a network resource address of a resource that performs the secured action, or an expiration parameter associated with the genuine secret (at least column 9, lines 14-36; and column 12, lines 19-37, i.e.: access to a particular storage & local resource credentials can only be used for 1 hour). Regarding claim 8, Rodgers discloses the non-transitory computer readable medium of claim 7. Rodgers also discloses the secured action includes accessing an access-restricted network location (at least column 9, lines 14-23, i.e.: a particular database, memory area). Regarding claim 9, Rodgers discloses the non-transitory computer readable medium of claim 5. Rodgers also discloses the one or more configuration parameters include at least one of: a file type, a file name, a file signature, a file path, or a file checksum (at least column 9, lines 14-23, i.e.: HTTP file). Regarding claim 10, Rodgers discloses the non-transitory computer readable medium of claim 9. Rodgers also discloses the secured action includes accessing an access-restricted application (at least column 9, lines 14-23, i.e.: WebDAV). Claim 11 is rejected for the same rationale as claim 1 above. Regarding claim 12, Rodgers discloses the computer-implemented method of claim 11. Rodgers also discloses the secret management application is integrated into the browser component (at least figures 1A and 2-3, i.e.: app at the local resource or computing device affiliated with the local resource is integrated into a networking component of web browser). Regarding claim 13, Rodgers discloses the computer-implemented method of claim 12. Rodgers also discloses the request by the secret management application prompts the browser component to make a corresponding request for the genuine secret (at least figure 5, column 11, lines 32-42, it is inherent that when the application 490 requests to access resources, the app at the local resource prompts the browser component to request for the local resource credentials). Regarding claim 14, Rodgers discloses the computer-implemented method of claim 11. Rodgers also discloses the secret management application is a module distinct from the browser component (at least figures 4A, 4B & 5, wherein application 490 is different from app at the local resource). Regarding claim 15, Rodgers discloses the computer-implemented method of claim 11. Rodgers also discloses the browser component is a part of a web browser (at least column 3, lines 24-37, networking component is part of a web browser that allows computing device to communicate with the collective management service & proxy via the internet). Regarding claim 16, Rodgers discloses the computer-implemented method of claim 11. Rodgers also discloses the browser component is a web browser plug-in (at least figures 2 & 3, network adapters). Regarding claim 17, Rodgers discloses the computer-implemented method of claim 11. Rodgers also discloses the secret replacement module is configured to store the genuine secret in a protected manner (at least column 2, lines 61-67 and column 8, lines 63-67, local resource credentials are kept separate from the application). Regarding claim 18, Rodgers discloses the computer-implemented method of claim 11. Rodgers also discloses the secret replacement module is configured to discard the genuine secret based on at least one of: a time parameter or a usage parameter (at least column 12, lines 7-37, i.e.: local resource credential is one-time use or can only be used for one hour). Regarding claim 19, Rodgers discloses the computer-implemented method of claim 11. Rodgers also discloses the secret replacement module is configured to generate the replacement secret on a just-in-time basis (at least column 11, lines 32-45, updating mapping of the replace holder credential as new local resource credential becomes available). Regarding claim 20, Rodgers discloses the computer-implemented method of claim 11. Rodgers also discloses the secret replacement module is configured to generate the replacement secret according to a least-privilege principle (at least column 9, lines 30-36; column 13, lines 15-32, the collectively management service & proxy generates/produces the placeholder credentials, such that when the application needs to access a particular local resource, the placeholder credential will need to be replaced with a corresponding local resource credential when appropriate). Regarding claim 21, Rodgers discloses the computer-implemented method of claim 11. Rodgers also discloses the secret replacement module is configured to decommission the replacement secret when it is no longer necessary (at least column 12, lines 7-15, i.e.: placeholder credential will be invalidated after one use). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317. The examiner can normally be reached Monday-Friday 7 am-1 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached at (571) 272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /PHY ANH T VU/Primary Examiner, Art Unit 2438