Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsRoyal Bank Of Canada › 18523584
Last updated: April 19, 2026
Application No. 18/523,584

BROWSER EXTENSION ANALYSIS

Non-Final OA §101§103§112
Filed
Nov 29, 2023
Examiner
MARTINEZ, TOMMY NMN
Art Unit
2496
Tech Center
2400 — Computer Networks
Assignee
Royal Bank Of Canada
OA Round
3 (Non-Final)
0%
Grant Probability
At Risk
3-4
OA Rounds
3y 1m
To Grant
0%
With Interview

Interview Optional

+0.0% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 4 resolved cases, 2023–2026

Examiner Intelligence

MARTINEZ, TOMMY NMN View full profile →
Grants only 0% of cases
0%
Career Allow Rate
0 granted / 4 resolved
-58.0% vs TC avg
Minimal +0% lift
Without
With
+0.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
30 currently pending
Career history
34
Total Applications
across all art units

Statute-Specific Performance

§101
3.1%
-36.9% vs TC avg
§103
44.3%
+4.3% vs TC avg
§102
20.5%
-19.5% vs TC avg
§112
32.1%
-7.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 4 resolved cases

Office Action

§101 §103 §112
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on December 16, 2025 has been entered. Response to Arguments Applicant's arguments filed December 16, 2025 have been fully considered but they are not persuasive. Also in pages 1-2 of the remarks, Applicant states that claims 6, 14, and 15 were previously rejected under 112(a) as failing to comply with the written description requirement, and states that a person of ordinary skill in the art would readily understand the invention as claimed in view of the disclosure, and states that the steps recited in the claims do not require a detailed algorithm or steps to explain to a person of ordinary skill in the art for how to obtain information or performing a comparison, and disagrees with the rejections. Applicant amends the claims to further expand upon the claims that have been previously rejected upon, and states the paragraph in the Specification as to where support for the claim can be found. In this case, paragraph [0061] for amended claim 6, paragraph [0090] and Fig. 9A for amended claim 14, and paragraph [0094] and claim 15 for amended claim 15. Examiner states that in claim 6, the removal of "[…] comparing each of the one or more URLs to known malicious webpages", and the amendment of "extracting one or more URLs […] using regular expressions, and evaluating one or more URLs" does not appear to clear up the rejections under written description requirement made previously, as paragraph [0061] restates the claimed limitation of the invention, it does not provide examples of regular expressions or how to evaluate or determine one or more URLs. As a result, claim 6 is being rejected under 112(a) for lack of written description regarding the use of regular expressions to extract URLs from the source code and evaluating the URLs. Furthermore, the Applicant stating that the limitation should not require a detailed algorithm or steps/procedures is insufficient, as it is not enough that one skilled in the art could write a program to achieve the claimed function because the specification must explain how the inventor intends to achieve the claimed function to satisfy the written description requirement. See, e.g., Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 681-683, 114 USPQ2d 1349, 1356, 1357 (Fed. Cir. 2015). Claims 14 and 15 have been amended to remove the previous limitations and replace them with new limitations found in paragraphs [0090], [0094], and Figs. 9A and 9E. Claim 15 is being rejected under 112(a) as the limitation of ‘extension impersonation’, as while it is stated in paragraph [0094] as block 940d in Fig. 9E, no example is provided on how ‘extension impersonation’ is performed or is otherwise detected by the invention. As a result, Examiner also rejects claim 15 under 112(a) for lack of written description for ‘extension impersonation’. In pages 3-6 of the remarks, Applicant states that claims 1-8, and 10-21 were previously rejected under 35 U.S.C. 101 ("101") as the invention was directed to an abstract idea without significantly more, and Examiner stated that the independent claims recite limitations that are processes that can be performed in the mind, and with pen and paper, respectively. Applicant also integrates dependent claim 9's limitations into the independent claim 1 to overcome the 101 rejection for the independent claims. Finally, Applicant states that the additional limitations present in the amended independent claims reflect an improvement in the technical field of analyzing risk posed by web browser extensions. Examiner disagrees with the Applicant, as dependent claims that depending on rejected independent claims under U.S.C. 101 are also rejected. Although claim 9’s limitations do not fall under MPEP 2016.05(g), “Insignificant Extra-Solution Activity” on claim 9’s own merits, and have been integrated into the independent claims, the limitation of “generating an indication of risk posed by the web browser extension [...]”, as it still only amounts to a process that can be performed with pen and paper, and still falls under MPEP 2106.04(a)(2), subsection Ill, “Mental Processes”, as the judicial exception is not integrated into a practical application because the recited elements of independent claims 1, 18, and 20 amount to simply implementing the abstract idea on a computer, with claim 18 also reciting a system comprising a processor and a non-transitory computer-readable medium with instructions to be executed by a processor, and claim 20 reciting a non-transitory computer-readable medium. Furthermore, the limitation of “analyzing the source code”, and “generating an indication of risk posed by the web browser extension based on the analysis of the source code” of independent claims 1, 18 and 20 are processes that can be performed in the mind, and with pen and paper, respectively, and therefore, are grouped under mental processes, as described in MPEP 2106.04(a)(2), subsection III, “Mental Processes”. Although the Specification of the Applicant describes the process of ‘analyzing the source code’ of the web browser extension in paragraph [0101], Fig. 12, step 1206, as determining one or more permissions granted by the browser extension and each of the assigning a risk category to one or more permissions, which is a process that can be performed in the mind with the assistance of a computer. Furthermore, ‘generating an indication of the risk posed’ is stated in paragraph [0104], Fig. 12, step 1208, as being an overall score calculated based on the risk score and one or more other scores, and the indication of a risk can also be a category of risk, including ‘negligible’, ‘low’, ‘high’, etc. Even with sufficient written description to explain this limitation in the invention, it will still be a mental processes that can be performed with pen and paper, as the indication is an overall score that is calculated using other scores provided, and a person of ordinary skill in the art would be able to assign a category risk based on the result of the indication provided. As a result, the above limitations are still rejected under 35 U.S.C. 101, and dependent claims that rely upon independent claims 1 and 18 are rejected for relying upon their respective independent claims. Dependent claims rely upon independent claims, and are rejected for similar rationale under U.S.C. 101 as well. In pages 6-9, claims 1, 3-4, 12-14, and 16-21 were rejected under 35 U.S.C. 103 as being unpatentable over Gomez (US 20150007330), hereinafter "Gomez", in view of Dingle (US 9443077), hereinafter "Dingle". Applicant states that Gomez merely discloses assessing and quantitatively scoring security risks associated with the web browser extension that may be conducted when the web browser extension is first installed, at run time, or when the extension is updated, and submits that Gomez's disclosure is not a dynamic analysis of the source code by running the web browser on a host machine to determine behavior of the web browser extension. Nevertheless, Applicant amends the independent claims to recite "modifying the source code to enable monitoring activity of the web browser extension, comprising inserting a function call to enable determination of an execution flow of the web browser extension", previously in claim 21. Examiner states that in the independent claims, the reference of Gomez runs and assesses browser extensions at run time, i.e., while a web browser is running, stated in paragraph [0022] of Gomez. Assessing security risks of an extension corresponds to dynamically assessing the source code of the web browser extension in the independent claims. Examiner states that in canceled claim 21, whose limitations have been incorporated into the independent claims, are taught by Dingle, as stated in the previous Office Action dated 09/19/2025, where the tracking code being used to track behavior of the extension corresponds to enabling determination of an execution flow of the browser extension, as stated in Dingle [Col. 17, lines 50-55], and as the limitations of now canceled claim 21 (“wherein modifying the source code comprises inserting a function call to enable determination of an execution flow of the web browser extension”) are integrated into the modifying the source code to enable monitoring activity of the web browser extension ' of independent claims 1, 18, and 20, which was also taught by Dingle. In response to the Applicant stating that a ‘tainted variable’ being tracked and does not track an execution flow as claimed, Examiner states that by adding code to track the behavior of a tainted variable such as ‘var x’ in [Col. 16, lines 23-26] is utilized to track what happens in the program in relation to variable x as it receives and stores personal and sensitive information of a user [Col. 16, lines 7-11], and based on the tainted variable’s information being determined by the added code, one can see the execution flow of a browser extension. Furthermore, in [Col. 17, lines 58-62] of Dingle, block 410 of Fig. 4 shows that based on execution of re-written browser-executable web browser extension, it is automatically determined whether the browser extension violates one or more predetermined conditions by tracking the behaviors of the extension that has been modified by the invention of Dingle. As a result, Examiner maintains the rejections of Gomez in view of Dingle for the independent claims and the limitations of claim 21 that has been integrated into the independent claims. Dependent claims also have their respective rejections maintained as well. Claim Rejections - 35 USC § 112(a) The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 6, 14, and 15 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Regarding claim 6, the limitation of ‘extracting one or more URLs from the source code using regular expressions. and evaluating the one or more URLs’ is described in the specification of the Applicant in paragraph [0072], lines 2-5 in page 15 as a use of a third part intelligence source to gather information on URLs that have been extracted from a browser extension during analysis, such as by querying intelligence sources for information about domains and files extracted from a browser extension, with paragraph [0061] restating the claimed limitation of the invention, but the Specification does not provide examples of regular expressions or how to extract URLs from the source code using regular expressions or otherwise determine one or more URLs. However, no other information is given as to how a comparison is performed. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function reciting in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. Regarding claim 15, the limitation of ‘extension impersonation’ is described in the Specification in paragraph [0094] as block 940d in Fig. 9E, no example is provided on how ‘extension impersonation’ is performed or is otherwise detected by the invention in terms of malicious indicates to assist in generating a maliciousness score 906. No other information is provided as to how a comparison is performed, whether it is by source code, risk scores from previous evaluations, or other means. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function reciting in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-8, and 10-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The independent claims 1, 18 and 20 recite ‘analyzing the source code’, and ‘generating an indication of risk posed by the web browser extension based on the analysis of the source code’, which are processes that can be performed in the mind, and with pen and paper, respectively, and therefore, are grouped under mental processes, as described in MPEP 2106.04(a)(2), subsection III, “Mental Processes”. This judicial exception is not integrated into a practical application because the recited elements of independent claims 1, 18, and 20 amount to simply implementing the abstract idea on a computer, with claim 18 also reciting a system comprising a processor and a non-transitory computer-readable medium with instructions to be executed by a processor, and claim 20 reciting a non-transitory computer-readable medium. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the addition of ‘obtaining source code of the web browser’ of independent claims 1, 18 and 20 merely amounts to data gathering, as stated in MPEP 2016.05(g), “Insignificant Extra-Solution Activity”. Dependent claims 2-8, 10-17, 19, and 21 that rely upon independent claims 1 and 18 are rejected for relying upon their respective independent claims. Dependent claims 2-8, 10-17, and 21 depend on independent claim 1, and claim 19 depends on claim 18. As independent claims 1, 18, and 20 are rejected under 35 U.S.C. 101, the dependent claims listed are also rejected as well. Furthermore, dependent claims 2-8, 13-16, and 19 are also rejected under 35 U.S.C. 101 as they also recite non-statutory subject matter, without adding significantly more to the independent claims. Regarding claim 2, the recitation of ‘determining one or more permissions’ and ‘assigning a risk category’ are mental processes that can be performed in the mind, and therefore, the elements are grouped under mental processes, as described in MPEP 2106.04(a)(2), subsection III, “Mental Processes”. Regarding claim 3, the recitation of ‘analyzing the source code of the web browser extension… to identify one or more known risky behaviors’ is a mental process that can be performed in the mind, and therefore, the element is grouped under mental processes, as described in MPEP 2106.04(a)(2), subsection III, “Mental Processes”. Regarding claim 4, the recitation of ‘analyzing the source code of the web browser extension… to identify one or more known risky behaviors’ is a mental process that can be performed in the mind, and therefore, the element is grouped under mental processes, as described in MPEP 2106.04(a)(2), subsection III, “Mental Processes”. Regarding claim 5, the recitation of ‘analyzing the source code of the web browser extension… to detect obfuscation in the source code’ is a mental process that can be performed in the mind, and therefore, the element is grouped under mental processes, as described in MPEP 2106.04(a)(2), subsection III, “Mental Processes”. Regarding claim 6, the recitation of ‘extracting one or more URLs from the source code using regular expressions’ merely amounts to data gathering, and therefore, the elements are grouped under data gathering as an insignificant extra-solution activity, as stated in MPEP 2016.05(g), “Insignificant Extra-Solution Activity”. Regarding claim 7, the recitation of ‘determining whether each of the one or more URLs are associated with robotic network activity’ is a mental process that can be performed in the mind, and therefore, the element is grouped under mental processes, as described in MPEP 2106.04(a)(2), subsection III, “Mental Processes”. Regarding claim 8, the recitation of ‘generating a call graph from the source code’, and ‘analyzing the call graph to identify suspicious behaviours’ are mental processes that can be performed in the mind, and therefore, the elements are grouped under mental processes, as described in MPEP 2106.04(a)(2), subsection III, “Mental Processes”. Regarding claim 13, the recitation of ‘obtaining reputability information associated with the web browser extension’, and ‘generating the indication of risk posed by the web browser extension is further based on the reputability information’ merely amounts to data gathering, and therefore, the elements are grouped under data gathering as an insignificant extra-solution activity, as stated in MPEP 2016.05(g), “Insignificant Extra-Solution Activity”. Regarding claim 14, the recitation of ‘further comprising generating a reputation score based on the reputability information, wherein the reputability information associated with the web browser extension, a popularity of the web browser extension, reviews of the web browser extension, and a publisher of the web browser extension and wherein the indication of risk posed by the web browser extension is further based on the reputation score’ merely amounts to data gathering, and therefore, the elements are grouped under data gathering as an insignificant extra-solution activity, as stated in MPEP 2016.05(g), “Insignificant Extra-Solution Activity”. Regarding claim 15, the recitation of ‘generating a maliciousness score based on one or more known malicious indicators and/or a signature analysis of a hash of the web browser extension, wherein the one or more known malicious indicators comprise one or more of determining whether the extension was deleted, determining an update URL score, determining domain c2 affiliation, determining an extension impersonation determining whether the extension has been delisted from the webstore, and determining if an update URL has been modified, and wherein the indication of risk posed by the web browser extension is further based on the maliciousness score’ are mental processes that can be performed in the mind, and therefore, the elements are grouped under mental processes, as described in MPEP 2106.04(a)(2), subsection III, “Mental Processes”. Regarding claim 16, the recitation of ‘storing results of the analysis of the source code of the web browser extension’, and ‘the indication of risk posed by the web browser extension’ are mental processes that can be performed in the mind, and therefore, the elements are grouped under mental processes, as described in MPEP 2106.04(a)(2), subsection III, “Mental Processes”. Regarding claim 19, the recitation of ‘determine web browser extensions operating thereon’, and ‘determine the web browser extension to be analyzed from the web browser extensions’ are mental processes that can be performed in the mind, and therefore, the elements are grouped under mental processes, as described in MPEP 2106.04(a)(2), subsection III, “Mental Processes”. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 3-4, 12-14, 16-21 are rejected under 35 U.S.C. 103 as being unpatentable over Gomez (US 20150007330 A1) in view of Dingle et al. (US 9443077 B1), hereinafter Dingle. Regarding claim 1, Gomez discloses ‘a method of analyzing a web browser extension, comprising: obtaining source code of the web browser extension’ ([0023] Security risk evaluation of a web browser extension, can be based on source code scan. More information is in paragraph [0047] for Fig. 2, block 210 of extracting source code of a browser extension.); ‘analyzing the source code to determine a risk posed by the web browser extension, comprises:’ ([0048] Fig. 2, block 230, evaluating risks such as in a source code for vulnerabilities is one of several key performance indicators (KPIs)); ‘performing a dynamic analysis of the source code by running the web browser extension on a host machine to determine a behaviour of the web browser extension’ ([0022] Assessing security risks associated with the web browser can be conducted when a web browser extension at run time. [0035] Although a process for library dependencies is described, it can be done by analyzing source code of the extension, and when taking this passage and paragraph [0022] into account, corresponds to the limitation of dynamic analysis of source code by running the extension on the host machine to determine behavior of the extension of the applicant.). ‘and generating an indication of risk posed by the web browser extension based on the analysis of the source code’ ([0048] Fig. 2, block 232, security score is computed for the extension.); Gomez does not appear to disclose, but Dingle teaches the limitation of ‘modifying the source code to enable monitoring activity of the web browser extension, comprising inserting a function call to enable determination of an execution flow of the web browser extension’ ([Col. 17, lines 50-55] Fig. 4, block 406, source code of browser extension is re-written to include tracking code to track behavior of the extension. [Col. 17, lines 50-55] Fig. 4, block 406, tracking code being added during re-writing corresponds to inserting a function call in modifying source code of the browser extension of the Applicant. Tracking code is used to track behavior of the extension, corresponding to enabling determination of an execution flow of the browser extension.). Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Gomez and Dingle before them, to include Dingle’s ‘modifying the source code to enable monitoring activity of the web browser extension, comprising inserting a function call to enable determination of an execution flow of the web browser extension’ in Gomez’s method performing ‘analyzing a web browser extension’. One would have been motivated to make such a combination to increase security by re-writing code to include information or code to track a flow of a tainted variable during execution, with the tainted variable being a variable that receives or stores personal or otherwise sensitive information, to seed what the browser extension performs and determines whether the extension is malicious, as taught by Dingle [Col. 3, lines 24-28] and [Col. 16, lines 7-11]. Regarding claim 3, Gomez in view of Dingle teaches the limitations of claim 1 as recited above. Gomez also discloses the limitation of ‘wherein analyzing the source code of the web browser extension comprises analyzing the source code to identify one or more known risky behaviours’ ([0049] Source code scanning tool can be used to determine a number of identified flaws in a piece of software.). Regarding claim 4, Gomez in view of Dingle teaches the limitations of claims 1 and 3 as recited above. Gomez also discloses the limitation of ‘wherein the known risky behaviours comprise any one or more of: accessing a malicious webpage, making changes to a document object model, making browser application programming interface calls to gather information, making suspicious network requests, and making phishing requests’ ([0005] A security flaw can be exploited by an intruder to steal, modify, or delete information, such as personal information, credit card numbers, passwords, and other information utilizing flaws in a browser extension. By utilizing flaws in a browser extension, this corresponds to making browser API calls to gather information.). Regarding claim 12, Gomez in view of Dingle teaches the limitations of claim 1 as recited above. Gomez also discloses the limitation of ‘wherein obtaining the source code of the web browser extension comprises: receiving an identifier of the web browser extension’ ([0034] Users can download or otherwise obtain browser extension 20 for installation in web browser 30, and the process can correspond to obtaining an identifier for the web browser extension.); ‘and obtaining the source code from a webstore page using the identifier of the web browser extension’ ([0034] Users can download or otherwise obtain browser extension 20 for installation in web browser 30, and source code can be included with the browser extension.). Regarding claim 13, Gomez in view of Dingle teaches the limitations of claim 1 as recited above. Gomez also discloses the limitation of ‘further comprising obtaining reputability information associated with the web browser extension, and wherein generating the indication of risk posed by the web browser extension is further based on the reputability information’ ([0026] Reputation of the origin of the extension or developer, along with a popularity of the extension are taken into account for a security score that is to be added into an aggregate security score.); Regarding claim 14, Gomez in view of Dingle teaches the limitations of claims 1 and 13 as recited above. Gomez also discloses the limitation of ‘further comprising generating a reputation score based on the reputability information, wherein the reputability information associated with the web browser extension is based on one or more of a description of the web browser extension, a popularity of the web browser extension, and a publisher of the web browser extension and wherein the indication of risk posed by the web browser extension is further based on the reputation score’ ([0036] A security score can be assigned to a web browser extension 20 based on key performance indicators (KPIs) such as the origin of the extension, such as a developer, popularity of the extension, and the nature of the extension. This corresponds to the publisher, popularity, and description of a web browser extension, respectively. Security score corresponds to the reputation score to indicate risk posed by the browser extension.). Gomez does not appear to disclose, but Dingle teaches the limitation of ‘reviews of the web browser extension’ ([Col. 8, lines 13-16] Popularity includes reviews for the extension as well.) Therefore, one of ordinary skill in the art would have been capable of applying this known method of ‘reviews of the web browser extension’ to a method of analyzing a web browser extension and the results would have been predictable to one of ordinary skill in the art. The one of ordinary skill in the art would have been motivated to determine extensions that could contain malware by pulling the most popular extensions first to assist with the malware determination process, as the most popular extensions can potentially contain malicious or suspicious code that is unknowingly downloaded by multiple users to discourage further downloads from occurring if malicious code is found within the extension, as stated by Dingle [Col. 9, lines 40-44]. Regarding claim 16, Gomez in view of Dingle teaches the limitations of claim 1 as recited above. Gomez also discloses the limitation of ‘further comprising storing results of the analysis of the source code of the web browser extension and the indication of risk posed by the web browser extension’ ([0051] Method 200 involves storing of the results of the security risk evaluations for further use or analysis, wherein the individual and aggregated KPI scores are stored in a database, and the KPI scores correspond to analysis of a source code of a web browser extension, and the indication of risk of a browser extension.). Regarding claim 17, Gomez in view of Dingle teaches the limitations of claim 1 as recited above. Gomez also discloses the limitation of ‘wherein analyzing the source code of the web browser extension further comprises performing a static analysis of the source code’ ([0038] Static analysis of the source code of web browser extension 20 when source code of a browser extension is available. [0022] Assessing security risks associated with the web browser can be conducted when a web browser extension at run time.). Regarding claim 18, Gomez in view of Dingle teach the limitations of independent claim 1 above, and the limitations of independent claim 18 are similar to those of claim 1 above. Gomez also discloses ‘a system, comprising: a processor;’ ([0007] A computer-based system for security evaluations of a web browser extension, and a processor is used to execute the processes.); ‘and a non-transitory computer-readable medium having computer-executable instructions stored thereon, which when executed by the processor configure the system to’ ([0007] A non-transitory computer readable storage medium contains instructions and is executable by at least one processor of a computer-based system.): Regarding claim 19, Gomez in view of Dingle teaches the limitations of claim 18 as recited above. Gomez also discloses the limitation of ‘wherein the system is further configured to communicate with one or more user devices to determine web browser extensions operating thereon, and to determine the web browser extension to be analyzed from the web browser extensions operating on the one or more user devices’ ([0054] Fig. 2, method 200 is to be run on a periodic basis, and can check for updates to an installed browser extension on a computer, and when an update is found, can evaluate the update extension using the process in Fig. 2. Checking for updates to an installed extension and evaluating the updated extension corresponds to determining browser extensions operating, and determining the extension to be analyzed of the Applicant.). Regarding claim 20, Gomez in view of Dingle teach the limitations of independent claim 1 above, and the limitations of independent claim 20 are similar to those of claim 1 above. Gomez discloses ‘a non-transitory computer-readable medium having computer-executable instructions stored thereon, which when executed by a processor configure the processor to perform a method of analyzing a web browser extension comprising’ ([0007] A non-transitory computer readable storage medium contains instructions and is executable by at least one processor of a computer-based system, wherein the system is utilized for analyzing web browser extensions.): Claims 2, 5-6, and 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Gomez in view of Dingle, and further in view of Aggarwal et al. ("I Spy with My Little Eye: Analysis and Detection of Spying Browser Extensions"), hereinafter Aggarwal. Regarding claim 2, Gomez in view of Dingle teaches the limitations of claim 1 as recited above. Gomez in view of Dingle does not appear to disclose, but Aggarwal teaches ‘wherein analyzing the source code of the web browser extension further comprises: determining one or more permissions granted by the web browser extension’ ([pg. 5] In '(1) Accessing sensitive user information', a list of permissions are shown for extensions, such as cookies, tabs, and 'all urls', and prior to this section on the same page, it states that 'we analyze the specific permissions used by extensions to access various privileged Chrome API endpoints', corresponding to determining one or more permissions granted by the browser extension.); ‘and assigning a risk category to each of the one or more permissions’ ([pg. 4] In table 4, the permissions are ranked based on a total percentage of spying extensions that use a permission, and a rank in table 4 corresponds to a risk category to each of one or more permissions of the applicant.); Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Gomez, Dingle, and Aggarwal before them, to include Aggarwal’s ‘wherein analyzing the source code of the web browser extension comprises: determining one or more permissions granted by the web browser extension’ and ‘and assigning a risk category to each of the one or more permissions’ in Gomez’s method performing ‘analyzing a web browser extension’. One would have been motivated to make such a combination to enhance security by determining which permissions are utilized by an extension to determine what risks are posed by using the extension, and when the permission are determined to be used by the extension, gives a strong indicator that the extension is malicious/spying, as taught by Aggarwal [pg. 5], and permissions are categorized by a rank to determine which permissions are most common amongst malicious extensions, as taught by Aggarwal [pg. 5]. Regarding claim 5, Gomez in view of Dingle teaches the limitations of claim 1 as recited above. Gomez in view of Dingle does not appear to disclose, but Aggarwal teaches ‘wherein analyzing the source code of the web browser extension comprises analyzing the source code to detect obfuscation in the source code’ ([pg. 12] In section 'Detection of Malicious Browser Extensions', a method can fail with 'extensions with obfuscated source code', which indicates that source code can contain obfuscations, corresponding to the limitation of the applicant.). Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Gomez, Dingle, and Aggarwal before them, to include Aggarwal’s ‘wherein analyzing the source code of the web browser extension comprises analyzing the source code to detect obfuscation in the source code’ in Gomez’s method performing ‘analyzing a web browser extension’. One would have been motivated to make such a combination to enhance security by determining that if a browser extension's source code contains obfuscation of its own code, it can indicate that an extension may be a malicious one, as taught by Aggarwal [pg. 12]. Regarding claim 10, Gomez in view of Dingle teaches the limitations of claims 1 as recited above. Gomez in view of Dingle does not appear to disclose, but Aggarwal teaches ‘wherein performing the dynamic analysis comprises executing user scenarios on the host machine while the web browser extension is running, and collecting test logs from one or more sources for analysis’ ([pg. 14] A replay run is performed by using the first 'record' run while running a browser extension, and this is done to execute HTTP requests from the first step, called a live, or 'record' run, in Aggarwal. The results redirects are logged in a replay run, along with the HTTP requests, corresponding to collect test logs of the Applicant.). Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Gomez, Dingle, and Aggarwal before them, to include Aggarwal’s ‘wherein performing the dynamic analysis comprises executing user scenarios on the host machine while the web browser extension is running, and collecting test logs from one or more sources for analysis’ in Gomez’s method performing ‘analyzing a web browser extension’. One would have been motivated to make such a combination to increases efficiency by having a recorded run be played again, this time with a browser extension being run, and when the replay run has finished, compare the logs of the replay run with those of the initial record run, as taught by Aggarwal [pg. 14]. Regarding claim 11, Gomez in view of Dingle teaches the limitations of claims 1, and 10 as recited above. Gomez in view of Dingle does not appear to disclose, but Aggarwal teaches ‘further comprising creating baseline logs by executing the user scenarios on the host machine without running the web browser extension, and wherein the test logs are compared to the baseline logs in the dynamic analysis’ ([pg. 13-14] A 'record' run can be created, and it is a clean session that is recorded without any extensions being run, and it is devoid of any previous coolies, storage, cache, or browsing history in this phase. In the section of '(2) Verification of Spying Extensions' in page 13, network request logs are automatically generated, wherein the logs created by a 'record run' corresponds to baseline logs of the Applicant. Logs of the 'record run' are compared with the logs of the 'replay run' of Aggarwal, including for changes in client-side storage, and browser API calls made by the extension that is being reviewed.). Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Gomez, Dingle, and Aggarwal before them, to include Aggarwal’s ‘further comprising creating baseline logs by executing the user scenarios on the host machine without running the web browser extension, and wherein the test logs are compared to the baseline logs in the dynamic analysis’ in Gomez’s method performing ‘analyzing a web browser extension’. One would have been motivated to make such a combination to increases efficiency by running a first run without any other factors, such as a browser running or any other data in a browser, such that comparisons of logs between a first 'record' run and a replay run with a browser running has as little external factors as possible, as taught by Aggarwal [pg. 13-14]. Regarding claim 15, Gomez in view of Dingle teaches the limitations of claim 1 as recited above. Gomez also discloses ‘generating a maliciousness score based on one or more known malicious indicators and/or a signature analysis of a hash of the web browser extension, wherein the one or more known malicious indicators comprise one or more of determining an update URL score, and determining if an update URL has been modified, and wherein the indication of risk posed by the web browser extension is further based on the maliciousness score’ ([0057] Updated browser extension can perform method 300 to determine an updated security score in step 380 to check for an update to the web browser extension, and proceeds to evaluate and score the updated web browser extension. [0048] Origin of extension is also stated as a publisher/developer of the extension. Updated score of the web browser extension corresponds to an update score and an update URL score of the extension.). Gomez in view of Dingle does not appear to disclose, but Aggarwal teaches ‘determining whether the extension was deleted, determining domain c2 affiliation, determining an extension impersonation, determining whether the extension has been delisted from the webstore’ ([pg. 6] Section 4.2, "User Base and Ratings", Web-of-Trust extension was token down for spying, corresponding to a deleted extension and a delisted extension from a webstore. Furthermore, in [pg. 5], Section 4.1 (2), "Storing sensitive user information", spying extensions are shown to store data and have the data accessed by CnC remote server, and is sent to domains, corresponding to determining domain c2 affiliation. [pg. 9] Section 5.3, "Benefits of using API Call Sequence", static features such as file name based signatures can be adapted to bypass defenses involving detection of spying extensions, with file name based signatures being utilized to bypass the defenses.). Therefore, one of ordinary skill in the art would have been capable of applying this known method of ‘determining whether the extension was deleted, determining domain c2 affiliation, determining an extension impersonation, determining whether the extension has been delisted from the webstore’ to a method of analyzing a web browser extension and the results would have been predictable to one of ordinary skill in the art. The one of ordinary skill in the art would have been motivated to determine extensions that collect user data and communicate with outside sources, and utilizes a Recurrent Neural Network (RNN) to analyze API call sequences and have some 'memory' on how extensions perform to determine which extensions spy on its users, as stated in Aggarwal [pg. 9-10, "RNN Detection Performance"]. Claim 6 are rejected under 35 U.S.C. 103 as being unpatentable over Gomez in view of Dingle as applied to claim 1 above, and further in view of Fernandez et al. (US 20200104483), hereinafter Fernandez. Regarding claim 6, Gomez in view of Dingle teaches the limitations of claim 1 as recited above. Gomez in view of Dingle does not appear to disclose, but Fernandez teaches ‘wherein analyzing the source code of the web browser extension further comprises: extracting one or more URLs from the source code using regular expressions, and evaluating the one or more URLs’ ([0033] Fig. 1, package analyzer can detect regular expressions, and load remote code if a remote URL is analyzed, corresponding to extracting URLs with regular expressions and evaluating the one or more URLs.); Therefore, one of ordinary skill in the art would have been capable of applying this known method of ‘wherein analyzing the source code of the web browser extension further comprises: extracting one or more URLs from the source code using regular expressions, and evaluating the one or more URLs’ to a method of analyzing a web browser extension and the results would have been predictable to one of ordinary skill in the art. The one of ordinary skill in the art would have been motivated to analyze the contents and parse the contents of the software extensions against known malware that is located in an external databases to look for similarities in the code and look for common strings in known malware, as stated in Fernandez [0025]. Claim 7 are rejected under 35 U.S.C. 103 as being unpatentable over Gomez in view of Dingle, and further in view of Aggarwal as applied to claims 2, and 5-6 above, and further in view of Call et al. (US 20140283067 A1), hereinafter Call. Regarding claim 7, Gomez in view of Dingle further in view of Aggarwal teaches the limitations of claims 1 and 6 as recited above. Gomez in view of Dingle further in view of Aggarwal does not appear to disclose, but Call teaches ‘further comprising: determining whether each of the one or more URLs are associated with robotic network activity’ ([0005] Source code of a browser plug-in is identified for malicious hidden code that can set up a botnet, and when adapting a botnet to a URL of a Aggarwal, can teach the limitation of the applicant.). Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Gomez, Dingle, Aggarwal and Call before them, to include Call’s ‘further comprising: determining whether each of the one or more URLs are associated with robotic network activity’ in Gomez’s method performing ‘analyzing a web browser extension’. One would have been motivated to make such a combination to enhance security by determining that a link is related to a botnet, and when it is detected in the code, can indicate a program as malicious so that the user can understand the content better, as taught by Call [0005]. Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Gomez in view of Dingle, and further in view of Park et al. (US 20170169224 A1), hereinafter Park. Regarding claim 8, Gomez in view of Dingle teaches the limitations of claim 1 as recited above. Gomez in view of Dingle does not appear to disclose, but Park teaches ‘wherein analyzing the source code of the web browser extension further comprises generating a call graph from the source code and analyzing the call graph to identify suspicious behaviours’ ([0069] Call flow graph (CFG) is generated from an analysis of source code, and is then expanded to a graph included to contain malicious code, corresponding to analyzing a graph to identify suspicious behaviors of the applicant.). Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Gomez, Dingle, and Park before them, to include Park’s ‘wherein analyzing the source code of the web browser extension comprises generating a call graph from the source code and analyzing the call graph to identify suspicious behaviours’ in Gomez’s method performing ‘analyzing a web browser extension’. One would have been motivated to make such a combination to increase efficiency by having a call flow graph mapped out in order to detect malicious code of an application's source code, and is done to visualize the path code takes, as taught by Park [0060]. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Glynn (US 20250117475 A1, “SYSTEMS AND METHODS FOR DETECTING FRAUDULENT BROWSER EXTENSIONS”) Claux (US 20130282642 A1, “PROVIDING RULE BASED ANALYSIS OF CONTENT TO MANAGE ACTIVATION OF WEB EXTENSION”) Deng et al., (NPL, "Feature optimization and hybrid classification for malicious web page detection", 2020) Any inquiry concerning this communication or earlier communications from the examiner should be directed to TOMMY MARTINEZ whose telephone number is (703)756-5651. The examiner can normally be reached Monday thru Friday 8AM-4PM ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached at (571) 272-7624, on Monday thru Friday 7AM-7PM ET. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /T.M./ Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Nov 29, 2023
Application Filed
May 30, 2025
Non-Final Rejection — §101, §103, §112
Sep 03, 2025
Response Filed
Sep 16, 2025
Final Rejection — §101, §103, §112
Oct 17, 2025
Interview Requested
Nov 18, 2025
Response after Non-Final Action
Dec 16, 2025
Request for Continued Examination
Dec 20, 2025
Response after Non-Final Action
Jan 23, 2026
Non-Final Rejection — §101, §103, §112
Feb 13, 2026
Interview Requested
Mar 05, 2026
Examiner Interview Summary
Mar 05, 2026
Applicant Interview (Telephonic)

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
0%
Grant Probability
0%
With Interview (+0.0%)
3y 1m
Median Time to Grant
High
PTA Risk
Based on 4 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month