DETAILED ACTION
Claims 1-20 are pending in this action.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter
Claims 4-6, 10, 14-16 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3, 7, 11-13 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Ragan III, et al. (US PPGUB No. 2021/0234874) [hereinafter “Ragan”] in view of Cleveland et al. (US PGPUB No. 2019/0014149) [hereinafter “Cleveland”] in further view of Tan (US PGPUB No. 2013/0318177).
As per claim 1, Ragan teaches a computer-implemented method for classifying an internet domain and notifying of a conflicting internet domain, the method comprising: identifying an internet domain to be analyzed for conflicting with a seed domain ([0044], identifying non-normal domain based on screenshots of web paths compared to stored screenshot hashes); receiving, via a digital communication medium, a first screenshot of an internet website of the internet domain ([0049], taking screenshots of web paths for a domain); generating a first perceptual hash from the first screenshot ([0049], hashing the screenshots); receiving a second screenshot of a seed website of the seed domain ([0049], screenshots are taken for multiple runs of the web path); generating a second perceptual hash from the second screenshot ([0049], the screenshots for the multiple runs are hashed and compared); calculating a first similarity between the first perceptual hash and the second perceptual hash ([0026], calculating a similarity metric between the screenshot hashes); classifying the internet domain as a conflicting internet domain based on the calculated first similarity ([0044], based on comparisons with other stored screenshot hashes, it is determined that the hash is normal or non-normal, i.e. conflicting or not); generating a notification based on the internet domain being classified as the conflicting internet domain ([0044], recommending removal of one or more hashes to a user); and transmitting the notification via the digital communication medium ([0044], providing a notification for selecting removal of one or more screenshots).
Ragan does not explicitly teach comparing the internet domain to a single seed domain. Cleveland teaches comparing the internet domain to a single seed domain (Abstract, comparing domain of source with a single authorized domain).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Ragan with the teachings of Cleveland, comparing the internet domain to a single seed domain, to focus screenshot comparison to a most pertinent domain that may be currently the target of attack or is currently most vulnerable.
The combination of Ragan and Cleveland does not explicitly teach wherein the seed domain is different than the internet domain. Tan teaches wherein the seed domain is different than the internet domain ([0042] and [0057], comparing screenshots from other domains to an organization’s owned domain).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Ragan and Cleveland with the teachings of Tan, comparing the internet domain to a single seed domain, to focus screenshot comparison to a most pertinent domain that may be currently the target of attack or is currently most vulnerable.
As per claim 2, the combination of Ragan, Cleveland and Tan teaches the method of claim 1, wherein the conflicting domain is one of: an impersonating domain (Cleveland; Abstract, determining domain as a phishing domain); a typosquatting domain (Examiner Note: this feature is optional but may overcome the current rejection if included as a required feature, i.e. changing “or” to “and”); or an error domain (Ragan; [0046], tagging domains with error tag).
As per claim 3, the combination of Ragan, Cleveland and Tan teaches the method of claim 2, further comprising: identifying a plurality of conflicting domains to compare with the internet domain (Cleveland; [0062], storing visual hashes of phishing domains); for each conflicting domain of the plurality of conflicting domains: receiving, via the digital communication medium, one or more conflicting screenshots of a conflicting website of the conflicting domain (Cleveland; [0062], retrieving visual hashes of known phishing domain screenshots); and for each conflicting screenshot of the one or more conflicting screenshots, generating a conflicting perceptual hash from the conflicting screenshot (Cleveland; [0062], generating a hash for the screenshot of the phishing pages); and for each conflicting perceptual hash generated, calculating a second similarity between the first perceptual hash and the conflicting perceptual hash, wherein classifying the internet domain as the conflicting internet domain is also based on the calculated second similarities (Cleveland; [0062], matching the screenshot via a query to a database of phishing hashes).
As per claim 7, the combination of Ragan, Cleveland and Tan teaches the method of claim 1, wherein the second screenshot is of a login page of the seed website (Ragan; [0045], hashed screenshots include tagged login pages).
As per claim 11, the substance of the claimed invention is identical or substantially similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.
As per claim 12, the substance of the claimed invention is identical or substantially similar to that of claim 2. Accordingly, this claim is rejected under the same rationale.
As per claim 13, the substance of the claimed invention is identical or substantially similar to that of claim 3. Accordingly, this claim is rejected under the same rationale.
As per claim 17, the substance of the claimed invention is identical or substantially similar to that of claim 7. Accordingly, this claim is rejected under the same rationale.
Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ragan, Cleveland and Tan in further view of Obstfeld et al. (US PPGUB No. 2023/0065676) [hereinafter “Obstfeld”].
As per claim 8, the combination of Ragan, Cleveland and Tan teaches the method of claim 1.
the combination of Ragan, Cleveland and Tan does not explicitly teach receiving, via the digital communication medium, passive domain name system (DNS) data of the internet domain, wherein classifying the internet domain as the conflicting internet domain is also based on the passive DNS data. Obstfeld teaches receiving, via the digital communication medium, passive domain name system (DNS) data of the internet domain, wherein classifying the internet domain as the conflicting internet domain is also based on the passive DNS data ([0046], using DNS search and tools to detect squatting and phishing domains).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Ragan, Cleveland and Tan with the teachings of Obstfeld, receiving, via the digital communication medium, passive domain name system (DNS) data of the internet domain, wherein classifying the internet domain as the conflicting internet domain is also based on the passive DNS data, to combine screenshot comparison with other well known phishing detection methods for a comprehensive analysis and more accurate result.
As per claim 18, the substance of the claimed invention is identical or substantially similar to that of claim 8. Accordingly, this claim is rejected under the same rationale.
Claims 9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Ragan, Cleveland, Tan and Obstfeld in further view of McClurg (US PPGUB No. 2025/0039218).
As per claim 9, the combination of Ragan, Cleveland, Tan and Obstfeld teaches the method of claim 8.
The combination of Ragan, Cleveland, Tan and Obstfeld does not explicitly teach wherein the passive DNS data includes an internet protocol (IP) count indicating number of domains resolving to one of a same host or a same IP address to which the internet domain resolves. McClurg teaches wherein the passive DNS data includes an internet protocol (IP) count indicating number of domains resolving to one of a same host or a same IP address to which the internet domain resolves ([0032]-[0033], determining a number of domains that resolve to the same IP address).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Ragan, Cleveland, Tan and Obstfeld with the teachings of McClurg, wherein the passive DNS data includes an internet protocol (IP) count indicating number of domains resolving to one of a same host or a same IP address to which the internet domain resolves, to monitor behavior that has been shown to be common among malicious attacks including phishing and squatting.
As per claim 19, the substance of the claimed invention is identical or substantially similar to that of claim 9. Accordingly, this claim is rejected under the same rationale.
Response to Arguments
Applicant’s arguments with respect to the rejection of claims 1-20 under 35 U.S.C. 103 have been fully considered and persuasive. In light of the new amendments a new prior art reference, Tan, has been introduced and cited to.
To expedite prosecution, Examiner is open to conducting an after-final interview to discuss claim amendments to overcome the current rejection and/or place the application in condition for allowance.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Magdalim (US Patent No. 8,990,933), Boyer et al. (US PGPUB No. 2020/0358799), Nunes et al. (US PGPUB No. 2021/0203690), Romeo et al. ("SEMPHISH: A Phishing Detection Tool Based on Semantic Hashes," 2025 12th International Conference on Future Internet of Things and Cloud (FiCloud), Istanbul, Turkiye, 2025, pp. 10-17, doi: 10.1109/FiCloud66139.2025.00009), Abeywardena et al. ("Triplet Mining-based Phishing Webpage Detection," 2020 IEEE 45th Conference on Local Computer Networks (LCN), Sydney, NSW, Australia, 2020, pp. 377-380, doi: 10.1109/LCN48667.2020.9314828) and Privalov et al. ("Development of a Software Tool for Searching Fake Educational Domain Names," 2023 3rd International Conference on Technology Enhanced Learning in Higher Education (TELE), Lipetsk, Russian Federation, 2023, pp. 270-275, doi: 10.1109/TELE58910.2023.10184377) all disclose various aspects of the claimed invention including using screenshot hashing to discover malicious domains.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179. The examiner can normally be reached Max Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/PETER C SHAW/Primary Examiner, Art Unit 2493 February 21, 2026