Systems and Methods for Detecting Phishing-Based Cybersecurity Threats

§102 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Detailed Action Claims 81-100 are pending in this Office Action. Claims 81, 96 and 100 are in independent form. Claims 81, 84-86, 89, 91-93, 95-96, 99 and 100 are amended. Claims 82 and 97 are cancelled. Claims 1-80, and 101-159 remain cancelled. Information Disclosure Statement The information disclosure statement filed on 9/24/25 have been considered. Response to Arguments Applicant’s arguments filed in the amendment filed 1/8/2026, have been fully considered but are moot in view of new grounds of rejection. The reasons set forth below. Examiner Suggested Amendment or Focus Based on the maturity of the existing phishing art, applicant is encouraged to detail features of response times from para 12, details of the javascript agent (para 87, 89-93) and object handling of para 111-114). A multitude of claimed features may make a non-obvious set of features. Applicant’s invention as claimed: Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. Claims 81, 84, 86-90, 92; 96, 99-100 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S. Patent Publication No. 20170244755 by Tsao 81. (Original) A non-transitory computer readable medium containing instructions that when executed by at least one processor cause the at least one processor to perform cybersecurity operations for detecting a phishing attempt (Tsao: page 1, para 5), the operations comprising: receiving a code for execution (Tsao: page 2, para 25; receive a login page); and injecting, into a web browser execution environment associated with the code, at least one agent by inserting instructions into the code for implementing the agent (Tsao: page 2, para 25-26), wherein the agent is configured to: collect execution data associated with rendering webpage content based on the code (Tsao: page 2, para 27); analyze the execution data to detect at least one anomaly (Tsao: page 3, para 30-33); determine, based on web browsing session runtime events resulting from executing the code in at least one execution context associated with the web browser execution environment, whether functionality associated with the renderable webpage content is valid (Tsao: page 3, para 31-33); and implement a remedial action upon determining that the functionality associated with the webpage content is not valid (Tsao: page 3, para 31-33; block user from use). 84. (Original) The non-transitory computer readable medium of claim 81, wherein determining whether functionality associated with the webpage content is valid includes: executing the code in the at least one execution context in an isolated environment, and emulating at least one event in the isolated environment to identify a behavior of the code associated with the at least one event (Tsao: page 2, para 26-29); and wherein determining that the functionality associated with the webpage content is not valid includes determining that the identified behavior diverges from an expected behavior (Tsao: page 3, para 31-33; illegitimate). 86. The non-transitory computer readable medium of claim 84, wherein emulating at least one event in the isolated environment includes submitting at least one value using a form of the webpage content, and wherein identifying the behavior of the code includes determining a response to submitting the at least one value (Tsao: page 3, para 31-33; login credentials) 87. The non-transitory computer readable medium of claim 86, wherein the at least one value is arbitrary (Tsao: page 2, para 27; accepting fake credentials). 88. The non-transitory computer readable medium of claim 87, wherein the form is a login form, and wherein the at least one value corresponds to a login credential (Tsao: page 3, para 31-33; login credentials). 89. The non-transitory computer readable medium of claim 88, wherein the webpage content is associated with a first web page, the expected behavior corresponds to an invalid credential warning, and the identified behavior includes redirecting a web browser to a second web page (Tsao: page 2, para 22-23; page 33, para 31-33; login credentials). 90. (Original) The non-transitory computer readable medium of claim 81, wherein the at least one anomaly includes a broken link (Tsao: page 3, para 34-38; unsuccessful login). 92. (Original) The non-transitory computer readable medium of claim 81, wherein the at least one anomaly includes a property violating a security rule (Tsao: page 2, para 25-27). Claims 96, 99-100 are rejected as being substantially similar in scope to claims 81, 84 above. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 85, 91, 93-95 are rejected under 35 U.S.C. 103 as being unpatentable by U.S. Patent Publication No. 20170244755 by Tsao et al in view of 2020/0204587 by Hunt et al. Regarding claim 85, (Original) The Tsao reference teaches: The non-transitory computer readable medium of claim 84, wherein emulating at least one event in the isolated environment includes simulating following a link included in the webpage content. The Tsao reference fails to teach a Document Object Model. In analogous art, the Hunt reference teaches: monitoring a Document Object Model (DOM) structure associated with the webpage content, and determining that the identified behavior diverges from the expected behavior when the DOM structure remains unchanged after simulation of following the link (Hunt: page 1, para 7- page 2, para 9 and page 2, para 22- page 3, para 27) in order to more effectively, efficiently, and accurately detect phishing attacks (Hunt: page 1, para 5). It would have been obvious to one of ordinary skill in the art, before the effective filing date, to include the DOM based measures as taught by Hunt in the phishing simulated environment as taught by Tsao in order to more effectively, efficiently, and accurately detect phishing attacks (Hunt: page 1, para 5). 91. (Original) The non-transitory computer readable medium of claim 90, wherein the broken link is an invalid link lacking an associated listener in a DOM structure associated with the webpage content (Hunt: page 8, para 98-100). 93. (Original) The non-transitory computer readable medium of claim 92, wherein the property is associated with a root of a DOM structure associated with the webpage content where the DOM tree is compromised by a fake link and detected by a system in order to find vulnerabilities in GUIs (Hunt: page 7, para 85- page 8, para 100). 94. (Original) The non-transitory computer readable medium of claim 92, wherein the property includes a network request property (Hunt: page 7, para 85- page 8, para 100). 95. (Original) The non-transitory computer readable medium of claim 92, wherein the property includes a DOM structure associated with the content (Hunt: page 7, para 85- page 8, para 100). Claims 83 and 98 are rejected under 35 U.S.C. 103 as being unpatentable by U.S. Patent Publication No. 20170244755 by Tsao et al in view of 2021/0006591 by Akuka et al. Regarding claim 83, (Original) Tsao teaches the non-transitory computer readable medium of claim 81. The Tsao reference fails to teach a Javascript Agent. However, in analogous art, the Akuka reference teaches code is configured for execution by a JavaScript engine and the at least one agent includes a JavaScript agent (Akuka: page 2, para 41; page 4, para 71) in order to protect against phishing websites and detect malicious code (Akuka: page 1 para 4-7). It would have been obvious to one of ordinary skill in the art, before the effective filing date, to include the Javascript agent as taught by Akuka in the phishing simulated environment as taught by Tsao in order to protect against phishing websites and detect malicious code (Akuka: page 1 para 4-7). Claim 98 is rejected as being substantially similar to claim 83. Prior Art The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure: U. S. Patent Publication No. 20080046738 by Galloway et al teaches anti-pishing agents in para 30. U. S. Patent No. 11979383 by Litty teaches transparent browsing with javascript agents. U. S. Patent No. 9294498 by Yampolskiy et al teaches a portal for scoring security scores using agents. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN R BRUCKART whose telephone number is (571)272-3982. The examiner can normally be reached M-TH: 7-6p. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BENJAMIN R BRUCKART/Supervisory Patent Examiner, Art Unit 2424