ASSET CRAWLING WITH INTERNET ARCHIVES FOR ENHANCED WEB APPLICATION SCANNING

DETAILED ACTION This office action is in reply to applicant communication filed on October 30, 2025. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-3 are pending. Response to Argument Applicant’s arguments filed on October 30, 2025 with respect to the 35 USC 102/103 rejections of independent claims have been fully considered but they are not persuasive. Applicant’s argues that the prior arts on record, Shema (US Pub. No. 2014/0137228) in view of Prince (US Pub. No. 2011/0283359), fails to teach the independent claims limitation, “….an archive server that stores snapshots of dynamic pages from when they were available on the front of the web host” Examiner respectfully disagrees. A review of the prior arts of the record (Shema) corresponding to the above argued claim limitation reveals that the argued limitation is disclosed by Shema’s reference as, (Paragraph 27 of Shema, in an example embodiment, the information received/retrieved by web application scanner device 100 is information stored in an HTTP archive (HAR) file 112 stored in the user computers 110 and/or stored remotely. As it is understood by persons of ordinary skill in the art, files such as HAR files capture actual information flow, including user actions, sequences, and/or values, to/from browser 111 pertaining to user interactions with web applications in particular target websites. It is to be understood herein that web application scanner device 100 is operable to receive/retrieve information stored in files, such as HAR files 112, in a plurality of ways, including requesting permission from the typical user and scheduled information retrievals). The specification defines snapshot of dynamic page as pages that they were available on the front of the web host (see paragraph 31 of the specification), Similarly, Shema’s reference disclosed the HAR files as, (paragraph 24 of Shema, web application scanner device 100 is operable to receive and/or retrieve from one or more user's computers 110 a plurality of historic information pertaining to the user's activities, including request/respond pairs, with web applications in a particular target website. In an example embodiment, the information received/retrieved by web application scanner device 100 is information stored in an HTTP archive (HAR) file 112 stored in the user computers 110 and/or stored remotely. As it is understood by persons of ordinary skill in the art, files such as HAR files capture actual information flow, including user actions, sequences, and/or values, to/from browser 111 pertaining to user interactions with web applications in particular target websites). Therefore, the claimed snapshots of dynamic pages are equivalent to the Shema’s reference HAR files 112 because both the claimed snapshots of dynamic pages and the reference HAR files are storing historic information of user activities on target website. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. . Claims 1-3 are rejected under 35 U.S.C. 103 as being unpatentable over Shema (US Pub. No. 2014/0137228) in view of Prince (US Pub. No. 2011/0283359). As per claim 1 Shema discloses: A computer-implemented method in a network security device, on a data communication network, for asset crawling with Internet archives for enhanced web application scanning, the method comprising: (paragraph 28 of Shema, web application scanner 100 is operable to utilize the received/retrieved user interaction information 112, such as those logged in HAR files, to dynamically determine, among other things, the various ways in which typical users interact with web applications within the target website and the collective target website as a whole). Wherein at least one of the dynamic pages is no longer available on a front end of a web host; (paragraph 27 of Shema, web application scanner device 100 is operable to receive and/or retrieve from one or more user's computers 110 a plurality of historic information pertaining to the user's activities). Responsive to not being available on the front end of the web host, retrieving the at least one dynamic page from an archive server that stores snapshots of dynamic pages from when they were available on the front of the web host; (Paragraph 27 of Shema, in an example embodiment, the information received/retrieved by web application scanner device 100 is information stored in an HTTP archive (HAR) file 112 stored in the user computers 110 and/or stored remotely. As it is understood by persons of ordinary skill in the art, files such as HAR files capture actual information flow, including user actions, sequences, and/or values, to/from browser 111 pertaining to user interactions with web applications in particular target websites. It is to be understood herein that web application scanner device 100 is operable to receive/retrieve information stored in files, such as HAR files 112, in a plurality of ways, including requesting permission from the typical user and scheduled information retrievals). Checking the at least one dynamic page for vulnerabilities; (paragraph 28 of Shema, it is also to be understood herein that web application scanner 100 can perform the receiving/retrieving of user interaction information from more than one HAR file 112 of user computer 110, HAR files 112 of one or more user computers 110, and such receiving/retrieving can be performed continuously, periodically, upon a certain event occurring (such as when or after a typical user visits the target website), and/or at scheduled times. Upon analyzing the received/retrieved user interaction information, it is recognized herein that web application scanner 100 is operable to dynamically determine one or more actions or series of actions that simulate actual typical users so as to perform scanning of target websites with significantly improved accuracy, efficiency, effectiveness, and without unduly introducing problems and vulnerabilities to the target websites). Shema teaches the method of receiving user activities historic information from one or more user’s computer and scan them to identify any vulnerability (see paragraph 27 of Shema) but fails to disclose the method of receiving, in real-time, a scan request for a domain that includes dynamic pages and Responsive to identifying at least one vulnerability on at least one of the dynamic pages, taking a security action with respect to the at least one dynamic page. However, in the same field of endeavor, Prince teaches this limitation as, (paragraph 211 of Prince, the proxy server 120 scans the requested resource for threats (e.g., viruses, worms, malware, etc.) and flow moves to block 1780. If a threat is not detected, then flow moves to block 1770 and the requested resource is transmitted to the client device. If a threat is detected, however, then flow moves to block 1785 where alternative action is taken (e.g., the response is blocked and the visitor and/or domain owner may be notified)). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Shema to include the above limitation using the teaching of Prince in order to secure the computing system by scanning and taking an action on the detected threat (see paragraph 211 of Prince). Claims 2 and 3 are rejected under the same reason set forth in rejection of claim 1. Conclusion The prior art made or record and not relied upon is considered pertinent to applicant’s disclosure is Gartside (US Pub. No. 2012/0227110). Gartside’s reference discloses: A system, method, and computer program product are provided for scanning data for unwanted content and unwanted sites in response to a user request. In use, a user request is received via a network to scan data prior to downloading the data utilizing a network browser. In addition, the data is scanned for unwanted content and associated unwanted sites in response to the user request. Further, a response is sent to the user via the network. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally be reached M-F 8 a.m. - 5 p.m.. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Shayanfar can be reached at (571) 270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TESHOME HAILU/Primary Examiner, Art Unit 2434