Detailed Action
1. This Office Action is responsive to the Amendment filed 03/10/2026. Claims 1-20 are presented for examination. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
2. The information disclosure statements (IDSes) submitted on 02/20/2026 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.
Terminal Disclaimer
3. The terminal disclaimer filed on 03/10/2026 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of the full statutory term of prior patent numbers 10404808 and 12107926 has been reviewed and is accepted. The terminal disclaimer has been recorded.
Claim Rejections - 35 USC § 102
4. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
5. Claims 1-2 and 11-12 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Soman et al. (US 2018/0159896 A1), hereinafter “Soman”.
6. As to claim 1, Soman teaches a method by a remote browsing administrator device comprising at least one processor, the method comprising:
receiving a request for a remote browsing session, the request received from a first browser running on a client device ([0021]: secure browsing device 120 receives (201) a request for an internet browser from end user device 110);
determining whether an internet protocol address associated with the request is whitelisted ([0034]: browser request module 115 may compare the URI to blacklist or whitelist rules);
if the internet protocol address associated with the request is not on a whitelist of internet protocol addresses ([0034]: browser request module 115 may compare the URI to blacklist or whitelist rules to determine whether the request should be processed locally or externally via a browser executing on a virtual machine, i.e., the request on the blacklist should be processed externally via a [secure/remote] browser executing on a virtual machine), allocating a remote browsing server based on the request ([0023]: allocate (202) a virtual machine with an instance of the internet browser executing thereon to the end user device), the remote browsing server comprising a remote browsing connector and a second browser ([0025]: After allocating the virtual machine to end user device 110, secure browsing 120 further provides (203) a remote connection to the internet browser to end user device 110 to permit the end user device to receive the visual representation of the browser executing in the virtual machine as well as provide user input to the browser to the virtual machine), and causing the first browser to connect to the second browser via the remote browsing connector such that a video stream of renderings of the second browser are displayed on the first browser and user input from the first browser is transmitted to the second browser ([0027]: When the end user device is accessing the browser on the virtual machine using a remote desktop protocol, the graphical user interface (GUI) of the desktop is generated on the server hosting the virtual machine and the GUI image data is then encoded and transmitted over the network to the client device, where it is decoded and displayed to the user … Any user input information, such as keyboard and mouse events detected over the secure browser window on the end user device, are transmitted from the device to the virtual machine over the network connection); and
if the internet protocol address associated with the request is on the whitelist of internet protocol addresses, causing the first browser to open a webpage associated with the internet protocol address ([0034]: browser request module 115 may compare the URI to blacklist or whitelist rules to determine whether the request should be processed locally or externally via a browser executing on a virtual machine, i.e., the request on the whitelist should be processed locally).
7. As to claim 2, Soman teaches the method of claim 1, retrieving the whitelist of internet protocol addresses from a whitelist database ([0034]: browser request module 115 may compare the URI to blacklist or whitelist rules to determine whether the request should be processed locally or externally via a browser executing on a virtual machine, inherently, the blacklist or whitelist rules may be stored/retrieved [from a data store] locally from the end user device or externally from the [remote/secure] browsing server).
8. As to claims 11-12, claims 11-12 are corresponding remote browsing administrator device claims that recite similar limitations as of method claims 1-2; therefore, they are rejected under the same rationale.
Claim Rejections - 35 USC § 103
9. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
10. Claims 3-5, 8-9, 13-15 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Soman, in view of Winn et al. (US 2013/0212680 A1), hereinafter “Winn”.
11. As to claim 3, Soman teaches the method of claim 2, but does not explicitly disclose “the whitelist database is associated with the remote browsing server”.
In an analogous art, Winn teaches “the whitelist database is associated with the remote browsing server” ([0035]: blacklists 320 and/or whitelists 322 may include static and/or dynamic lists which may be provided and/or configured by a user, a system administrator, a service provider or the like).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Soman and Winn to achieve the claimed invention to record, notify or alert user and/or system administrator of detected security breaches or threats, restrict the network traffic from rogue entities, change security settings or network configurations and the like (Winn, [0033]).
12. As to claim 4, Soman-Winn teaches the method of claim 2, wherein the whitelist database is associated with the client device ([0035]: blacklists 320 and/or whitelists 322 may include static and/or dynamic lists which may be provided and/or configured by a user, a system administrator, a service provider or the like).
13. As to claim 5, Soman-Winn teaches the method of claim 2, wherein the whitelist database is provided by a third party ([0035]: update to the black/white lists may come from administrator servers, third-party service providers and the like).
14. As to claim 8, Soman-Winn teaches the method of claim 1, further comprising: receiving, from the first browser running on the client device, user input indicating that a webpage opened by the first browser is not secure; and adding the internet protocol address associated with the webpage to a blacklist (Winn, Fig. 4 and [0041]: some of the data stored in the one or more data stores 408 (blacklist 410, whitelist 412, logs/reports 414 and rules/policies 416) may be provided by the user).
15. As to claim 9, Soman-Winn teaches the method of claim 8, wherein, in response to the internet protocol address associated with the webpage being added to the blacklist of internet protocol addresses, the method comprises: causing the webpage to be opened by the second browser and the video stream of renderings from the second browser to be displayed via the first browser directly by the first browser (Soman, [0034]: in response to the internet protocol address associated with a blacklist rule, the request should be processed externally via a browser executing on a virtual machine).
16. As to claims 13-15 and 18-19, claims 13-15 and 18-19 are corresponding remote browsing administrator device claims that recite similar limitations as of method claims 3-5 and 8-9; therefore, they are rejected under the same rationale.
17. Claims 6-7 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Soman, in view of BEJERASCO et al. (US 2013/0212680 A1), hereinafter “BEJERASCO”.
18. As to claim 6, Soman teaches the method of claim 1, but does not explicitly disclose “receiving, from the first browser running on the client device, user input indicating that a webpage opened by the second browser and being displayed via the video stream of renderings is secure; and adding the internet protocol address associated with the webpage to the whitelist of internet protocol addresses”.
In an analogous art, BEJERASCO discloses “receive a user indication to add the blocked web resources to a whitelist of allowed web resources via user input 25 of the user device 1. The user input 25 is used by the user to input information such as a selection of whether to add URL to a whitelist” ([0043]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Soman and BEJERASCO to achieve the claimed invention to allow authorized access to a webpage, mark an IP address as trusted, permit network traffic to and from that location.
19. As to claim 7, Soman-BEJERASCO teaches the method of claim 6, wherein, in response to the internet protocol address associated with the webpage being added to the whitelist of internet protocol addresses the method comprises: causing the webpage to be opened directly by the first browser (BEJERASCO, [0043]: receive a user indication to add the blocked web resources to a whitelist of allowed web resources, and allow access to the web resource after receiving the user indication).
20. As to claims 16-17, claims 16-17 are corresponding remote browsing administrator device claims that recite similar limitations as of method claims 6-7; therefore, they are rejected under the same rationale.
21. Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Soman, in view of Hill et al. (US 9,208,316 B1), hereinafter “Hill”.
22. As to claim 10, Soman teaches the method of claim 1, but does not explicitly disclose “if the internet protocol address associated with the request is not on the whitelist of internet protocol addresses one or more types of user input are disabled”.
In an analogous art, Hill discloses “if the internet protocol address associated with the request is not on the whitelist of internet protocol addresses one or more types of user input are disabled” (Fig. 7E and col. 17, lines 1-7: when the phishing web site may be known and present in the blacklist 186, the input controls provided for entry of the user’s credit card number and expiration data has been disabled).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Soman and Hill to achieve the claimed invention to allow the system to detect and disable potentially harmful items that are embedded within or referenced by retrievable network resources such as web pages and other types of documents (Hill, col. 2, lines 29-32).
23. As to claim 20, claim 20 is a corresponding remote browsing administrator device claim that recites similar limitations as of method claim 10; therefore, it is rejected under the same rationale.
24. Further references of interest are cited on Form PTO-892, which is an attachment to this Office Action.
25. A shortened statutory period for reply to this action is set to expire THREE (3) months from the mailing date of this communication. See 37 CFR 1.134.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUANG N NGUYEN whose telephone number is (571) 272-3886.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMAL B. DIVECHA, can be reached at (571) 272-5863. The fax phone number for the organization is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/QUANG N NGUYEN/
Primary Examiner, Art Unit 2441