Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The present office action is responsive to communication received 09/19/2024.
Claims 1-20 are pending.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 09/19/2024 was filed after the mailing date of the application no. 18/848,642 on 9/19/2024. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claims objections
Claims 2-3, 5, and 12-13 objected to because of the following informalities:
Claims 2-3 and 5 should refer to “a computational method” according to claim 1 rather than “a method” according to claim 1.
Claim 12 is missing the transition word “comprising” (or equivalent) to separate the preamble from the body.
Claim 13 should refer to “a computational system” according to claim 1 rather than “a system” according to claim 1.
Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 12 is rejected under 35 U.S.C. 101 because the claimed invention is directed to nonstatutory subject matter.
The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because it is directed to a system configured to perform functionalities without reciting any structure or piece of hardware. Claim 12 recites a “computational system” , however, since the specification (see page 13 lines 5-9 of instant application) does not limit computational system to comprise hardware, broadly interpreted it can also encompass software. Dependent claims 13-20 are also rejected under 35 USC 101, because they do not cure the deficiencies of independent claim 12.
Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 12-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 12 does not recite a clear preamble and body; it is not clear what the preamble is and what the body of the claim is.
Claim 12 recites functional language that seem to be in the preamble, however it is unclear whether it is reciting a mean-plus-function limitation or merely reciting an intended use therefore, a rejection under 112b is appropriate (see MPEP 2181 I A).
Regarding claims 13-20, Claims 13-20 are dependent on claim 12, and therefore inherit 35 U.S.C. 112 second paragraph issues of the independent claim.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1, 4-5, 11-12, and 15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Shitrit-Efergan hereinafter referred to as Efergan et al. (US 20180351976).
Regarding claim 1,
Efergan discloses A computational method for the reliable blocklisting of a domain wherein it comprises the steps of:
automatically obtaining an allowlist of domains upon the computational performance of a single action, such single action involving the indication of a reported domain or of information associated with a reported domain,
[may further include generating a white list of FQDMs. To this end, any domain name cached in the DNS resolver is analyzed and added to the white list. (Shitrit-Efergan et al., paragraph 64)]
[it is checked if the requested domain name is designated in the white list, and if so, execution continues with S660; otherwise, at execution continues with S670, where the received DNS request in blocked. As noted above, the white list includes a list of legitimate FQDMs. In some embodiments, the requested domain names from blocked DNS requests are added to a black list. (Shitrit-Efergan et al., paragraph 74)]
the reported domain being potentially malicious, comparing the reported domain or information associated with the reported domain with the allowlist, based on such comparison, determining whether the reported domain is to be added to a blocklist of domains which comprises a digital collection of domains which have been digitally reported and deemed as malicious, and there from adding the reported domain to the blocklist of domains.
[it is checked if the requested domain name is designated in the white list, and if so, execution continues with S660; otherwise, at execution continues with S670, where the received DNS request in blocked. As noted above, the white list includes a list of legitimate FQDMs. In some embodiments, the requested domain names from blocked DNS requests are added to a black list. (Shitrit-Efergan et al., paragraph 74, please refer to the claim 13 as well)]
Regarding claim 12,
Efergan discloses a computational system for the reliable blocklisting of a domain,
[it is checked if the requested domain name is designated in the white list, and if so, execution continues with S660; otherwise, at execution continues with S670, where the received DNS request in blocked. As noted above, the white list includes a list of legitimate FQDMs. In some embodiments, the requested domain names from blocked DNS requests are added to a black list. (Shitrit-Efergan et al., paragraph 74, please refer to the claim 13 as well)]
The claim recites substantially the same content as claim 1 and is rejected with the rationales set forth for claim 1.
Regarding claim 4,
Efergan discloses a computational method according to claim 1,
wherein it comprises, prior to obtaining the allowlist, performing a single action by a reporting device in relation to a reported domain, the reported domain being potentially malicious.
[At S630, the received DNS request is parsed to at least identify the domain requested to be resolved. At S640, the requested domain name is compared against the footprints. If a match is found, execution continues with S650; otherwise, at S660, the received request is allowed and sent to the resolver. (Shitrit-Efergan et al., paragraph 73, please refer to Fig. 6 the step before the comparison s630)]
Regarding claim 5 and 15,
Efergan discloses a method according to claim 1 and a computational system according to claim 12,
wherein the information associated with the reported domain consists of a Uniform Resource Identifier (URI).
[The client device 120 sends a recursive query to the DNS resolver 110 including a query name. The DNS resolver 110 returns an IP address corresponding to the query name. A query name typically includes one or more labels delimited by periods that are translated from right (“top level domain”) to left (“sub domain”). For example, in a fully qualified domain name (FQDN) of “www.example.com.”, the root level is represented by the ‘.’, top level domain is “.com”, the domain is “example.com”, and the sub domain is “www”. (Shitrit-Efergan et al., paragraph 4)]
Regarding claim 11,
Eferfan discloses a computational method according to claim 1,
wherein, subsequently to the blocklisting of a certain domain or the issuing a digital notification to the identified owner, taking down the domain.
[it is checked if the requested domain name is designated in the white list, and if so, execution continues with S660; otherwise, at execution continues with S670, where the received DNS request in blocked. As noted above, the white list includes a list of legitimate FQDMs. In some embodiments, the requested domain names from blocked DNS requests are added to a black list. (Shitrit-Efergan et al., paragraph 74)]
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 3, 6-7, 10, 14, 16-17, 20 are rejected under 35 U.S.C. 103 as being unpatentable over by Shitrit-Efergan hereinafter referred to as Efergan et al. (US 20180351976) in view of Castelao et al. (WO 2021005574).
Regarding claims 3 and 14,
Eferfan discloses a method according to claim 1 and a computational system according to claim 12,
wherein the allowlist of domains is obtained through a brand verification system,
[The white list can be learned by the DNS protection system 210 during the learning phase. The white list can also be defined manually based on the contents of a cache of the DNS resolver 220. (Shitrit-Efergan et al., paragraph 54)]
Erefan fails to explicitly disclose the brand verification system obtaining at least one brand digital information which is digitally associated with each of the domains, wherein each brand digital information comprises a registered trademark and each of the domains has a Uniform Resource Indicator (URI) which is digitally associated to one of said registered trademarks, such digital association being provided in at least one server of the brand verification system.
However in an analogous art Castelao discloses the brand verification system obtaining at least one brand digital information which is digitally associated with each of the domains, wherein each brand digital information comprises a registered trademark and each of the domains has a Uniform Resource Indicator (URI) which is digitally associated to one of said registered trademarks, such digital association being provided in at least one server of the brand verification system.
[ the brand verification system obtaining brand digital information which is digitally associated with the website, wherein the brand digital information comprises a registered trademark and the website has a Uniform Resource Indicator (URI) which is digitally associated to the registered trademark in at least one server of the brand verification system. (Castelão et al., page 3, lines 8-12)]
Efergan and Castelão are considered to be analogous to the claimed invention because they are in the same field of the malicious domain determination. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Efergan to incorporate the teachings of Castelão et al. to include the brand verification system obtaining at least one brand digital information which is digitally associated with each of the domains, wherein each brand digital information comprises a registered trademark and each of the domains has a Uniform Resource Indicator (URI) which is digitally associated to one of said registered trademarks, such digital association being provided in at least one server of the brand verification system, in order for reliable authentication of origin of the website through a human-centric design. (Castelao et al., page 6, lines 23-25)]
Regarding claims 6 and 16,
Eferfan discloses a computational method according to claim 1 and a computational system according to claim 12, but fails to explicitly disclose performing a digital search by means of a brand registration system, the brand registration system comprising at least one server managed by an official trademark office, such server comprising a plurality of registered trademarks before such official trademark office, the digital search comprising determining if a domain name or a portion of a domain name of the reported domain corresponds to one of said registered trademarks in the brand registration system
However in an analogous art Castelão discloses
performing a digital search by means of a brand registration system, the brand registration system comprising at least one server managed by an official trademark office, such server comprising a plurality of registered trademarks before such official trademark office, the digital search comprising determining if a domain name or a portion of a domain name of the reported domain corresponds to one of said registered trademarks in the brand registration system.
[The brand verification system is configured to further communicate with a brand registration system, which consists of at least one server managed by an official trademark office, and which is recognized as having original registered trademarks, owned by a specific entity, and which are not confoundable with registered trademarks from other entities. Such communication allows the verification of whether a specific brand digital information - registered trademark - is indeed registered. It therefore provides a highly simple and efficient way to implement the method of the present invention. (Castelao et al., page 7, lines 19-26)]
Efergan and Castelão are considered to be analogous to the claimed invention because they are in the same field of the malicious domain determination. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Efergan to incorporate the teachings of Castelão et al. to include performing a digital search by means of a brand registration system, the brand registration system comprising at least one server managed by an official trademark office, such server comprising a plurality of registered trademarks before such official trademark office, the digital search comprising determining if a domain name or a portion of a domain name of the reported domain corresponds to one of said registered trademarks in the brand registration system, in order for reliable authentication of origin of the website through a human-centric design. (Castelao et al., page 6, lines 23-25)]
Regarding claims 7 and 17,
Eferfan in view Castelao discloses a computational method according to claim 6 and a computational system according to claim 16,
wherein the digital search is performed upon the comparison of the reported domain or information associated with the reported domain with the allowlist and therefrom determining that the reported domain is not associated with the allowlist.
[The brand verification system is configured to further communicate with a brand registration system, which consists of at least one server managed by an official trademark office, and which is recognized as having original registered trademarks, owned by a specific entity, and which are not confoundable with registered trademarks from other entities. Such communication allows the verification of whether a specific brand digital information - registered trademark - is indeed registered. It therefore provides a highly simple and efficient way to implement the method of the present invention. (Castelao et al., page 7, lines 19-26)]
Efergan and Castelão are considered to be analogous to the claimed invention because they are in the same field of the malicious domain determination. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Efergan to incorporate the teachings of Castelão et al. to include wherein the digital search is performed upon the comparison of the reported domain or information associated with the reported domain with the allowlist and therefrom determining that the reported domain is not associated with the allowlist, in order for reliable authentication of origin of the website through a human-centric design. (Castelao et al., page 6, lines 23-25)]
Regarding claims 10 and 20,
Eferfan discloses a computational method according to claim 1 and a computational system according to claim 12,
wherein the single action is associated with an Internet browser, optionally including an In-App browser.
[the web interface consists of a web browser or a component (such as an app or other type of program) of an operating system providing access to the web. (Castelao et al., page 13, lines 9-10)]
Efergan and Castelão are considered to be analogous to the claimed invention because they are in the same field of the malicious domain determination. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Efergan to incorporate the teachings of Castelão et al. to include wherein the single action is associated with an Internet browser, optionally including an In-App browser, in order for reliable authentication of origin of the website through a human-centric design. (Castelao et al., page 6, lines 23-25)]
Claims 8-9 and 18-19 rejected under 35 U.S.C. 103 as being unpatentable over by Shitrit-Efergan hereinafter referred to as Efergan et al. (US 20180351976) in view of Castelao et al. (WO 2021005574) and in further view of Pope et al. (US 10498753).
Regarding claims 8 and 18,
Eferfan in view of Castelão discloses a computational method according to claim 6 and a computational system according to claim 16, but fails to explicitly disclose computationally identifying the owner of a registered trademark resulting from the determination of correspondence, and automatically issuing a digital notification to the identified owner.
However in an analogous art Pope discloses computationally identifying the owner of a registered trademark resulting from the determination of correspondence, and automatically issuing a digital notification to the identified owner.
[Message 260 may include other information, including a registration information, fraud risk analysis, domain name owner, etc. Message 260 may also include the initial potentially fraudulent communication with the identified domain name, which may be part of the message, link or an attachment. The system may transmit Message 260 to an internal recipient to address the potential fraud. The system may also inform and transmit a message to the domain name owner. (Pope et al., column 6 , lines 32- 40)]
Efergan, Castelão, and Pope are considered to be analogous to the claimed invention because they are in the same field of the malicious domain determination. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Efergan and Castelão to incorporate the teachings of Pope et al. to include computationally identifying the owner of a registered trademark resulting from the determination of correspondence, and automatically issuing a digital notification to the identified owner, in order to transmit a message to the domain name owner to help address the potential fraud. (Pope et al., column 6, lines 35-40)]
Regarding claims 9 and 19,
Eferfan in view of Castelão and in further view of Pope discloses a computational method according to claim 8 and a computational system according to claim 18,
wherein it further comprises the owner digitally associating a brand digital information with the domain, such digital association being performed through:
- a root digital certificate, by signing and thereby creating at least one exclusive cryptographic entity which consists of a digital certificate, each digital certificate being configured to sign with a digital signature an association of a brand digital information with an URI or domain of a website,
- a block in a Blockchain-based method, by creating at least one exclusive cryptographic entity which consists of a block in a Blockchain-based method, each subsequent block being configured to associate a brand digital information with an URI or domain of a website
- a keyed-hash message authentication code (HMAC) verification, by associating a brand digital information with an URI or domain of a website.
[Typically, the owner of a trademark with a reliable authentication of its origin requests a root exclusive cryptographic entity which may subsequently provide to obtain a subsequent exclusive cryptographic entity which in turn may be used to associate a brand digital information to an URI of a website. For instance, for the case of a root digital certificate, a signature by the root digital certificate thereby allows to obtain a subsequent digital certificate, which may be used to digitally sign an association between a brand digital information and an URI of a website. (Castelao et al., page 10, lines 1-8)]
Claims 2 and 13 rejected under 35 U.S.C. 103 as being unpatentable over by Shitrit-Efergan hereinafter referred to as Efergan et al. (US 20180351976) in view of Sanchez et al. (US 20180033110).
Regarding claims 2 and 13,
Eferfan discloses a method according to claim 1 and a computational system according to claim 12, but fails to explicitly disclose wherein determining whether the reported domain is to be added to a blocklist of domains further comprises performing a computational comparison, for instance by means of computer vision, between the website of the reported domain and a website of a domain present in the allowlist.
However in an analogous art Sanchez discloses wherein determining whether the reported domain is to be added to a blocklist of domains further comprises performing a computational comparison, for instance by means of computer vision, between the website of the reported domain and a website of a domain present in the allowlist.
[The blacklist forms part of the registrant data rules stored in database 132. If the domain name matches one of those on the blacklist, the processor 142 causes a signal to be communicated to the user computer 102A (or 102B) to invoke display of a message indicating that the entered e-mail address is not valid (e.g. invalid e-mail provider). [0134] The registrant data rules module 146 is operative to cause the processor 142 to perform a check of the e-mail domain of the entered e-mail address to determine if the domain has a mail exchanger (MX) record (i.e. it is an actual mail-server and not a fabricated address). If not, the processor 142 causes a signal to be communicated to the user computer 102A (or 102B) to invoke display of a message prompting the user to check and enter a correct address. (Sanchez et al., paragraph 238)]
Efergan and Sanchez are considered to be analogous to the claimed invention because they are in the same field of the malicious domain determination. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Efergan to incorporate the teachings of Sanchez et al. to include wherein determining whether the reported domain is to be added to a blocklist of domains further comprises performing a computational comparison, for instance by means of computer vision, between the website of the reported domain and a website of a domain present in the allowlist, in order to determine and indicate wether the domain has a mail exchanger record and is not a fabricated address. (Sanchez et al., paragraph 128
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Nelson et al. (US 20150088847) discloses sending a request for content from a browser to a webserver associated with a URL and determine if the requested domain name, URL or website is registered and has corresponding custom domain data.
Birch et al. (US 20220182345) discloses identifying and processing suspicious emails associated with an email domain, The computer device may determine a security level of a email domain, and based off the level filter the email.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL ELAHIAN whose telephone number is (703) 756-1284. The examiner can normally be reached on Monday – Friday from 7:30am to 5pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at telephone number 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/D.E./DANIEL ELAHIAN, Examiner, Art Unit 2407
/Catherine Thiaw/Supervisory Patent Examiner, Art Unit 2407 1/9/2026