SYSTEMS AND METHODS FOR SECURING CONTENT

DETAILED ACTION This is a non-final Office Action in response to communications received on 10/03/2024. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority or Provisional Priority to 10/04/2023 is recognized. Drawings The drawings filed on 10/03/2024 are acknowledged. Information Disclosure Statement No information disclosure statement (IDS) has been filed for this application. The Examination is conducted without any Prior Art search help from the Applicant. Applicant is reminded of the duty to disclose from section 2100 of the MPEP: 37 C.F.R. 1.56; Duty to disclose information material to patentability. A patent by its very nature is affected with a public interest. The public interest is best served, and the most effective patent examination occurs when, at the time an application is being examined, the Office is aware of and evaluates the teachings of all information material to patentability. Each individual associated with the filing and prosecution of a patent application has a duty of candor and good faith in dealing with the Office, which includes a duty to disclose to the Office all information known to that individual to be material to patentability as defined in this section. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-4, 7, 11, 13-17, and 20 are rejected under 35 U.S.C. 103 over Dai Zovi (US 2016/0125193) in view of Hassan (US 2018/0096113). Regarding claim 1, Dai Zovi teaches the limitations of claim 1 as follows: A method comprising: determining, using a browser module of a computing device, whether a content element representing a first portion of a webpage includes sensitive information, wherein the computing device includes a secure display path; (Dai Zovi, Paras. [0026], [0029]-[0036], [0045], [0050]-[0053], financial transaction information such as card number, expiration date, CVV, PIN/passcode, (i.e., sensitive information) are displayed on the screen. Which require secure display path to present and maintain a predetermined display area (i.e., a secure display path) for securely displaying sensitive information). determining, whether the secure display path is enabled in response to determining that the content element includes the sensitive information; (Dai Zovi, Paras. [0026], [0029]-[0036], [0045], [0050]-[0053], the system recognizes when a content includes sensitive information, and applies secure display path (i.e., enabled) for the sensitive data, to protect the content, but non-sensitive content are not using the secure path). outputting, the content element to a display screen associated with the computing device via the secure display path, in response to determining that the secure display path is enabled; (Dai Zovi, Paras. [0026], [0029]-[0036], [0045], [0050]-[0053], “The secure display element module 319, ….., is configured to present and maintain a predetermined display area for securely displaying sensitive information (i.e., outputting)). Dai Zovi, is capable of applying a secure display path for sensitive data, but it does not explicitly disclose: outputting, using the browser module, a second portion of the webpage to the display screen associated with the computing device. However, Hassan in the Same field of endeavor discloses: outputting, using the browser module, a second portion of the webpage to the display screen associated with the computing device. (Hassan, Paras. [0015]-[0017], [0040]-[0045], [0066], discloses a content sharing experience, which identifies a particular portion of the screen to be sharing protected (sensitive information), where the portion of the screen is mapped in a DRM library, while other portions of the screen are shared during the sharing experience, (non-sensitive information) and displayed to the screen (i.e., outputting … a second portion)). Hassan is combinable with Dai Zovi, because both are from the same field of content sharing in a computing system. It would have been obvious to a person having ordinary skill in the art before the effective filling date of the invention to output the non-sensitive information to the display without using secure path, as taught by Hassan with Dai Zovi’s method in order to improve computing device performance during a screen sharing experience. As per claims 14 and 20, claims 14 and 20 encompass same or similar scope as claim 1. Therefore, claims 14 and 20 are rejected based on the reasons set forth above in rejecting claim 1. Regarding claim 2, Dai Zovi and Hassan teach the limitations of claim 1. Dai Zovi teaches the limitations of claim 2 as follows: The method of claim 1, wherein the secure display path is included in an operating system of the computing device. (Dai Zovi, Paras. [0045]-[0046], [0050]-[0051], an operating system 311 includes various procedures, sets of instructions, software components and/or drivers for controlling and managing general system tasks (e.g., memory management, storage device control, power management, etc.) and facilitates communication between various hardware and software components. Secure display element module 319 is integrated with the interface module 315, display subsystem 340, controls rendering, animation, and display timing). As per claim 15, claim 15 encompass same or similar scope as claim 2. Therefore, claims 15 is rejected based on the reasons set forth above in rejecting claim 2. Regarding claim 3, Dai Zovi and Hassan teach the limitations of claim 1.Hassan teaches the limitations of claim 3 as follows: The method of claim 1, wherein determining, using the browser module of the computing device, whether the content element representing the first portion of the webpage includes the sensitive information comprises: determining whether the content element is associated with a security attribute. (Hassan, Paras. [0057]-[0060], [0070]-[0073], [0078]-[0080], [0081]-[0083], and Fig. 6, regions of a display (region 218b) are designated as sharing protected for sensitive data and mapped to the DRM library. The library is updated to indicate whether a region is sharing protected or not. Which shows a security attribute associated with the content or region. Steps 608-612, discloses whether DRM policy allows sharing and allow/prevent the content from being shared, by associating content/region with a protection status). The same motivation to combine utilized in claim 1 is equally applicable in the instant claim. As per claim 16, claim 16 encompass same or similar scope as claim 3. Therefore, claim 16 is rejected based on the reasons set forth above in rejecting claim 3. Regarding claim 4, Dai Zovi and Hassan teach the limitations of claim 1. Dai Zovi and Hassan teach the limitations of claim 4 as follows: The method of claim 3, wherein the security attribute includes at least one security requirement for the content element to be presented on the display screen, (Hassan, Paras. [0057]-[0060], [0070]-[0073], [0078]-[0080], [0081]-[0083], and Fig. 6, regions of a display (region 218b) are designated as sharing protected for sensitive data and mapped to the DRM library. The library is updated to indicate whether a region is sharing protected or not. Which shows a security attribute associated with the content or region. Presentation of a content depends on security status. For example, if a region is sharing protected, the content is not presented to non-privileged users or is presented only to devices that are designated as sharing-privilege. Therefore, only if the condition is met, the content gets displayed). via the secure display path. (Dai Zovi, a predetermined display (i.e., secure display path)). The same motivation to combine utilized in claim 1 is equally applicable in the instant claim. As per claim 17, claim 17 encompass same or similar scope as claim 4. Therefore, claim 17 is rejected based on the reasons set forth above in rejecting claim 4. Regarding claim 7, Dai Zovi and Hassan teach the limitations of claim 1. Dai Zovi and Hassan teach the limitations of claim 7 as follows: The method of claim 1, wherein outputting, using the browser module, the second portion of the webpage to the display screen comprises: outputting the second portion of the webpage to the display screen, (Hassan, Paras. [0015]-[0017], [0040]-[0045], [0066], discloses a content sharing experience, which identifies a particular portion of the screen to be sharing protected (sensitive information), where the portion of the screen is mapped in a DRM library, while other portions of the screen are shared during the sharing experience, (non-sensitive information) and displayed to the screen (i.e., outputting … a second portion)). via the secure display path. (Dai Zovi, a predetermined display (i.e., secure display path)). The same motivation to combine utilized in claim 1 is equally applicable in the instant claim. Regarding claim 11, Dai Zovi and Hassan teach the limitations of claim 1. Dai Zovi teaches the limitations of claim 11 as follows: The method of claim 1, wherein prior to outputting the content element to the display screen via the secure display path in response to determining that the secure display path is enabled, the content element is not decrypted by a content decryption module associated with digital rights management. (Dai Zovi, Paras. [0045]-[0046], [0050]-[0051], discloses a secure rendering technique that do not rely on DRM encryption/decryption. Instead protect content at render time, and security is achieved at the rendering stage, not via DRM decryption). Regarding claim 13, Dai Zovi and Hassan teach the limitations of claim 1. Dai Zovi teaches the limitations of claim 13 as follows: The method of claim 1, further comprising: responsive to outputting the content element to the display screen, determining, using the secure display path, whether the content element was displayed on the display screen; and transmitting, using the secure display path, the determination whether the content element was displayed on the display screen, to the browser module. (Dai Zovi, Paras. [0045]-[0046], [0050]-[0051], discloses a secure rendering technique that do not rely on DRM encryption/decryption. Instead protect content at render time, and security is achieved at the rendering stage, not via DRM decryption). Claims 5-6 and 18-19 are rejected under 35 U.S.C. 103 over Dai Zovi (US 2016/0125193) in view of Hassan (US 2018/0096113), and further in view of Rajput (US 10,803,188). Regarding claim 5, Dai Zovi and Hassan teach the limitations of claims 1-4. Dai Zovi teaches the limitations of claim 5 as follows: The method of claim 4, wherein the at least one security requirement includes one or more of: the secure display path is configured to block the content element from being transmitted to one or more external ports of the computing device; the secure display path is configured to block the content element from being transmitted to one or more loud speakers included in the computing device; the secure display path is configured to block the content element from being presented on the display screen when a remote desktop application is operating on the computing device; the secure display path is configured to block the content element from being presented on the display screen when the display screen is being screenshared; or the secure display path is configured to block the content element from being presented on the display screen when the display screen is being screenshotted. (Dai Zovi, Paras. [0020]-[0023], [0062], [0067]-[0071], the secure display path disguises or conceals sensitive information (masking the content), so no single screenshot reveals the protected content. Only partial or masked segments of the data is displayed when it’s been screenshotted (i.e., or to mask the content element …. When the display screen is being screenshotted)). Dai Zovi, does not explicitly disclose: to block the content element from being presented on the display screen, However, Rajput in the same field of endeavor teaches: to block the content element from being presented on the display screen, (Rajput, Col. 7, ll. 20-46, The security action includes blocking sharing the sensitive information with the application (i.e., to block)). Rajput is combinable with Dai Zovi and Hassan, because all are from the same field of sharing content in a computing system. It would have been obvious to a person having ordinary skill in the art before the effective filling date of the invention to block the sensitive content from being displayed, as taught by Rajput with Dai Zovi and Hassan’s method in order to protect the user from accidental data leakage. As per claim 18, claim 18 encompass same or similar scope as claim 5. Therefore, claim 18 is rejected based on the reasons set forth above in rejecting claim 5. Regarding claim 6, Dai Zovi and Hassan teach the limitations of claim 1. Dai Zovi and Hassan and Rajput teach the limitations of claim 5. Dai Zovi and Hassan teach the limitations of claim 6 as follows: The method of claim 5, wherein determining that the at least one security requirement is satisfied. (Hassan, Paras. [0057]-[0060], [0070]-[0073], [0078]-[0080], [0081]-[0083], and Fig. 6, regions of a display (region 218b) are designated as sharing protected for sensitive data and mapped to the DRM library. The library is updated to indicate whether a region is sharing protected or not. Which shows a security attribute associated with the content or region. Presentation of a content depends on security status. For example, if a region is sharing protected, the content is not presented to non-privileged users or is presented only to devices that are designated as sharing-privilege. Therefore, only if the condition is met, the content gets displayed). determining that the secure display path is enabled, (Dai Zovi, Paras. [0026], [0029]-[0036], [0045], [0050]-[0053], the system recognizes when a content includes sensitive information, and applies secure display path (i.e., enabled) for the sensitive data, to protect the content, but non-sensitive content are not using the secure path). The same motivation to combine utilized in claim 5 is equally applicable in the instant claim. As per claim 19, claim 19 encompass same or similar scope as claim 6. Therefore, claim 19 is rejected based on the reasons set forth above in rejecting claim 6. Claims 8-10 are rejected under 35 U.S.C. 103 over Dai Zovi (US 2016/0125193) in view of Hassan (US 2018/0096113), and further in view of Ramana (US 2023/0367892). Regarding claim 8, Dai Zovi and Hassan teach the limitations of claim 1. Ramana in the same field of endeavor teaches the limitations of claim 8 as follows: The method of claim 1, further comprising: blocking, using the browser module, the content element from being outputted to the display screen in response to determining that the secure display path is not enabled. (Ramana, Paras. [0027], [0049], [0053]-[0064], [0084], Figs. 2A-2B, the document shows blocking API calls and access to data (i.e., the content), when the secure path is not enabled. Whitelist (secure path) is required. The system maintains a list of allowed domains/ whitelist, and a request is considered secure only if the URL is on that list. Step 206 includes blocking … responsive to the domain failing to be a member of the list of allowed domains (i.e., secure display path is not enabled)). Ramana is combinable with Dai Zovi and Hassan, because all are from the same field of accessing sensitive data in a computing system. It would have been obvious to a person having ordinary skill in the art before the effective filling date of the invention to block the sensitive content from being displayed when the secure path is not enabled, as taught by Ramana with Dai Zovi and Hassan’s method in order to protect the user from accidental data leakage. Regarding claim 9, Dai Zovi and Hassan and Ramana teach the limitations of claim 8. Ramana in the same field of endeavor teaches the limitations of claim 9 as follows: The method of claim 8, wherein determining, using the browser module of the computing device, whether the content element representing the first portion of the webpage includes the sensitive information comprises: determining that the content element is associated with a security attribute including one or more security requirements, (Ramana, Paras. [0027], [0049], [0053]-[0064], [0084], Figs. 2A-2B, the system blocks access by default when requirements are not met, and treats unauthorized access as a security violation. The whitelist functions as a security attribute, and the authorization is a security requirement for displaying the content). wherein the secure display path is not enabled when one or more of the one or more security requirements are not satisfied. (Ramana, Paras. [0027], [0049], [0053]-[0064], [0084], Figs. 2A-2B, the security requirements are evaluated before display/execution (intercepts the API call before execution). If the requirement is not met (when the domain is not allowed), the process does not proceed to display/execution). The same motivation to combine utilized in claim 8 is equally applicable in the instant claim. Regarding claim 10, Dai Zovi and Hassan and Ramana teach the limitations of claim 8. Dai Zovi and Ramana teach the limitations of claim 10 as follows: The method of claim 9, further comprising: outputting, using the browser module, alt text associated with the content element to the display screen, (Dai Zovi, Paras. [0020]-[0023], [0062], [0067]-[0071], the secure display path disguises or conceals sensitive information (masking the content), so no single screenshot reveals the protected content. Only partial or masked segments of the data is displayed when it’s been screenshotted (i.e., alt text)). in response to determining that the secure display path is not enabled. (Ramana, Paras. [0027], [0049], [0053]-[0064], [0084], Figs. 2A-2B, the system treats unauthorized access as a security violation. when the domain is not a member of the whitelist, the secure path is not enabled). The same motivation to combine utilized in claim 8 is equally applicable in the instant claim. Claim 12 is rejected under 35 U.S.C. 103 over Dai Zovi (US 2016/0125193) in view of Hassan (US 2018/0096113), and further in view of Hamid (US 2009/0106556). Regarding claim 12, Dai Zovi and Hassan teach the limitations of claim 11. Hamid in the same field of endeavor teaches the limitations of claim 12 as follows: The method of claim 11, wherein determining, using the browser module, whether the content element representing the first portion of the webpage includes the sensitive information comprises: determining whether the content element is associated with a tag. (Hamid, Paras. [0014]-[0016], [0029]-[0030], [0042]-[0044], the known portion of the electronic content associated with the tag. Recognizing the tag … and associating electronic data with the request and tag). Hamid is combinable with Dai Zovi and Hassan, because all are from the same field of including a display screen as an output for the client device. It would have been obvious to a person having ordinary skill in the art before the effective filling date of the invention to display a sensitive content associated with a tag, as taught by Hamid with Dai Zovi and Hassan’s method in order to identify and control a specific portion of content across devices/components. Claim 13 is rejected under 35 U.S.C. 103 over Dai Zovi (US 2016/0125193) in view of Hassan (US 2018/0096113), and further in view of Safruti (US 2019/0173900). Regarding claim 13, Dai Zovi and Hassan teach the limitations of claim 1. Safruti teaches the limitations of claim 13 as follows: The method of claim 1, further comprising: responsive to outputting the content element to the display screen, determining, using the secure display path, whether the content element was displayed on the display screen; (Safruti, Paras. [0034]-[0043], [0047]-[0051], verifies rendering and interaction behavior, DOM and page structure inspection. If the elements exist only after rendering, their presence shows that they were displayed). transmitting, using the secure display path, the determination whether the content element was displayed on the display screen, to the browser module. (Safruti, Paras. [0033]-[0034], [0046]-[0051], [0058]-[0059], the system transmits the results of determination, reports test results and collected data back to the security system 120. The determination reaches the browser module via a token returned to the client security module, via instruction (CAPTCHA), and modified behavior). Safruti is combinable with Dai Zovi and Hassan, because all are from the same field of controlling access. It would have been obvious to a person having ordinary skill in the art before the effective filling date of the invention to transmit the determination to the browser module, as taught by Safruti with Dai Zovi and Hassan’s method in order to enforce security decisions immediately. References Considered But Not Relied Upon Jose (US 2022/0309183) discloses masking sensitive information during screen sharing. Lecuyer (US 2022/0327227) discloses a model of detecting phishing webpage content while sharing information of individual. Conclusion Accordingly, claims 1-20 are rejected. Any inquiry concerning this communication or earlier communications from the examiner should be directed to PEGAH BARZEGAR whose telephone number is (703)756-4755. The examiner can normally be reached M-F, 9:00 - 5:30. Examiner interviews are available via telephone using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787. The fax phone number for the Application/Control Number: 17/470,067 Page 17 Art Unit: 2438 organization where this application or proceeding is assigned is 571-273- 8300. Application/Control Number: 17/386,076 Page 25 Art Unit: 2438 Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patentcenter for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000. /P.B./Examiner, Art Unit 2438 /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438