DETAILED ACTION
This office action is in response to the application filed on 11/18/2024. Claim(s) 1-20 is/are pending and are examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority/Benefit
Applicant’s priority claim is hereby acknowledged of CON of 17/712,675 04/04/2022 PAT 12192235, which papers have been placed of record in the file.
Information Disclosure Statement PTO-1449
The Information Disclosure Statement(s) submitted by applicant on 11/18/2024 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.
Examiner’s Note – Patentably Distinct Subject Matter
Application 16/831,009 now US Patent 11,799,905 and its family cases contain similar, but patentably distinct subject matter.
Examiner’s Note – Allowable Subject Matter
Claims 3 and 10 overcome the prior art and would otherwise be allowable if incorporated into the base claim along with any intervening claims. Further, the claims must overcome the double patenting rejection below.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to:
http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim(s) 1-20 is/are rejected on the grounds of nonstatutory double patenting as being unpatentable over claims 1-17 of U.S. Patent No. 12192235. Although the claims at issue are not identical in form, they are not patentably distinct from each other. In particular, instant claim 1 is anticipated by patented claim 1. Instant claim 2 is anticipated by patented claim 3. Instant claim 3 is anticipated by patented claim 4. Instant claim 4 is anticipated by patented claim 1. Instant claim 5 is anticipated by patented claim 2. Instant claim 6 is anticipated by patented claim 5. Instant claim 7 is anticipated by patented claim 6. Instant claim 8 is anticipated by patented claim 7. Instant claim 9 is anticipated by patented claim 8. Instant claim 10 is anticipated by patented claim 9. Instant claim 11 is anticipated by patented claim 10. Instant claim 12 is anticipated by patented claim 1. Instant claim 13 is anticipated by patented claim 11. Instant claim 14 is anticipated by patented claim 12. Instant claim 15 is anticipated by patented claim 7. Instant claim 16 is anticipated by patented claim 13. Instant claim 17 is anticipated by patented claim 14. Instant claim 18 is anticipated by patented claim 15. Instant claim 19 is anticipated by patented claim 16. Instant claim 20 is anticipated by patented claim 17.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-2, 4-5, 12-15, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Xue (US 2014/0298460 A1), in view of Tora (US 2022/0272125 A1) in view of Yoshimura (US 2017/0004161 A1).
Regarding claims 1, 13, and 20, Xue teaches:
“A computing platform comprising: at least one processor (Xue, ¶ 32-34 teaches processor); a communication interface communicatively coupled to the at least one processor (Xue, ¶ 30-32 teaches network interface connected to the processor); and memory storing computer-readable instructions that, when executed by the at least one processor (Xue, ¶ 32 and 36 teaches memory to cause the processor to execute method steps), cause the computing platform to: receive, from an user device, a request to evaluate a uniform resource locator (URL) (Xue, ¶ 69 and further described in ¶ 21, URL input module 214 receives a request to evaluate unknown URL in response to a user request to access the unknown URL with a mouse click); crawl the URL to extract metadata for the URL and information corresponding to one or more redirects of the URL (Xue, ¶ 70-70 and further described in ¶ 17, 55, 59 and 61, URL is processed to extract various additional information beyond its lexical features for classification including crawling the URL through redirections to identify its true URL. The process then extracts further metadata from this page including the age of the page, its domain information);
input the metadata and the information into a URL classification model to output a maliciousness score indicative of a degree to which the URL is malicious (Xue, ¶ 72-73 the information is input into the classifier which outputs a confidence score indicating the likelihood that the URL is malicious or benign. Instant specification ¶ 27-28 indicate that the ‘degree’ a URL is malicious is its likelihood of being malicious); and cause a user device to display the maliciousness score (Xue, ¶ 73 the output module outputs the confidence level is provided to the web browser, which is a visual display to the user notifying the user that the URL is likely malicious)”.
Xue does not, but in related art, Tora teaches:
“receive, from an enterprise user device (Tora, Fig. 5, ¶ 17, 20, 33, and 39 teaches receiving a request to test a URL as being malicious from an enterprise user device);
send, to the enterprise user device (Tora, Figs. 5, 6, ¶ 33, 35, and 39, displaying the results of the classification of the malicious URL to the enterprise user)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Xue and Tora, to modify the data enriched malicious URL classifier of Xue to include the method to operate the classifier with enterprise users and extract further URL metadata as taught in Tora. The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Xue and Tora do not, but in related art Yoshimura teaches:
“wherein the information comprises a number of URLs accessed before the crawl reaches a final URL (Yoshimura, ¶ 27 teaches crawling and have a crawl depth counter which counts how deep a crawl gets until it reaches its termination)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Xue, Yoshimura and Tora, to modify the data enriched malicious URL classifier of Xue and Tora to include the method to maintain a depth counter for crawling as taught in Yoshimura. The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Regarding claims 2 and 14, Xue in view of Tora in view of Yoshimura teaches:
“The computing platform of claim 1 (Xue in view of Tora in view of Yoshimura teaches the limitations of the parent claims as discussed above), wherein extracting the information corresponding to the one or more redirects of the URL (Xue, ¶ 61 teaches detecting redirects of the URL) further comprises extracting one or more of: a type of redirection (Xue, ¶ 61 teaches finding the true URL at the end of the redirections)”.
Regarding claims 4 and 15, Xue in view of Tora in view of Yoshimura teaches:
“The computing platform of claim 1 (Xue in view of Tora in view of Yoshimura teaches the limitations of the parent claims as discussed above), wherein crawling the URL comprises executing one or more feature enrichment actions on the URL (Xue, ¶ 70-70 and further described in ¶ 17, 55, 59 and 61, URL is processed to extract various additional information beyond its lexical features for classification) to identify one or more data points corresponding to the URL (Xue, ¶ 70-70 and further described in ¶ 17, 55, 59 and 61, URL is processed to extract various additional information beyond its lexical features for classification including crawling the URL through redirections to identify its true URL. The process then extracts further metadata from this page including the age of the page, its domain information), and wherein the one or more data points are further input into the URL classification model (Xue, ¶ 72-73 the information is input into the classifier which outputs a confidence score indicating the likelihood that the URL is malicious or benign. Instant specification ¶ 27-28 indicate that the ‘degree’ a URL is malicious is its likelihood of being malicious)”.
Regarding claim 5, Xue in view of Tora in view of Yoshimura teaches:
“The computing platform of claim 4 (Xue in view of Tora in view of Yoshimura teaches the limitations of the parent claims as discussed above), wherein executing the one or more feature enrichment actions comprises extracting information indicating whether or not a protocol of the URL requires a secure connection (Tora, ¶ 24 teaches meta enhanced vectorization by gathering additional enrichment data including HTTPS certification metadata if it exists for a given URL)”.
Regarding claim 12, Xue in view of Tora in view of Yoshimura teaches:
“The computing platform of claim 1 (Xue in view of Tora in view of Yoshimura teaches the limitations of the parent claims as discussed above), wherein causing the user device to display the maliciousness score comprises sending a maliciousness score notification and one or more commands directing the user device to display the maliciousness score notification (Xue, ¶ 73 the output module outputs the confidence level is provided to the web browser, which is a visual display to the user notifying the user that the URL is likely malicious), wherein sending the maliciousness score notification and the one or more commands directing the user device to display the maliciousness score notification causes the user device to display the maliciousness score (Xue, ¶ 73 the output module outputs the confidence level is provided to the web browser, which is a visual display to the user notifying the user that the URL is likely malicious)”.
Claim(s) 6 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Xue in view of Tora in view of Yoshimura in view of Pendse (US 2021/0203676 A1).
Regarding claims 6 and 16, Xue in view of Tora in view of Yoshimura teaches:
“The computing platform of claim 4 (Xue in view of Tora in view of Yoshimura teaches the limitations of the parent claims as discussed above), wherein executing the one or more feature enrichment actions comprises: extracting a domain age corresponding to the URL (Xue, ¶ 55 teaches determining the domain age); Xue in view of Tora does not, but in related art Pendse teaches: “comparing the domain age to a threshold domain age (Pendse, ¶ 55-56 and claim 6 teaches comparing the age of a URL to a threshold and determining based on the comparison exceeding the threshold or not whether the URL is malicious or not); if the domain age exceeds the threshold domain age, classifying the URL into a first category (Pendse, ¶ 55-56 and claim 6 teaches comparing the age of a URL to a threshold and determining based on the comparison exceeding the threshold or not whether the URL is malicious or not); and if the domain age does not exceed the threshold domain age, classifying the URL into a second category (Pendse, ¶ 55-56 and claim 6 teaches comparing the age of a URL to a threshold and determining based on the comparison exceeding the threshold or not whether the URL is malicious or not)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Xue, Pendse, Yoshimura, and Tora, to modify the data enriched malicious URL classifier of Xue, Yoshimura and Tora to include the method to determine a classification of the URL based on the age of the URL exceeding a threshold or not. The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Xue in view of Tora in view of Yoshimura in view of Prakash et al. (US 2021/0105302 A1).
Regarding claim 7, Xue in view of Tora in view of Yoshimura teaches:
“The computing platform of claim 4 (Xue in view of Tora in view of Yoshimura teaches the limitations of the parent claims as discussed above),
Xue in view of Tora in view of Yoshimura does not, but in related art Prakash teaches:
“wherein executing the one or more feature enrichment actions comprises extracting block rate information corresponding to the URL, wherein the block rate information indicates a number of times the URL was blocked and a number of times the URL was unblocked (Prakash, ¶ 44, 60 and 68 teaches a mechanism to determine a blocking rated for counterfeit URLs based on the number of blocked URLs in a given time period and the time which the block ends)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Xue, Prakash, Yoshimura, and Tora, to modify the data enriched malicious URL classifier of Xue, Yoshimura, and Tora to include the method to determine the blocking rate of a URL as taught in Prakash. The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Claim(s) 8 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Xue in view of Tora in view of Yoshimura in view of Papakostas et al. (US 2014/0280896 A1).
Regarding claims 8 and 17, Xue in view of Tora in view of Yoshimura teaches:
“The computing platform of claim 4 (Xue in view of Tora in view of Yoshimura teaches the limitations of the parent claims as discussed above),
Xue in view of Tora in view of Yoshimura does not, but in related art, Papakostas teaches:
“wherein executing the one or more feature enrichment actions comprises extracting manual classification information corresponding to the URL (Papakostas, ¶ 69 teaches determining manual classification information of a URL pattern as being designated or non-designated)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Xue, Papakostas, Yoshimura, and Tora, to modify the data enriched malicious URL classifier of Xue, Yoshimura, and Tora to include the method to determine the manual classification of a URL as taught in Papakostas. The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Claim(s) 9 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Xue in view of Tora in view of Yoshimura in view of Treuhaft et al. (US 2013/0275570 A1).
Regarding claims 9 and 18, Xue in view of Tora in view of Yoshimura teaches:
“The computing platform of claim 4 (Xue in view of Tora in view of Yoshimura teaches the limitations of the parent claims as discussed above), Xue in view of Tora in view of Yoshimura does not, but in related art, Treuhaft teaches:
“wherein executing the one or more feature enrichment actions comprises extracting information indicating whether one or more of an IPv4 or an IPv6 network address is present in a redirect chain for the URL (Treuhaft, ¶ 28 and 71 teaches IPv6 addressing and determining the IP address for a redirect URL)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Xue, Treuhaft, Yoshimura, and Tora, to modify the data enriched malicious URL classifier of Xue, Yoshimura, and Tora to include the method to determine the IP address for a URL redirection as taught in Treuhaft. The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Claim(s) 11 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Xue in view of Tora in view of Yoshimura in view of Hinkle et al. (US 2022/0414206 A1).
Regarding claims 11 and 19, Xue in view of Tora in view of Yoshimura teaches:
“The computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor (Xue in view of Tora in view of Yoshimura teaches the limitations of the parent claims as discussed above), cause the computing platform to:
Xue in view of Tora in view of Yoshimura does not, but in related art, Hinkle teaches: compare the maliciousness score to a predetermined maliciousness threshold (Hinkle, ¶ 64 teaches comparing the reputation score to a threshold. Hinkle, ¶ 63 teaches classifying enriched data to determine the maliciousness of URLs. Hinkle, ¶ 61-62 teaches calculating the reputation score as based on the severity of various indicators of compromise); and based on identifying that the maliciousness score exceeds the predetermined maliciousness threshold, send one or more commands to a network computing device directing the network computing device to perform one or more network security actions, wherein sending the one or more commands directing the network computing device to perform the one or more network security actions causes the network computing device to perform the one or more network security actions (Hinkle, ¶ 64 teaches comparing the reputation score to a threshold and stopping services as a result of the score exceeding the threshold)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Xue, Hinkle, Yoshimura, and Tora, to modify the data enriched malicious URL classifier of Xue, Yoshimura, and Tora to include the method to perform a security response based on exceeding a threshold as taught in Hinkle. The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Conclusion
In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure: See PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Stephen T Gundry whose telephone number is (571) 270-0507. The examiner can normally be reached Monday-Friday 9AM-5PM (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amir Mehrmanesh can be reached at (571) 270-3351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/STEPHEN T GUNDRY/Primary Examiner, Art Unit 2435