Prosecution Insights
Last updated: July 17, 2026
Application No. 17/853,762

MALWARE DETECTION FOR DOCUMENTS WITH DEEP MUTUAL LEARNING

Final Rejection §103
Filed
Jun 29, 2022
Priority
Apr 25, 2022 — provisional 63/334,574 +1 more
Examiner
HUSSEIN, HASSAN A
Art Unit
2497
Tech Center
2400 — Computer Networks
Assignee
Palo Alto Networks Inc.
OA Round
4 (Final)
59%
Grant Probability
Moderate
5-6
OA Rounds
0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 59% of resolved cases
59%
Career Allowance Rate
80 granted / 135 resolved
+1.3% vs TC avg
Strong +55% interview lift
Without
With
+54.6%
Interview Lift
resolved cases with interview
Typical timeline
3y 0m
Avg Prosecution
26 currently pending
Career history
168
Total Applications
across all art units

Statute-Specific Performance

§101
0.6%
-39.4% vs TC avg
§103
97.7%
+57.7% vs TC avg
§102
0.8%
-39.2% vs TC avg
§112
0.2%
-39.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 135 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment The amendment filed 01/23/2026 has been entered. Claims 1, 17, and 18 have been amended. No Claims have been canceled. No New Claims have been newly added Claims 1-33 remain pending in the application. Applicant addition of the Terminal Disclaimer to the Claims have overcome the Double Patenting rejection previously set forth in the Non-Final Office Action mailed on 10/09/2025. The rejection has been withdrawn in view of the Terminal Disclaimer. Response to Arguments Regarding Applicant’s arguments, on page 7-8 of the remark filed on 01/23/2026, on the newly added limitations of independent Claims 1: “wherein at least one given document file that is converted has a ground truth label that labels the at least one given document based at least in part on whether or not the at least one given document is malicious or benign; and ”, arguments are persuasive. Therefore, the 35 U.S.C. 103 rejection over Saxe et al. (U.S Pub. No. 20190236273) Han et al. (U.S Pub. No. 20220004713) further in view of Rimchala et al. (U.S Pub. No. 20230245485)), has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made under 35 U.S.C. § 103 in view of the following prior art: Ducau et al. (U.S. Pub. No. 20200364338) in conjunction with Saxe et al. (U.S Pub. No. 20190236273) and Han et al. (U.S Pub. No. 20220004713). Please refer to the 35 U.S.C. 103 section below for a detailed explanation. For the reasons stated above and the new ground(s) of rejection under 35 U.S.C. 103 below, Examiner respectfully disagrees with Applicant’s argument, see Applicant’s Remarks Page 7-8, regarding allowance of the application. Examiner asserts that claims 1-33 are rejected for the reasons stated above in conjunction with the new ground(s) of rejection under 35 U.S.C. 103 below. Conclusion: Saxe-Han-Ducau teaches the aforementioned limitations of independent claims 1, 17 and 18 rendering the claim limitations obvious before the effective date of the claimed invention. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-5, 10-14, 17-22 and 27-32, is/are rejected under 35 U.S.C. 103 as being unpatentable over Saxe et al. (U.S Pub. No. 20190236273, hereinafter referred to as “Saxe”) and Han et al. (U.S Pub. No. 20220004713, hereinafter referred to as “Han”) further in view of Ducau et al. (U.S Pub. No. 20200364338, hereinafter referred to as “Ducau”) In regards to Claim 1, Saxe teaches a system, comprising: a processor configured to: (Fig. 1 label 110) receive a document for a maliciousness determination; (Par.(0003); receive potentially malicious files or documents), (Par.(0020); detecting malware in Microsoft office documents)) determine a likelihood that the received document represents a threat, at least in part using a raw bytes model, (Part.(0035); threat analyze receives malicious files and calculate probability of maliciousness)), (Par.(0036); raw bytes corresponding to anti-malware/malware detection of documents)) wherein the raw bytes model was trained, at least in part, using a mutual learning process in conjunction with training an image based model previously trained, (Par. (0034-0036); machine learning corresponding to raw bytes))(Par.(0046-0048); in conjunction with training an image based model (machine learning with malware detection and malware files with images is determined to see if malware occurs)) memory coupled to the processor and configured to provide the processor with instructions. (Fig. 1 label 120 and 110) provide as output a verdict for the document based at least in part on the determined likelihood; and (Par.(0035); threat analyze receives malicious files and calculate probability of maliciousness based on attribute value as entropy)), (Par. (0046); output a verdict for the document (entropy value as attribute outputs value that document file identifies as malicious)) Saxe does not explicitly teach at least in part, using a plurality of images of images generated in a pipeline that converts a plurality of documents into a corresponding plurality of rendered images of those documents, and wherein at least one given document file that is converted has a ground truth label that labels the at least one given document based at least in part on whether or not the at least one given document is malicious or benign; and Wherein Han teaches at least in part, using a plurality of images of images generated in a pipeline that converts a plurality of documents into a corresponding plurality of rendered images of those documents, and (Par. (0004); converting legal document into set of images using machine learning predicts and model)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Saxe to incorporate the teaching of Han to utilize the above feature because of the analogous concept of machine learning and trained data using images, with the motivation of implementing a converting of the documents the user can be more visually aware and create trust and credibility with the machine learning network and in return produce effective trained data models. (Han Par. (0002-0005)) Saxe and Han do not explicitly teach wherein at least one given document file that is converted has a ground truth label that labels the at least one given document based at least in part on whether or not the at least one given document is malicious or benign; and Wherein Ducau teaches wherein at least one given document file that is converted has a ground truth label that labels the at least one given document based at least in part on whether or not the at least one given document is malicious or benign; and (Par. (0066, 0100); one given document file that is converted (translating and transforming the files)). (Par. (0051, 0095); has a ground truth label that labels the at least one given document (document file (file) has ground truth (files with ground truth)), (Par. (0045, 0050-0051, 0066); determining the set of files has popular malware and files corresponding to ground truth and detection of malware)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Saxe and Han to incorporate the teaching of Ducau to utilize the above feature because of the analogous concept of machine learning and conversion of documents, with the motivation of preventing damages to computer based on DoS attacks and ransomware by recognizing malware and preventing disruption to files. (Ducau Par. (0002-0003)) In regards to Claim 2, the combination of Saxe, Han and Ducau teach the system of claim 1, Saxe further teaches the system of claim 1, wherein the verdict is that the received document is benign. (Par. (0055); output with benign label of file)), (Par. (0058); file is classified as malicious or benign)) In regards to Claim 3, the combination of Saxe, Han and Ducau teach the system of claim 1, Saxe further teaches the system of claim 1, wherein determining the likelihood does not require converting a portion of the received document into an image. (Par. (0036); determining of malware in document is determined by document f/file type as an XML file that is not an image)) In regards to Claim 4, the combination of Saxe, Han and Ducau teach the system of claim 1, Han further teaches wherein each image included in the plurality of images is generated using a tool that converts a document into an image. ((Par. (0004); converting legal document into set of images using machine learning predicts and model)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Saxe and Ducau to incorporate the teaching of Han for the reasons discussed in independent claim 1 stated above. In regards to Claim 5, the combination of Saxe, Han and Ducau teach the system of claim 1, Han further teaches wherein each image included in the plurality of images is generated using a tool that converts a document into an image. ((Par. (0004); converting legal document into set of images using machine learning predicts and model)), (Par. (0040); OCR (tool) used to convert PDF to image)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Saxe and Ducau to incorporate the teaching of Han for the reasons discussed in independent claim 1 stated above. In regards to Claim 10, the combination of Saxe, Han and Ducau teach the system of claim 1, Saxe further teaches the system of claim 1, wherein the image based model is a convolutional neural network model. (Par. (0022); convolutional neural network)) In regards to Claim 11, the combination of Saxe, Han and Ducau teach the system of claim 1, Saxe further teaches the system of claim 1, wherein the raw bytes model is a convolutional neural network model. (Par. (0022); convolutional neural network)) In regards to Claim 12, the combination of Saxe, Han and Ducau teach the system of claim 1, Saxe further teaches the system of claim 1, wherein, at least in part in response to receiving an indication of a false positive result, (Par. (0062); false positive indication)) the image based model is retrained using a benign data set that includes the false positive result. (Par. (0062); benign data as false positive and Par. (0068-0070); false postage results of dataset)) In regards to Claim 13, the combination of Saxe, Han and Ducau teach the system of claim 1, Saxe further teaches the system of claim 1, wherein the document is a Microsoft Office document. (Par. (0020); Microsoft Office document.) In regards to Claim 14, the combination of Saxe, Han and Ducau teach the system of claim 1, Saxe further teaches the system of claim 1, wherein a loss function used in training the raw bytes model comprises both self loss and imitation loss. (Par. (0055-0056); imitation loss (entropy loss) and self loss (regularized logistics loss)) In regards to Claims 17-18, Claims 17-18 are independent claims that recite similar limitations to independent claim 1 and the teaching of Saxe, Han and Ducau address all the limitations discussed in independent claim 1 and are thereby rejected under the same grounds. In regards to Claims 19-22, Claims 19-22 that recite similar limitations to dependent claims 2-5 and the teaching of Saxe, Han and Ducau address all the limitations discussed in dependent claim 2-5 and are thereby rejected under the same grounds. In regards to Claims 27-31, Claims 27-31 that recite similar limitations to dependent claims 10-14 and the teaching of Saxe, Han and Ducau address all the limitations discussed in dependent claim 10-14 and are thereby rejected under the same grounds. Claims 6 and 23, is/are rejected under 35 U.S.C. 103 as being unpatentable over Saxe et al. (U.S Pub. No. 20190236273, hereinafter referred to as “Saxe”) Han et al. (U.S Pub. No. 20220004713, hereinafter referred to as “Han”) and Ducau et al. (U.S Pub. No. 20200364338, hereinafter referred to as “Ducau”) further in view of Eytan et al. (U.S Pub. No. 20150205964, hereinafter referred to as “Eytan”) In regards to Claim 6, the combination of Saxe, Han, Ducau does not explicitly teach wherein at least some of the plurality of images labeled as malicious documents belong, collectively, to a multi-page document.. Wherein Eytan teaches wherein at least some of the plurality of images labeled as malicious documents belong, collectively, to a multi-page document. (Par. (0031) malware hidden in document with images corresponding to multiple pages of PDF document)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Saxe, Han and Ducau to incorporate the teaching of Eytan to utilize the above feature because of the analogous concept of malware detection of digital images and documents, with the motivation of converting documents into images users will be able to identify vulnerabilities and malware prior to transmitting to various senders. This protects the integrity of the exchange as a whole and enhances communication with various conversions. (Eytan Par. (0003)) In regards to Claim 23, Claim 23 that recite similar limitations to dependent claims 6 and the teaching of Saxe, Han, Ducau and Eytan address all the limitations discussed in dependent claim 6 and are thereby rejected under the same grounds. Claims 7-9 and 24-26, is/are rejected under 35 U.S.C. 103 as being unpatentable over Saxe et al. (U.S Pub. No. 20190236273, hereinafter referred to as “Saxe”) Han et al. (U.S Pub. No. 20220004713, hereinafter referred to as “Han”) and Ducau et al. (U.S Pub. No. 20200364338, hereinafter referred to as “Ducau”) further in view of Andriushchenko et al. (U.S Pub. No. 20230222762, hereinafter referred to as “Andriushchenko”) In regards to Claim 7, the combination of Saxe, Han and Ducau does not explicitly teach wherein, prior to training the image based model, an image hash based filtering operation is performed on at least some of the plurality of images labeled as malicious documents. Wherein Andriushchenko teaches prior to training the image based model, an image hash based filtering operation is performed on at least some of the plurality of images labeled as malicious documents. (Par. (0022); training image based model (trained deep neural network)), (Par. (0043); hash value of image))(Par. (0042); image labeled as digital document), (Par. (0002); images susceptible to imperceptible attacks)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Saxe, Han and Ducau to incorporate the teaching of Andriushchenko to utilize the above feature because of the analogous concept of machine learning and identifying malicious content on the system, with the motivation of creating a hash based system corresponding to images before the machine learning training begins to create a level of comparison and a more effective way of determining malware and compromise. By having an image hash verification coupled to machine learning the system is more prepared to combat various attacks. (Andriushchenko Par. (0002-0003)) In regards to Claim 8, the combination of Saxe, Han and Ducau does not explicitly teach wherein filtered images are stored using a TFRecord data format. Wherein Andriushchenko teaches wherein filtered images are stored using a TFRecord data format. (Par. (0043-0044); image stored using TFRecord (images stored as binary number )) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Saxe, Han and Ducau to incorporate the teaching of Andriushchenko for the reasons discussed in dependent claim 7 stated above. In regards to Claim 9, the combination of Saxe, Han and Ducau does not explicitly teach generate the image based model. Wherein Andriushchenko teaches generate the image based model. (Par. (0022); training deep neural network to create robust images)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Saxe, Han, and Ducau to incorporate the teaching of Andriushchenko for the reasons discussed in dependent claim 7 stated above. In regards to Claims 24-26, Claim 24-26 that recite similar limitations to dependent claims 7-9 and the teaching of Saxe, Han, Ducau and Andriushchenko address all the limitations discussed in dependent claim 7-9 and are thereby rejected under the same grounds. Claims 15-16 and 32-33, is/are rejected under 35 U.S.C. 103 as being unpatentable over Saxe et al. (U.S Pub. No. 20190236273, hereinafter referred to as “Saxe”) Han et al. (U.S Pub. No. 20220004713, hereinafter referred to as “Han”) and Ducau et al. (U.S Pub. No. 20200364338, hereinafter referred to as “Ducau”) further in view of Xu et al. (U.S Pub. No. 20220327376, hereinafter referred to as “Xu”) In regards to Claim 15, the combination of Saxe, Han, and Ducau teach the system of claim 1, Saxe further teaches raw bytes model. (Par. (0034-0036); machine learning corresponding to raw bytes)) Saxe, Han, and Ducau does not explicitly teach wherein using the mutual learning process includes using io predictions from a previous epoch of training the image based model as input to training a. current epoch of the …..model. (Par. (0015); machine learning), (Par. (0030); prefetched epoch matched with current epoch)), (Par. (0028); epoch corresponding to images and trained model)). Wherein Xu teaches wherein using the mutual learning process includes using io predictions from a previous epoch of training the image based model as input to training a current epoch of the …..model. (Par. (0015); machine learning), (Par. (0030); prefetched epoch matched with current epoch)), (Par. (0028); epoch corresponding to images and trained model)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Saxe, Han, and Ducau to incorporate the teaching of Xu to utilize the above feature because of the analogous concept of machine learning and identifying malicious content on the system, with the motivation of using epochs to allow the system to identify via comparison authentic entities communicating information from illegitimate or tampered ones. (Xu Par. (0027-0028)) In regards to Claim 16, the combination of Saxe, Han, and Ducau teach the system of claim 1, Saxe further teaches raw bytes model. (Par. (0034-0036); machine learning corresponding to raw bytes)) Saxe, Han, and Ducau does not explicitly teach wherein using the mutual learning process includes using predictions from a previous epoch of training the …. model as input to training a current epoch of the image based model.. Wherein Xu teaches wherein using the mutual learning process includes using predictions from a previous epoch of training the …. model as input to training a current epoch of the image based model. (Par. (0015); machine learning), (Par. (0030); prefetched epoch matched with current epoch)), (Par. (0028); epoch corresponding to images and trained model))) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Saxe, Han, and Ducau to incorporate the teaching of Xu for the reasons discussed in dependent claim 15 stated above. In regards to Claims 32-33, Claim 32-33 that recite similar limitations to dependent claims 15-16 and the teaching of Saxe, Han, Ducau and Xu address all the limitations discussed in dependent claim 15-16 and are thereby rejected under the same grounds. Relevant Prior Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Du; Min (U.S Pub. No. 20230344867) “DETECTING PHISHING PDFS WITH AN IMAGE-BASED DEEP LEARNING APPROACH”. Considered this reference because it had similar assignee and inventor with same concept of malware detection with machine learning. Sarah; Anthony (U.S Pub. No. 20220035878) “FRAMEWORK FOR OPTIMIZATION OF MACHINE LEARNING ARCHITECTURES”. Considered this application because it relates to prediction of epochs in a machine learning network. Cummings; Daniel J. (U.S Pub. No. 20220036123) “MACHINE LEARNING MODEL SCALING SYSTEM WITH ENERGY EFFICIENT NETWORK DATA TRANSFER FOR POWER AWARE HARDWARE”. Considered this application because it addressed prediction of epochs in a machine learning network.. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554. The examiner can normally be reached on 7:30am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-y.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /H.A.H./ Examiner, Art Unit 2497 /ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497
Read full office action

Prosecution Timeline

Show 13 earlier events
Dec 31, 2025
Interview Requested
Jan 14, 2026
Applicant Interview (Telephonic)
Jan 14, 2026
Examiner Interview Summary
Jan 23, 2026
Response Filed
Apr 20, 2026
Final Rejection mailed — §103
Jun 24, 2026
Interview Requested
Jun 30, 2026
Applicant Interview (Telephonic)
Jul 01, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682075
Security Configuration Optimizer Systems and Methods
2y 3m to grant Granted Jul 14, 2026
Patent 12657341
USING MULTI-PARTY COMPUTATION AND K-ANONYMITY TECHNIQUES TO PROTECT CONFIDENTIAL INFORMATION
3y 8m to grant Granted Jun 16, 2026
Patent 12657332
SYSTEMS AND METHODS FOR FACILITATING ON-DEMAND ARTIFICIAL INTELLIGENCE MODELS FOR SANITIZING SENSITIVE DATA
3y 8m to grant Granted Jun 16, 2026
Patent 12659146
SYSTEM AND METHOD USING BLOCKCHAIN ATOMIC RECORD TRANSACTION PROCESSING
3y 8m to grant Granted Jun 16, 2026
Patent 12659301
SYSTEM AND METHOD FOR FIELD PROVISIONING OF CREDENTIALS USING QR CODES
3y 6m to grant Granted Jun 16, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
59%
Grant Probability
99%
With Interview (+54.6%)
3y 0m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 135 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month