DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
The amendment filed 8/11/2025 has been entered. Claims 1-2, 11-12, 19-20 are currently amended. Claims 3, 13 are currently cancelled. Claims 1-2, 4-12, 14-20 are pending in the application.
Response to Amendments
The objections to claims 1-3, 11-13, 20 due to informalities has been withdrawn in light of applicant’s amendment to the claims, and cancellation of claims 3, 13.
The rejection of claims 11-19 under 35 USC 101 directed to non-statutory subject matter has been withdrawn in light of applicant’s amendment to the claims and cancellation of claim 13.
Response to Arguments
Applicant’s argument, see pages 9-12 of the Remarks filed 8/11/2025 with respect to claims rejected under 35 USC 103 over prior arts of record has been fully considered but asserted not persuasive due to following reason.
Examiner acknowledges applicant has amended independent claims 1, 11, 20 respectively by including limitation(s) reciting “wherein the extracted diagnostic feature is used to determine whether two or more unique individuals are working to complete a single verification of the user account” of previous claim 3 or claim 13 (thereafter cancelled). Applicant primarily argued the cited prior arts Ibrahim, as well as Liu and Lee, does not teach the amended feature(s). Examiner acknowledges applicant’s perspective, however respectively disagrees. Ibrahim teaches system and method for email account takeover detection and remediation using AI models. In particular, Ibrahim teaches that the detection approach relies on assessing fraudulence confidence level of login IP addresses to classify the login attempts by the users with a plurality of attributes/features in one or more user login data logs being extracted and used to build a labeled dataset for training a machine learning (ML) model that relies on statistics of the login attempts to classify and detect fraudulent logins. These attributes make it possible to ascertain if a login attempt or instance by a user is suspicious based on the ML model. In case of Ibrahim, the login attempt suggests working to complete a single verification of user account where verification involves providing credential(s) in logging in to user email account. In particular, para. [0040] and [0044] of Ibrahim indicates the machine learning models is based on login attempts to classify and detect fraudulent logins, with total number of distinct users with failed or successful login attempts. The distinct users implies unique individuals. For the above reason, claim rejection under 35 USC 103 is maintained, updated and presented below.
Applicant is encouraged to further include innovative features into claims to advance the case.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Examiner Notes
Examiner cites particular paragraphs, columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
Claims 1-2, 4-6, 8, 11-12, 14-16, 18, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Liu et al (US20220020027A1, hereinafter, “Liu”), in view of Lee et al (US20200234109A1, hereinafter, “Lee”), further in view of Ibrahim et al (US20210090816A1, hereinafter, “Ibrahim”).
Regarding claim 1, Liu teaches:
A method for automatically determining a social engineering attack on a user account (Liu, discloses systems and methods for detecting digital fraud that involves malicious account testing with machine learning threat model, see [Abstract]), the method comprising:
receiving verification data for the user account (e.g., [0020] receiving, via an application programming interface, the event data together with a decline code indicating a likelihood that the online event involves digital fraud or digital abuse (i.e., social engineering attack). And refer to Fig. 2 at step S212, and [0051] In a further implementation, S212 may function to source indicative data via experimentation and/or testing one or more historical corpora of event data … S212 may function to analyze the one or more historical corpora of event data to expose features of the event data that highly correlate with card testing (i.e., verification data) activity);
[extracting diagnostic metadata] from the received verification data; extracting a diagnostic feature from the diagnostic [metadata] (e.g., [0007] (ii) extracting adverse feature data from the event data that map to the one or more learnable variables of the subset. And [0010] wherein the adverse event signal comprises a decline code for an associated online event, wherein the creating includes: extracting, from the one or more corpora of event data, a corpus of adverse feature data indicative of malicious account testing within a given event; and [0015] extracting adverse feature data from the event data includes identifying a number of transaction failures during a period for a single online user. And [0048] card testing or malicious account testing as referred to herein preferably relates to a type of fraudulent activity in which a malicious actor or the like attempts to identify whether a misappropriated card account data or financial account data (i.e., verification data) can be used to make an illicit transaction), the extracted diagnostic feature corresponding to a feature of a trained machine-learning based model for determining the social engineering attack based on a learned association between the extracted diagnostic feature and the social engineering attack on the user account (e.g., [0007] (iii) providing the adverse feature data as model input to the machine learning threat model. And [0012] the method includes constructing the machine learning threat model based on the one or more learnable variables derived based on feature data indicative of malicious account testing, wherein the constructing includes: selecting an agnostic machine learning model that predicts a threat score that is agnostic to a specific type of digital fraud or digital abuse; and augmenting an algorithmic structure of the agnostic machine learning model with the one or more learnable variables derived based on feature data indicative of malicious account testing. Further refer to Fig. 2 at S250, and [0076] S250, which includes deploying a trained card testing machine learning model or a trained global machine learning model augmented with card testing learnable features, may function to implementing a trained card testing machine learning model for identifying and/or classifying card testing events); (See Lee below for teachings of limitations in bracket above)
and automatically determining the social engineering attack based on the extracted diagnostic feature (e.g., [0005] Additionally, these existing technology implementations lack the capabilities to detect new and/or never been encountered before digital threats and automatically (or near automatically) evolve the technology implementation to effectively respond and neutralize the digital threats. And [0032] Accordingly, using these finely tuned and perpetually evolving and tunable machine learning models, a system implementing the several embodiments of the present application can predict a threat level and/or classify a digital threat with high accuracy and, in some embodiments, in real-time (e.g., as the event is occurring or shortly thereafter) (i.e., automatically) compute a digital threat score for each event or activity that is received by the system), by using the trained machine-learning based model that was trained based on a first feature extracted from first training metadata regarding previously received verification data and a second feature extracted from second training metadata regarding a previous social engineering attack related to the received verification data, based on the learned association between the extracted diagnostic feature and the social engineering attack (Fig. 2 and Fig. 5 show the training of ML algorithm, and Fig. 1 shows the detecting digital fraud or abuse with ML system and Digital threat mitigation database. In this case, the first feature of verification data and the second feature of historical attack data are features (data) used for ML model training. And at Section 2.5 Deployment of Card Testing Mode: [0076] S250, which includes deploying a trained card testing machine learning model or a trained global machine learning model augmented with card testing learnable features, may function to implementing a trained card testing machine learning model for identifying and/or classifying card testing events), [wherein the extracted diagnostic feature is used to determine whether two or more unique individuals are working to complete a single verification of the user account (See Ibrahim below for teachings of limitation(s) in the bracket).
While Liu teaches the main concept of the claimed invention based on extracted adverse feature data, but does not specifically teach extracting diagnostic metadata from the received verification data, in the same field of endeavor Lee teaches:
extracting diagnostic metadata from the received verification data (Lee, discloses mechanisms for social engineering communication identification, see [Abstract]. And e.g., [0051] For those documents that are classified as being directed to a social engineering communication, … any linked documents or files associated with that document may be further processed to extract key features indicative of the social engineering classification. Both the document itself and the linked documents or files are analyzed through feature extraction mechanisms to extract the features indicative of a social engineering communication. This feature extraction may comprise identifying phrases, terms, patterns of text, etc., from key structural portions of the document and/or attached documents/files, features present in metadata associated with these documents/files. And [0076] For example, a subject classifier 142 may evaluate subject line content of communications included in documents of the corpus or corpora 130 for terms, phrases, and/or patterns of text indicative of an SEC, e.g., terms or combinations of terms like “unauthorized”, “account”, “verification”, etc.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Lee in the detecting digital fraud involving malicious account testing of Liu by extracting features indicative of social engineering classification present in metadata. This would have been obvious because the person having ordinary skill in the art would have been motivated to use the extracted features to generate a trained social engineering classification model for detection of social engineering attack (Lee, [Abstract], [0051-52]).
The combination of Liu-Lee does not specifically teach the following, in the same field of endeavor Ibrahim teaches:
wherein the extracted diagnostic feature is used to determine whether two or more unique individuals are working to complete a single verification of the user account (Ibrahim, discloses system and method for email account takeover detection based on machine learning model, see [Abstract] A new approach is proposed to support account takeover (ATO) detection based on login attempts by users. And [0040] Specifically, the proposed approach relies on assessing fraudulence confidence level of login IP addresses to classify the login attempts by the users. In some embodiments, a plurality of attributes/features in one or more user login data logs are extracted and used to build a labeled dataset for training a machine learning (ML) model that relies on statistics of the login attempts to classify and detect fraudulent logins… For a non-limiting example, if the IP address is used in a considerable number of failed login attempts and very few successful login attempts, the IP address tends to be a suspicious IP. Additionally, if the IP address shows up across multiple entities/companies with the same behavior, it is a confirmation that the IP address is illegitimate. And [0044] the statistical data/stats of the login attempts from each IP address includes but are not limited to one or more of total number of failed login attempts from the IP address (e.g., IPBadLogins), total number of successful login attempts from the IP address (e.g., IPGoodLogins), total number of distinct users with failed login attempts from the IP address (e.g., IPBadUsers), total number of distinct users with successful login attempts from the IP address (e.g., IPGoodUsers)…).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Ibrahim in the detecting digital fraud involving malicious account testing of Liu-Lee by extracting features related to user email account including from ATO as attacker based on login attempts from distinct users. This would have been obvious because the person having ordinary skill in the art would have been motivated to build a labeled dataset for training a machine learning model that relies on statistics of the login attempts to classify and detect fraudulent logins and to ascertain if a login attempt or instance by a user is suspicious based on the ML model (Ibrahim, [Abstract]).
Regarding claim 11, claim 11 is a system claim that encompasses limitations similar to those limitations of the method claim 1. Therefore, claim 11 is rejected with the same rationale and motivation as applied against claim 1. In addition, Liu teaches a system for automatically determining a social engineering attack on a user account, the system comprising: a data storage device that stores instructions for automatically determining the social engineering attack on the user account; and one or more processors configured to execute the instructions (Liu, discloses systems and methods for detecting digital fraud that involves malicious account testing with machine learning threat model, see [Abstract]. See processor and computer-readable medium (i.e., data storage device that stores instructions) in [0081]).
Regarding claim 20, claim 20 is a computer-readable medium claim that encompasses limitations similar to those limitations of the method claim 1. Therefore, claim 20 is rejected with the same rationale and motivation as applied against claim 1. In addition, Liu teaches a non-transitory computer-readable medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations for automatically determining a social engineering attack on a user account (Liu, discloses systems and methods for detecting digital fraud that involves malicious account testing with machine learning threat model, see [Abstract]. See processor and computer-readable medium in [0081]).
Regarding claim 2, similarly claim 12, Liu-Lee-Ibrahim combination teaches the method of claim 1, the system of claim 11,
Liu further teaches: further comprising: receiving the verification data for the user account during a verification process of the user account (e.g., [0048] card testing or malicious account testing as referred to herein preferably relates to a type of fraudulent activity in which a malicious actor or the like attempts to identify whether a misappropriated card account data or financial account data can be used to make an illicit transaction).
Regarding claim 4, similarly claim 14, Liu-Lee-Ibrahim combination teaches the method of claim 1, the system of claim 11,
Ibrahim further teaches: wherein the extracted diagnostic feature includes one or more of: changing a multi-factor authentication type following a verification of the user account, verifying the user account using a first device and a second device geo-located at a threshold distance away from the first device in less than a threshold period of time, or mismatching device user-agent strings or IP addresses during consecutive operations of the verification (Ibrahim, discloses system and method for email account takeover detection based on machine learning model, see [Abstract] A new approach is proposed to support account takeover (ATO) detection based on login attempts by users. And [0044] the message collection and analysis component 106 of the AI engine 104 is configured to create an IP reputation model, wherein the IP reputation model relies on a set of features extracted from the collected login attempts to determine reputations of the IP addresses of the login attempts. And [0045] the message collection and analysis component 106 is configured to collect a set of random samples of IP addresses that are known to be connected with ATO attacks that, e.g., exploit the password spraying behavior, in order to learn how to decide whether an IP address should be deemed as bad or good). Same motivation as presented in claim 1, 11 would apply.
Regarding claim 5, similarly claim 15, Liu-Lee-Ibrahim combination teaches the method of claim 1, the system of claim 11,
Ibrahim further teaches: wherein the trained machine-learning based model excludes any individually identifiable information (Ibrahim, [0043] In the example of FIG. 3, the message collection and analysis component 106 of the AI engine 104 is configured to collect data from the electronic messaging system 116 including all login attempts to accounts of users in an entity on the electronic messaging system 116. ... In some embodiments, personally identifying information (PII) portion of the collected data including names and emails of the users are suppressed (i.e., excludes) by the data anonymization component 107...). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Ibrahim in the detecting digital fraud involving malicious account testing of Liu-Lee by extracting features related to user email account with PII portion suppressed. This would have been obvious because the person having ordinary skill in the art would have been motivated to build a labeled dataset for training a machine learning model that relies on statistics of the login attempts to classify and detect fraudulent logins and to preserve user privacy (Ibrahim, [Abstract]).
Regarding claim 6, similarly claim 16, Liu-Lee-Ibrahim combination teaches the method of claim 1, the system of claim 11,
The combination of Liu-Lee further teaches: wherein the automatically determining the social engineering attack based on the extracted diagnostic feature further comprises: determining whether the user account is in a high-risk subset of user accounts, as a high-risk score; determining a feature score for the extracted diagnostic feature using the trained machine-learning based model; and determining the social engineering attack based on the determined high-risk score and the determined feature score (Liu, e.g., [0009] In one embodiment, the threat prediction comprises a threat score value, and wherein the machine learning-based method further comprises: implementing an automated decisioning workflow comprising a plurality of threat evaluation stages that each include distinct criteria for evaluating at least the threat score, wherein each of the plurality of threat evaluation stages includes a distinct threat score range that, if satisfied, automatically informs a distinct disposition for the online event; Lee, [0044] The processing pipeline performs deep analysis on the language of the input document's extracted features using a variety of reasoning algorithms which may be implemented as rules based engines, neural networks, or any other cognitive computing logic. There may be hundreds or even thousands of reasoning algorithms applied, each of which performs different analysis, e.g., comparisons, natural language analysis, lexical analysis, or the like, and generates a score. And [0053] The social engineering classification model generates a probability score for communications based on the cognitive evaluation of the extracted features that are found in the content of the newly received communications). Same motivation as presented in claim 1, 11 would apply.
Regarding claim 8, similarly claim 18, Liu-Lee-Ibrahim combination teaches the method of claim 1, the system of claim 11,
Liu further teaches: wherein the trained machine-learning based model includes one or more classification models among Support Vector Machine, K-Nearest Neighbors, Logistic Regression, Gaussian-Naive Bayes, Random Forest, Extreme Gradient Boost, and AdaBoost (e.g., [0042] The ensembles of machine learning models may employ any suitable machine learning including one or more of: supervised learning (e.g., using logistic regression, using back propagation neural networks, using random forests, decision trees, etc.) …).
Claims 7, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Liu-Lee-Ibrahim as applied above to claim 1, 11 respectively, further in view of Karpovsky et al (US20230267198A1, hereinafter, “Karpovsky”).
Regarding claim 7, similarly claim 17, Liu-Lee-Ibrahim combination teaches the method of claim 1, the system of claim 11,
The combination of Liu-Lee-Ibrahim does not specifically teach the following, in the similar field of endeavor Karpovsky teaches:
wherein the extracted diagnostic feature includes a change in a setup for multi-factor authentication in the user account (Karpovsky, discloses systems and methods for detecting anomalous behavior with respect to control plane operations such as resource access enablement operations, see [Abstract]. And [0035] It is noted that anomaly detection engine 118 may be configured to analyze certain types of control plane operations (and not all control plane operations) that are more likely to be representative of malicious behavior. Such control plane operations include, but are not limited to, access enablement operations (e.g., requests for access keys maintained by resource manager 120), creating and/or activating new (or previously-used) user accounts, service principals, groups, cloud-based subscriptions, etc., changing user or group attributes, permission settings, security settings (e.g., multi-factor authentication settings)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Karpovsky in the detecting digital fraud involving malicious account testing of Liu-Lee-Ibrahim by analyzing control plane operations to indicate malicious behavior. This would have been obvious because the person having ordinary skill in the art would have been motivated to determine that anomalous behavior with respect to control plane operations has occurred (Karpovsky, [Abstract]).
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Liu-Lee-Ibrahim as applied above to claim 1, further in view of Zawadzki et al (US20230259631A1, hereinafter, “Zawadzki”).
Regarding claim 9, Liu-Lee-Ibrahim combination teaches the method of claim 1,
The combination of Liu-Lee-Ibrahim does not specifically teach the following, in the same field of endeavor Zawadzki teaches:
further comprising: automatically suspending the user account based on the determining the social engineering attack (Zawadzki, discloses detecting synthetic user account with machine learning, see [Abstract]. And [0002] The disclosed systems can utilize the machine learning model to analyze various features associated with a user account of the digital system-such as features related to the computing device associated with the user account or features related to the user profile or behavior of the user account—to determine if the user account is synthetic. Upon determining that the user account is synthetic with at least a threshold level of precision, the disclosed systems can disable (e.g., close or suspend) the user account).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Zawadzki in the detecting digital fraud involving malicious account testing of Liu-Lee-Ibrahim by disabling user account. This would have been obvious because the person having ordinary skill in the art would have been motivated to disable user account upon determining the user account is synthetic, to protect user from fraudulent user account (Zawadzki, [Abstract], [0019]).
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Liu-Lee-Ibrahim- Zawadzki as applied above to claim 9, further in view of Varnavas et al (US20220360596A1, hereinafter, “Varnavas”).
Regarding claim 10, Liu-Lee-Ibrahim-Zawadzki combination teaches the method of claim 9,
The combination of Liu-Lee-Ibrahim-Zawadzki does not specifically teach the following, in the same field of endeavor Varnavas teaches:
further comprising: generating an alert when a maximum daily threshold of user accounts is exceeded for the automatically suspending the user account (Varnavas, discloses system and method for detecting malicious account creation in web-based platform, see [Abstract] ... analyzing each detected suspicious event with a density analysis classifier to determine if each detected suspicious event comprises a malicious event based on a density of detected suspicious events from a collections of account creation processes; and determining an alert condition based on at least one malicious event detection. And [0021] The third Level 1 classifier 24 evaluates the number of accounts created by the same IP address within a fixed period of time (e.g., one hour, one day, one week, etc.). The rationale for classifier 24 is that attackers often want to create accounts in bulk and have to reuse the same IP address in the account creation process. In one illustrative approach, classifier 25 finds the distinct IP addresses used to create accounts within a fixed period of time (e.g., a rolling window), and counts the number of accounts created by each one of them. IP addresses that created more than a threshold x number of accounts are marked as suspicious, together with the accounts that they have created).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Varnavas in the detecting digital fraud involving malicious account testing of Liu-Lee-Ibrahim-Zawadzki by generating a suspicious event if number of accounts exceeds threshold. This would have been obvious because the person having ordinary skill in the art would have been motivated to disable user account upon determining the user account is synthetic to detect malicious account creation in a web-based platform (Varnavas, [Abstract]).
Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Liu-Lee-Ibrahim as applied above to claim 11, further in view of Zawadzki et al (US20230259631A1, hereinafter, “Zawadzki”), and further in view of Varnavas et al (US20220360596A1, hereinafter, “Varnavas”).
Regarding claim 19, Liu-Lee-Ibrahim combination teaches the system of claim 11,
The combination of Liu-Lee-Ibrahim does not specifically teach the following, in the same field of endeavor Zawadzki teaches:
wherein the instructions further comprise: automatically suspending the user account based on the determining the social engineering attack (Zawadzki, discloses detecting synthetic user account with machine learning, see [Abstract]. And [0002] The disclosed systems can utilize the machine learning model to analyze various features associated with a user account of the digital system-such as features related to the computing device associated with the user account or features related to the user profile or behavior of the user account-to determine if the user account is synthetic. Upon determining that the user account is synthetic with at least a threshold level of precision, the disclosed systems can disable (e.g., close or suspend) the user account),
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Zawadzki in the detecting digital fraud involving malicious account testing of Liu-Lee-Ibrahim by disabling user account. This would have been obvious because the person having ordinary skill in the art would have been motivated to disable user account upon determining the user account is synthetic to protect user from fraudulent user account (Zawadzki, [Abstract], [0019]).
The combination of Liu-Lee-Ibrahim-Zawadzki does not specifically teach the following, in the same field of endeavor Varnavas teaches:
and generating an alert when a maximum daily threshold of user accounts is exceeded for the automatically suspending the user account (Varnavas, discloses system and method for detecting malicious account creation in web-based platform, see [Abstract]. And [0021] The third Level 1 classifier 24 evaluates the number of accounts created by the same IP address within a fixed period of time (e.g., one hour, one day, one week, etc.). The rationale for classifier 24 is that attackers often want to create accounts in bulk and have to reuse the same IP address in the account creation process. In one illustrative approach, classifier 25 finds the distinct IP addresses used to create accounts within a fixed period of time (e.g., a rolling window), and counts the number of accounts created by each one of them. IP addresses that created more than a threshold x number of accounts are marked as suspicious, together with the accounts that they have created).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Varnavas in the detecting digital fraud involving malicious account testing of Liu-Lee-Ibrahim-Zawadzki by generating a suspicious event if number of accounts exceeds threshold. This would have been obvious because the person having ordinary skill in the art would have been motivated to disable user account upon determining the user account is synthetic to detect malicious account creation in a web-based platform (Varnavas, [Abstract]).
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Lewis (US20230291761A1) discloses method of monitoring virtual desktops accessed by devices at remote locations using machine-learning models to mitigate potential cyber-attacks.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is
reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975. The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL M LEE/Primary Examiner, Art Unit 2436
Prosecution Insights