Prosecution Insights
Last updated: July 17, 2026
Application No. 18/393,774

IMPERSONATION ATTACK DETECTION AND PREVENTION SYSTEM

Final Rejection §103
Filed
Dec 22, 2023
Examiner
HABTEGEORGIS, MATTHIAS
Art Unit
2491
Tech Center
2400 — Computer Networks
Assignee
Kyndryl Inc.
OA Round
4 (Final)
78%
Grant Probability
Favorable
5-6
OA Rounds
5m
Est. Remaining
96%
With Interview

Examiner Intelligence

Grants 78% — above average
78%
Career Allowance Rate
86 granted / 111 resolved
+19.5% vs TC avg
Strong +18% interview lift
Without
With
+18.3%
Interview Lift
resolved cases with interview
Typical timeline
3y 0m
Avg Prosecution
17 currently pending
Career history
138
Total Applications
across all art units

Statute-Specific Performance

§101
1.3%
-38.7% vs TC avg
§103
93.0%
+53.0% vs TC avg
§102
1.5%
-38.5% vs TC avg
§112
3.0%
-37.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 111 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments, see Remarks filed on 02/27/2026, with respect to the rejection of claims 1, 8 and 15 under 35 U.S.C. 103 have been considered. However, the arguments are considered moot because of the new ground of rejection being issued with the finding of new prior art, Eidelman, US 2010/0268834. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 8 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over US-PGPUB No. 2025/0158830 A1 to Buchanan et al. (hereinafter “Buchanan”), US-PGPUB No. 2016/0105482 A1 to Bradley et al (hereinafter “Bradley”), US-PGPUB No. 2014/0250538 A1 to Rapaport et al. (hereinafter “Rapaport”), and further in view of US-PGPUB No. 2010/0268834 A1 to Eidelman et al. (hereinafter “Eidelman”) Regarding claim 1: Buchanan discloses: A computer-implemented method (see the method of Fig. 4) comprising: receiving a communication from a user of a communication environment (¶33: “… the administrator device 112 may be configured to communicate with one or more systems … to receive transmissions from other user devices, … the administrator device 112 may be configured to display … impersonation review interfaces, ...”); generating a similarity score using metadata of the communication from the user environment and a digital persona associated with the user in the communication environment (Buchanan, ¶02: “… generate, based on inputting the information of the transmission into an authentication enforcement engine, a similarity score for the first user device. The similarity score may indicate a similarity between the information of the transmission and the profile for the first user device.”), […] determining that the communication is a potential impersonation attack threat by determining that the similarity score is below a threshold value (¶58: “… the authentication enforcement platform 102 may compare the similarity score to a threshold score in order to identify a likelihood that the transmission is attempting to impersonate an authorized user. … identify transmissions with similarity scores less than 75% as failing to satisfy the threshold score.”); and performing a security action to protect the communication environment from the potential impersonation attack threat (¶66: “Based on identifying that the similarity score does not satisfy the second threshold score, the authentication enforcement platform 102 may identify that manual review is unnecessary to identify whether the transmission is associated with an impersonation attempt. Accordingly, the authentication enforcement platform 102 may proceed to step 229 and initiate one or more security actions.”). However, Buchanan does not explicitly teach the following limitation taught by Bradley: receiving captured data associated with the user (Bradley, ¶45-48: “… metadata is embedded in the screen capture image and transmitted to a different user, such as the user of computing device 102. … in step 501, computing device 102 receives the screen capture image.”), wherein the captured data comprises navigation habit data and navigation metadata associated with the user (Bradley, ¶40: “… the resource navigation metadata captures the usage history and navigation patterns of the user …”), It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Buchanan to incorporate the functionality of the method to receive screen capture data which comprises resource navigation metadata which includes usage history and navigation patterns of a user , as disclosed by Bradley, such modification would enable the system to create a more relevant and efficient online environment by analyzing a user's past actions and patterns. The combination of Buchanan and Bradley does not explicitly teach the following limitation taught by Rapaport: wherein the navigation metadata comprises operating system information, installed addons, or installed plugins as attributes of a digital persona associated with the user in the communication environment (Rapaport, ¶35-36: “… the Service Machine may collect from the end-users device and browser attributes, commonly known as "device fingerprints." … These attributes may include, … the browser type, operation system type, screen resolution, available fonts, Javascript version and build, installed plugins, such as Flash and others and their versions, browser add-ons such as Adobe Acrobat, Skype and so on, time offset between the client's clock and the server clock, flash version, HTTP headers, TCP/IP stack, use of proxies, IP range and geo-location and others.”), It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan and Bradley to incorporate the functionality of the service machine to collect from end-users device and browser attributes (device fingerprints), as disclosed by Rapaport, such modification would enable the system to identify users who try to avoid tagging by deletion of cookies and cache, and restore their histories. The combination of Buchanan, Bradley and Rapaport does not explicitly disclose the following limitation taught by Eidelman: wherein the navigation habit data comprises that the user utilizes a first browser for a first action type and a second browser for a second action type, the first and second action types being different (Eidelman, ¶122: “a specific web browser can be specified with the default Profile1, so that Profile1 always uses the INTERNET EXPLORER web browser to emulate the web browsing traffic. In the case of instant messaging, the emulation could be done with … YAHOO messenger, ...”); It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley and Rapaport to incorporate the functionality of the method to implement IE web browser to emulate web browsing traffic, and implement a different browser, YAHOO messenger, to emulate instant messaging, and include such behavior in a behavior profile, as disclosed by Eidelman, such modification would enable the system to realistically cover a class of users with certain behavior patterns of activities. Regarding claim 8: Buchanan discloses: A system (see the system of Fig. 1B) comprising: a memory (see Fig. 1B, Memory 114) having computer readable instructions (¶28: “Memory 114 may include one or more program modules having instructions …”); and one or more processors (see Fig. 1B, Processors 113) for executing the computer readable instructions, the computer readable instructions controlling the one or more processors to perform operations (¶28: “Memory 114 may include one or more program modules having instructions that, when executed by processor 113, cause authentication enforcement platform 102 to perform one or more functions …”) comprising: In addition to the above limitations, claim 8 recites substantially the same limitations as claim 1 in the form of a system implementing the corresponding functionality. Therefore, it is rejected by the same rationale. Regarding claim 15: Buchanan discloses: A computer program product (¶28: “authentication enforcement platform 102”) comprising a computer readable storage medium (¶28: “authentication enforcement platform 102 may include one or more processors 113, memory 114,”) having program instructions embodied therewith (¶28: “Memory 114 may include one or more program modules having instructions”), the program instructions executable by one or more processors to cause the one or more processors to perform operations (¶28: “Memory 114 may include one or more program modules having instructions that, when executed by processor 113, cause authentication enforcement platform 102 to perform one or more functions …”) comprising: In addition to the above limitations, claim 15 recites substantially the same limitations as claim 1 in the form of a computer program product for storing program instructions to perform the corresponding operations. Therefore, it is rejected by the same rationale. Claims 2, 9 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Buchanan, Bradley, Rapaport, Eidelman, US-PGPUB No. 2014/0018033 A1 to Luna et al. (hereinafter “Luna”), US-PGPUB No. 2014/0278909 A1 to Potter et al. (hereinafter “Potter”), US-PGPUB No. 2014/0189016 A1 to Goldsmith et al. (hereinafter “Goldsmith”), US-PGPUB No. 2017/0286845 A1 to Gifford et al. (hereinafter “Gifford”), and further in view of US-PGPUB No. 20180343314 A1 to Lal et al. (hereinafter “Lal”) Regarding claim 2: The combination of Buchanan, Bradley, Rapaport and Eidelman discloses the computer-implemented method of claim 1, but does not explicitly disclose the following limitation taught by Luna: further comprising: receiving usage habit data associated with the user (Luna, ¶137: “… portable device … a desktop device …”, see also Fig. 1A-2, “Application/Application type”) as the captured data (Luna, ¶137: “… detect that a user typically accesses his/her work email account between the hours of 7-9 am on the portable device and uses a desktop device to access the emails between 9 am-3 pm.”), wherein the navigation habit data comprises a manner through which the user connects to email (Luna, ¶137: “… the user behavior profiling engine 403 can detect that a user typically accesses his/her work email account between the hours of 7-9 am on the portable device and uses a desktop device to access the emails between 9 am-3 pm.”), It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley, Rapaport and Eidelman to incorporate the functionality of the user-based content delivery optimization engine and its components in the local proxy to detect, track, identify, and/or profile various aspects of user behavior with respect to mobile usage or mobile usage sessions, as disclosed by Luna, such modification would enable the system to provide enhanced user experience, and improved security by tracking and analyzing the user’s habits. The combination of Buchanan, Bradley, Rapaport, Eidelman and Luna does not explicitly teach the following limitation taught by Potter: wherein options for the manner are selected from a mobile application, a desktop application, a webmail, or a browser (Potter, ¶28: “the recipient may view the message on a client computer 102 via, for example, a webmail, desktop, or mobile email client.”); It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley, Rapaport, Eidelman and Luna to incorporate the functionality of the method provide a recipient of a message with webmail, desktop or mobile client options to view the message, as disclosed by Potter, such modification would enable the system to provide the user to use different applications for different locations, and at different times , enabling the system to detect unusual activities outside of the expected time and locations. The combination of Buchanan, Bradley, Rapaport, Eidelman, Luna and Potter does not explicitly teach the following limitation taught by Goldsmith: generating a fixed value and confidence score for an attribute of the digital persona (Goldsmith, ¶26: “… the system may analyze such records and determine that on 95% of days, no communications come from user Joe between 3:00 p.m. and 3:50 p.m. on Wednesdays,”, Note: “between 3:00 p.m. and 3:50 p.m. on Wednesdays,” is a fixed value and “95” is a confidence score) […] It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley, Rapaport, Eidelman, Luna and Potter to incorporate the functionality of the method to analyze communications records to determine when communications take place, the type of communication, the modality, and other characteristics, as disclosed by Goldsmith, such modification would enable the system to identify deviations from normal behavior, such as unusual login times, accessing unfamiliar resources, or inconsistent communication styles, that can indicate potential impersonation. The combination of Buchanan, Bradley, Rapaport, Eidelman, Luna, Potter and Goldsmith does not explicitly disclose the following limitation taught by Gifford: […] by applying a K-means clustering algorithm to the captured data (Gifford, ¶40: “The system may cluster locations by a clustering approach such as a K-means technique … a location may be labeled as “work” if a threshold time % (high time %) is spent during the hours of 8 am-8 pm weekdays in that location,”); It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley, Rapaport, Eidelman, Luna, Potter and Goldsmith to incorporate the functionality of the method to use a K-means clustering technique for labeling locations based on a location and time signature, as disclosed by Gifford, such modification offers benefits such as discovering patterns in locations with similar temporal behavior, simplifying complex data into interpretable groups, and facilitating further analysis like labeling or prediction. The combination of Buchanan, Bradley, Rapaport, Eidelman, Luna, Potter, Goldsmith and Gifford does not explicitly disclose the following limitation taught by Lal: and updating the attribute of the digital persona using the fixed value and the confidence score (Lal, ¶38: “The updated confidence level may indicate that there is an 85% likelihood that a customer spends X % more than average in the dining category between 6:00 AM and 10:00 AM when the customer is located more than 100 miles from home.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley, Rapaport, Eidelman, Luna, Potter, Goldsmith and Gifford to incorporate the functionality of the method to automatically adapt an existing hypothesis until a confidence level satisfies a pre-determined threshold which comprises updating the confidence level based on updated set of factors, as disclosed by Lal, such modification would enable the system to identify habits of a particular user based on updated confidence levels. Regarding claim 9: Claim 9 substantially recites the same limitation as claim 2 in the form of a system implementing the corresponding functionality. Therefore, it is rejected by the same rationale. Regarding claim 16: Claim 16 substantially recites the same limitation as claim 2 in the form of a computer program product for storing program instructions to perform the corresponding operations. Therefore, it is rejected by the same rationale. Claims 3, 10 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Buchanan, Bradley, Rapaport, Eidelman, US-PGPUB No. 2024/0152635 A1 to Praszczalek et al. (hereinafter “Praszczalek”), and further in view of US-PGPUB No. 2018/0012003 A1 to Asulin et al. (hereinafter “Asulin”) Regarding claim 3: The combination of Buchanan, Bradley, Rapaport and Eidelman discloses the computer-implemented method of claim 1, but does not explicitly disclose the following limitation taught by Praszczalek: wherein generating the similarity score further comprises: identifying matches by comparing the metadata of the communication to the attributes of the digital persona (Praszczalek, ¶49: “upon comparison of relevant data elements from the open service customer 106, the service (via the system 100) may discover that, for example, only three, two, one or none of the data elements match between the two (or more) accounts.”) It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley, Rapaport and Eidelman to incorporate the functionality of the method to include identifying data collected from a user making a request, such as a name, address, phone number, email, device data (e.g., IP address, ESN, etc.), etc., or any other data either obtained from the user/fraudster, the user's account, and/or the session information, in the request to the open service provider, as disclosed by Praszczalek, such modification would enable the system to provide data security in connection with a user’s communication with a service provider whereby fraudulent, unauthorized connections and/or traffic may be reduced, limited or eliminated with a computed confidence. The combination of Buchanan, Bradley, Rapaport, Eidelman and Praszczalek does not explicitly disclose the following limitation taught by Asulin: and determining that a confidence score of an identified attribute is above a minimum threshold (Asulin, ¶46: “… the pointing device motions are monitored and compared with the models to compute the … confidence score[s] that the user is operating the pointing device. When the … confidence score[s] is above a confidence threshold, a security threat may be issued, …”); and calculating the similarity score by using a number of matches identified between the metadata of the communication and the attributes of the digital persona (Asulin, ¶88: “… model features may be extracted … and compared to the pattern and path models to determine the similarity and/or confidence scores.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley, Rapaport, Eidelman and Praszczalek to incorporate the functionality of the method to compute the similarity and/or confidence scores that the user is operating the pointing device by comparing the device’s motions to a known model, as disclosed by Asulin, such modification would enable the system to identify a security threat, and issue an alert or take appropriate action when the similarity score is below a similarity threshold and/or confidence scores is above a confidence threshold. Regarding claim 10: Claim 10 substantially recites the same limitations as claim 3 in the form of a system implementing the corresponding functionality. Therefore, it is rejected by the same rationale. Regarding claim 17: Claim 17 substantially recites the same limitation as claim 3 in the form of a computer program product for storing program instructions to perform the corresponding operations. Therefore, it is rejected by the same rationale. Claims 4, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Buchanan, Bradley, Rapaport, Eidelman, and further in view of US-PGPUB No. 2015/0030032 A1 to Sinn Regarding claim 4: The combination of Buchanan, Bradley, Rapaport and Eidelman discloses the computer-implemented method of claim 1, but does not explicitly disclose the following limitation taught by Sinn: wherein the security action comprises transmitting the communication to a tool to scan the contents of the communication (Sinn, ¶50-51: “the Routing Manager 336 can create forwarding entries for one or more of the Communication Manager modules 320, 322, 324, 326 that direct how network traffic is routed by the Communication Manager. … traffic … suspected of being used for spamming … can be routed through network filters and scanners …”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley and Rapaport to incorporate the functionality of the method to route a network suspected of being used for spamming through scanners, as disclosed by Sinn, such modification would enable the system to identify spammers and reduce spam. Regarding claim 11: Claim 11 substantially recites the same limitations as claim 4 in the form of a system implementing the corresponding functionality. Therefore, it is rejected by the same rationale. Regarding claim 18: Claim 18 substantially recites the same limitation as claim 4 in the form of a computer program product for storing program instructions to perform the corresponding operations. Therefore, it is rejected by the same rationale. Claims 5, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Buchanan, Bradley, Rapaport, Eidelman, and further in view of US-PGPUB No. 2011/0296519 A1 Ide et al. (hereinafter “Ide”) Regarding claim 5: The combination of Buchanan, Bradley, Rapaport and Eidelman discloses the computer-implemented method of claim 1, but does not explicitly disclose the following limitation taught by Ide: wherein the security action comprises transmitting the communication to a quarantine tool for further review (Ide, ¶64: “… forward all communications associated with the session to the quarantine module 540. … the communication(s) can be released from the quarantine module 540 based upon … an administrator 520 analysis of the communication(s).”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley and Rapaport to incorporate the functionality of the firewall processing module to send/forward all communications associated with a session which policy dictates should be quarantined to the quarantine module, as disclosed by Ide, such modification would enable the system to quarantine communications while additional information is collected which might enable identification of reputation and/or classification of the communication. Regarding claim 12: Claim 12 substantially recites the same limitations as claim 5 in the form of a system implementing the corresponding functionality. Therefore, it is rejected by the same rationale. Regarding claim 19: Claim 19 substantially recites the same limitation as claim 5 in the form of a computer program product for storing program instructions to perform the corresponding operations. Therefore, it is rejected by the same rationale. Claims 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Buchanan, Bradley, Rapaport, Eidelman, and further in view of US-PGPUB No. 2024/0370873 A1 Simons et al. (hereinafter “Simons”) Regarding claim 6: The combination of Buchanan, Bradley, Rapaport and Eidelman discloses the computer-implemented method of claim 1, but does not explicitly disclose the following limitation taught by Simons: wherein the security action comprises transmitting the communication to an identified recipient by the communication (Simons, ¶43: “… the remediation action comprises generating a notification for transmission to account management system 106 …”), wherein the communication is displayed with a warning and a request for further action by the identified recipient (Simons, ¶43: “… indicate (e.g., in a user interface, in a message, in an e-mail, etc.) that a particular account … is potentially being impersonated and/or should be reviewed.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley, Rapaport and Eidelman to incorporate the functionality of the method to transmit a notification to an account management system for each account that is potentially being impersonated, as disclosed by Simons, such modification would enable the system to deactivate or suspend an account (e.g., automatically or with a user input) based on its corresponding measure of similarity, to prevent further usage of the account. Regarding claim 13: Claim 13 substantially recites the same limitations as claim 6 in the form of a system implementing the corresponding functionality. Therefore, it is rejected by the same rationale. Regarding claim 20: Claim 20 substantially recites the same limitation as claim 6 in the form of a computer program product for storing program instructions to perform the corresponding operations. Therefore, it is rejected by the same rationale. Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Buchanan, Bradley, Rapaport, Eidelman, Simons, US-PGPUB No. 2023/0022070 A1 to Zaloum et al. (hereinafter “Zaloum”), and further in view of US-PGPUB No. 2018/0196942 A1 Kashyap et al. (hereinafter “Kashyap”) Regarding claim 7: The combination of Buchanan, Bradley, Rapaport and Eidelman discloses the computer-implemented method of claim 1, but does not explicitly disclose the following limitation taught by Simons: further comprising: in response to performing the security action, updating the digital persona (Simons, ¶73-74: “… for at least one account identified as a fraudulent account candidate, the database is queried for additional information associated therewith. … based on the additional information, a ranking is assigned to the at least one account, the ranking indicative of a severity of a fraudulent usage prediction.”) […] wherein: the digital persona comprises a score indicating a likelihood of being used in an impersonation attack in the communication environment (Simons, ¶75: “where the measure of similarity indicates little to no overlap between a provider's fingerprint and current behavior … a determination may be made that the account is likely being impersonated and a high severity ranking may be assigned.”); It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley, Rapaport and Eidelman to incorporate the functionality of the method to modify user behavior ranking for an identified fraudulent user, as disclosed by Simons, such modification would enable the system to determine the severity of a fraudulent user or user account to monitor and take appropriate action in the user’s future activity. The combination of Buchanan, Bradley, Rapaport, Eidelman and Simons does not explicitly teach the following limitation taught by Zaloum: updating the digital persona comprises modifying the score based on a number of the impersonation attacks associated with the user and a frequency of potential impersonation attack threats associated with the user (Zaloum, ¶83: “if the system detects that less than 50 possible-attack notifications are generated per day, then the system may automatically modify or adjust … threshold values … in order to increase the number or the frequency of possible-attack notifications that the system generates.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley, Rapaport, Eidelman and Simons to incorporate the functionality of the method to modify the method to modify threshold values based on the number and frequency of possible-attack notifications, as disclosed by Simons, such modification would enable the system to update the probability of attack based on the frequency and number of attacks. The combination of Buchanan, Bradley, Rapaport, Eidelman, Simons and Zaloum does not explicitly teach the following limitation taught by Kashyap: […] using a q-learning algorithm (Kashyap, ¶06: “in response to the identification of the source of the malicious activity, remediation can be initiated at the corresponding node to prevent further damage to the node … the remediation utilizes … Q-learning,”), It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Buchanan, Bradley, Rapaport, Eidelman, Simons and Zaloum to incorporate the functionality of the method to utilize Q-learning to initiate remediation in response to identification of a malicious activity, as disclosed by Kashyap, such modification would enable the system to learn and adapt to complex and changing environments, and enables automated responses to malicious traffic without requiring manual intervention. Regarding claim 14: Claim 14 substantially recites the same limitations as claim 7 in the form of a system implementing the corresponding functionality. Therefore, it is rejected by the same rationale. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHIAS HABTEGEORGIS whose telephone number is (571)272-1916. The examiner can normally be reached M-F 8am-5pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William R. Korzuch can be reached at (571)272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /M.H./Examiner, Art Unit 2491 /DANIEL B POTRATZ/Primary Examiner, Art Unit 2491
Read full office action

Prosecution Timeline

Show 12 earlier events
Nov 23, 2025
Response after Non-Final Action
Dec 02, 2025
Non-Final Rejection mailed — §103
Feb 17, 2026
Interview Requested
Feb 24, 2026
Applicant Interview (Telephonic)
Feb 27, 2026
Response Filed
Mar 07, 2026
Examiner Interview Summary
May 22, 2026
Final Rejection mailed — §103
Jul 08, 2026
Interview Requested

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12671714
LIMITING THE ABILITY OF RANSOMWARE TO SPREAD WITHIN A DATA CENTER
3y 2m to grant Granted Jun 30, 2026
Patent 12671700
METHOD FOR TRACING PATH OF ATTACK ON SMART CONTRACT ON BLOCKCHAIN
2y 9m to grant Granted Jun 30, 2026
Patent 12659297
APPARATUS AND METHOD FOR INTRUSION DETECTION AND PREVENTION OF CYBER THREAT INTELLIGENCE
2y 8m to grant Granted Jun 16, 2026
Patent 12652296
SYSTEM, METHOD, AND COMPUTER PROGRAM FOR APPLICATION PROGRAMMING INTERFACE (API) SECURITY
2y 1m to grant Granted Jun 09, 2026
Patent 12621263
IMAGE FORMING APPARATUS CAPABLE OF NOTIFYING USER OF ERROR CAUSED DUE TO ZT MODE, METHOD OF CONTROLLING IMAGE FORMING APPARATUS, AND STORAGE MEDIUM
4y 0m to grant Granted May 05, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
78%
Grant Probability
96%
With Interview (+18.3%)
3y 0m (~5m remaining)
Median Time to Grant
High
PTA Risk
Based on 111 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month