Office Action Predictor
Last updated: April 16, 2026
Application No. 18/425,498

SECURITY ALERTS ACROSS ORGANIZATIONS

Final Rejection §103
Filed
Jan 29, 2024
Examiner
TRUONG, LAWRENCE QUANG
Art Unit
2434
Tech Center
2400 — Computer Networks
Assignee
Google LLC
OA Round
2 (Final)
100%
Grant Probability
Favorable
3-4
OA Rounds
2y 1m
To Grant
99%
With Interview

Examiner Intelligence

Grants 100% — above average
100%
Career Allow Rate
12 granted / 12 resolved
+42.0% vs TC avg
Minimal +0% lift
Without
With
+0.0%
Interview Lift
resolved cases with interview
Fast prosecutor
2y 1m
Avg Prosecution
20 currently pending
Career history
32
Total Applications
across all art units

Statute-Specific Performance

§101
13.2%
-26.8% vs TC avg
§103
47.7%
+7.7% vs TC avg
§102
11.5%
-28.5% vs TC avg
§112
24.7%
-15.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 12 resolved cases

Office Action

§103
DETAILED ACTION The objection to the specification is withdrawn based on the amendments filed 10/07/2025. Claims 1-20 are rejected. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed 10/07/2025 have been fully considered but they are not persuasive. Regarding the arguments on page 2, Applicant’s representative argues Humphrey does not teach “user feedback relating to [a] first alert”, Examiner respectfully disagrees. Humphrey teaches in paragraph [0161] that analyst (e.g., user) can document their findings and add explanatory notes (e.g., user feedback) regarding digital hallmarks of the malicious actions (e.g., first alert). Regarding the arguments continuing on page 3, Applicant’s representative argues that Humphrey does not teach “causing a second alert generated with respect to the second malicious activity relating to the second set of computing devices of the second entity to be associated with first alert properties defined based on the first user feedback relating to the first alert and provided by the first user associated with the first entity”, Examiner respectfully disagrees. Humphrey teaches an inoculation package which contains digital hallmark. As discussed above, Humphrey teaches user feedback relating to [a] first alert in paragraph [0151]. Humphrey further teaches in [0161-0163] that the inoculation package may be sent to another organization, and the other organization may decide to generate an alert based networks behaviors similar to the hallmarks of the inoculation package. Therefore, Humphrey explicitly teaches the limitations above because the second entity (e.g., other organization) can generate a second alert (e.g., an alert can be generated) associated with first alert properties (e.g., shared behavioral indicators of compromised) based on user feedback related to the first alert (e.g., digital hallmarks). Similar language is also included in independent claims 12 and 20. The combination of cited references teaches all features of independent claims 1, 12, and 20, therefore, claims 1, 12, and 20 are rejected. Claims 2-11 and 13-19 are rejected by dependency. Claims 2-11 and 13-19 are also rejected in the same manner as in the non-final office action. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-2, 6, 11-13, 17, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20230012220 A1 to Humphrey et al. (Humphrey). Regarding claim 1, Humphrey teaches a method comprising: obtaining a first set of data pertaining to a first alert generated with respect to first malicious activity relating to a first set of computing devices of a first entity (Humphrey Fig. 6A and 6B [0126], e.g., Receiving the first abnormal behavior pattern comprises comparing input data monitoring the first network to at least one machine-learning model trained on a normal benign behavior of the first network using a normal behavior benchmark describing parameters corresponding to a normal pattern of activity of the first network to determine that a network behavior of the first network deviates from the normal benign behavior of the first network), the first set of data comprising: the first alert (Humphrey [0126], e.g., the first abnormal behavior pattern); first metadata for the first malicious activity associated with the first alert (Humphrey [0138], e.g., it then analyzes the network behavior deviating from the normal data to extract metadata that describes how the network behavior deviates from the normal benign behavior of the network); and first user feedback relating to the first alert and provided by a first user associated with the first entity (Humphrey [0161-0162], e.g., The analyst documents their findings and adds explanatory notes regarding the digital hallmarks of the malicious action (Block 708). Additionally, the analyst adds in any recommendations of an appropriate response that an autonomous defense system may select in the event of such an attack…………The cyber threat defense system can create an inoculation package of the digital hallmarks, suggested autonomous responses, and documentation (Block 710). The cyber threat defense system can automatically disseminate this inoculation package to any other subscriber organization as an inoculation notice); and identifying second malicious activity relating to a second set of computing devices of a second entity, the second malicious activity having second metadata (Humphrey [0139-0140], e.g., A second abnormal behavior pattern is received (Block 608). Like the first abnormal behavior pattern, the second abnormal behavior pattern represents behavior on a network deviating from a normal benign behavior of that network. The network in this case may be the same network that the first abnormal behavior relates to or a different network; [0140], e.g., , it will be appreciated that the second abnormal behavior pattern may ultimately have been created in the manner described above for the first abnormal behavior pattern); generating a first similarity score based on a comparison of the first metadata for the first malicious activity and the second metadata for the second malicious activity (Humphrey [0147], e.g., the cyber threat defense system determines, based on the determination of potentially malicious behavior, as to whether further action need be taken regarding the threat (Block 610). A human operator may make this determination, or, alternatively, an algorithm may make this determination. The determination may be based, in part, on the level of similarity between the first abnormal behavior pattern and the second abnormal behavior pattern); and responsive to the first similarity score satisfying a similarity criterion, causing a second alert generated with respect to the second malicious activity relating to the second set of computing devices of the second entity (Humphrey [0151], e.g., If the comparison indicates that the first and second abnormal behavior patterns are sufficiently similar (e.g., a determined similarity value is above a threshold value), an alert can be generated which may include a confidence score (Block 666). This may be provided to a user of the cyber threat defense system) to be associated with first alert properties (Humphrey, [0146] if the first abnormal behavior pattern (being representative of behavior currently happening or recently monitored on a network) is sufficiently similar to the second abnormal behavior pattern, it can be determined that the same party is responsible for both sets of anomalous behavior) defined based on the first user feedback relating to the first alert and provided by the first user associated with the first entity (Humphrey, Fig.7 [0161-0163], e.g., The analyst documents their findings and adds explanatory notes regarding the digital hallmarks of the malicious action (Block 708). Additionally, the analyst adds in any recommendations of an appropriate response that an autonomous defense system may select in the event of such an attack…………… The cyber threat defense system can create an inoculation package of the digital hallmarks, suggested autonomous responses, and documentation (Block 710). The cyber threat defense system can automatically disseminate this inoculation package to any other subscriber organization as an inoculation notice…………. If the attack is already inside another organization or begins to try to get a foothold in an organization, that organization can compare its network behavioral information to those detailed in the inoculation package to identify shared behavioral indicators of compromise. The affiliated subscriber organization may generate an alert on that organization's security dashboard detailing the nature of the attack, along with supporting notes (Block 712). A human analyst from that organization may then investigate and respond). Humphrey does not disclose all the above in one embodiment, however it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to combine the embodiments of Fig.6A, 6B and Fig.7 of Humphrey because, in describing the embodiment of Fig.7 in [0160], Humphrey does suggest such a combination, i.e. The analyst may then conclude that the attack is both novel and malicious (706) by comparing the first and second abnormal behavior patterns in the manner described with respect to FIGS. 6A and 6B. Regarding claim 2, most of the limitations of this claim have been noted in the rejection of claim 1. Humphrey further teaches wherein the first alert properties comprise at least one of: a severity value; a priority value; a risk value; a confidence value; or a usefulness value (Humphrey [0068], e.g., The cyber threat module can generate a threat risk parameter listing a set of values describing aspects of the breach state. The cyber threat module can populate the threat risk parameter with a confidence score, a severity score, and a consequence score). Regarding claim 6, most of the limitations of this claim have been noted in the rejection of claim 1. Humphrey further teaches wherein the first entity is part of a first entity group and the second entity is part of the first entity group (Humphrey [0089], e.g., FIG. 3 illustrates an example cyber threat defense system protecting an example network; [0090], e.g., The LAN 6 of the first computer system 10 is connected to the Internet 20, which in turn provides computers 1, 2, 3 with access to a multitude of other computing devices including server 30 and second computer system 40. Second computer system 40 also includes two computers 41, 42, connected by a second LAN 43). Regarding claim 11, most of the limitations of this claim have been noted in the rejection of claim 1. Humphrey further teaches identifying third malicious activity relating to a third set of computing devices of a third entity, the third malicious activity having third metadata (Humphrey [0139-0140], e.g., A second abnormal behavior pattern is received (Block 608). Like the first abnormal behavior pattern, the second abnormal behavior pattern represents behavior on a network deviating from a normal benign behavior of that network. The network in this case may be the same network that the first abnormal behavior relates to or a different network; [0140], e.g., , it will be appreciated that the second abnormal behavior pattern may ultimately have been created in the manner described above for the first abnormal behavior pattern); generating a second similarity score based on a comparison of the first metadata for the first malicious activity and the third metadata for the third malicious activity (Humphrey [0147], e.g., the cyber threat defense system determines, based on the determination of potentially malicious behavior, as to whether further action need be taken regarding the threat (Block 610). A human operator may make this determination, or, alternatively, an algorithm may make this determination. The determination may be based, in part, on the level of similarity between the first abnormal behavior pattern and the second abnormal behavior pattern); and responsive to the second similarity score satisfying the similarity criterion, causing a third alert generated with respect to the third malicious activity relating to the third set of computing devices of the third entity to be associated with second alert properties (Humphrey [0151], e.g., If the comparison indicates that the first and second abnormal behavior patterns are sufficiently similar (e.g., a determined similarity value is above a threshold value), an alert can be generated which may include a confidence score (Block 666). This may be provided to a user of the cyber threat defense system) defined based on the first user feedback relating to the first alert and provided by the first user associated with the first entity and with third alert properties defined based on the third malicious activity (Humphrey, Fig.7, [0161-0163], e.g., The analyst documents their findings and adds explanatory notes regarding the digital hallmarks of the malicious action (Block 708). Additionally, the analyst adds in any recommendations of an appropriate response that an autonomous defense system may select in the event of such an attack…………… The cyber threat defense system can create an inoculation package of the digital hallmarks, suggested autonomous responses, and documentation (Block 710). The cyber threat defense system can automatically disseminate this inoculation package to any other subscriber organization as an inoculation notice…………. If the attack is already inside another organization or begins to try to get a foothold in an organization, that organization can compare its network behavioral information to those detailed in the inoculation package to identify shared behavioral indicators of compromise. The affiliated subscriber organization may generate an alert on that organization's security dashboard detailing the nature of the attack, along with supporting notes (Block 712). A human analyst from that organization may then investigate and respond; Note that claim 11 is similar to the second portion of claim 1, with respect to the third malicious activity). The motivation to combine is the same as that of claim 1. Regarding claim 12, Humphrey teaches a system comprising: a memory device; and a processing device coupled to the memory device, the processing device to perform operations (Humphrey [0091], e.g., In this exemplary embodiment of the invention, computer 1 on the first computer system 10 has the threat detection system and therefore runs the threat detection method for detecting threats to the first computer system. As such, it comprises a processor arranged to run the steps of the process described herein, memory required to store information related to the running of the process, as well as a network interface for collecting the required information). The rest of claim 12 recites a system of the method of claim 1, and is similarly analyzed. Regarding claim 13, the claim recites a system of the method of claim 2, and is similarly analyzed. Regarding claim 17, the claim recites a system of the method of claim 6, and is similarly analyzed. Regarding claim 20, the claim recites a non-transitory computer-readable storage medium of the method of claim 1, and is similarly analyzed. Claim(s) 3-4, 14-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Humphrey in view of US 20250202927 to Petit et al. (Petit). Regarding claim 3, most of the limitations of this claim have been noted in the rejection of claim 1. Humphrey further teaches wherein: the first alert is associated with second alert properties (Humphrey [0151], e.g., If the comparison indicates that the first and second abnormal behavior patterns are sufficiently similar (e.g., a determined similarity value is above a threshold value), an alert can be generated which may include a confidence score (Block 666). This may be provided to a user of the cyber threat defense system); the first user feedback relating to the first alert and provided by the first user associated with the first entity comprises [positive] feedback (Humphrey [0161-0162], e.g., The analyst documents their findings and adds explanatory notes regarding the digital hallmarks of the malicious action (Block 708). Additionally, the analyst adds in any recommendations of an appropriate response that an autonomous defense system may select in the event of such an attack…………The cyber threat defense system can create an inoculation package of the digital hallmarks, suggested autonomous responses, and documentation (Block 710). The cyber threat defense system can automatically disseminate this inoculation package to any other subscriber organization as an inoculation notice). Humphrey does not explicitly teach, but Petit teaches providing positive feedback (Petit [0074], e.g., While not illustrated, it may be appreciated that the end-user may indicate that ‘Scenario B’ was useful in closing the investigation) and at least a first property of the first alert properties has a higher value than at least a second property of the second alert properties ([0074], e.g., the risk model engine 106 may increase a weight associated with ‘Scenario B’ or otherwise recalibrate the weightings of the scenario definitions to relatively increase ‘Scenario B.’). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of Humphrey with the teachings of Petit with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit continuously update the data pipeline described herein based on feedback from end-users performing investigations into alerts (Petit [0045], e.g., The system may therefore continuously update the data pipeline described herein based on feedback from end-users performing investigations into alerts. Over time the alerts which are generated may be substantially more accurate than alerts generated by prior techniques. Additionally, the user interfaces described herein may allow for a seamless transition between (1) investigating an alert, (2) closing an alert and providing feedback information, and (3) updating of scenarios to more closely align with the accurate surfacing of events). Regarding claim 4, most of the limitations of this claim have been noted in the rejection of claim 1. Humphrey further teaches wherein: the first alert is associated with second alert properties (Humphrey [0151], e.g., If the comparison indicates that the first and second abnormal behavior patterns are sufficiently similar (e.g., a determined similarity value is above a threshold value), an alert can be generated which may include a confidence score (Block 666). This may be provided to a user of the cyber threat defense system); the first user feedback relating to the first alert and provided by the first user associated with the first entity comprises [negative] feedback (Humphrey [0161-0162], e.g., The analyst documents their findings and adds explanatory notes regarding the digital hallmarks of the malicious action (Block 708). Additionally, the analyst adds in any recommendations of an appropriate response that an autonomous defense system may select in the event of such an attack…………The cyber threat defense system can create an inoculation package of the digital hallmarks, suggested autonomous responses, and documentation (Block 710). The cyber threat defense system can automatically disseminate this inoculation package to any other subscriber organization as an inoculation notice). Humphrey does not explicitly teach, but Petit teaches providing negative feedback (Petit [0074], e.g., In the illustrated example, the end-user has indicated that ‘Scenario B’ was not useful in closing the investigation); and at least a first property of the first alert properties has a lower value than at least a second property of the second alert properties (Petit [0074], e.g., This information may be used to reduce an extent to which an occurrence of ‘Scenario B’ impacts a resulting risk score or likelihood). The motivation to combine is the same as that of claim 3. Regarding claim 14, the claim recites a system of the method of claim 3, and is similarly analyzed. Regarding claim 15, the claim recites a system of the method of claim 4, and is similarly analyzed. Claim(s) 5, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Humphrey in view of US 20170171231 A1 to Reybok et al. (Reybok). Regarding claim 5, most of the limitations of this claim have been noted in the rejection of claim 1. Humphrey does not explicitly teach, but Reybok teaches obtaining second user feedback relating to the second alert and provided by a second user associated with the second entity (Reybok [0070], e.g., if networks NET1 402a and NET2 402b have already reported data including the depicted threats 409, 410, and 411 to the central service 403); identifying third malicious activity relating to a third set of computing devices of a third entity (Reybok [0070], e.g., network NETn 402c subsequently experiences its depicted events 411; [0068], e.g., NETn 402c might experience yet another set of security events including Threat A 409 and Threat C), the third malicious activity having third metadata (Reybok [0068], e.g., NETn 402c might experience yet another set of security events including Threat A 409 and Threat C; this data represents a risk to its networks); generating a second similarity score based on a comparison of the first metadata for the first malicious activity, the second metadata for the second malicious activity, and the third metadata for the third malicious activity (Reybok [0070], e.g., the hub 403 can formulate its own threat score (e.g., for Threat A 409) based on correlation of data reported by networks NET1 402a and NETn 402c and, if it determines that a threshold has been met for this score, it can query network NET2 402b and ask it to perform local searching for indicators associated with this threat, and responsively update its score based on the results); and responsive to the second similarity score satisfying the similarity criterion (Reybok [0070], e.g., if it determines that a threshold has been met for this score, it can query network NET2 402b and ask it to perform local searching for indicators associated with this threat), causing a third alert generated with respect to the third malicious activity relating to the third set of computing devices of the third entity to be associated with second alert properties defined based on a combination of the first user feedback relating to the first alert and provided by the first user associated with the first entity and the second user feedback relating to the second alert and provided by the second user associated with the second entity (Reybok [0070], e.g., NETn 402c might want to be notified of the common threat (Threat C 411) to network NET2 402b, or alternatively, it might want to be notified if both networks NET1 402a and NET2 402b experience the same security event (e.g., Threat B 410); Examiner’s note: NETn makes a decision based on feedback from NET1 and NET2). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of Humphrey with the teachings of Reybok with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of timely obtaining updated information regarding fast evolving network security threats (Reybok [0030], e.g., Systems and methods described herein may address the problem of the persistent need for timely updated information regarding fast evolving network security threats that are endemic in a wide area network (e.g., the Internet). Network threat information is received from many different client networks and aggregated by a central hub. For example, information about a new threat may be correlated with a group of similar client networks that are serviced by the hub). Regarding claim 16, the claim recites a system of the method of claim 5, and is similarly analyzed. Claim(s) 7-9, 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Humphrey in view of US 20230019837 A1 to Jennings et al. (Jennings). Regarding claim 7, most of the limitations of this claim have been noted in the rejection of claim 1. Humphrey further teaches wherein generating the first similarity score comprises: applying a machine learning model to the first metadata for the first malicious activity to obtain a first encoding (Humphrey [0125-0126], e.g., The first abnormal behavior pattern represents behavior on a first network deviating from a normal benign behavior of that network. The abnormal behavior pattern is an encoding of metadata……… Receiving the first abnormal behavior pattern comprises comparing input data monitoring the first network to at least one machine-learning model trained on a normal benign behavior of the first network using a normal behavior benchmark describing parameters corresponding to a normal pattern of activity of the first network to determine that a network behavior of the first network deviates from the normal benign behavior of the first network (Block 602)); applying the machine learning model to the second metadata for the second malicious activity to obtain a second encoding (Humphrey [0139], e.g., A second abnormal behavior pattern is received (Block 608). Like the first abnormal behavior pattern, the second abnormal behavior pattern represents behavior on a network deviating from a normal benign behavior of that network. The network in this case may be the same network that the first abnormal behavior relates to or a different network); [and computing a distance between the first encoding and the second encoding, the distance representing the first similarity score]. Humphrey does not explicitly teach, but Jennings teaches computing a distance between the first encoding and the second encoding, the distance representing the first similarity score (Jennings [0057], e.g., In an embodiment, and without limitation, string distance may be calculated as a function of a name matching algorithm, wherein name matching algorithm includes any of the name matching algorithm as described in FIG. 1. In another embodiment, and without limitation, name matching algorithm may include a distance algorithm, wherein the distance algorithm is extended to as many dimensions). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of Humphrey with the teachings of Jennings with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of improving matching (Jennings [0036], e.g., Additionally, name matching algorithm may average different algorithms as well as dividing by total character count to compute a percentage can also improve matching). Regarding claim 8, most of the limitations of this claim have been noted in the rejection of claim 1. Humphrey does not explicitly teach, but Jennings teaches wherein generating the first similarity score comprises: calculating a first distance between a first data of the first metadata for the first malicious activity and a second data of the second metadata for the second malicious activity (Jennings [0057], e.g., In an embodiment, and without limitation, string distance may be calculated as a function of a name matching algorithm, wherein name matching algorithm includes any of the name matching algorithm as described in FIG. 1. In another embodiment, and without limitation, name matching algorithm may include a distance algorithm, wherein the distance algorithm is extended to as many dimensions… ); calculating a second distance between a third data of the first metadata for the first malicious activity and a fourth data of the second metadata for the second malicious activity (Jennings [0057], e.g., a distance algorithm, wherein the distance algorithm is extended to as many dimensions); and combining the first distance and the second distance to obtain a third distance, the third distance representing the first similarity score (Jennings [0057], e.g., In an embodiment, and without limitation, string distance may be determined as a function of combining the distance of two parameters to determine a combined distance for comparing two software components). The motivation to combine is the same as that of claim 7. Regarding claim 9, most of the limitations of this claim have been noted in the rejection of claim 8. Humphrey does not explicitly teach, but Jennings teaches wherein the combining the first distance and the second distance comprises at least one of: calculating a sum of the first distance and the second distance; calculating a max value of the first distance and the second distance; calculating an average of the first distance and the second distance; or calculating a linear combination of the first distance and the second distance (Jennings [0041], e.g., vector similarity may alternatively or additionally be determined using averages of similarities between like attributes). The motivation to combine is the same as that of claim 8. Regarding claim 18, the claim recites a system of the method of claim 7, and is similarly analyzed. Regarding claim 19, the claim recites a system of the method of claim 8, and is similarly analyzed. Claim(s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Humphrey in view of US 20240422175 A1 to Liburdi et al. (Liburdi). Regarding claim 10, most of the limitations of this claim have been noted in the rejection of claim 1. Humphrey does not explicitly teach, but Liburdi teaches wherein causing the second alert generated with respect to the second malicious activity relating to the second set of computing devices of the second entity to be associated with first alert properties defined based on the first user feedback relating to the first alert and provided by the first user associated with the first entity results in the second alert being suppressed (Liburdi [0013], e.g., For example, where another past alert with the same or similar name was previously seen by a user and suppressed, the alert management system may suppress the new alert). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of Humphrey with the teachings of Liburdi with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of reducing computational processing and memory use, while also improving the efficiency of the system (Liburdi [0013], e.g., As such, the service provider may provide automated processes for suppression and deduplication of alerts, which can improve the functionality and efficiency of computer systems tasked with handling alerts by reducing computational processing and memory use). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US Patent Number 10,728,262 B1 to Vaswani et al. discloses using contextual data with an entity’s potential malicious activity, including user feedback, to determine a risk score. If the risk score exceeds a threshold, then one or more alerts may be generated. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to LAWRENCE Q TRUONG whose telephone number is (571)272-6973. The examiner can normally be reached Monday - Friday, 7:30 am - 5 pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /LAWRENCE Q TRUONG/Examiner, Art Unit 2434 /TESHOME HAILU/Primary Examiner, Art Unit 2434
Read full office action

Prosecution Timeline

Jan 29, 2024
Application Filed
Jul 09, 2025
Non-Final Rejection — §103
Oct 07, 2025
Response Filed
Dec 23, 2025
Final Rejection — §103
Feb 09, 2026
Interview Requested
Feb 19, 2026
Applicant Interview (Telephonic)
Feb 19, 2026
Examiner Interview Summary
Mar 30, 2026
Request for Continued Examination
Apr 07, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12591375
DATA STORAGE DEVICE AND METHOD OF ACCESS IN CONFIDENTIAL MODE AND NORMAL MODE
2y 5m to grant Granted Mar 31, 2026
Patent 12585751
MULTI-MODAL GESTURE SEQUENCE PASSCODE UNLOCKING APPARATUS FOR A HEAD-MOUNTED DISPLAY
2y 5m to grant Granted Mar 24, 2026
Patent 12566721
SYSTEM SEMICONDUCTOR WITH MULTI PROJECT CHIP FOR PROTECTING INTELLECTUAL PROPERTY RIGHT OF THE SYSTEM SEMICONDUCTOR AND THE METHOD THEREOF
2y 5m to grant Granted Mar 03, 2026
Patent 12554818
SYSTEM, SERVER APPARATUS, AUTHENTICATION METHOD, AND STORAGE MEDIUM
2y 5m to grant Granted Feb 17, 2026
Patent 12548393
SYSTEM, GATE DEVICE, CONTROL METHOD FOR GATE DEVICE, AND STORAGE MEDIUM
2y 5m to grant Granted Feb 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
100%
Grant Probability
99%
With Interview (+0.0%)
2y 1m
Median Time to Grant
Moderate
PTA Risk
Based on 12 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month