Prosecution Insights
Last updated: July 17, 2026
Application No. 18/434,624

Dynamic signature selection systems and methods

Non-Final OA §102§103
Filed
Feb 06, 2024
Examiner
TRAN, NAM T
Art Unit
2455
Tech Center
2400 — Computer Networks
Assignee
SOPHOS Limited
OA Round
2 (Non-Final)
77%
Grant Probability
Favorable
2-3
OA Rounds
10m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 77% — above average
77%
Career Allowance Rate
482 granted / 628 resolved
+18.8% vs TC avg
Strong +27% interview lift
Without
With
+26.7%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
21 currently pending
Career history
650
Total Applications
across all art units

Statute-Specific Performance

§101
8.3%
-31.7% vs TC avg
§103
75.2%
+35.2% vs TC avg
§102
9.6%
-30.4% vs TC avg
§112
4.0%
-36.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 628 resolved cases

Office Action

§102 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claim(s) 1, 3-6, 10, 12-15, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja et al. (U.S. Patent Application Publication No. 2018/0212998, hereinafter “Ahuja”) in view of Fitzgerald (U.S. Patent Application Publication No. 2008/0027946, hereinafter “Fitzgerald”). Claims 1 and 19: Ahuja discloses a method for detecting threats using threat signatures loaded in a computing device, the method comprising: receiving a first plurality of threat signatures at a computing device on a first network location (§ 0112, Lines 1-8; A security threat library and a computer security threat signature library that generally includes a comprehensive, or global, set of computer security threat definitions and corresponding threat signatures); storing the first plurality of threat signatures in memory of the computing device (§ 0152, Lines 1-4; Computer system 1300 further includes one or more read only memories (ROM) 1308 or other static storage devices coupled to bus 1302 for storing static information and instructions for processor 1304); monitoring, using the computing device, network activity by executing at least one of: a telemetry module to determine if a signature of the first plurality of threat signatures has been triggered on the first network location, a network profiler module to inspect data from a request-response transaction occurring on the first network location (§ 0088, Lines 1-3 and 7-9; A security orchestrator includes various probes used to collect profile information for a computing device. A general probe 826 (e.g., used to collect other types of device profile information based on monitoring network traffic sent and received by a VNIC 808)), and a machine learning module to extract data associated with the network activity regarding a product, vendor, or application; referencing a policy associated with the first network location, wherein the policy indicates a preference for efficacy or a preference for performance (§ 0099, Lines 8-13; A threat detection policy 918 might instead instruct a security application to monitor network traffic passively and to generate alerts when threats are detected, rather than automatically denying the traffic); creating a customized signature set by selecting a second plurality of threat signatures from the first plurality of threat signatures based on the referenced policy and output from at least one or more of the telemetry module, the network profiler module, or the machine learning module (§ 0104, Lines 2-8 and 11-12; A signature generator 1002 generates, based on an initial threat library 1010 and signature library 1012, an optimized set of protocol signatures 1004, content signatures 1006, or both. The signature generator 1002 generates the optimized set of protocol signatures 1004 and content signatures 1006 using data collected from probes 1022, 1024, and 1026, and further based on one or more security policies 1008 to be applied to the computing device); loading the customized signature set into memory of the computing device (§ 0108, Lines 5-8; DPI, DLP, and other security-related services can use the optimized threat signature libraries to detect potential instances of viruses, spam, network intrusion attempts, protocol non-compliance, etc.) (§ 0151, Lines 1-5; Computer system 1300 also includes a main memory 1306, such as a random access memory (RAM) or other dynamic or volatile storage device, coupled to bus 1302 for storing information and instructions to be executed by processor 1304); and scanning network activity using the customized signature set (See citation for the previous limitation). Ahuja does not appear to disclose: storing the first plurality of threat signatures in read only memory (ROM) of the computing device; and loading the customized signature set into random access memory (RAM) of the computing device. Fitzgerald discloses it is well known that the speed of access to read-only memory (ROM) is much slower than that of random access memory (RAM); this is one reason why most personal computers copy the contents of ROM into RAM and remap memory accesses to the fast RAM instead of to the slow ROM to improve performance (§ 0014, Lines 1-7). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Ahuja’s system by loading his optimized signature set into RAM and storing the comprehensive signature set into ROM, which leverages the concepts disclosed by Fitzgerland, in order to improve performance (Fitzgerald, § 0014, Lines 3-7). Regarding the “computer program product” of claim 19, Ahuja discloses that storage media refers to any non-transitory media that store data and/or instructions that cause a machine to operate in a specific action (§ 0156, Lines 1-3). Claim 3: Ahuja in view of Fitzgerald discloses the method as recited in claim 1, further comprising: executing a service to gather telemetry data associated with at least a second network location (Ahuja, § 0081, Lines 6-10; A security orchestrator system generates an optimized threat signature library containing a subset of an initial comprehensive, or global, threat signature library based at least in part on attributes of one or more computing devices inferring that attributes of multiple computing devices is taken into account); and creating an optimized signature set by selecting a third plurality of threat signatures from the second plurality of threat signatures based on the gathered telemetry data associated with at least the second network location (Ahuja, § 0107, Lines 4-12; For example, starting with a global set of security signatures, the security orchestrator might remove signatures determined to be irrelevant to a profiled computing device. The security orchestrator can further add threat signatures to the optimized set which are relevant to one or more security policies to be applied to the computing device). The embodiment of Ahuja and Fitzgerald does not appear to disclose the service is cloud-based. However, Ahuja disclose that certain server components may be implemented in full or in part using cloud-based components that are coupled to the systems by one or more networks, such as the Internet (§ 0163, Lines 1-4). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Ahuja and Fitzgerald’s security orchestrator system to be cloud-based, as taught in another embodiment of Ahuja, in order to reap the benefits of the cloud computing model such as reduced upfront capital cost, scalability, and broad network access. Claim 4: Ahuja in view of Fitzgerald further discloses: loading the optimized signature set of the third plurality of signatures into RAM of the computing device (Ahuja, § 0107, Lines 4-12; For example, starting with a global set of security signatures, the security orchestrator might remove signatures determined to be irrelevant to a profiled computing device. The security orchestrator can further add threat signatures to the optimized set which are relevant to one or more security policies to be applied to the computing device) (Ahuja, § 0151, Lines 1-5; Computer system 1300 also includes a main memory 1306, such as a random access memory (RAM) or other dynamic or volatile storage device, coupled to bus 1302 for storing information and instructions to be executed by processor 1304) (Fitzgerald, § 0014, Lines 3-7); and scanning network activity using the optimized signature set of the third plurality of signatures based on the policy associated with the first network location (Ahuja, § 0108, Lines 5-8; DPI, DLP, and other security-related services can use the optimized threat signature libraries to detect potential instances of viruses, spam, network intrusion attempts, protocol non-compliance, etc.). Claim 5: Ahuja in view of Fitzgerland further discloses the network profiler module is configured to parse a payload associated with network activity (Ahuja, § 0086, Lines 4-6; Some characteristics of a computing device 702 can be examined by analyzing network traffic 720 sent or received by the computing device 702) to identify at least one of a protocol used on the first network location (Ahuja, § 0093, Lines 9-11; A protocol classifier can be used to identify types of protocols used in the network traffic identified by the traffic classifier 832), a vendor used on the first network location, a port used on the first network location (Ahuja, § 0091, Lines 3-4; A port scan of a computing device 802 might identify open ports), or an operating system used on the first network location. Claim 6: Ahuja in view of Fitzgerland further discloses wherein the network profiler module is configured to identify at least one of a product, vendor, or protocol used on the first network location by inspecting a banner in a request-response transaction on the first network location (Ahuja, § 0093, Lines 9-14; A protocol classifier can be used to identify types of protocols used in the network traffic identified by the traffic classifier 832 (e.g., to determine that the HyperText Transfer Protocol (HTTP) protocol is used in the network traffic, how much of the network traffic is used by certain protocols, whether network traffic encrypted, etc.)). Claim 10: Ahuja discloses a method for detecting threats using threat signatures loaded in a computing device, the method comprising: receiving a first plurality of threat signatures at a computing device on a first network location (§ 0112, Lines 1-8; A security threat library and a computer security threat signature library that generally includes a comprehensive, or global, set of computer security threat definitions and corresponding threat signatures); storing the first plurality of threat signatures in memory of the computing device (§ 0151, Lines 1-5; Computer system 1300 also includes a main memory 1306, such as a random access memory (RAM) or other dynamic or volatile storage device, coupled to bus 1302 for storing information and instructions to be executed by processor 1304); monitoring, using the computing device, network activity by executing at least one of: a telemetry module to determine if a signature of the first plurality of threat signatures has been triggered on the first network location; a network profiler module to inspect data from a request-response transaction occurring on the first network location (§ 0088, Lines 1-3 and 7-9; A security orchestrator includes various probes used to collect profile information for a computing device. A general probe 826 (e.g., used to collect other types of device profile information based on monitoring network traffic sent and received by a VNIC 808)), and a machine learning module to extract data associated with the network activity regarding a product, vendor, or application; referencing a policy associated with the first network location, wherein the policy indicates a preference for efficacy or a preference for performance (§ 0099, Lines 8-13; A threat detection policy 918 might instead instruct a security application to monitor network traffic passively and to generate alerts when threats are detected, rather than automatically denying the traffic); transferring from the memory of the computing device a set of non-relevant signatures to other memory of the computing device (§ 0107, Lines 1-9; Based on the profile information collected for one or more computing devices, the security orchestrator optimizes the size of a security threat signature library used to provide security services. For example, starting with a global set of security signatures, the security orchestrator might remove signatures determined to be irrelevant to a profiled computing device (e.g., because the signatures relate to applications, network protocols, or other components not applicable to the computing device)) (§ 0152, Lines 1-4; Computer system 1300 further includes one or more read only memories (ROM) 1308 or other static storage devices coupled to bus 1302 for storing static information and instructions for processor 1304); retaining a customized signature set of a second plurality of threat signatures from the first plurality of threat signatures based on the referenced policy and output from at least one or more of the telemetry module, the network profiler module, or the machine learning module (See citation above. Removing irrelevant signatures infers retaining relevant signatures) (§ 0104, Lines 2-8 and 11-12; A signature generator 1002 generates, based on an initial threat library 1010 and signature library 1012, an optimized set of protocol signatures 1004, content signatures 1006, or both. The signature generator 1002 generates the optimized set of protocol signatures 1004 and content signatures 1006 using data collected from probes 1022, 1024, and 1026, and further based on one or more security policies 1008 to be applied to the computing device); and scanning network activity accessible by the computing device using the customized signature set (§ 0108, Lines 5-8; DPI, DLP, and other security-related services can use the optimized threat signature libraries to detect potential instances of viruses, spam, network intrusion attempts, protocol non-compliance, etc.). Ahuja does not appear to disclose: storing the first plurality of threat signatures in random access memory (RAM) of the computing device; and transferring from the RAM of the computing device a set of non-relevant signatures to read only memory (ROM) of the computing device. Fitzgerald discloses it is well known that the speed of access to read-only memory (ROM) is much slower than that of random access memory (RAM); this is one reason why most personal computers copy the contents of ROM into RAM and remap memory accesses to the fast RAM instead of to the slow ROM to improve performance (§ 0014, Lines 1-7; The corollary applies as well (i.e., copying the contents of RAM into ROM to save on RAM usage and increase performance)). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Ahuja’s system by storing the comprehensive signature set into RAM and transferring from RAM to ROM any irrelevant signatures, which leverages the concepts disclosed by Fitzgerland, in order to improve performance (Fitzgerald, § 0014, Lines 3-7). Claim 12: Ahuja in view of Fitzgerald discloses the method as recited in claim 10, further comprising: executing a service to gather telemetry data associated with at least a second network location (Ahuja, § 0081, Lines 6-10; A security orchestrator system generates an optimized threat signature library containing a subset of an initial comprehensive, or global, threat signature library based at least in part on attributes of one or more computing devices inferring that attributes of multiple computing devices is taken into account); and creating an optimized signature set by selecting a third plurality of threat signatures from the second plurality of threat signatures based on the gathered telemetry data associated with at least the second network location (Ahuja, § 0107, Lines 4-12; For example, starting with a global set of security signatures, the security orchestrator might remove signatures determined to be irrelevant to a profiled computing device. The security orchestrator can further add threat signatures to the optimized set which are relevant to one or more security policies to be applied to the computing device). The embodiment of Ahuja and Fitzgerald does not appear to disclose the service is cloud-based. However, Ahuja discloses that certain server components may be implemented in full or in part using cloud-based components that are coupled to the systems by one or more networks, such as the Internet (§ 0163, Lines 1-4). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Ahuja and Fitzgerald’s security orchestrator system to be cloud-based, as taught in another embodiment of Ahuja, in order to reap the benefits of the cloud computing model such as reduced upfront capital cost, scalability, and broad network access. Claim 13: Ahuja in view of Fitzgerald further discloses: retaining the optimized signature set of the third plurality of signatures in RAM of the computing device (Ahuja, § 0107, Lines 4-12; For example, starting with a global set of security signatures, the security orchestrator might remove signatures determined to be irrelevant to a profiled computing device. The security orchestrator can further add threat signatures to the optimized set which are relevant to one or more security policies to be applied to the computing device) (Ahuja, § 0151, Lines 1-5; Computer system 1300 also includes a main memory 1306, such as a random access memory (RAM) or other dynamic or volatile storage device, coupled to bus 1302 for storing information and instructions to be executed by processor 1304) (Fitzgerald, § 0014, Lines 3-7); and scanning network activity using the optimized signature set of the third plurality of signatures based on the policy associated with the first network location (Ahuja, § 0108, Lines 5-8; DPI, DLP, and other security-related services can use the optimized threat signature libraries to detect potential instances of viruses, spam, network intrusion attempts, protocol non-compliance, etc.). Claim 14: Ahuja in view of Fitzgerland further discloses wherein the network profiler module is configured to parse a payload associated with network activity (Ahuja, § 0086, Lines 4-6; Some characteristics of a computing device 702 can be examined by analyzing network traffic 720 sent or received by the computing device 702) to identify at least one of a protocol used on the first network location (Ahuja, § 0093, Lines 9-11; A protocol classifier can be used to identify types of protocols used in the network traffic identified by the traffic classifier 832), a vendor used on the first network location, a port used on the first network location (Ahuja, § 0091, Lines 3-4; A port scan of a computing device 802 might identify open ports), or an operating system used on the first network location. Claim 15: Ahuja in view of Fitzgerland further discloses wherein the network profiler module is configured to identify at least one of a product, a vendor, or a protocol used on the first network location by inspecting a banner in a request-response transaction on the first network location (Ahuja, § 0093, Lines 9-14; A protocol classifier can be used to identify types of protocols used in the network traffic identified by the traffic classifier 832 (e.g., to determine that the HyperText Transfer Protocol (HTTP) protocol is used in the network traffic, how much of the network traffic is used by certain protocols, whether network traffic encrypted, etc.)). Claim(s) 7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja et al. (U.S. Patent Application Publication No. 2018/0212998, hereinafter “Ahuja”) in view of Fitzgerald (U.S. Patent Application Publication No. 2008/0027946, hereinafter “Fitzgerald”); further in view of Gassoway (U.S. Patent Application Publication No. 2005/0235164, hereinafter “Gassoway”). Claim 7: Claim 7 is analyzed with respect to claim 1. Claim 7 is directed to iterating, at a predetermined time interval, the same steps as in claim 1. Ahuja in view of Fitzgerald discloses the method as recited in claim 1 wherein optimized signature libraries can be further optimized over time, for example, in response to computing environment changes, security policy changes, or both (Ahuja, § 0121, Lines 4-10). Ahuja in view of Fitzgerald does not appear to disclose updating optimized signature libraries at a predetermined time interval. Gassoway discloses periodically updating a signature file (§ 0029, Lines 4-5). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Ahuja and Fitzgerald’s updating of optimized signature libraries by performing the update periodically, as taught by Gassoway, in order to protect against the most up to date attacks (Gassoway, § 0029, Lines 5-6). Claim 16: Claim 16 is analyzed with respect to claim 10. Claim 17 is directed to iterating, at a predetermined time interval, the same steps as in claim 10. Ahuja in view of Fitzgerald discloses the method as recited in claim 10 wherein optimized signature libraries can be further optimized over time, for example, in response to computing environment changes, security policy changes, or both (Ahuja, § 0121, Lines 4-10). Ahuja in view of Fitzgerald does not appear to disclose updating optimized signature libraries at a predetermined time interval. Gassoway discloses periodically updating a signature file (§ 0029, Lines 4-5). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Ahuja and Fitzgerald’s updating of optimized signature libraries by performing the update periodically, as taught by Gassoway, in order to protect against the most up to date attacks (Gassoway, § 0029, Lines 5-6). Claim(s) 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja et al. (U.S. Patent Application Publication No. 2018/0212998, hereinafter “Ahuja”) in view of Fitzgerald (U.S. Patent Application Publication No. 2008/0027946, hereinafter “Fitzgerald”); further in view of Saklikar et al. (U.S. Patent No. 8904531, hereinafter “Saklikar”). Claim 8: Ahuja in view of Fitzgerald discloses the method as recited in claim 1. Ahuja in view of Fitzgerald does not appear to disclose executing an interface to receive a Security Information and Event Management (SIEM) log corresponding to network activity. Saklikar discloses executing an interface to receive a Security Information and Event Management (SIEM) log corresponding to network activity (Abstract, Lines 1-3; Techniques are provided for detecting the source of an APT-based leaked document by iteratively or recursively evaluating a set of network security logs (e.g., SIEM logs)). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Ahuja and Fitzgerald’s probes by evaluating SIEM logs, as taught by Saklikar, in order to enable real-time analysis of security alerts. Claim 17: Ahuja in view of Fitzgerald discloses the method as recited in claim 10. Ahuja in view of Fitzgerald does not appear to disclose executing an interface to receive a Security Information and Event Management (SIEM) log corresponding to network activity. Saklikar discloses executing an interface to receive a Security Information and Event Management (SIEM) log corresponding to network activity (Abstract, Lines 1-3; Techniques are provided for detecting the source of an APT-based leaked document by iteratively or recursively evaluating a set of network security logs (e.g., SIEM logs)). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Ahuja and Fitzgerald’s probes by evaluating SIEM logs, as taught by Saklikar, in order to enable real-time analysis of security alerts. Claim(s) 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja et al. (U.S. Patent Application Publication No. 2018/0212998, hereinafter “Ahuja”) in view of Fitzgerald (U.S. Patent Application Publication No. 2008/0027946, hereinafter “Fitzgerald”); further in view of Subramanya et al. (U.S. Patent Application Publication No. 2023/0319070, hereinafter “Subramanya”). Claim 9: Ahuja in view of Fitzgerald discloses the method as recited in claim 1. Ahuja in view of Fitzgerald does not appear to disclose wherein the second plurality of signatures are selected based on signature age and Common Vulnerability Scoring System (CVSS) score. Subramanya discloses wherein the second plurality of signatures are selected (§ 0041, Lines 6-9; Systems and methods herein may use the scores to select for a computing device the most appropriate signatures for scanning network activity) based on signature age (§ 0119, Lines 1-4; The CVE Year module 516 may determine the year in which a CVE associated with a signature was released. The CVE Year module 516 may assign higher scores to more recent CVEs as they are likely more critical) and Common Vulnerability Scoring System (CVSS) score (§ 0042, Lines 1-8; Metadata attributes associated with a signature may include a Common Vulnerability Scoring System score, vulnerability type, whether the vulnerability or threat is exploited in the wild, whether a published exploit is available for the threat, the year in which the “CVE” code was released, telemetry statistics, TALOS category, vendor, whether the threat is an emerging threat or a zero-day threat, or some combination thereof). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Ahuja and Fitzgerald’s the creation of optimized threat signature libraries by integrating the use of Subramanya’s metadata attributes to score signatures to select for a computing device the most appropriate signatures for scanning network activity (Subramanya, § 0041, Lines 7-9). Claim 18: Ahuja in view of Fitzgerald discloses the method as recited in claim 10. Ahuja in view of Fitzgerald does not appear to disclose wherein the second plurality of signatures are selected based on signature age and Common Vulnerability Scoring System (CVSS) score. Subramanya discloses wherein the second plurality of signatures are selected (§ 0041, Lines 6-9; Systems and methods herein may use the scores to select for a computing device the most appropriate signatures for scanning network activity) based on signature age (§ 0119, Lines 1-4; The CVE Year module 516 may determine the year in which a CVE associated with a signature was released. The CVE Year module 516 may assign higher scores to more recent CVEs as they are likely more critical) and Common Vulnerability Scoring System (CVSS) score (§ 0042, Lines 1-8; Metadata attributes associated with a signature may include a Common Vulnerability Scoring System score, vulnerability type, whether the vulnerability or threat is exploited in the wild, whether a published exploit is available for the threat, the year in which the “CVE” code was released, telemetry statistics, TALOS category, vendor, whether the threat is an emerging threat or a zero-day threat, or some combination thereof). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Ahuja and Fitzgerald’s the creation of optimized threat signature libraries by integrating the use of Subramanya’s metadata attributes to score signatures to select for a computing device the most appropriate signatures for scanning network activity (Subramanya, § 0041, Lines 7-9). Response to Arguments Applicant’s arguments, see pages 1-3, filed 02/25/2026, with respect to the rejection(s) of claim(s) 1-2, 5-6, 10-11, 14-15, and 19-20 under 35 USC 102 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Ahuja and Fitzgerald. Accordingly, this action is being made non-final. Applicant's arguments filed 02/25/2026 have been fully considered but they are not persuasive. Applicant argues on pages 3-4 regarding claims 1-20 that Ahuja does not teach or suggest referencing a policy database to obtain a policy associated with the first network location, wherein the policy indicates a preference for efficacy or a preference for performance and that the customized signature set is based on the referenced policy. The examiner disagrees. Ahuja, in §§ 0095-0099 discloses various security policies that can be applied to one or more computing devices. Further, in § 0104, Ahuja discloses that the signature generator 1002 generates the optimized set of protocol signatures 1004 and content signatures 1006 using data collected from probes 1022, 1024, and 1026 and further based on one or more security policies 1008 to be applied to the computing device. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to NAM T TRAN whose telephone number is (408)918-7553. The examiner can normally be reached Monday-Friday 7AM-3PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached at 571-272-3865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NAM T TRAN/Primary Examiner, Art Unit 2455
Read full office action

Prosecution Timeline

Show 2 earlier events
Jan 14, 2026
Interview Requested
Jan 29, 2026
Applicant Interview (Telephonic)
Jan 29, 2026
Examiner Interview Summary
Feb 25, 2026
Response Filed
May 18, 2026
Non-Final Rejection mailed — §102, §103
Jul 08, 2026
Interview Requested
Jul 16, 2026
Applicant Interview (Telephonic)
Jul 16, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683876
CONVERSATIONAL NETWORK ASSURANCE USING LARGE LANGUAGE MODELS
3y 1m to grant Granted Jul 14, 2026
Patent 12676829
MACHINE LEARNING-BASED DNS REQUEST STRING REPRESENTATION WITH HASH REPLACEMENT
2y 10m to grant Granted Jul 07, 2026
Patent 12676731
DATA HASHING IN COMPUTING SYSTEMS
2y 7m to grant Granted Jul 07, 2026
Patent 12641135
CONNECTING ENHANCED CONFERENCE ROOMS WITH PERSISTENT HYBRID VIRTUAL COLLABORATIVE WORKSPACES
4y 0m to grant Granted May 26, 2026
Patent 12634299
THREAT PREDICTION IN A STREAMING SYSTEM
2y 11m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

2-3
Expected OA Rounds
77%
Grant Probability
99%
With Interview (+26.7%)
3y 4m (~10m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 628 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month