MACHINE LEARNING-BASED CONTENT DISARM AND RECONSTRUCTION WITH WEB BROWSER PREFETCHING

DETAILED ACTION This action is in response to amendments filed 11/24/2025. Claims 1, 2, 5-9, 11, 13-15, 17 and 19-26 are pending with claims 1, 2, 8, 9, 11, 14, 15, 17 and 19 having been amended and claims 21-26 newly added. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 6-9, 13-15 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Xuewen et al (US 8,505,094) in view of Jain et al (US 12,301,587) in view of Zhu et al (US 2012/0158626). With respect to claim 1 Xuewen teaches a method for removing potentially malicious code from a first web page prior to rendering the first web page, the method comprising: prefetching first source code for the first web page (see Xuewen figure 5 step 510 and column 5 lines 30-45 i.e. In step 510 any suitable HTML code is retrieved for analysis. For example, FIG. 6 shows suitable HTML code. This HTML code may be obtained via a backend Internet security system, such as those that routinely monitor Internet requests from computer users of an enterprise at a remote central location. Once the backend system analyzes the HTML code for malicious links and makes a decision, it may then inform the user of the enterprise regarding the nature of the links found in the HTML code. Or, the HTML code may be obtained directly from monitoring software operating on the user's computer. In this situation, the present invention is executing in a suitable software module directly upon the user's computer and can easily intercept HTML code that a user has downloaded from the World Wide Web using an Internet browser. This HTML code is typically a single page of code); identifying one or more hyperlinks to one or more second web pages in the first source code (see figure 5 step 520 and column 5 lines 46-67 i.e Next, in step 520, a link scanner software module 320 makes a pass over the retrieved HTML code and analyzes it for information and features that will be later input to the various detectors 330-360. The link scanner will analyze the HTML for frames or scripts because it is often the frames or scripts that include malicious URLs. All embedded links within the HTML are retrieved, especially those within frames or scripts. In addition, a variety of other information is extracted such as: the position of the frame or script in the HTML code; whether or not the frame or script is visible; the height, width and size of the frame; previous elements and post elements such as TD, DIV, TITLE, and so on. A typical "previous element" of an injected malicious script is "TD tag" in HTML, because most SQL injections will taint the data at the database (which is shown in the Table/TD at HTML). Other information includes the IP address and host name of the Web site where the HTML page can be found, whether a particular URL has any dynamic parameters, other attributes of a frame such as its border, and attributes of a script such as its language. This extracted information may be stored in memory, or may be simply noted and flagged in the HTML code for further analysis by the detectors 330-360); prefetching second source code for the one or more second web pages (see Xuewen figure 5 step 520 and column 6 lines 1-11 i.e. If the HTML code includes ten URLs, for example, all this information may be sent to the detectors at once. Preferably, though, each URL is processed serially, and then once one URL has been processed and the decision engine makes a decision, the information regarding the next URL is input. Extracted information for a particular URL link (perhaps embedded within a frame or script) is then input to each of the detectors 330-360 in parallel or serially. After processing this link information, the decision engine 380 then renders a decision regarding this particular link before beginning processing the next link retrieved from the HTML code); generating one or more first feature vectors of the first source code and one or more second feature vectors of the second source code, wherein the one or more first feature vectors and the one or more second feature vectors correspond to potentially malicious subsets of source code (see Xuewen figure 5 steps 530-570 and column 6 lines 33-63 i.e. Here is an example of how to determine a layout vector based upon the extracted information that is input to the layout relevancy detector. Consider that the following information extracted from the HTML code will be input to the layout detector: whether or not the frame is invisible; whether the frame or script is in the header or in the tail; if the HTML tag is obfuscated; if the element is unique; if the element has a new line; if the previous element is TD; if the previous element is the same; if the next element is the same; if the next element is special; if the link has quality attributes (for example, the language of a script or the border of a frame), etc. This extracted information lends itself to identifiable features such as: invisible; in_header; in_tail; htmltag_is_obfascated; element_is_unique; element_end_with_newline; previous_element_is_TD; previous_element_is_DIV; previous_element_is_same; next_element_is_same; next_element_is_special; has_quality_attributes; etc. The layout vector may then be determined by assigning binary values to these identified features. For example, consider that particular HTML code has a frame in its tail such as: <if RaMe height=0 width=0 src="http://222.ebuy.com/index.html"/>. The output vector will then be assigned the following values for these features: invisible 0; inheader 0; intail 1; htmltag_is_obfascated 1; element_is_unique 0; element_end_with_newline 0; previous_element_is_TD 0; previous_element_is_DIV 0; previous_element_is_same 0; next_element_is_same 0; next_element_is_special 0; and has_quality_attributes 0. Finally, the output vector may then be simply written using the binary values thus: [10 1 1 0 0 0 0 0 0 0 0) and column 7 line 42 – column8 line 11 i.e. Here is an example of how to determine a referring vector based upon the extracted information that is input to the referring relevancy detector. Consider that the following information extracted from the HTML code and the page rank database will be input to the layout detector: if the parent URL is in the top one thousand by rank; if the parent URL is in the top ten thousand; if the parent URL is in the top one hundred thousand; if the child URL is in the top one thousand; if the child URL is in the top ten thousand; if the child URL is in the top one hundred thousand; if both the parent and child URLs are ranked; if both are unranked; if only the parent is ranked; if only the child is ranked; if the child URL is an IP address; if the child URL is obfuscated; if the child URL is dynamic; whether or not the child URL has any special extensions (for example, a script URL points to a JPEG file). This extracted information lends itself to identifiable features such as: parent_in_top.sub.--1K; parent_in_top.sub.--10K; parent_in_top.sub.--100K; child_in_top.sub.--1K; child_in_top.sub.--10k; child_in_top.sub.--100k; both_ranked; both_unranked; only_parent_ranked; only_child_ranked; child_is_IPAddress; child_is_obfuscated; child_is_dynamic; child_has_special_extension, etc. The referring vector may then be determined by assigning binary values to these identified features. For example, consider that particular HTML code (which comes from "https://www.ebay.com/items/purchase.php") has a frame in its tail such as: <if RaMe height=0 width=0 src="http://%32%32%32%2Eebuy.comfindexjpg"/>. The output vector will then be assigned the following values for these features: parent_in_top.sub.--1K 1; parent_in_top.sub.--10K 0; parent_in_top.sub.--100K 0; child_in_top.sub.--1K 0; child_in_top.sub.--10k 0; child_in_top.sub.--100k 0; both_ranked 0; both_unranked 0; only_parent_ranked 1; only_child_ranked 0; child_is_IPAddress 0; child_is_obfuscated 1; child_is_dynamic 0; child_has_special_extension 1. Finally, the output vector may then be simply written using the binary values thus: [1 0 0 0 0 0 0 0 1 0 0 1 0 1]); inputting the one or more first feature vectors and one or more second feature vectors into one or more classifiers to obtain verdicts of the one or more first feature vectors and the one or more second feature vectors as output (see Xuewen figure 5 steps 580, column 6 lines 25-33 i.e. The layout relevancy detector analyzes this information, groups the information by features, and then assigns each feature a true or false value. A true or false value is represented by a "1" or a "0," respectively (or vice versa). Once all of these true and false values represented by their binary values have been ordered into a vector, this layout vector is then output in step 580 from the detector and passed on to the decision engine 380 and column 7 lines 34-41 i.e. The referring relevancy detector analyzes this information, groups the information by features, and then assigns each feature a true or false value. A true or false value is represented by a "1" or a "0," respectively (or vice versa). Once all of these true and false values represented by their binary values have been ordered into a vector, this referring vector is then output in step 580 from the detector and passed on to the decision engine 380); and removing a subset of the first source code to obtain third source code, wherein the subset of the first source code corresponds to at least one of a subset of the one or more first feature vectors and a subset of the one or more second feature vectors having malicious verdicts output by at least a subset of the one or more classifiers (see Xuewen figure 5 step 599 and column 9 lines 17-26 i.e. Any score greater than 0.9 results in a conclusion that the embedded URL is malicious in step 599. If so, then a warning message may be output to the computer user indicating that a particular URL found in a Web page is likely to be malicious. If a URL is found to be malicious then by default the URL may not be visited) and reconstructing the third source code (see Xuewen figure 5 step 599 and column 9 lines 17-26 i.e. Any score greater than 0.9 results in a conclusion that the embedded URL is malicious in step 599. If so, then a warning message may be output to the computer user indicating that a particular URL found in a Web page is likely to be malicious. If a URL is found to be malicious then by default the URL may not be visited). Xuewen does not teach wherein reconstructing the third source code comprises reconstructing the third source code with indications of attack types corresponding to the malicious verdicts output by the at least subset of the one or more classifiers and indications of at least one of removal of hyperlinks corresponding to at least a subset of the one or more second web pages and removal of the subset of the first source code from the third source code. Jain teaches wherein reconstructing the third source code comprises reconstructing the third source code indications of at least one of removal of hyperlinks corresponding to at least a subset of the one or more second web pages and removal of the subset of the first source code from the third source code ( see Jain column 10 lines 6-43 i.e. In some embodiments, the identified QR code may be replaced with a modified version of the identified QR on the rendered web page to discourage the user from scanning the identified QR code at step 450. This may be done, for example, by rendering the QR code with an indication that the QR code is a security risk and preventing the QR code from being scannable). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xuewen in view of Jain to have remove the QR code link and replaced the QR code link with a rendering of the QR code with an indication that the QR code is a security risk and preventing the QR code from being scannable as a way to protect the used form visiting maliciose link behind the QR code (see Jain column 2 lines 14-31). Therefore one would have been motivated to have remove the QR code link and replaced the QR code link with an unscannable QR code. Xuewen in view of Jain does not teach indications of attack types corresponding to the malicious verdicts output by the at least subset of the one or more classifiers Zhu teaches including indications of attack types corresponding to the malicious verdicts output by the at least subset of the one or more classifiers (see Zhu paragraph 0005 i.e. using one or more classification models to detect a malicious URL and categorize the malicious URL as one of a phishing URL, a spamming URL, a malware URL, or a multi-type attack URL). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xuewen in view of Jain in further view of Zhu to help protect web users, web browsers, search engines, and the like. In response to receiving an unknown URL, the techniques determine whether the unknown URL is a malicious URL and may warn a web user of the category (e.g., type) of the malicious URL (see Zhu paragraph 0006). Therefore one would have been motivated to have included an indications of the malicious URL as one of a phishing URL, a spamming URL, a malware URL, or a multi-type attack URL. With respect to claim 2 Xuewen, Jain and Zhu teach the method of claim 1, wherein the one or more first feature vectors and the one or more second feature vectors comprise feature vectors of at least one of Hypertext Markup Language (HTML) code, JavaScript code, Cascading Style Sheets (CSS) code, and one or more Hypertext Transfer Protocol (HTTP) responses from prefetching the first source code and prefetching the second source code (see Xuewen figure 5 steps 530-570 and column 6 lines 33-63 i.e. Here is an example of how to determine a layout vector based upon the extracted information that is input to the layout relevancy detector. Consider that the following information extracted from the HTML code will be input to the layout detector: whether or not the frame is invisible; whether the frame or script is in the header or in the tail; if the HTML tag is obfuscated; if the element is unique; if the element has a new line; if the previous element is TD; if the previous element is the same; if the next element is the same; if the next element is special; if the link has quality attributes (for example, the language of a script or the border of a frame), etc. This extracted information lends itself to identifiable features such as: invisible; in_header; in_tail; htmltag_is_obfascated; element_is_unique; element_end_with_newline; previous_element_is_TD; previous_element_is_DIV; previous_element_is_same; next_element_is_same; next_element_is_special; has_quality_attributes; etc. The layout vector may then be determined by assigning binary values to these identified features. For example, consider that particular HTML code has a frame in its tail such as: <if RaMe height=0 width=0 src="http://222.ebuy.com/index.html"/>. The output vector will then be assigned the following values for these features: invisible 0; inheader 0; intail 1; htmltag_is_obfascated 1; element_is_unique 0; element_end_with_newline 0; previous_element_is_TD 0; previous_element_is_DIV 0; previous_element_is_same 0; next_element_is_same 0; next_element_is_special 0; and has_quality_attributes 0. Finally, the output vector may then be simply written using the binary values thus: [10 1 1 0 0 0 0 0 0 0 0) and column 7 line 42 – column8 line 11 i.e. Here is an example of how to determine a referring vector based upon the extracted information that is input to the referring relevancy detector. Consider that the following information extracted from the HTML code and the page rank database will be input to the layout detector: if the parent URL is in the top one thousand by rank; if the parent URL is in the top ten thousand; if the parent URL is in the top one hundred thousand; if the child URL is in the top one thousand; if the child URL is in the top ten thousand; if the child URL is in the top one hundred thousand; if both the parent and child URLs are ranked; if both are unranked; if only the parent is ranked; if only the child is ranked; if the child URL is an IP address; if the child URL is obfuscated; if the child URL is dynamic; whether or not the child URL has any special extensions (for example, a script URL points to a JPEG file). This extracted information lends itself to identifiable features such as: parent_in_top.sub.--1K; parent_in_top.sub.--10K; parent_in_top.sub.--100K; child_in_top.sub.--1K; child_in_top.sub.--10k; child_in_top.sub.--100k; both_ranked; both_unranked; only_parent_ranked; only_child_ranked; child_is_IPAddress; child_is_obfuscated; child_is_dynamic; child_has_special_extension, etc. The referring vector may then be determined by assigning binary values to these identified features. For example, consider that particular HTML code (which comes from "https://www.ebay.com/items/purchase.php") has a frame in its tail such as: <if RaMe height=0 width=0 src="http://%32%32%32%2Eebuy.comfindexjpg"/>. The output vector will then be assigned the following values for these features: parent_in_top.sub.--1K 1; parent_in_top.sub.--10K 0; parent_in_top.sub.--100K 0; child_in_top.sub.--1K 0; child_in_top.sub.--10k 0; child_in_top.sub.--100k 0; both_ranked 0; both_unranked 0; only_parent_ranked 1; only_child_ranked 0; child_is_IPAddress 0; child_is_obfuscated 1; child_is_dynamic 0; child_has_special_extension 1. Finally, the output vector may then be simply written using the binary values thus: [1 0 0 0 0 0 0 0 1 0 0 1 0 1]). With respect to claim 5 Xuewen, Jain and Zhu teach the method of claim 1, further comprising blocking the first web page based, at least in part, on the verdicts of the one or more first feature vectors and the one or more second feature vectors (see Xuewen figure 5 step 599 and column 9 lines 17-26 i.e. Any score greater than 0.9 results in a conclusion that the embedded URL is malicious in step 599. If so, then a warning message may be output to the computer user indicating that a particular URL found in a Web page is likely to be malicious. If a URL is found to be malicious then by default the URL may not be visited). With respect to claim 6 Xuewen, Jain and Zhu teach the method of claim 1, wherein the one or more classifiers comprise machine learning classifiers (see column 5 lines 23-28 i.e. The output of the detectors (the characteristic vectors) are fed to a decision engine 380 that uses a pre-trained model in order to classify the analyzed URL as being malicious or not. For example, the decision engine may be a Bayes algorithm engine or a support vector machine (SVM). The output from the decision engine will indicate whether or not the originally input HTML code includes a malicious link, such as a URL). With respect to claim 7 Xuewen, Jain and Zhu teach the method of claim 1, further comprising disabling one or more hyperlinks for the first web page based, at least in part, on the verdicts of the one or more second feature vectors (see Xuewen figure 5 step 599 and column 9 lines 17-26 i.e. Any score greater than 0.9 results in a conclusion that the embedded URL is malicious in step 599. If so, then a warning message may be output to the computer user indicating that a particular URL found in a Web page is likely to be malicious. If a URL is found to be malicious then by default the URL may not be visited). With respect to claim 8 Xuewen teaches a non-transitory machine-readable medium having program code stored thereon, the program code comprising instructions to: prefetch first source code for a first web page and second source code for one or more second web pages indicates in hyperlinks of the first web page (see Xuewen figure 5 step 510-520 and column 5 lines 30-45 i.e. In step 510 any suitable HTML code is retrieved for analysis. For example, FIG. 6 shows suitable HTML code. This HTML code may be obtained via a backend Internet security system, such as those that routinely monitor Internet requests from computer users of an enterprise at a remote central location. Once the backend system analyzes the HTML code for malicious links and makes a decision, it may then inform the user of the enterprise regarding the nature of the links found in the HTML code. Or, the HTML code may be obtained directly from monitoring software operating on the user's computer. In this situation, the present invention is executing in a suitable software module directly upon the user's computer and can easily intercept HTML code that a user has downloaded from the World Wide Web using an Internet browser. This HTML code is typically a single page of code; column 5 lines 46-67 i.e. Next, in step 520, a link scanner software module 320 makes a pass over the retrieved HTML code and analyzes it for information and features that will be later input to the various detectors 330-360. The link scanner will analyze the HTML for frames or scripts because it is often the frames or scripts that include malicious URLs. All embedded links within the HTML are retrieved, especially those within frames or scripts. In addition, a variety of other information is extracted such as: the position of the frame or script in the HTML code; whether or not the frame or script is visible; the height, width and size of the frame; previous elements and post elements such as TD, DIV, TITLE, and so on. A typical "previous element" of an injected malicious script is "TD tag" in HTML, because most SQL injections will taint the data at the database (which is shown in the Table/TD at HTML). Other information includes the IP address and host name of the Web site where the HTML page can be found, whether a particular URL has any dynamic parameters, other attributes of a frame such as its border, and attributes of a script such as its language. This extracted information may be stored in memory, or may be simply noted and flagged in the HTML code for further analysis by the detectors 330-360 and column 6 lines 1-11 i.e. If the HTML code includes ten URLs, for example, all this information may be sent to the detectors at once. Preferably, though, each URL is processed serially, and then once one URL has been processed and the decision engine makes a decision, the information regarding the next URL is input. Extracted information for a particular URL link (perhaps embedded within a frame or script) is then input to each of the detectors 330-360 in parallel or serially. After processing this link information, the decision engine 380 then renders a decision regarding this particular link before beginning processing the next link retrieved from the HTML code); generate one or more first feature vectors of the first source code and one or more second feature vectors of the second source code, wherein the one or more first feature vectors and the one or more second feature vectors correspond to potentially malicious subsets of source code (see Xuewen figure 5 steps 530-570 and column 6 lines 33-63 i.e. Here is an example of how to determine a layout vector based upon the extracted information that is input to the layout relevancy detector. Consider that the following information extracted from the HTML code will be input to the layout detector: whether or not the frame is invisible; whether the frame or script is in the header or in the tail; if the HTML tag is obfuscated; if the element is unique; if the element has a new line; if the previous element is TD; if the previous element is the same; if the next element is the same; if the next element is special; if the link has quality attributes (for example, the language of a script or the border of a frame), etc. This extracted information lends itself to identifiable features such as: invisible; in_header; in_tail; htmltag_is_obfascated; element_is_unique; element_end_with_newline; previous_element_is_TD; previous_element_is_DIV; previous_element_is_same; next_element_is_same; next_element_is_special; has_quality_attributes; etc. The layout vector may then be determined by assigning binary values to these identified features. For example, consider that particular HTML code has a frame in its tail such as: <if RaMe height=0 width=0 src="http://222.ebuy.com/index.html"/>. The output vector will then be assigned the following values for these features: invisible 0; inheader 0; intail 1; htmltag_is_obfascated 1; element_is_unique 0; element_end_with_newline 0; previous_element_is_TD 0; previous_element_is_DIV 0; previous_element_is_same 0; next_element_is_same 0; next_element_is_special 0; and has_quality_attributes 0. Finally, the output vector may then be simply written using the binary values thus: [10 1 1 0 0 0 0 0 0 0 0) and column 7 line 42 – column8 line 11 i.e. Here is an example of how to determine a referring vector based upon the extracted information that is input to the referring relevancy detector. Consider that the following information extracted from the HTML code and the page rank database will be input to the layout detector: if the parent URL is in the top one thousand by rank; if the parent URL is in the top ten thousand; if the parent URL is in the top one hundred thousand; if the child URL is in the top one thousand; if the child URL is in the top ten thousand; if the child URL is in the top one hundred thousand; if both the parent and child URLs are ranked; if both are unranked; if only the parent is ranked; if only the child is ranked; if the child URL is an IP address; if the child URL is obfuscated; if the child URL is dynamic; whether or not the child URL has any special extensions (for example, a script URL points to a JPEG file). This extracted information lends itself to identifiable features such as: parent_in_top.sub.--1K; parent_in_top.sub.--10K; parent_in_top.sub.--100K; child_in_top.sub.--1K; child_in_top.sub.--10k; child_in_top.sub.--100k; both_ranked; both_unranked; only_parent_ranked; only_child_ranked; child_is_IPAddress; child_is_obfuscated; child_is_dynamic; child_has_special_extension, etc. The referring vector may then be determined by assigning binary values to these identified features. For example, consider that particular HTML code (which comes from "https://www.ebay.com/items/purchase.php") has a frame in its tail such as: <if RaMe height=0 width=0 src="http://%32%32%32%2Eebuy.comfindexjpg"/>. The output vector will then be assigned the following values for these features: parent_in_top.sub.--1K 1; parent_in_top.sub.--10K 0; parent_in_top.sub.--100K 0; child_in_top.sub.--1K 0; child_in_top.sub.--10k 0; child_in_top.sub.--100k 0; both_ranked 0; both_unranked 0; only_parent_ranked 1; only_child_ranked 0; child_is_IPAddress 0; child_is_obfuscated 1; child_is_dynamic 0; child_has_special_extension 1. Finally, the output vector may then be simply written using the binary values thus: [1 0 0 0 0 0 0 0 1 0 0 1 0 1]); input the one or more first feature vectors and one or more second feature vectors into one or more classifiers to obtain verdicts of the one or more first feature vectors and the one or more second feature vectors as output (see Xuewen figure 5 steps 580, column 6 lines 25-33 i.e. The layout relevancy detector analyzes this information, groups the information by features, and then assigns each feature a true or false value. A true or false value is represented by a "1" or a "0," respectively (or vice versa). Once all of these true and false values represented by their binary values have been ordered into a vector, this layout vector is then output in step 580 from the detector and passed on to the decision engine 380 and column 7 lines 34-41 i.e. The referring relevancy detector analyzes this information, groups the information by features, and then assigns each feature a true or false value. A true or false value is represented by a "1" or a "0," respectively (or vice versa). Once all of these true and false values represented by their binary values have been ordered into a vector, this referring vector is then output in step 580 from the detector and passed on to the decision engine 380); and based, at least in part, on one or more malicious verdicts in the verdicts output by the one or more classifiers, at least one of block the first web page, remove malicious source code from the first source code, and disable hyperlinks in the first source code to obtain third source code (see Xuewen figure 5 step 599 and column 9 lines 17-26 i.e. Any score greater than 0.9 results in a conclusion that the embedded URL is malicious in step 599. If so, then a warning message may be output to the computer user indicating that a particular URL found in a Web page is likely to be malicious. If a URL is found to be malicious then by default the URL may not be visited). reconstructing the third source code (see Xuewen figure 5 step 599 and column 9 lines 17-26 i.e. Any score greater than 0.9 results in a conclusion that the embedded URL is malicious in step 599. If so, then a warning message may be output to the computer user indicating that a particular URL found in a Web page is likely to be malicious. If a URL is found to be malicious then by default the URL may not be visited). Xuewen does not teach wherein reconstructing the third source code comprises reconstructing the third source code with indications of attack types corresponding to the malicious verdicts output by the at least subset of the one or more classifiers and indications of at least one of removal of hyperlinks corresponding to at least a subset of the one or more second web pages and removal of the subset of the first source code from the third source code. Jain teaches wherein reconstructing the third source code comprises reconstructing the third source code indications of at least one of removal of hyperlinks corresponding to at least a subset of the one or more second web pages and removal of the subset of the first source code from the third source code ( see Jain column 10 lines 6-43 i.e. In some embodiments, the identified QR code may be replaced with a modified version of the identified QR on the rendered web page to discourage the user from scanning the identified QR code at step 450. This may be done, for example, by rendering the QR code with an indication that the QR code is a security risk and preventing the QR code from being scannable). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xuewen in view of Jain to have remove the QR code link and replaced the QR code link with a rendering of the QR code with an indication that the QR code is a security risk and preventing the QR code from being scannable as a way to protect the used form visiting maliciose link behind the QR code (see Jain column 2 lines 14-31). Therefore one would have been motivated to have remove the QR code link and replaced the QR code link with an unscannable QR code. Xuewen in view of Jain does not teach indications of attack types corresponding to the malicious verdicts output by the at least subset of the one or more classifiers Zhu teaches including indications of attack types corresponding to the malicious verdicts output by the at least subset of the one or more classifiers (see Zhu paragraph 0005 i.e. using one or more classification models to detect a malicious URL and categorize the malicious URL as one of a phishing URL, a spamming URL, a malware URL, or a multi-type attack URL). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xuewen in view of Jain in further view of Zhu to help protect web users, web browsers, search engines, and the like. In response to receiving an unknown URL, the techniques determine whether the unknown URL is a malicious URL and may warn a web user of the category (e.g., type) of the malicious URL (see Zhu paragraph 0006). Therefore one would have been motivated to have included an indications of the malicious URL as one of a phishing URL, a spamming URL, a malware URL, or a multi-type attack URL. With respect to claim 9 Xuewen, Jain and Zhu teach the non-transitory machine-readable medium of claim 8, wherein the one or more first feature vectors and the one or more second feature vectors comprise feature vectors of at least one of Hypertext Markup Language (HTML) code, JavaScript code, Cascading Style Sheets (CSS) code, and one or more Hypertext Transfer Protocol (HTTP) responses from prefetching the first source code and prefetching the second source code (see Xuewen figure 5 steps 530-570 and column 6 lines 33-63 i.e. Here is an example of how to determine a layout vector based upon the extracted information that is input to the layout relevancy detector. Consider that the following information extracted from the HTML code will be input to the layout detector: whether or not the frame is invisible; whether the frame or script is in the header or in the tail; if the HTML tag is obfuscated; if the element is unique; if the element has a new line; if the previous element is TD; if the previous element is the same; if the next element is the same; if the next element is special; if the link has quality attributes (for example, the language of a script or the border of a frame), etc. This extracted information lends itself to identifiable features such as: invisible; in_header; in_tail; htmltag_is_obfascated; element_is_unique; element_end_with_newline; previous_element_is_TD; previous_element_is_DIV; previous_element_is_same; next_element_is_same; next_element_is_special; has_quality_attributes; etc. The layout vector may then be determined by assigning binary values to these identified features. For example, consider that particular HTML code has a frame in its tail such as: <if RaMe height=0 width=0 src="http://222.ebuy.com/index.html"/>. The output vector will then be assigned the following values for these features: invisible 0; inheader 0; intail 1; htmltag_is_obfascated 1; element_is_unique 0; element_end_with_newline 0; previous_element_is_TD 0; previous_element_is_DIV 0; previous_element_is_same 0; next_element_is_same 0; next_element_is_special 0; and has_quality_attributes 0. Finally, the output vector may then be simply written using the binary values thus: [10 1 1 0 0 0 0 0 0 0 0) and column 7 line 42 – column8 line 11 i.e. Here is an example of how to determine a referring vector based upon the extracted information that is input to the referring relevancy detector. Consider that the following information extracted from the HTML code and the page rank database will be input to the layout detector: if the parent URL is in the top one thousand by rank; if the parent URL is in the top ten thousand; if the parent URL is in the top one hundred thousand; if the child URL is in the top one thousand; if the child URL is in the top ten thousand; if the child URL is in the top one hundred thousand; if both the parent and child URLs are ranked; if both are unranked; if only the parent is ranked; if only the child is ranked; if the child URL is an IP address; if the child URL is obfuscated; if the child URL is dynamic; whether or not the child URL has any special extensions (for example, a script URL points to a JPEG file). This extracted information lends itself to identifiable features such as: parent_in_top.sub.--1K; parent_in_top.sub.--10K; parent_in_top.sub.--100K; child_in_top.sub.--1K; child_in_top.sub.--10k; child_in_top.sub.--100k; both_ranked; both_unranked; only_parent_ranked; only_child_ranked; child_is_IPAddress; child_is_obfuscated; child_is_dynamic; child_has_special_extension, etc. The referring vector may then be determined by assigning binary values to these identified features. For example, consider that particular HTML code (which comes from "https://www.ebay.com/items/purchase.php") has a frame in its tail such as: <if RaMe height=0 width=0 src="http://%32%32%32%2Eebuy.comfindexjpg"/>. The output vector will then be assigned the following values for these features: parent_in_top.sub.--1K 1; parent_in_top.sub.--10K 0; parent_in_top.sub.--100K 0; child_in_top.sub.--1K 0; child_in_top.sub.--10k 0; child_in_top.sub.--100k 0; both_ranked 0; both_unranked 0; only_parent_ranked 1; only_child_ranked 0; child_is_IPAddress 0; child_is_obfuscated 1; child_is_dynamic 0; child_has_special_extension 1. Finally, the output vector may then be simply written using the binary values thus: [1 0 0 0 0 0 0 0 1 0 0 1 0 1]). With respect to claim 11 Xuewen, Jain and Zhu teach the non-transitory machine-readable medium of claim 8. Jain teaches further comprising program code to store indications of the third source code and the one or more malicious verdicts in a prefetching cache (see Jain column 10 lines 44-51 i.e. If the PCP engine has already identified that the URL encoded within the QR code is a malicious link, the URL may be logged by the security module (for example, by adding the URL to a list of malicious URLs cached locally). The next time the security module scans any other QR code and comes across the same malicious URL, the security module will not send it to the PCP engine since that info is already there in the web page investigator cache). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xuewen in view of Jain to have adding the URL to a list of malicious URLs cached locally so that the next time the security module comes across the same malicious URL, the security module will not send it to the PCP engine since that info is already in the web page investigator cache (see Jain column 10 lines 44-51). Therefore one would have been motivated to have a list of malicious URLs cached locally. With respect to claim 13 Xuewen, Jain and Zhu teach the non-transitory machine-readable medium of claim 8, wherein the one or more classifiers comprise machine learning classifiers (see column 5 lines 23-28 i.e. The output of the detectors (the characteristic vectors) are fed to a decision engine 380 that uses a pre-trained model in order to classify the analyzed URL as being malicious or not. For example, the decision engine may be a Bayes algorithm engine or a support vector machine (SVM). The output from the decision engine will indicate whether or not the originally input HTML code includes a malicious link, such as a URL). With respect to claim 14 Xuewen, Jain and Zhu teach an apparatus comprising: a processor; and a machine-readable medium having instructions stored thereon that are executable by the processor to cause the apparatus to, prefetch first source code for a first web page and second source code for one or more second web pages indicates in hyperlinks of the first web page (see Xuewen figure 5 step 510-520 and column 5 lines 30-45 i.e. In step 510 any suitable HTML code is retrieved for analysis. For example, FIG. 6 shows suitable HTML code. This HTML code may be obtained via a backend Internet security system, such as those that routinely monitor Internet requests from computer users of an enterprise at a remote central location. Once the backend system analyzes the HTML code for malicious links and makes a decision, it may then inform the user of the enterprise regarding the nature of the links found in the HTML code. Or, the HTML code may be obtained directly from monitoring software operating on the user's computer. In this situation, the present invention is executing in a suitable software module directly upon the user's computer and can easily intercept HTML code that a user has downloaded from the World Wide Web using an Internet browser. This HTML code is typically a single page of code; column 5 lines 46-67 i.e. Next, in step 520, a link scanner software module 320 makes a pass over the retrieved HTML code and analyzes it for information and features that will be later input to the various detectors 330-360. The link scanner will analyze the HTML for frames or scripts because it is often the frames or scripts that include malicious URLs. All embedded links within the HTML are retrieved, especially those within frames or scripts. In addition, a variety of other information is extracted such as: the position of the frame or script in the HTML code; whether or not the frame or script is visible; the height, width and size of the frame; previous elements and post elements such as TD, DIV, TITLE, and so on. A typical "previous element" of an injected malicious script is "TD tag" in HTML, because most SQL injections will taint the data at the database (which is shown in the Table/TD at HTML). Other information includes the IP address and host name of the Web site where the HTML page can be found, whether a particular URL has any dynamic parameters, other attributes of a frame such as its border, and attributes of a script such as its language. This extracted information may be stored in memory, or may be simply noted and flagged in the HTML code for further analysis by the detectors 330-360 and column 6 lines 1-11 i.e. If the HTML code includes ten URLs, for example, all this information may be sent to the detectors at once. Preferably, though, each URL is processed serially, and then once one URL has been processed and the decision engine makes a decision, the information regarding the next URL is input. Extracted information for a particular URL link (perhaps embedded within a frame or script) is then input to each of the detectors 330-360 in parallel or serially. After processing this link information, the decision engine 380 then renders a decision regarding this particular link before beginning processing the next link retrieved from the HTML code); generate one or more first feature vectors of the first source code and one or more second feature vectors of the second source code, wherein the one or more first feature vectors and the one or more second feature vectors correspond to potentially malicious subsets of source code (see Xuewen figure 5 steps 530-570 and column 6 lines 33-63 i.e. Here is an example of how to determine a layout vector based upon the extracted information that is input to the layout relevancy detector. Consider that the following information extracted from the HTML code will be input to the layout detector: whether or not the frame is invisible; whether the frame or script is in the header or in the tail; if the HTML tag is obfuscated; if the element is unique; if the element has a new line; if the previous element is TD; if the previous element is the same; if the next element is the same; if the next element is special; if the link has quality attributes (for example, the language of a script or the border of a frame), etc. This extracted information lends itself to identifiable features such as: invisible; in_header; in_tail; htmltag_is_obfascated; element_is_unique; element_end_with_newline; previous_element_is_TD; previous_element_is_DIV; previous_element_is_same; next_element_is_same; next_element_is_special; has_quality_attributes; etc. The layout vector may then be determined by assigning binary values to these identified features. For example, consider that particular HTML code has a frame in its tail such as: <if RaMe height=0 width=0 src="http://222.ebuy.com/index.html"/>. The output vector will then be assigned the following values for these features: invisible 0; inheader 0; intail 1; htmltag_is_obfascated 1; element_is_unique 0; element_end_with_newline 0; previous_element_is_TD 0; previous_element_is_DIV 0; previous_element_is_same 0; next_element_is_same 0; next_element_is_special 0; and has_quality_attributes 0. Finally, the output vector may then be simply written using the binary values thus: [10 1 1 0 0 0 0 0 0 0 0) and column 7 line 42 – column8 line 11 i.e. Here is an example of how to determine a referring vector based upon the extracted information that is input to the referring relevancy detector. Consider that the following information extracted from the HTML code and the page rank database will be input to the layout detector: if the parent URL is in the top one thousand by rank; if the parent URL is in the top ten thousand; if the parent URL is in the top one hundred thousand; if the child URL is in the top one thousand; if the child URL is in the top ten thousand; if the child URL is in the top one hundred thousand; if both the parent and child URLs are ranked; if both are unranked; if only the parent is ranked; if only the child is ranked; if the child URL is an IP address; if the child URL is obfuscated; if the child URL is dynamic; whether or not the child URL has any special extensions (for example, a script URL points to a JPEG file). This extracted information lends itself to identifiable features such as: parent_in_top.sub.--1K; parent_in_top.sub.--10K; parent_in_top.sub.--100K; child_in_top.sub.--1K; child_in_top.sub.--10k; child_in_top.sub.--100k; both_ranked; both_unranked; only_parent_ranked; only_child_ranked; child_is_IPAddress; child_is_obfuscated; child_is_dynamic; child_has_special_extension, etc. The referring vector may then be determined by assigning binary values to these identified features. For example, consider that particular HTML code (which comes from "https://www.ebay.com/items/purchase.php") has a frame in its tail such as: <if RaMe height=0 width=0 src="http://%32%32%32%2Eebuy.comfindexjpg"/>. The output vector will then be assigned the following values for these features: parent_in_top.sub.--1K 1; parent_in_top.sub.--10K 0; parent_in_top.sub.--100K 0; child_in_top.sub.--1K 0; child_in_top.sub.--10k 0; child_in_top.sub.--100k 0; both_ranked 0; both_unranked 0; only_parent_ranked 1; only_child_ranked 0; child_is_IPAddress 0; child_is_obfuscated 1; child_is_dynamic 0; child_has_special_extension 1. Finally, the output vector may then be simply written using the binary values thus: [1 0 0 0 0 0 0 0 1 0 0 1 0 1]); inputt the one or more first feature vectors and one or more second feature vectors into one or more classifiers to obtain verdicts of the one or more first feature vectors and the one or more second feature vectors as output (see Xuewen figure 5 steps 580, column 6 lines 25-33 i.e. The layout relevancy detector analyzes this information, groups the information by features, and then assigns each feature a true or false value. A true or false value is represented by a "1" or a "0," respectively (or vice versa). Once all of these true and false values represented by their binary values have been ordered into a vector, this layout vector is then output in step 580 from the detector and passed on to the decision engine 380 and column 7 lines 34-41 i.e. The referring relevancy detector analyzes this information, groups the information by features, and then assigns each feature a true or false value. A true or false value is represented by a "1" or a "0," respectively (or vice versa). Once all of these true and false values represented by their binary values have been ordered into a vector, this referring vector is then output in step 580 from the detector and passed on to the decision engine 380); and based, at least in part, on one or more malicious verdicts in the verdicts output by the one or more classifiers, at least one of block the first web page, remove malicious source code from the first source code, and disable hyperlinks in the first source code to obtain third source code (see Xuewen figure 5 step 599 and column 9 lines 17-26 i.e. Any score greater than 0.9 results in a conclusion that the embedded URL is malicious in step 599. If so, then a warning message may be output to the computer user indicating that a particular URL found in a Web page is likely to be malicious. If a URL is found to be malicious then by default the URL may not be visited). reconstructing the third source code (see Xuewen figure 5 step 599 and column 9 lines 17-26 i.e. Any score greater than 0.9 results in a conclusion that the embedded URL is malicious in step 599. If so, then a warning message may be output to the computer user indicating that a particular URL found in a Web page is likely to be malicious. If a URL is found to be malicious then by default the URL may not be visited). Xuewen does not teach wherein reconstructing the third source code comprises reconstructing the third source code with indications of attack types corresponding to the malicious verdicts output by the at least subset of the one or more classifiers and indications of at least one of removal of hyperlinks corresponding to at least a subset of the one or more second web pages and removal of the subset of the first source code from the third source code. Jain teaches wherein reconstructing the third source code comprises reconstructing the third source code indications of at least one of removal of hyperlinks corresponding to at least a subset of the one or more second web pages and removal of the subset of the first source code from the third source code ( see Jain column 10 lines 6-43 i.e. In some embodiments, the identified QR code may be replaced with a modified version of the identified QR on the rendered web page to discourage the user from scanning the identified QR code at step 450. This may be done, for example, by rendering the QR code with an indication that the QR code is a security risk and preventing the QR code from being scannable). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xuewen in view of Jain to have remove the QR code link and replaced the QR code link with a rendering of the QR code with an indication that the QR code is a security risk and preventing the QR code from being scannable as a way to protect the used form visiting maliciose link behind the QR code (see Jain column 2 lines 14-31). Therefore one would have been motivated to have remove the QR code link and replaced the QR code link with an unscannable QR code. Xuewen in view of Jain does not teach indications of attack types corresponding to the malicious verdicts output by the at least subset of the one or more classifiers Zhu teaches including indications of attack types corresponding to the malicious verdicts output by the at least subset of the one or more classifiers (see Zhu paragraph 0005 i.e. using one or more classification models to detect a malicious URL and categorize the malicious URL as one of a phishing URL, a spamming URL, a malware URL, or a multi-type attack URL). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xuewen in view of Jain in further view of Zhu to help protect web users, web browsers, search engines, and the like. In response to receiving an unknown URL, the techniques determine whether the unknown URL is a malicious URL and may warn a web user of the category (e.g., type) of the malicious URL (see Zhu paragraph 0006). Therefore one would have been motivated to have included an indications of the malicious URL as one of a phishing URL, a spamming URL, a malware URL, or a multi-type attack URL. With respect to claim 15 Xuewen, Jain and Zhu teach the apparatus of claim 14, wherein the one or more first feature vectors and the one or more second feature vectors comprise feature vectors of at least one of HyperText Markup Language (HTML) code, JavaScript code, Cascading Style Sheets (CSS) code, and one or more HyperText Transfer Protocol (HTTP) responses from prefetching the first source code and prefetching the second source code (see Xuewen figure 5 steps 530-570 and column 6 lines 33-63 i.e. Here is an example of how to determine a layout vector based upon the extracted information that is input to the layout relevancy detector. Consider that the following information extracted from the HTML code will be input to the layout detector: whether or not the frame is invisible; whether the frame or script is in the header or in the tail; if the HTML tag is obfuscated; if the element is unique; if the element has a new line; if the previous element is TD; if the previous element is the same; if the next element is the same; if the next element is special; if the link has quality attributes (for example, the language of a script or the border of a frame), etc. This extracted information lends itself to identifiable features such as: invisible; in_header; in_tail; htmltag_is_obfascated; element_is_unique; element_end_with_newline; previous_element_is_TD; previous_element_is_DIV; previous_element_is_same; next_element_is_same; next_element_is_special; has_quality_attributes; etc. The layout vector may then be determined by assigning binary values to these identified features. For example, consider that particular HTML code has a frame in its tail such as: <if RaMe height=0 width=0 src="http://222.ebuy.com/index.html"/>. The output vector will then be assigned the following values for these features: invisible 0; inheader 0; intail 1; htmltag_is_obfascated 1; element_is_unique 0; element_end_with_newline 0; previous_element_is_TD 0; previous_element_is_DIV 0; previous_element_is_same 0; next_element_is_same 0; next_element_is_special 0; and has_quality_attributes 0. Finally, the output vector may then be simply written using the binary values thus: [10 1 1 0 0 0 0 0 0 0 0) and column 7 line 42 – column8 line 11 i.e. Here is an example of how to determine a referring vector based upon the extracted information that is input to the referring relevancy detector. Consider that the following information extracted from the HTML code and the page rank database will be input to the layout detector: if the parent URL is in the top one thousand by rank; if the parent URL is in the top ten thousand; if the parent URL is in the top one hundred thousand; if the child URL is in the top one thousand; if the child URL is in the top ten thousand; if the child URL is in the top one hundred thousand; if both the parent and child URLs are ranked; if both are unranked; if only the parent is ranked; if only the child is ranked; if the child URL is an IP address; if the child URL is obfuscated; if the child URL is dynamic; whether or not the child URL has any special extensions (for example, a script URL points to a JPEG file). This extracted information lends itself to identifiable features such as: parent_in_top.sub.--1K; parent_in_top.sub.--10K; parent_in_top.sub.--100K; child_in_top.sub.--1K; child_in_top.sub.--10k; child_in_top.sub.--100k; both_ranked; both_unranked; only_parent_ranked; only_child_ranked; child_is_IPAddress; child_is_obfuscated; child_is_dynamic; child_has_special_extension, etc. The referring vector may then be determined by assigning binary values to these identified features. For example, consider that particular HTML code (which comes from "https://www.ebay.com/items/purchase.php") has a frame in its tail such as: <if RaMe height=0 width=0 src="http://%32%32%32%2Eebuy.comfindexjpg"/>. The output vector will then be assigned the following values for these features: parent_in_top.sub.--1K 1; parent_in_top.sub.--10K 0; parent_in_top.sub.--100K 0; child_in_top.sub.--1K 0; child_in_top.sub.--10k 0; child_in_top.sub.--100k 0; both_ranked 0; both_unranked 0; only_parent_ranked 1; only_child_ranked 0; child_is_IPAddress 0; child_is_obfuscated 1; child_is_dynamic 0; child_has_special_extension 1. Finally, the output vector may then be simply written using the binary values thus: [1 0 0 0 0 0 0 0 1 0 0 1 0 1]). With respect to claim 17 Xuewen, Jain and Zhu teach the apparatus of claim 16. Jain further teaches wherein the machine-readable medium further has stored thereon instructions executable by the processor to cause the apparatus to store indications of the third source code and the one or more malicious verdicts in a prefetching cache (see Jain column 10 lines 44-51 i.e. If the PCP engine has already identified that the URL encoded within the QR code is a malicious link, the URL may be logged by the security module (for example, by adding the URL to a list of malicious URLs cached locally). The next time the security module scans any other QR code and comes across the same malicious URL, the security module will not send it to the PCP engine since that info is already there in the web page investigator cache). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xuewen in view of Jain to have adding the URL to a list of malicious URLs cached locally so that the next time the security module comes across the same malicious URL, the security module will not send it to the PCP engine since that info is already in the web page investigator cache (see Jain column 10 lines 44-51). Therefore one would have been motivated to have a list of malicious URLs cached locally. With respect to claim 18 Xuewen, Jain and Zhu teach the apparatus of claim 16, wherein the instructions to reconstruct the third source code comprises comprise instructions executable by the processor to cause the apparatus to reconstruct the third source code with indications of at least one of blocking the first web page, removing malicious code from the first web page, and disabling hyperlinks in the first web page (see Xuewen figure 5 step 599 and column 9 lines 17-26 i.e. Any score greater than 0.9 results in a conclusion that the embedded URL is malicious in step 599. If so, then a warning message may be output to the computer user indicating that a particular URL found in a Web page is likely to be malicious. If a URL is found to be malicious then by default the URL may not be visited). With respect to claim 19 Xuewen, Jain and Zhu teach the apparatus of claim 14, further comprising communicating the third source code to a web browser for rendering (see Xuewen column 2 lines 54-60 i.e. In this fashion, the present invention may iterate through all embedded URLs that are found in the target HTML code. The HTML code desired by the user (typically a Web page that the user is attempting to download) may be intercepted by the present invention and not delivered if any malicious URLs are found, or, the HTML code may be delivered along with displayed warnings for any identified malicious URLs). With respect to claim 20 Xuewen, Jain and Zhu teach the apparatus of claim 14, wherein the one or more classifiers comprise machine learning classifiers (see Xuewen column 5 lines 23-28 i.e. The output of the detectors (the characteristic vectors) are fed to a decision engine 380 that uses a pre-trained model in order to classify the analyzed URL as being malicious or not. For example, the decision engine may be a Bayes algorithm engine or a support vector machine (SVM). The output from the decision engine will indicate whether or not the originally input HTML code includes a malicious link, such as a URL). Allowable Subject Matter Claims 21-26 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. With respect to claim 21, 23 and 25 the prior art does not teach wherein reconstructing the third source code further comprises, based on a first malicious verdict of the malicious verdicts corresponding to a second web page of the one or more second web pages indicating a phishing attack,performing a lookup in a database of known benign hyperlinks for a semantically similar hyperlink to a hyperlink of the second web page corresponding to the first malicious verdict; andreplacing the hyperlink of the second web page in the third source code with the semantically similar hyperlink. With respect to claim 22, 24 and 26 the prior art does not teach wherein the instructions to reconstruct the third source code further comprise instruction executable by the processor to cause the apparatus to add functionality to the third source code so that the indications are displayed when a cursor hovers over reconstructed elements of the first web page. Prior Art Parlak et al (US 11,580,222) titled “Automated Malware Analysis That Automatically Clusters Sandbox Reports Of Similar Malware Samples”. Li (US 2021/0092130) titled “DETECTING MALICIOUS WEB PAGES BY ANALYZING ELEMENTS OF HYPERTEXT MARKUP LANGUAGE (HTML) FILES”. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018. The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M. The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Rupal Dharia, can be reached on 571-272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). /DEVIN E ALMEIDA/ Examiner, Art Unit 2492 /RUPAL DHARIA/Supervisory Patent Examiner, Art Unit 2492