Reviewing Artificial Intelligence (AI) Prompts and Outputs to Identify Malicious Behavior

§103 §112

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Detailed Action Claims 1, 4, 7, 12, 13, and 20 have been amended USC 112(b) rejection for claims 4, 12, and 16 has been overcome due to applicant’s amendments Claims 1-20 are pending Priority This application claims no priority. Therefore, the effective filing date of this application is 07/10/2024 Response to Arguments Applicant’s arguments filed on 12/26/2025 have been fully considered. With respect to the USC 112(b) rejection for claims 1-20. The rejection for claims 4, 12, and 16 have been overcome due to applicant’s amendments. However, the rejection for claims 1, 13, and 20 is being maintained because the claims have not been amended to overcome the rejection. With respect to USC 102 rejection for independent claim 1. Examiner is now rejecting claim 1 under USC 103 using a secondary reference MANTIN to better teach the newly amended limitations. Additional arguments are moot in view of new grounds of rejection necessitated by the claim amendments. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claims 1, 13, and 20 recites the limitation "the prompt monitoring AI algorithm". There is insufficient antecedent basis for this limitation in the claim. For the purpose of examination examiner is interpreting this limitation as “the prompt and output monitoring AI algorithm”. Appropriate correction is required. Claims 2-12 and 14-19 depend on claims 1 and 13 and therefore inherit the rejection. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-4, 8, 9, 11, 13-16, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over JONES (US-20250150474-A1) in view of MANTIN (US-20250111093-A1), hereinafter JONES-MANTIN. Regarding claim 1, JONES teaches “A system comprising: a microprocessor; and a computer readable medium, coupled with the microprocessor and comprising microprocessor readable and executable instructions that, when executed by the microprocessor, cause the microprocessor to: monitor, by a prompt and output monitoring Artificial Intelligence (AI) algorithm, AI prompts provided to an AI algorithm and/or AI outputs from the AI algorithm generated in response to the AI prompts provided to the AI algorithm; ([JONES, para. 0002] “Various aspects of the technology described herein are generally directed to systems, methods, and computer storage media for, among other things, providing generative AI security management using a generative AI security engine … the generative AI security engine provides generative AI security engine operations (“security engine operations”) including intent detection, prompt attack detection, restricted data detection and redaction”) ([JONES, para. 0024] “Prompt attack detection can include determining if an intent of an input text is to manipulate or extract information from the LLM. A prompt attack security model (e.g., a neural network machine learning model) can be employed to support classifying prompt data of particular types of prompt attacks.”) ([JONES, para. 0061] “The generative AI security engine 110 accesses prompt data associated with a generative artificial intelligence (AI) client 130 and a generative AI model 142 that supports artificial intelligence system 110A, the prompt data is associated with a request for the generate AI model and analyzes the prompt data (i.e., an instance of prompt data associated with a request)”) ([JONES, para. 0071] “The methods may be performed using the item listing system described herein. … when executed, by one or more processors can cause the one or more processors to perform the methods”) identify, by the prompt monitoring AI algorithm, an anomalous AI prompt provided to the AI algorithm and/or an anomalous AI output from the AI algorithm; ([JONES, para. 0049] “FIG. 1C illustrates a schematic 100C associated with providing generative AI security management using a generative AI security engine in accordance with embodiments described herein. At block 102C, prompt data is received. … If the prompt data is not already in the prompt data database, at block 106C a determination is made whether the prompt data has a malicious or banned intent”) ([JONES, para. 0044] “Prohibited intent determination can include evaluating the prompt data to determine whether the prompt data includes prohibited intent (e.g., a malicious intent or banned intent). A generative AI security engine model can be used to process the prompt data to make the determination”) and in response to identifying the anomalous AI prompt provided to the AI algorithm and/or the anomalous AI output from the AI algorithm, take an action associated with the identified anomalous AI prompt provided to the AI algorithm and/or the anomalous AI output from the AI algorithm. ([JONES, para. 0049] “If the prompt data is determined to have a malicious or banned intent, at block 110C, a request associated with the prompt data is blocked.”) ([JONES, para. 0062] “The post-processing security engine operations 170 support determining how to communicate the response to the generative AI prompt client or determining to block the response from the generative AI client 130. Based on analyzing the response, generative AI security engine 110 communicates the response to the generative AI client or blocks the response to the request.”). However, JONES does not teach “wherein the action includes at least one of quarantining an application associated with the anomalous Al prompt, removing malware from source code associated with the anomalous Al prompt, killing a thread associated with the anomalous Al prompt and unloading an application associated with the anomalous Al prompt.”. In analogous teaching MANTIN teaches “wherein the action includes at least one of quarantining an application associated with the anomalous Al prompt, removing malware from source code associated with the anomalous Al prompt, killing a thread associated with the anomalous Al prompt and unloading an application associated with the anomalous Al prompt.” ([MANTIN, para. 0026] “The LLM query manager (114) includes an application context creator … The application context may include information about a user's session with the application logic”) ([MANTIN, para. 0057] “Mitigation may be performed based on the prompt injection signal being set to a malicious value. The mitigation may include … blocking the user, user device, or session, or performing another action.”) [Examiner’s note: examiner is interpreting blocking a session as killing a thread associated with the anomalous Al prompt.] Thus, given the teaching of MANTIN, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of killing a thread associated with the anomalous Al prompt by MANTIN into the teaching of monitor, by a prompt and output monitoring Artificial Intelligence (AI) algorithm, Al prompts by JONES. One of ordinary skill in the art would have been motivated to do so because MANTIN recognizes the need to detect prompt injection attacks ([MANTIN, para. 0067] “As shown, one or more embodiments provide a technique that operates specifically with the LLM to detect prompt injection attacks. The technique is an automated way for the system to handle the wide variety of prompt injection attacks and LLM responses that the LLM provides. Thus, the overall security of the system is improved.”) Regarding claim 13, this claim recites of a method that performs the features of system claim 1. Therefore, claim 13 is rejected in a similar manner as in the rejection of claim 1. Regarding claim 20, this claim recites of a non-transient computer readable medium having stored thereon instructions that cause a processor to execute a method that performs the features of system claim 1. Therefore, claim 20 is rejected in a similar manner as in the rejection of claim 1. Regarding claims 2 and 14, JONES-MANTIN teaches all limitations of claims 1 and 13. JONES further teaches “wherein the anomalous AI prompt provided to the AI algorithm is identified and the anomalous AI output from the AI algorithm is identified.” ([JONES, para. 0049] “At block 102C, prompt data is received. … at block 106C a determination is made whether the prompt data has a malicious or banned intent. … If the prompt data is determined to have a malicious or banned intent, at block 110C, a request associated with the prompt data is blocked”) ([JONES, para. 0051] “a determination is made whether there are one or more redacted data tags in output from the LLM. … If a determination is made that there are one or more banned terms in the response, at block 110C, a request associated with the prompt data is blocked.”). Regarding claims 3 and 15, JONES-MANTIN teaches all limitations of claims 1 and 13. JONES further teaches “where the anomalous AI prompt is not identified, and the anomalous AI output is identified.” ([JONES, para. 0053] “If the prompt data does not have a malicious or banned intent … At block 118D, the request associated with the prompt data is communicated to the LLM.”) ([JONES, para. 0051] “a determination is made whether there are one or more redacted data tags in output from the LLM. … If a determination is made that there are one or more banned terms in the response, at block 110C, a request associated with the prompt data is blocked.”). Regarding claims 4 and 16, JONES-MANTIN teaches all limitations of claims 1 and 13. JONES further teaches “wherein the prompt and output monitoring AI algorithm has been trained to identify AI prompts that are expected AI prompts for the AI algorithm and AI outputs that are expected for the AI algorithm.” ([JONES, para. 0024] “A prompt attack security model (e.g., a neural network machine learning model) can be employed to support classifying prompt data of particular types of prompt attacks”) ([JONES, para. 0048] “The training dataset security engine operations can ensure that no questionable and sensitive data is included in the training dataset that could lead to generative AI security exposure. The machine learning training pipeline can selectively implement pre-processing security engine operations and generative AI security models.”) ([JONES, para. 0049] “At block 102C, prompt data is received. … at block 106C a determination is made whether the prompt data has a malicious or banned intent. … If the prompt data is determined to have a malicious or banned intent, at block 110C, a request associated with the prompt data is blocked.”) ([JONES, para. 0051] “a determination is made whether there are one or more redacted data tags in output from the LLM. … If a determination is made that there are one or more banned terms in the response, at block 110C, a request associated with the prompt data is blocked.”). Regarding claim 8, JONES-MANTIN teaches all limitations of claim 1. JONES further teaches “wherein information associated with the identified anomalous AI prompt provided to an AI algorithm and/or the identified anomalous AI output from the AI algorithm are displayed to a user in a user interface.” ([JONES, para. 0047] “It is contemplated that when the request is blocked a response can be communicated to the generative AI application client 130 indicating that the request has been blocked. The response can further include additional explanatory data and parameters associated with why the request was blocked. The response and the additional explanatory data and parameters can be integrated with generative AI client interface data including graphical user interface elements and displayed. Other variations and combinations of communicating a notification of a blocked response and communicating additional explanatory data and parameters are contemplated with embodiments described herein”). Regarding claim 9, JONES-MANTIN teaches all limitations of claim 1. JONES further teaches “wherein the anomalous AI prompt provided to the AI algorithm is identified based on an anomalous AI prompt provided by an anomalous AI prompt and output database and wherein the anomalous AI prompt provided by the anomalous AI prompt and output database is associated with a specific AI algorithm and/or specific type of AI algorithm.” ([JONES, para. 0040] “A database (e.g., prompt data database 150) can be maintained to include prompt data (e.g., prompt data 152) and similar variations that have previously been processed. The prompt data and variations can be associated with a description, attributes, vulnerabilities exploited, indicators of compromise and other relevant information for threat intelligence and incident response.”) ([JONES, para. 0041] “A subsequent instance of prompt data is compared to the instances of prompt data in the database (i.e., prompt data 152) to determine if the subsequent instance of prompt data is already in the database (i.e., a similar instance of prompt data was previously processed successfully-without security issues). Different types of matching techniques (e.g., exact matching, fuzzy matching, tokenization, semantic matching) can be used to determine if the subsequent prompt data has a match in the database. … If a match is identified, a second determination is made whether—since the instance of prompt data in the prompt database was processed—there have been any updates to the generative AI security engine models … the instance of prompt data bypasses additional security operations if there have not been updates. In this way, additional processing is circumvented if the data types and the generative AI security engine models have not been updated”). Regarding claims 11 and 19, JONES-MANTIN teaches all limitations of claims 1 and 13. JONES further teaches “wherein the prompt and output monitoring AI algorithm is a vector AI algorithm that vectorizes the identified anomalous AI prompt and/or the identified anomalous AI output and compares the vectorized anomalous AI prompt and/or the vectorized anomalous AI output to learned vectors of anomalous AI prompts and/or learned vectors of anomalous AI outputs.” ([JONES, para. 0041] “A subsequent instance of prompt data is compared to the instances of prompt data in the database (i.e., prompt data 152) to determine if the subsequent instance of prompt data is already in the database (i.e., a similar instance of prompt data was previously processed successfully-without security issues). Different types of matching techniques (e.g., … tokenization, …) can be used to determine if the subsequent prompt data has a match in the database. With streamlining threat handling, a first determination is made if an instance of prompt data in a database matches a subsequent instance of prompt data”) ([JONES, para. 0044] “Prohibited intent determination can include evaluating the prompt data to determine whether the prompt data includes prohibited intent (e.g., a malicious intent or banned intent). A generative AI security engine model can be used to process the prompt data to make the determination whether the prompt data is associated with prohibited intent. A regular expression engine can be employed to execute regex evaluation. … Security context matching can be performed to determine whether hit a regex matches a security threat context.”). Claims 5, 6, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over JONES-MANTIN in view of HEN (US-20250284805-A1). Regarding claims 5 and 17, JONES-MANTIN teaches all limitations of claims 1 and 13. However, JONES-MANTIN does not teach “wherein the microprocessor readable and executable instructions further cause the microprocessor to: identify an initial source of the AI prompts provided to the AI algorithm; determine that the initial source of the AI prompts provided to the AI algorithm has changed; and in response to determining that the initial source of the AI prompts proved to the AI algorithm has changed, take an action associated with the change in the initial source of the AI algorithm.”. In analogous teaching HEN teaches “wherein the microprocessor readable and executable instructions further cause the microprocessor to: identify an initial source of the AI prompts provided to the AI algorithm; ([HEN, para. 0017] “FIG. 2 shows an example of an indirect prompt injection attack on a system 201. In step S201, a threat actor 203 injects an indirect prompt on website 204. In step S202, a user 202 sends a user prompt to an application 205.”) ([HEN, para. 0018] “In step S207, the website 204 sends the fetched data, including the indirect prompt injected by the threat actor 203 in step S201, to the application 205. In step S208, the application sends the fetched data (including the indirect prompt) to the LLM model 206”) determine that the initial source of the AI prompts provided to the AI algorithm has changed; ([HEN, para. 0021] “The discriminative classification engine classifies a prompt (or a portion of a prompt) based on pattern recognition and generates a threat classification output indicating the prompt classification. Patterns indicative of prompt injections attacks are learned in training of the discriminative classification engine. A malicious prompt means a prompt in which a pattern or other characteristic indicative of a prompt injection attack is detected (e.g. detected with confidence above a predefined threshold).”) ([HEN, para. 0036] “As the prompt generated at step 406 comprises external data retrieved from outside the system 300, it is vulnerable to a prompt injection attack. Therefore, at step 408, the LLM interface 308 inputs the prompt to the discriminative classification engine 324. The discriminative classification engine 324 returns a threat classification output in response”) and in response to determining that the initial source of the AI prompts proved to the AI algorithm has changed, take an action associated with the change in the initial source of the AI algorithm. ([HEN, para. 0037] “If the threat classification output indicates the prompt is malicious, the method proceeds to step 412. In one embodiment, the prompt filter 322 blocks the prompt in response, meaning the prompt is not received or processed by the generative LLM 318.”). Thus, given the teaching of HEN, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of detecting initial source of the prompt by HEN into the teaching of a system to monitor by a prompt and output monitoring Artificial Intelligence (AI) algorithm AI prompts by JONES-MANTIN. One of ordinary skill in the art would have been motivated to do so because HEN recognizes the need for improved security against malicious prompts (HEN, para. 0012] “by using a discriminative classification engine to obtain a threat classification output for a prompt comprising external data, which in turn is used to decide whether or not to pass the prompt on to the target LLM, an improvement in system security is achieved in a task automation system that triggers automation actions based on such prompts”). Regarding claim 6, JONES-MANTIN teaches all limitations of claim 1. However, JONES-MANTIN does not teach “wherein the microprocessor readable and executable instructions further cause the microprocessor to: identify an initial destination of the AI outputs provided from the AI algorithm; and determine that the initial destination of the AI outputs provided from the AI algorithm has changed; and in response to determining that the initial destination of the AI outputs provided from the AI algorithm has changed, take an action associated with the change in the initial destination of AI outputs.”. In analogous teaching HEN teaches “wherein the microprocessor readable and executable instructions further cause the microprocessor to: identify an initial destination of the AI outputs provided from the AI algorithm; ([HEN, para. 0017] “FIG. 2 shows an example of an indirect prompt injection attack on a system 201. In step S201, a threat actor 203 injects an indirect prompt on website 204. In step S202, a user 202 sends a user prompt to an application 205.”) ([HEN, para. 0018] “In step S209, as per malicious instructions in the indirect prompt, the LLM model 206 instructs the application 205 to query a database 208, to invoke the threat actor's email address, and to send the data (required by the threat actor 203) from database 208 to the threat actor 203. … In step S214, the LLM model 206, sends a response for the user 202 to the application 205. In step S215, the application 205 sends the response to the user 202.”) and determine that the initial destination of the AI outputs provided from the AI algorithm has changed; ([HEN, para. 0036] “the LLM interface 308 inputs the prompt to the discriminative classification engine 324. The discriminative classification engine 324 returns a threat classification output in response.”) ([HEN, para. 0037] “If the threat classification output indicates the prompt is malicious, the method proceeds to step 412”) and in response to determining that the initial destination of the AI outputs provided from the AI algorithm has changed, take an action associated with the change in the initial destination of AI outputs. ([HEN, para. 0037] “If the threat classification output indicates the prompt is malicious, the method proceeds to step 412. In one embodiment, the prompt filter 322 blocks the prompt in response, meaning the prompt is not received or processed by the generative LLM 318.”). The same motivation to modify JONES-MANTIN with HEN as in the rejection of claim 5 applies. Claims 10, 12, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over JONES-MANTIN in view of ALFARDAN (US-20240388551-A1), hereinafter JONES-MANTIN-ALFARDAN. Regarding claims 10 and 18, JONES-MANTIN teaches all limitations of claims 1 and 13. However, JONES-MANTIN does not teach “wherein the microprocessor readable and executable instructions further cause the microprocessor to: scan an application and/or any components used by the application, by an AI scanning algorithm, wherein the AI scanning algorithm has been trained to identify different types of AI algorithms in different applications; identify, by the AI scanning algorithm, the AI algorithm in the scanned application and/or any components used by the application; and in response to identifying the AI algorithm in the scanned application and/or any components used by the application, identify a source of the AI prompts to the AI algorithm within the application and/or any of the components used by the application and/or a destination for the AI outputs from the AI algorithm.”. In analogous teaching ALFARDAN teaches “wherein the microprocessor readable and executable instructions further cause the microprocessor to: scan an application and/or any components used by the application, by an AI scanning algorithm, wherein the AI scanning algorithm has been trained to identify different types of AI algorithms in different applications; ([ALFARDAN, para. 0019] “The LLM firewall 110 functionally resides between clients 120-1 to 120-N and LLM services 130-1 to 130-M (LLMs), intercepting, monitoring, tracking, and enforcing policies.”) ([ALFARDAN, para. 0021] “The LLM firewall 110 intercepts requests from a client to an LLM service. This interception of requests can be selected based on attributes such as: client (user/machine) identity interacting with an LLM service”) ([ALFARDAN, para. 0023] “The method 200 includes, at step 210, intercepting communications associated with a conversation between a client and LLM service. The communications include a request message from the client to the LLM service and a reply message (to the request message) from the LLM service to the client. … At step 220, the method 200 includes deriving a context for the conversation based on the communications between the client and the LLM service”) identify, by the AI scanning algorithm, the AI algorithm in the scanned application and/or any components used by the application; ([ALFARDAN, para. 0069] “generating and storing information representing a reputation of the client and/or of the LLM service, wherein applying the one or more policies is based on the reputation of the client and/or the LLM service.”) ([ALFARDAN, para. 0025] “the LLM firewall 110 may maintain the reputations of LLM services and enforce policies based on a LLM service's reputation”) ([ALFARDAN, para. 0018] “The system 100 includes an LLM firewall/gateway 110 that functionally sits between a plurality of clients 120-1, 120-2, . . . , 120-N, and one or more LLM services 130-1 to 130-M.”) and in response to identifying the AI algorithm in the scanned application and/or any components used by the application, identify a source of the AI prompts to the AI algorithm within the application and/or any of the components used by the application and/or a destination for the AI outputs from the AI algorithm. ([ALFARDAN, para. 0024] “As another example, the LLM firewall may identify that the intent of the client is to trick the LLM service to share malicious code that it would not generally share, and the client is attempting trying different conversation maneuvers to find loopholes. There may be an intent threshold that is to be met or exceeded before an action is taken, such as terminating the conversation between a client and an LLM service by dropping a request from the client.”) ([ALFARDAN, para. 0036] “The code security module 322 contains the logic that allows the “Client/Session instance” to identify and highlight insecure code provided by LLM services”). Thus, given the teaching of ALFARDAN, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of scan an application and/or any components used by the application, by an AI scanning algorithm by ALFARDAN into the teaching of a system to monitor by a prompt and output monitoring Artificial Intelligence (AI) algorithm AI prompts by JONES-MANTIN. One of ordinary skill in the art would have been motivated to do so because ALFARDAN recognizes the need to safeguard LLM models ([ALFARDAN, para. 0004] “Several researchers and enthusiasts have discovered methods to bypass restrictions on LLB-based wrappers, such as ChatGPT™, Bing™ Chat, and Google Bard™. They have uncovered loopholes that allow access to restricted and harmful content”) ([ALFARDAN, para. 0010] “Presented herein are techniques for a universal LLM firewall/gateway system that operates at the LLM level to protect clients and LLMs from a new threat landscape. … detecting and preventing LLMs from jailbreaking through sessions/conversations, or alerting LLM administrators about threats executed by users”). Regarding claim 12, JONES-MANTIN-ALFARDAN teaches all limitations of claim 10. JONES further teaches “wherein in response to matching the vectorized identified anomalous AI prompt and/or the vectorized anomalous AI output, the anomalous AI prompt is blocked and/or the anomalous AI output is blocked.” ([JONES, para. 0054] “At block 124D, a determination is made whether there are any banned terms in the response. If a determination is made that there are one or more banned terms in the response, at block 110D, a request associated with the prompt data is blocked. If a determination is made that there are no banned terms in the response, at block 126D, the response is sent to the user.”) ([JONES, para. 0044] “A regular expression engine can be employed to execute regex evaluation. The regex evaluation can include pattern matching assessment on the text in the prompt data”) ([JONES, para. 0041] “Different types of matching techniques (e.g., exact matching, fuzzy matching, tokenization, semantic matching) can be used”). Pertinent Art The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. CEFALU (US-20230359903-A1): This prior art teaches of system for use with an artificial intelligence (AI) model configured to accept text input, such as generative pre-trained transformer (GPT), that detects and tags trusted instructions and nontrusted instructions of an input provided by a user responsive to an AI model prompt. The system uses reinforcement learning (RL) and a set of rules to remove the untrusted instructions from the input and provide only trusted instructions to the AI model. The input is represented as tokens, wherein the trusted instructions and the untrusted instructions are represented using incompatible token sets. MADDUX (US-20250173438-A1): This prior art teaches of a computing system receives a prompt to be provided as input to a large language model. The computing system generates generating an input string to the large language model by appending a plurality of contexts to the prompt. The plurality of contexts defines rules for the large language model to follow when generating the prompt. The plurality of contexts includes a negative context. Based on the prompt and the plurality of contexts, the computing system generates an attention matrix representing relationships between the prompt and the plurality of contexts. The computing system provides the attention matrix to a trained neural network to determine a likelihood that the prompt is malicious. Responsive to determining that the prompt is likely a malicious prompt, the computing system initiates a remedial action. Allowable Subject Matter 37. Claim 7 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and if any other rejections are overcome. Conclusion 38. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.39. Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFAQ ALI whose telephone number is (571)272-1571. The examiner can normally be reached Mon - Fri 7:30am - 5:30pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /A.A./ 01/22/2026 /AFAQ ALI/Examiner, Art Unit 2434 /NOURA ZOUBAIR/Primary Examiner, Art Unit 2434