Prosecution Insights
Last updated: July 17, 2026
Application No. 19/198,609

PHISHING MITIGATION SERVICE

Non-Final OA §103
Filed
May 05, 2025
Priority
Dec 05, 2019 — continuation of 16/704,918 +1 more
Examiner
MANIWANG, JOSEPH R
Art Unit
2431
Tech Center
2400 — Computer Networks
Assignee
McAfee LLC
OA Round
1 (Non-Final)
86%
Grant Probability
Favorable
1-2
OA Rounds
10m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 86% — above average
86%
Career Allowance Rate
386 granted / 451 resolved
+27.6% vs TC avg
Moderate +14% lift
Without
With
+13.7%
Interview Lift
resolved cases with interview
Fast prosecutor
2y 0m
Avg Prosecution
22 currently pending
Career history
462
Total Applications
across all art units

Statute-Specific Performance

§101
8.5%
-31.5% vs TC avg
§103
52.8%
+12.8% vs TC avg
§102
13.8%
-26.2% vs TC avg
§112
21.6%
-18.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 451 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment Preliminary Amendment filed 07/14/2025 has been entered. Claims 1-20 are canceled; claims 21-40 are new. Claims 21-40 are pending. Information Disclosure Statement The information disclosure statement (IDS) submitted on 05/05/2025 was in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the Examiner. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 21-23, 28-30, and 35-37 are rejected under 35 U.S.C. 103 as being unpatentable over Adams et al. (U.S. Pat. App. Pub. 2013/0103944), hereinafter Adams, and further in view of Parthasarathy et al. (U.S. Pat. App. Pub. 2015/0215302), hereinafter Parthasarathy. Regarding claim 21, Adams disclosed a computing apparatus, comprising: a hardware platform including a processor and a memory, the memory including instructions (CPU, memory, instructions, ¶[0034]); and a network interface (network interface, ¶[0034]), wherein the processor executes the instructions to receive, via the network interface, an e-mail having a payload (receiving e-mail message including hypertext links, i.e., payload, ¶[0021]), transmit a query to a cloud phishing reputation service, the query including information based on the e-mail payload (sending, i.e., transmitting query, extracted links from e-mail message, i.e., information based on e-mail payload, to mobile gateway, i.e., cloud phishing reputation service, ¶[0021]), receive, from the cloud phishing reputation service, reputation data for the e-mail payload (returning status, i.e., reputation data, of links to mobile device, ¶[0021]), assign the email a reputation score, at least in part based on the scanning and the reputation data (appending, i.e., assigning, text, i.e., reputation score, indicating status of links, i.e., based on scanning/reputation data, ¶[0021]), and provide a notice of a reputation for the e-mail payload, at least in part based on the reputation score, the notice indicating a flag or a warning (adding warning, i.e., providing notice, to links, i.e., payload, ¶[0021]). Adams did not disclose: perform a scanning of an attachment of the e-mail payload. Parthasarathy disclosed: perform a scanning of an attachment of the e-mail payload (scanning email attachments, ¶[0038]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the apparatus of Adams to perform a scanning of an attachment of the e-mail payload as claimed, because doing so would have ensured the safety of an e-mail (Parthasarathy, ¶[0023]). Regarding claim 22, Adams and Parthasarathy disclosed the computing apparatus wherein the notice indicates a degree of confidence of the reputation (indicated status of links including, e.g., “clean”, “likely malicious”, “malicious”, or “unknown”, i.e., degree of confidence, Adams, ¶[0021]). Regarding claim 23, Adams and Parthasarathy disclosed the computing apparatus wherein the processor executes the instructions to extract a link from the e-mail payload, and the query indicates the link (extracting links from e-mail, Adams, ¶[0021]; sending, i.e., transmitting query, extracted links, Adams, ¶[0021]). Regarding claim 28, Adams disclosed a method, comprising: receiving an e-mail having a payload (receiving e-mail message including hypertext links, i.e., payload, ¶[0021]); transmitting a query to a cloud phishing reputation service, the query including information based on the e-mail payload (sending, i.e., transmitting query, extracted links from e-mail message, i.e., information based on e-mail payload, to mobile gateway, i.e., cloud phishing reputation service, ¶[0021]); receiving, from the cloud phishing reputation service, reputation data for the e-mail payload (returning status, i.e., reputation data, of links to mobile device, ¶[0021]); assigning the email a reputation score, at least in part based on the scanning and the reputation data (appending, i.e., assigning, text, i.e., reputation score, indicating status of links, i.e., based on scanning/reputation data, ¶[0021]); and providing a notice of a reputation for the e-mail payload, at least in part based on the reputation score, the notice indicating a flag or a warning (adding warning, i.e., providing notice, to links, i.e., payload, ¶[0021]). Adams did not disclose: performing a scanning of an attachment of the e-mail payload. Parthasarathy disclosed: performing a scanning of an attachment of the e-mail payload (scanning email attachments, ¶[0038]). The combination of references is made under the same rationale as claim 21 above. Regarding claim 29, Adams and Parthasarathy disclosed the method wherein the notice indicates a degree of confidence of the reputation (indicated status of links including, e.g., “clean”, “likely malicious”, “malicious”, or “unknown”, i.e., degree of confidence, Adams, ¶[0021]). Regarding claim 30, Adams and Parthasarathy disclosed the method further comprising: extracting a link from the e-mail payload, wherein the query indicates the link (extracting links from e-mail, Adams, ¶[0021]; sending, i.e., transmitting query, extracted links, Adams, ¶[0021]). Regarding claim 35, Adams disclosed a computer-readable medium having stored thereon instructions (computer readable medium storing software, ¶[0038]) that, when executed, instruct a processor to perform operations comprising: receiving an e-mail having a payload (receiving e-mail message including hypertext links, i.e., payload, ¶[0021]); transmitting a query to a cloud phishing reputation service, the query including information based on the e-mail payload (sending, i.e., transmitting query, extracted links from e-mail message, i.e., information based on e-mail payload, to mobile gateway, i.e., cloud phishing reputation service, ¶[0021]); receiving, from the cloud phishing reputation service, reputation data for the e-mail payload (returning status, i.e., reputation data, of links to mobile device, ¶[0021]); assigning the email a reputation score, at least in part based on the scanning and the reputation data (appending, i.e., assigning, text, i.e., reputation score, indicating status of links, i.e., based on scanning/reputation data, ¶[0021]); and providing a notice of a reputation for the e-mail payload, at least in part based on the reputation score, the notice indicating a flag or a warning (adding warning, i.e., providing notice, to links, i.e., payload, ¶[0021]). Adams did not disclose: performing a scanning of an attachment of the e-mail payload.Parthasarathy disclosed: performing a scanning of an attachment of the e-mail payload (scanning email attachments, ¶[0038]). The combination of references is made under the same rationale as claim 21 above. Regarding claim 36, Adams and Parthasarathy disclosed the medium, wherein the notice indicates a degree of confidence of the reputation (indicated status of links including, e.g., “clean”, “likely malicious”, “malicious”, or “unknown”, i.e., degree of confidence, Adams, ¶[0021]). Regarding claim 37, Adams and Parthasarathy disclosed the medium, the operations further comprising: extracting a link from the e-mail payload, wherein the query indicates the link (extracting links from e-mail, Adams, ¶[0021]; sending, i.e., transmitting query, extracted links, Adams, ¶[0021]). Claims 24, 31, and 38 are rejected under 35 U.S.C. 103 as being unpatentable over Adams (U.S. Pat. App. Pub. 2013/0103944) and Parthasarathy (U.S. Pat. App. Pub. 2015/0215302) as applied to claims 21, 28, and 35 above, respectively, and further in view of Mesdaq (U.S. Pat. 10,601,865). Regarding claim 24, Adams and Parthasarathy disclosed the computing apparatus as detailed above. Adams and Parthasarathy did not disclose the apparatus wherein the processor executes the instructions to provide a screenshot image of the e-mail payload, and the reputation data is at least in part based on a visual analysis of the screenshot image. Mesdaq disclosed: wherein the processor executes the instructions to provide a screenshot image of the e-mail payload, and the reputation data is at least in part based on a visual analysis of the screenshot image (extracting visual content, i.e., a screenshot image, attributed with an e-mail to perform screen shot analysis, i.e., visual analysis, to determine a phishing attack, i.e., reputation data, col. 12, lines 45-65). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the apparatus of Adams and Parthasarathy wherein the processor executes the instructions to provide a screenshot image of the e-mail payload, and the reputation data is at least in part based on a visual analysis of the screenshot image as claimed, because doing so would have been applying a known technique (i.e., screenshot/visual analysis) to a known device/method/product ready for improvement (i.e., the e-mail verification/scanning system of Adams and Parthasarathy) to yield predictable results (i.e., using screenshot/visual analysis in e-mail verification/scanning). Claims 31 and 38 are rejected under the same rationale as claim 24 above. Claims 25 and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Adams (U.S. Pat. App. Pub. 2013/0103944) and Parthasarathy (U.S. Pat. App. Pub. 2015/0215302) as applied to claims 21 and 28 above, respectively, and further in view of Himler et al. (U.S. Pat. 9,781,149), hereinafter Himler. Regarding claim 25, Adams and Parthasarathy disclosed the computing apparatus as detailed above. Adams and Parthasarathy did not disclose the apparatus wherein the notice is provided via a push notification. Himler disclosed: wherein the notice is provided via a push notification (outputting feedback, e.g., a message/prompt/notification, i.e., push notification/reputation notice, col. 6, lines 55-58, col. 7, lines 54-59, col. 9, line 63, col. 11, lines 14-15, col. 15, lines 1-2). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the apparatus of Adams and Parthasarathy wherein the notice is provided via a push notification as claimed, because doing so would help a user understand the results of e-mail analysis (Himler, col. 15, lines 1-7). Claim 32 is rejected under the same rationale as claim 25 above. Claims 26, 33, and 39 are rejected under 35 U.S.C. 103 as being unpatentable over Adams (U.S. Pat. App. Pub. 2013/0103944) and Parthasarathy (U.S. Pat. App. Pub. 2015/0215302) as applied to claims 21, 28, and 35 above, respectively, and further in view of Chang et al. (U.S. Pat. 8,606,860), hereinafter Chang. Regarding claim 26, Adams and Parthasarathy disclosed the computing apparatus as detailed above. Adams and Parthasarathy did not disclose the apparatus wherein the processor executes the instructions to receive an e-mail address for an online e-mail service, and access a mailbox, at least in part based on the e-mail address, to receive the e-mail. Chang disclosed: wherein the processor executes the instructions to receive an e-mail address for an online e-mail service, and access a mailbox, at least in part based on the e-mail address, to receive the e-mail (obtaining an email address and accessing a corresponding mailbox of email messages, claim 1). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the apparatus of Adams and Parthasarathy wherein the processor executes the instructions to receive an e-mail address for an online e-mail service, and access a mailbox, at least in part based on the e-mail address, to receive the e-mail as claimed, because doing so would have been an efficient way of accessing email for filtering purposes (Chang, col. 1, lines 24-31). Claims 33 and 39 are rejected under the same rationale as claim 26 above. Claims 27, 34, and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Adams (U.S. Pat. App. Pub. 2013/0103944), Parthasarathy (U.S. Pat. App. Pub. 2015/0215302), and Chang (U.S. Pat. 8,606,860) as applied to claims 21, 28, and 35 above, respectively, and further in view of Best et al. (U.S. Pat. App. Pub. 2012/0117161), hereinafter Best. Regarding claim 27, Adams and Parthasarathy disclosed the computing apparatus as detailed above. Adams and Parthasarathy did not disclose the computing apparatus wherein a copy of the email is downloaded without marking the email as read or opened. Best disclosed: wherein a copy of the email is downloaded without marking the email as read or opened (forwarding unread email messages to, i.e., downloading by, a delegate without changing the original messages’ read status and maintaining it at unread, ¶[0014], [0057], claim 8). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the apparatus of Adams and Parthasarathy wherein a copy of the email is downloaded without marking the email as read or opened as claimed, because doing so would have preserved the read status of analyzed emails and therefore not detracted from the account holder’s attention towards the email (Best, ¶[0003]). Claims 34 and 40 are rejected under the same rationale as claim 27 above. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH R MANIWANG whose telephone number is (571)270-7257. The examiner can normally be reached 8:30AM - 4:30PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wing F Chan can be reached at (571) 272-7493. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JOSEPH R MANIWANG/Primary Examiner, Art Unit 2453
Read full office action

Prosecution Timeline

May 05, 2025
Application Filed
Jun 29, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683863
NETWORK ARCHITECTURE, NETWORK COMMUNICATION METHOD, ELECTRONIC DEVICE, AND STORAGE MEDIUM
2y 3m to grant Granted Jul 14, 2026
Patent 12663935
Continuous Replication Of Storage Data During Physical Relocation
2y 8m to grant Granted Jun 23, 2026
Patent 12652208
Pervasive Realtime Framework
2y 2m to grant Granted Jun 09, 2026
Patent 12652210
DETECTING CLOUD SERVICE CONNECTIVITY ISSUES THROUGH ANALYSIS OF TENANT NETWORK TRAFFIC SIGNALS
2y 0m to grant Granted Jun 09, 2026
Patent 12641008
Multi-Topology Routing in Next Generation IoT Networks
2y 3m to grant Granted May 26, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
86%
Grant Probability
99%
With Interview (+13.7%)
2y 0m (~10m remaining)
Median Time to Grant
Low
PTA Risk
Based on 451 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month