Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsOracle International Corporation › 17452837
Last updated: April 19, 2026
Application No. 17/452,837

NETWORK THREAT ANALYSIS SYSTEM

Final Rejection §103
Filed
Oct 29, 2021
Examiner
POPHAM, JEFFREY D
Art Unit
2432
Tech Center
2400 — Computer Networks
Assignee
Oracle International Corporation
OA Round
4 (Final)
37%
Grant Probability
At Risk
5-6
OA Rounds
4y 9m
To Grant
61%
With Interview

This examiner grants 37% of cases after interview

+23.8% interview lift. A telephonic interview to clarify the technical implementation could significantly improve the outcome.
Based on 469 resolved cases, 2023–2026

Examiner Intelligence

POPHAM, JEFFREY D View full profile →
Grants only 37% of cases
37%
Career Allow Rate
175 granted / 469 resolved
-20.7% vs TC avg
Strong +24% interview lift
Without
With
+23.8%
Interview Lift
resolved cases with interview
Typical timeline
4y 9m
Avg Prosecution
31 currently pending
Career history
500
Total Applications
across all art units

Statute-Specific Performance

§101
14.7%
-25.3% vs TC avg
§103
45.4%
+5.4% vs TC avg
§102
15.9%
-24.1% vs TC avg
§112
21.2%
-18.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 469 resolved cases

Office Action

§103
Remarks Claims 1, 4, 5, 7-10, 13-20, and 22-26 are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Examiner’s Note An interview was scheduled for 6/24/2025 at 2 PM. The Examiner called and left a voicemail but no call back was received for holding the interview. This is just a note confirming that the Examiner attempted to hold the scheduled interview. Further interviews may be held within office policy. Response to Arguments Applicant's arguments filed 6/5/2025 have been fully considered but they are not persuasive. With respect to Applicant’s allegations on pages 10-11, Applicant’s allegations are simply general allegations with no specific argument. Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references. Moreover, Brabec discloses the following: Brabec discloses that training the machine learning module includes training a decision tree based on the first set of textual tokens, wherein training the decision tree includes splitting the decision tree into multiple branches by selecting data, that minimize an error function when assigning log records to different branches of the decision tree, and associating leaf nodes in the tree with labels indicative of a probability of a network attack (; training forest with trees that provide labels with training data, minimizing false positives/negatives, making recall and/or precision better, etc., for example); Wherein generating the output includes traversing the decision tree to a leaf node based on the comparing the aggregate score to the data selected for splitting the decision tree, wherein the output is generated based on a label associated with the leaf node (Exemplary Citations: for example, Abstract, Paragraphs 31-33, 41-47, 51, 52, 72-78, and associated figures; forest with trees that provide labels, for example). Moreover, Guia discloses the following: Guia, however, discloses that training the machine learning module includes training a decision tree based on the first set of textual tokens, wherein training the decision tree includes splitting the decision tree into multiple branches by selecting scores computed as a function of a frequency of the first set of textual tokens in individual log records in a training dataset and an inverse frequency of the first set of textual tokens across the plurality of log records, that minimize an error function when assigning log records to different branches of the decision tree and associating leaf nodes in the tree with labels (Exemplary Citations: for example, Abstract, Sections 1, 3.2, 3.3, 4.3, and 4.5; training trees/forests with training data, where each tree provides a label output, where the tree minimizes errors similar to above with respect to Brabec, for example); That the score is a TF-IDF score (Exemplary Citations: for example, Abstract, Sections 1, 3.2, 3.3, 4.3, and 4.5; TF-IDF processing, for example); Wherein generating the output includes traversing the decision tree to a leaf node based on comparing the aggregate score to the scores for splitting the decision tree and computed as a function of the frequency of the first set of textual tokens in individual log records in a training dataset and the inverse frequency of the first set of textual tokens across the plurality of log records, wherein the output is generated based on a label associated with the leaf node (Exemplary Citations: for example, Abstract, Sections 1, 3.2, 3.3, 4.3, and 4.5; each tree provides a label output, for example). Therefore, Siva Kumar in view of Brabec and Guia discloses the argued subject matter. With respect to Applicant’s allegations in the first full paragraph on page 11 of the response, Applicant appears to be arguing the pre-processing and text transformation section of Guia. However, once the data is pre-processed and the text is transformed into TF-IDF, these pieces of data are what is being classified in the trees. Moreover, as noted above, Brabec already discloses a large portion of this, and this has not been argued by Applicant. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 4, 5, 10, 13, 14, 16-20, 22, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Siva Kumar (U.S. Patent Application Publication 2016/0088000) in view of Brabec (U.S. Patent Application Publication 2019/0020670) and Guia (Marcio Guia et al., “Comparison of Naïve Bayes, Support Vector Machine, Decision Trees and Random Forest on Sentiment Analysis”, pp. 525-531, 2019). Regarding Claim 1, Siva Kumar discloses one or more non-transitory computer-readable media storing instructions executable by one or more hardware processors, comprising: Instructions for identifying a first set of textual tokens in a set of log records associated with an account for accessing a network service (Exemplary Citations: for example, Abstract, Paragraphs 34, 37-42, 57-61, 76-81, 95-100, 111-113, 126-129, 148-150, and associated figures; data from logs, such as logon session data, events, timestamps, IDs, names, and myriad other pieces of data, for example); Instructions for training, based on the first set of textual tokens, a machine learning model to identify network attacks (Exemplary Citations: for example, Abstract, Paragraphs 34, 37-42, 57-61, 76-81, 95-100, 111-113, 126-129, 148-150, and associated figures; training models based on the log data, for example); Instructions for detecting a new log record associated with the account for accessing the network service (Exemplary Citations: for example, Abstract, Paragraphs 28-33, 43-50, 54, 55, 62-74, 82-93, 101-109, 114-124, 130-139, 151-160, and associated figures; new log record with data, such as logon session data, associated therewith, for example); Instructions for computing a respective score for each individual textual token in a second set of textual tokens in the new log record responsive to detecting the new log record (Exemplary Citations: for example, Abstract, Paragraphs 28-33, 43-50, 54, 55, 62-74, 82-93, 101-109, 114-124, 130-144, 151-160, and associated figures; scores corresponding to a particular model feature, different scores for each individual feature, such as -LOG(P(R|A)), -LOG(P(A|R)), -LOG(P(LT|R)), -LOG(P(LT|A)), LLR, LLA, or even a different model for LLA, as in figure 1B, or any other textual token (e.g., count for a feature, probability of a feature, etc., where each could be compared against historical values in the models, etc.), etc., as examples. Exemplary Citations: for example, Abstract, Paragraphs 34, 37-42, 57-61, 76-81, 95-100, 111-113, 126-129, 148-150, and associated figures; any numerical values determined from the above, such as counts, IP addresses, IDs, binary values, times, durations, timestamps, etc., as examples); Instructions for computing an aggregate score for the new log record as a function of the respective score for each individual textual token in the second set of textual tokens (Exemplary Citations: for example, Abstract, 8, 48-53, 67, 88, 106, 119, 135-139, 157-170, and associated figures; combined scores, for example); and Instructions for generating, by the machine learning model based on the second set of textual tokens in the new log record and the aggregate score for the new log record, an output that indicates whether the new log record is associated with a network attack (Exemplary Citations: for example, Abstract, Paragraphs 28-33, 43-50, 54, 55, 62-74, 82-93, 101-109, 114-124, 130-144, 151-160, and associated figures; generating an output, such as a score, normalized score, z-score, UI, combined score, label, or any other information that is output based on the above, for example); But does not explicitly disclose that training the machine learning module includes training a decision tree based on the first set of textual tokens, wherein training the decision tree includes splitting the decision tree into multiple branches by selecting scores computed as a function of a frequency of the first set of textual tokens in individual log records in a training dataset and an inverse frequency of the first set of textual tokens across the plurality of log records that minimize an error function when assigning log records to different branches of the decision tree and associating leaf nodes in the tree with labels indicative of a probability of a network attack, that the score is a TF-IDF score, wherein generating the output includes traversing the decision tree to a leaf node based on comparing the aggregate score to the scores selected for splitting the decision tree and computed as a function of the frequency of the first set of textual tokens in individual log records in a training dataset and the inverse frequency of the first set of textual tokens across the plurality of log records, wherein the output is generated based on a label associated with the leaf node. Brabec, however, discloses that training the machine learning module includes training a decision tree based on the first set of textual tokens, wherein training the decision tree includes splitting the decision tree into multiple branches by selecting data, that minimize an error function when assigning log records to different branches of the decision tree, and associating leaf nodes in the tree with labels indicative of a probability of a network attack (Exemplary Citations: for example, Abstract, Paragraphs 31-33, 41-47, 51, 52, 72-78, and associated figures; training forest with trees that provide labels with training data, minimizing false positives/negatives, making recall and/or precision better, etc., for example); Wherein generating the output includes traversing the decision tree to a leaf node based on the comparing the aggregate score to the data selected for splitting the decision tree, wherein the output is generated based on a label associated with the leaf node (Exemplary Citations: for example, Abstract, Paragraphs 31-33, 41-47, 51, 52, 72-78, and associated figures; forest with trees that provide labels, for example). It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the machine learning techniques of Brabec into the lateral movement detection system of Siva Kumar in order to increase the ability to detect rare malware, to allow the system to appropriately weight each tree’s decision in a forest in order to detect whether or not an attack is present, and/or to increase security in the system. Guia, however, discloses that training the machine learning module includes training a decision tree based on the first set of textual tokens, wherein training the decision tree includes splitting the decision tree into multiple branches by selecting scores computed as a function of a frequency of the first set of textual tokens in individual log records in a training dataset and an inverse frequency of the first set of textual tokens across the plurality of log records, that minimize an error function when assigning log records to different branches of the decision tree and associating leaf nodes in the tree with labels (Exemplary Citations: for example, Abstract, Sections 1, 3.2, 3.3, 4.3, and 4.5; training trees/forests with training data, where each tree provides a label output, where the tree minimizes errors similar to above with respect to Brabec, for example); That the score is a TF-IDF score (Exemplary Citations: for example, Abstract, Sections 1, 3.2, 3.3, 4.3, and 4.5; TF-IDF processing, for example); Wherein generating the output includes traversing the decision tree to a leaf node based on comparing the aggregate score to the scores for splitting the decision tree and computed as a function of the frequency of the first set of textual tokens in individual log records in a training dataset and the inverse frequency of the first set of textual tokens across the plurality of log records, wherein the output is generated based on a label associated with the leaf node (Exemplary Citations: for example, Abstract, Sections 1, 3.2, 3.3, 4.3, and 4.5; each tree provides a label output, for example). It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the processing and classification techniques of Guia into the lateral movement detection system of Siva Kumar as modified by Brabec in order to improve results via pre-processing and text transformation, to provide additional mechanisms by which to classify data, to select the best performing mechanism, and/or to increase security in the system. Regarding Claim 19, Claim 19 is a system claim that corresponds to media claim 1 and is rejected for the same reasons. Regarding Claim 20, Claim 20 is a method claim that corresponds to media claim 1 and is rejected for the same reasons. Regarding Claim 4, Siva Kumar as modified by Brabec and Guia discloses the medium of claim 1, in addition, Siva Kumar discloses that training the machine learning model to identify network attacks comprises generating a score for each respective log record in the set of log records based at least in part on what textual tokens are included in the respective log record (Exemplary Citations: for example, Abstract, Paragraphs 8, 34, 37-42, 48-53, 57-61, 67, 76-81, 88, 95-100, 106, 111-113, 119, 126-129, 135-139, 148-150, 157-170, and associated figures; feedback based training with the system constantly training itself based on log records and feedback, generating of scores, z-scores, etc., as examples). Regarding Claim 22, Claim 22 is a method claim that corresponds to medium claim 4 and is rejected for the same reasons. Regarding Claim 5, Siva Kumar as modified by Brabec and Guia discloses the medium of claim 4, in addition, Siva Kumar discloses that generating the score for each respective log record comprises aggregating a set of individual scores assigned to the textual tokens included in the respective log record (Exemplary Citations: for example, Abstract, 8, 48-53, 67, 88, 106, 119, 135-139, 157-170, and associated figures; combined scores, for example). Regarding Claim 23, Claim 23 is a method claim that corresponds to medium claim 5 and is rejected for the same reasons. Regarding Claim 10, Siva Kumar as modified by Brabec and Guia discloses the medium of claim 1, in addition, Siva Kumar discloses that the new log record is generated based on a login attempt to the account (Exemplary Citations: for example, Abstract, Paragraphs 28-33, 43-50, 54, 55, 62-74, 82-93, 101-109, 114-124, 130-139, 151-160, and associated figures). Regarding Claim 13, Siva Kumar as modified by Brabec and Guia discloses the medium of claim 1, in addition, Siva Kumar discloses performing one or more actions to counter a detected network attack based on the output (Exemplary Citations: for example, Abstract, Paragraphs 28-33, 43-50, 54, 55, 62-74, 82-93, 101-109, 114-124, 130-144, 151-160, and associated figures; providing list of alerts, compromised accounts, compromised machines, etc., to an analyst, for example). Regarding Claim 14, Siva Kumar as modified by Brabec and Guia discloses the medium of claim 13, in addition, Siva Kumar discloses that the one or more actions are executed responsive to determining that a severity of the detected network attack satisfies a threshold (Exemplary Citations: for example, Abstract, Paragraphs 28-33, 43-50, 54, 55, 62-74, 82-93, 101-109, 114-124, 130-144, 151-160, and associated figures; top k are most severe, for example). Regarding Claim 16, Siva Kumar as modified by Brabec and Guia discloses the medium of claim 1, in addition, Siva Kumar discloses that the output includes the label to classify the new log record (Exemplary Citations: for example, Abstract, Paragraphs 28-33, 43-51, 54, 55, 62-74, 82-93, 101-109, 114-124, 130-144, 151-160, 164, and associated figures; labels, such as benign, malicious, compromised account, compromised machine, top-k, etc., as examples); Brabec discloses that the output includes the label to classify the new log record (Exemplary Citations: for example, Abstract, Paragraphs 31-33, 41-47, 51, 52, 72-78, and associated figures); and Guia discloses that the output includes the label to classify the new log record (Exemplary Citations: for example, Abstract, Sections 1, 3.2, 3.3, 4.3, and 4.5). Regarding Claim 17, Siva Kumar as modified by Brabec and Guia discloses the medium of claim 1, in addition, Siva Kumar discloses that the trained machine learning model includes at least three classification labels based on at least one of predicted likelihood that the new log record is associated with the network attack or a predicted severity of the network attack (Exemplary Citations: for example, Abstract, Paragraphs 28-33, 43-51, 54, 55, 62-74, 82-93, 101-109, 114-124, 130-144, 151-160, 164, and associated figures); and Brabec discloses that the trained machine learning model includes at least three classification labels based on at least one of predicted likelihood that the new log record is associated with the network attack or a predicted severity of the network attack (Exemplary Citations: for example, Abstract, Paragraphs 31-33, 41-47, 51, 52, 72-78, and associated figures; malicious, anomalous, benign, numerous malicious class labels, etc., as examples) Regarding Claim 18, Siva Kumar as modified by Brabec and Guia discloses the medium of claim 17, in addition, Siva Kumar discloses that the at least three classification labels include a first label for events that have an estimated value above a first threshold, a second label for events that have an estimated value above a second threshold and below the first threshold, and a third label for events that have an estimate value below a third threshold (Exemplary Citations: for example, Abstract, Paragraphs 28-33, 43-51, 54, 55, 62-74, 82-93, 101-109, 114-124, 130-144, 151-160, 164, and associated figures; top-k, less than top k (but above 0) and less than top k, for example); and Brabec discloses that the at least three classification labels include a first label for events that have an estimated value above a first threshold, a second label for events that have an estimated value above a second threshold and below the first threshold, and a third label for events that have an estimate value below a third threshold (Exemplary Citations: for example, Abstract, Paragraphs 31-33, 41-47, 51, 52, 72-78, and associated figures; probabilities for predicted labels, voting, thresholding, weighting, etc., as examples). Claims 7, 8, 24, and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Siva Kumar in view of Brabec, Guia, and Gardner (U.S. Patent 11,093,833). Regarding Claim 7, Siva Kumar as modified by Brabec and Guia discloses the medium of claim 1, in addition, Siva Kumar discloses pruning an entity based at least in part on the scores (Exemplary Citations: for example, Abstract, Paragraphs 34, 37-42, 57-61, 76-81, 95-100, 111-113, 126-129, 148-150, and associated figures; updating models, removing models, splitting data into time slots in one model, then pruning them out of these timeslots for another model, etc., as examples); But does not explicitly disclose pruning a decision tree. Gardner, however, discloses pruning the decision tree based at least in part on the scores (Exemplary Citations: for example, Column 4, lines 5-26; Column 18, lines 33-46; Column 28, line 60 to Column 29, line 30; and associated figures; pruning trees, for example). It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the machine learning model training techniques of Gardner into the lateral movement detection system of Siva Kumar as modified by Brabec and Guia in order to allow the system to better train the machine learning models, to allow for fine tuning of parameters and decision trees to give a better result, to allow for use of well-known machine learning techniques to be used, and/or to increase security in the system. Regarding Claim 24, Claim 24 is a method claim that adds the same subject matter as medium claim 7 and is rejected for the same reasons. Regarding Claim 8, Siva Kumar as modified by Brabec and Guia does not explicitly disclose adjusting at least one model hyperparameter to balance between a precision and a recall of the machine learning model. Gardner, however, discloses adjusting at least one model hyperparameter to balance between a precision and a recall of the machine learning model (Exemplary Citations: for example, Title, Abstract; Column 3, line 41 to Column 4, line 4; Column 15, lines 45-67; Column 18, lines 33-60; and associated figures; the entirety of Gardner is directed to hyperparameter tuning, as seen in the title, and this is done to create balance between a variety of parameters, including F1 scores, recall, precision, etc., for example). It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the machine learning model training techniques of Gardner into the lateral movement detection system of Siva Kumar as modified by Brabec and Guia in order to allow the system to better train the machine learning models, to allow for fine tuning of parameters and decision trees to give a better result, to allow for use of well-known machine learning techniques to be used, and/or to increase security in the system. Regarding Claim 25, Claim 25 is a method claim that corresponds to medium claim 8 and is rejected for the same reasons. Claims 9 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Siva Kumar in view of Brabec, Guia, and Grajek (U.S. Patent Application Publication 2018/0069867). Regarding Claim 9, Siva Kumar as modified by Brabec and Guia discloses the medium of claim 1, in addition, Siva Kumar discloses that the set of textual tokens include values identifying a network address and other information associated with login attempts to the account for accessing the network service (Exemplary Citations: for example, Paragraphs 29-31, 44, 64, 84, 103, 116, 129, 152, and associated figures); But does not appear to explicitly disclose that the values include language, browser, and location. Grajek, however, discloses that the set of textual tokens include values identifying a network address, language, browser, and location associated with login attempts to the account for accessing the network service (Exemplary Citations: for example, Paragraph 24 and associated figures; all of this information is included therein regarding a user’s logon session, for example). It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the authentication techniques of Grajek into the lateral movement detection system of Siva Kumar as modified by Brabec and Guia in order to take into account additional information regarding sessions, thereby resulting in a more accurate assessment, to allow for additional verifications, such as geo-velocity checks, and/or to increase security in the system. Regarding Claim 26, Claim 26 is a method claim that corresponds to medium claim 9 and is rejected for the same reasons. Claims 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Siva Kumar in view of Brabec, Guia, and Kirti (U.S. Patent Application Publication 2018/0375886). Regarding Claim 15, Siva Kumar as modified by Brabec and Guia does not explicitly disclose that the one or more actions include at least one of locking the user account, sending a user a one time password, or enabling two factor authentication. Kirti, however, discloses that the one or more actions include at least one of locking the user account, sending a user a one time password, or enabling two factor authentication (Exemplary Citations: for example, Paragraphs 51-53, 79-81, 114-117, 174-180, and associated figures; action, such as alert, remediation action, recommendation, locking account, etc., as examples). It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the remediation techniques of Kirti into the lateral movement detection of Siva Kumar as modified by Brabec and Guia in order to allow the system to take appropriate action upon detecting a malicious event/session, to allow for locking a user out of their account if they are abusing the system, to provide for numerous recommendations as well as automatic actions as necessary when a threat is detected, and/or to increase security in the system. Regarding Claim 13, Siva Kumar as modified by Brabec and Guia discloses the medium of claim 1, in addition, Siva Kumar discloses performing one or more actions to counter a detected network attack based on the output (Exemplary Citations: for example, Abstract, Paragraphs 28-33, 43-50, 54, 55, 62-74, 82-93, 101-109, 114-124, 130-144, 151-160, and associated figures; providing list of alerts, compromised accounts, compromised machines, etc., to an analyst, for example). Kirti also discloses performing one or more actions to counter a detected network attack based on the output (Exemplary Citations: for example, Paragraphs 51-53, 79-81, 114-117, 174-180, and associated figures). It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the remediation techniques of Kirti into the lateral movement detection of Siva Kumar as modified by Brabec and Guia in order to allow the system to take appropriate action upon detecting a malicious event/session, to allow for locking a user out of their account if they are abusing the system, to provide for numerous recommendations as well as automatic actions as necessary when a threat is detected, and/or to increase security in the system. Regarding Claim 14, Siva Kumar as modified by Brabec, Guia, and Kirti discloses the media of claim 13, in addition, Siva Kumar discloses that the one or more actions are executed responsive to determining that a severity of the detected network attack satisfies a threshold (Exemplary Citations: for example, Abstract, Paragraphs 28-33, 43-50, 54, 55, 62-74, 82-93, 101-109, 114-124, 130-144, 151-160, and associated figures; top k are most severe, for example); and Kirti discloses that the one or more actions are executed responsive to determining that a severity of the detected network attack satisfies a threshold (Exemplary Citations: for example, Paragraphs 8, 51-53, 79-81, 114-117, 141-146, 150-158, 174-180, 211, 212, and associated figures; actions as above based on thresholds, for example). Regarding Claim 15, Siva Kumar as modified by Brabec, Guia, and Kirti discloses the media of claim 13, in addition, Kirti discloses that the one or more actions include at least one of locking the user account, sending a user a one time password, or enabling two factor authentication (Exemplary Citations: for example, Paragraphs 8, 51-53, 79-81, 114-117, 141-146, 150-158, 174-180, 211, 212, and associated figures). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215. The examiner can normally be reached Monday through Friday 9:00-5:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Jeffrey D. Popham/Primary Examiner, Art Unit 2432
Read full office action

Prosecution Timeline

Oct 29, 2021
Application Filed
May 08, 2024
Non-Final Rejection — §103
Aug 13, 2024
Response Filed
Sep 20, 2024
Final Rejection — §103
Jan 21, 2025
Request for Continued Examination
Jan 27, 2025
Response after Non-Final Action
Feb 28, 2025
Non-Final Rejection — §103
Jun 05, 2025
Response Filed
Jan 28, 2026
Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

17/040,353
Patent 12481750
A METHOD OF PROCESSING TRANSACTIONS FROM AN UNTRUSTED SOURCE
2y 5m to grant Granted Nov 25, 2025
17/992,022
Patent 12425407
Identity And Access Management Using A Decentralized Gateway Computing System
2y 5m to grant Granted Sep 23, 2025
17/032,592
Patent 12380240
PROTECTING SENSITIVE DATA IN DOCUMENTS
2y 5m to grant Granted Aug 05, 2025
17/130,180
Patent 12326934
DETECTING SUSPICIOUS ACTIVATION OF AN APPLICATION IN A COMPUTER DEVICE
2y 5m to grant Granted Jun 10, 2025
16/544,694
Patent 12235936
SYSTEM AND METHOD FOR AUTOMATIC DIGITAL COPY FOR PHYSICAL MEDIA PURCHASE
2y 5m to grant Granted Feb 25, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

5-6
Expected OA Rounds
37%
Grant Probability
61%
With Interview (+23.8%)
4y 9m
Median Time to Grant
High
PTA Risk
Based on 469 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month