Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsDELL PRODUCTS, L.P. › 17721177
Last updated: April 19, 2026
Application No. 17/721,177

DETECT AND PREVENT SYNCHRONIZING OF A CORRUPTED FILE

Non-Final OA §103
Filed
Apr 14, 2022
Examiner
MAI, KEVIN S
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
DELL PRODUCTS, L.P.
OA Round
4 (Non-Final)
29%
Grant Probability
At Risk
4-5
OA Rounds
5y 3m
To Grant
55%
With Interview

Interview Optional

+25.5% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 428 resolved cases, 2023–2026

Examiner Intelligence

MAI, KEVIN S View full profile →
Grants only 29% of cases
29%
Career Allow Rate
125 granted / 428 resolved
-28.8% vs TC avg
Strong +26% interview lift
Without
With
+25.5%
Interview Lift
resolved cases with interview
Typical timeline
5y 3m
Avg Prosecution
39 currently pending
Career history
467
Total Applications
across all art units

Statute-Specific Performance

§101
16.5%
-23.5% vs TC avg
§103
52.5%
+12.5% vs TC avg
§102
7.4%
-32.6% vs TC avg
§112
21.8%
-18.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 428 resolved cases

Office Action

§103
DETAILED ACTION This Office Action has been issued in response to Applicant's Arguments filed November 25, 2025. Claims 1-20 have been examined and are pending. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments filed November 25, 2025 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of US Pub. No. 2020/0042707. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. 2020/0042707 to Kucherov (hereinafter “Kucherov”) and further in view of US Pub. No. 2023/0153438 to Bhagi et al. (hereinafter “Bhagi”). As to Claim 1, Kucherov discloses a method, comprising: monitoring, using a cloud storage service executing via cloud storage equipment comprising a processor during at least one first data reduction operation performed with respect to a cloud-based computing storage resource associated with the cloud storage equipment, a characteristic parameter of the cloud-based computing storage resource (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility. Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot); generating, during the at least one first data reduction operation, a first characteristic parameter metric based on the monitoring of the characteristic parameter (Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot); comparing the characteristic parameter metric to a defined normal characteristic criterion, wherein the defined normal characteristic criterion is based on at least one second data reduction operation performed with respect to the cloud-based computing storage resource, and wherein the at least one second data reduction operation is performed before the at least one first data reduction operation (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility. Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot); and responsive to determining that the characteristic parameter metric does not satisfy the defined normal characteristic criterion, causing a [corrective] action to be performed (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility). Kucherov does not explicitly disclose a corrective action. However, Bhagi discloses this. Paragraph [0265] of Bhagi discloses after being invoked or instantiated by the entropy driver 304, the volume driver 306 revokes and/or restricts permissions for data volumes that have been affected by the possible ransomware and/or malware. It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the ransomware detecting system as disclosed by Kucherov, with performing corrective actions as disclosed by Bhagi. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Kucherov and Bhagi are directed toward ransomware detecting systems and as such it would be obvious to use the techniques of one in the other. Kucherov would be improved by enabling the system to fix the detected ransomware activity. As to Claim 2, Kucherov-Bhagi discloses the method of claim 1, wherein the cloud-based computing resource comprises storage to store one or more storage units and to share and synchronize the one or more storage units between remote computing devices that are communicatively coupled with the cloud-based computing resource (Paragraph [0014] of Bhagi discloses technique for synchronizing primary data to a destination such as a failover site using a secondary copy). Examiner recites the same rationale to combine used for claim 1. As to Claim 3, Kucherov-Bhagi discloses the method of claim 2, wherein the corrective action comprises blocking access, by the cloud storage service, to the cloud-based computing resource of one of the remote computing devices that provided a most recent update of a storage unit associated with the characteristic parameter metric that does not satisfy the defined normal characteristic criterion (Paragraph [0265] of Bhagi discloses after being invoked or instantiated by the entropy driver 304, the volume driver 306 revokes and/or restricts permissions for data volumes that have been affected by the possible ransomware and/or malware). Examiner recites the same rationale to combine used for claim 1. As to Claim 4, Kucherov-Bhagi discloses the method of claim 1, wherein the corrective action comprises reverting a storage unit associated with the characteristic parameter metric that does not satisfy the defined normal characteristic criterion to a previous version of the storage unit and synchronizing the previous version to remote computing devices that are communicatively coupled with the cloud- based computing resource (Paragraph [0304] of Bhagi discloses the selected file (e.g., a most recent secondary copy or another selected secondary copy) is then restored to primary storage (e.g., primary storage of the client computing device 102 or another device) from the secondary storage device 108 and/or the secure cloud storage 310. Paragraph [0238] of Bhagi discloses the destination site 203 can later be reverse synchronized back to the production site 201, such as after repairs have been implemented or after the failure has passed). Examiner recites the same rationale to combine used for claim 1. As to Claim 5, Kucherov-Bhagi discloses the method of claim 1 wherein the characteristic parameter monitored by the cloud service comprises a data reduction parameter applicable to data reduction (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility). As to Claim 6, Kucherov-Bhagi discloses the method of claim 5, wherein the characteristic parameter metric comprises a percentage data reduction corresponding to a storage unit with respect to which at least some of the at least one first data reduction operation was performed (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility. Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot). As to Claim 7, Kucherov-Bhagi discloses the method of claim 6, wherein the storage unit comprises a folder (Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot). As to Claim 8, Kucherov discloses a system, comprising: a processor of a cloud storage computing system configured to execute a cloud storage service, the processor configured to: generate a first characteristic parameter metric based on monitoring a characteristic parameter of a cloud-based computing storage resource during a first monitoring period (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility. Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot); based on an evaluation of the first characteristic parameter metric with respect to a normal characteristic criterion, determine that the first characteristic parameter metric does not satisfy the normal characteristic criterion (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility. Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot); and responsive to the first characteristic parameter metric being determined not to satisfy the normal characteristic criterion, initiating a [corrective] action (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility), wherein the first characteristic parameter metric comprises a first number of storage units, stored by the cloud-based computing storage resource, that are uncompressible during the first monitoring period, wherein the normal characteristic criterion corresponds to a second number of storage units, stored by the cloud based computing storage resource, that were uncompressible during a second monitoring period, and wherein the second monitoring period occurs before the first monitoring period (Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot). Kucherov does not explicitly disclose a corrective action. However, Bhagi discloses this. Paragraph [0265] of Bhagi discloses after being invoked or instantiated by the entropy driver 304, the volume driver 306 revokes and/or restricts permissions for data volumes that have been affected by the possible ransomware and/or malware. Examiner recites the same rationale to combine used for claim 1. As to Claim 9, Kucherov-Bhagi discloses the system of claim 8, wherein the cloud-based computing storage resource comprises storage to store one or more storage units, and to synchronize the one or more storage units between remote computing devices that are communicatively coupled with the cloud-based computing resource (Paragraph [0014] of Bhagi discloses technique for synchronizing primary data to a destination such as a failover site using a secondary copy). Examiner recites the same rationale to combine used for claim 1. As to Claim 10, Kucherov-Bhagi discloses the system of claim 9, wherein the corrective action comprises blocking access to the cloud-based computing storage resource of one of the remote computing devices that provided a most recent update of a storage unit, of the one or more storage units and associated with the characteristic parameter metric, that does not satisfy the normal characteristic criterion (Paragraph [0265] of Bhagi discloses after being invoked or instantiated by the entropy driver 304, the volume driver 306 revokes and/or restricts permissions for data volumes that have been affected by the possible ransomware and/or malware). Examiner recites the same rationale to combine used for claim 1. As to Claim 11, Kucherov-Bhagi discloses the system of claim 8, wherein the corrective action comprises reverting a storage unit associated with the characteristic parameter metric that does not satisfy the normal characteristic criterion to a previous version of the storage unit and synchronizing the previous version to remote computing devices that are communicatively coupled with the cloud-based computing resource (Paragraph [0304] of Bhagi discloses the selected file (e.g., a most recent secondary copy or another selected secondary copy) is then restored to primary storage (e.g., primary storage of the client computing device 102 or another device) from the secondary storage device 108 and/or the secure cloud storage 310. Paragraph [0238] of Bhagi discloses the destination site 203 can later be reverse synchronized back to the production site 201, such as after repairs have been implemented or after the failure has passed). Examiner recites the same rationale to combine used for claim 1. As to Claim 12, Kucherov-Bhagi discloses the system of claim 8 wherein the characteristic parameter monitored by the cloud service comprises a parameter relating to data reduction (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility). As to Claim 13, Kucherov-Bhagi discloses the system of claim 12, wherein the characteristic parameter metric comprises a percentage data reduction corresponding to a storage unit on which at least some of the data reduction was performed (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility. Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot) As to Claim 14, Kucherov discloses a non-transitory machine-readable medium, comprising executable instructions that, when executed by a processor, facilitate performance of operations, comprising: monitoring, with a cloud storage service with respect to a first data reduction operation, a data reduction parameter of a volume corresponding to a cloud-based storage equipment (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility. Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot); generating a first data reduction metric based on the monitoring of the data reduction parameter with respect to the first data reduction operation (Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot); comparing the first data reduction parameter metric to a defined normal data reduction criterion, wherein the defined normal data reduction criterion is based on a second data reduction operation performed with respect to the volume corresponding to the cloud-based storage equipment, and wherein the second data reduction operation is performed before the first data reduction operation determining that the first data reduction metric does not satisfy the defined normal data reduction criterion (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility. Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot); and responsive to the determining that the first data reduction metric does not satisfy the defined normal data reduction criterion, facilitating a [corrective] action being performed in order to modify the data reduction metric to satisfy the defined normal data reduction criterion (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility), wherein the first data reduction parameter metric corresponds to a first number of storage units, stored by the volume corresponding to the cloud-based storage equipment, that are uncompressible during the first data reduction operation, and wherein the defined normal characteristic criterion corresponds to a second number of storage units, stored by the cloud-based storage equipment, that were uncompressible during the second data reduction operation (Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot). Kucherov does not explicitly disclose a corrective action. However, Bhagi discloses this. Paragraph [0265] of Bhagi discloses after being invoked or instantiated by the entropy driver 304, the volume driver 306 revokes and/or restricts permissions for data volumes that have been affected by the possible ransomware and/or malware. Examiner recites the same rationale to combine used for claim 1. As to Claim 15, Kucherov-Bhagi discloses the non-transitory machine-readable medium of claim 14, wherein the volume corresponding to the cloud- based storage equipment is configured to store, share, and synchronize one or more files between remote computing devices that are communicatively coupled with the cloud-based storage equipment (Paragraph [0014] of Bhagi discloses technique for synchronizing primary data to a destination such as a failover site using a secondary copy). Examiner recites the same rationale to combine used for claim 1. As to Claim 16, Kucherov-Bhagi discloses the non-transitory machine-readable medium of claim 15, wherein the corrective action comprises blocking access by the cloud storage service to the volume corresponding to the cloud-based storage equipment of one of the remote computing devices that provided a most recent update of a file associated with the characteristic parameter metric that does not satisfy the defined normal characteristic criterion (Paragraph [0265] of Bhagi discloses after being invoked or instantiated by the entropy driver 304, the volume driver 306 revokes and/or restricts permissions for data volumes that have been affected by the possible ransomware and/or malware). Examiner recites the same rationale to combine used for claim 1. As to Claim 17, Kucherov-Bhagi discloses the non-transitory machine-readable medium of claim 14, wherein the facilitating of the corrective action comprises reverting a file associated with the characteristic parameter metric that does not satisfy the defined normal characteristic criterion to a previous version of the file and synchronizing the previous version to remote computing devices that are communicatively coupled with the volume corresponding to the cloud-based storage equipment (Paragraph [0304] of Bhagi discloses the selected file (e.g., a most recent secondary copy or another selected secondary copy) is then restored to primary storage (e.g., primary storage of the client computing device 102 or another device) from the secondary storage device 108 and/or the secure cloud storage 310. Paragraph [0238] of Bhagi discloses the destination site 203 can later be reverse synchronized back to the production site 201, such as after repairs have been implemented or after the failure has passed). Examiner recites the same rationale to combine used for claim 1. As to Claim 18, Kucherov-Bhagi discloses the non-transitory machine-readable medium of claim 14, wherein the data reduction metric comprises a percentage of data reduction corresponding to a folder with respect to which a data reduction operation was performed (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility. Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot). As to Claim 19, Kucherov-Bhagi discloses the non-transitory machine-readable medium of claim 14, wherein the data reduction metric comprises a percentage of data reduction corresponding to the volume (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility. Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot). As to Claim 20, Kucherov-Bhagi discloses the non-transitory machine-readable medium of claim 14, wherein the defined normal data reduction criterion is based on the second data reduction being performed with respect to a folder based on the folder and contents of the folder being determined not to have been encrypted by a ransomware attack (Paragraph [0010] of Kucherov discloses generating an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions comprises determining that the monitored differential satisfies the one or more specified conditions, determining compressibility of at least a portion of the storage volume, and generating the alert responsive to the monitored differential satisfying the one or more specified conditions and the compressibility of the storage volume being below a specified level of compressibility. Paragraph [0008] of Kucherov discloses comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. For example, the specified minimum amount of change in the storage volume is illustratively specified in terms of at least one of a minimum number of storage units of the storage volume that have changed since generation of the given snapshot, and a minimum percentage of the storage volume that has changed since generation of the given snapshot). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin S Mai whose telephone number is (571)270-5001. The examiner can normally be reached Monday to Friday 9AM to 5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KEVIN S MAI/Primary Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

Apr 14, 2022
Application Filed
Jan 27, 2024
Non-Final Rejection — §103
Apr 05, 2024
Examiner Interview Summary
Apr 05, 2024
Applicant Interview (Telephonic)
Apr 30, 2024
Response Filed
Jun 10, 2024
Final Rejection — §103
Aug 06, 2024
Examiner Interview Summary
Aug 06, 2024
Applicant Interview (Telephonic)
Aug 13, 2024
Response after Non-Final Action
Sep 13, 2024
Request for Continued Examination
Sep 17, 2024
Response after Non-Final Action
Aug 22, 2025
Non-Final Rejection — §103
Nov 21, 2025
Applicant Interview (Telephonic)
Nov 21, 2025
Examiner Interview Summary
Nov 25, 2025
Response Filed
Mar 16, 2026
Non-Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

17/235,960
Patent 12506731
Conference Data Sharing Method and Conference Data Sharing System Capable of Communicating with Remote Conference Members
2y 5m to grant Granted Dec 23, 2025
17/455,634
Patent 12413610
ASSESSING SECURITY OF SERVICE PROVIDER COMPUTING SYSTEMS
2y 5m to grant Granted Sep 09, 2025
17/747,647
Patent 12406064
PRE-BOOT CONTEXT-BASED SECURITY MITIGATION
2y 5m to grant Granted Sep 02, 2025
17/731,747
Patent 12363200
PROVIDING EVENT STREAMS AND ANALYTICS FOR ACTIVITY ON WEB SITES
2y 5m to grant Granted Jul 15, 2025
18/143,686
Patent 12204570
SYSTEM AND METHOD FOR PROVIDING MESSAGE CONTENT BASED ROUTING
2y 5m to grant Granted Jan 21, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

4-5
Expected OA Rounds
29%
Grant Probability
55%
With Interview (+25.5%)
5y 3m
Median Time to Grant
High
PTA Risk
Based on 428 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month