Prosecution Insights
Last updated: July 17, 2026
Application No. 18/071,299

SYSTEMS, METHODS, AND APPARATUSES FOR DYNAMICALLY DETERMINING SOFTWARE APPLICATION COVERAGE IN AN ELECTRONIC NETWORK

Final Rejection §103
Filed
Nov 29, 2022
Examiner
SHAUGHNESSY, AIDAN EDWARD
Art Unit
2432
Tech Center
2400 — Computer Networks
Assignee
Bank of America Corporation
OA Round
4 (Final)
23%
Grant Probability
At Risk
5-6
OA Rounds
0m
Est. Remaining
36%
With Interview

Examiner Intelligence

Grants only 23% of cases
23%
Career Allowance Rate
3 granted / 13 resolved
-34.9% vs TC avg
Moderate +13% lift
Without
With
+13.3%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
26 currently pending
Career history
58
Total Applications
across all art units

Statute-Specific Performance

§101
1.0%
-39.0% vs TC avg
§103
92.3%
+52.3% vs TC avg
§102
6.2%
-33.8% vs TC avg
§112
0.5%
-39.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 13 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendments / Arguments Regarding the rejection(s) of claims under 35 USC 103: Applicant’s arguments, filed 03/27/2026, in view of the amended claims, have been fully considered and are persuasive. Therefore the rejection has been withdrawn, however the rejection is further upheld in view of Rafferty et al. (US 20220148001 A1, referred to as Rafferty) DETAILED ACTION This is a reply to the arguments filed on 03/27/2026, in which, claims 1, 3-8, 10-15, 17-21 are pending. Claims 1, 8, and 15 are independent. 2, 9, and 16 are cancelled. When making claim amendments, the applicant is encouraged to consider the references in their entireties, including those portions that have not been cited by the examiner and their equivalents as they may most broadly and appropriately apply to any particular anticipated claim amendments. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 3-6, 8, 10-13, 15, and 17-21 are rejected under 35 U.S.C. 103 as being unpatentable over Inagaki et al. (US 20210374250 A1, referred to as Inagaki), in view of Rafferty et al. (US 20220148001 A1, referred to as Rafferty) in further view of Shakarian et al. (US 20200356675 A1, referred to as Shakarian). In reference to claim 1, A system for dynamically determining software application coverage, the system comprising: a memory device with computer-readable program code stored thereon; at least one processing device operatively coupled to the at least one memory device and the at least one communication device (Inagaki: [0011], [0047]-[0049] and [0057] Provides for components including memory, processor, and stored instructions.) Receive a plurality of application identifiers in an electronic network, wherein at least one application identifier of the plurality of application identifiers is associated with at least one of a software application or a component in the electronic network (Inagaki: [0025]-[0028] Provides for receiving application data and network resource identifiers.) Determine a potential vulnerability associated with the plurality of application identifiers (Inagaki: [0003]-[0007] and [0022] Provides for determining vulnerabilities of network systems and applications.) Generate a coverage score associated with each application identifier of the plurality of application identifiers, wherein the coverage score comprises an ability of at least one of the software application or the component to manage the potential vulnerability; (Inagaki: [0037]-[0038] and [0041]-[0042] Provides for generating scores for applications based on their risk and vulnerability management capabilities.) Generate a coverage ranking of the plurality of application identifiers, wherein the coverage ranking is based on the coverage score associated with each application identifier of the plurality of application identifiers (Inagaki: [0039]-[0043] Provides for generating rankings based on calculated scores.) Identify, at a time after the storage of the coverage ranking to the coverage ranking database, a vulnerability within the electronic network (Inagaki: [0028] and [0034] Provides for ongoing, temporal vulnerability identification operations that occur after initial data storage.) Determine the vulnerability matches the potential vulnerability (Inagaki: [0032] Provides for determining that identified vulnerabilities match stored potential vulnerabilities.) Access, based on the determination the current vulnerability matches the potential vulnerability, the coverage ranking of the plurality of application identifiers specific to the potential vulnerability (Inagaki: [0032]-[0034] Provides for accessing rankings/scores to determine remediation priorities.) Generate a coverage ranking interface component comprising the coverage ranking and Transmit the coverage ranking interface to a user device associated with the electronic network to configure a graphical user interface of the user device(Inagaki: [0031]-[0032] and [0044] Provides for generation and transmission of ranking interfaces to user devices.) Receive, from the user device, at least one specified application identifier to manage the vulnerability (Inagaki: [0032]-[0034] Provides for user input for remediation actions.) Automatically apply, in response to the receipt of the at least one specified application identifier to manage the vulnerability, the application or component associated with the at least one specified application identifier to the vulnerability (Inagaki: [0032]-[0034] Provides for user input through the interface and automatically applies selected remediation solutions.) Although Inagaki teaches storing data in databases, though doesn't explicitly mention storing rankings, but it's implied since the rankings are part of the system's data ([0028]-[0031]). Inagaki doesn’t explicitly teach store the coverage ranking of the plurality of application identifiers in a coverage ranking database, wherein the coverage ranking of the plurality of application identifiers is based on the potential vulnerability. However, Rafferty discloses: Store the coverage ranking of the plurality of application identifiers in a coverage ranking database, wherein the coverage ranking of the plurality of application identifiers is based on the potential vulnerability (Rafferty: [0020], [0037] and [0049] Provides for a stored, vulnerability-keyed database (patch lookup table) holding the ranked items per vulnerability.) by storing, for each potential vulnerability, a high ranked application identifiers subset of the plurality of application identifiers that orders the plurality of application identifiers comprising a plurality of highest coverage rankings for the potential vulnerability (Rafferty: [0020], [0037] and [0049] Provides for the "top M highest ranking" subset construct per vulnerability.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Inagaki, which provides a system for assessing application vulnerabilities and generating coverage scores and rankings, with the teachings of Rafferty, which introduces storing coverage rankings in a database based on potential vulnerabilities. One of ordinary skill in the art would recognize the ability to incorporate persistent storage of coverage rankings into the vulnerability assessment system. One of ordinary skill in the art would be motivated to make this modification in order to accurately assess application vulnerability coverage, efficiently determine software/component responses, dynamically update coverage rankings, and reduce manual assessment effort. Inagaki in view of Rafferty does not explicitly teach that the coverage score comprises a combination of vulnerability scanning score, a publishing score, and a source score. However, Shakarian discloses: Wherein the coverage score comprises a combination of vulnerability scanning score, a publishing score, and a source score (Shakarian: [0069]-[0079] Provides for combines multiple types of scores including CVSS (vulnerability scanning), publication features, and source-specific scores from different databases.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Inagaki in view of Rafferty, which together provide a system for assessing application vulnerabilities, generating coverage scores and rankings, and storing these rankings in a database, with the teachings of Shakarian, which introduces a composite scoring methodology that combines vulnerability scanning scores, publishing scores, and source scores. One of ordinary skill in the art would recognize the ability to incorporate Shakarian's multi-dimensional scoring approach into the combined vulnerability assessment system to provide more comprehensive and nuanced coverage evaluations. One of ordinary skill in the art would be motivated to make this modification in order to improve the accuracy of vulnerability coverage assessments by considering multiple independent factors. In reference to claim 3, The system of claim 1, wherein the processing device is further configured to determine, based on the coverage ranking of the plurality of application identifiers, a high ranked application identifier subset, wherein the high ranked application identifier subset comprises at least one application identifier comprising an ability to overcome the potential vulnerability (Inagaki: [0031]-[0032], [0039]-[0040], [0041] and [0044] Provides for creating ranked subsets of vulnerabilities based on priority, identifying applications and infrastructure with different risk levels, determining which vulnerabilities need immediate attention vs lower priority and the capability to compare and rank applications based on their vulnerability management ability.) In reference to claim 4, The system of claim 3, wherein the processing device is further configured to: generate, based on the high ranked application identifier subset, a coverage ranking interface component, wherein the coverage ranking interface component comprises the high ranked application identifier subset (Inagaki: [0032] and [0044]-[0045] Provides for generating a visualization interface showing rankings and prioritized vulnerabilities, with specific components for displaying different aspects of the ranking data.) Transmit the coverage ranking interface component to a user device associated with the electronic network to configure a graphical user interface of the user device (Inagaki: [0024]-[0025] and [0058]-[0059] Provides for network communications and user interface implementations.) In reference to claim 5, The system of claim 1, wherein the potential vulnerability is based on at least one of a common data environment list or a common weakness enumeration list (Inagaki: [0004]-[0007] and [0035] Provides for the use of standardized, common vulnerability assessment frameworks and industry standards.) In reference to claim 6, The system of claim 1, wherein the potential vulnerability is an attack (Inagaki: [0003]-[0007] and [0035] Explicitly identifies attacks as a form of vulnerability and discusses various aspects of attack-based vulnerabilities.) In reference to claim 8, A computer program product for dynamically determining software application coverage, wherein the computer program product comprises at least one non-transitory computer-readable medium having computer-readable program code portions embodied therein (Inagaki: [0011], [0047]-[0049] and [0057] Provides for components including memory, processor, and stored instructions.) Receive a plurality of application identifiers in an electronic network, wherein at least one application identifier of the plurality of application identifiers is associated with at least one of a software application or a component in the electronic network (Inagaki: [0025]-[0028] Provides for receiving application data and network resource identifiers.) Determine a potential vulnerability associated with the plurality of application identifiers (Inagaki: [0003]-[0007] and [0022] Provides for determining vulnerabilities of network systems and applications.) Generate a coverage score associated with each application identifier of the plurality of application identifiers, wherein the coverage score comprises an ability of at least one of the software application or the component to manage the potential vulnerability; (Inagaki: [0037]-[0038] and [0041]-[0042] Provides for generating scores for applications based on their risk and vulnerability management capabilities.) Generate a coverage ranking of the plurality of application identifiers, wherein the coverage ranking is based on the coverage score associated with each application identifier of the plurality of application identifiers (Inagaki: [0039]-[0043] Provides for generating rankings based on calculated scores.) Identify, at a time after the storage of the coverage ranking to the coverage ranking database, a vulnerability within the electronic network (Inagaki: [0028] and [0034] Provides for ongoing, temporal vulnerability identification operations that occur after initial data storage.) Determine the vulnerability matches the potential vulnerability (Inagaki: [0032] Provides for determining that identified vulnerabilities match stored potential vulnerabilities.) Access, based on the determination the current vulnerability matches the potential vulnerability, the coverage ranking of the plurality of application identifiers specific to the potential vulnerability (Inagaki: [0032]-[0034] Provides for accessing rankings/scores to determine remediation priorities.) Generate a coverage ranking interface component comprising the coverage ranking and Transmit the coverage ranking interface to a user device associated with the electronic network to configure a graphical user interface of the user device(Inagaki: [0031]-[0032] and [0044] Provides for generation and transmission of ranking interfaces to user devices.) Receive, from the user device, at least one specified application identifier to manage the vulnerability (Inagaki: [0032]-[0034] Provides for user input for remediation actions.) Automatically apply, in response to the receipt of the at least one specified application identifier to manage the vulnerability, the application or component associated with the at least one specified application identifier to the vulnerability (Inagaki: [0032]-[0034] Provides for user input through the interface and automatically applies selected remediation solutions.) Although Inagaki teaches storing data in databases, though doesn't explicitly mention storing rankings, but it's implied since the rankings are part of the system's data ([0028]-[0031]). Inagaki doesn’t explicitly teach store the coverage ranking of the plurality of application identifiers in a coverage ranking database, wherein the coverage ranking of the plurality of application identifiers is based on the potential vulnerability. However, Rafferty discloses: Store the coverage ranking of the plurality of application identifiers in a coverage ranking database, wherein the coverage ranking of the plurality of application identifiers is based on the potential vulnerability (Rafferty: [0020], [0037] and [0049] Provides for a stored, vulnerability-keyed database (patch lookup table) holding the ranked items per vulnerability.) by storing, for each potential vulnerability, a high ranked application identifiers subset of the plurality of application identifiers that orders the plurality of application identifiers comprising a plurality of highest coverage rankings for the potential vulnerability (Rafferty: [0020], [0037] and [0049] Provides for the "top M highest ranking" subset construct per vulnerability.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Inagaki, which provides a system for assessing application vulnerabilities and generating coverage scores and rankings, with the teachings of Rafferty, which introduces storing coverage rankings in a database based on potential vulnerabilities. One of ordinary skill in the art would recognize the ability to incorporate persistent storage of coverage rankings into the vulnerability assessment system. One of ordinary skill in the art would be motivated to make this modification in order to accurately assess application vulnerability coverage, efficiently determine software/component responses, dynamically update coverage rankings, and reduce manual assessment effort. Inagaki in view of Rafferty does not explicitly teach that the coverage score comprises a combination of vulnerability scanning score, a publishing score, and a source score. However, Shakarian discloses: Wherein the coverage score comprises a combination of vulnerability scanning score, a publishing score, and a source score (Shakarian: [0069]-[0079] Provides for combines multiple types of scores including CVSS (vulnerability scanning), publication features, and source-specific scores from different databases.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Inagaki in view of Rafferty, which together provide a system for assessing application vulnerabilities, generating coverage scores and rankings, and storing these rankings in a database, with the teachings of Shakarian, which introduces a composite scoring methodology that combines vulnerability scanning scores, publishing scores, and source scores. One of ordinary skill in the art would recognize the ability to incorporate Shakarian's multi-dimensional scoring approach into the combined vulnerability assessment system to provide more comprehensive and nuanced coverage evaluations. One of ordinary skill in the art would be motivated to make this modification in order to improve the accuracy of vulnerability coverage assessments by considering multiple independent factors. In reference to claim 10, The computer program product of claim 8, wherein the processing device is further configured to cause the processor to determine, based on the coverage ranking of the plurality of application identifiers, a high ranked application identifier subset, wherein the high ranked application identifier subset comprises at least one application identifier comprising an ability to overcome the potential vulnerability (Inagaki: [0031]-[0032], [0039]-[0040], [0041] and [0044] Provides for creating ranked subsets of vulnerabilities based on priority, identifying applications and infrastructure with different risk levels, determining which vulnerabilities need immediate attention vs lower priority and the capability to compare and rank applications based on their vulnerability management ability.) In reference to claim 11, The computer program product of claim 10, wherein the processing device is further configured to cause the processor to: generate, based on the high ranked application identifier subset, a coverage ranking interface component, wherein the coverage ranking interface component comprises the high ranked application identifier subset (Inagaki: [0032] and [0044]-[0045] Provides for generating a visualization interface showing rankings and prioritized vulnerabilities, with specific components for displaying different aspects of the ranking data.) Transmit the coverage ranking interface component to a user device associated with the electronic network to configure a graphical user interface of the user device (Inagaki: [0024]-[0025] and [0058]-[0059] Provides for network communications and user interface implementations.) In reference to claim 12, The computer program product of claim 8, wherein the potential vulnerability is based on at least one of a common data environment list or a common weakness enumeration list (Inagaki: [0004]-[0007] and [0035] Provides for the use of standardized, common vulnerability assessment frameworks and industry standards.) In reference to claim 13, The computer program product of claim 8, wherein the potential vulnerability is an attack (Inagaki: [0003]-[0007] and [0035] Explicitly identifies attacks as a form of vulnerability and discusses various aspects of attack-based vulnerabilities.) In reference to claim 15, A computer-implemented method for dynamically determining software application coverage (Inagaki: [0011], [0047]-[0049] and [0057] Provides for components including memory, processor, and stored instructions.) Receiving a plurality of application identifiers in an electronic network, wherein at least one application identifier of the plurality of application identifiers is associated with at least one of a software application or a component in the electronic network (Inagaki: [0025]-[0028] Provides for receiving application data and network resource identifiers.) Determining a potential vulnerability associated with the plurality of application identifiers (Inagaki: [0003]-[0007] and [0022] Provides for determining vulnerabilities of network systems and applications.) Generating a coverage score associated with each application identifier of the plurality of application identifiers, wherein the coverage score comprises an ability of at least one of the software application or the component to manage the potential vulnerability; (Inagaki: [0037]-[0038] and [0041]-[0042] Provides for generating scores for applications based on their risk and vulnerability management capabilities.) Generating a coverage ranking of the plurality of application identifiers, wherein the coverage ranking is based on the coverage score associated with each application identifier of the plurality of application identifiers (Inagaki: [0039]-[0043] Provides for generating rankings based on calculated scores.) Identify, at a time after the storage of the coverage ranking to the coverage ranking database, a vulnerability within the electronic network (Inagaki: [0028] and [0034] Provides for ongoing, temporal vulnerability identification operations that occur after initial data storage.) Determine the vulnerability matches the potential vulnerability (Inagaki: [0032] Provides for determining that identified vulnerabilities match stored potential vulnerabilities.) Access, based on the determination the current vulnerability matches the potential vulnerability, the coverage ranking of the plurality of application identifiers specific to the potential vulnerability (Inagaki: [0032]-[0034] Provides for accessing rankings/scores to determine remediation priorities.) Generate a coverage ranking interface component comprising the coverage ranking and Transmit the coverage ranking interface to a user device associated with the electronic network to configure a graphical user interface of the user device(Inagaki: [0031]-[0032] and [0044] Provides for generation and transmission of ranking interfaces to user devices.) Receive, from the user device, at least one specified application identifier to manage the vulnerability (Inagaki: [0032]-[0034] Provides for user input for remediation actions.) Automatically apply, in response to the receipt of the at least one specified application identifier to manage the vulnerability, the application or component associated with the at least one specified application identifier to the vulnerability (Inagaki: [0032]-[0034] Provides for user input through the interface and automatically applies selected remediation solutions.) Although Inagaki teaches storing data in databases, though doesn't explicitly mention storing rankings, but it's implied since the rankings are part of the system's data ([0028]-[0031]). Inagaki doesn’t explicitly teach store the coverage ranking of the plurality of application identifiers in a coverage ranking database, wherein the coverage ranking of the plurality of application identifiers is based on the potential vulnerability. However, Rafferty discloses: Store the coverage ranking of the plurality of application identifiers in a coverage ranking database, wherein the coverage ranking of the plurality of application identifiers is based on the potential vulnerability (Rafferty: [0020], [0037] and [0049] Provides for a stored, vulnerability-keyed database (patch lookup table) holding the ranked items per vulnerability.) by storing, for each potential vulnerability, a high ranked application identifiers subset of the plurality of application identifiers that orders the plurality of application identifiers comprising a plurality of highest coverage rankings for the potential vulnerability (Rafferty: [0020], [0037] and [0049] Provides for the "top M highest ranking" subset construct per vulnerability.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Inagaki, which provides a system for assessing application vulnerabilities and generating coverage scores and rankings, with the teachings of Rafferty, which introduces storing coverage rankings in a database based on potential vulnerabilities. One of ordinary skill in the art would recognize the ability to incorporate persistent storage of coverage rankings into the vulnerability assessment system. One of ordinary skill in the art would be motivated to make this modification in order to accurately assess application vulnerability coverage, efficiently determine software/component responses, dynamically update coverage rankings, and reduce manual assessment effort. Inagaki in view of Rafferty does not explicitly teach that the coverage score comprises a combination of vulnerability scanning score, a publishing score, and a source score. However, Shakarian discloses: Wherein the coverage score comprises a combination of vulnerability scanning score, a publishing score, and a source score (Shakarian: [0069]-[0079] Provides for combines multiple types of scores including CVSS (vulnerability scanning), publication features, and source-specific scores from different databases.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Inagaki in view of Rafferty, which together provide a system for assessing application vulnerabilities, generating coverage scores and rankings, and storing these rankings in a database, with the teachings of Shakarian, which introduces a composite scoring methodology that combines vulnerability scanning scores, publishing scores, and source scores. One of ordinary skill in the art would recognize the ability to incorporate Shakarian's multi-dimensional scoring approach into the combined vulnerability assessment system to provide more comprehensive and nuanced coverage evaluations. One of ordinary skill in the art would be motivated to make this modification in order to improve the accuracy of vulnerability coverage assessments by considering multiple independent factors. In reference to claim 17, The computer-implemented method of claim 15, wherein the computer-implemented method further comprises determining, based on the coverage ranking of the plurality of application identifiers, a high ranked application identifier subset, wherein the high ranked application identifier subset comprises at least one application identifier comprising an ability to overcome the potential vulnerability (Inagaki: [0031]-[0032], [0039]-[0040], [0041] and [0044] Provides for creating ranked subsets of vulnerabilities based on priority, identifying applications and infrastructure with different risk levels, determining which vulnerabilities need immediate attention vs lower priority and the capability to compare and rank applications based on their vulnerability management ability.) In reference to claim 18, The computer-implemented method of claim 17, wherein the computer-implemented method further comprises: generating, based on the high ranked application identifier subset, a coverage ranking interface component, wherein the coverage ranking interface component comprises the high ranked application identifier subset (Inagaki: [0032] and [0044]-[0045] Provides for generating a visualization interface showing rankings and prioritized vulnerabilities, with specific components for displaying different aspects of the ranking data.) Transmitting the coverage ranking interface component to a user device associated with the electronic network to configure a graphical user interface of the user device (Inagaki: [0024]-[0025] and [0058]-[0059] Provides for network communications and user interface implementations.) In reference to claim 19, The computer-implemented method of claim 15, wherein the potential vulnerability is based on at least one of a common data environment list or a common weakness enumeration list (Inagaki: [0004]-[0007] and [0035] Provides for the use of standardized, common vulnerability assessment frameworks and industry standards.) In reference to claim 20, The computer-implemented method of claim 15, wherein the potential vulnerability is an attack (Inagaki: [0003]-[0007] and [0035] Explicitly identifies attacks as a form of vulnerability and discusses various aspects of attack-based vulnerabilities.) In reference to claim 21, the system of claim 1, wherein the coverage score is generated based on an even weighting of the vulnerability scanning score, a publishing score, and a source score (Shakarian: [0069]-[0079] Provides for combining multiple types of scores including CVSS (vulnerability scanning) publication features, and source-specific scores from different databases.) Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Inagaki et al. (US 20210374250 A1, referred to as Inagaki), in view of Rafferty et al. (US 20220148001 A1, referred to as Rafferty) in further view of Shakarian et al. (US 20200356675 A1, referred to as Shakarian) in further view of Niedzwiedz et al. (US 11328068 B1, referred to as Niedzwiedz.) In reference to claim 7, The system of claim 1, wherein the processing device is further configured to: generate the potential vulnerability, wherein the potential vulnerability is a simulated attack on at least one software application or the component associated with each application identifier of the plurality of application identifiers (Niedzwiedz: Col. 8 Lines 15-45 Provides for simulating potential attacks/exploits on applications.) Receive a simulated response from the at least one software application or the component associated with each application identifier, wherein the simulated response from the at least one software application or the component is a response based on the simulated attack (Niedzwiedz: Col. 10 Lines 39 - 58 Provides for receiving simulated application responses through impact measurements.) Generate the coverage ranking of the plurality of application identifiers based on the simulated response from the at least one software application or the component associated with each application identifier (Niedzwiedz: Col. 12 Line 39 - Col. 13 Line 4 Provides for generating scores based on simulation results.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Inagaki in view of Rafferty and Shakarian, which together provide a system for assessing application vulnerabilities, generating composite coverage scores combining vulnerability scanning, publishing, and source scores, and storing rankings in a vulnerability-keyed database, with the teachings of Niedzwiedz, which introduces generating potential vulnerabilities through simulated attacks, receiving simulated responses from applications, and generating coverage rankings based on these simulation results. One of ordinary skill in the art would recognize the ability to incorporate Niedzwiedz's simulated attack methodology into the combined vulnerability assessment system to provide empirical, behavior-based coverage evaluations. One of ordinary skill in the art would be motivated to make this modification in order to validate theoretical vulnerability assessments through practical attack simulations that reveal how applications actually respond to threats. In reference to claim 14, The computer program product of claim 13, wherein the processing device is further configured to cause the processor to: generate the potential vulnerability, wherein the potential vulnerability is a simulated attack on at least one software application or the component associated with each application identifier of the plurality of application identifiers (Niedzwiedz: Col. 8 Lines 15-45 Provides for simulating potential attacks/exploits on applications.) Receive a simulated response from the at least one software application or the component associated with each application identifier, wherein the simulated response from the at least one software application or the component is a response based on the simulated attack (Niedzwiedz: Col. 10 Lines 39 - 58 Provides for receiving simulated application responses through impact measurements.) Generate the coverage ranking of the plurality of application identifiers based on the simulated response from the at least one software application or the component associated with each application identifier (Niedzwiedz: Col. 12 Line 39 - Col. 13 Line 4 Provides for generating scores based on simulation results.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Inagaki in view of Rafferty and Shakarian, which together provide a system for assessing application vulnerabilities, generating composite coverage scores combining vulnerability scanning, publishing, and source scores, and storing rankings in a vulnerability-keyed database, with the teachings of Niedzwiedz, which introduces generating potential vulnerabilities through simulated attacks, receiving simulated responses from applications, and generating coverage rankings based on these simulation results. One of ordinary skill in the art would recognize the ability to incorporate Niedzwiedz's simulated attack methodology into the combined vulnerability assessment system to provide empirical, behavior-based coverage evaluations. One of ordinary skill in the art would be motivated to make this modification in order to validate theoretical vulnerability assessments through practical attack simulations that reveal how applications actually respond to threats. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892. Applicant’s amendment necessitated the new ground(s) of rejection presented in this office action. Accordingly, THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to AIDAN EDWARD SHAUGHNESSY whose telephone number is (703)756-1423. The examiner can normally be reached on Monday-Friday from 7:30am to 5pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson, can be reached at telephone number (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/usptoautomated-interview-request-air-form. /A.E.S./Examiner, Art Unit 2432 /Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432
Read full office action

Prosecution Timeline

Show 4 earlier events
Oct 07, 2025
Request for Continued Examination
Oct 10, 2025
Response after Non-Final Action
Dec 29, 2025
Non-Final Rejection mailed — §103
Feb 24, 2026
Interview Requested
Mar 09, 2026
Applicant Interview (Telephonic)
Mar 11, 2026
Examiner Interview Summary
Mar 27, 2026
Response Filed
Jun 26, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12574412
METHOD AND SYSTEM FOR PROCESSING AUTHENTICATION REQUESTS
4y 7m to grant Granted Mar 10, 2026
Patent 12339956
ENDPOINT ISOLATION AND INCIDENT RESPONSE FROM A SECURE ENCLAVE
3y 4m to grant Granted Jun 24, 2025
Patent 12225029
AUTOMATIC IDENTIFICATION OF ALGORITHMICALLY GENERATED DOMAIN FAMILIES
2y 9m to grant Granted Feb 11, 2025
Study what changed to get past this examiner. Based on 3 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
23%
Grant Probability
36%
With Interview (+13.3%)
3y 5m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 13 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month