Prosecution Insights
Last updated: July 17, 2026
Application No. 18/098,600

DEPICTING A RELATIVE EXTENT OF VULNERABILITY ASSOCIATED WITH A WEB APPLICATION DEPLOYED ON A DOMAIN

Non-Final OA §112
Filed
Jan 18, 2023
Examiner
POUDEL, SAMIKSHYA NMN
Art Unit
2436
Tech Center
2400 — Computer Networks
Assignee
International Business Machines Corporation
OA Round
5 (Non-Final)
45%
Grant Probability
Moderate
5-6
OA Rounds
0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 45% of resolved cases
45%
Career Allowance Rate
9 granted / 20 resolved
-13.0% vs TC avg
Strong +75% interview lift
Without
With
+75.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
16 currently pending
Career history
48
Total Applications
across all art units

Statute-Specific Performance

§101
0.7%
-39.3% vs TC avg
§103
87.1%
+47.1% vs TC avg
§102
3.4%
-36.6% vs TC avg
§112
8.2%
-31.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 20 resolved cases

Office Action

§112
CTNF 18/098,600 CTNF 99041 Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. Continued Examination Under 37 CFR 1.114 07-42-04 AIA A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 03/23/2026 has been entered. Response to Amendment In the response filed on 03/23/2026. The applicant amended claims 1, 6, 8, 9, 11, 16-18, and 20 are amended. No claims were added. Claim Objections Regarding claims 8 and 17, Claims 8 and 17 are objected to because the phrase “wherein the results specify toolkits used by the physical servers and comprising” is grammatically improper. Applicant should amend the claim to clarify “the method further comprises validating ….” And same in claim 17 , the phrase “and the program instructions readable and/or executable by the processing circuit to cause the processing circuit to: validate ….” is awkwardly inserted into dependent claim and should be rewritten for clarity purposes. Appropriate correction is required. Claim Rejections - 35 USC § 112 07-30-02 AIA The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION. —The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA), second paragraph, as being incomplete for omitting essential steps, such omission amounting to a gap between the steps. See MPEP § 2172.01. The claim recites “using information obtained by an agent of the vulnerability service from infrastructure associated with web application deployed on the domains to determine relative extents of vulnerability” and further recites that a first portion of the is obtained based on agent scanning physical hardware components and that a second portion of the information is obtained by an artifact dependency publish service. However, the claim does not recite how the first portion and second portion of the information are used to determine the relative extents vulnerability, nor does the claim recite whether both portions are required inputs to determining step. As a result, it is unclear whether the relative extent vulnerability is determined based on the first portion, the second portion, both portions or some other information and how these first and second portion information being used to determine relative extents of vulnerability on web domains. The specification indicates that the determination may be made by comparing scan results with predetermined thresholds, checking whether vulnerabilities are present in artifacts published for a domain, fetching vulnerabilities associated with each artifact, and storing vulnerability analysis results in a predetermined format/table, see paragraphs [0051, 0056, 0062, 0063]. However, claim 1 does not recite the operative relationship between the physical server scan information , the artifact list information, and the final determination of the relative extent of vulnerability. Thus, the claim omits steps that appear essential to the disclosed invention and fails to particularly point out and distinctly claim the invention. Dependent claims are also rejected for inheriting the deficiencies set forth above for independent claims. Appropriate correction is required. Claims 1, 11, and 20 recites “wherein a second portion of the information is obtained by an artifact dependency publish service used by the domains, wherein the artifact dependency publish service publishes a list of artifacts used by the web applications deployed on the domains”. It is unclear which component obtains the second portion of the information. Th specification describes an artifact dependency publish service that publishes or stores artifact lists, and site vulnerability service that fetches and decrypts the list of artifacts, see [0052-0056]. Therefor it is unclear whether the second portion is obtained by the artifact dependency publish service or from the artifact dependency publish service by the agent or by the vulnerability service. Thus, the scope of these claims are unclear. Dependent claims are also rejected for inheriting the deficiencies set forth above for independent claims. Appropriate correction is required. Claims 4 and 14 recites the limitation “ wherein the depiction includes textual information for display in a command line and/or text terminal, wherein the textual information includes extension information including a digital signature or a non-repudiation”. The phrase “a digital signature or a non-repudiation” is unclear whether it refers to a key usage extension, security property, a certificate field, or some other item of textual information. Thus, the scope of the claimed “extension information” is unclear. Dependent claims are also rejected for inheriting the deficiencies set forth above for independent claims. Appropriate correction is required. Claims 9 and 18 recites the phrase “printed documents” as recited in the list of artifacts used by the web applications is unclear. It is unclear whether the claimed printed documents are physical paper documents, electronic documents, design documentation, generated output files, or some other software artifacts used by the web applications. Dependent claims are also rejected for inheriting the deficiencies set forth above for independent claims. Appropriate correction is required. Allowable Subject Matter Claims 1-20 would be allowable if rewritten or amended to overcome the claim objections, set forth in this Office action. 07-43-01 AIA Claim s 1-20 would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA), 2nd paragraph, set forth in this Office action. Conclusion 07-96 AIA The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 20060253584 A1 : “relates to the field of reputation services, and, more particularly to real-time, reputation-based Web services” US 20200204468 A1 : “relates to techniques for evaluating server system reliability, vulnerability and component compatibility using crowdsourced server and vulnerability data” US 20200042628 A1 : “generally relates to the field of information security, and more particularly to software development, installation, and management” Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMIKSHYA POUDEL whose telephone number is (703)756-1540. The examiner can normally be reached 7:30 AM - 5PM Mon- Fri. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /S.N.P./Examiner, Art Unit 2436 /TRONG H NGUYEN/Primary Examiner, Art Unit 2436 Application/Control Number: 18/098,600 Page 2 Art Unit: 2436 Application/Control Number: 18/098,600 Page 3 Art Unit: 2436 Application/Control Number: 18/098,600 Page 4 Art Unit: 2436 Application/Control Number: 18/098,600 Page 5 Art Unit: 2436 Application/Control Number: 18/098,600 Page 6 Art Unit: 2436 Application/Control Number: 18/098,600 Page 7 Art Unit: 2436
Read full office action

Prosecution Timeline

Show 9 earlier events
Aug 07, 2025
Non-Final Rejection mailed — §112
Oct 07, 2025
Response Filed
Dec 29, 2025
Final Rejection mailed — §112
Feb 25, 2026
Response after Non-Final Action
Mar 23, 2026
Request for Continued Examination
Apr 09, 2026
Response after Non-Final Action
May 22, 2026
Examiner Interview (Telephonic)
Jun 03, 2026
Non-Final Rejection mailed — §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12645787
STACK TRACE ANALYSIS MODEL
2y 11m to grant Granted Jun 02, 2026
Patent 12619726
CYBER RESILIENCE INTEGRATED SECURITY INSPECTION SYSTEM (CRISIS) AGAINST FALSE DATA INJECTION ATTACKS
4y 1m to grant Granted May 05, 2026
Patent 12591663
INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING COMPUTER PROGRAM PRODUCT
2y 7m to grant Granted Mar 31, 2026
Patent 12470379
LINK ENCRYPTION AND KEY DIVERSIFICATION ON A HARDWARE SECURITY MODULE
3y 0m to grant Granted Nov 11, 2025
Patent 12452254
SECURE SIGNED FILE UPLOAD
3y 6m to grant Granted Oct 21, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
45%
Grant Probability
99%
With Interview (+75.0%)
2y 10m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 20 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month