Prosecution Insights
Last updated: July 17, 2026
Application No. 18/099,799

DATA PROCESSING SYSTEMS FOR DATA TRANSFER RISK IDENTIFICATION AND RELATED METHODS

Non-Final OA §103
Filed
Jan 20, 2023
Priority
Jun 10, 2016 — provisional 62/348,695 +16 more
Examiner
HASTY, NICHOLAS
Art Unit
2141
Tech Center
2100 — Computer Architecture & Software
Assignee
OneTrust LLC
OA Round
5 (Non-Final)
52%
Grant Probability
Moderate
5-6
OA Rounds
12m
Est. Remaining
84%
With Interview

Examiner Intelligence

Grants 52% of resolved cases
52%
Career Allowance Rate
181 granted / 351 resolved
-3.4% vs TC avg
Strong +32% interview lift
Without
With
+32.5%
Interview Lift
resolved cases with interview
Typical timeline
4y 5m
Avg Prosecution
23 currently pending
Career history
381
Total Applications
across all art units

Statute-Specific Performance

§101
0.7%
-39.3% vs TC avg
§103
88.6%
+48.6% vs TC avg
§102
10.3%
-29.7% vs TC avg
§112
0.1%
-39.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 351 resolved cases

Office Action

§103
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This action is responsive to communications: RCE filed on 11/19/2025. Claims 1-20 are pending. Claims 1, 8, and 15 are independent. The previous rejection of claims 1-20 under 35 USC § 103 have been withdrawn in view of the amendment. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rose et al. (US2017/0272412) in view of Aoki et al. (US2017/0185638), and Muller et al. (“A Framework for Consensual and Online Privacy Preserving Record Linkage in Real-Time”). In regards to claim 1, Rose et al. substantially discloses a method in which a first computing hardware performs operations comprising: Instructing second computing hardware to evaluate a data transfer risk between a first data asset and a second data asset, wherein the second computing hardware evaluates the data transfer risk by: Generating a first data inventory that defines a first set of data attributes for the first data asset (Rose et al. para[0109], define data attribute (location) of first data asset (server 305)); Generating a second data inventory that defines a second set of data attributes for the second data asset, wherein the second set of data attributes comprises a data transfer record indicating a transfer of data between the first data asset and a second data asset (Rose et al. para[0113], defined location property of second data server 310); Rose et al. does not explicitly disclose analyzing a data model comprising the first data inventory and the second data inventory to identify the transfer of the data: Identifying, based on a type for the data indicated in the data transfer record, the data transfer risk by using a set of data transfer rules applicable to the transfer of the data; and Generating, based on the data transfer risk, a risk rating for the transfer of the data from the first data asset to the second data asset. However Aoki discloses analyzing a data model comprising the first data inventory and the second data inventory to identify the transfer of the data: Identifying, based on a type for the data indicated in the data transfer record, the data transfer risk by using a set of data transfer rules applicable to the transfer of the data (Aoki et al. para[0085], identified types of data being requested by entities, para[0086] applies rules based on type of data); and Generating, based on the data transfer risk, a risk rating for the transfer of the data from the first data asset to the second data asset (Aoki et al para[0031], provide assessment of risk, privacy, and/or levels of trust). It would have been obvious to one of ordinary skill in the art before the filing date of the invention to have combined security method of Rose et al. with the personal information control method of Aoki et al. in order to track and manage how user information is distributed (Aoki et al. para[0003]). Rose et al. does not explicitly disclose performing an action to address the data transfer risk, wherein the action comprises at least one of (i) generating a secure link between the first data asset and the second data asset for executing the transfer of the data over the secure link, (ii) terminating the transfer of the data from the first data asset to the second data asset in response to determining that the risk rating satisfies a risk threshold, or (iii) having the data involved in the transfer encrypted. However Muller et al. discloses performing an action to address the data transfer risk, wherein the action comprises at least one of (i) generating a secure link between the first data asset and the second data asset for executing the transfer of the data over the secure link, (ii) terminating the transfer of the data from the first data asset to the second data asset in response to determining that the risk rating satisfies a risk threshold, or (iii) having the data involved in the transfer encrypted (Muller et al. pg2594 section III.A para2, encodes data to prevent access by unauthorized third parties). It would have been obvious to one of ordinary skill in the art before the filing date of the invention to have combined the security method of Rose et al. with the privacy framework of Muller et al. in order to allow cross-organizational data exchange while observing privacy regulations (Muller et al. pg2591 section I para5). In regards to claim 2, Rose et al. as modified by Aoki et al., and Muller et al. discloses the method of Claim 1 further comprising, generating the secure link or having the data involved in the transfer encrypted in response to determining that the risk rating satisfies the risk threshold (Muller et al. pg2595 section III.C para2-3, encrypts the data records to be transferred and terminates (excludes) transfer of some data sets). It would have been obvious to one of ordinary skill in the art before the filing date of the invention to have combined the security method of Rose et al. with the privacy framework of Muller et al. in order to allow cross-organizational data exchange while observing privacy regulations (Muller et al. pg2591 section I para5). In regards to claim 3, Rose et al. as modified by Aoki et al., and Muller et al. discloses the method of Claim 1, wherein performing the action to address the data transfer risk comprises two or more of generating the secure link between the first data asset and the second data asset, terminating the transfer of the data, or having the data involved in the transfer encrypted (Muller et al. pg2595 section III.C para2-3, encrypts the data records to be transferred and terminates (excludes) transfer of some data sets). It would have been obvious to one of ordinary skill in the art before the filing date of the invention to have combined the security method of Rose et al. with the privacy framework of Muller et al. in order to allow cross-organizational data exchange while observing privacy regulations (Muller et al. pg2591 section I para5). In regards to claim 4, Rose et al. as modified by Aoki et al., and Muller et al. discloses the method of Claim 1, wherein performing the action to address the data transfer risk further comprises: generating, for providing to a computing device associated with the transfer, a notification indicating a heightened risk for the transfer in response to determining that the risk rating satisfies the risk threshold (Aoki et al. para[0132] ln1-4, alerts and notifications are sent based on certain access thresholds). It would have been obvious to one of ordinary skill in the art before the filing date of the invention to have combined security method of Rose et al. with the personal information control method of Aoki et al. in order to track and manage how user information is distributed (Aoki et al. para[0003] ln1-9). In regards to claim 5, Rose et al. as modified by Aoki et al., and Muller et al. discloses the method of Claim 1, wherein the set of data transfer rules comprise at least one of:(a) rules associated with at least one encryption level, (b) rules associated with at least one storage time limitation, or (c) rules associated with at least one access restriction (Aoki et al. para[0023] ln1-5). It would have been obvious to one of ordinary skill in the art before the filing date of the invention to have combined security method of Rose et al. with the personal information control method of Aoki et al. in order to track and manage how user information is distributed (Aoki et al. para[0003]). In regards to claim 6, Rose et al. as modified by Aoki et al., and Muller et al. discloses the method of Claim 1, the data model comprises indications of data assets that collect data and one or more data types of data collected by each of the data assets (Aoki et al. para[0080], the PIP may collect, scrape, and/or retrieve the user’s data from various websites or web servers, possibly to display identifications of the websites or web servers to users.) It would have been obvious to one of ordinary skill in the art before the filing date of the invention to have combined security method of Rose et al. with the personal information control method of Aoki et al. in order to track and manage how user information is distributed (Aoki et al. para[0003]). In regards to claim 7, Rose et al.as modified by Aoki et al., and Muller et al. discloses the method of Claim 1, wherein the set of data transfer rules comprises at least one of: a privacy law framework applicable to at least one of a first location associated with the first data asset or a second location associated with the second data asset, or an entity framework applicable to at least one of a first entity associated with the first data asset or a second entity associated with the second data asset (Aoki et al. para[0132] ln4-8, rules for alerts if an entity from another country or region is requesting information). It would have been obvious to one of ordinary skill in the art before the filing date of the invention to have combined security method of Rose et al. with the personal information control method of Aoki et al. in order to track and manage how user information is distributed (Aoki et al. para[0003]). Claims 8-14 recite substantially similar limitations to claims 1-7. Thus claims 8-14 are rejected along the same rationale as claims 1-7. Claims 15-20 recite substantially similar limitations to claims 1-5 and 7. Thus claims 15-20 are rejected along the same rationale as claims 1-5 and 7. Response to Arguments Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the arguments do not apply the current rejection. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS HASTY whose telephone number is (571)270-7775. The examiner can normally be reached Monday-Friday 8:30am-5:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Matt Ell can be reached at (571)270-3264. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /N.H/Examiner, Art Unit 2141 /MATTHEW ELL/Supervisory Patent Examiner, Art Unit 2141
Read full office action

Prosecution Timeline

Show 11 earlier events
Sep 19, 2024
Response after Non-Final Action
Mar 20, 2025
Non-Final Rejection mailed — §103
Jul 21, 2025
Response Filed
Aug 11, 2025
Final Rejection mailed — §103
Oct 13, 2025
Response after Non-Final Action
Nov 19, 2025
Request for Continued Examination
Nov 28, 2025
Response after Non-Final Action
Jul 01, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12657001
OPTIMIZING DISPLAY ENGAGEMENT IN ACTION AUTOMATION
2y 4m to grant Granted Jun 16, 2026
Patent 12579517
AUTOMATED DESCRIPTION GENERATION FOR JOB POSTING
2y 9m to grant Granted Mar 17, 2026
Patent 12578840
Devices, Methods, and Graphical User Interfaces for Navigating, Displaying, and Editing Media Items with Multiple Display Modes
2y 1m to grant Granted Mar 17, 2026
Patent 12561605
USER INTERFACE MANAGEMENT FRAMEWORK
4y 6m to grant Granted Feb 24, 2026
Patent 12547291
Tree Frog Computer Navigation System for the Hierarchical Visualization of Data
2y 3m to grant Granted Feb 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
52%
Grant Probability
84%
With Interview (+32.5%)
4y 5m (~12m remaining)
Median Time to Grant
High
PTA Risk
Based on 351 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month