Prosecution Insights
Last updated: July 17, 2026
Application No. 18/163,029

TECHNIQUES FOR FIXING CONFIGURATION AND FOR FIXING CODE USING CONTEXTUALLY ENRICHED ALERTS

Final Rejection §103
Filed
Feb 01, 2023
Priority
Oct 21, 2021 — CIP of 17/507,180 +3 more
Examiner
MAI, KEVIN S
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
Dazz Inc.
OA Round
4 (Final)
30%
Grant Probability
At Risk
5-6
OA Rounds
1y 2m
Est. Remaining
55%
With Interview

Examiner Intelligence

Grants only 30% of cases
30%
Career Allowance Rate
128 granted / 432 resolved
-28.4% vs TC avg
Strong +26% interview lift
Without
With
+25.7%
Interview Lift
resolved cases with interview
Typical timeline
4y 8m
Avg Prosecution
36 currently pending
Career history
474
Total Applications
across all art units

Statute-Specific Performance

§101
0.5%
-39.5% vs TC avg
§103
95.8%
+55.8% vs TC avg
§102
3.1%
-36.9% vs TC avg
§112
0.5%
-39.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 432 resolved cases

Office Action

§103
DETAILED ACTION This Office Action has been issued in response to Applicant's Amendment filed February 5, 2026. Claims 1, 2, 12-14, and 16 have been amended. Claims 1-23 have been examined and are pending. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed February 5, 2026 have been fully considered but they are moot in view of the new grounds of rejection. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1, 3-13, and 15-23 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. 2022/0311794 to Maya et al. (hereinafter “Maya”). As to Claim 1, Maya discloses a method for automating alert remediation, comprising: receiving a plurality of alerts from one or more detection tools, wherein the one or more detection tools monitor a software development pipeline (Paragraph [0429] of Maya discloses used to generate alerts (e.g., to anomalous user behavior). Paragraph [0717] of Maya discloses monitoring a software development pipeline) extracting a plurality of entity-identifying values from cybersecurity event data included in the plurality of alerts generated for the software development pipeline, wherein each of the plurality of alerts corresponds to a respective cybersecurity event of a plurality of cybersecurity events, wherein the cybersecurity event data includes a machine-readable representation for each alert in the plurality of alerts (Paragraph [0724] of Maya discloses an anomaly 1212 associated with the software application includes correlating 1502 another anomaly associated with an execution of the software application with one or more actions in the software development pipeline 1202); identifying software infrastructure based on the plurality of entity-identifying values (Paragraph [0724] of Maya discloses an anomaly 1212 associated with the software application includes correlating 1502 another anomaly associated with an execution of the software application with one or more actions in the software development pipeline 1202); identifying a policy used to trigger a first alert of the plurality of alerts based on the cybersecurity event data (Paragraph [0707] of Maya discloses performing 1214 a remedial action based on the anomaly 1212. In some embodiments, the remedial action includes presenting an alert associated with the anomaly 1212. For example, in some embodiments, the alert may include a log entry identifying the anomaly 1212); generating at least one query based on the plurality of entity-identifying values (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations)); querying an entity graph using the at least one query, wherein the entity graph has a plurality of nodes representing respective entities of the plurality of entities, wherein the plurality of entities includes a plurality of software components of the software infrastructure and a plurality of event logic components of cybersecurity event logic deployed with respect to the software infrastructure, wherein each of the event logic components is a discrete portion of event logic used for cybersecurity event alerting, wherein a policy node of the plurality of event logic components represents the policy (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations)); identifying at least one path in the entity graph based on the results of the at least one query, wherein each identified path is between one of the plurality of software components involved in a first cybersecurity event of the plurality of cybersecurity events and the policy node, wherein the first alert of each identified path corresponds to the first cybersecurity event of the identified path (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations)); identifying at least one root cause entity based on the identified at least one path (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations). Paragraph [0227] of Maya discloses root cause anomalies); and generating a fix action plan for the plurality of alerts based on the identified at least one root cause entity (Paragraph [0710] of Maya discloses the remedial action includes deleting or isolating particular branches of source code associated with the anomaly 1212). As to Claim 3, Maya discloses the method of claim 1, wherein generating the fix action plan further comprises: applying a plurality of fix determination rules based on the identified at least one root cause entity, wherein the plurality of fix determination rules define a plurality of predetermined fixes for a plurality of types of root causes (Paragraph [0710] of Maya discloses the remedial action includes deleting or isolating particular branches of source code associated with the anomaly 1212). As to Claim 4, Maya discloses the method of claim 3, wherein the plurality of predetermined fixes are defined further with respect to locations within the software infrastructure, wherein applying the plurality of fix determination rules further comprises: identifying a location of each of the at least one root cause entity within the software infrastructure based on the entity graph (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations). Paragraph [0227] of Maya discloses root cause anomalies). As to Claim 5, Maya discloses the method of claim 1, wherein the fix action plan includes a plurality of computer-readable instructions, further comprising: executing the plurality of computer-readable instructions in order to implement at least a portion of the fix action plan, wherein the plurality of computer-readable instructions, when executed by a processing circuitry, configure the processing circuitry to perform at least one mitigation action defined in the fix action plan (Paragraph [0710] of Maya discloses the remedial action includes deleting or isolating particular branches of source code associated with the anomaly 1212). As to Claim 6, Maya discloses the method of claim 1, wherein the fix action plan defines at least one mitigation action, further comprising: integrating with a plurality of native development lifecycle tools deployed with respect to the software infrastructure, wherein the at least one mitigation action utilizes at least one tool of the plurality of native development lifecycle tools (Paragraph [0642] of Maya discloses the static code analysis may be performed at the time that an application is compiled, at some other point in a CI/CD pipeline, or at some other time in the development lifecycle). As to Claim 7, Maya discloses the method of claim 6, wherein each of the at least one root cause entity has a respective location within the software infrastructure represented in the entity graph, wherein the at least one tool used for the at least one mitigation action is deployed with respect to the location of each of the at least one root cause entity (Paragraph [0710] of Maya discloses the remedial action includes deleting or isolating particular branches of source code associated with the anomaly 1212). As to Claim 8, Maya discloses the method of claim 1, wherein the entity graph further includes a plurality of owner nodes representing a plurality of respective owners of the plurality of software components, further comprising: generating at least one notification based on the fix action plan; and sending each of the generated at least one notification to a respective owner of the plurality of owners (Paragraph [0707] of Maya discloses performing 1214 a remedial action based on the anomaly 1212. In some embodiments, the remedial action includes presenting an alert associated with the anomaly 1212). As to Claim 9, Maya discloses the method of claim 1 further comprising: analyzing the plurality of alerts in order to identify a plurality of matches between alerts of the plurality of alerts, wherein the plurality of matches is identified with respect to issues indicated in the plurality of alerts (Paragraph [0724] of Maya discloses an anomaly 1212 associated with the software application includes correlating 1502 another anomaly associated with an execution of the software application with one or more actions in the software development pipeline 1202.); identifying a plurality of correlations between respective software components of the plurality of software components linked to the plurality of alerts based on the entity graph (Paragraph [0724] of Maya discloses an anomaly 1212 associated with the software application includes correlating 1502 another anomaly associated with an execution of the software application with one or more actions in the software development pipeline 1202.); and deduplicating the plurality of alerts based on the plurality of matches and the plurality of correlations (Paragraph [0202] of Maya discloses alert generator 158 may examine observations (e.g., produced by GBM 154) in aggregate, deduplicate them, and score them). As to Claim 10, Maya discloses the method of claim 1 further comprising: prioritizing the plurality of alerts by applying at least one alert prioritization rule, wherein the at least one alert prioritization rule defines how to prioritize alerts with respect to a mapping of the entity graph (Paragraph [0586] of Maya discloses event data can be combined with contextual information about users, assets, threats, vulnerabilities, and so on, for the purposes of scoring, prioritization and expediting investigations). As to Claim 11, Maya discloses the method of claim 1. Maya does not explicitly disclose further comprising: identifying a first plurality of properties in a plurality of original definitions of a plurality of computing infrastructure resources, wherein each original definition is a definition of a respective software component of the plurality of software components; mapping the first plurality of properties to a second plurality of properties of a plurality of universal definition templates in order to determine a matching universal definition template for each original definition, wherein each of the plurality of universal definitions corresponds to a respective type of computing infrastructure resource and is defined in a unified format; and transforming the plurality of original definitions into a plurality of universal definitions using the plurality of universal definition templates (Paragraph [0688] of Maya discloses information describing clusters identified in a first customer's cloud deployment may be compared to information describing clusters identified in a second customer's cloud deployment for the purposes of identifying similar or identical clusters in each customer's cloud deployment. Paragraph [0692] of Maya discloses the cluster set is identified, where each member of the cluster set represents a payroll system). As to Claim 12, Maya discloses a non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process, the process comprising: receiving a plurality of alerts from one or more detection tools, wherein the one or more detection tools monitor a software development pipeline (Paragraph [0429] of Maya discloses used to generate alerts (e.g., to anomalous user behavior). Paragraph [0717] of Maya discloses monitoring a software development pipeline) extracting a plurality of entity-identifying values from cybersecurity event data included in the plurality of alerts generated for the software development pipeline, wherein each of the plurality of alerts corresponds to a respective cybersecurity event of a plurality of cybersecurity events, wherein the cybersecurity event data includes a machine-readable representation for each alert in the plurality of alerts (Paragraph [0724] of Maya discloses an anomaly 1212 associated with the software application includes correlating 1502 another anomaly associated with an execution of the software application with one or more actions in the software development pipeline 1202); identifying software infrastructure based on the plurality of entity-identifying values (Paragraph [0724] of Maya discloses an anomaly 1212 associated with the software application includes correlating 1502 another anomaly associated with an execution of the software application with one or more actions in the software development pipeline 1202); identifying a policy used to trigger a first alert of the plurality of alerts based on the cybersecurity event data (Paragraph [0707] of Maya discloses performing 1214 a remedial action based on the anomaly 1212. In some embodiments, the remedial action includes presenting an alert associated with the anomaly 1212. For example, in some embodiments, the alert may include a log entry identifying the anomaly 1212); generating at least one query based on the plurality of entity-identifying values (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations)); querying an entity graph using the at least one query, wherein the entity graph has a plurality of nodes representing respective entities of the plurality of entities, wherein a plurality of entities includes a plurality of software components of the software infrastructure and a plurality of event logic components of cybersecurity event logic deployed with respect to the software infrastructure, wherein each of the event logic components is a discrete portion of event logic used for cybersecurity event alerting, wherein a policy node of the plurality of event logic components represents the policy (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations)); identifying at least one path in the entity graph based on the results of the at least one query, wherein each identified path is between one of the plurality of software components involved in a first cybersecurity event of the plurality of cybersecurity events and the policy node, wherein the first alert of each identified path corresponds to the first cybersecurity event of the identified path (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations)); identifying at least one root cause entity based on the identified at least one path (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations). Paragraph [0227] of Maya discloses root cause anomalies); and generating a fix action plan for the plurality of alerts based on the identified at least one root cause entity (Paragraph [0710] of Maya discloses the remedial action includes deleting or isolating particular branches of source code associated with the anomaly 1212). As to Claim 13, Maya discloses a system for automating alert remediation, comprising: a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: receive a plurality of alerts from one or more detection tools, wherein the one or more detection tools monitor a software development pipeline (Paragraph [0429] of Maya discloses used to generate alerts (e.g., to anomalous user behavior). Paragraph [0717] of Maya discloses monitoring a software development pipeline) extracting a plurality of entity-identifying values from cybersecurity event data included in the plurality of alerts generated for the software development pipeline, wherein each of the plurality of alerts corresponds to a respective cybersecurity event of a plurality of cybersecurity events, wherein the cybersecurity event data includes a machine-readable representation for each alert in the plurality of alerts (Paragraph [0724] of Maya discloses an anomaly 1212 associated with the software application includes correlating 1502 another anomaly associated with an execution of the software application with one or more actions in the software development pipeline 1202); identify software infrastructure based on the plurality of entity-identifying values (Paragraph [0724] of Maya discloses an anomaly 1212 associated with the software application includes correlating 1502 another anomaly associated with an execution of the software application with one or more actions in the software development pipeline 1202); identify a policy used to trigger a first alert of the plurality of alerts based on the cybersecurity event data (Paragraph [0707] of Maya discloses performing 1214 a remedial action based on the anomaly 1212. In some embodiments, the remedial action includes presenting an alert associated with the anomaly 1212. For example, in some embodiments, the alert may include a log entry identifying the anomaly 1212); generate at least one query based on the plurality of entity-identifying values (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations)); query an entity graph using the at least one query, wherein the entity graph has a plurality of nodes representing respective entities of the plurality of entities, wherein the plurality of entities includes a plurality of software components of the software infrastructure and a plurality of event logic components of [cybersecurity] event logic deployed with respect to the software infrastructure, wherein each of the event logic components is a discrete portion of event logic used for cybersecurity event alerting, wherein a policy node of the plurality of event logic components represents the policy (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations)); identify at least one path in the entity graph based on the results of the at least one query, wherein each identified path is between one of the plurality of software components involved in a first cybersecurity event of the plurality of cybersecurity events and the policy node, wherein the first alert of each identified path corresponds to the first cybersecurity event of the identified path (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations)); identify at least one root cause entity based on the identified at least one path (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations). Paragraph [0227] of Maya discloses root cause anomalies); and generate a fix action plan for the plurality of alerts based on the identified at least one root cause entity (Paragraph [0710] of Maya discloses the remedial action includes deleting or isolating particular branches of source code associated with the anomaly 1212). As to Claim 15, Maya discloses the system of claim 13, wherein the system is further configured to: apply a plurality of fix determination rules based on the identified at least one root cause entity, wherein the plurality of fix determination rules define a plurality of predetermined fixes for a plurality of types of root causes (Paragraph [0710] of Maya discloses the remedial action includes deleting or isolating particular branches of source code associated with the anomaly 1212). As to Claim 16, Maya discloses the system of claim 15, wherein the plurality of predetermined fixes are defined further with respect to locations within the software infrastructure, wherein the system is further configured to: identify a location of each of the at least one root cause entity within the software infrastructure based on the entity graph (Paragraph [0436] of Maya discloses in the event of a security breach, being able to concretely answer questions about such information can be very important. And, collectively, such information is useful in providing an end-to-end path (e.g., for performing investigations). Paragraph [0227] of Maya discloses root cause anomalies). As to Claim 17, Maya discloses the system of claim 13, wherein the fix action plan includes a plurality of computer-readable instructions, wherein the system is further configured to: execute the plurality of computer-readable instructions in order to implement at least a portion of the fix action plan, wherein the plurality of computer-readable instructions, when executed by a processing circuitry, configure the processing circuitry to perform at least one mitigation action defined in the fix action plan (Paragraph [0710] of Maya discloses the remedial action includes deleting or isolating particular branches of source code associated with the anomaly 1212). As to Claim 18, Maya discloses the system of claim 13, wherein the fix action plan defines at least one mitigation action, wherein the system is further configured to: integrate with a plurality of native development lifecycle tools deployed with respect to the software infrastructure, wherein the at least one mitigation action utilizes at least one tool of the plurality of native development lifecycle tools (Paragraph [0642] of Maya discloses the static code analysis may be performed at the time that an application is compiled, at some other point in a CI/CD pipeline, or at some other time in the development lifecycle). As to Claim 19, Maya discloses the system of claim 18, wherein each of the at least one root cause entity has a respective location within the software infrastructure represented in the entity graph, wherein the at least one tool used for the at least one mitigation action is deployed with respect to the location of each of the at least one root cause entity (Paragraph [0710] of Maya discloses the remedial action includes deleting or isolating particular branches of source code associated with the anomaly 1212). As to Claim 20, Maya discloses the system of claim 13, wherein the entity graph further includes a plurality of owner nodes representing a plurality of respective owners of the plurality of software components, wherein the system is further configured to: generate at least one notification based on the fix action plan; and send each of the generated at least one notification to a respective owner of the plurality of owners (Paragraph [0707] of Maya discloses performing 1214 a remedial action based on the anomaly 1212. In some embodiments, the remedial action includes presenting an alert associated with the anomaly 1212). As to Claim 21, Maya discloses the system of claim 13 wherein the system is further configured to: analyze the plurality of alerts in order to identify a plurality of matches between alerts of the plurality of alerts, wherein the plurality of matches is identified with respect to issues indicated in the plurality of alerts (Paragraph [0724] of Maya discloses an anomaly 1212 associated with the software application includes correlating 1502 another anomaly associated with an execution of the software application with one or more actions in the software development pipeline 1202.); identify a plurality of correlations between respective software components of the plurality of software components linked to the plurality of alerts based on the entity graph (Paragraph [0724] of Maya discloses an anomaly 1212 associated with the software application includes correlating 1502 another anomaly associated with an execution of the software application with one or more actions in the software development pipeline 1202.); and deduplicate the plurality of alerts based on the plurality of matches and the plurality of correlations (Paragraph [0202] of Maya discloses alert generator 158 may examine observations (e.g., produced by GBM 154) in aggregate, deduplicate them, and score them). As to Claim 22, Maya discloses the system of claim 13 wherein the system is further configured to: prioritize the plurality of alerts by applying at least one alert prioritization rule, wherein the at least one alert prioritization rule defines how to prioritize alerts with respect to a mapping of the entity graph (Paragraph [0586] of Maya discloses event data can be combined with contextual information about users, assets, threats, vulnerabilities, and so on, for the purposes of scoring, prioritization and expediting investigations). As to Claim 23, Maya discloses the system of claim 13. Maya does not explicitly disclose wherein the system is further configured to: identify a first plurality of properties in a plurality of original definitions of a plurality of computing infrastructure resources, wherein each original definition is a definition of a respective software component of the plurality of software components; map the first plurality of properties to a second plurality of properties of a plurality of universal definition templates in order to determine a matching universal definition template for each original definition, wherein each of the plurality of universal definitions corresponds to a respective type of computing infrastructure resource and is defined in a unified format; and transform the plurality of original definitions into a plurality of universal definitions using the plurality of universal definition templates (Paragraph [0688] of Maya discloses information describing clusters identified in a first customer's cloud deployment may be compared to information describing clusters identified in a second customer's cloud deployment for the purposes of identifying similar or identical clusters in each customer's cloud deployment. Paragraph [0692] of Maya discloses the cluster set is identified, where each member of the cluster set represents a payroll system). Claims 2 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over and further in view of US Pub. No. 2021/0182387 to Zhu et al. (hereinafter “Zhu”). As to Claim 2, Maya discloses the method of claim 1. Maya does not explicitly disclose wherein the at least one query is generated based further on a plurality of semantic concepts, further comprising: creating a semantic concepts dictionary, wherein the semantic concepts dictionary defines the plurality of semantic concepts describing potential characteristics for the plurality of software components, wherein the plurality of semantic concepts is extracted from the cybersecurity event data using the semantic concepts dictionary. However, Zhu discloses this. Paragraph [0065] of Zhu discloses the event feature extractor module extracts features of system events. The model used is derived from the skip-gram model in natural language processing. Natural language processing (NLP) is the parsing and semantic interpretation of text. Paragraph [0044] of Zhu discloses collection of events regarding monitored accesses and unexpected occurrences across the data network, and analyzing them in a correlative context to determine their contribution to profiled higher-order security events. It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the monitoring system as disclosed by Maya, with using semantic concepts as disclosed by Zhu. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Maya and Zhu are directed toward monitoring systems and as such it would be obvious to use the techniques of one in the other. The teachings of Zhu would allow Maya to learn, analyze, and understand human language (paragraph [0065] of Zhu). As to Claim 14, Maya discloses the system of claim 13. Maya does not explicitly disclose wherein the at least one query is generated based further on a plurality of semantic concepts, wherein the system is further configured to: create a semantic concepts dictionary, wherein the semantic concepts dictionary defines the plurality of semantic concepts describing potential characteristics for the plurality of software components, wherein the plurality of semantic concepts is extracted from the cybersecurity event data using the semantic concepts dictionary. However, Zhu discloses this. Paragraph [0065] of Zhu discloses the event feature extractor module extracts features of system events. The model used is derived from the skip-gram model in natural language processing. Natural language processing (NLP) is the parsing and semantic interpretation of text. Paragraph [0044] of Zhu discloses collection of events regarding monitored accesses and unexpected occurrences across the data network, and analyzing them in a correlative context to determine their contribution to profiled higher-order security events. Examiner recites the same rationale to combine used for claim 2. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin S Mai whose telephone number is (571)270-5001. The examiner can normally be reached Monday to Friday 9AM to 5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KEVIN S MAI/Primary Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

Show 1 earlier event
Apr 24, 2024
Non-Final Rejection mailed — §103
Jul 25, 2024
Response Filed
Nov 18, 2024
Final Rejection mailed — §103
Feb 18, 2025
Request for Continued Examination
Feb 20, 2025
Response after Non-Final Action
Nov 05, 2025
Non-Final Rejection mailed — §103
Feb 05, 2026
Response Filed
Jun 04, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12657306
BMC BASED HROT IMPLEMENTATION ESTABLISHING CHAIN OF TRUST IN A SECURED SERVER SYSTEM
3y 5m to grant Granted Jun 16, 2026
Patent 12506731
Conference Data Sharing Method and Conference Data Sharing System Capable of Communicating with Remote Conference Members
4y 8m to grant Granted Dec 23, 2025
Patent 12413610
ASSESSING SECURITY OF SERVICE PROVIDER COMPUTING SYSTEMS
3y 9m to grant Granted Sep 09, 2025
Patent 12406064
PRE-BOOT CONTEXT-BASED SECURITY MITIGATION
3y 3m to grant Granted Sep 02, 2025
Patent 12363200
PROVIDING EVENT STREAMS AND ANALYTICS FOR ACTIVITY ON WEB SITES
3y 2m to grant Granted Jul 15, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
30%
Grant Probability
55%
With Interview (+25.7%)
4y 8m (~1y 2m remaining)
Median Time to Grant
High
PTA Risk
Based on 432 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month