Prosecution Insights
Last updated: July 17, 2026
Application No. 18/176,151

TECHNIQUES FOR THE UNIFICATION OF RAW CYBER DATA COLLECTED FROM DIFFERENT SOURCES FOR VULNERABILITY MANAGEMENT

Non-Final OA §112
Filed
Feb 28, 2023
Examiner
POUDEL, SAMIKSHYA NMN
Art Unit
2436
Tech Center
2400 — Computer Networks
Assignee
Avalor Technologies, Ltd.
OA Round
5 (Non-Final)
45%
Grant Probability
Moderate
5-6
OA Rounds
0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 45% of resolved cases
45%
Career Allowance Rate
9 granted / 20 resolved
-13.0% vs TC avg
Strong +75% interview lift
Without
With
+75.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
16 currently pending
Career history
48
Total Applications
across all art units

Statute-Specific Performance

§101
0.7%
-39.3% vs TC avg
§103
87.1%
+47.1% vs TC avg
§102
3.4%
-36.6% vs TC avg
§112
8.2%
-31.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 20 resolved cases

Office Action

§112
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 05/05/2026 has been entered. Response to Arguments In the remarks filed on 05/05/2026. The applicant amended claims 1, 8, 10-11, and 18 are amended. No claims were added. Claims 7 and 17 are cancelled. With respect to claim objections: Applicant’ claim amendments and remarks filed on 08/13/2024 have been fully considered and overcame the claim objections as presented in the non-final office action filed 05/14/2024. Therefore, objections have been withdrawn. With respect to 35 U.S.C. § 103 rejections: Applicant's arguments filed on 05/05/2026 have been received and entered. Applicant's arguments with respect to the newly amended independent claims, see Applicant Arguments 12-17, with respect to the rejection (s) of independent claims 1,10 and 11 have been fully considered and overcame the claim rejections as presented in the final office action filed 02/05//2026. Therefore, Rejections have been withdrawn. Claim Objections Regarding claims 1, 10, and 11, Claims 1, 10, and 11 are objected to because of the following informalities: Claims 1, 10, and 11 contain multiple nested clauses such as “the consolidating comprising”, “the mapping performed according to”, “the generating further comprising”, and “the determining including evaluating”. The nested clauses makes the claims unnecessarily difficult to parse and understand the relationship between the claimed operations. Examiner suggest applicant to amend the claim limitations to provide clear grammatical relationships between the generating, consolidating, mapping, corelating, evaluating, assigning, and storing operations. For example, the claims should clearly identify whether the mapping, correlation, and node generation are the sub steps of generating the unified cybersecurity object, and whether evaluation of the graph and assignment of severity are sub steps of determining the severity level. Also, the claims recites storing cybersecurity object “on a graph database” should read “in a graph database”. Appropriate correction is required. Regarding claims 4 and 14, Claims 4 and 14 are objected to because of the following informalities: Claims 4 and 14 recite “generating the unified cybersecurity object further based on metadata received from the first cybersecurity signal and the second cybersecurity signal”. The phrase “metadata received from the first cybersecurity signal and the second cybersecurity signal “ is grammatically unclear. The signal is usually received from source whereas metadata may be included in, carried by or received with the signal. Applicant should amend the claims to clarify the intended relationship. Applicant may amend the claims to recite “metadata included in/received with the first cybersecurity signal and the second cybersecurity signal”. Appropriate correction is required. Regarding claim 20, Claim 20 is objected to because of the following informalities: Claim 20 does not further limit claim 11 and merely repeat the limitation already present in claim11. The independent claim 11 already recites that the first and second monitoring system are each configured to scan for different types of cybersecurity threats in the computing environment. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION. —The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1, 10, and 11 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claims 1, 10, and 11 recite the limitation “the unified node aggregates the consolidated data fields while the first source node and the second source node preserve source-specific representations of the consolidated data”. It is unclear what is meant by the first and second source nodes preserving “source-specific representations of the consolidated data” The claims previously recite consolidating different data fields from the first and second cybersecurity signals into a unified cybersecurity object by mapping respective source native data fields to canonical data field. Thus, “the consolidated data” appears to refer to data that has already been mapped or normalized into canonical data structure. It is unclear whether the first and second source nodes preserve the original source native data received from the respective monitoring systems before consolidation, separate source specific versions of data after consolidation into canonical data structure, or both the original source native data and the consolidate canonical data. These interpretations require materially different data structures and storage operations. The specification describes source specific entity nodes that allow to data received from respective sources and an uber node containing mapped data, see spec [0052-0055], [0065]. However, the specification does not clarify what constitutes a “source specific representation” of data that has already been “consolidated”. Examiner suggest applicant to clarify the scope of the claim. Dependent claims are also rejected for inheriting the deficiencies set forth above for independent claims. Appropriate correction is required. Claims 1, 10, and 11 recite “correlating the mapped data fields to a common node within a graph-based representation of the computing environment” and subsequently recite “the unified cybersecurity object is represented in the graph-based representation as a unified node”. It is unclear whether the recited “common node” and “unified node” refer to the same graph node or different graph nodes. Under one reasonable interpretation, the mapped data fields are corelated to the unified node that represents the unified cybersecurity object. Under another reasonable interpretation, the common node represents a resource, principal, threat, or other entity, while the unified cybersecurity object is represented by a separate unified node connected to that common node. The use of two terms for the potentially the same claimed element without language expressly relating the elements renders the graph structure unclear. Examiner suggest applicant to clarify whether the common node is the unified node or separate nodes and if separate, then recite their required relationship. Claims 1, 10, and 11 initially recite that the first monitoring system is configured to monitor a computing environment “for cybersecurity threat”. The claims further recites that the first and second monitoring systems are configured to scan for “different types of cybersecurity threat”. It is unclear whether “the cybersecurity threats” refers to one particular cybersecurity threat monitored or detected by both monitoring systems, or a threat detected by only one of the monitoring systems, or different threats detected by respective monitoring systems, or combined cybersecurity condition generated from multiple different threats , or cybersecurity threats in general. It is ambiguous that the claims require generation of one unified cybersecurity object and determination of one severity level “of the cybersecurity threat”, while also requiring the monitoring system to scan for different types of threats. The claims does not specify which detected threat, or combination of threats is represented by the unified cybersecurity object and assigned the severity level. Thus, Examiner suggest applicant to clarify the identity of the cybersecurity threat for which the unified object is generated and the severity level is determined. Claims 1, 10, and 11 recites that each monitoring system has respective scanner that “that independently accesses and collects data from different resources deployed within the computing environment”. It is unclear what is required by “different resources”. The limitation can have multiple interpretation such as the first scanner access a first resource and the second scanner access a distinct second resource, or each scanner accesses a plurality of resources that are different from one another, the respective scanners access partially overlapping but nonidentical sets of resources, the canner access the same resources but collect different type of data, or the scanners accesses resources of different resource types. This distinction is important because the claims later require consolidation of fields from the first and second cybersecurity signals and correlation of those fields to a common graph node. It is unclear how signals concerning distinct resources are to be consolidated into one unified cybersecurity object, or whether the claims instead intend that bot scanners collect information concerning the same resource. Thus, Examiner suggest applicant to clarify the scope of the claims. Claims 1, 10, and 11 recites “assigning the severity level based on the correlated evidence”. The claims do not previously introduce “correlated evidence”. It is unclear whether “corelated evidence” refer to the mapped data fields, the unified cybersecurity object, graph connected nodes, the scan data or something else. Applicant is required to identify the data or evaluation results that constitutes “the corelated evidence”. Additionally, the claims recite “a graph-based representation of the computing environment” and further recite “a graph database, the graph database including a representation of the computing environment”. It is unclear whether the later recited “representation of the computing environment” is previously recited graph-based representation or is a separate representation stored in the graph database. This ambiguity also affects dependent claims 8 and 18 which recite “generating the representation of the computing environment based on the first cybersecurity signal and the second cybersecurity signal”. Thus, Examiner suggest applicant to clarify the scope of the claims. Dependent claims 2-6, 8-9, 12-16 and 18-20 are rejected under the same rationale as they do not cure the deficiencies of independent claims 1, 10 and 11. Allowable Subject Matter Claims 1-6, 8-16, and 18-20 would be allowable if rewritten or amended to overcome the claim objections, set forth in this Office action. Claims 1-6, 8-16, and 18-20 would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US20180159876 A1:” relates generally to cybersecurity offense analytics” US 20200145442 A1: “provides a technique for a signal flow analysis-based exploration of security knowledge represented in a graph structure” US 12615271 B1 : “relates to data collection system communicatively coupled to a data platform configured to perform security monitoring of a compute environment” Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMIKSHYA POUDEL whose telephone number is (703)756-1540. The examiner can normally be reached 7:30 AM - 5PM Mon- Fri. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /S.N.P./Examiner, Art Unit 2436 /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436
Read full office action

Prosecution Timeline

Show 6 earlier events
Jul 06, 2025
Response after Non-Final Action
Aug 12, 2025
Non-Final Rejection mailed — §112
Nov 12, 2025
Response Filed
Feb 05, 2026
Final Rejection mailed — §112
Apr 03, 2026
Response after Non-Final Action
May 05, 2026
Request for Continued Examination
May 12, 2026
Response after Non-Final Action
Jun 23, 2026
Non-Final Rejection mailed — §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12645787
STACK TRACE ANALYSIS MODEL
2y 11m to grant Granted Jun 02, 2026
Patent 12619726
CYBER RESILIENCE INTEGRATED SECURITY INSPECTION SYSTEM (CRISIS) AGAINST FALSE DATA INJECTION ATTACKS
4y 1m to grant Granted May 05, 2026
Patent 12591663
INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING COMPUTER PROGRAM PRODUCT
2y 7m to grant Granted Mar 31, 2026
Patent 12470379
LINK ENCRYPTION AND KEY DIVERSIFICATION ON A HARDWARE SECURITY MODULE
3y 0m to grant Granted Nov 11, 2025
Patent 12452254
SECURE SIGNED FILE UPLOAD
3y 6m to grant Granted Oct 21, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
45%
Grant Probability
99%
With Interview (+75.0%)
2y 10m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 20 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month