Prosecution Insights
Last updated: July 17, 2026
Application No. 18/189,767

MANAGING IMPLEMENTATION OF DATA CONTROLS FOR COMPUTING SYSTEMS

Non-Final OA §103
Filed
Mar 24, 2023
Priority
Mar 25, 2022 — provisional 63/323,638
Examiner
STRAUB, D'ARCY WINSTON
Art Unit
2491
Tech Center
2400 — Computer Networks
Assignee
OneTrust LLC
OA Round
4 (Non-Final)
77%
Grant Probability
Favorable
4-5
OA Rounds
0m
Est. Remaining
96%
With Interview

Examiner Intelligence

Grants 77% — above average
77%
Career Allowance Rate
176 granted / 228 resolved
+19.2% vs TC avg
Strong +19% interview lift
Without
With
+18.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
26 currently pending
Career history
251
Total Applications
across all art units

Statute-Specific Performance

§101
1.9%
-38.1% vs TC avg
§103
91.9%
+51.9% vs TC avg
§102
2.3%
-37.7% vs TC avg
§112
3.1%
-36.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 228 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendments This office action responds to the amendments filed on March 16, 2026 for application 18/189,767. Claims 1, 9, and 16 are amended, and claims 1-20 remain pending in the application. Response to Arguments The Examiner has fully considered the Applicant’s arguments filed on March 16, 2026, and the Examiner responds as provided below. Regarding the Applicant’s response at pages 9-16 of the Remarks that concerns the § 103 rejection, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to the pending claims because the arguments do not apply to one of the references currently used in the rejection of the aforementioned claims as detailed below. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The following conventions apply to the mapping of the prior art to the claims: Italicized text – claim language. Parenthetical plain text – Examiner’s citation and explanation. Citation without an explanation – an explanation has been previously provided for the respective limitation(s). Quotation marks – language quoted from a prior art reference. Underlining – language quoted from a claim. Brackets – material altered from either a prior art reference or a claim, which includes the Examiner’s explanation that relates a claim limitation to the quoted material of a reference. Braces – a limitation taught by another reference, but the limitation is presented with the mapping of the instant reference for context. Numbered superscript – a first phrase to be moved upwards to the primary reference analysis. Lettered superscript – a second phrase to be moved after the movement of the first phrase from which it was lifted, or more succinctly, move numbered material first, lettered material last. A. Claims 1-3, 7-10, 14-17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Correia Villa Real et al. (US 2023/0142102, “Correia”) in view of Bulut et al. (US 2021/0357392, “Bulut”). Regarding Claim 1 Correia discloses A method (abstract) comprising: 1 … to a data control (¶ [0039], “The regulations associated with the regulation codes [regulatory framework] can include privacy law regulations that instruct how user data is to be handled [via a data control that restricts the use of data as dictated by the “regulation codes”/regulatory framework] and stored including the geographies in which the user data can be stored.”, i.e., the combination of Correia and Bulut suggests Correia is employed to detect regulations of PII and Bulut is employed to detect changes to those regulations), wherein the dataset describes a regulatory framework and the data control is used in handling target data (Fig. 3B, ¶¶ [0046]-[0047], “Referring to FIG. 3B, at block 320, in response to the classification of sensitive being output from model 210, software application 204 is configured to perform the action of request 212 on corresponding one of remote databases [possessing target data] 222A, 222B, 222C through 222Z. For example, if the user of user computer system 230 is in ‘Country D’ which has a regulation code [for data control], software application 204 is configured to transfer [handling target data] the information of request 212 and/or cause the information of request 212 to be transferred over network 270 to remote database 222D on computer system 220 in the geographical location/region of D (i.e., ‘Country D’).”); and responsive to identifying the change to the data control (¶ [0039]): processing, by the computing hardware and using a featurization technique, at least a portion of the dataset describing the regulatory framework (¶ [0077], “Responsive to the request 212 being a store command, software application 204 is configured to determine a regulation code (e.g., from regulation code database 218) associated with the request 212, the regulation code [as regulatory framework] comprising the requirement (e.g., a privacy rule or regulation [as a portion of the dataset] indicating the geographical location/region where user data is to be stored). Software application 204 is configured to select the remote database (e.g., remote database 222D) associated with the geography meeting the requirement of the regulation code.”) to generate a feature representation of the change to the data control (¶ [0075], “Software application 204 is configured to cause feature extraction model 208 to convert the information of the request 212 into feature [representation] vectors 702 and convert [generate] the feature vectors 702 into a document vector 704 that is used by the model 210 to determine that the information relates to [and corresponding to a change to the data control for managing] the sensitive data.”; and ¶ [0048], “FIGS. 6A and 6B depict a flowchart of a computer-implemented method 600 for using model 210 to classify sensitive data and non-sensitive data to be utilized for keeping databases compliant with data protection regulations such that the data can be transferred [as a change to the data control] to compliant geographies in accordance with one or more embodiments.”), wherein the portion of the dataset comprises content on the {change (Bulut ¶¶ [0062]-[0065])} to the data control (¶ [0039], “The regulations associated with the regulation codes can include privacy law regulations [comprising the portion of the dataset that encompasses content for data control] that instruct how user data is to be handled and stored including the geographies in which the user data can be stored.”) and the feature representation comprises a plurality of feature attributes representing the content of the change to the data control (Fig. 4, ¶¶ [0039]-[0044], “A feature [attributes] vector is an n-dimensional vector of numerical features that represent some object [the content of the change of the data control]. The feature extraction model 208 generates a paragraph identification (ID) feature vector that identifies the document and/or request 212. Additionally, software application 204 is configured to provide the regulation code and country code [for data control] to feature extraction model 208 as additional tokens, such that feature extraction model 208 generates additional feature vectors for the regulation code and country code, respectively. The feature vectors 402 are the word vectors that hold the numeric representation and represent the concept of a paragraph [corresponding to a portion of the dataset].”); processing, by the computing hardware and using a first machine-learning model, the feature representation of the change of the data control to generate a plurality of tags, wherein the plurality of tags represents characteristics of the change made to the data control (Fig. 4, ¶¶ [0041]-[0044], “At block 314, as part of training a [first] machine learning model 210, software application 204 [run on the computer hardware] is configured to input to model 210 the document vector 404 having feature [representation] vectors 402, weights corresponding to each of feature vectors 402, and the sensitive/non-sensitive tag [with sensitive data being subject to a change made to the data control based upon the regulations/regulatory framework that protects data privacy].”); processing, by the computing hardware and using a second machine-learning model, the plurality of tags to generate at least one of an applicable domain or an applicable jurisdiction for the data control (¶¶ [0037]-[0039], “As understood by one of ordinary skill in the art, NLP combines computational linguistics such as rule-based modeling of human language with statistical, machine learning, and deep learning models.”; “Using NLP, software application 204 is configured to capture semantic meaning from the unstructured text and/or structured text of request 212 and/or the header information associated with request 212. Particularly, software application 204 can scan request 212 for a country code [with an associated applicable domain or an applicable jurisdiction]. For example, text processing can determine in request 212 (and/or header information associated with request 212) that the term ‘Country D’ is the name of a country. Accordingly, software application 204 is configured to send the name ‘Country D’ to a geotagging service [as a second machine-learning model] which includes reverse geocoding in order to convert the name of the country (e.g., ‘Country D’) to its latitude and longitude coordinates.”; and ¶ [0033], “FIG. 2 is a block diagram of an example computing environment 200 which is configured to keep databases compliant with data protection regulations by sensing the presence of sensitive data and transferring the data [as data control for the applicable jurisdiction or domain] to compliant geographies according to one or more embodiments of the inventions.”); identifying, by the computing hardware and based on the at least one of the applicable domain or the applicable jurisdiction, a computing system used in handling the target data that is affected by the change to the data control (Fig. 2, ¶¶ [0045]-[0047], “For illustration purposes, computer systems 220A, 220B, 220C, through 220Z are each respectively in geographical location/region A, B, C, through Z, which are different from the geographical location/region of local databases 214 and services 240 [all representing a respective computing system used in handling target data]. Each geographical location/region can have a regulation code [with an applicable domain or jurisdiction for data control of sensitive information] in regulation database 218 that identifies the rules about saving types of user [target] data in a foreign geography that is different from the citizenship of the user.”); and responsive to identifying the computing system, coordinating, by the computing hardware, an action to be performed with respect to the computing system to address the change to the data control (Figs. 6A-6B, ¶ [0048], “FIGS. 6A and 6B depict a flowchart of a computer-implemented method 600 for using model 210 to classify sensitive data and non-sensitive data to be utilized for keeping databases compliant with data protection regulations such that the data can be transferred [from the non-compliant computing system as an action performed to address change to the data control] to compliant geographies in accordance with one or more embodiments.”). Correia doesn’t disclose 1 comparing, by computing hardware, a first version of a dataset and a second version of the dataset to identify a change… Bulut, however, discloses 1 comparing, by computing hardware (¶ [0051], “In the context of software, the blocks represent computer readable and executable program instructions that, when executed by one or more processors, perform the recited operations.”), a first version of a dataset and a second version of the dataset to identify a change… (Fig. 8, ¶¶ [0062]-[0065], “Changes in control descriptions, or the text of the regulation [dataset], may be determined by lexical and/or semantic textual comparison techniques, for example.”; “FIG. 8 is a flowchart 300 of an example of the use of lexical analysis to identify and classify changes in different versions of a regulation [dataset].”; “The control descriptions in the first version V1 [of a dataset] and the second version V2 [of a dataset] are retrieved from the mapping database 102 in the system 100 of FIG. 4 and from the regulation repository 154 and/or the RAM 176 of the system 150 of FIGS. 5 and 6, for example.”; and “The texts of the corresponding control descriptions are compared, in Block 306.”) Regarding the combination of Correia and Bulut, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the regulatory monitoring system of Correia to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C). To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C): 1) the prior art contained a base system, namely the regulatory monitoring system of Correia, upon which the claimed invention can be seen as an “improvement” through the use of a change-of-text detection feature; 2) the prior art contained a “comparable” system, namely the text monitoring system of Bulut, that has been improved in the same way as the claimed invention through the change-of-text detection feature; and 3) one of ordinary skill in the art could have applied the known improvement technique of applying the change-of-text detection feature to the base regulatory monitoring system of Correia, and the results would have been predictable to one of ordinary skill in the art. Regarding Claim 2 Correia in view of Bulut (“Correia-Bulut”) discloses the method of Claim 1, and Correia further discloses wherein the {change (Bulut ¶¶ [0062]-[0065])} to the data control (¶ [0039]) comprises an addition of a control action performed for implementing the data control and the action comprises automatically setting up a task to have the control action performed on the computing system (Fig. 5, ¶ [0047], “To facilitate future data retrieval [as an additional control action that can be performed automatically by the computing system as a task upon the requirement to remotely store data as an implementation of the data control for managing data according to regulations], software application 204 may store in local database 214 a flag or bit indicating that a row is remote.”). Regarding the combination of Correia and Bulut, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 2. Regarding Claim 3 Correia-Bulut discloses the method of Claim 1, and Correia further discloses wherein the {change (Bulut ¶¶ [0062]-[0065])} to the data control (¶ [0039]) comprises a modification to a control action performed for implementing the data control and the action comprises automatically setting up a task to have the modification of the control action performed on the computing system (Figs. 5 & 11, ¶ [0067], “At block 1106, if (YES) there is a (sensitive) remote flag/bit 520 set and if the row(s) corresponding to request 212 is not stored in the table of local database 214, software application 204 is configured to retrieve the remote server address (i.e., the pointer, remote row ID, etc.) [i.e., the pointer is a modification to a control action of retrieving remotely stored data that is implemented for data control, the pointer and use thereof is automatically set up as a task on the computer system to enable the retrieval of the remote data] of the remote server (e.g., computer system 220). Again, the remote server may be computer system 220D and the remote server address may be saved in the local row of local database 214.”). Regarding the combination of Correia and Bulut, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 3. Regarding Claim 7 Correia-Bulut discloses the method of Claim 1, and Correia further discloses wherein identifying, based on the at least one of the applicable domain or the applicable jurisdiction, the computing system used in handling the target data that is affected by the change to the data control (Fig. 2, ¶¶ [0045]-[0047]) comprises: retrieving a subscription profile of an entity associated with the computing system, wherein the subscription profile identifies at least one of a domain in which the entity operates or a jurisdiction in which the computing system is located (¶¶ [0035]-[0036], “The desired action to be performed on local database [in which the entity operates or a jurisdiction in which the computing system is located] 214 could be to insert/store data, update data, delete data, select/read data, etc., on and/or associated with local database 214 coupled to computer system 202. Local database 214 can be representative of numerous local databases in a local geography. The local geography may be, for example, in the United States, in North America, etc. Computer systems 220A, 220B, 220C through 220Z can be representative of a foreign geography and/or foreign region such as, for example, Country A, B, C through Z.”; and “For explanation purposes, request 212 may include the following database command/information: “Insert into users(name, country, comments) [as a subscription profile, i.e., such information about Joe is commonly submitted by Joe subscribing to some Internet service] Values(‘Joe’; ‘Country D’, ‘Joe has completed his task’)”.”); and comparing at least one of the applicable domain to the domain or the applicable jurisdiction to the jurisdiction to determine a match between the at least one of the applicable domain and the domain or the applicable jurisdiction and the jurisdiction (¶¶ [0046]-[0047], “For illustration purposes, computer systems 220A, 220B, 220C, through 220Z are each respectively in geographical location/region A, B, C, through Z, which are different [as determined via a comparison] from the geographical location/region of local databases 214 [with respective jurisdictions and domains] and services 240. Each geographical location/region can have a regulation code in regulation database 218 that identifies the rules about saving types of user data in a foreign geography that is different from the citizenship of the user.”; and “For example, if the user of user computer system 230 is in ‘Country D’ which has a [matching] regulation code [within its respective jurisdiction or domain], software application 204 is configured to transfer the information of request 212 and/or cause the information of request 212 to be transferred over network 270 to remote database 222D on computer system 220 in the geographical location/region of D (i.e., ‘Country D’).”). Regarding Claim 8 Correia-Bulut discloses the method of Claim 1, and Correia further discloses wherein the action (Figs. 6A-6B, ¶ [0048]) is performed based on identifying the regulatory framework from a subscription profile for an entity associated with the computing system (¶ [0049], “For explanation purposes, request 212 may include the following database command/information: “Insert into users(name, country, comments) [as a subscription profile with a location for identifying a regulatory framework] Values(‘Joe [as an entity associated with the computing system]’; ‘Country D’, ‘Joe has completed his task’)”.”). Regarding Independent Claims 9 and 16 With respect to independent claims 9 and 16, a corresponding reasoning as given earlier for independent claim 1 applies, mutatis mutandis, to the subject matter of claims 9 and 16. Therefore, claims 9 and 16 are rejected, for similar reasons, under the grounds set forth for claim 1. Regarding Dependent Claims 10, 14, 17 and 20 With respect to dependent claims 10, 14, 17, and 20, a corresponding reasoning as given earlier for dependent claims 2 and 7 applies, mutatis mutandis, to the subject matter of claims 10, 14, 17, and 20. Therefore, claims 10, 14, 17, and 20 are rejected, for similar reasons, under the grounds set forth for claims 2 and 5. Regarding Dependent Claim 15 With respect to dependent claim 15, a corresponding reasoning as given earlier for dependent claim 8 applies, mutatis mutandis, to the subject matter of claim 15. Therefore, claim 15 is rejected, for similar reasons, under the grounds set forth for claim 8. B. Claims 4-5, 11-12, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Correia in view of Bulut, and further in view of Pondicherry et al. (US 2020/0111023, “Pondicherry”). Regarding Claim 4 Correia-Bulut discloses the method of Claim 1, and Correia further discloses wherein the action (Figs. 6A-6B, ¶ [0048]) comprises…1 Correia-Bulut doesn’t disclose 1 …sending an electronic notification of the change to the data control to an entity associated with the computing system. Pondicherry, however, discloses 1 …sending an electronic notification of the change to the data control to an entity associated with the computing system (Fig. 13, ¶ [0056], “The action board 1320 includes a plurality of content types such as the various actions and notifications that are manually or automatically derived from the various regulatory documents [or the change to data control as suggested in ¶ [0020]] for the user [entity associated with the computing system] 1306. In an example, the action board 1320 can be configured to connect to a plurality of tools such as the user's 1306 email [for an electronic notification], project management software, chat boards, etc., via the tools' corresponding application programming interfaces (APIs) and a search can be set up with specific keywords or specific subject matter in order to populate the action board 1320.”). Regarding the combination of Correia-Bulut and Pondicherry, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the regulatory monitoring system of Correia-Bulut to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C). To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C): 1) the prior art contained a base system, namely the regulatory monitoring system of Correia-Bulut, upon which the claimed invention can be seen as an “improvement” through the use of a notification feature; 2) the prior art contained a “comparable” system, namely the regulatory monitoring system of Pondicherry, that has been improved in the same way as the claimed invention through the notification feature; and 3) one of ordinary skill in the art could have applied the known improvement technique of applying the notification feature to the base regulatory monitoring system of Correia-Bulut, and the results would have been predictable to one of ordinary skill in the art. Regarding Claim 5 Correia-Bulut discloses the method of Claim 4, and Pondicherry further discloses further comprising determining, by the computing hardware, a priority level associated with the change to the data control (¶ [0020]), wherein the priority level is based on a requirement for implementing the change to the data control and at least one of a timing for sending the electronic notification or a recipient of the electronic notification is based on the priority level (¶ [0036], “The actions [such as the change to the data control] 174 thus determined can be conveyed to the users by an alert generator 172 that generates and transmits alerts via emails, text messages, etc., to the users. … The actions 174 can each be associated with a priority [level] that is indicative of one or more of the [requirement] time period in which each action is to be completed [including the timing for sending the electronic notification, where it is obvious to one skilled in the art that a higher priority level has an associated notification sent in a shorter time period].”). Regarding the combination of Correia-Bulut and Pondicherry, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the regulatory monitoring system of Correia-Bulut to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C). To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C): 1) the prior art contained a base system, namely the regulatory monitoring system of Correia-Bulut, upon which the claimed invention can be seen as an “improvement” through the use of a priority feature; 2) the prior art contained a “comparable” system, namely the regulatory monitoring system of Pondicherry, that has been improved in the same way as the claimed invention through the priority feature; and 3) one of ordinary skill in the art could have applied the known improvement technique of applying the priority feature to the base regulatory monitoring system of Correia-Bulut, and the results would have been predictable to one of ordinary skill in the art. Regarding Dependent Claims 11-12 and 18-19 With respect to dependent claims 11-12 and 18-19, a corresponding reasoning as given earlier for dependent claims 4 and 5 applies, mutatis mutandis, to the subject matter of claims 11-12 and 18-19. Therefore, claims 11-12 and 18-19 are rejected, for similar reasons, under the grounds set forth for claims 4 and 5. C. Claims 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Correia in view of Bulut, and further in view of DiMaggio et al. (US 2017/0249644, “DiMaggio”). Regarding Claim 6 Correia-Bulut discloses the method of Claim 1, and Correia further discloses wherein the action (Figs. 6A-6B, ¶ [0048]) comprises: identifying, by the computing hardware, the change in the data control comprises a new control action needed to be performed to implement the data control (Fig. 9, ¶ [0061], “At block 908, software application 204 is configured to cause the insertion (storage) of the request 212 on selected computer system (e.g., computer system 220D). As an example remote server which is interchangeably used as remote database server, computer system 220 (e.g., computer system 220D) is configured to insert [as a new control action] the information of request 212 in a row of remote database table of remote database [that thereby implements the data control requirement of implementing the regulation involving data management] 222 (e.g., remote database 222D) and generate a row identification (ID) at block 912.”); and 1 …. Correia-Bulut doesn’t disclose 1 sending an electronic notification comprising a recommendation based on the new control action to an entity associated with the computing system. DiMaggio, however, discloses 1 sending an electronic notification comprising a recommendation based on the new control action to an entity associated with the computing system (¶ [0053], “In an aspect, the client compliance remediation plan [such as selecting a remote database that complies with a regulation as taught by Correia ¶ [0060]] 110 can include a list of recommendations to the client that may improve its security and privacy compliancy [including the use of a remote database that complies with a regulation]. Furthermore, the client compliance remediation plan 110 can also include a recommendation approach plan that outlines best practice remediation steps, as well as a Gantt Chart outlining a Plan of Action and Milestones to implement the remediation plan. The list of recommendations to improve compliancy can be displayed in a prioritized manner.”; see also Correia ¶ [0060], “For example, software application 204 may search the respective country codes associated with computer systems 220A-220Z in respective geographical locations/regions A-Z to find a country code that meets and/or matches the county code(s) of the regulation. For example, the regulation code for request 212 may require that the request 212 be processed in geographical location/region D. In this case, software application 204 is configured to select computer system 220D with the country code for geographical location/region D.”, i.e., instead of the country code being selected as taught in Correia, the country code is made as a recommendation that the administrator then selects). Regarding the combination of Correia-Bulut and DiMaggio, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the regulatory monitoring system of Correia-Bulut to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C). To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C): 1) the prior art contained a base system, namely the regulatory monitoring system of Correia-Bulut, upon which the claimed invention can be seen as an “improvement” through the use of a recommendation feature; 2) the prior art contained a “comparable” system, namely the regulatory compliance system of DiMaggio, that has been improved in the same way as the claimed invention through the recommendation feature; and 3) one of ordinary skill in the art could have applied the known improvement technique of applying the recommendation feature to the base regulatory monitoring system of Correia-Bulut, and the results would have been predictable to one of ordinary skill in the art. Regarding Dependent Claim 13 With respect to dependent claim 13, a corresponding reasoning as given earlier for dependent claim 6 applies, mutatis mutandis, to the subject matter of claim 13. Therefore, claim 13 is rejected, for similar reasons, under the grounds set forth for claim 6. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, WILLIAM KORZUCH can be reached at (571)272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /D'Arcy Winston Straub/Primary Examiner, Art Unit 2491
Read full office action

Prosecution Timeline

Show 4 earlier events
Sep 26, 2025
Applicant Interview (Telephonic)
Sep 26, 2025
Examiner Interview Summary
Oct 13, 2025
Request for Continued Examination
Oct 21, 2025
Response after Non-Final Action
Dec 11, 2025
Non-Final Rejection mailed — §103
Mar 16, 2026
Response Filed
Apr 15, 2026
Final Rejection mailed — §103
May 05, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683790
A PROTOCOL FOR TRUSTWORTHY, PRIVACY PRESERVING GENOMIC DATABASE DISCOVERY
3y 11m to grant Granted Jul 14, 2026
Patent 12682107
SYSTEM AND METHOD FOR PROCESSING INSTRUCTIONS ASSOCIATED WITH ONE OR MORE DATA TRANSFERS
2y 4m to grant Granted Jul 14, 2026
Patent 12659734
METHOD, APPARATUS, AND SYSTEM FOR VEHICLE-TO-VEHICLE COMMUNICATIONS
3y 9m to grant Granted Jun 16, 2026
Patent 12619772
SENSITIVE INFORMATION DISCLOSURE PREDICTION SYSTEM FOR SOCIAL MEDIA USERS AND METHOD THEREOF
2y 8m to grant Granted May 05, 2026
Patent 12619755
ARTIFICIAL DATA GENERATION FOR DIFFERENTIAL PRIVACY
2y 6m to grant Granted May 05, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

4-5
Expected OA Rounds
77%
Grant Probability
96%
With Interview (+18.7%)
2y 11m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 228 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month