Prosecution Insights
Last updated: April 17, 2026
Application No. 18/202,392

CYBERSECURITY RISK TRACKING, MATURATION, AND/OR CERTIFICATION

Final Rejection §103
Filed
May 26, 2023
Examiner
LIPMAN, JACOB
Art Unit
2434
Tech Center
2400 — Computer Networks
Assignee
unknown
OA Round
4 (Final)
84%
Grant Probability
Favorable
5-6
OA Rounds
2y 10m
To Grant
98%
With Interview

Examiner Intelligence

Grants 84% — above average
84%
Career Allow Rate
654 granted / 782 resolved
+25.6% vs TC avg
Moderate +14% lift
Without
With
+14.1%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
33 currently pending
Career history
815
Total Applications
across all art units

Statute-Specific Performance

§101
3.6%
-36.4% vs TC avg
§103
39.4%
-0.6% vs TC avg
§102
31.0%
-9.0% vs TC avg
§112
17.1%
-22.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 782 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 5-7, 11-13, and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Patel et al., USPN 2021/0211452, in further view of Tamir et al., USPN 2018/0219908, in further view of Parekh et al., USPN 2022/0210196. With regard to claims 1 and 11, Patel discloses a system that utilizes a risk model (0003, 0008), including devices that at least identify cybersecurity risks (0028), measure the risks (0028, 0033), prioritize the risks (0037), and provide options for remediating the risks (0038, 0039), wherein the cybersecurity risks are prioritized based at least in part on a baseline (“at least one management action to each vulnerability” 0038) corrected at least in part using an adaptive risk model (0033, 0037, 0038, 0006, 0010, 0034, 0062). Patel discloses that part of determining the risk baseline is and a definition of possibly highest potential impacts to patients, such as not having a CT scanner available (0066), but does not specifically disclose the potential impact is to delivery of business services. Tamir discloses a system of prioritizing risk of cyber-attacks and remediation (0003, 0049-0066), similar to that of Patel, and further discloses the risk baseline is and a definition of possibly highest potential impacts to delivery of business services (0073, 0086). It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to consider the business services affected by a cyber-attack, as taught by Tamir, in the prioritization system of Patel for the motivation of improved protection and intelligent prioritization, a stated motivation of Patel (0002) and Tamir (0003). Patel in view of Tamir does not disclose the cybersecurity risks are prioritized in a framework agnostic manner. Parekh discloses a method of performing cybersecurity risk tracking (0077-0078) utilizing a risk model (0041, 0072, 0109-0117), similar to that of Patel in view of Tamir. Parekh further discloses the cybersecurity risk tracking is performed in a framework agnostic manner (0082). It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to use the agnostic cloud software of Parekh, in the risk prioritization system of Patel in view of Tamir for the motivation of improved real time protection and intelligent prioritization, as taught by Parekh (0082), and is a stated motivation of Patel (0002) and Tamir (0003). With regard to claims 2 and 12, Patel in view of Tamir in further view of Parekh discloses the system of claim 1, as outlined above, and Patel further discloses one or more of the devices include at least part of a computing infrastructure (0019). With regard to claims 3 and 13, Patel in view of Tamir in further view of Parekh discloses the system of claim 1, as outlined above, and Patel further discloses at least measuring the risks is adaptive to various inputs (0006, 0010, 0033, 0034, 0062). With regard to claims 5 and 15, Patel in view of Tamir in further view of Parekh discloses the system of claim 1, as outlined above, and Patel further discloses being adaptive to the various inputs further includes a score based process (0033, 0037). With regard to claims 6 and 16, Patel in view of Tamir in further view of Parekh discloses the system of claim 1, as outlined above, and Patel further discloses the score based process involves at least group analysis (0004, 0033). With regard to claims 7 and 17, Patel in view of Tamir in further view of Parekh discloses the system of claim 1, as outlined above, and Patel further discloses the group analysis includes at least scores for risk management (“criticality of the device in a given operation”), asset configuration and change management (“vulnerabilities and threats associated with a device”), and identity and access management (“information such as device identification”, 0033, 0034). Claims 4, 8-10, 14, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Patel in view of Tamir in further view of Parekh in further view of Hosking et al., USPN 2019/0303583. With regard to claims 4, 8, 14, and 18, Patel in view of Tamir in further view of Parekh discloses the system of claim 1, as outlined above, but does not disclose being adaptive involves machine learning. Parekh discloses using machine learning (0073), but does not go into detail on the process. Hosking discloses a system of identifying cybersecurity risks and implementing remediation (0010), similar to that of Patel, Tamir, and Parekh, and further discloses using machine learning to identify risks (0013, 0030). It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to implement the machine learning of Hosking in the system of Patel in view of Tamir in further view of Parekh for the motivation of improved identification and analysis of information, as taught by Hosking (0039), to produce more accurate scores and better prioritization. With regard to claims 9 and 19, Patel in view of Tamir in further view of Parekh in further view of Hosking discloses the system of claim 4, as outlined above, and Hosking further discloses the machine learning involves plural clients (0006, 0011, 0076-0077), and Patel further discloses the identifying risks involves plural clients (0003, 0004, 0033, 0037). With regard to claims 10 and 20, Patel in view of Tamir in further view of Parekh in further view of Hosking discloses the system of claim 4, as outlined above, and but does not disclose the machine learning does not expose any information across clients. The examiner took official notice that it is well known in the art to keep data of a device secret from other devices. This notice was not traversed, and is thus considered admitted prior art. It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to not expose any information across clients in the system of Patel in view of Tamir in further view of Parekh in further view of Hosking for the motivation of improved security by protecting sensitive data outlining vulnerabilities of a device. Response to Arguments Applicant's arguments filed 19 November 2025 have been fully considered, and in combination with the amendments to the claims filed 10 March 2025, they overcame the previous rejection. The amendment necessitated further search and consideration, which resulted in the rejection outlined above. References Cited Gill et al., USPN 2011/0126111, discloses a system identifies incidents that are likely to cause significant impact to business services (0071, 0123-0125) in a software as a service framework agnostic manner (0101), but was not seen as the best prior art to use in forming a rejection to the instant claims. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB LIPMAN whose telephone number is (571)272-3837. The examiner can normally be reached 5:30AM-6:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JACOB LIPMAN/Primary Examiner, Art Unit 2434
Read full office action

Prosecution Timeline

May 26, 2023
Application Filed
Oct 31, 2024
Non-Final Rejection — §103
Feb 04, 2025
Response Filed
Feb 09, 2025
Final Rejection — §103
Mar 10, 2025
Response after Non-Final Action
Mar 10, 2025
Interview Requested
Mar 26, 2025
Examiner Interview Summary
Mar 26, 2025
Applicant Interview (Telephonic)
Apr 04, 2025
Request for Continued Examination
Apr 22, 2025
Response after Non-Final Action
May 14, 2025
Non-Final Rejection — §103
Nov 19, 2025
Response Filed
Nov 21, 2025
Interview Requested
Dec 09, 2025
Applicant Interview (Telephonic)
Dec 09, 2025
Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12585819
SYSTEMS, METHODS, AND MEDIA FOR GENERATING DOCUMENTS CONTAINING CONFIDENTIAL INFORMATION
2y 5m to grant Granted Mar 24, 2026
Patent 12585748
RECONFIGURABLE BRAILLE BOARD-BASED AUTHENTICATION SYSTEM AND METHOD THEREFOR
2y 5m to grant Granted Mar 24, 2026
Patent 12579233
APPARATUSES, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR PROACTIVE OFFLINE AUTHENTICATION
2y 5m to grant Granted Mar 17, 2026
Patent 12530442
DEVICE FOR AUTOMATICALLY DETECTING COUPLING BETWEEN ELECTRONIC DEVICES
2y 5m to grant Granted Jan 20, 2026
Patent 12511363
METHOD AND TOKEN FOR DOCUMENT AUTHENTICATION
2y 5m to grant Granted Dec 30, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

5-6
Expected OA Rounds
84%
Grant Probability
98%
With Interview (+14.1%)
2y 10m
Median Time to Grant
High
PTA Risk
Based on 782 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month