Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsCisco Technology Inc. › 18205331
Last updated: April 19, 2026
Application No. 18/205,331

EXTERNAL API VULNERABILITY ASSESSMENTS

Non-Final OA §103
Filed
Jun 02, 2023
Examiner
ELAHIAN, DANIEL
Art Unit
2407
Tech Center
2400 — Computer Networks
Assignee
Cisco Technology Inc.
OA Round
3 (Non-Final)
73%
Grant Probability
Favorable
3-4
OA Rounds
3y 1m
To Grant
99%
With Interview

Interview Optional

+52.6% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 37 resolved cases, 2023–2026

Examiner Intelligence

ELAHIAN, DANIEL View full profile →
Grants 73% — above average
73%
Career Allow Rate
27 granted / 37 resolved
+15.0% vs TC avg
Strong +53% interview lift
Without
With
+52.6%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
16 currently pending
Career history
53
Total Applications
across all art units

Statute-Specific Performance

§101
7.1%
-32.9% vs TC avg
§103
69.9%
+29.9% vs TC avg
§102
12.4%
-27.6% vs TC avg
§112
9.8%
-30.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 37 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The present Non-Final office action is responsive to communication received 1/2/2026. Claims 1, 6-8, 15, and 18-19 have been amended. Claims 1-20 are pending. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/02/2026 has been entered. This Action is made Non-FINAL. Response to Arguments Applicant’s arguments with respect to claims 1, 15, and 20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. The examiner brings in reference Greene to read on the newly amended limitations “a query for software bill of materials information indicative of one or more software components of the external application programming interface” and “receiving, by the process, the response to the query including the software bill of materials information indicative of the one or more software components of the external application programming interface; generating, by the process, a vulnerability assessment for the application based on the software bill of materials information returned in the response to the query;”. Greene [0014] discloses the SBOM and it indicative of the components. While Greene [0033] discloses a vulnerability assessment made using the SBOM. Claim Objections Claims 1, 15, and 20 are objected to because of the following informalities: The software bill of materials stated in the claim limitations are not bound to an endpoint as mentioned in the specification. When the claim limitation states “receiving, by the process, the response to the query including the software bill of materials information indicative of the one or more software components of the external application programming interface” there needs to be an endpoint that is associated with the “external application programming interface”. The Claim limitation “of the external application programming interface” is interpreted as “of the external application programming interface endpoint”. Clarification is kindly requested. Appropriate correction is required. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-5, 6-10, and 12-20 are rejected under 35 U.S.C. 103 as being unpatentable over Jain et al. (US 20200302050) in view of Greene et al. (US 20230222225). Regarding claim 1, Jain discloses a method, comprising: detecting, by a process, usage of an external application programming interface in execution of an application; [process 1000 can connect with external services to augment agent's functionality. For example, a distributed proxy agent can connect with an external security service such as threat intelligence, anti-virus, anti-malware or reputation service etc. that enhances agent's security related functions. (Jain et al., paragraph 91, proxy agent being able to connect with external api and process 1000 being mapped to the process)] [In step 502, the proxy agent captures the network traffic entering and exiting application process. (Jain et al. ,paragraph 62, detecting traffic/api usage during application execution)] [Example extracted information includes, inter alia: information about active services; URL of the API (e.g. the API endpoint); type of the API (e.g. JSON, XML, GRPC, etc.); schema of the API; etc. It is noted that the schema of the API can define the structure of the information carried in API's payload, headers or URLs. (Jain et al., paragraph 105, API usage and active services being mapped to application)] and performing, by the process, one or more mitigation actions based on the vulnerability assessment. [Once a deviation has been observed, system can take an action specified by the administrator of the system in step 2204. Example actions can include, inter alia: logging the deviation; sending an alert to the administrator using specified alert mechanism such as email, text or any other mechanism; generating an event that integrates with another system; blocking the API requests in the network such that the APIs are not allowed to complete; etc. (Jain et al., paragraph 164, process 2200 being mapped to the process)] transmitting, by the process, and to the external application programming interface for a list of one or more components of the external application programming interface, [the proxy agent deploys the use of deep packet inspection to operate on the input and output network traffic for the services or applications that are being protected by the proxy agent. In step 1404, the proxy agent performs a deep parsing of the network traffic and extracts the information. Example extracted information includes, inter alia: information about active services; URL of the API (e.g. the API endpoint); type of the API (e.g. JSON, XML, GRPC, etc.); schema of the API; etc. (Jain et al., paragraph 105, list of components being mapped to extracted information and process 1400 being mapped to the process)] [process 2000 for implementing a discovery/learning phase, according to some embodiments. Process 2000 can use learned APIs to create a mapping of known and allowed services and APIs in step 2002. In step 2004, the proxy agent, adapter and controller learns APIs and associated schema thereof and compiles a mapping of the APIs being used between various segments of a distributed application. In step 2006, the solution can be deployed in a discovery or learning mode. In this mode, in step 2008, the solution continues to learn APIs and update its database to create a mapping of APIs being used by different services that constitutes application. (Jain et al., paragraph 118, discovery/learning phase)] Jain fails to explicitly disclose transmitting, by the process and to the external application programming interface, a query for software bill of materials information indicative of one or more software components of the external application programming interface, the query being an explicit application-layer request to an endpoint exposed by the external application programming interface, receiving, by the process, the response to the query including the software bill of materials information indicative of the one or more software components of the external application programming interface, and generating, by the process, a vulnerability assessment for the application based on the software bill of materials information returned in the response to the query; However in an analogous art Greene discloses transmitting, by the process and to the external application programming interface, a query for software bill of materials information indicative of one or more software components of the external application programming interface, the query being an explicit application-layer request to an endpoint exposed by the external application programming interface; [Based on scanning and monitoring the software and communications of a business, the SASP 102 can provide a real-time data flow diagram, as well as generating a catalog of components and their interactions, sometimes referred to as a software bill of materials (SBOM).) (Greene et al., paragraphs 14, 15)] receiving, by the process, the response to the query including the software bill of materials information indicative of the one or more software components of the external application programming interface [The analysis module 320 may compare the data of the SBOM 314 against the known vulnerabilities, privacy concerns, or compliance requirements of database 315 to determine if any of the client systems conflicts with the database information. (Greene et al., paragraph 33)] and generating, by the process, a vulnerability assessment for the application based on the software bill of materials information returned in the response to the query; [and generating, by the process, a vulnerability assessment for the application based on the software bill of materials information returned in the response to the query; (Greene et al., paragraph 33)] Jain and Greene are considered to be analogous to the claimed invention because they are in the same field of vulnerability monitoring. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of the instant application to have modified the teachings of Jain to incorporate the teachings of Greene et al. to include transmitting, by the process and to the external application programming interface, a query for software bill of materials information indicative of one or more software components of the external application programming interface, the query being an explicit application-layer request to an endpoint exposed by the external application programming interface a query for software bill of materials information indicative a list of one or more software components of the external application programming interface, receiving, by the process, the response to the query including the software bill of materials information indicative of the one or more software components of the external application programming interface, and generating, by the process, a vulnerability assessment for the application based on the software bill of materials information returned in the response to the query, in order to identify vulnerabilities and security risks of a software ecosystem using the SBOM, (Greene et al., paragraph 13)], and recommend mitigation such as update to software code, library … for different elements of the ecosystem (Greene et al., paragraph 25). Regarding 15, Jain discloses a tangible, non-transitory, computer-readable medium having computer-executable instructions stored thereon that, when executed by a processor on a computer, cause the computer to perform a method comprising: [In some embodiments, the machine-readable medium can be a non-transitory form of machine-readable medium. (Jain et al., paragraph 188)] Please refer to claim 1 rejection for the teachings of the additional limitations. Regarding claims 2 and 16, Jain in view of Greene discloses the method as in claim 1 and the tangible, non-transitory, computer-readable medium as in claim 15, wherein detecting usage of the external application programming interface in execution of the application comprises: monitoring activity of the application; [ the proxy agent deploys the use of deep packet inspection to operate on the input and output network traffic for the services or applications that are being protected by the proxy agent. In step 1404, the proxy agent performs a deep parsing of the network traffic and extracts the information. Example extracted information includes, inter alia: information about active services; URL of the API (e.g. the API endpoint); type of the API (e.g. JSON, XML, GRPC, etc.); schema of the API; etc. It is noted that the schema of the API can define the structure of the information carried in API's payload, headers or URLs. In step 1406, for each element of the schema, process 1400 determine the type of various elements (e.g. string, int, object, array, etc.). In step 1408, for each element of the schema, process 1400 determines the value range of various elements. (Jain et al., paragraph 105)] and determining a new call made to the external application programming interface during execution of app, [The schema of the API changes. For example, for a given API, a new schema parameter is observed that was not part of learned schema; when, for a given API, an existing parameter with a different value is observed, such that the new value is not matching with the learned schema either in terms of its type or its value; when, for a given API, a new behavior is observed; etc. [0159] The amount of data that is transmitted or received by the API changes; [0160] The rate at which the API is being invoked changes; [0161] The invocation sequence in which the API is being invoked changes; [0162] The request origin (geo-location) changes; and [0163] if the user IDs that is associated with the API requests changes (e.g. a new user starts to use the API). (Jain et al., paragraph 158)] wherein the query is transmitted in response to the new call to the external application programming interface. [Once a deviation has been observed, system can take an action specified by the administrator of the system in step 2204. (Jain et al., paragraph 164)] Regarding claim 3, Jain in view of Greene discloses the method as in claim 1, wherein detecting usage of the external application programming interface in execution of the application is performed during development of the application, during deployment of the application, and/or during runtime of the application. [process 1000 can connect with external services to augment agent's functionality. For example, a distributed proxy agent can connect with an external security service such as threat intelligence, anti-virus, anti-malware or reputation service etc. that enhances agent's security related functions. (Jain et al., paragraph 91, proxy agent being able to connect with external api)] [An event can include when an application behind a specific proxy agent is making a request to another application behind another proxy-agent. (Jain et al., paragraph 60, application)] [In step 502, the proxy agent captures the network traffic entering and exiting application process application process. (Jain et al. ,paragraph 62, detecting traffic/api usage during application execution)] [Example extracted information includes, inter alia: information about active services; URL of the API (e.g. the API endpoint); type of the API (e.g. JSON, XML, GRPC, etc.); schema of the API; etc. It is noted that the schema of the API can define the structure of the information carried in API's payload, headers or URLs. (Jain et al., paragraph 105, API usage)] Regarding claim 4 and 17, Jain in view of Greene discloses the method as in claim 1 and the tangible, non-transitory, computer-readable medium as in claim 15, further comprising: learning of a new vulnerability associated with a specific component; determining whether the application has any external application programming interfaces that have that specific component; and updating the vulnerability assessment based on whether the application has any external application programming interfaces that have that specific component. [in step 2008, the solution continues to learn APIs and update its database to create a mapping of APIs being used by different services that constitutes application. (Jain et al., paragraph 118)] [Accepting the deviation implies that the observed deviation is an acceptable behavior and system should update its learned state. Once a deviation has been overridden by admins, from that point onward, system updates its learned state and consider the behavior that caused deviation to be an acceptable or expected behavior and do not raise any alerts or notifications for the accepted behavior. (Jain et al., paragraph 173)] Regarding claim 5, Jain in view of Greene discloses the method as in claim 4, further comprising: determining whether it is known that a given external application programming interface of the application has that specific component; [Process 2000 can use learned APIs to create a mapping of known and allowed services and APIs in step 2002. (Jain et al., paragraph 118)] and in response to determining that is unknown whether the given external application programming interface of the application has that specific component, querying the given external application programming interface of the application for presence of the specific component. [in step 2008, the solution continues to learn APIs and update its database to create a mapping of APIs being used by different services that constitutes application. (Jain et al., paragraph 118)] [Accepting the deviation implies that the observed deviation is an acceptable behavior and system should update its learned state. Once a deviation has been overridden by admins, from that point onward, system updates its learned state and consider the behavior that caused deviation to be an acceptable or expected behavior and do not raise any alerts or notifications for the accepted behavior. (Jain et al., paragraph 173)] Regarding claims 6 and 18, Jain in view of Greene discloses the method as in claim 1 and the tangible, non-transitory, computer-readable medium as in claim 15, wherein the software bill of materials information comprises, for the external application programming interface, a list of software ingredients including one or more of underlying software components, libraries in use, dependencies in use, or open-source code in use. [An SBOM may identify the elements in a business' computer ecosystem, such as code libraries and OS (operating system) libraries and associated version indicators, service requests generated in a computing system such as third party- and internal-facing API (application program interface) calls, what data is being shared or exchanged, third party vendors for software systems, and other information. (Greene et al., paragraph 18)] Jain and Greene are considered to be analogous to the claimed invention because they are in the same field of vulnerability monitoring. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of the instant application to have modified the teachings of Jain to incorporate the teachings of Greene et al. to include wherein the software bill of materials information comprises, for the external application programming interface, a list of software ingredients including one or more of underlying software components, libraries in use, dependencies in use, or open-source code in use, in order to identify vulnerabilities and security risks of a software ecosystem using the SBOM. (Greene et al., paragraph 13)] and recommend mitigation such as update to software code, library … for different elements of the ecosystem (Greene et al., paragraph 25). Regarding claim 7 and 19, Jain in view of Greene discloses the method as in claim 1 and the tangible, non-transitory, computer-readable medium as in claim 15, wherein the query to the external application programming interface for the software bill of materials information indicative of the list of one or more components of the external application programming interface comprises a query for a full list of all components of the external application programming interface. [Based on scanning and monitoring the software and communications of a business, the SASP 102 can provide a real-time data flow diagram, as well as generating a catalog of components and their interactions, sometimes referred to as a software bill of materials (SBOM).) (Greene et al., paragraph 14)] Jain and Greene are considered to be analogous to the claimed invention because they are in the same field of vulnerability monitoring. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of the instant application to have modified the teachings of Jain to incorporate the teachings of Greene et al. to include wherein the query to the external application programming interface for the software bill of materials information indicative of the list of one or more components of the external application programming interface comprises a query for a full list of all components of the external application programming interface, in order to identify vulnerabilities and security risks of a software ecosystem using the SBOM. (Greene et al., paragraph 13)] and recommend mitigation such as update to software code, library … for different elements of the ecosystem (Greene et al., paragraph 25). Regarding claim 8, Jain in view of Greene discloses the method as in claim 1, wherein the query to the external application programming interface for the software bill of materials information indicative of the one or more components of the external application programming interface comprises a query for presence of one or more specifically queried components of the external application programming interface. [Based on scanning and monitoring the software and communications of a business, the SASP 102 can provide a real-time data flow diagram, as well as generating a catalog of components and their interactions, sometimes referred to as a software bill of materials (SBOM).) (Greene et al., paragraph 14)] Jain and Greene are considered to be analogous to the claimed invention because they are in the same field of vulnerability monitoring. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of the instant application to have modified the teachings of Jain to incorporate the teachings of Greene et al. to include wherein the query to the external application programming interface for the software bill of materials information indicative of the one or more components of the external application programming interface comprises a query for presence of one or more specifically queried components of the external application programming interface, in order to identify vulnerabilities and security risks of a software ecosystem using the SBOM. (Greene et al., paragraph 13)], and recommend mitigation such as update to software code, library … for different elements of the ecosystem (Greene et al., paragraph 25). Regarding claim 9, Jain in view of Greene discloses the method as in claim 1, wherein the application is selected from a group consisting of: an application; an application micro service; a workload; a containerized workload; an image; a container; a local application; and a virtual application. [ the proxy agent deploys the use of deep packet inspection to operate on the input and output network traffic for the services or applications that are being protected by the proxy agent. (Jain et al., paragraph 105, application being selected for traffic inspection)] Regarding claim 10, Jain in view of Greene discloses the method as in claim 1, wherein the vulnerability assessment corresponds to one or more of the external application programming interface in its entirety, one or more individual components of the external application programming interface, or a plurality of external application programming interfaces of the application. [In step 2304, for a given API, a possible deviation from the learned state can be determined. (Jain et al., paragraph 157, assessment of API)] [The schema of the API changes. For example, for a given API, a new schema parameter is observed that was not part of learned schema; when, for a given API, an existing parameter with a different value is observed, such that the new value is not matching with the learned schema either in terms of its type or its value; when, for a given API, a new behavior is observed; etc. The amount of data that is transmitted or received by the API changes; The rate at which the API is being invoked changes; The invocation sequence in which the API is being invoked changes; The request origin (geo-location) changes; and if the user IDs that is associated with the API requests changes (e.g. a new user starts to use the API). (Jain et al., paragraphs 158-163)] Regarding claim 12, Jain in view of Greene discloses the method as in claim 1, wherein the process is part of a cloud-native application protection platform. [a software only solution that can be run in either a publicly available computer hosting environment (e.g. a cloud-computing platform) and/or in the customer's environment. (Jain et al., paragraph 49)] Regarding claim 13, Jain in view of Greene discloses the method as in claim 1, wherein performing the one or more mitigation actions based on the vulnerability assessment comprises: triggering a customized policy action based on the vulnerability assessment. [Once a deviation has been observed, system can also allow an option to create a policy that either allows, denies or reject the behavior that caused the deviation. Administrators can review the deviation observed and administrator then can create the policy for action on the current and future occurrence of the deviation. In one embodiment, the policy can be auto-generated by the system with appropriate controls as desired by the administrator to either accept or deny the deviating behavior. (Jain et al ., paragraph 174)] Regarding claim 14, Jain in view of Greene discloses the method as in claim 1, wherein the one or more mitigation actions are selected from a group consisting of: sending an alert regarding the external application programming interface; sending a report regarding the external application programming interface; blocking certain components of the external application programming interface; blocking the external application programming interface; blocking the application; and redirecting calls to the external application programming interface. [Once a deviation has been observed, system can take an action specified by the administrator of the system in step 2204. Example actions can include, inter alia: logging the deviation; sending an alert to the administrator using specified alert mechanism such as email, text or any other mechanism; generating an event that integrates with another system; blocking the API requests in the network such that the APIs are not allowed to complete; etc. (Jain et al., paragraph 164)] Regarding claim 20, Jain discloses an apparatus, comprising: one or more network interfaces to communicate with a network; [Cloud computing can involve deploying groups of remote servers and/or software networks that allow centralized data storage and online access to computer services or resources. These groups of remote serves and/or software networks can be a collection of remote computing services. (Jain et al., paragraph 37)] a processor coupled to the one or more network interfaces and configured to execute one or more processes; [The controller also acts as an aggregation point for collecting telemetry data from distributed security mesh proxy agents and to execute various analytics to provide various insights into mesh's operation. (Jain et al., paragraph 38)] and a memory configured to store a process that is executable by the processor, the process, when executed, configured to: [Cloud computing can involve deploying groups of remote servers and/or software networks that allow centralized data storage and online access to computer services or resources. These groups of remote serves and/or software networks can be a collection of remote computing services. (Jain et al., paragraph 37)] Please refer to claim 1 rejection for the teachings of the additional limitations. Claim 11 are rejected under 35 U.S.C. 103 as being unpatentable over Jain et al. (US 20200302050) in view Greene et al. (US 20230222225) and in further view of Ye et al. (US 20210182031). Regarding claim 11, Jain in view of Greene discloses the method as in claim 1, but fails to explicitly disclose wherein the vulnerability assessment is based on one or both of Common Vulnerability Scoring System scores and bug reports and fixes for specified components. However in an analogous art Ye discloses wherein the vulnerability assessment is based on one or both of Common Vulnerability Scoring System scores and bug reports and fixes for specified components [the software bug detector 230 is used to identify software bugs and potential root causes associated with the identified bugs, as described in connection with FIGS. 3-5. (Ye et al., paragraph 32; bug fixes paragraph 16)] [The example report generator 345 generates a report indicating an identified software bug and/or a root cause of the bug. (Ye et al., paragraph 33)] Jain, Greene, and Ye are considered to be analogous to the claimed invention because they are in the same field of vulnerability detection. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Jain and Greene to incorporate the teachings of Ye et al. to include wherein the vulnerability assessment is based on one or both of Common Vulnerability Scoring System scores and bug reports and fixes for specified components, in order automatically detect bugs to help increase software development productivity by saving developers time for debugging and improve software reliability . (Ye et al., paragraph 15)] Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Reddy et al. (US 11809575) discloses the method for assessment and verification of software ill of materials across a software supply chain life cycle using blockchain. This method analyses the software asset for supply chain information to verify if it meets the minimum policy requirements for compliance based on security and vulnerability criteria. George et al. (US 20210304002) discloses a method for assessing the bill of materials determinating how components are connected and vulnerability information. Barton et al. (US 20240386349) discloses determining (based on a software bill of materials) components associated with the software application, and identifying a number of security threats. Then calculating a risk score associated with each of the applications. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL ELAHIAN whose telephone number is (703) 756-1284. The examiner can normally be reached on Monday – Friday from 7:30am to 5pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at telephone number 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). /D.E./ DANIEL ELAHIAN, Examiner, Art Unit 2407 /Catherine Thiaw/ Supervisory Patent Examiner, Art Unit 2407 2/5/2026
Read full office action

Prosecution Timeline

Jun 02, 2023
Application Filed
Feb 26, 2025
Non-Final Rejection — §103
May 21, 2025
Interview Requested
Jun 10, 2025
Applicant Interview (Telephonic)
Jun 13, 2025
Examiner Interview Summary
Aug 29, 2025
Response Filed
Sep 29, 2025
Final Rejection — §103
Dec 28, 2025
Interview Requested
Jan 02, 2026
Request for Continued Examination
Jan 17, 2026
Response after Non-Final Action
Jan 20, 2026
Applicant Interview (Telephonic)
Jan 23, 2026
Examiner Interview Summary
Feb 05, 2026
Non-Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

17/845,674
Patent 12585759
APPLICATION INTEGRITY VERIFICATION
2y 5m to grant Granted Mar 24, 2026
18/049,895
Patent 12566830
BOT DETECTION FOR A SURVEY PLATFORM
2y 5m to grant Granted Mar 03, 2026
17/867,291
Patent 12536265
SYSTEMS AND METHODS FOR PERFORMING NON-CONTACT AUTHORIZATION VERIFICATION FOR ACCESS TO A NETWORK
2y 5m to grant Granted Jan 27, 2026
18/143,470
Patent 12537698
ADVERTISEMENT OF CONFIDENTIAL COMPUTING ENVIRONMENTS
2y 5m to grant Granted Jan 27, 2026
18/059,884
Patent 12532161
COMMUNICATION APPARATUS, COMMUNICATION METHOD, AND STORAGE MEDIUM
2y 5m to grant Granted Jan 20, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
73%
Grant Probability
99%
With Interview (+52.6%)
3y 1m
Median Time to Grant
High
PTA Risk
Based on 37 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month