Prosecution Insights
Last updated: July 17, 2026
Application No. 18/218,819

SYSTEM AND METHOD FOR PREDICTING AND DETECTING NETWORK AND DATA VULNERABILITY

Non-Final OA §103§112
Filed
Jul 06, 2023
Examiner
LIPMAN, JACOB
Art Unit
2434
Tech Center
2400 — Computer Networks
Assignee
Bank of America Corporation
OA Round
3 (Non-Final)
83%
Grant Probability
Favorable
3-4
OA Rounds
0m
Est. Remaining
96%
With Interview

Examiner Intelligence

Grants 83% — above average
83%
Career Allowance Rate
667 granted / 802 resolved
+25.2% vs TC avg
Moderate +13% lift
Without
With
+12.6%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
19 currently pending
Career history
824
Total Applications
across all art units

Statute-Specific Performance

§101
1.2%
-38.8% vs TC avg
§103
67.2%
+27.2% vs TC avg
§102
19.6%
-20.4% vs TC avg
§112
2.4%
-37.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 802 resolved cases

Office Action

§103 §112
CTNF 18/218,819 CTNF 80025 DETAILED ACTION Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. Claim Rejections - 35 USC § 112 07-30-01 AIA The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1, 3-8, 10-15, 17-23 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claims 1, 8, and 15, recite the limitation, “cause a transmission of the activity loss indicator and the audit resolution action to a network administrator and the user”. Applicant pointed to figure 3 and paragraphs 0110-0119 to support the amendments in the arguments filed alongside them on 5 March 2026. The examiner did not find support for transmitting the activity loss indicator and the audit resolution action to the user in these paragraphs, the figure, or in the rest of the instant specification. The specification does disclose transmission to an “activity user”, but also states that an activity user may be a customer service representative, a network administrator, a manager, and/or the like (0110), and is not seen as the user performing the user activity (0092). This limitation is therefor seen as new matter not supported by the original specification. 07-30-02 AIA The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 07-34-01 Claims 1, 3-8, 10-15, 17-23 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 1, 8, and 15, recite the limitation "the audit resolution action approval". There is insufficient antecedent basis for this limitation in the claims. Claim Rejections - 35 USC § 103 07-06 AIA 15-10-15 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-21-aia AIA Claim s 1, 3-8, 10-15, and 17-23, as best understood, are rejected under 35 U.S.C. 103 as being unpatentable over Kaidi, USPN 2022/0006834, in view of Kursun, USPN 2020/0374305 . With regard to claims 1, 8, and 15, Kaidi discloses a system for predicting and detecting network and data vulnerability (0018), the system including at least one non-transitory storage device containing instructions (0017, 0071), and at least one processing device coupled to the at least one non-transitory storage device (0067, 0071), wherein the at least one processing device, upon execution of the instructions, is configured to receive an audit request for a user activity associated with a user on a network (0020, 0034, 0046, 0033) and associated with a resource transfer of the user (0021, 0050), wherein the audit request is a request to determine whether the user activity associated with the resource transfer was malfeasant (0033, 0021), determine one or more activity characteristics relating to the user activity associated with the user on the network (0033), wherein each of the one or more activity characteristics include information relating to the user activity of the user (0034), compare the one or more activity characteristics of the audit request with one or more previous activity characteristics of one or more previous user activities of the user (0032-0034), based on the comparison of the one or more activity characteristics of the audit request with the one or more previous activity characteristics of the one or more previous user activities, determine an activity loss indicator (0035, 0052, 0034, 0033), wherein the activity loss indicator includes a likelihood of the user activity associated with the user on the network and associated with the resource transfer causing a loss to an entity associated with the network (0048, 0052, 0033, 0021), based on the activity loss indicator, determine an audit resolution action for the audit request (0057, 0033), cause a transmission of the activity loss indicator and the audit resolution action to a network administrator and the user (0034, 0057, 0064, 0065, 0033, 0034, 0028), and train a machine learning model on the activity loss indicator and the audit resolution action for the user activity (0034). Kaidi discloses blocking functions (0049), but does not disclose removing the user activity and does not disclose the user activity including at least metadata of the resource transfer that is indicative of the location of a device initiating the resource transfer of the user. Kursun discloses a system of detecting potential loss based on user activity (0007, 0049) similar to that of Kaidi, and further discloses the audited user activity including at least metadata of the resource transfer that is indicative of the location of a device initiating the resource transfer of the user (0089), removing the user activity (0082, 0095), and that an administrator can also be a user (0060). It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing data, to include data indicating the location of a device initiating the resource transfer, removing the user activity, and that a user might be an administrator account, as taught by Kursun, in the user activity audit of Kaidi, for the motivation of better protect all user from loss, better documenting and understanding malicious actors in the system to be better equipped to protect the system from attack, and to better record the activity for presentation to law enforcement, a stated motivation of Kaidi (0023). With regard to claims 3, 10, and 17, Kaidi in view of Kursun discloses the system of claim 1, as outlined above, and Kaidi further discloses causing an execution of user activity action based on at least one of the activity loss indicator or the audit resolution action, wherein the user activity action determines whether the entity is responsible for the user activity (0023, 0038). With regard to claims 4, 11, and 18, Kaidi in view of Kursun discloses the system of claim 1, as outlined above, and Kaidi further discloses the user activity action removes the user activity associated with the resource transfer from a user account associated with the user, wherein the user account includes one or more resource transfer operations executed on behalf of the user, and wherein the user activity is included in the one or more operations (0049, 0057, 0059). With regard to claims 5, 12, and 19, Kaidi in view of Kursun discloses the system of claim 1, as outlined above, and Kaidi further discloses determining one or more previous user activities from one or more known previous user activities of the user, wherein the one or more previous user activities are previous user activities in which the given previous user activity was malfeasant (0058, 0032-0034). With regard to claims 6, 13, and 20, Kaidi in view of Kursun discloses the system of claim 1, as outlined above, and Kaidi further discloses training a machine learning model to determine the one or more previous activity characteristics of the one or more previous user activities based on known malfeasance in each of the one or more previous activity characteristics of the user (0058, 0032-0034). With regard to claims 7 and 14, Kaidi in view of Kursun discloses the system of claim 1, as outlined above, and Kaidi further discloses updating a machine learning model used to determine the one or more previous activity characteristics of the one or more previous user activities using at least one of the activity loss indicator or the audit resolution action (0034, 0058, 0035), and wherein the update includes removing non-malfeasant user activities from the machine learning model (0034, 0057-0059, 0035). With regard to claim 21, Kaidi in view of Kursun discloses the system of claim 1, as outlined above, and Kaidi further discloses via the audit resolution action, removing the user activity associated with the resource transfer from a digital ledger that includes data associated with the resource transfer (0059, 0066) With regard to claim 22, Kaidi in view of Kursun discloses the system of claim 1, as outlined above, and Kaidi further discloses determining a user activity value associated with the audit request and comparing the activity value of the audit request with the one or more activity values of the previous user activities of the user (0032, 0034, 0060). With regard to claim 23, Kaidi in view of Kursun discloses the system of claim 1, as outlined above, and Kaidi further discloses the activity loss indicator includes similarities and/or differences between the user activity and one or more of the previous user activities of the user with which the user activity is compared (0032, 0034, 0060). References Cited Ramesh et al., USPN 2021/0304204, discloses a system of detecting potential malicious activity based on machine learning (Fig. 4, 0032). Response to Arguments Applicant’s arguments, filed 5 March 2026, have been fully considered and are partially persuasive. Therefore, the previous rejection has been withdrawn. However, upon further consideration, a new grounds of rejection is made, as outlined above. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB LIPMAN whose telephone number is (571)272-3837. The examiner can normally be reached 5:30AM-6:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Shayanfar can be reached at 571-270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JACOB LIPMAN/Primary Examiner, Art Unit 2434 Application/Control Number: 18/218,819 Page 2 Art Unit: 2434 Application/Control Number: 18/218,819 Page 3 Art Unit: 2434 Application/Control Number: 18/218,819 Page 4 Art Unit: 2434 Application/Control Number: 18/218,819 Page 5 Art Unit: 2434 Application/Control Number: 18/218,819 Page 6 Art Unit: 2434 Application/Control Number: 18/218,819 Page 7 Art Unit: 2434 Application/Control Number: 18/218,819 Page 8 Art Unit: 2434
Read full office action

Prosecution Timeline

Jul 06, 2023
Application Filed
May 20, 2025
Non-Final Rejection mailed — §103, §112
Aug 19, 2025
Response Filed
Sep 05, 2025
Final Rejection mailed — §103, §112
Dec 03, 2025
Applicant Interview (Telephonic)
Mar 05, 2026
Request for Continued Examination
Mar 17, 2026
Response after Non-Final Action
Jun 04, 2026
Non-Final Rejection mailed — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670245
UTILIZING MACHINE-LEARNING MODELS TO DETERMINE TAKE-OVER SCORES AND INTELLIGENTLY SECURE DIGITAL ACCOUNT FEATURES
1y 6m to grant Granted Jun 30, 2026
Patent 12657492
SYSTEMS, METHODS AND APPARATUS FOR EVALUATING STATUS OF COMPUTING DEVICE USER
2y 8m to grant Granted Jun 16, 2026
Patent 12645782
CAPTCHA AUTHENTICATION USING SMART WATCH SCRIBBLE
2y 4m to grant Granted Jun 02, 2026
Patent 12645773
Flash Token Using XR-Avatar Extracted Synthetic AI Metadata
2y 3m to grant Granted Jun 02, 2026
Patent 12632526
SYSTEMS AND METHODS FOR CONTINUOUS USER AUTHENTICATION
4y 9m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
83%
Grant Probability
96%
With Interview (+12.6%)
2y 10m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 802 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month