Prosecution Insights
Last updated: July 17, 2026
Application No. 18/219,404

SYSTEM AND METHOD FOR SECURE NETWORK ACCESS MANAGEMENT USING A DYNAMIC CONSTRAINT SPECIFICATION MATRIX

Final Rejection §103
Filed
Jul 07, 2023
Examiner
BENGZON, GREG C
Art Unit
2444
Tech Center
2400 — Computer Networks
Assignee
Bank of America Corporation
OA Round
4 (Final)
58%
Grant Probability
Moderate
5-6
OA Rounds
10m
Est. Remaining
64%
With Interview

Examiner Intelligence

Grants 58% of resolved cases
58%
Career Allowance Rate
284 granted / 487 resolved
At TC average
Moderate +6% lift
Without
With
+5.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 11m
Avg Prosecution
34 currently pending
Career history
531
Total Applications
across all art units

Statute-Specific Performance

§101
0.8%
-39.2% vs TC avg
§103
96.6%
+56.6% vs TC avg
§102
1.5%
-38.5% vs TC avg
§112
0.5%
-39.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 487 resolved cases

Office Action

§103
DETAILED ACTION This application has been examined. Claims 1,4-7,15,18-20 are pending. Claims 2-3,8-14,16-17 are cancelled. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Making Final Applicant's arguments filed 4/27/2026 have been fully considered but they are moot in view of the new grounds for rejection. The claim amendments regarding -- ‘determine a usage amount for at least one of the first application and the second application by the user’ -- and -- ‘wherein the usage amount comprises: browsing information, wherein the browsing information comprises which pages of the one or more applications was accessed’ -- clearly change the literal scope of the independent and dependent claims and/or the range of equivalents for such claims. The said amendments alter the scope of the claims but do not overcome the disclosure by the prior art as shown below. The Examiner is presenting new grounds for rejection as necessitated by the claim amendments and is thus making this action FINAL. Response to Arguments Applicant's arguments filed 4/27/2026 have been fully considered but they are moot in view of the new grounds for rejection. Gutesman-Mohanty-BenNoon disclosed (re. Claim 1) determine the plurality of potential malfeasant approval combinations, wherein each of the plurality of potential malfeasant approval combinations (Gutesman-Paragraph 30,matrices express conflicting actions in the business-critical application … Two actions are considered to be in conflict if a user is authorized to execute both inside the same business-critical application,Paragraph 131, find real SoD conflict executions, and not only improper authorization assignments. It will show whether a user is executing two parts of the same process flow in which another person should be involved, thus bypassing process controls) comprises two or more applications that one or more users on the network should not be authorized for access simultaneously; (Mohanty-Column 12 Lines 55-65, the business application manager 102 can detect issues across the subsystems 104-108… if a user can update a vendor in one subsystem and make a payment in another subsystem, the application manager 102 will discover both and then report from which role in which system the match was found.) Gutesman-Mohanty-BenNoon disclosed (re. Claim 1) determine a usage amount for at least one of the first application and the second application by the user, wherein the usage amount indicates an amount that given application was accessed, used, or opened on an end-point device associated with the user,(Mohanty-Column 11 Lines 30-35, Risk reports presenting risks or conflicts, the occurrence of critical transactions by user or role or profile or HR object) related application information, wherein the related application information comprises which applications were accessed simultaneously or sequentially (Mohanty-Column 12 Lines 55-65, the business application manager 102 can detect issues across the subsystems 104-108… if a user can update a vendor in one subsystem and make a payment in another subsystem, the application manager 102 will discover both and then report from which role in which system the match was found.) data access information, wherein the data access information comprises application data accessed by the user;(Gutesman-Paragraph 53, for database connections, the table and the database query being executed may be extracted ) usage information wherein the usage information comprises usage time of the application;(Gutesman-Paragraph 39, the timestamp of the moment the action was captured by the system) generate, using the artificial intelligence model and the potential malfeasance indication, a potential malfeasant activity confidence level, wherein the potential malfeasant activity confidence level is generated using known malfeasant user activity and expected user activity for the user; (BenNoon-Paragraph 71, Values for U-CRP(n) components may include risk estimates values, optionally derived from U-KPI(n) components values, for at least one or any combination of more than one of: careless permissions management; or risk estimate for user abusing privilege to MyCompany resources,Paragraph 84, Paragraph 107,An anomaly in user profile U-PRF(n) may be a change in a value for a user risk estimate ucrp.sub.n,r of the set U-CRP(n) such as a risk estimate for reckless clicking on actionable content or careless permissions management greater than a standard deviation for the estimate.) While Gutesman-Mohanty-BenNoon substantially disclosed the claimed invention Gutesman-Mohanty-BenNoon does not disclose (re. Claim 1) wherein the usage amount comprises: browsing information, wherein the browsing information comprises which pages of the one or more applications was accessed Kulathumani Paragraph 26,Paragraph 29 disclosed wherein activity data includes user-level data that includes names of applications run, titles of pages opened, URLs accessed, numbers of certain occurrences. Kulathumani Paragraph 4 disclosed recording user activity data representing activities by a plurality of users within the tenant at endpoints on a computer network associated with the tenant. Kulathumani Paragraph 145 disclosed activity or combination of activity classes performed within some predetermined amount of time. Kulathumani disclosed (re. Claim 1) wherein the usage amount comprises: browsing information, wherein the browsing information comprises which pages of the one or more applications was accessed (Kulathumani-Paragraph 26,Paragraph 29, activity data includes user-level data that includes names of applications run, titles of pages opened, URLs accessed, numbers of certain occurrences) Gutesman and Kulathumani are analogous art because they present concepts and practices regarding authorization enforcement. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Kulathumani into Gutesman-Mohanty. The motivation for the said combination would have been to enable detecting internal user behavior threats in a multi-tenant software as a service (SaaS) security system by comparing a user's behavior (e.g., a single user activity or single user activity-set) to that user's own prior behavior patterns and furthermore comparing user behavior to that of other users in the tenant) (e.g., based on prior user activities and user activity-sets by that user).(Kulathumani-Paragraph 126) Priority The effective date of the claims described in this application is July 7, 2023. Information Disclosure Statement The Applicant is respectfully reminded that each individual associated with the filing and prosecution of a patent application has a duty of candor and good faith in dealing with the Office, which includes a duty to disclose to the Office all information known to that individual to be material to patentability as defined in 37 CFR 1.56. There were no information disclosure statements filed with this application. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1,4-7,15,18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gutesman (USPGPUB 2016/0119380) further in view of Mohanty (US Patent 8713461) further in view of Ben-Noon (USPGPUB 2024/0045953) further in view of Kulathumani (USPGPUB 2025/0005145) Regarding Claim 1 Gutesman Paragraph 5 disclosed tools to check the permissions assigned to users by checking them against what is commonly known as the incompatibility matrices (or SoD matrices). Gutesman Paragraph 30 disclosed wherein these matrices express conflicting actions in the business-critical application and are an input to the present embodiments. Two actions are considered to be in conflict if a user is authorized to execute both inside the same business-critical application. Conflicting actions could lead to fraudulent business activity. Avoiding fraud is the ultimate goal of the SoD analysis. Gutesman disclosed (re. Claim 1) a system for secure network access management using a dynamic constraint specification matrix, the system comprising: at least one non-transitory storage device containing instructions; and at least one processing device coupled to the at least one non-transitory storage device, wherein the at least one processing device, upon execution of the instructions, is configured to: receive an application access log associated with a user of a network, wherein the application access log comprises one or more approved applications for which the user has access;(Gutesman-Paragraph 36,Paragraph 39, polling the software application and/or logs where the actions executed by users inside the software application are stored) determine a potential malfeasance indication for the user based on the application access log, (Gutesman-Paragraph 37, verify if a potential fraud has already been committed, by detecting the execution of conflicting actions,Paragraph 39, SoD conflict detection engine 100 reads the conflict rules database 107 and the user authorization tables 102 present in every business-critical application, stored in the database systems of the application) and wherein each of the one or more potential malfeasant approval combinations comprises two or more actions that one or more users on the network should not be authorized for access simultaneously; (Gutesman-Paragraph 30,matrices express conflicting actions in the business-critical application … Two actions are considered to be in conflict if a user is authorized to execute both inside the same business-critical application,Paragraph 131, find real SoD conflict executions, and not only improper authorization assignments. It will show whether a user is executing two parts of the same process flow in which another person should be involved, thus bypassing process controls) and cause an execution of an investigation action, wherein the investigation action determines whether access for at least one of the first application or the second application was approved for the user.(Gutesman-Paragraph 165, facilitates the investigation to detect fraudulent actions in the period and for the user under analysis.) While Gutesman substantially disclosed the claimed invention Gutesman does not disclose (re. Claim 1) wherein the potential malfeasance indication is based on a first application of the one or more approved applications and a second application of the one or more approved applications that correspond to one of one or more potential malfeasant approval combinations. Mohanty Column 12 Lines 45-50 disclosed cross-application analysis to detect risk (e.g., the potential for violations of the guidelines 160) occurring across multiple business application subsystems, even though no risk may be present within one business application subsystem or another. Mohanty disclosed (re. Claim 1) wherein the potential malfeasance indication is based on a first application of the one or more approved applications and a second application of the one or more approved applications that correspond to one of one or more potential malfeasant approval combinations.(Mohanty-Column 12 Lines 55-65, the business application manager 102 can detect issues across the subsystems 104-108… if a user can update a vendor in one subsystem and make a payment in another subsystem, the application manager 102 will discover both and then report from which role in which system the match was found.) Gutesman and Mohanty are analogous art because they present concepts and practices regarding separation of duty and authorization enforcement. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Mohanty into Gutesman. The motivation for the said combination would have been to enable the approver to isolate which specific role or combination of roles is the cause of the segregation of duties violations.(Mohanty-Column 11 Lines 45-50) Gutesman-Mohanty disclosed (re. Claim 1) analyze data associated with a plurality of users aggregated from a plurality of channels to generate a plurality of potential malfeasant approval combinations; (Gutesman-Paragraph 6, permissions for every single user are extracted from the business-critical applications and then the matrices are filled. After these steps have been completed, an analyst proceeds to process the information obtained and reporting all the incompatibilities that should be fixed.) generate, using the plurality of potential malfeasant approval combinations and domain- specific knowledge of one or more analysists, a dynamic constraint specification matrix (Gutesman-Paragraph 6, permissions for every single user are extracted from the business-critical applications and then the matrices are filled. After these steps have been completed, an analyst proceeds to process the information obtained and reporting all the incompatibilities that should be fixed.) determine, based on the user simultaneously accessing two or more applications (Mohanty-Column 12 Lines 55-65, the business application manager 102 can detect issues across the subsystems 104-108… if a user can update a vendor in one subsystem and make a payment in another subsystem, the application manager 102 will discover both and then report from which role in which system the match was found.) of the one or more approved applications that correspond to a potential malfeasant approval combination of the dynamic constraint specification matrix, a potential malfeasance indication for the user based on the application access log (Gutesman-Paragraph 37, verify if a potential fraud has already been committed, by detecting the execution of conflicting actions,Paragraph 39, SoD conflict detection engine 100 reads the conflict rules database 107 and the user authorization tables 102 present in every business-critical application, stored in the database systems of the application) cause an execution of an investigation action, wherein the investigation action determines whether access for at least one of the first application or the second application was approved for the user.(Gutesman-Paragraph 165, facilitates the investigation to detect fraudulent actions in the period and for the user under analysis.) While Gutesman-Mohanty substantially disclosed the claimed invention Gutesman-Mohanty does not disclose (re. Claim 1) analyze, using an artificial intelligence model, data associated with a plurality of users and generate, using the artificial intelligence model and the potential malfeasance indication, a potential malfeasant activity confidence level; and cause, if the potential malfeasant activity confidence level is above a threshold, an execution of an investigation action. BenNoon Paragraph 103 disclosed wherein security analytics comprises processing monitoring data to identify an anomalous event that might indicate a risk for cyber damage and/or infringement of MyCompany policy. Response to the anomalous event may comprise invoking an ICAP procedure optionally similar to ICAP 200 illustrated by flow diagram 200 in FIGS. 3A-3C to curtail user permissions and/or access to data in a resource analyze, an artificial intelligence model, data associated with a plurality of users (BenNoon-Paragraph 78, using an artificial intelligence (AI) for example, a machine learning algorithm, such as a decision tree or clustering algorithm, or a convolutional neural network (CNN), educated by supervised and/or unsupervised learning.) generate, using the artificial intelligence model and the potential malfeasance indication, a potential malfeasant activity confidence level; the potential malfeasant activity confidence level is above a threshold.(BenNoon-Paragraph 71, Values for U-CRP(n) components may include risk estimates values, optionally derived from U-KPI(n) components values, for at least one or any combination of more than one of: careless permissions management; or risk estimate for user abusing privilege to MyCompany resources,Paragraph 84, Paragraph 107,An anomaly in user profile U-PRF(n) may be a change in a value for a user risk estimate ucrp.sub.n,r of the set U-CRP(n) such as a risk estimate for reckless clicking on actionable content or careless permissions management greater than a standard deviation for the estimate.) Gutesman and BenNoon are analogous art because they present concepts and practices regarding separation of duty and authorization enforcement. Before the time of the effective filing date of the claimed invention it would have been obvious to combine BenNoon into Gutesman. The motivation for the said combination would have been to implement a high resolution observation (HIRO) procedure for observing activity of a user operating the UE.sub.e to interact with MyCompany resources (BenNoon-Paragraph 97) Gutesman-Mohanty-BenNoon disclosed (re. Claim 1) generate, via an artificial intelligence model, a plurality of potential malfeasant approval combinations, (BenNoon-Paragraph 71, Values for U-CRP(n) components may include risk estimates values, optionally derived from U-KPI(n) components values, for at least one or any combination of more than one of: careless permissions management; or risk estimate for user abusing privilege to MyCompany resources,Paragraph 84, Paragraph 107,An anomaly in user profile U-PRF(n) may be a change in a value for a user risk estimate ucrp.sub.n,r of the set U-CRP(n) such as a risk estimate for reckless clicking on actionable content or careless permissions management greater than a standard deviation for the estimate.) wherein at least one input to the artificial intelligence model comprises historical access data associated with a plurality of users aggregated from a plurality of channels, (Gutesman-Paragraph 6, permissions for every single user are extracted from the business-critical applications and then the matrices are filled. After these steps have been completed, an analyst proceeds to process the information obtained and reporting all the incompatibilities that should be fixed.) wherein at least one output of the artificial intelligence model comprises the plurality of potential malfeasant approval combinations, and wherein the artificial intelligence model is trained based on user input labeling of known malfeasant approval combinations (Gutesman-Paragraph 6, permissions for every single user are extracted from the business-critical applications and then the matrices are filled. After these steps have been completed, an analyst proceeds to process the information obtained and reporting all the incompatibilities that should be fixed.) Gutesman-Mohanty-BenNoon disclosed (re. Claim 1) determine the plurality of potential malfeasant approval combinations, wherein each of the plurality of potential malfeasant approval combinations (Gutesman-Paragraph 30,matrices express conflicting actions in the business-critical application … Two actions are considered to be in conflict if a user is authorized to execute both inside the same business-critical application,Paragraph 131, find real SoD conflict executions, and not only improper authorization assignments. It will show whether a user is executing two parts of the same process flow in which another person should be involved, thus bypassing process controls) comprises two or more applications that one or more users on the network should not be authorized for access simultaneously; (Mohanty-Column 12 Lines 55-65, the business application manager 102 can detect issues across the subsystems 104-108… if a user can update a vendor in one subsystem and make a payment in another subsystem, the application manager 102 will discover both and then report from which role in which system the match was found.) determine a usage amount for at least one of the first application and the second application by the user, wherein the usage amount indicates an amount that given application was accessed, used, or opened on an end-point device associated with the user,(Mohanty-Column 11 Lines 30-35, Risk reports presenting risks or conflicts, the occurrence of critical transactions by user or role or profile or HR object) related application information, wherein the related application information comprises which applications were accessed simultaneously or sequentially (Mohanty-Column 12 Lines 55-65, the business application manager 102 can detect issues across the subsystems 104-108… if a user can update a vendor in one subsystem and make a payment in another subsystem, the application manager 102 will discover both and then report from which role in which system the match was found.) data access information, wherein the data access information comprises application data accessed by the user;(Gutesman-Paragraph 53, for database connections, the table and the database query being executed may be extracted ) usage information wherein the usage information comprises usage time of the application;(Gutesman-Paragraph 39, the timestamp of the moment the action was captured by the system) generate, using the artificial intelligence model and the potential malfeasance indication, a potential malfeasant activity confidence level, wherein the potential malfeasant activity confidence level is generated using known malfeasant user activity and expected user activity for the user; (BenNoon-Paragraph 71, Values for U-CRP(n) components may include risk estimates values, optionally derived from U-KPI(n) components values, for at least one or any combination of more than one of: careless permissions management; or risk estimate for user abusing privilege to MyCompany resources,Paragraph 84, Paragraph 107,An anomaly in user profile U-PRF(n) may be a change in a value for a user risk estimate ucrp.sub.n,r of the set U-CRP(n) such as a risk estimate for reckless clicking on actionable content or careless permissions management greater than a standard deviation for the estimate.) While Gutesman-Mohanty-BenNoon substantially disclosed the claimed invention Gutesman-Mohanty-BenNoon does not disclose (re. Claim 1) wherein the usage amount comprises: browsing information, wherein the browsing information comprises which pages of the one or more applications was accessed. Kulathumani Paragraph 26,Paragraph 29 disclosed wherein activity data includes user-level data that includes names of applications run, titles of pages opened, URLs accessed, numbers of certain occurrences. Kulathumani Paragraph 4 disclosed recording user activity data representing activities by a plurality of users within the tenant at endpoints on a computer network associated with the tenant. Kulathumani Paragraph 145 disclosed activity or combination of activity classes performed within some predetermined amount of time. Kulathumani disclosed (re. Claim 1) wherein the usage amount comprises: browsing information, wherein the browsing information comprises which pages of the one or more applications was accessed (Kulathumani-Paragraph 26,Paragraph 29, activity data includes user-level data that includes names of applications run, titles of pages opened, URLs accessed, numbers of certain occurrences) Gutesman and Kulathumani are analogous art because they present concepts and practices regarding authorization enforcement. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Kulathumani into Gutesman-Mohanty. The motivation for the said combination would have been to enable detecting internal user behavior threats in a multi-tenant software as a service (SaaS) security system by comparing a user's behavior (e.g., a single user activity or single user activity-set) to that user's own prior behavior patterns and furthermore comparing user behavior to that of other users in the tenant) (e.g., based on prior user activities and user activity-sets by that user).(Kulathumani-Paragraph 126) Regarding Claim 15 Claim 15 (re. method) recites substantially similar limitations as Claim 1. Claim 15 is rejected on the same basis as Claim 1. Regarding Claim 4,18 Gutesman-Mohanty-BenNoon disclosed (re. Claim 4,11,18) wherein the at least one processing device, upon execution of the instructions, is configured to: receive application activity information for at least one of the first application or the second application, (Gutesman-Paragraph 36,Paragraph 39, polling the software application and/or logs where the actions executed by users inside the software application are stored) wherein the application activity information comprises one or more actions taken by an end-point device associated with the user on at least one of the first application or the second application; (Gutesman-Paragraph 48, connection properties are identified by the packet inspector 105 inspecting the IP and TCP headers of the captured packet, as shown by block 201. Once the source and destination IP addresses and ports have been extracted, the connection is uniquely identified and an entry in the connection directory 304,Paragraph 53, protocol processor 303 extracts the relevant information from the packet such as, but not limited to, the user performing the action, the action being executed, parameters to that action being executed, the host where the action takes place, and a timestamp when the action is being executed.) and determine a potential malfeasant activity based on the application activity information. (Gutesman-Paragraph 30,matrices express conflicting actions in the business-critical application … Two actions are considered to be in conflict if a user is authorized to execute both inside the same business-critical application,Paragraph 131, find real SoD conflict executions, and not only improper authorization assignments. It will show whether a user is executing two parts of the same process flow in which another person should be involved, thus bypassing process controls, Paragraph 165, facilitates the investigation to detect fraudulent actions in the period and for the user under analysis) Regarding Claim 5 While Gutesman substantially disclosed the claimed invention Gutesman does not disclose (re. Claim 5) wherein the at least one processing device, upon execution of the instructions, is configured to determine an access change action, wherein the access change action comprises changing access for the user to at least one of the first application or the second application. Mohanty Column 11 Lines 55-65 disclosed a computer-assisted remediation function, whereby the business application manager 102 assists a business application subsystem user (such as a role approver) in treating risks found in the analysis of operation 405. In remediation, the business application manager 102 coordinates options such as removing a requested or proposed role addition or change that caused a risk violation found in operation 405, or commencing mitigation 406, etc. After completing the selected one of these options, the resulting role change more closely satisfies the guidelines 160. Mohanty disclosed (re. Claim 5) wherein the at least one processing device, upon execution of the instructions, is configured to determine an access change action, wherein the access change action comprises changing access for the user to at least one of the first application or the second application.(Mohanty-Column 11 Lines 55-65, computer-assisted remediation function, whereby the business application manager 102 assists a business application subsystem user (such as a role approver) in treating risks found in the analysis of operation 405. In remediation, the business application manager 102 coordinates options such as removing a requested or proposed role addition or change that caused a risk violation found in operation 405, or commencing mitigation 406, etc. After completing the selected one of these options, the resulting role change more closely satisfies the guidelines 160.) Gutesman and Mohanty are analogous art because they present concepts and practices regarding separation of duty and authorization enforcement. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Mohanty into Gutesman. The motivation for the said combination would have been to enable the approver to isolate which specific role or combination of roles is the cause of the segregation of duties violations.(Mohanty-Column 11 Lines 45-50) Regarding Claim 6,19 Gutesman-Mohanty-BenNoon disclosed (re. Claim 6,13,19) wherein the access change action is based on the execution of the investigation action, wherein access for the user to at least one of the first application or the second application is restricted in an instance at least one of the first application or the second application was not approved for the user. (Mohanty-Column 11 Lines 55-65, computer-assisted remediation function, whereby the business application manager 102 assists a business application subsystem user (such as a role approver) in treating risks found in the analysis of operation 405. In remediation, the business application manager 102 coordinates options such as removing a requested or proposed role addition or change that caused a risk violation found in operation 405, or commencing mitigation 406, etc. After completing the selected one of these options, the resulting role change more closely satisfies the guidelines 160, Column 18 Lines 15-20 , operation 505 may stop a proposed assignment of a role to a given user in one subsystem 104-105 where that role, considered with the existing assignment of another role to the same user in another subsystem, would create a segregation of duties violation..) Regarding Claim 7,20 Gutesman-Mohanty-BenNoon disclosed (re. Claim 7,14,20) wherein the at least one processing device, upon execution of the instructions, is configured to determine an access change action, wherein the access change action comprises changing access for the user to at least one of the first application or the second application in an instance in which the potential malfeasant activity is determined. (Mohanty-Column 11 Lines 55-65, computer-assisted remediation function, whereby the business application manager 102 assists a business application subsystem user (such as a role approver) in treating risks found in the analysis of operation 405. In remediation, the business application manager 102 coordinates options such as removing a requested or proposed role addition or change that caused a risk violation found in operation 405, or commencing mitigation 406, etc. After completing the selected one of these options, the resulting role change more closely satisfies the guidelines 160, Column 18 Lines 15-20 , operation 505 may stop a proposed assignment of a role to a given user in one subsystem 104-105 where that role, considered with the existing assignment of another role to the same user in another subsystem, would create a segregation of duties violation..) Conclusion Examiner’s Note: In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREG C BENGZON whose telephone number is (571)272-3944. The examiner can normally be reached on Monday - Friday 8 AM - 4:30 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571) 272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GREG C BENGZON/ Primary Examiner, Art Unit 2444
Read full office action

Prosecution Timeline

Show 4 earlier events
Nov 14, 2025
Request for Continued Examination
Dec 04, 2025
Response after Non-Final Action
Jan 27, 2026
Non-Final Rejection mailed — §103
Feb 27, 2026
Interview Requested
Mar 05, 2026
Examiner Interview Summary
Mar 05, 2026
Applicant Interview (Telephonic)
Apr 27, 2026
Response Filed
Jun 16, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12646026
System and Method for Automated Cross-Application and Infrastructure Dependency Mapping
6y 4m to grant Granted Jun 02, 2026
Patent 12634123
Random Trigger for Automatic Key Rotation
3y 8m to grant Granted May 19, 2026
Patent 12634347
Systems and methods for detecting and remediating inconsistent tags in cloud-native networks
2y 7m to grant Granted May 19, 2026
Patent 12615183
Network Configuration in Industrial Automation Systems
1y 5m to grant Granted Apr 28, 2026
Patent 12574727
EMERGENCY REPORTING SYSTEM FOR VEHICLE, AND VEHICLE
3y 7m to grant Granted Mar 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
58%
Grant Probability
64%
With Interview (+5.8%)
3y 11m (~10m remaining)
Median Time to Grant
High
PTA Risk
Based on 487 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month