Prosecution Insights
Last updated: July 17, 2026
Application No. 18/226,149

SYSTEM AND METHOD FOR IDENTIFYING NETWORK VULNERABILITY VIA NETWORK COMPONENT FUNCTIONALITY

Non-Final OA §103
Filed
Jul 25, 2023
Examiner
BROWN, CHRISTOPHER J
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Bank of America Corporation
OA Round
3 (Non-Final)
75%
Grant Probability
Favorable
3-4
OA Rounds
5m
Est. Remaining
88%
With Interview

Examiner Intelligence

Grants 75% — above average
75%
Career Allowance Rate
536 granted / 711 resolved
+17.4% vs TC avg
Moderate +13% lift
Without
With
+13.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
34 currently pending
Career history
753
Total Applications
across all art units

Statute-Specific Performance

§101
0.5%
-39.5% vs TC avg
§103
92.8%
+52.8% vs TC avg
§102
3.5%
-36.5% vs TC avg
§112
1.3%
-38.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 711 resolved cases

Office Action

§103
DoesNotice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed have been fully considered but they are not fully persuasive regarding the USC 103 rejection. Applicant argues that Sethi fails to teach claim 2 because “the role of network user identity in Sethi is categorically different from the functional role required by claim 2. In Sethi user identity serves as a threat classification. In Claim 2 user identity serves as a sorting key used to match individual communication to specific incidents” Examiner argues that there is nothing in Applicant’s argument that disagrees with the usage of Sethi. Both statements are true, and not dissimilar. Sethi teaches noting incidents and associating incidents with a compromised user, or malicious user. While noting the user is a “threat”, it is *also* associated with network incidents. Examiner points to at least [0103] of Sethi which states “database stores….incoming traffic requests, malicious data requests, a cumulative history of user activity records, [0137] “an intercepted request…determined IP address, eg identity of an entity that sent the request” [0158][0159] “detection of abnormal user behavior based on a comparison of previous cases” Examiner asserts nothing in the claim language establishes that incidents are for example, sorted by user. Examiner asserts that the claim language states a plurality of incidents (history record) and that the incidents are “associated with a network user”. Sethi teaches records of incidents including IP address recording, user history, etc. Thus both a plurality of incidents are recorded according to network traffic monitored, and the users/metadata associated with that traffic or metadata are “associated” and recorded. Thus the limitations of former claim 2, and now claim 1 are met. In the interest of advancing prosecution, Examiner points to Chesla US 2023/0319088 [0031][0060]. Examiner believes this would anticipate Applicant’s claims as described in Argument, and in the claim language. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 3-8, 10-15, 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sethi US 2025/0023918 in view of Horrell US 10,176,032 in view of Gupta US 2024/0007342 As per claims 1, 8, 15. (Currently Amended) Sethi teaches A system for identifying network vulnerability via network component functionality, wherein the system is structured for proactively detect and resolve network incidents prior to network disruptions, the system comprising: at least one non-transitory storage device containing instructions; and at least one processing device coupled to the at least one non-transitory storage device, wherein the at least one processing device, upon execution of the instructions, is configured to: monitor a plurality of network communications of a network for indications of an incident associated with a disruption to access or operation of a network activity determine one or more incident indicator communications of the plurality of network communications as relating to the incident based on determining that wherein the one or more incident indicator communications comprise information relating to the incident, comprising analyzing the transformed plurality of network communications to determine the one or more incident indicator communications of the plurality of network communications associated with the incident; [0133] [0153] [0178]-[0185] (obtain alert and metric of health of edge device, failure or compromised, monitoring of metrics, including heat, usage rates, network speed/latency, cpu events, analysis of metrics, prediction of further incidents based on metric data and training, alerting users, administrators, taking corrective actions) Sethi teaches based on the one or more incident indicator communications, determine one or more network components relating to the incident, wherein based on at least determining a change in operation of the one or more network components comprising component outage, reduced speed, and increased usage; [0133] [0153] [0178]-[0185] (obtain alert and metric of health of edge device, failure or compromised, monitoring of metrics, including heat, usage rates, network speed/latency, cpu events, analysis of metrics, prediction of further incidents based on metric data and training, alerting users, administrators, taking corrective actions) Sethi teaches monitor one or more metrics relating to operation of the one or more network components relating to the incident, wherein the one or more metrics are selected for monitoring based on determining (i) a type of the one or more network components and (ii) an incident type associated with the incident, wherein the one or more metrics comprise operating heat, operating speed, and/or usage; [0133] [0153] [0178]-[0185] (obtain alert and metric of health of edge device, failure or compromised, monitoring of metrics, including heat, usage analysis of metrics, prediction of further incidents based on metric data and training, alerting users, administrators, taking corrective actions) Sethi teaches wherein analyzing the transformed plurality of network communications further comprises: determining that the plurality of network communications comprise content associated with a plurality of incidents; and identifying the one or more incident indicator communications of the plurality of network communications that are associated with the incident of the plurality of incidents based on at least one or more network users associated with the one or more incident indicator communications. [0103] [0133] [0153] [0155]-[0159] [0178]-[0185] (obtain communications and telemetry indicative of future incidents including those based on one or more network users/hackers/compromised users, teaches recording a history of events/incidents and telemetric data including IP address of requestors and user identity) Horrell teaches determine that a new incident is occurring or expected to occur based on a change in at least one of the one or more metrics that is greater than a predetermined changed value, wherein the new incident has the same incident type as the incident; cause a transmission of a new incident alert, wherein the new incident alert indicates that the new incident is occurring or expected to occur; . (Column 2 lines 19-67; Column 3 lines 16-42; Column 19 lines 25-40; Column 24 lines 12-38; Column 25 lines 1-12) (teaches health metrics, thresholds and that a detected data/measurements is used to predict a new incident within a certain period of time) Horrell teaches and determine an incident resolution action for resolving the new incident. (Column 3 lines 16-42) (teaches health metrics and that a detected incident is used to predict a new incident and taking a resolution action) It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Horrell with the prior art because it helps set remediation priorities. Gupta teaches transforming the plurality of network communications from a plurality of sources into a standard format for determining the one or more incident indicator communications [0085]-[0088] (teaches standardizing multiple data formats and telemetry into a standard format) It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Gupta with the prior art because a standard format improves data usage efficiency. As per claims 3, 10, 17. (Currently Amended) The system of Claim 1, Sethi teaches wherein the at least one processing device, upon execution of the instructions, is configured to determine at least one of the one or more incident indicator communications from the plurality of network communications based on at least one or more communication types, wherein the one or more communication types comprise at least one of an electronic message, a document repository, an instant message, a virtual meeting, a phone call, or an incident ticket. [0133] [0153] [0155]-[0157] [0178]-[0185] (obtain communications and telemetry indicative of future incidents including those based on electronic communications/message users) As per claims 4, 11, 18. (Currently Amended) The system of Claim 1, Horrell teaches wherein the new incident alert indicates that the new incident is expected to occur within a predetermined amount of time, wherein the at least one processing device, upon execution of the instructions, is configured to: record a prior change in the one or more metrics at the one or more network components at one or more time periods associated with the incident; and determine the predetermined changed value for the new incident based on (i) a predetermined portion of the prior change associated with the incident, and (ii) standard operating parameters of the one or more network components. (teaches machine learning to determine metrics over a period of time are associated with an incident to predict failure based on operating parameters, including rate of change) (Column 16 lines 45-64; Column 17 lines 15-35; Column 18 lines 8-50; Column 19 lines 14-43) As per claims 5, 12, 19. (Currently Amended) The system of Claim 1, Horrell teaches wherein the incident resolution action is an automated action in which the new incident is resolved, wherein the at least one processing device, upon execution of the instructions, is configured to: determine that the incident is associated with a series of prior incidents of the same incident type; and wherein transmission of the new incident alert is in response to determining that (i) the change in at least one of the one or more metrics is greater than the predetermined changed value, and (ii) a time elapsed since the incident is associated with a recurring time period associated with the series of prior incidents. (Column 18 lines 8-40) (Column 19 lines 14-43) (teaches analysis of historical incidents and the data prior to said incidents including likely time period associated with incident, and change in data metrics) As per claims 6, 13, 20. (Currently Amended) The system of Claim 1, Sethi teaches wherein the incident resolution action comprises moving a data process from a first network component to a second network component in an instance in which the new incident is related to the first network component. [0132] (moving the data to a second device in case of an outage, bad performance metric, etc) As per claims 7, 14. (Original) The system of Claim 1, Sethi teaches wherein the at least one processing device, upon execution of the instructions, is configured to train a machine learning model to determine the incident indicator communications relating to an incident. [0153] (employing machine learning models based on healthy and unhealthy metrics/alerts/thresholds to train and predict future states of devices) Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Jul 25, 2023
Application Filed
Jul 24, 2025
Non-Final Rejection mailed — §103
Oct 24, 2025
Response Filed
Feb 05, 2026
Final Rejection mailed — §103
May 05, 2026
Request for Continued Examination
May 12, 2026
Response after Non-Final Action
Jun 11, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12652290
CYBER SECURITY FOR SOFTWARE-AS-A-SERVICE FACTORING RISK
5y 3m to grant Granted Jun 09, 2026
Patent 12652315
REMOTE MONITORING OF A SECURITY OPERATIONS CENTER (SOC)
3y 8m to grant Granted Jun 09, 2026
Patent 12641111
Automated Security Analysis of Software Libraries
2y 5m to grant Granted May 26, 2026
Patent 12621339
SYSTEM AND METHOD FOR PROVIDING SECURITY POSTURE MANAGEMENT FOR AI APPLICATIONS
2y 5m to grant Granted May 05, 2026
Patent 12615280
DETECTING POLYMORPHIC BOTNETS USING AN IMAGE RECOGNITION PLATFORM
2y 9m to grant Granted Apr 28, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
75%
Grant Probability
88%
With Interview (+13.0%)
3y 5m (~5m remaining)
Median Time to Grant
High
PTA Risk
Based on 711 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month