Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsBritish Telecommunications Public Limited Company › 18256438
Last updated: April 19, 2026
Application No. 18/256,438

INTRUSION RESPONSE DETERMINATION

Non-Final OA §103
Filed
Jun 08, 2023
Examiner
HAILU, TESHOME
Art Unit
2434
Tech Center
2400 — Computer Networks
Assignee
British Telecommunications Public Limited Company
OA Round
3 (Non-Final)
78%
Grant Probability
Favorable
3-4
OA Rounds
3y 3m
To Grant
99%
With Interview

Interview Optional

+23.7% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 698 resolved cases, 2023–2026

Examiner Intelligence

HAILU, TESHOME View full profile →
Grants 78% — above average
78%
Career Allow Rate
543 granted / 698 resolved
+19.8% vs TC avg
Strong +24% interview lift
Without
With
+23.7%
Interview Lift
resolved cases with interview
Typical timeline
3y 3m
Avg Prosecution
23 currently pending
Career history
721
Total Applications
across all art units

Statute-Specific Performance

§101
12.9%
-27.1% vs TC avg
§103
53.9%
+13.9% vs TC avg
§102
13.8%
-26.2% vs TC avg
§112
7.2%
-32.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 698 resolved cases

Office Action

§103
DETAILED ACTION This office action is in reply to applicant communication filed on February 05, 2026. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on February 05, 2026. Claims 1-25 have been amended. Claims 1-25 are pending. Response to Argument Applicant’s arguments filed on February 05, 2026 with respect to the 35 U.S.C. 102/103 rejections have been fully considered but are moot in view of new ground(s) of rejection. Applicant’s argues that the prior arts on record fails to teach the amended limitation of independent claims. However, upon further consideration, a new ground(s) of rejection is made using the newly find prior arts to Jordan (US Pub. No. 2014/0283052). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. . This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 19-25 are rejected under 35 U.S.C. 103 as being unpatentable over Inayat (Intrusion response systems: Foundation, design, and challenges), Inayat reference disclosed in applicant presented IDS, in view of Jordan (US Pub. No. 2014/0283052). As per claim 19 Inayat discloses: An intrusion response method comprising: determining, using knowledge of prior responses to prior behavior of at least one computer system, a first response to behavior of a target computer system; (section 2.2 of Inayat, signature-based detection schemes monitor and analyze users and system activity and compare the collected information to a predefined pattern stored in a large database). Predicting, using at least one trained machine learning (ML) model of behavior of the target computer system, a second response to the behavior of the target computer system; (section 2.2 of Inayat, in the anomaly-based approach, all network traffic, system, and user-level activity are stored and monitored to detect any deviations from normal activity. Any deviation from the normal pattern generates an alert called an intrusion. Normal and abnormal patterns can be trained by using machine learning approaches, such as neural network, Bayesian network, Markov models, fuzzy logic, genetic algorithm, and decision trees). Inayat teaches the method of responding to both known and unknown attack using a hybrid-based detection method (see section 2.2 and fig. 5 of Inayat) but fails to disclose: Considering the first response and the second response to determine response to the behavior of the target computer system based on the first response, the second response, or a combination of the first response and the second response. However, in the same field of endeavor, Jordan teaches this limitation as, (paragraph 30 of Jordan, a heterogeneous sensor pair is placed where the network training samples were taken. Each sensor is somewhat complementary to the other, so that (in addition to both detecting known attacks) they should each detect different types of attacks, thus creating cumulative synergy greater than their individual parts. The signature-based sensor will catch known, subscription library attacks (including any that are outside the machine learning sensors' training), and the machine learning sensors will catch known attacks that are within its training, as well as any variant (signature blind spot) attacks and "zero-days" that evade the signature-based sensor. Together, the heterogeneous sensor pair provides a comprehensive computer network intrusion detection system that has been lacking on contemporary networks). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Inayat to include the above limitation using the teaching of Jordan in order to secure the computing system by using heterogeneous sensor pair to detect different types of attacks and secure the computing system (see paragraphs 30 of Jordan). As per claim 20 Inayat in view of Jordan discloses: The intrusion response method of claim 19, further comprising: receiving, from an intrusion detection system, an indication that the behavior of the target computer system is anomalous; and in response to receiving the indication, performing the determining the first response, the predicting the second response, and the determining the output response. (Section 3.1 of Inayat, the common limitations of existing IRSs include the inability to respond in real time, handle false alarms, and consider the feedback of response to execute future responses, as well as the existence of uncertainty issue. Fig. 6 indicates that when IDs detect intrusions, IRS performs a mitigation action. When IDSs generate an alert, the following actions will be undertaken to mitigate intrusion according to the system and attacks statistics: (a) auditing (i.e., an audit record should be created); (b) generation of an alert message about the intrusion must be sent to all system and network administrators if they exist; (c) a mitigation step is employed to stop the intrusion). Claim 25 is rejected under the same reason set forth in rejection of claim 20. As per claim 21 Inayat in view of Jordan discloses: The intrusion response method of claim 19, further comprising training at least one of the ML models based on at least part of the knowledge of the prior responses to the prior behavior of the at least one computer system. (Section 2.2 of Inayat, in the anomaly-based approach, all network traffic, system, and user-level activity are stored and monitored to detect any deviations from normal activity. Any deviation from the normal pattern generates an alert called an intrusion. Normal and abnormal patterns can be trained by using machine learning approaches, such as neural network, Bayesian network, Markov models, fuzzy logic, genetic algorithm, and decision trees). As per claim 22 Inayat in view of Jordan discloses: The intrusion response method of claim 19, further comprising retraining at least one of the ML models based on the behavior of the target computer system and the output response. (Section 2.2 of Inayat, in the anomaly-based approach, all network traffic, system, and user-level activity are stored and monitored to detect any deviations from normal activity. Any deviation from the normal pattern generates an alert called an intrusion. Normal and abnormal patterns can be trained by using machine learning approaches, such as neural network, Bayesian network, Markov models, fuzzy logic, genetic algorithm, and decision trees). As per claim 23 Inayat in view of Jordan discloses: The intrusion response method of claim 19, further comprising updating the knowledge based on the behavior of the target computer system and the output response. (Section 3 of Inayat, IDS is activated when some intrusions are detected in the system. IRS is always activated on the basis of IDS output. When IDSs obtain threat information, the response component generates responses on the basis of the symptoms of attack). As per claim 24 Inayat in view of Jordan discloses: The intrusion response method of claim 19, wherein the behavior of the target computer system comprises at least one of network activity within a network or a sensor activation of a sensor. (Section 2.2 of Inayat, in the anomaly-based approach, all network traffic, system, and user-level activity are stored and monitored to detect any deviations from normal activity. Any deviation from the normal pattern generates an alert called an intrusion. Normal and abnormal patterns can be trained by using machine learning approaches, such as neural network, Bayesian network, Markov models, fuzzy logic, genetic algorithm, and decision trees). Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over Inayat (Intrusion response systems: Foundation, design, and challenges) in view of Howes (US Pub. No. 2013/0091574) and further in view of Jordan (US Pub, No. 2014/0283052). As per claim 1 Inayat discloses: An intrusion response system (IRS) comprising: a knowledge-based intrusion response (IR) component configured to use knowledge of prior responses to prior behavior of at least one computer system to determine a first response to behavior of a target computer system; (section 2.2 of Inayat, signature-based detection schemes monitor and analyze users and system activity and compare the collected information to a predefined pattern stored in a large database). A prediction-based IR component configured to use at least one trained machine learning (ML) model of behavior of the target computer system to predict a second response to the behavior of the target computer system; (section 2.2 of Inayat, in the anomaly-based approach, all network traffic, system, and user-level activity are stored and monitored to detect any deviations from normal activity. Any deviation from the normal pattern generates an alert called an intrusion. Normal and abnormal patterns can be trained by using machine learning approaches, such as neural network, Bayesian network, Markov models, fuzzy logic, genetic algorithm, and decision trees). A response component configured to determine an output response to the behaviora hybrid-based method combines the anomaly pattern with a signature database, which is capable of detecting both known and unknown attacks. This approach reduces the problem of false alarms and increases the capability of detecting unknown attacks). Inayat teaches the method of predicting unusual behavior using a machine learing model (see section 2.2 of Inayat) but fails to disclose: The output response comprising at least one mitigating action to be taken with respect to the behavior of the target computer system. However, in the same field of endeavor, Howes teaches this limitation as, (paragraph 108 of Howes, the incident triage engine 1010 may receive information about the incident to be evaluated from the incident resolution queue 1020. The incident triage engine 1010 may generate a set of actions most likely to be effective against the incident, and output the set of actions) and (paragraph 17 of Howes, in the method of the embodiment, machine learning may be used to associate each incident with the course of action for resolving the incident). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Inayat to include the above limitation using the teaching of Howes in order to secure the computing system by mitigating the unusual behavior of the system and associating each incident with the course of action for resolving the incident (see paragraphs 17 and 108 of Howes). The combination of Inayat Howes teaches the method of responding to both known and unknown attack using a hybrid-based detection method (see section 2.2 and fig. 5 of Inayat) but fails to disclose: Receiving the first response from the knowledge-based IR component and the second response from the prediction-based IR component and determine the response based on the received first response, the received second responded, or a combination of the received first response and the received second response. However, in the same field of endeavor, Jordan teaches this limitation as, (paragraph 30 of Jordan, a heterogeneous sensor pair is placed where the network training samples were taken. Each sensor is somewhat complementary to the other, so that (in addition to both detecting known attacks) they should each detect different types of attacks, thus creating cumulative synergy greater than their individual parts. The signature-based sensor will catch known, subscription library attacks (including any that are outside the machine learning sensors' training), and the machine learning sensors will catch known attacks that are within its training, as well as any variant (signature blind spot) attacks and "zero-days" that evade the signature-based sensor. Together, the heterogeneous sensor pair provides a comprehensive computer network intrusion detection system that has been lacking on contemporary networks). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Inayat to include the above limitation using the teaching of Jordan in order to secure the computing system by using heterogeneous sensor pair to detect different types of attacks and secure the computing system (see paragraphs 30 of Jordan). Claim 18 is rejected under the same reason set forth in rejection of claim 1. As per claim 2 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, wherein the prediction-based IR component is configured to process behavior data representative of the behavior of the target computer system using the at least one trained ML model, without interacting with the knowledge-based IR component, to predict the second response. (section 2.2 of Inayat, in the anomaly-based approach, all network traffic, system, and user-level activity are stored and monitored to detect any deviations from normal activity. Any deviation from the normal pattern generates an alert called an intrusion. Normal and abnormal patterns can be trained by using machine learning approaches, such as neural network, Bayesian network, Markov models, fuzzy logic, genetic algorithm, and decision trees). As per claim 3 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, wherein the prior behavior of the at least one computer system comprises prior anomalous behavior of the at least one computer system. (Section 2.2 of Inayat, signature-based detection schemes monitor and analyze users and system activity and compare the collected information to a predefined pattern stored in a large database). As per claim 4 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, wherein the knowledge-based IR component is configured to use rules derived from the knowledge, each rule indicative of an appropriate response to particular behavior of a computer system, to determine the first response. (Session 2.2 of Inayat, signature-based detection schemes can be implemented by using expert system, state transition analysis, model-based reasoning system, pattern matching, and key stroke monitoring. Snort is a signature-based NIDS that uses the predefined signature method to monitor network activity for any suspicious pattern) and (session 4.2.10 of Inayat, this design parameter enables IRS to select the best suitable response option based on the dynamic response metrics and statistical features of the attacks. The most appropriate response should be activated according to a set of response metrics that specify the rule for response during the response selection process. A set of response metrics provides an opportunity to measure the input parameters in selecting a specific response to mitigate attacks). As per claim 5 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 4, wherein at least part of the knowledge used by the knowledge-based IR component is stored in a knowledge base comprising a plurality of instances, each instance corresponding to a respective one of the prior behaviors, and the knowledge-based IR component is configured to: identify at least one instance of the plurality of instances corresponding to the behavior of the target computer system; and determine the first response based on the at least one instance and the rules. (Section 2.2 of Inayat, signature-based detection schemes monitor and analyze users and system activity and compare the collected information to a predefined pattern stored in a large database) and (section 2.1 of Inayat, a network-based system monitors network traffic data between network devices and compares them to the predefined pattern of attacks to detect any suspicious activity. The distinguishing feature of a network-based system is that it requires few sensors to monitor a large network and heterogeneous set of hosts without adding any load to the hosts, thus reducing overhead effect on the overall networks). As per claim 6 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, wherein the prediction-based IR component comprises a plurality of ML models of behavior of the target computer system, and the prediction-based IR component is configured to: predict respective responses to the behavior of the target computer system using each of the plurality of ML models; and select one of the respective responses to use as the second response. (Section 2.2 of Inayat, in the anomaly-based approach, all network traffic, system, and user-level activity are stored and monitored to detect any deviations from normal activity. Any deviation from the normal pattern generates an alert called an intrusion. Normal and abnormal patterns can be trained by using machine learning approaches, such as neural network, Bayesian network, Markov models, fuzzy logic, genetic algorithm, and decision trees). As per claim 7 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, wherein the response component is configured to determine which of the first response or the second response to use to determine the output response based on a similarity between the behavior of the target computer system and the prior behavior of the at least one computer system. (Section 2.2 of Inayat, IDSs identify intrusions on the basis of valid characteristics, such as network traffic (e.g. source and destination port, IP sources), files, and behavior patterns. IDS is categorized into anomaly-, signature-, hybrid-, and specification-based approaches according to the detection approach). As per claim 8 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 7, wherein the response component is configured to determine the output response based on the first response without using the second response in response to determining that the behavior of the target computer system corresponds to the prior behavior of the at least one computer system. (Section 2.2 of Inayat, signature-based detection schemes monitor and analyze users and system activity and compare the collected information to a predefined pattern stored in a large database). As per claim 9 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, wherein the response component is configured to determine which of the first response or the second response to use to determine the output response based on a forecast effect on the target computer system of performance of at least one of the first response or the second response. (See fig. 3 of Inayat, classification of IDS based on detection approaches). As per claim 10 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 9, wherein the forecast effect of performance of the at least one of the first response or the second response is based on a prior effect on the at least one computer system of prior performance of the at least one of the first response or the second response. (Section 4.2.6 of Inayat, the mechanism measures the response effect on the basis of the most recently applied response result. This mode applies the most optimum response in a set of responses utilized in the past). As per claim 11 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, comprising an incident de-duplication component configured to: receive first incident data from a first source, the first incident data comprising a portion representative of an incident within the target computer system; receive second incident data from a second source; determine that the second incident data comprises a portion representative of the same incident as the first incident data; process the second incident data to remove the portion of the second incident data, thereby generating updated second incident data; and generate behavior data representative of the behavior of the target computer system using the first incident data and the updated second incident data. (Section 2.2 of Inayat, IDSs identify intrusions on the basis of valid characteristics, such as network traffic (e.g. source and destination port, IP sources), files, and behavior patterns. IDS is categorized into anomaly-, signature-, hybrid-, and specification-based approaches according to the detection approach. The hybrid-based approach is a combination of signature and anomaly approaches). As per claim 12 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, wherein the behavior of the target computer system has been identified as anomalous by an intrusion detection system (IDS). (Section 2 of Inayat, based on the deployment approach, IDSs are categorized as host based, network based, distributed, and hybrid IDS. According to the detection approach, IDS is categorized into anomaly (behavior based), signature (knowledge based), hybrid (anomaly+signature), and specification based). As per claim 13 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, comprising an authentication component configured to authenticate that the behavior of the target computer system is anomalous. (Section 2 of Inayat, security has become a critical issue in today׳s highly distributed and networked systems. Existing defensive mechanisms, such as firewalls, authentication, access control, and cryptography, are unable to provide complete security). As per claim 14 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, comprising a response prioritization component configured to prioritize deployment of responses, using the IRS, to respective behavior of the target computer system, based on a forecast effect of the respective behavior on the target computer system. (Section 4.2.1 of Inayat, the optimum response is dynamically chosen from a set of responses according to the statistical features of the attack. For example, priority is given to high-confidence and high-severity attacks over attacks with low confidence and severity. The dynamic nature of this model provides security to the systems). As per claim 15 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, further configured to update the knowledge useable by the knowledge-based IR system based on an effect of the output response on the target computer system. (Section 3 of Inayat, IDS is activated when some intrusions are detected in the system. IRS is always activated on the basis of IDS output. When IDSs obtain threat information, the response component generates responses on the basis of the symptoms of attack). As per claim 16 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, wherein the behavior of the target computer system comprises anomalous behavior of the target computer system and the IRS is configured to perform a mitigating action represented by the output response to mitigate the anomalous behavior. (Section 3.1 of Inayat, the common limitations of existing IRSs include the inability to respond in real time, handle false alarms, and consider the feedback of response to execute future responses, as well as the existence of uncertainty issue. Fig. 6 indicates that when IDs detect intrusions, IRS performs a mitigation action. When IDSs generate an alert, the following actions will be undertaken to mitigate intrusion according to the system and attacks statistics: (a) auditing (i.e., an audit record should be created); (b) generation of an alert message about the intrusion must be sent to all system and network administrators if they exist; (c) a mitigation step is employed to stop the intrusion). As per claim 17 Inayat in view of Howes and further in view of Jordan discloses: The IRS according to claim 1, wherein the behavior of the target computer system comprises anomalous behavior of the target computer system and the IRS is configured to instruct at least one actuator to perform a mitigating action represented by the output response to mitigate the anomalous behavior. (Section 3.1 of Inayat, the common limitations of existing IRSs include the inability to respond in real time, handle false alarms, and consider the feedback of response to execute future responses, as well as the existence of uncertainty issue. Fig. 6 indicates that when IDs detect intrusions, IRS performs a mitigation action. When IDSs generate an alert, the following actions will be undertaken to mitigate intrusion according to the system and attacks statistics: (a) auditing (i.e., an audit record should be created); (b) generation of an alert message about the intrusion must be sent to all system and network administrators if they exist; (c) a mitigation step is employed to stop the intrusion). Conclusion The prior art made or record and not relied upon is considered pertinent to applicant’s disclosure is Gutierrez (US Pub. No. 2020/0145433). Gutierrez’s referrence discloses: Logic may reduce the latency and increase the confidence in message time series (MTS) intrusion detection systems (IDSs). Logic may capture traffic on an in-vehicle network bus during a first traffic window. Logic may filter the traffic within the first traffic window to determine more than one observation window, wherein the more than observation window comprises at least a first observation window and a second observation window. Logic may evaluate the more than one observation window to determine a first output based on a first observation window and a second output based on a second observation window, the first and second outputs to indicate if an intrusion is detected. Logic may determine, based on a combination of the outputs, that the traffic during the first traffic window comprises an intrusion. Logic may output an indication of the intrusion. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally be reached M-F 8 a.m. - 5 p.m.. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Shayanfar can be reached at (571) 270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TESHOME HAILU/Primary Examiner, Art Unit 2434
Read full office action

Prosecution Timeline

Jun 08, 2023
Application Filed
Mar 03, 2025
Non-Final Rejection — §103
Jun 05, 2025
Response Filed
Sep 04, 2025
Final Rejection — §103
Feb 05, 2026
Request for Continued Examination
Feb 06, 2026
Response after Non-Final Action
Feb 20, 2026
Non-Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/772,926
Patent 12602464
PERIPHERAL DEVICE SANDBOX
2y 5m to grant Granted Apr 14, 2026
17/869,647
Patent 12598214
PROCESSING AUTHENTICATION REQUESTS FOR UNIFIED ACCESS MANAGEMENT SYSTEMS AND APPLICATIONS USING FREQUENTLY INVOKED POLICIES
2y 5m to grant Granted Apr 07, 2026
18/638,944
Patent 12598217
Analyzing Cloud-Based Services for Compliance with Multiple Regulations
2y 5m to grant Granted Apr 07, 2026
18/851,393
Patent 12587372
SINGLE REQUEST ARCHITECTURE FOR INCREASING EFFICIENCY OF SECURE MULTI-PARTY COMPUTATIONS
2y 5m to grant Granted Mar 24, 2026
18/360,597
Patent 12580947
BROWSER SECURITY VIA DOCUMENT OBJECT MODEL MANIPULATION
2y 5m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
78%
Grant Probability
99%
With Interview (+23.7%)
3y 3m
Median Time to Grant
High
PTA Risk
Based on 698 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month