Prosecution Insights
Last updated: July 17, 2026
Application No. 18/351,465

SYSTEMS AND METHODS FOR PREDICTING SECURITY COMMUNICATIONS BASED ON SEQUENCES OF SYSTEM ACTIVITY TOKENS

Non-Final OA §103
Filed
Jul 12, 2023
Examiner
LOPEZ, MIGUEL ALEXANDER
Art Unit
2496
Tech Center
2400 — Computer Networks
Assignee
Capital One Services LLC
OA Round
3 (Non-Final)
8%
Grant Probability
At Risk
3-4
OA Rounds
1m
Est. Remaining
20%
With Interview

Examiner Intelligence

Grants only 8% of cases
8%
Career Allowance Rate
2 granted / 26 resolved
-50.3% vs TC avg
Moderate +12% lift
Without
With
+12.5%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
26 currently pending
Career history
60
Total Applications
across all art units

Statute-Specific Performance

§101
0.4%
-39.6% vs TC avg
§103
73.1%
+33.1% vs TC avg
§102
18.9%
-21.1% vs TC avg
§112
4.9%
-35.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 26 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 04/08/2026 has been entered. Information Disclosure Statement The information disclosure statement (IDS) submitted on 02/02/2026 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Response to Arguments Applicant’s remarks filed 02/24/2026, see page 16, with respect to the “Statement Regarding Substance of Interview”, have been fully considered. The Examiner is unsure whether or not the substance of the interview that Applicant is referring to corresponds to another pending patent application as there is no interview of record that occurred on the identified January 29, 2026 date. It appears that the Applicant may be referring to the interview that took place on October 15, 2025 and mailed October 20, 2025 as that interview summary record stated that the proposed amendments would require further consideration and search. Applicant's arguments, see page 16, filed 02/24/2026, with respect to the rejection of claims 1-20 under 35 U.S.C. § 103 have been fully considered but they are not persuasive. Since applicant does not give any further explanation as to how the previously cited art differentiates from the claimed invention other than “the reasons discussed during the interview”, upon further consideration, the examiner defers to the rejection below as a response to this argument. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kulkarni et. al. (US Publication No. 2023/0161648 A1) hereinafter Kulkarni in view of Austraat; Bjorn (US Publication No. US 2024/0232765 A1) hereinafter Austraat. Regarding Claim 1: Kulkarni discloses a system for recommending system security actions for data servers, the system comprising: one or more processors; and one or more non-transitory, computer-readable media storing instructions that, when executed by the one or more processors, cause operations comprising (Kulkarni [0021], [0129]): receiving a communication dataset and a user activity dataset (Kulkarni Fig. 2 and [0041]), wherein the communication dataset comprises a plurality of communications with a first communication related to a user describing an event associated with a corresponding account (Kulkarni Fig. 2 and [0041] “’raw event data’ refers to digital information associated with an activity event. Accordingly, the raw event data 210a-210n may include, for example, … author, group access, timestamps of activities, type of activity (i.e., which specific activity event), user IDs associated with the digital content item, user IDs associated with events corresponding to the digital content item, device IDs or device types associated with events, whether an action was taken on particular digital content item, etc. Raw event data can be in the form of metadata associated with a digital content item (e.g., a file or folder). In addition, raw event data can include information regarding communication between users, channels of communication (e.g., email or instant messaging), calendar items, task list management (e.g., creating tasks, reminding users of tasks, and completing tasks). In essence, any event initiated by a user within the content management system, for example, can result in raw event data that includes descriptive features corresponding to the event.”), wherein the user activity dataset comprises a plurality of activity logs with a first activity log associated with the corresponding account (Kulkarni Fig. 2 and [0041]), and wherein the first communication is associated with a corresponding activity log (Kulkarni Fig. 2 and [0041] “timestamps of activities, type of activity (i.e., which specific activity event), user IDs associated with the digital content item, user IDs associated with events corresponding to the digital content item, device IDs or device types associated with events, whether an action was taken on particular digital content item, etc. Raw event data can be in the form of metadata associated with a digital content item (e.g., a file or folder). In addition, raw event data can include information regarding communication between users, channels of communication (e.g., email or instant messaging), calendar items, task list management (e.g., creating tasks, reminding users of tasks, and completing tasks)”); using a vector encoding model, generating a plurality of vector encodings for the plurality of communications, wherein the plurality of vector encodings comprises vector encodings that represent syntax and lexicon for the plurality of communications (Kulkarni [0044] encoder may be used; [0046-0047]; [0092] embodiments may encode features/tokens to generate an event vector; [0024] natural language model utilized); determining an associated activity class of a plurality of activity classes for a first activity in the plurality of activity logs, wherein the associated activity class of the plurality of activity classes classifies activities based on a set of criteria (Kulkarni Fig. 2 series of sequential tokens, [0041] “type of activity (i.e., which specific activity event)”, [0042] the token generated represents the type of activity that the token was generated on) that specifies a first token for a first activity type and a second token for a second activity type (Kulkarni Fig. 2 series of sequential tokens, [0041] “type of activity (i.e., which specific activity event)”, [0042] the token generated represents the type of activity that the token was generated on, [0043] “Additionally or alternatively, the natural language model 202 may comprise one or more heuristics or rule-based approaches to analyzing and/or generating the respective series of sequential tokens”; [0053] example given of grouping user account into “content creator segment” if series of sequential tokens represents “create” then “edit”; [0082] “In other embodiments, the user activity sequence system 104 may generate a first token corresponding to a first activity event, and at a later time, generate a second token corresponding to a second activity event (e.g., a next activity event). Thus, in some embodiments, the user activity sequence system 104 may perform the foregoing acts 302-310 on a rolling basis (e.g., as the system identifies a new activity event) until the user activity sequence system 104 completes a series of sequential tokens”); generating a plurality of time-ordered sequences for the plurality of activity logs (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on), wherein the first activity log of the plurality of activity logs has a corresponding time-ordered sequence of tokens (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on), wherein the first activity log specifies the first activity (Kulkarni Fig. 2 series of sequential tokens, [0041] “type of activity (i.e., which specific activity event)”), wherein the first activity corresponds to a token of the corresponding time-ordered sequence of tokens (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on, [0043], [0053], [0082]), wherein the first token corresponds to the first activity, and wherein the first token comprises a first alphanumeric identifier uniquely identifying the associated activity class (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on; [0082] “In other embodiments, the user activity sequence system 104 may generate a first token corresponding to a first activity event, and at a later time, generate a second token corresponding to a second activity event (e.g., a next activity event). Thus, in some embodiments, the user activity sequence system 104 may perform the foregoing acts 302-310 on a rolling basis (e.g., as the system identifies a new activity event) until the user activity sequence system 104 completes a series of sequential tokens”); and using the plurality of vector encodings and the plurality of time-ordered sequences, training a machine learning model to predict output vector encodings based on input sequences (Kulkarni [0042] tokens used to train the language model), wherein the machine learning model generates predictions of expected communications by users based on corresponding input activity logs (Kulkarni [0046] predict next word/hash/token; [0047-0049]). Kulkarni does not explicitly disclose and generates, based on comparing an account status indicated by the predictions of the expected communications with one or more account management rules in an account management ruleset, one or more recommendations for a system security action of the system security actions. Austraat teaches and generates, based on comparing an account status indicated by the predictions of the expected communications with one or more account management rules in an account management ruleset (Austraat [0170], [0173], [0176-0179] predict risk if escalation required), one or more recommendations for a system security action of the system security actions (Austraat [0189-0191] matrix assign certainty and risk; [0198-0199] “based on the risk score exceeding the threshold, an escalatory procedure should be triggered, where the escalatory procedure includes storing the unstructured data to a restricted location and modifying an agent workflow of the agent that is interacting with the user. For instance, based on the risk score meeting or surpassing the threshold amount, the computer system may display a notification on the electronic device of an agent (i.e., an agent device), where the notification instructs the agent to perform an escalatory procedure. For instance, the notification may indicate that the user must transfer the call to a primary agent that is better equipped to handle these types of calls.”). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the method of predicting communications disclosed by Kulkarni with the account status determination and recommendation taught by Austraat. The motivation for this combination would be to better identify the nature of user accounts and communications being analyzed recognized as important by Austraat (Austraat [0167]). Regarding Claim 2: The combination of Kulkarni and Austraat further teaches the system of claim 1, wherein the instructions, when executed by the one or more processors, cause operations further comprising (Kulkarni [0021], [0129]): receiving an input activity log, wherein the input activity log is associated with a user account and comprises a list of user activities (Kulkarni Fig. 2 and [0041] “’raw event data’ refers to digital information associated with an activity event. Accordingly, the raw event data 210a-210n may include, for example, information regarding digital content item location, name (e.g., filename), size, extension, contents, access privileges (e.g., view/edit/comment privileges), author, group access, timestamps of activities, type of activity (i.e., which specific activity event), user IDs associated with the digital content item, user IDs associated with events corresponding to the digital content item, device IDs or device types associated with events, whether an action was taken on particular digital content item, etc.”), and wherein each user activity in the list of user activities corresponds to an associated activity timestamp (Kulkarni Fig. 2 and [0041] raw event data includes a timestamp); generating a plurality of tokens based on user activities within the list of user activities and based on the set of criteria, wherein the first token comprises the first alphanumeric identifier that represents the first activity type for a first user activity of the list of user activities, wherein the second token comprises a second alphanumeric identifier that represents the second activity type, and wherein the plurality of tokens comprise the first token (Kulkarni Fig. 2 series of sequential tokens, [0041] “type of activity (i.e., which specific activity event)”, [0042] the token generated represents the type of activity that the token was generated on; [0082] “In other embodiments, the user activity sequence system 104 may generate a first token corresponding to a first activity event, and at a later time, generate a second token corresponding to a second activity event (e.g., a next activity event). Thus, in some embodiments, the user activity sequence system 104 may perform the foregoing acts 302-310 on a rolling basis (e.g., as the system identifies a new activity event) until the user activity sequence system 104 completes a series of sequential tokens”); based on the plurality of tokens, generating a time-ordered sequence of tokens ordered based on an activity timestamp associated with a user activity for the plurality of tokens (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on, [0082]); based on inputting the time-ordered sequence of tokens into the machine learning model, generating an output vector encoding that represents syntax and lexicon for a predicted communication based on the input activity log (Kulkarni [0044] encoder may be used; [0046-0047]; [0092] embodiments may encode features/tokens to generate an event vector); based on comparing the account status indicated by the predicted communication with one or more account management rules in the account management ruleset, generating one or more recommendations for the system security action of the system security actions (Austraat [0170], [0173], [0176-0179] predict risk if escalation required; [0189-0191] matrix assign certainty and risk; [0198-0199] “based on the risk score exceeding the threshold, an escalatory procedure should be triggered, where the escalatory procedure includes storing the unstructured data to a restricted location and modifying an agent workflow of the agent that is interacting with the user. For instance, based on the risk score meeting or surpassing the threshold amount, the computer system may display a notification on the electronic device of an agent (i.e., an agent device), where the notification instructs the agent to perform an escalatory procedure. For instance, the notification may indicate that the user must transfer the call to a primary agent that is better equipped to handle these types of calls.”). Regarding Claim 3 and 18: Claim 3. Kulkarni discloses a method for recommending system security actions for data servers, the method comprising (Kulkarni [0021] “Based on the predicted user activity event, the user activity sequence system can provide recommendations and suggestions, perform actions (e.g., sync a file with a particular device), and/or perform other digital actions”): receiving, for a user account, an input activity log comprising a list of user activities (Kulkarni Fig. 2 and [0041] “’raw event data’ refers to digital information associated with an activity event. Accordingly, the raw event data 210a-210n may include, for example, information regarding digital content item location, name (e.g., filename), size, extension, contents, access privileges (e.g., view/edit/comment privileges), author, group access, timestamps of activities, type of activity (i.e., which specific activity event), user IDs associated with the digital content item, user IDs associated with events corresponding to the digital content item, device IDs or device types associated with events, whether an action was taken on particular digital content item, etc.”), wherein each user activity in the list of user activities has a corresponding activity timestamp (Kulkarni Fig. 2 and [0041] raw event data includes a timestamp); generating a plurality of tokens based on the list of user activities and based on a set of criteria (Kulkarni Fig. 2 series of sequential tokens, [0041] “type of activity (i.e., which specific activity event)”, [0042] the token generated represents the type of activity that the token was generated on) that specifies a first token for a first activity type and a second token for a second activity type, wherein the first token comprises a first alphanumeric identifier that represents the first activity type for a first user activity of the list of user activities, wherein the second token comprises a second alphanumeric identifier that represents the second activity type, and wherein the plurality of tokens comprise the first token (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on “Based on the raw event data 210a-210n, the user activity sequence system 104 generates respective series of sequential tokens 204 for analysis at the natural language model 202. Generally, the user activity sequence system transforms raw event data by generating activity event vectors with feature embeddings and hashing activity event vectors to generate an event token.”; [0082] “In other embodiments, the user activity sequence system 104 may generate a first token corresponding to a first activity event, and at a later time, generate a second token corresponding to a second activity event (e.g., a next activity event). Thus, in some embodiments, the user activity sequence system 104 may perform the foregoing acts 302-310 on a rolling basis (e.g., as the system identifies a new activity event) until the user activity sequence system 104 completes a series of sequential tokens”); based on the plurality of tokens, generating a time-ordered sequence of tokens ordered based on the corresponding activity timestamp associated with the first user activity for the plurality of tokens (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on, [0082]); based on inputting the time-ordered sequence of tokens into a machine learning model, generating an output vector encoding that represents syntax and lexicon for a predicted communication based on the input activity log (Kulkarni [0044] encoder may be used; [0046-0047]; [0092] embodiments may encode features/tokens to generate an event vector); based on inputting the output vector encoding into a vector encoding model, generating the predicted communication (Kulkarni [0046] predict next word/hash/token; [0047-0049]). Kulkarni does not explicitly disclose and generating, based on comparing an account status indicated by the predicted communication with one or more account management rules in an account management ruleset, one or more recommendations for a system security action of the system security actions. Austraat teaches and generating, based on comparing an account status indicated by the predicted communications with one or more account management rules in an account management ruleset (Austraat [0170], [0173], [0176-0179] predict risk if escalation required), one or more recommendations for a system security action of the system security actions (Austraat [0189-0191] matrix assign certainty and risk; [0198-0199] “based on the risk score exceeding the threshold, an escalatory procedure should be triggered, where the escalatory procedure includes storing the unstructured data to a restricted location and modifying an agent workflow of the agent that is interacting with the user. For instance, based on the risk score meeting or surpassing the threshold amount, the computer system may display a notification on the electronic device of an agent (i.e., an agent device), where the notification instructs the agent to perform an escalatory procedure. For instance, the notification may indicate that the user must transfer the call to a primary agent that is better equipped to handle these types of calls.”). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the method of recommending security actions by using tokens inputted into a machine learning model disclosed by Kulkarni with the account status determination, comparison, and recommendation taught by Austraat. The motivation for this combination would be to better identify the nature of user accounts and communications being analyzed recognized as important by Austraat (Austraat [0167]). Claim 18 recites substantially the same content and is therefore rejected under the same rationales. Kulkarni also discloses one or more non-transitory, computer-readable media comprising instructions that, when executed by one or more processors, cause operations (Kulkarni [0129]). Regarding Claims 4 and 19: Claim 4. The combination of Kulkarni and Austraat further teaches the method of claim 3, further comprising (Kulkarni [0021]): receiving a communication dataset and an activity dataset (Kulkarni Fig. 2 and [0041]), wherein the communication dataset comprises a plurality of communications with a first communication related to a corresponding user (Kulkarni Fig. 2 and [0041] “’raw event data’ refers to digital information associated with an activity event. Accordingly, the raw event data 210a-210n may include, for example, … author, group access, timestamps of activities, type of activity (i.e., which specific activity event), user IDs associated with the digital content item, user IDs associated with events corresponding to the digital content item”), wherein the activity dataset comprises a plurality of activity logs (Kulkarni Fig. 2 and [0041]), and wherein the first communication is associated with a corresponding activity log (Kulkarni Fig. 2 and [0041] timestamps); using the vector encoding model, generating a plurality of vector encodings for the plurality of communications, wherein the plurality of vector encodings represents natural language of communications in a vector space (Kulkarni [0044] encoder may be used; [0046-0047]; [0092] embodiments may encode features/tokens to generate an event vector; [0024] natural language model utilized); determining an associated activity class, of a plurality of activity classes for a first activity in the plurality of activity logs, wherein the associated activity class of the plurality of activity classes classifies activities based on a corresponding criteria of the set of criteria (Kulkarni Fig. 2 series of sequential tokens, [0041] “type of activity (i.e., which specific activity event)”, [0042] the token generated represents the type of activity that the token was generated on, [0082]); generating a plurality of time-ordered sequences of tokens for the plurality of activity logs (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on), wherein a first activity log of the plurality of activity logs has a corresponding time-ordered sequence of tokens (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on), wherein the first activity log specifies the first activity, wherein the first activity corresponds to a token of the time-ordered sequence of tokens, wherein the first token corresponds to the first activity (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on, [0082]) and wherein the token of the time-ordered sequence of tokens uniquely identifies the associated activity class (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on); and using the plurality of vector encodings and the plurality of time-ordered sequences, training the machine learning model to predict output vector encodings based on input sequences (Kulkarni [0042] tokens used to train the language model), wherein the machine learning model enables generation of predictions of expected communications by users based on corresponding input activity logs (Kulkarni [0046] predict next word/hash/token; [0047-0049]). Claim 19 recites substantially the same content and is therefore rejected under the same rationales. Regarding Claims 5 and 20: The combination of Kulkarni and Austraat further teaches the method of claim 4 (Kulkarni [0021]), wherein generating the plurality of time-ordered sequences of tokens for the plurality of activity logs comprises: retrieving the first communication from the plurality of communications (Kulkarni Fig. 2 and 5, [0102-0105] receive and pre-filter event data); based on first metadata corresponding to the first communication, identifying a corresponding user identifier and a corresponding communication timestamp (Kulkarni Fig. 2 and 5; [0041] raw event data includes a timestamp, [0104]); based on the corresponding user identifier and the corresponding communication timestamp corresponding to the first communication, retrieving the first activity log (Kulkarni [0104] may filter by timestamp and user id); and based on the first activity log, generating a first time-ordered sequence of tokens for the plurality of time-ordered sequences (Kulkarni [0105]). Claim 20 recites substantially the same content and is therefore rejected under the same rationales. Regarding Claim 6: The combination of Kulkarni and Austraat further teaches the method of claim 5, further comprising (Kulkarni [0021]): generating, using the vector encoding model, a first vector encoding for the first communication, wherein the first vector encoding represents natural language of the first communication in the vector space (Kulkarni Fig. 5 and [0107] apply tokens to the natural language model); based on inputting the first time-ordered sequence of tokens into the vector encoding model, generating a seed vector encoding, wherein the seed vector encoding represents syntax and lexicon for a seed communication based on the first activity log (Kulkarni Fig. 5, [0109-0111] may learn parameters to iterate further training cycles upon; [0043-0046]); based on inputting the seed vector encoding into the machine learning model, generating a resulting sequence of tokens, wherein the resulting sequence of tokens represents a predicted activity log based on the seed communication (Kulkarni Fig. 5, [0109-110] “In some embodiments (e.g., where the natural language model 202 is an artificial neural network), the user activity sequence system 104 can compare the predicted activity to a ground truth (i.e., an actual next event as included in the corpus of series of sequential tokens 510) at act 514”; [0111-0113] vector encoding); and generating training data for training the machine learning model to predict the output vector encodings based on the input sequences, wherein the training data comprises the first vector encoding and the resulting sequence of tokens (Kulkarni [0109-0113] may learn parameters to iterate further training cycles upon and keep training the model(s)). Regarding Claim 7: The combination of Kulkarni and Austraat further teaches the method of claim 4 (Kulkarni [0021]), wherein determining the associated activity class comprises: retrieving, from the activity dataset, the first activity log based on the first activity log corresponding to a first user account (Kulkarni Fig. 2 and [0041]), wherein the first activity log comprises a first plurality of user activities and a corresponding plurality of activity timestamps (Kulkarni Fig. 2 and [0041] user data and timestamps); determining, based on the set of criteria, the associated activity class for each activity within the first activity log (Kulkarni [0041] “type of activity (i.e., which specific activity event)”, [0082]); and based on determining the associated activity class for each activity within the first activity log, generating a set of time-ordered activity classes corresponding to the first activity log (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on, [0082]). Regarding Claim 8: The combination of Kulkarni and Austraat further teaches the method of claim 7 (Kulkarni [0021]), further comprising: generating a set of tokens based on the set of tokens corresponding to the set of time-ordered activity classes, wherein each token of the set of tokens comprises an associated alphanumeric identifier representing each activity class of the set of time-ordered activity classes (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on, [0082]); and based on the set of tokens corresponding to the set of time-ordered activity classes, generating the corresponding time-ordered sequence of tokens for the first activity log using the corresponding plurality of activity timestamps (Kulkarni Fig. 2 series of sequential tokens, [0041] timestamps of activities, [0042] the token generated represents the type of activity that the token was generated on). Regarding Claim 9: The combination of Kulkarni and Austraat further teaches the method of claim 4 (Kulkarni [0021]), wherein generating the plurality of vector encodings for the plurality of communications comprises generating, based on the first communication of the plurality of communications, a plurality of natural language units, wherein each natural language unit of the plurality of natural language units represents any one of a word, a phrase, or a sentence (Kulkarni [0046] predict next word/hash/token; [0047-0049]). Regarding Claim 10: The combination of Kulkarni and Austraat further teaches the method of claim 9 (Kulkarni [0021]), further comprising: based on the plurality of natural language units, generating an array of natural language tokens, wherein each natural language token of the array of natural language tokens comprises a corresponding numeric representation of each natural language unit of the plurality of natural language units (Kulkarni [0111] 17-dimensional one-hot vector of frequent user actions/activity disclosed); and based on inputting the array of natural language tokens into the vector encoding model, generating the plurality of vector encodings for the plurality of communications (Kulkarni [0111] 17-dimensional one-hot vector of frequent user actions/activity used to create the dense layer to predict). Regarding Claim 11: Kulkarni discloses the method of claim 4 (Kulkarni [0021]). Kulkarni does not disclose further comprising: determining that the first communication of the communication dataset comprises a first telephonic communication, wherein the first telephonic communication comprises audio data of a conversation between two users; based on inputting the first telephonic communication into a speech recognition model, generating a first telephonic transcript for the first communication; and generating the plurality of vector encodings to include a first vector encoding of the first telephonic transcript. Austraat teaches further comprising: determining that a first communication of the communication dataset comprises a first telephonic communication, wherein the first telephonic communication comprises audio data of a conversation between two users (Austraat [0075]); based on inputting the first telephonic communication into a speech recognition model, generating a first telephonic transcript for the first communication (generating a first telephonic transcript for the first communication;); and generating the plurality of vector encodings to include a first vector encoding of the first telephonic transcript (Austraat [0110-0112] encoding and vectorizing communications). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the method of predicting communications disclosed by Kulkarni with the speech recognition and transcription taught by Austraat. The motivation for this combination would be to enhance the prediction ability of the method by enabling the ingestion of speech data to be encoded and used to predict further expected communications. Regarding Claim 12: The combination of Kulkarni and Austraat further teaches the method of claim 4 (Kulkarni [0021]), further comprising: determining that the first communication of the communication dataset comprises first form data, wherein the first form data comprises information submitted, through an electronic form, by the corresponding user associated with a corresponding user account (Kulkarni [0041] “raw event data can include information regarding communication between users, channels of communication (e.g., email or instant messaging), calendar items, task list management (e.g., creating tasks, reminding users of tasks, and completing tasks). In essence, any event initiated by a user within the content management system, for example, can result in raw event data that includes descriptive features corresponding to the event.”); based on extracting text from fields associated with the first form data, generating a first array of natural language units, wherein each natural language unit of the first array of natural language units represents any one of a word, a phrase, or a sentence (Kulkarni [0046] predict next word/hash/token; [0047-0049]); and based on inputting the first array of natural language units into the vector encoding model, generating the plurality of vector encodings to include a first vector encoding of the first form data (Kulkarni [0111] 17-dimensional one-hot vector of frequent user actions/activity used to create the dense layer to predict). Regarding Claim 13: Kulkarni discloses the method of claim 3 (Kulkarni [0021]). Kulkarni does not disclose further comprising: based on the predicted communication, determining a user account status, wherein the user account status indicates a risk level for the user account; and generating a recommendation for a system security action, wherein the recommendation comprises a suggested warning message to a user of the user account based on the user account status. Austraat teaches further comprising: based on the predicted communication, determining a user account status, wherein the user account status indicates a risk level for the user account (Austraat [0170], [0173], [0176-0179] predict risk if escalation required); and generating a recommendation for a system security action, wherein the recommendation comprises a suggested warning message to a user of the user account based on the user account status (Austraat [0185]). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the method of predicting communications disclosed by Kulkarni with the account status determination and recommendation taught by Austraat. The motivation for this combination would be to better identify the nature of user accounts and communications being analyzed recognized as important by Austraat (Austraat [0167]). Regarding Claim 14: The combination of Kulkarni and Austraat further teaches the method of claim 13 (Kulkarni [0021]), wherein, based on the predicted communication, determining the user account status comprises: extracting, from a key phrase database, a plurality of key phrases, wherein each key phrase of the plurality of key phrases is associated with an account status indicator, wherein the account status indicator comprises an indication of an explanation of the input activity log (Austraat [0185]); and based on determining that the predicted communication includes a first key phrase of the plurality of key phrases, determining a first account status indicator for the user account status (Austraat [0185]). Regarding Claim 15: The combination of Kulkarni and Austraat further teaches the method of claim 13 (Kulkarni [0021]), wherein generating the recommendation for the system security action comprises: based on comparing the user account status with account management rules in an account management ruleset (Austraat [0189-0191] matrix assign certainty and risk), determining a first account management rule, based on the first account management rule corresponding to the user account status, wherein the account management ruleset comprises a plurality of rules for suggesting account actions based on account statuses (Austraat [0189-0191]); and generating the recommendation for the system security action to include a description of the first account management rule (Austraat [0198] “based on the risk score exceeding the threshold, an escalatory procedure should be triggered, where the escalatory procedure includes storing the unstructured data to a restricted location and modifying an agent workflow of the agent that is interacting with the user. For instance, based on the risk score meeting or surpassing the threshold amount, the computer system may display a notification on the electronic device of an agent (i.e., an agent device), where the notification instructs the agent to perform an escalatory procedure. For instance, the notification may indicate that the user must transfer the call to a primary agent that is better equipped to handle these types of calls.”). Regarding Claim 16: The combination of Kulkarni and Austraat further teaches the method of claim 3 (Kulkarni [0021]), wherein generating the plurality of tokens based on the set of criteria comprises: extracting, from a user activity dataset, user activity metadata, based on the user activity dataset corresponding to each user activity of the list of user activities (Kulkarni Fig. 2 series of sequential tokens, [0041] activity metadata contemplated); based on comparing the user activity metadata with each criteria of the set of criteria, determining a corresponding activity class for each user activity of the list of user activities (Kulkarni Fig. 2 series of sequential tokens, [0041] “type of activity (i.e., which specific activity event)”, [0082]); and generating a corresponding alphanumeric identifier for each user activity of the list of user activities (Kulkarni Fig. 2 series of sequential tokens, [0041] “type of activity (i.e., which specific activity event)”, [0042] the token generated represents the type of activity that the token was generated on [0082]), wherein the corresponding alphanumeric identifier for each user activity of the list of user activities uniquely identifies the corresponding activity class for each user activity of the list of user activities (Kulkarni Fig. 2 series of sequential tokens, [0041] “type of activity (i.e., which specific activity event)”, [0042] the token generated represents the type of activity that the token was generated on). Regarding Claim 17: The combination of Kulkarni and Austraat further teaches the method of claim 16 (Kulkarni [0021]), wherein generating the corresponding alphanumeric identifier for each user activity of the list of user activities comprises: extracting, from first user activity metadata corresponding to the first user activity of the list of user activities (Kulkarni Fig. 2 series of sequential tokens, [0041] activity metadata contemplated), a first resource type associated with the first user activity, wherein the first resource type indicates a classification of a first resource associated with the user account (Kulkarni [0041] various types of resources enumerated); extracting, from the first user activity metadata, a first resource size associated with the first user activity, wherein the first resource size indicates classification of a size of the first resource (Kulkarni [0041] content size); and determining the first alphanumeric identifier for the first user activity, wherein the first alphanumeric identifier identifies an activity class, based on the activity class corresponding to the first resource type and the first resource size (Kulkarni [0041-0042] tokenize based on size and various raw data, [0082]). Conclusion The prior art made of record in the submitted PTO-892 Notice of References Cited and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MIGUEL A LOPEZ whose telephone number is (703)756-1241. The examiner can normally be reached 8:00AM-5:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /M.A.L./ Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/ Supervisory Patent Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Show 4 earlier events
Oct 15, 2025
Response Filed
Oct 15, 2025
Applicant Interview (Telephonic)
Dec 19, 2025
Final Rejection mailed — §103
Jan 16, 2026
Interview Requested
Feb 24, 2026
Request for Continued Examination
Mar 08, 2026
Response after Non-Final Action
Apr 08, 2026
Response Filed
May 04, 2026
Non-Final Rejection mailed — §103 (current)

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
8%
Grant Probability
20%
With Interview (+12.5%)
3y 1m (~1m remaining)
Median Time to Grant
High
PTA Risk
Based on 26 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month