Prosecution Insights
Last updated: July 17, 2026
Application No. 18/354,883

Systems and methods for policy-based distributed packet capture

Final Rejection §101§112
Filed
Jul 19, 2023
Examiner
JAKOVAC, RYAN J
Art Unit
2445
Tech Center
2400 — Computer Networks
Assignee
Zscaler Inc.
OA Round
4 (Final)
66%
Grant Probability
Favorable
5-6
OA Rounds
10m
Est. Remaining
83%
With Interview

Examiner Intelligence

Grants 66% — above average
66%
Career Allowance Rate
404 granted / 615 resolved
+7.7% vs TC avg
Strong +18% interview lift
Without
With
+17.5%
Interview Lift
resolved cases with interview
Typical timeline
3y 10m
Avg Prosecution
30 currently pending
Career history
655
Total Applications
across all art units

Statute-Specific Performance

§101
1.2%
-38.8% vs TC avg
§103
87.4%
+47.4% vs TC avg
§102
7.9%
-32.1% vs TC avg
§112
2.4%
-37.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 615 resolved cases

Office Action

§101 §112
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments filed 5/11/2026 have been fully considered and are moot in view of the new grounds of rejection presented herein. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (B) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. Claim(s) 1-4, 6-14, 16-22 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention. Regarding claim 1, applicant' s recitation of “pruning the packet capture data in the one or more packet capture caches in accordance with the pruning instructions, wherein the pruning is performed before the packet capture data is sent to the packet store and includes retaining only relevant data based on risk scores and event-based triggers; sending, after the pruning, the packet capture data to a packet store associated with a tenant of a cloud-based system; expunging the packet capture data from the one or more packet capture caches, the packet capture data from the one or more packet capture caches after the packet capture data is sent to the packet store.” would have been unclear to one of ordinary skill in the art. It is unclear if “the packet store” refers to in the expunging step is the “a packet store” as referencing in the “sending, after pruning” step, or whether “the packet store” refers to in the expunging step refers to “the packet store” referenced in the pruning step. Claim 11 recites similar language and is addressed by similar rationale. Dependent claims not addressed are rejected for incorporating the deficiencies of their respective parent claims. Claim 1 recites the limitation "the packet store". There is insufficient antecedent basis for this limitation in the claim. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-4, 6-14, and 15-22 are rejected under 35 USC 101 because the claimed invention is directed towards nonstatutory subject matter. The claims are rejected because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. Exemplary claim 1 recites the following: Claim 1 recites a method comprising steps of: collecting, at one or more capture points distributed across one or more cloud environments, packet capture data; retaining the packet capture data at one or more packet capture caches associated with the one or more capture points, the packet capture data being retained locally at the capture points as time-sliced portions; indexing the time-sliced portions of the packet capture data and reporting an index of the time-sliced portions to a multi-tenant packet capture central authority; receiving, at the one or more capture points from the multi-tenant packet capture central authority, pruning instructions generated by the multi-tenant packet capture central authority based at least in part on the reported index of the time-sliced portions and on telemetry from one or more cloud security systems; pruning the packet capture data in the one or more packet capture caches in accordance with the pruning instructions, wherein the pruning is performed before the packet capture data is sent to the packet store and includes retaining only relevant data based on risk scores and event-based triggers; sending, after the pruning, the packet capture data to a packet store associated with a tenant of a cloud-based system; expunging the packet capture data from the one or more packet capture caches, the packet capture data from the one or more packet capture caches after the packet capture data is sent to the packet store. The broadest reasonable interpretation of element c)’s recitation “indexing the time-sliced portions of the packet capture data”; element e); and element g) is that the indexing, pruning, and expunging functions fall within the mental process groupings of abstract ideas because they cover concepts performed in the human mind (or pen and paper), including observation, evaluation, judgment, and opinion. See MPEP 2106.04(a)(2), subsection III. The claim recites additional elements in a), b), element c)’s “reporting an index of the time-sliced portions to a multi-tenant packet capture central authority”; d), and f) which are mere data gathering, data reception/transmission recited at a high level of generality and which describe the use of a computer as a tool to perform the generic function of receiving and transmitting data, and thus are insignificant extra solution activity which fail to impose any meaningful limits on the claims . See MPEP 2106.05(g). The additional claim elements directed to the “computable readable medium”, and “one or more processors” are addressed by similar rationale. The additional elements mentioned above merely dot integrate the exception(s) into a practical application. The additional elements confine the use of the abstract idea to a particular technological environment and thus fail to add an inventive concept to the claims. When viewed in combination, these additional elements do not integrate the recited judicial exception into a practical application. The additional elements do not amount to significantly more than the judicial exception as they add insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g) and generally link the use of the judicial exception to a particular technological field of use – see MPEP 2106.05(h). Moreover, the additional elements represent well-understood, routine, and conventional activity. See MPEP 2106.05(d), subsection II. Even when considered in combination, these additional elements represent mere instructions to implement an abstract idea or other exception on a computer and insignificant extra-solution activity, which do not provide an inventive concept. The remaining claims and/or claim language is addressed by similar rationale as provided above. CONCLUSION Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to RYAN J JAKOVAC whose telephone number is (571)270-5003. The examiner can normally be reached on 8-4 PM EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A. Louie can be reached on 572-270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /RYAN J JAKOVAC/Primary Examiner, Art Unit 2445
Read full office action

Prosecution Timeline

Show 2 earlier events
Jun 25, 2025
Response Filed
Oct 15, 2025
Final Rejection mailed — §101, §112
Dec 09, 2025
Response after Non-Final Action
Jan 15, 2026
Request for Continued Examination
Jan 25, 2026
Response after Non-Final Action
Feb 09, 2026
Non-Final Rejection mailed — §101, §112
May 11, 2026
Response Filed
Jun 03, 2026
Final Rejection mailed — §101, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12684038
SYSTEMS AND METHODS FOR INTELLIGENT LOAD BALANCING OF HOSTED SESSIONS
3y 9m to grant Granted Jul 14, 2026
Patent 12684014
METHODS AND SYSTEMS FOR DETECTING DENIAL OF SERVICE ATTACKS ON A NETWORK
2y 3m to grant Granted Jul 14, 2026
Patent 12671699
CAMPAIGN INTELLIGENCE AND VISUALIZATION FOR COMBATING CYBERATTACKS
2y 5m to grant Granted Jun 30, 2026
Patent 12641101
EXPLORING ASSOCIATION RULES TO AID IN THE TRACKABILITY OF ROOT CAUSES OF ABNORMAL EVENTS AND IN THE GENERATION OF MORE PRECISE AND CONCISE EXPLANATIONS FOR ANOMALY DETECTION TECHNIQUES
2y 7m to grant Granted May 26, 2026
Patent 12615286
Keystroke Log Monitoring Systems
3y 0m to grant Granted Apr 28, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
66%
Grant Probability
83%
With Interview (+17.5%)
3y 10m (~10m remaining)
Median Time to Grant
High
PTA Risk
Based on 615 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month