Office Action Predictor
Last updated: April 15, 2026
Application No. 18/459,113

MANAGING IMPACT OF POISONED INFERENCES ON INFERENCE CONSUMERS USING DIGITAL TWINS

Final Rejection §103§DP
Filed
Aug 31, 2023
Examiner
XIE, EDGAR WANGSHU
Art Unit
2433
Tech Center
2400 — Computer Networks
Assignee
Dell Products L.P.
OA Round
2 (Final)
82%
Grant Probability
Favorable
3-4
OA Rounds
2y 7m
To Grant
99%
With Interview

Examiner Intelligence

Grants 82% — above average
82%
Career Allow Rate
14 granted / 17 resolved
+24.4% vs TC avg
Strong +38% interview lift
Without
With
+37.5%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
15 currently pending
Career history
32
Total Applications
across all art units

Statute-Specific Performance

§101
15.3%
-24.7% vs TC avg
§103
57.1%
+17.1% vs TC avg
§102
8.8%
-31.2% vs TC avg
§112
12.4%
-27.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 17 resolved cases

Office Action

§103 §DP
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Detailed Action Amendment/Request for Reconsideration filed on 9/24/2025 for patent application no. 18/459,113 has been acknowledged. Claims 1-20 are currently pending and have been considered below. Claims 1, 11, and 16 are independent claims. Information Disclosure Statement The information disclosure statements (IDS’s) submitted on 09/04/2025 and 09/19/2025 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner. Response to Arguments Applicant's arguments filed on 09/24/2025 have been fully considered but they are not persuasive. The reasons set forth below. On page 8 of the remarks, filed on 09/24/2025, applicant argues: “The Office Action on page 5 acknowledges that Sarkar does not disclose the above limitations (noting that the Examiner has crossed out "due to the poisoned inference"). Applicant respectfully asserts that this acknowledgement demonstrates that Sarkar and Chen are insufficient to establish unpatentability of the independent claims.” Examiner respectfully disagrees. Examiner understands the applicant’s argument, but would like to clarify that Sarkar and Chen were not relied upon to teach the limitation of “poisoned inference.” A method of managing inferences,” including “a poisoned inference” is explicitly taught by co-pending application no. 18/459,133. On page 8 of the remarks, filed on 09/24/2025, applicant argues: “In contrast, the above limitations require obtaining a quantification of deviation of operation of the inference consumer due to the poisoned inference using a model of the inference consumer. Sarkar does not disclose anything like analyzing how the poisoned inference causes deviations of operation of the inference consumer.” Examiner respectfully disagrees. Examiner thanks the applicant for the discussion and distinctions pointed out on page 9 to support this argument: “However, as noted in paragraphs [0018]-[0019] of the specification of the subject application, Sarkar's approach is unacceptable because a poisoned inference may, in fact, have little impact on the operation of the inference consumer. … Sarkar's approach of analyzing the inferences themselves, therefore, causes needless consumption of computing resources.” Highlighting the impact of Sarkar’s approach on a consumer’s operation may be different from the claim invention, and the further impact of consumption of computing resources helps to clarify the claimed inventive concept. Examiner would like to note that claim limitations from dependent claim 5 would better clarify the method of comparing or quantifying, between first and second operation data, each being provided replacement inference and poisoned inference, respectively. Please note that this would not necessarily place the application in condition for allowance, as allowability of any amended claims would require an updated search. Unfortunately, examiner can only examine the independent claim, as is. The broadest reasonable interpretation of “operation of the inference consumer due to the poisoned inference” is inclusive of compute power usage, various operational metrics, but also includes “the poisoned inference” itself. Therefore, Sarkar teaches the evaluation of, or “obtaining a quantification of deviation of,” the “operation of the inference consumer due to the poisoned inference.” On page 10 of the remarks, filed on 09/24/2025, applicant argues: “First, the combination of Joshi, Sarkar, and Chen alleged to read on the independent claims is improper. … This rationale is improper for two reasons. … First, the rationale fails to explain how any benefit by the combination is provided. While processing and storage may vary, this citation from Sarkar does not in anyway explain how combining Sarkar with Joshi provides any actual benefit. Rather, this is a mere conclusory statement which is improper.” Examiner respectfully disagrees. Sarkar is relied up to teach the following limitations: “obtaining a quantification of deviation of operation ...” and “making a determination regarding whether to remediate...” that Joshi does not explicitly teach. Sarkar’s teachings offer benefits and improvements to Joshi, because the cited paragraphs of Joshi teach “the needs for processing” that “vary for the different phases of an AI data pipeline.” One cannot anticipate all of the issues in all of the different phases, and since these issues are not explicitly taught by Joshi, Sarkar’s teachings were cited. More specifically, Sarkar’s teachings offer benefits to and improvements for the following phases in an AI data pipeline: “data ingestion, model training, and model serving for inference.” On pages 10-11 of the remarks, filed on 09/24/2025, applicant argues: “Second, this explanation fails to consider all of the teachings of Joshi, which is improper. MPEP 2143.01(II). Pages 2-3 of Joshi disclose that, at best, poisoning attacks are difficult to identify. Thus, Joshi concludes that rather than attempting to identify and fix poisoning, the correct course of action is to proactively prevent such attacks. … Thus, one of ordinary skill in the art, in view of all of Joshi's teachings, would actually conclude that Sarkar's approach is ineffective and should be avoided. Further, one of ordinary skill in the art would further conclude that Sarkar's approach would not provide any contemplated advantage to Joshi's system because Joshi's proactive approach will, in fact, prevent poisoned inferences from even being generated.” Examiner respectfully disagrees. Joshi discloses a problem within the cybersecurity and AI field that data poisoning is a problem, raises the question of “How Can Data Poisoning Instances be Detected and Prevented?” (Joshi, page 2), and finally, in his own words, offers some suggestions to block or detect: “Models are retrained with new data at regular intervals, and it is during this retraining period that poisonous data can be introduced into the training dataset. Since it happens over time, it is hard to track such activities. Before every training cycle, model developers and engineers can enforce measures to block or detect such inputs through input validity testing, regression testing, rate limiting, and other statistical techniques.” (Joshi, page 2) Since Joshi explicitly discloses the idea that developers and engineers can enforce measures to detect through validity testing or other methods, Examiner is not able to find support that Joshi teaches away from “attempting to identify and fix poisoning.” (Remarks, page 10) Thus, one of ordinary skill in the art of cybersecurity, in view of all of Joshi's teachings, with the understanding of a core concept in cybersecurity of defense-in-depth, which requires implementations of layers of different detection techniques, different prevention techniques, and different remediation techniques, would not “conclude that Sarkar's approach is ineffective and should be avoided.” (Remarks, page 11) Further, one of ordinary skill in the art would further conclude that Sarkar's approach may provide contemplated advantages of detection and remediation techniques to alleviate the problem of data poisoning, as contemplated by Joshi, because one of ordinary skill in the art would possess the implicit understanding that any proactive approach, including Joshi’s teaching, would not be effective 100% of the time in preventing poisoned inferences from being generated. Examiner is not able to find support in Joshi’s teachings, nor does Joshi claim, that his proactive approach will prevent “any poisoned inferences from being generated” (Remarks, page 11) to a level where other detection or remediation approaches would be entirely unnecessary. On page 11 of the remarks, filed on 09/24/2025, applicant argues: “The Office Action on page 5 acknowledges that Sarkar does not disclose the above limitations (noting that the Examiner has crossed out "due to the poisoned inference"). Applicant respectfully asserts that this acknowledgement demonstrates that Sarkar and Chen are insufficient to establish unpatentability of the independent claims.” Examiner respectfully disagrees. Examiner understands the applicant’s argument, but would like to clarify that Sarkar and Chen were not relied upon to teach the limitation of “poisoned inference.” A method of managing inferences,” including “a poisoned inference” is explicitly taught by co-pending application no. 18/459,133. On pages 11-12 of the remarks, filed on 09/24/2025, applicant argues: “In contrast, the above limitations require obtaining a quantification of deviation of operation of the inference consumer due to the poisoned inference using a model of the inference consumer. Sarkar does not disclose anything like analyzing how the poisoned inference causes deviations of operation of the inference consumer.” Examiner respectfully disagrees. Examiner thanks the applicant for the discussion and distinctions pointed out on page 12 of the Remarks to support this argument: “However, as noted in paragraphs [0018]-[0019] of the specification of the subject application, Sarkar's approach is unacceptable because a poisoned inference may, in fact, have little impact on the operation of the inference consumer. … Sarkar's approach of analyzing the inferences themselves, therefore, causes needless consumption of computing resources.” Highlighting the impact of Sarkar’s approach on a consumer’s operation may be different from the claim invention, and the further impact of consumption of computing resources helps to clarify the claimed inventive concept. Examiner would like to note that claim limitations from dependent claim 5 would better clarify the method of comparing or quantifying, between first and second operation data, each being provided replacement inference and poisoned inference, respectively. Please note that this would not necessarily place the application in condition for allowance, as allowability of any amended claims would require an updated search. Unfortunately, examiner can only examine the independent claim, as is. The broadest reasonable interpretation of “operation of the inference consumer due to the poisoned inference” is inclusive of compute power usage, various operational metrics, but also includes “the poisoned inference” itself. Therefore, Sarkar teaches the evaluation of, or “obtaining a quantification of deviation of,” the “operation of the inference consumer due to the poisoned inference.” Thus, the double patenting rejection and 35 USC 103 rejections are maintained and reproduced below. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1, 11, and 16 are provisionally rejected on the ground of non-statutory obviousness-type double patenting as being unpatentable over claim 1 of co-pending Application No. 18/459,133 (US Patent Application No. US 2025/0077650 A1) in view of Sarkar (US Patent Application Publication No. US 2021/0224684 A1) and further in view of Chen et al. (US Patent Application Publication No. US 2021/0089941 A1, hereinafter, Chen). Although the claims at issue are not identical, they are not patentably distinct from each other. Claims 2-10, 12-15, and 17-20 are rejected because of their dependency on Claims 1, 11, and 16, respectively. US Patent Application No. 18/459,133 discloses the following limitations of Claims 1 and 6 as shown in the table below: Current Application No. 18/459,113 US Patent Application No. 18/459,133 Claim 1: A method of managing an impact of inferences provided to an inference consumer on operation of the inference consumer, the method comprising: making an identification that a poisoned inference has been provided to the inference consumer, the poisoned inference being generated by a poisoned artificial intelligence (AI) model; obtaining a quantification of deviation of operation of the inference consumer due to the poisoned inference using a model of the inference consumer, the deviation being from the operation of the inference consumer using an unpoisoned version of the poisoned inference in place of the poisoned inference; making a determination regarding whether to remediate the poisoned inference based on the quantification; and in an instance of the determination in which the poisoned inference is to be remediated: performing an action set to mitigate impact of the poisoned inference on the inference consumer. Claim 1: A method of managing inferences generated by artificial intelligence (AI) models, the method comprising: making an identification that a poisoned inference of the inferences has been provided to a first inference consumer, the poisoned inference being generated by a poisoned AI model of the AI models; identifying a second AI model of the AI models that provides inferences of a same type as a type of the poisoned inference; obtaining a quantification of an impact of the poisoned inference based on first use of the poisoned inference by the first inference consumer and second use of at least one inference generated by the second AI model by a second inference consumer; making a determination regarding whether to remediate the poisoned inference based on the quantification; and in an instance of the determination in which the poisoned inference is to be remediated: performing an action set to mitigate impact of the poisoned inference on the first inference consumer. However, US Patent Application No. 18/459,133 does not explicitly disclose “using a model of the inference consumer, the deviation being from the operation of the inference consumer using an unpoisoned version of the poisoned inference in place of the poisoned inference.” Therefore, Sarkar and Chen are used to modify US Patent Application No. 18/459,113 to arrive at the claimed invention. obtaining a quantification of deviation of operation of the inference consumer (The co-pending application no. 18/459,133 is relied upon to teach the claim limitation “due to the poisoned inference.” Sarkar is not relied upon to teach the claim limitation “due to the poisoned inference.” Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.” ¶[0067], “Inference evaluator 346 may evaluate inference score 344 against an inference validity threshold to determine whether a valid inference has been generated by the application of a model instance from trained models 338 to new data element 302.”) using an unpoisoned version of the poisoned inference in place of the poisoned inference (Chen, [0058], “the Clean Training Data 110 includes labeled data that is trusted, verified, or otherwise legitimate. Additionally, the Sanitized Models 130 include machine learning models that have been generated by repairing or sanitizing the ML Models 105 using the Clean Training Data 110.”); US Patent Application No. 18/459,133 (US Patent Application No. US 2025/0077650 A1) in view of Sarkar (US Patent Application Publication No. US 2021/0224684 A1) and further in view of Chen et al. (US Patent Application Publication No. US 2021/0089941 A1, hereinafter, Chen) are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “security and data systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify US Patent Application No. 18/459,133 with Sarkar to include the limitations—obtaining a quantification of deviation of operation of the inference consumer —because the needs for processing and storage vary for the different phases of an AI data pipeline comprising data ingestion, model training, and model serving for inference (Sarkar, ¶[0002]). It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify US Patent Application No. 18/459,133 in view of Sarkar with Chen to include the limitation—using an unpoisoned version of the poisoned inference in place of the poisoned inference—the techniques for sanitization of machine learning (ML) models are provided (Chen, Abstract). This is a provisional non-statutory double patenting rejection because the patentably indistinct claims have not in fact been patented. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 2, 3, 10, 11, 12, 13, 16, 17, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Joshi (“Is The Data Used for Training Your Machine Learning Model Safe,” www.technologyforyour.org, publish date: 7/28/2022, access date: 9/1/2022) in view of Sarkar (US Patent Application Publication No. US 2021/0224684 A1) and further in view of Chen et al. (US Patent Application Publication No. US 2021/0089941 A1, hereinafter, Chen). Regarding Claim 1, Joshi discloses: A method of managing an impact of inferences provided to an inference consumer on operation of the inference consumer, the method comprising: making an identification (Joshi, page 2, “model developers and engineers can enforce measures to block or detect such inputs through input validity testing, regression testing, rate limiting, and other statistical techniques.”) that a poisoned inference has been provided to the inference consumer, the poisoned inference being generated by a poisoned artificial intelligence (AI) model; due to the poisoned inference; the poisoned inference; (Joshi, page 1-2, “Data poisoning involves compromising the training data used for machine learning models. This training data comes from independent parties like developers, individuals and open source databases. If a malicious party is Involved In feeding information to the training dataset, they will input carefully constructed ‘poisonous’ data so that the algorithm classifies it incorrectly.” Page 3, “When conducting regular penetration tests against their networks. Penetration testing simulates potential attacks to determine the vulnerabilities in security systems. Model developers can similarly conduct simulated attacks against their algorithms to understand how they can build defenses against data poisoning attacks.”) Joshi does not explicitly teach the following limitation that Sarkar teaches: obtaining a quantification of deviation of operation of the inference consumer (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.” ¶[0067], “Inference evaluator 346 may evaluate inference score 344 against an inference validity threshold to determine whether a valid inference has been generated by the application of a model instance from trained models 338 to new data element 302.”) making a determination regarding whether to remediate (Sarkar, ¶[0055], “Measuring the reliability value based on a known validation data set and comparing it to the model validity threshold may enable validator 250 to determine whether the threshold is met and the model instance appears valid or the threshold is not met and retraining should be initiated using different parameters for AI framework 242 and/or a different training data set.”); and Joshi in view of Sarkar is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “security and data systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Joshi with Sarkar to “obtaining a quantification of deviation of operation of the inference consumer using a model of the inference consumer, the deviation being from the operation of the inference consumer; making a determination regarding whether to remediate based on the quantification” because, the needs for processing and storage vary for the different phases of an AI data pipeline comprising data ingestion, model training, and model serving for inference (Sarkar, ¶[0002]). Joshi in view of Sarkar does not explicitly teach the following limitations that Chen teaches: using an unpoisoned version of the poisoned inference in place of the poisoned inference (Chen, [0058], “the Clean Training Data 110 includes labeled data that is trusted, verified, or otherwise legitimate. Additionally, the Sanitized Models 130 include machine learning models that have been generated by repairing or sanitizing the ML Models 105 using the Clean Training Data 110.”); in an instance of the determination in which the poisoned inference is to be remediated: performing an action set to mitigate impact of the poisoned inference on the inference consumer (Chen, ¶[0030], “FIG. 1 illustrates a workflow 100 for sanitizing and repairing potentially poisoned machine learning models.” ¶[0040], “In one embodiment, the Sanitized Models 130 are returned or deployed for use.”). Joshi in view of Sarkar and further in view of Chen is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “security and data systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Joshi in view of Sarkar with Chen to “using an unpoisoned version of the poisoned inference in place of the poisoned inference; in an instance of the determination in which the poisoned inference is to be remediated: performing an action set to mitigate impact of the poisoned inference on the inference consumer” because, the techniques for sanitization of machine learning (ML) models are provided (Chen, Abstract). Regarding Claim 2, Joshi in view of Sarkar and further in view of Chen teaches: The method of claim 1, wherein the poisoned AI model is an AI model that has been trained using poisoned training data and introduction of the poisoned training data is initiated by an unauthorized entity, the poisoned training data having content that differs from representations regarding the content made by the unauthorized entity (Joshi, page 1, “The danger is that the training data for machine learning could be manipulated remotely or on-site by hackers. Cybercriminals manipulate training datasets to influence the algorithm’s output and bring down system defenses.” Page 2, “attackers can manipulate the training data to teach the mode classification scenarios that benefit them. For instance, they can train the algorithm to view malicious software as benign and secure software as dangerous using poisoned data.”). Regarding Claim 3, Joshi in view of Sarkar and further in view of Chen teaches: The method of claim 1, wherein the operation of the inference consumer comprises: decisions made by the inference consumer using the poisoned inference; and decision-making behavior of the inference consumer over a duration of time that is influenced by the poisoned inference and/or the decisions. (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.”) Regarding Claim 10, Joshi in view of Sarkar and further in view of Chen teaches: The method of claim 1, wherein making the determination comprises: identifying a quantification threshold for the inference consumer; comparing the quantification to the quantification threshold (Sarkar, ¶[0067], “Inference evaluator 346 may evaluate inference score 344 against an inference validity threshold to determine whether a valid inference has been generated by the application of a model instance from trained models 338 to new data element 302.”); in an instance of the comparing where the quantification meets the quantification threshold (Sarkar, ¶[0055], “Measuring the reliability value based on a known validation data set and comparing it to the model validity threshold may enable validator 250 to determine whether the threshold is met and the model instance appears valid or the threshold is not met): concluding that the poisoned inference is to be remediated (Sarkar, ¶[0055], “and retraining should be initiated using different parameters for AI framework 242 and/or a different training data set.”). Regarding Claim 11, Joshi discloses: A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for managing an impact of inferences provided to an inference consumer on operation of the inference consumer, the operations comprising: making an identification (Joshi, page 2, “model developers and engineers can enforce measures to block or detect such inputs through input validity testing, regression testing, rate limiting, and other statistical techniques.”) that a poisoned inference has been provided to the inference consumer, the poisoned inference being generated by a poisoned artificial intelligence (AI) model; due to the poisoned inference; the poisoned inference; (Joshi, page 1-2, “Data poisoning involves compromising the training data used for machine learning models. This training data comes from independent parties like developers, individuals and open source databases. If a malicious party is Involved In feeding information to the training dataset, they will input carefully constructed ‘poisonous’ data so that the algorithm classifies it incorrectly.” Page 3, “When conducting regular penetration tests against their networks. Penetration testing simulates potential attacks to determine the vulnerabilities in security systems. Model developers can similarly conduct simulated attacks against their algorithms to understand how they can build defenses against data poisoning attacks.”) Joshi does not explicitly teach the following limitation that Sarkar teaches: obtaining a quantification of deviation of operation of the inference consumer (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.” ¶[0067], “Inference evaluator 346 may evaluate inference score 344 against an inference validity threshold to determine whether a valid inference has been generated by the application of a model instance from trained models 338 to new data element 302.”) making a determination regarding whether to remediate (Sarkar, ¶[0055], “Measuring the reliability value based on a known validation data set and comparing it to the model validity threshold may enable validator 250 to determine whether the threshold is met and the model instance appears valid or the threshold is not met and retraining should be initiated using different parameters for AI framework 242 and/or a different training data set.”); and Joshi in view of Sarkar is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “security and data systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Joshi with Sarkar to “obtaining a quantification of deviation of operation of the inference consumer using a model of the inference consumer, the deviation being from the operation of the inference consumer; making a determination regarding whether to remediate based on the quantification” because, the needs for processing and storage vary for the different phases of an AI data pipeline comprising data ingestion, model training, and model serving for inference (Sarkar, ¶[0002]). Joshi in view of Sarkar does not explicitly teach the following limitations that Chen teaches: using an unpoisoned version of the poisoned inference in place of the poisoned inference (Chen, [0058], “the Clean Training Data 110 includes labeled data that is trusted, verified, or otherwise legitimate. Additionally, the Sanitized Models 130 include machine learning models that have been generated by repairing or sanitizing the ML Models 105 using the Clean Training Data 110.”); in an instance of the determination in which the poisoned inference is to be remediated: performing an action set to mitigate impact of the poisoned inference on the inference consumer (Chen, ¶[0030], “FIG. 1 illustrates a workflow 100 for sanitizing and repairing potentially poisoned machine learning models.” ¶[0040], “In one embodiment, the Sanitized Models 130 are returned or deployed for use.”). Joshi in view of Sarkar and further in view of Chen is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “security and data systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Joshi in view of Sarkar with Chen to “using an unpoisoned version of the poisoned inference in place of the poisoned inference; in an instance of the determination in which the poisoned inference is to be remediated: performing an action set to mitigate impact of the poisoned inference on the inference consumer” because, the techniques for sanitization of machine learning (ML) models are provided (Chen, Abstract). Regarding Claim 12, Joshi in view of Sarkar and further in view of Chen teaches: The non-transitory machine-readable medium of claim 11, wherein the poisoned AI model is an AI model that has been trained using poisoned training data and introduction of the poisoned training data is initiated by an unauthorized entity, the poisoned training data having content that differs from representations regarding the content made by the unauthorized entity (Joshi, page 1, “The danger is that the training data for machine learning could be manipulated remotely or on-site by hackers. Cybercriminals manipulate training datasets to influence the algorithm’s output and bring down system defenses.” Page 2, “attackers can manipulate the training data to teach the mode classification scenarios that benefit them. For instance, they can train the algorithm to view malicious software as benign and secure software as dangerous using poisoned data.”). Regarding Claim 13, Joshi in view of Sarkar and further in view of Chen teaches: The non-transitory machine-readable medium of claim 11, wherein the operation of the inference consumer comprises: decisions made by the inference consumer using the poisoned inference; and decision-making behavior of the inference consumer over a duration of time that is influenced by the poisoned inference and/or the decisions. (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.”) Regarding Claim 16, Joshi discloses: A data processing system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations for managing an impact of inferences provided to an inference consumer on operation of the inference consumer, the operations comprising: making an identification (Joshi, page 2, “model developers and engineers can enforce measures to block or detect such inputs through input validity testing, regression testing, rate limiting, and other statistical techniques.”) that a poisoned inference has been provided to the inference consumer, the poisoned inference being generated by a poisoned artificial intelligence (AI) model; due to the poisoned inference; the poisoned inference; (Joshi, page 1-2, “Data poisoning involves compromising the training data used for machine learning models. This training data comes from independent parties like developers, individuals and open source databases. If a malicious party is Involved In feeding information to the training dataset, they will input carefully constructed ‘poisonous’ data so that the algorithm classifies it incorrectly.” Page 3, “When conducting regular penetration tests against their networks. Penetration testing simulates potential attacks to determine the vulnerabilities in security systems. Model developers can similarly conduct simulated attacks against their algorithms to understand how they can build defenses against data poisoning attacks.”) Joshi does not explicitly teach the following limitation that Sarkar teaches: obtaining a quantification of deviation of operation of the inference consumer (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.” ¶[0067], “Inference evaluator 346 may evaluate inference score 344 against an inference validity threshold to determine whether a valid inference has been generated by the application of a model instance from trained models 338 to new data element 302.”) making a determination regarding whether to remediate (Sarkar, ¶[0055], “Measuring the reliability value based on a known validation data set and comparing it to the model validity threshold may enable validator 250 to determine whether the threshold is met and the model instance appears valid or the threshold is not met and retraining should be initiated using different parameters for AI framework 242 and/or a different training data set.”); and Joshi in view of Sarkar is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “security and data systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Joshi with Sarkar to “obtaining a quantification of deviation of operation of the inference consumer using a model of the inference consumer, the deviation being from the operation of the inference consumer; making a determination regarding whether to remediate based on the quantification” because, the needs for processing and storage vary for the different phases of an AI data pipeline comprising data ingestion, model training, and model serving for inference (Sarkar, ¶[0002]). Joshi in view of Sarkar does not explicitly teach the following limitations that Chen teaches: using an unpoisoned version of the poisoned inference in place of the poisoned inference (Chen, [0058], “the Clean Training Data 110 includes labeled data that is trusted, verified, or otherwise legitimate. Additionally, the Sanitized Models 130 include machine learning models that have been generated by repairing or sanitizing the ML Models 105 using the Clean Training Data 110.”); in an instance of the determination in which the poisoned inference is to be remediated: performing an action set to mitigate impact of the poisoned inference on the inference consumer (Chen, ¶[0030], “FIG. 1 illustrates a workflow 100 for sanitizing and repairing potentially poisoned machine learning models.” ¶[0040], “In one embodiment, the Sanitized Models 130 are returned or deployed for use.”). Joshi in view of Sarkar and further in view of Chen is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “security and data systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Joshi in view of Sarkar with Chen to “using an unpoisoned version of the poisoned inference in place of the poisoned inference; in an instance of the determination in which the poisoned inference is to be remediated: performing an action set to mitigate impact of the poisoned inference on the inference consumer” because, the techniques for sanitization of machine learning (ML) models are provided (Chen, Abstract). Regarding Claim 17, Joshi in view of Sarkar and further in view of Chen teaches: The data processing system of claim 16, wherein the poisoned AI model is an AI model that has been trained using poisoned training data and introduction of the poisoned training data is initiated by an unauthorized entity, the poisoned training data having content that differs from representations regarding the content made by the unauthorized entity (Joshi, page 1, “The danger is that the training data for machine learning could be manipulated remotely or on-site by hackers. Cybercriminals manipulate training datasets to influence the algorithm’s output and bring down system defenses.” Page 2, “attackers can manipulate the training data to teach the mode classification scenarios that benefit them. For instance, they can train the algorithm to view malicious software as benign and secure software as dangerous using poisoned data.”). Regarding Claim 18, Joshi in view of Sarkar and further in view of Chen teaches: The data processing system of claim 16, wherein the operation of the inference consumer comprises: decisions made by the inference consumer using the poisoned inference; and decision-making behavior of the inference consumer over a duration of time that is influenced by the poisoned inference and/or the decisions. (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.”) Claims 4, 5, 6, 14, 15, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Joshi (“Is The Data Used for Training Your Machine Learning Model Safe,” www.technologyforyour.org, publish date: 7/28/2022, access date: 9/1/2022) in view of Sarkar (US Patent Application Publication No. US 2021/0224684 A1) and further in view of Chen et al. (US Patent Application Publication No. US 2021/0089941 A1, hereinafter, Chen) and Platzlaff et al. (US Patent Application Publication No. US 2024/0394419 A1, hereinafter, Platzlaff). Regarding Claim 4, Joshi in view of Sarkar and further in view of Chen teaches: The method of claim 3, Joshi in view of Sarkar and further in view of Chen does not explicitly teach the following limitation that Platzlaff teaches: wherein the model of the inference consumer is a digital twin of the inference consumer (Patzlaff, ¶[0047-0048], “[0047] 1. Creation of a digital twin of the cyber-physical-system … Creation of a real-time simulation model that maps the system behavior.” ¶[0057], “Detection of a deviation by comparing the actuator and sensor signals of the real cyber-physical-system with the digital twin and determining on the basis of the environmental model impacts on the deviation due to the external and environmental conditions of the cyber-physical-system.”). Joshi in view of Sarkar and further in view of Chen and Platzlaff is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “security and data systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Joshi in view of Sarkar and further in view of Chen with Platzlaff with “wherein the model of the inference consumer is a digital twin of the inference consumer” because, a Digital-Twin-Unit, creates and executes a digital twin replicating the behavior of the cyber-physical-system (Platzlaff, Abstract). Regarding Claim 5, Joshi in view of Sarkar and further in view of Chen and Platzlaff teaches: The method of claim 4, wherein obtaining the quantification comprises: obtaining first operation data using the digital twin and a replacement inference for the poisoned inference, the first operation data being based on operation of the digital twin after being provided with the replacement inference; obtaining second operation data, the second operation data being based on the operation of the inference consumer after being provided with the poisoned inference (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.” ¶[0067], “Inference evaluator 346 may evaluate inference score 344 against an inference validity threshold to determine whether a valid inference has been generated by the application of a model instance from trained models 338 to new data element 302.”); and obtaining a difference between the first operation data and the second operation data to obtain the quantification (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.” ¶[0067], “Inference evaluator 346 may evaluate inference score 344 against an inference validity threshold to determine whether a valid inference has been generated by the application of a model instance from trained models 338 to new data element 302.”). Regarding Claim 6, Joshi in view of Sarkar and further in view of Chen and Platzlaff teaches: The method of claim 5, wherein obtaining the first operation data comprises: obtaining the replacement inference using an unpoisoned instance of the AI model (Chen, [0058], “the Clean Training Data 110 includes labeled data that is trusted, verified, or otherwise legitimate.); providing the replacement inference to the digital twin (Patzlaff, ¶[0047-0048], “[0047] 1. Creation of a digital twin of the cyber-physical-system”); and generating the first operation data based on the operation of the digital twin using the replacement inference (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.”). Regarding Claim 14, Joshi in view of Sarkar and further in view of Chen and Platzlaff teaches: The non-transitory machine-readable medium of claim 13, wherein the model of the inference consumer is a digital twin of the inference consumer (Patzlaff, ¶[0047-0048], “[0047] 1. Creation of a digital twin of the cyber-physical-system … Creation of a real-time simulation model that maps the system behavior.” ¶[0057], “Detection of a deviation by comparing the actuator and sensor signals of the real cyber-physical-system with the digital twin and determining on the basis of the environmental model impacts on the deviation due to the external and environmental conditions of the cyber-physical-system.”). Regarding Claim 15, Joshi in view of Sarkar and further in view of Chen and Platzlaff teaches: The non-transitory machine-readable medium of claim 14, wherein obtaining the quantification comprises: obtaining first operation data using the digital twin and a replacement inference for the poisoned inference, the first operation data being based on operation of the digital twin after being provided with the replacement inference (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.” ¶[0067], “Inference evaluator 346 may evaluate inference score 344 against an inference validity threshold to determine whether a valid inference has been generated by the application of a model instance from trained models 338 to new data element 302.”); obtaining second operation data, the second operation data being based on the operation of the inference consumer after being provided with the poisoned inference; and obtaining a difference between the first operation data and the second operation data to obtain the quantification (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.” ¶[0067], “Inference evaluator 346 may evaluate inference score 344 against an inference validity threshold to determine whether a valid inference has been generated by the application of a model instance from trained models 338 to new data element 302.”). Regarding Claim 19, Joshi in view of Sarkar and further in view of Chen and Platzlaff teaches: The data processing system of claim 18, wherein the model of the inference consumer is a digital twin of the inference consumer (Patzlaff, ¶[0047-0048], “[0047] 1. Creation of a digital twin of the cyber-physical-system … Creation of a real-time simulation model that maps the system behavior.” ¶[0057], “Detection of a deviation by comparing the actuator and sensor signals of the real cyber-physical-system with the digital twin and determining on the basis of the environmental model impacts on the deviation due to the external and environmental conditions of the cyber-physical-system.”). Regarding Claim 20, Joshi in view of Sarkar and further in view of Chen and Platzlaff teaches: The data processing system of claim 19, wherein obtaining the quantification comprises: obtaining first operation data using the digital twin and a replacement inference for the poisoned inference, the first operation data being based on operation of the digital twin after being provided with the replacement inference (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.” ¶[0067], “Inference evaluator 346 may evaluate inference score 344 against an inference validity threshold to determine whether a valid inference has been generated by the application of a model instance from trained models 338 to new data element 302.”); obtaining second operation data, the second operation data being based on the operation of the inference consumer after being provided with the poisoned inference; and obtaining a difference between the first operation data and the second operation data to obtain the quantification (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.” ¶[0067], “Inference evaluator 346 may evaluate inference score 344 against an inference validity threshold to determine whether a valid inference has been generated by the application of a model instance from trained models 338 to new data element 302.”). Claims 7, 8, and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Joshi (“Is The Data Used for Training Your Machine Learning Model Safe,” www.technologyforyour.org, publish date: 7/28/2022, access date: 9/1/2022) in view of Sarkar (US Patent Application Publication No. US 2021/0224684 A1) and further in view of Chen et al. (US Patent Application Publication No. US 2021/0089941 A1, hereinafter, Chen), Platzlaff et al. (US Patent Application Publication No. US 2024/0394419 A1, hereinafter, Platzlaff), and Ramanasankaran et al. (US Patent Application Publication No. US 2023/0205158 A1, hereinafter, Ramanasankaran). Regarding Claim 7, Joshi in view of Sarkar and further in view of Chen and Platzlaff teaches: The method of claim 6, wherein obtaining the difference comprises: Joshi in view of Sarkar and further in view of Chen and Platzlaff does not explicitly teach the following limitation that Ramanasankaran teaches: obtaining a first time series representation based on the first operation data, the first time series representation comprising a first set of elements; obtaining a second time series representation based on the second operation data, the second time series representation comprising a second set of elements (Ramanasankaran, ¶[0053], “he messaging manager 140 can receive different types of data from the applications 110, the twin manager 108, and/or the edge platform 102. … The messaging manager 140 can receive timeseries data 144, e.g., a time correlated series of data entries each associated with a particular time stamp.”); comparing the first time series representation to the second time series representation to obtain a set of deviations between the first set of the elements and the second set of the elements; and obtaining a sum using the set of the deviations to obtain the difference (Ramanasankaran, ¶[0106], “the digital twin enables the creation of a chronological time-series database of telemetry events for analytical purposes.”). Joshi in view of Sarkar and further in view of Chen, Platzlaff, and Ramanasankaran is analogous art because the references are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “security and data systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Joshi in view of Sarkar and further in view of Chen and Platzlaff with Ramanasankaran with “obtaining a first time series representation based on the first operation data, the first time series representation comprising a first set of elements; obtaining a second time series representation based on the second operation data, the second time series representation comprising a second set of elements; comparing the first time series representation to the second time series representation to obtain a set of deviations between the first set of the elements and the second set of the elements; and obtaining a sum using the set of the deviations to obtain the difference;” because, the building system can operate to generate an analytics model based on the building data (Ramanasankaran, Abstract). Regarding Claim 8, Joshi in view of Sarkar and further in view of Chen, Platzlaff, and Ramanasankaran teaches: The method of claim 7, wherein each element of the first set of the elements corresponds to a decision made by the digital twin after being provided with the replacement inference (Ramanasankaran, ¶[0106], “the digital twin enables the creation of a chronological time-series database of telemetry events for analytical purposes.”) and each element of the second set of the elements corresponds to a decision made by the inference consumer after being provided with the poisoned inference (Sarkar, ¶[0026], “Use of inferences by client systems, as well as aggregate inference data for search, analysis, and visualization may proceed immediately. … Unacceptable inference results for new types of data sets may also be identified in real-time to initiate retraining and prevent unacceptable inferences from being added to aggregate inference data used for other applications.”). Regarding Claim 9, Joshi in view of Sarkar and further in view of Chen, Platzlaff, and Ramanasankaran teaches: The method of claim 8, wherein the sum is also obtained using a set of weights that are keyed to different types of decisions made by the inference consumer or the digital twin (Ramanasankaran, ¶[0106], “the digital twin enables the creation of a chronological time-series database of telemetry events for analytical purposes.”). CONCLUSION THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDGAR W XIE whose telephone number is (703)756-4777. The examiner can normally be reached Monday - Friday, 8:00am - 5:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFREY PWU can be reached at (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /EDGAR W XIE/Examiner, Art Unit 2433 /WASIKA NIPA/Primary Examiner, Art Unit 2433
Read full office action

Prosecution Timeline

Aug 31, 2023
Application Filed
Jun 23, 2025
Non-Final Rejection — §103, §DP
Sep 24, 2025
Response Filed
Jan 06, 2026
Final Rejection — §103, §DP
Apr 03, 2026
Request for Continued Examination
Apr 09, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12579267
Methods and Systems for Analyzing Environment-Sensitive Malware with Coverage-Guided Fuzzing
2y 5m to grant Granted Mar 17, 2026
Patent 12579281
Dynamic Prioritization of Vulnerability Risk Assessment Findings
2y 5m to grant Granted Mar 17, 2026
Patent 12566844
SYSTEM AND METHOD FOR COLLABORATIVE SMART EVIDENCE GATHERING AND INVESTIGATION FOR INCIDENT RESPONSE, ATTACK SURFACE MANAGEMENT, AND FORENSICS IN A COMPUTING ENVIRONMENT
2y 5m to grant Granted Mar 03, 2026
Patent 12513001
BLOCKCHAIN VERIFICATION OF DIGITAL CONTENT ATTRIBUTIONS
2y 5m to grant Granted Dec 30, 2025
Patent 12499219
SECURITY PROTECTION METHOD FOR HETEROGENEOUS SYSTEM THAT IS CAPABLE OF RECONSTRUCTING MAPPING OF PUF CIRCUIT, NON-VOLATILE COMPUTER-READABLE STORAGE MEDIUM, ELECTRONIC DEVICE, AND PROCESSOR
2y 5m to grant Granted Dec 16, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
82%
Grant Probability
99%
With Interview (+37.5%)
2y 7m
Median Time to Grant
Moderate
PTA Risk
Based on 17 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month