Prosecution Insights
Last updated: July 17, 2026
Application No. 18/471,609

METHOD AND STORAGE MEDIUM FOR ASSESSING PRIVACY COMPLIANCE OF ONLINE PLATFORMS

Final Rejection §101§103
Filed
Sep 21, 2023
Examiner
WANG, CHAO
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Kaamel Technology Inc.
OA Round
2 (Final)
81%
Grant Probability
Favorable
3-4
OA Rounds
0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 81% — above average
81%
Career Allowance Rate
120 granted / 148 resolved
+23.1% vs TC avg
Strong +86% interview lift
Without
With
+85.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
19 currently pending
Career history
171
Total Applications
across all art units

Statute-Specific Performance

§103
100.0%
+60.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 148 resolved cases

Office Action

§101 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to the Amendment filed on 02/12/2026. In the instant Amendment, claims 1-16 have been amended. Claims 1 and 9 are independent claims. Claims 1-16 have been examined and are pending. This Action is made FINAL. Response to Arguments The rejections of claims 1-16 under 35 U.S.C. § 101 are maintained as the claims are directed to an abstract idea without being integrated into a practical application or significantly more. After having carefully analyzed claims under 35 USC 101, the Examiner respectfully submits that the claims are directed to an abstract idea without being integrated into a practical application or significantly more. Regarding claims 1 and 9, the claim is directed to an abstract idea as reciting the limitations “making [] a determination of compliance of the privacy policy …” “determining [] personal information not included;” “determining [] personal information that is disclosed;” “transmitting [] compliance results.” Said steps are “mental process” as broadly interpreted said steps could be performed in the human mind or using pencil/paper. Therefore, the claims recite an abstract idea. Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that utilize determination result into a practical application. It’s noted that the claims recite the limitation “receiving [] privacy policy text;” “monitoring [] data traffic of the online platform …” and “transmitting [] compliance results.” However, said steps are not sufficiently to consider that the abstract idea is being integrated into a practical application as the steps cited at high level of generality of data gathering/processing which is a form of insignificant extra-solution activity (See MPEP 2106.05 for details). It's also noted that claim 1 recites additional elements (i.e., processor, computer system, computer implemented, etc.,). However, said additional elements are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of determining operations etc.,) such that it amounts no more than mere instructions to apply the exception or abstract idea using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. As discussed above, the additional elements recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter. Regarding dependent 2-8 and 10-16; claims 2-8 and 10-16 are rejected under 35 U.S.C. 101 as being directed to an abstract idea without being integrated into a practical application or significantly more for the same reason discussed above. It’s noted that claims 2 and 10 recite the limitations “identifying the element.” Said limitations/steps are also mental processes. Similar to discussed above, as claims 2-8 and 10-16 recite an abstract idea without being integrated into a practical application or significantly more. As a result, the claims are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. Applicants’ arguments with respect to claims 1-16 have been considered but are moot in view of the new ground(s) of rejection. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-16 are rejected under 35 U. S. C. 101 as being directed to non-statutory subject matter as being directed to an abstract idea without being integrated into a practical application or significantly more. Regarding claims 1 and 9, the claim is directed to an abstract idea as reciting the limitations “making [] a determination of compliance of the privacy policy …” “determining [] personal information not included;” “determining [] personal information that is disclosed;” “transmitting [] compliance results.” Said steps are “mental process” as broadly interpreted said steps could be performed in the human mind or using pencil/paper. Therefore, the claims recite an abstract idea. Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that utilize determination result into a practical application. It’s noted that the claims recite the limitation “receiving [] privacy policy text;” “monitoring [] data traffic of the online platform …” and “transmitting [] compliance results.” However, said steps are not sufficiently to consider that the abstract idea is being integrated into a practical application as the steps cited at high level of generality of data gathering/processing which is a form of insignificant extra-solution activity (See MPEP 2106.05 for details). It's also noted that claim 1 recites additional elements (i.e., processor). However, said additional elements are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of determining operations etc.,) such that it amounts no more than mere instructions to apply the exception or abstract idea using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. See application CN 113886584, US application 20190299079, and US Application 12,450,348. As discussed above, the additional elements recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter. Regarding dependent 2-8 and 10-16; claims 2-8 and 10-16 are rejected under 35 U.S.C. 101 as being directed to an abstract idea without being integrated into a practical application or significantly more for the same reason discussed above. It’s noted that claims 2 and 10 recite the limitations “identifying the element.” Said limitations/steps are also mental processes. Similar to discussed above, as claims 2-8 and 10-16 recite an abstract idea without being integrated into a practical application or significantly more. As a result, the claims are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 6-11, and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over WANG et al. (“WANG,” CN 113886584 A, published on 01/04/2022) in view of Trahan et al. (“Trahan,” US 20190299079, published on 10/03/2019), and further in view of Kim et al. (“Kim,” US 12,450,348 B2, filed on 08/18/2023). Regarding Claim 1; WANG discloses a computer implemented method for assessing privacy compliance of an online platform, the computer implemented method comprising (page 2, par 8; provide an information detection method of an application program [] ensure the issued APP meets the related regulations of legal compliance terms): receiving, by one or more processors of a computing system, privacy policy text that describes a privacy policy of an online platform (page 6, pars 5-6; obtaining the privacy policy text of the application program to be identified; the privacy policy text in the step can refer to the privacy policy text of various applications (Application, APP). APP privacy policy; page 10, par 9; using NER model to identify the privacy policy text, can identify the privacy policy text in the user personal information in the privacy policy text position, and the category of the user personal information); locating, by a locator module executed by the one or more processors, one or more relevant paragraphs within the privacy policy text that relate to one of a disclosure or a collection of personal information (page 6, par 12 – page 7, par 1; obtain the first information to be identified in the application program to be identified in the privacy policy text; the first information comprises the first user personal information to be obtained by the application program to be identified and the first device authority information; page 10, par 9; using NER model to identify the privacy policy text, can identify the privacy policy text in the user personal information in the privacy policy text position, and the category of the user personal information), wherein the locator module locates the one or more relevant paragraphs at least in part by determining a text similarity between the one or more relevant paragraphs and a baseline statement (page 6, par 12 – page 7, par 1; obtain the first information to be identified in the application program to be identified in the privacy policy text; the first information comprises the first user personal information to be obtained by the application program to be identified and the first device authority information; page 8, par 3; detecting whether the first information is consistent with the standard information, obtaining a first detection result), wherein the baseline statement comprises texts of common privacy policies specifically addressing the one of the disclosure or the collection of personal information (WAMG: page 7, par 8; obtaining the standard information that the application program to be identified is allowed to obtain; The standard information includes standard user personal information and standard device authority information that the application program to be identified is permitted to be acquired); extracting, by an extractor module executed by the one or more processors, one or more types of personal information that is disclosed in the one or more relevant paragraphs or collected by the online platform according to the one or more relevant paragraphs (page 9, pars 10-11; inputting the private policy text into the named entity identification model finished by training, obtaining the first user personal information needed to be acquired by the application program to be identified represented in the private policy text Named Entity Recognition (Named Entity Recognition, abbreviated as NER), which can be used for identifying the entity with special meaning in the text, mainly comprising name, name, mechanism name, special noun and so on. The task identified by the named entity can be three types (entity class, time class and number class), seven-class (name, institution name, place name, time, date, currency and percentage) named entity in the text to be processed); monitoring, by a data traffic monitor executed by the one or more processors, data traffic of the online platform during an actual operation of the online platform (page 6, par 6; an automatic detection system in the self-checking monitoring device of the enterprise, and also can be a platform for automatically monitoring platform risk of the server; page 8, par 9; automatically detect and compare the standard file, APP privacy policy text, APP source code between the user personal information and the conflict of the device authority information, and based on the detection result to generate the syndiotactic detection information for the user, guiding the APP operator self-checking self-discipline, precaution, avoiding the risk of APP after issuing APP due to the unreasonable of the APP), wherein the data traffic includes data submitted by a user, data stored by the online platform (page 6, par 9; when the user registers APP or uses APP to provide service [] for example: the private policy text can be written the user personal information needed to be collected; page 9, pars 10-11; inputting the private policy text into the named entity identification model finished by training, obtaining the first user personal information needed to be acquired by the application program to be identified represented in the private policy text Named Entity Recognition, which can be used for identifying the entity with special meaning in the text, mainly comprising name, name, mechanism name, special noun and so on), and the data traffic monitor monitors the data traffic at least in part by static code analysis, dynamic code analysis, and reading from a format files of the online platform (page 6, par 6; an automatic detection system in the self-checking monitoring device of the enterprise, and also can be a platform for automatically monitoring platform risk of the server; page 8, par 9; automatically detect and compare the standard file, APP privacy policy text, APP source code between the user personal information and the conflict of the device authority information, and based on the detection result to generate the syndiotactic detection information for the user, guiding the APP operator self-checking self-discipline, precaution, avoiding the risk of APP after issuing APP due to the unreasonable of the APP), making, by a determination module executed by the one or more processors, a determination of compliance of the privacy policy text based on at least one of: determining whether the data traffic contains personal information not included in the one or more types of personal information declared to be collected; and determining whether the one or more types of personal information that is disclosed in the one or more relevant paragraphs fulfills one or more privacy standards mandated by one or more governments (page 8, par 5; the first information is compared with the standard information, the second information is compared with the standard information to obtain the corresponding detection result; page 15, par 7; after the comparison, in the standard file or privacy policy text does not exist in the device authority information, can be marked after the corresponding information using the word of the application not); and transmitting, by the one or more processors, based on the determination, compliance results (page 15, par 7; after the comparison, in the standard file or privacy policy text does not exist in the device authority information, can be marked after the corresponding information using the word of the application not; par 15, par 8; the generated syndiotactic detection information is sent to the APP operator, APP operator can modify the privacy policy text and/or APP source code according to the syndiotactic detection information). WANG discloses wherein the data traffic includes data submitted by a user, data stored by the online platform as recited above, but do not explicitly disclose data transmitted to a third party by the online platform. However, in an analogous art, Trahan discloses facilitating user participation system/method that includes: data transmitted to a third party by the online platform (Trahan: par 0040; the online platform transmit the received data, such as the video, and associated, and additional data to one or more third-party verifiers, wherein the third-party verifiers may validate whether the challenge may have been completed. Accordingly, the one or more third-party verifiers may transmit the result of the challenge to the online platform). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Trahan with the method/system of WANG to include data transmitted to a third party by the online platform. One would have been motivated to record the challenge performed by the user to obtain the at least one recording. A step of analyzing, using a processing device, the at least one recording to determine if the at least one condition is fulfilled. Transmitting, using the communication device, information about at least one reward to the user device based on the analyzing (Trahan: abstract). The combination of WANG and Trahan disclose the data traffic monitor monitors data traffic at least in part by static code analysis, dynamic code analysis, and reading from a format files of the online platform as recited above, but do not explicitly disclose a HTTP Archive (HAR) format files. However, in an analogous art, Kim discloses cyber threat information system/method that includes: a HTTP Archive (HAR) format files (Kim: Col 55, lines 40-45; The HAR format file is a file that records, as log data, an interaction between a web browser and a site. Therefore, a data list recorded in the HAR format file includes all types of resource files of the webpage, records of HTTP requests and responses, and records of script files related to the webpage). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kim with the method/system of WANG and Trahan to include a HTTP Archive (HAR) format files. One would have been motivated to provide natural language description information according to the CTI query obtained from the CTI for the assembly code and the natural language model (Kim: abstract). Regarding Claim 2; The combination of WANG, Trahan, and Kim disclose the computer implemented method of claim 1, further comprising: WANG discloses scanning, content of the online platforms by a detecting engine executed by the one or more processors (WANG: page 8, par 9; automatically detect and compare the standard file, APP privacy policy text, APP source code between the user personal information and the conflict of the device authority information); sorting elements related to privacy policy in the content of the online platform according to the relevance to privacy of each of the elements, by the detecting engine executed by the one or more processors (WANG: page 8, par 9; automatically detect and compare the standard file, APP privacy policy text, APP source code between the user personal information and the conflict of the device authority information; page 8, par 2; the several steps involved in the first user personal information, the second user personal information, the standard user personal information, the first device authority information, the second device authority information and the user personal information in the standard device authority information at least can include: user personal identity information, transaction information, position information, communication information, network access log, account information, friend information and account information in the one kind of or more; page 10, par 9; using NER model to identify the privacy policy text, can identify the privacy policy text in the user personal information in the privacy policy text position, and the category of the user personal information); and identifying the element with a highest relevance to privacy as the privacy policy text, by the detecting engine executed by the one or more processors, wherein the detecting engine determines the relevance based on information including text, and location of pages (WANG: page 8, par 9; automatically detect and compare the standard file, APP privacy policy text, APP source code between the user personal information and the conflict of the device authority information; page 8, par 2; the several steps involved in the first user personal information, the second user personal information, the standard user personal information, the first device authority information, the second device authority information and the user personal information in the standard device authority information at least can include: user personal identity information, transaction information, position information, communication information, network access log, account information, friend information and account information in the one kind of or more; page 8, pars 3-4; detecting whether the first information is consistent with the standard information, obtaining a first detection result; detecting whether the second information is consistent with the standard information, obtaining a second detection result; page 10, par 9; using NER model to identify the privacy policy text, can identify the privacy policy text in the user personal information in the privacy policy text position, and the category of the user personal information). Kim further discloses information including link Uniform Resource Locator (URL) (Kim: Col 12, lines 5-10; received file to obtain various types of meta information from the received file, including source information of the file, collection information for obtaining the file, and user information of the file. For example, when the file includes a URL). The motivation is the same that of claim 1 above. Regarding Claim 3; The combination of WANG, Trahan, and Kim disclose the computer implemented method of claim 1, further comprising: WANG discloses locating titles of the privacy policy text using a Bidirectional Encoder Representations from Transformers (BERT) fine-tuning model executed by the one or more processors (WANG: page 10, par 9; using NER model to identify the privacy policy text, can identify the privacy policy text in the user personal information in the privacy policy text position, and the category of the user personal information; page 10, par 11; storing the model for system automatic analysis part use, wherein the named entity recognition model (NER model) specifically can adopt HMM, MEMM, CRF, NN/CNN-CRF, The RNN-CRF, the Bi-LSTM + CRF, the BERT + CRF and other machines are deep learning method limited to this); and locating paragraphs corresponding to the titles based on relative position before the titles, by the one or more processors (WANG: page 10, par 9; using NER model to identify the privacy policy text, can identify the privacy policy text in the user personal information in the privacy policy text position, and the category of the user personal information). Regarding Claim 6; The combination of WANG, Trahan, and Kim disclose the computer implemented method of claim 1, WANG discloses wherein the compliance results comprise a first signal in response to determining that the data traffic contains personal information excluded in the one or more types of personal information declared to be collected, the signal includes one or more unauthorized type of personal information, the one or more unauthorized type of personal information is monitored in the data traffic, and the one or more unauthorized type of personal information is excluded in the one or more types of personal information declared to be collected (WANG: page 8, par 5; the first information is compared with the standard information; page 15, par 7; after the comparison, in the standard file or privacy policy text does not exist in the device authority information, can be marked after the corresponding information using the word of the application not; par 15, par 8; the generated syndiotactic detection information is sent to the APP operator, APP operator can modify the privacy policy text and/or APP source code according to the syndiotactic detection information). Regarding Claim 7; The combination of WANG, Trahan, and Kim disclose the computer implemented method of claim 1, WANG discloses wherein the compliance results comprise a signal in response to determining that the one or more types of personal information disclosed in the relevant paragraphs does not fulfill the one or more privacy standards mandated by the one or more government, the signal includes one or more missing types of personal information, and the one or more missing types of personal information is required by the one or more privacy standards mandated by the one or more government but excluded by relevant paragraphs (WANG: page 8, par 5; the second information is compared with the standard information to obtain the corresponding detection result; page 15, par 7; after the comparison, in the standard file or privacy policy text does not exist in the device authority information, can be marked after the corresponding information using the word of the application not; par 15, par 8; the generated syndiotactic detection information is sent to the APP operator, APP operator can modify the privacy policy text and/or APP source code according to the syndiotactic detection information). Regarding Claim 8; The combination of WANG, Trahan, and Kim disclose the computer implemented method of claim 1, WANG discloses wherein the online platform comprises an application and a website (WANG: page 2, par 8; provide an information detection method of an application program […] ensure the issued APP meets the related regulations of legal compliance terms; : page 6, pars 5-6; obtaining the privacy policy text of the application program to be identified; the privacy policy text in the step can refer to the privacy policy text of various applications (Application, APP). APP privacy policy). Regarding Claim 9; This Claim recites a non-transitory computer-readable medium that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1. Regarding Claim 10; This Claim recites a non-transitory computer-readable medium that perform the same steps as method of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2. Regarding Claim 11; This Claim recites a non-transitory computer-readable medium that perform the same steps as method of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3. Regarding Claim 14; This Claim recites a non-transitory computer-readable medium that perform the same steps as method of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6. Regarding Claim 15; This Claim recites a non-transitory computer-readable medium that perform the same steps as method of Claim 7, and has limitations that are similar to Claim 7, thus are rejected with the same rationale applied against claim 7. Regarding Claim 16; This Claim recites a non-transitory computer-readable medium that perform the same steps as method of Claim 8, and has limitations that are similar to Claim 8, thus are rejected with the same rationale applied against claim 8. Claims 4-5 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over WANG et al. (CN 113886584 A) in view of Trahan et al. (US 20190299079), and further in view of Kim et al. (US 12,450,348 B2) and WANG #2 et al. (“WANG,” CN 111753322 A, published on 10/09/2020). Regarding Claim 4; The combination of WANG, Trahan, and Kim disclose the computer implemented method of claim 1, WANG discloses wherein the locator module comprises a BERT model (WANG: page 10, par 9; using NER model to identify the privacy policy text, can identify the privacy policy text in the user personal information in the privacy policy text position, and the category of the user personal information; page 10, par 11; storing the model for system automatic analysis part use, wherein the named entity recognition model (NER model) specifically can adopt HMM, MEMM, CRF, NN/CNN-CRF, The RNN-CRF, the Bi-LSTM + CRF, the BERT + CRF and other machines are deep learning method limited to this). The combination of WANG and Kim disclose wherein the locator module comprises a BERT model as recited above, but do not explicitly disclose a Generative Pre-trained Transformers (GPT) model. However, in an analogous art, WANG #2 discloses automatic checking system/method that includes: a Generative Pre-trained Transformers (GPT) model (WANG #2: page 6, par 2; obtaining privacy protocol of the mobile App; by pre-training language model (such as fastText, ELMo, GPT, BERT and so on). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of WANG #2 with the method/system of WANG and Kim to include a Generative Pre-trained Transformers (GPT) model. One would have been motivated to judge whether the App has violation obtaining user personal information by manually reading and checking the App privacy protocol content (WANG #2: abstract). Regarding Claim 5; The combination of WANG, Trahan, and Kim disclose the computer implemented method of claim 1, WANG discloses wherein the extractor module comprises a Named Entity Recognition (NER) model (WANG: page 10, par 9; using NER model to identify the privacy policy text, can identify the privacy policy text in the user personal information in the privacy policy text position, and the category of the user personal information; page 10, par 11; storing the model for system automatic analysis part use, wherein the named entity recognition model (NER model) specifically can adopt HMM, MEMM, CRF, NN/CNN-CRF, The RNN-CRF, the Bi-LSTM + CRF, the BERT + CRF and other machines are deep learning method limited to this). The combination of WANG and Kim disclose wherein the locator module comprises a Named Entity Recognition (NER) model as recited above, but do not explicitly disclose a Generative Pre-trained Transformers (GPT) model. However, in an analogous art, WANG #2 discloses automatic checking system/method that includes: a Generative Pre-trained Transformers (GPT) model (WANG #2: page 6, par 2; obtaining privacy protocol of the mobile App; by pre-training language model (such as fastText, ELMo, GPT, BERT and so on). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of WANG #2 with the method/system of WANG and Kim to include a Generative Pre-trained Transformers (GPT) model. One would have been motivated to judge whether the App has violation obtaining user personal information by manually reading and checking the App privacy protocol content (WANG #2: abstract). Regarding Claim 12; This Claim recites a non-transitory computer-readable medium that perform the same steps as method of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4. Regarding Claim 13; This Claim recites a non-transitory computer-readable medium that perform the same steps as method of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644. The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /C.W./Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Sep 21, 2023
Application Filed
Dec 03, 2025
Non-Final Rejection mailed — §101, §103
Feb 12, 2026
Response Filed
Jun 04, 2026
Final Rejection mailed — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682048
SYSTEMS AND METHODS FOR DETECTION OF SYNTHETIC IDENTITY MALFEASANCE
1y 11m to grant Granted Jul 14, 2026
Patent 12664257
Control Device, Unauthorized Command Detection Method, and Program
2y 9m to grant Granted Jun 23, 2026
Patent 12657295
DETECTING AND MITIGATING RANSOMWARE ATTACKS
2y 5m to grant Granted Jun 16, 2026
Patent 12639452
MICROPROCESSOR, DATA PROCESSING METHOD, ELECTRONIC DEVICE, AND STORAGE MEDIUM
3y 9m to grant Granted May 26, 2026
Patent 12625957
Known Deployed File Metadata Repository and Analysis Engine
2y 2m to grant Granted May 12, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
81%
Grant Probability
99%
With Interview (+85.7%)
2y 8m (~0m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 148 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month