Prosecution Insights
Last updated: July 17, 2026
Application No. 18/478,782

ENHANCED CONTINUOUS MITIGATION SYSTEM THROUGH THE SURVEILLANCE OF KNOWN THREATS

Non-Final OA §103§112
Filed
Sep 29, 2023
Examiner
BROWN, CHRISTOPHER J
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Dell Products L.P.
OA Round
3 (Non-Final)
75%
Grant Probability
Favorable
3-4
OA Rounds
7m
Est. Remaining
88%
With Interview

Examiner Intelligence

Grants 75% — above average
75%
Career Allowance Rate
536 granted / 711 resolved
+17.4% vs TC avg
Moderate +13% lift
Without
With
+13.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
34 currently pending
Career history
753
Total Applications
across all art units

Statute-Specific Performance

§101
0.5%
-39.5% vs TC avg
§103
92.8%
+52.8% vs TC avg
§102
3.5%
-36.5% vs TC avg
§112
1.3%
-38.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 711 resolved cases

Office Action

§103 §112
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments have been fully considered but they are not persuasive. Applicant argues that the prior art fails to teach “partitioning a set of known weaknesses and vulnerabilities into two disjoint subsets”. Examiner respectfully disagrees. Examiner asserts that each new vulnerability and/or security event is a “disjoint subset”. Each security event or vulnerability has alternative mitigation strategies. The prior art relied upon demonstrates these different mitigation techniques for disjoint subsets of security issues. Examiner first notes that Applicant failed to address the comments regarding the 35 USC 112 rejection, and the claim limitations cited remain in the claim. Examiner argues that the claims have been addressed to the best of the Examiner’s ability in view of the lack of context or support in the specification, as shown below in the 35 USC 112 rejection. Examiner now includes Hooda US 2020/0177629 in an attempt to more explicitly teach a “second subset” which includes “surveillance” and “detecting the exploitation pattern”. Examiner asserts that any intrusion detection system, as is well known in the art, looks for “traffic patterns” which would be considered “surveillance” and that upon detection of a malicious pattern, mitigation is performed. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1, 11 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the enablement requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to make and/or use the invention. Claims 1, and 11 have been amended to state: “in a case where a first part in the first subset is not addressed in the performing of the threat mitigation strategy, triggering a failure strategy; in a case where a second part in the first subset is addressed in the performing of the threat mitigation strategy, removing the second part from the first subset and updating a database for the known weaknesses and vulnerability based on the second part” Applicant has cited [0063]-[0069] in the specification as support for this amendment. Examiner has found no reference in the specification for a “first part” and “second part”. It is not clear what a “part” refers to, and the claim provides no context. For example, the claim says that a first subset of the known weaknesses and vulnerabilities is communicated and to be mitigated by an update…performing the threat mitigation strategy over the first subset…and “in a case where the first part is not addressed”. Examiner asserts that it is completely unclear what a “first part” refers to and therefore the claim limitations cannot be addressed with any reasonable prior art. Examiner asserts similar arguments with regard to a “second part”. Finally, Examiner asserts that the claim limitations start with the conditional phrase “in a case where”. This suggests that the steps are optional in such that if a “first part” is addressed, then this limitation is not needed, and if a “second part” is not addressed then this claim limitation is additionally not pertinent. Appropriate correction is required. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 3, 4, 7, 8, 10, 11, 13, 14, 17, 18, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barel US 2025/0055869 in view of Reybok Jr. US 2018/0324207 in view of Hooda US 2020/0177629. As per claims 1, 11. Barel teaches A method, comprising: using a zero-trust architecture to surveil a network to obtain information about a vulnerability in a network; [0045][0091] (zero trust architecture, scanning to determined network vulnerabilities) Barel teaches partitioning a set of known weaknesses and vulnerabilities into two disjoint subsets including a first and a second subset. [0146] (teaches a plurality of different disjoint security risk events) Barel teaches determining, based on the information, a threat mitigation strategy responsive to the vulnerability; [0119][0163]-[0209] (remediation strategies based on risks/vulnerabilities discovered and scored) Barel teaches communicating the threat mitigation strategy to enable resource allocation for implementation of the threat mitigation strategy; [0161][0162] (ROI cost and options based on score, plurality of options communicated to user) Barel teaches allocating any needed resources for implementation of the threat mitigation strategy; and using the resources to implement the threat mitigation strategy. [0041] (implementing remediations, and the resources used to implement remediations) Barel teaches mitigation by continuous monitoring [0036][0039][0046]. Reybok Jr teaches partitioning a set of known weaknesses and vulnerabilities into two disjoint subsets including a first subset which is to be mitigated by an update and a second subset of the known weaknesses and vulnerability which has been mitigated by surveillance. [0108]-[0116] (retrieving network incident alerts, examiner interprets each incident, or security issue to be its own “subset”, teaches vulnerabilities to be mitigated by remediation, retrieving incidents observed and sightings of relevant data; performing a workflow including remediation including measuring effectiveness, or failure of remediation strategies; receiving feedback based on strategies; implementing temporary strategies to be replaced with a more effective remediation, including a patch; sharing threat data; updating a threat data dashboard and database) Reybok teaches in a case where a first part in the first subset is not addressed in the performing of the threat mitigation strategy, triggering a failure strategy, in a case where a second part in the first subset is addressed in the performing of the threat mitigation strategy in the performing of the threat mitigation strategy removing the second part from the first subset and updating a database for the known weaknesses and vulnerability based on the second part. [0108]-[0116] (retrieving vulnerabilities to be mitigated by remediation, retrieving incidents observed and sightings of relevant data; performing a workflow including remediation including measuring effectiveness, or failure of remediation strategies; receiving feedback based on strategies; implementing temporary strategies to be replaced with a more effective remediation, including a patch; sharing threat data; updating a threat data dashboard and database) It would have been obvious to one of ordinary skill in the art to use the teaching of Reybok Jr with the prior art because it improves network security. Hooda teaches performing surveillance over the second subset wherein the surveillance is configured to detect activity matching an exploitation pattern associated with the second subset, and in response to detecting the exploitation patter, initiating a mitigation response while maintaining surveillance on the second subset. [0105] (teaches monitoring behavior including an exploitation pattern and then remediating discovered security vulnerabilities based on the surveillance.) It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Hooda with the prior art because it increases the security against malicious agents. As per claims 3, 13. Barel teaches the method as recited in claim 1, wherein the vulnerability is a known vulnerability. [0115] (published in National Vulnerability Database) As per claims 4, 14. Barel teaches the method as recited in claim 1, wherein the resources are minimum resources needed to implement the threat mitigation strategy. [0161][0170] ( most efficient remediation for lowest effort/cost) As per claims 7, 17. Reybok Jr teaches the method as recited in claim 1, wherein when the threat mitigation strategy cannot be implemented immediately, an alternative threat mitigation strategy is implemented before the threat mitigation strategy. [0113]-[0114] (teaches an immediate temporary mitigation prior to a permanent mitigation) As per claims 8, 18. Barel teaches the method as recited in claim 1, wherein implementing the threat mitigation strategy comprises applying an update to a network configuration and/or to a software component of the network. [0175] (network restrictions) [0176] (patching the software) As per claims 10, 20. Barel teaches the method as recited in claim 1, wherein the vulnerability is a new vulnerability. [0038] (zero-day exploit) Claim(s) 2, 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barel US 2025/0055869 in view of Reybok Jr. US 2018/0324207 in view of Hooda US 2020/0177629 in view of Robinson US 2024/0220628 As per claims 2, 12. Robinson teaches the method as recited in claim 1, wherein the information indicates how the vulnerability could be exploited by an attacker. [0027] (SIEM database, including description of processes required to exploit vulnerability) It would have been obvious to one of ordinary skill in the art to use the teaching of Robinson with Barel because it improves network security decisions. Claim(s) 5, 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barel US 2025/0055869 in view of Reybok Jr. US 2018/0324207 in view of Hooda US 2020/0177629 in view of Kannan US 12,107,869 As per claims 5, 15. Barel teaches the method as recited in claim 1, wherein when a different vulnerability is identified, a security patch to correct the different vulnerability is obtained and applied, by the zero-trust architecture, to resolve the different vulnerability. [0041][0176] (patching, teaches a plurality of vulnerabilities and mitigation strategies) Barel fails to teach the patch is automatically applied. Kannan teaches the method as recited in claim 1, wherein when a different vulnerability is identified, a security patch to correct the different vulnerability is obtained and automatically applied, to resolve the different vulnerability. (Column 4 line 35 to Column 5 line 25) (teaches vulnerability detection, prioritization and automatically implementing remediation measures) It would have been obvious to one of ordinary skill in the art to use the teaching of Kannan with the prior art because it improves vulnerability response time. Claim(s) 6, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barel US 2025/0055869 in view of Reybok Jr. US 2018/0324207 in view of Hooda US 2020/0177629 in view of Bingham US 2017/0230336 As per claims 6, 16. Bingham teaches the method as recited in claim 1, wherein determining the threat mitigation strategy comprises estimating attacker interest in exploiting a new vulnerability without revealing a posture of the attacker to a defender of the network. [0022] (using a honeypot to detect attacker interest in new vulnerabilities) It would have been obvious to one of ordinary skill in the art to use the teaching of Bingham with the prior art because it improves network security. Claim(s) 9, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barel US 2025/0055869 in view of Reybok Jr. US 2018/0324207 in view of Hooda US 2020/0177629 in view of Hercock US 20220027477 As per claims 9, 19. Hercock teaches the method as recited in claim 1, wherein a different vulnerability identified in the network is intentionally tolerated, and not mitigated. [0031] (low risk, and thus tolerated) It would have been obvious to one of ordinary skill in the art to use the teaching of Hercock with the prior art because it promotes efficient resource utilization. Examiner asserts that Robinson and Barel teach prioritization, and thus the low priority vulnerabilities are also tolerated. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Sep 29, 2023
Application Filed
Jun 03, 2025
Non-Final Rejection mailed — §103, §112
Sep 03, 2025
Response Filed
Dec 23, 2025
Final Rejection mailed — §103, §112
Mar 23, 2026
Request for Continued Examination
Mar 27, 2026
Response after Non-Final Action
Apr 20, 2026
Non-Final Rejection mailed — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12652290
CYBER SECURITY FOR SOFTWARE-AS-A-SERVICE FACTORING RISK
5y 3m to grant Granted Jun 09, 2026
Patent 12652315
REMOTE MONITORING OF A SECURITY OPERATIONS CENTER (SOC)
3y 8m to grant Granted Jun 09, 2026
Patent 12641111
Automated Security Analysis of Software Libraries
2y 5m to grant Granted May 26, 2026
Patent 12621339
SYSTEM AND METHOD FOR PROVIDING SECURITY POSTURE MANAGEMENT FOR AI APPLICATIONS
2y 5m to grant Granted May 05, 2026
Patent 12615280
DETECTING POLYMORPHIC BOTNETS USING AN IMAGE RECOGNITION PLATFORM
2y 9m to grant Granted Apr 28, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
75%
Grant Probability
88%
With Interview (+13.0%)
3y 5m (~7m remaining)
Median Time to Grant
High
PTA Risk
Based on 711 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month