Office Action Predictor
Last updated: April 15, 2026
Application No. 18/492,018

IDENTITY AND ACCESS MANAGEMENT INFORMED ATTACK PATH DISCOVERY

Final Rejection §101§103
Filed
Oct 23, 2023
Examiner
ABRISHAMKAR, KAVEH
Art Unit
2494
Tech Center
2400 — Computer Networks
Assignee
Palo Alto Networks, INC.
OA Round
2 (Final)
78%
Grant Probability
Favorable
3-4
OA Rounds
3y 0m
To Grant
99%
With Interview

Examiner Intelligence

Grants 78% — above average
78%
Career Allow Rate
797 granted / 1020 resolved
+20.1% vs TC avg
Strong +23% interview lift
Without
With
+23.3%
Interview Lift
resolved cases with interview
Typical timeline
3y 0m
Avg Prosecution
27 currently pending
Career history
1047
Total Applications
across all art units

Statute-Specific Performance

§101
12.4%
-27.6% vs TC avg
§103
39.7%
-0.3% vs TC avg
§102
22.4%
-17.6% vs TC avg
§112
9.6%
-30.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 1020 resolved cases

Office Action

§101 §103
DETAILED ACTION Response to Amendment 1. This action is in response to the amendment filed on November 28, 2025. Claims 1-20 were originally pending consideration. Claims 1-20 were previously received for consideration. Per the received amendment, no claims have been cancelled or added. 2. Claims 1-20 are currently pending consideration. Response to Arguments 3. Applicant's arguments filed on November 28, 2025 have been fully considered but they are not persuasive for the following reasons: 4. The Applicant argues that the 101 rejection of claims 1-20 is improper as the claims are directed towards statutory subject matter. This argument is not found persuasive. The Applicant argues that the claims are directed towards eligible subject matter because they are directed to graph building with nodes that represent principals and resources from identify access and management (IAM) policies and connecting those nodes that represent principals and resources from identify access and management (IAM) policies and connecting those nodes with edges based on permissions and assignments of permissions indicated in the IAM policies. The Applicant does not address that the claims are directed towards the judicial exception of a mental process. Claim 1 discloses building a graph with nodes representing principals and cloud computing resources and with edges representing permissions wherein building the graph comprises parsing identity and access management policies to determine the principals and permissions assigned to the principals, and connecting nodes with edges based on permissions and assignments of the permissions and evaluating the graph to discover one or more attack paths to at least a first of the cloud computing resources. Under the broadest reasonable interpretation, the claims recite a method of building a graph with multiple edges and nodes which can be interpreted as a mental process which can be performed by a human using a pen and paper. The Applicant does not address how these claims cannot be performed as a mental process. The claims recite building a graph with multiple data points and evaluating the graph to determine an attack path. These steps can be performed by a human using a pen and paper. Therefore, the arguments are not found persuasive and the claims are found ineligible under section 101. 5. The Applicant further argues that the Cited Prior Art (CPA) does not disclose incorporated permissions and assignments of the permissions as edges in a graph to reveal potential attacks. Furthermore, the Applicant argues that the CPA does not disclose parsing or using identity and access management (IAM) policies to determine the principals and permissions assigned to principals. These arguments are also not found persuasive. The term principal is defined in the Applicant’s specification as an identity. Therefore, the claim discloses identities and permissions associated with identities. An discloses using a host database (HDB) (section IIIA) to store information about the host including IP address, open ports and the name of the vulnerability it has (Section IIIA and Figure 5). This information is used to generate a Hierarchical Attack Representation Model (HARM) (section IIIA). The Security group is used to determine reachability information and it is parsed to understand the inter-VM reliability and then a reachability graph is generated (Section IIIA). The Reachability Graph is populated using information from the HDB and NDB which includes information about the host (identity information) and vulnerability information including open ports and services provided (permissions) (Section IIIA and Figure 2). Therefore, the arguments are not found persuasive and the rejections are maintained as provided below. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 6. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. Independent claim 1 is selected as being representative of the claims being rejected. Claim 1 is directed towards generating a graph which is a mental process and an abstract idea. Here, claim 1 recites a method for generating a graph by parsing identity and access management policies to generate to determine principals and to determine the connection of nodes with edges. The steps of organizing the information intro graphs would also be an abstract idea. Organizing data through mathematical correlations is similar to other claims that the courts have held to be abstract ideas. See, e.g., Digitech Image Techs., LLC v. Electronics for Imaging, Inc. (Organizing information through mathematical correlations). Turning to the second step of the analysis, it is determined whether the claim recites additional elements that integrate the exception into a practical application of the exception. In this case, it is determined the claims do not add additional elements which integrate the mathematical concepts disclosed by claim 1 into a practical application. The claims are directed towards constructing a graph, and using the graph to discover potential attack paths. The claims do not contain any elements beyond the abstract idea which would integrate the mathematical concept into an abstract idea. The claims mere analyzes and modify the graph to determine an attack path and this does not integrate the abstract idea into a practical application as it is generally linking the abstract idea to vulnerability detection. Furthermore, the analysis proceeds to determine whether there is an inventive concept, defined by an element or combination of elements in claim, which is significantly more than the abstract idea. In this instance, there is nothing more than towards constructing a graph, and discovering potential attack paths based on the attack graphs. The dependent claims do not provide any subject matter to rescue the claims from being an abstract idea. Claim 2 generates a simulated principal node based on a node that could be created based on the permissions which is analogous to creating a node based on the permission, and can be performed in the mind or using a pen and paper. Claim 3 also modifies the graph to include the simulated node which is also included in a mental process or method of organizing human activity. Claim 3 discloses the general assigning of weights and does not disclose how the weights are created. Claim 4 uses the graph to discover attack paths by computing a score for each path, but does not disclose how the score is computed. The scores are generally disclosed with no further detail. Claim 6 discloses the remediation of attack paths but merely the prioritizing of remediation based on the scores. Claim 7 discloses creating a rule based on an attack path. Claim 8 discloses extracting a sequence of permissions in the attack path to create the rule and claim 9 discloses evaluating the graph to discover one or more potential attack paths. These dependent claims do not disclose anything beyond the abstract idea of a mental process or organizing human activity, and therefore, the claims are all directed towards an abstract idea without significantly more. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 7. Claim(s) 1-3, 7-11, and 15-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over An et al. “CloudSafe: A Tool for an Automated Security Analysis for Cloud Computing” in view of Kahlhofer et al. (“Towards Reconstructing Multi-Step Cyber Attacks in Modern Cloud Environments with Tripwires.” Regarding claim 1, An discloses: A method comprising: building a graph with nodes representing principals and cloud computing resources and with edges representing permissions (Section IIIA: The SG controls access using IP and Port as packet filtering. The SG information is used to generate the Reachability Graph (RG) by considering only the allowed rules for inbound traffics. Figure 2 shows the process of acquiring the reachability information from the target cloud (i.e., the cloud environment to conduct security assessment) and storing it in the Network Database (NDB) and Host Database (HDB) by parsing the SG to understand the inter-VM reliability), wherein building the graph comprises, parsing identity and access management policies to determine the principals and permissions assigned to principals (Section IIIA: The SG controls access using IP and Port as packet filtering. The SG information is used to generate the Reachability Graph (RG) by considering only the allowed rules for inbound traffics. Figure 2 shows the process of acquiring the reachability information from the target cloud (i.e., the cloud environment to conduct security assessment) and storing it in the Network Database (NDB) and Host Database (HDB) by parsing the SG to understand the inter-VM reliability); and connecting nodes with edges based on the permissions and assignments of the permissions (Section IIIA: The algorithm iteratively goes over the set of security rules to examine the reachability specified in the SG, and continuously adding the new set into the RG). An does not explicitly disclose evaluating the graph to discover one or more potential attack paths to at least a first of the cloud computing resources. An discloses a security assessment tool and produces security reports and alludes to a predictive model for possible multi-step attack paths (Section IIB), but does not explicitly disclose discovering one or more potential attack paths. In an analogous art, Kahlhofer discloses reconstructing attack by using attack graphs to discover attacks and notifies an Alarm Store (AS) when a new alarm is detected (Section 2). Kahlhofer achieves this by using tripwire injection (Section 1). It would have been obvious to one of ordinary skill in the art to combine the system of Kahlhofer with the system of An to improve the precision of detecting attacks (Kahlhofer: Section 1). Claim 2 is rejected as applied above in rejecting claim 1. Furthermore, Kahlhofer discloses: The method of claim 1 further comprising modifying the graph to include a simulated principal node and connecting the simulated principal node to the graph based on at least one of the permissions, wherein the simulated principal node is a node that represents a principal that could be created according to at least one of the permissions (Section 1: automatic tripwire injection which react to changes in the cloud environment). Claim 3 is rejected as applied above in rejecting claim 2. Furthermore, Kahlhofer discloses: The method of claim 2, wherein modifying the graph to include the simulated principal node comprises creating the simulated principal node based on a first of the permissions assigned to at least a first of the principals and wherein connecting the simulated principal node to the graph is based, at least in part, on a second of the permissions that can be assigned to the simulated principal node (Section 1: automatic tripwire injection which react to changes in the cloud environment). Claim 7 is rejected as applied above in rejecting claim 1. Furthermore, Kahlhofer discloses: The method of claim 1 further comprising creating a rule based on an attack path to one of the cloud computing resources discovered from evaluating the graph and providing the rule to prevent similar attack paths (Section 2 and 3: attack graph reconstruction wherein the reconstruction algorithm takes the AS and the AG as its input and reconstructs the attacks). Claim 8 is rejected as applied above in rejecting claim 7. Furthermore, Kahlhofer discloses: The method of claim 7, wherein creating the rule comprises extracting a sequence of permissions in the attack path and creating the rule based, at least in part, on the extracted sequence of permissions (Section 2 and 3: attack graph reconstruction wherein the reconstruction algorithm takes the AS and the AG as its input and reconstructs the attacks). Claim 9 is rejected as applied above in rejecting claim 1. Furthermore, Kahlhofer discloses: The method of claim 1, wherein evaluating the graph to discover one or more potential attack paths to at least a first cloud computing resource comprises evaluating the graph to determine one or more potential attack paths to the first cloud computing resource from a first digital identity (Sections 1-2: reconstructing attack by using attack graphs to discover attacks and notifies an Alarm Store (AS) when a new alarm is detected). Regarding claim 10, An discloses: A non-transitory, machine-readable medium having program code stored thereon, the program code comprising instructions to: build a directed graph based on a plurality of identity and access management policies permissions (Section IIIA: The SG controls access using IP and Port as packet filtering. The SG information is used to generate the Reachability Graph (RG) by considering only the allowed rules for inbound traffics. Figure 2 shows the process of acquiring the reachability information from the target cloud (i.e., the cloud environment to conduct security assessment) and storing it in the Network Database (NDB) and Host Database (HDB) by parsing the SG to understand the inter-VM reliability), wherein the directed graph comprises nodes that represent principals and cloud computing resources and edges that connect nodes based on permissions assigned to the principals in the plurality of identity and access management policies (Section IIIA: The SG controls access using IP and Port as packet filtering. The SG information is used to generate the Reachability Graph (RG) by considering only the allowed rules for inbound traffics. Figure 2 shows the process of acquiring the reachability information from the target cloud (i.e., the cloud environment to conduct security assessment) and storing it in the Network Database (NDB) and Host Database (HDB) by parsing the SG to understand the inter-VM reliability). An does not explicitly disclose augmenting the directed graph to indicate one or more potential access paths based on a first subset of the permissions, wherein the instructions to augment the directed graph comprise instructions to, create a node based on a first of the subset of permissions assigned to a first of the principals that allows creation of another principal by the first principal and connecting the created node to the directed graph based on a second of the subset of permissions assigned to the first principal and evaluating the directed graph to discover whether there is an attack path to a cloud computing resource represented in the directed graph. An discloses a security assessment tool and produces security reports and alludes to a predictive model for possible multi-step attack paths (Section IIB), but does not explicitly disclose discovering one or more potential attack paths. In an analogous art, Kahlhofer discloses reconstructing attack by using attack graphs to discover attacks and notifies an Alarm Store (AS) when a new alarm is detected (Section 2). Kahlhofer achieves this by using tripwire injection (Section 1) which adds a scenario to the graph to act as a honeypot (Section 2). It would have been obvious to one of ordinary skill in the art to combine the system of Kahlhofer with the system of An to improve the precision of detecting attacks (Kahlhofer: Section 1). Claim 11 is rejected as applied above in rejecting claim 10. Furthermore, An discloses: The non-transitory, machine-readable medium of claim 10, wherein the instructions to build the directed graph comprise instructions to parse the plurality of identity and access management policies to determine the principals and permissions assigned to the principals (Section IIIA: The SG controls access using IP and Port as packet filtering. The SG information is used to generate the Reachability Graph (RG) by considering only the allowed rules for inbound traffics. Figure 2 shows the process of acquiring the reachability information from the target cloud (i.e., the cloud environment to conduct security assessment) and storing it in the Network Database (NDB) and Host Database (HDB) by parsing the SG to understand the inter-VM reliability). Claim 15 is rejected as applied above in rejecting claim 10. Furthermore, Kahlhofer discloses: The non-transitory, machine-readable medium of claim 10, wherein the program code further comprises instructions to create a rule based on a discovered attack path to one of the cloud computing resources and provide the rule to prevent similar attack paths (Section 2 and 3: attack graph reconstruction wherein the reconstruction algorithm takes the AS and the AG as its input and reconstructs the attacks). Claim 16 is rejected as applied above in rejecting claim 15. Furthermore, Kahlhofer discloses: The non-transitory, machine-readable medium of claim 15, wherein the instructions to create the rule comprise instructions to extract a sequence of permissions in the attack path and create the rule based, at least in part, on the extracted sequence of permissions (Sections 1-2: reconstructing attack by using attack graphs to discover attacks and notifies an Alarm Store (AS) when a new alarm is detected). Regarding claim 17, An discloses: An apparatus comprising: a processor (Section IV: C: CPU); and a machine-readable medium having instructions stored thereon that are executable by the processor to cause the apparatus to, build a graph with nodes representing principals and cloud computing resources and with edges representing permissions, wherein the instructions to build the graph comprise instructions executable by the processor to cause the apparatus to, parse identity and access management policies to determine principals and permissions assigned to principals (Section IIIA: The SG controls access using IP and Port as packet filtering. The SG information is used to generate the Reachability Graph (RG) by considering only the allowed rules for inbound traffics. Figure 2 shows the process of acquiring the reachability information from the target cloud (i.e., the cloud environment to conduct security assessment) and storing it in the Network Database (NDB) and Host Database (HDB) by parsing the SG to understand the inter-VM reliability); and connect nodes with edges based on the permissions and assignments of permissions (Section IIIA: The algorithm iteratively goes over the set of security rules to examine the reachability specified in the SG, and continuously adding the new set into the RG). An does not explicitly disclose evaluating the graph to discover one or more potential attack paths to at least a first of the cloud computing resources. An discloses a security assessment tool and produces security reports and alludes to a predictive model for possible multi-step attack paths (Section IIB), but does not explicitly disclose discovering one or more potential attack paths. In an analogous art, Kahlhofer discloses reconstructing attack by using attack graphs to discover attacks and notifies an Alarm Store (AS) when a new alarm is detected (Section 2). Kahlhofer achieves this by using tripwire injection (Section 1). It would have been obvious to one of ordinary skill in the art to combine the system of Kahlhofer with the system of An to improve the precision of detecting attacks (Kahlhofer: Section 1). Claim 18 is rejected as applied above in rejecting claim 17. Furthermore, Kahlhofer discloses: The apparatus of claim 17, wherein the machine-readable medium further has stored thereon instructions executable by the processor to cause the apparatus to modify the graph to include a simulated principal node and to connect the simulated principal node to the graph based on at least one of the permissions, wherein the simulated principal node is a node that represents a principal that could be created according to at least one of the permissions (Section 1: automatic tripwire injection which react to changes in the cloud environment). Claim 19 is rejected as applied above in rejecting claim 18. Furthermore, Kahlhofer discloses: The apparatus of claim 18, wherein the instructions to modify the graph to include the simulated principal node comprise instructions executable by the processor to cause the apparatus to create the simulated principal node based on a first of the permissions assigned to at least a first of the principals and wherein the instructions to connect the simulated principal node to the graph is based, at least in part, on a second of the permissions that can be assigned to the simulated principal node (Section 1: automatic tripwire injection which react to changes in the cloud environment). 8. Claim(s) 4-6, 12-14, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over An et al. “CloudSafe: A Tool for an Automated Security Analysis for Cloud Computing” in view of Kahlhofer et al. (“Towards Reconstructing Multi-Step Cyber Attacks in Modern Cloud Environments with Tripwires” in further in view of Gukal et al. (U.S. Patent Pub. No. US 2017/0093910). Claim 4 is rejected as applied above in rejecting claim 1. Furthermore, the combination of An and Kahlhofer does not disclose wherein building the graph further comprises assigning weights to the nodes and edges based, at least in part, on types of the principals, permissions of the edges, and resource classifications. In an analogous art, Gukal discloses assigning weights to each machine in a path and assigning a path weight using an equation which determines the probability of a particular attack path (paragraphs 0435, 0439). It would have been obvious to one of ordinary skill in the art to assign weights, as is performed in Gukal, in the system of An and Kahlhofer in order to determine a probability of attack using a certain path (Gukal: paragraph 0435). Claim 5 is rejected as applied above in rejecting claim 4. Furthermore, the combination of An and Kahlhofer does not explicitly disclose wherein evaluating the graph to discover one or more potential attack paths to at least a first cloud computing resource comprises selecting a node as a first endpoint and determining one or more paths from the first endpoint to one or more second endpoints in the graph, computing a score for each path in the graph based, at least partly, on the assigned weights and ranking and/or filtering the potential attack paths according to the scores, wherein either the first endpoint or the one or more second endpoints represents the cloud computing resource. In an analogous art, Gukal discloses assigning weights to each machine in a path and assigning a path weight using an equation which determines the probability of a particular attack path (paragraphs 0435, 0439). It would have been obvious to one of ordinary skill in the art to assign weights, as is performed in Gukal, in the system of An and Kahlhofer in order to determine a probability of attack using a certain path (Gukal: paragraph 0435). Claim 6 is rejected as applied above in rejecting claim 5. Furthermore, the combination of An and Kahlhofer does not explicitly disclose remediation of discovered attack paths based, at least partly, on the scores. In an analogous art, Gukal discloses remediation of an intrusion (paragraph 0281) and uses weight to determine the severity of the attack (paragraph 0353, 0371) and the probability of the attack using a certain path (paragraph 0435, 0439). The assigning of a weight based on the severity and probability of an attack allows Gukal to remediate the attacks which have a higher weight first (paragraph 0281). It would have been obvious to one of ordinary skill in the art to use the weighting of Gukal so that attacks can be remediated efficiently (Gukal: paragraph 0281). Claim 12 is rejected as applied above in rejecting claim 10. Furthermore, the combination of An and Kahlhofer does not disclose wherein building the graph further comprises assigning weights to the nodes and edges based, at least in part, on types of the principals, permissions of the edges, and resource classifications. In an analogous art, Gukal discloses assigning weights to each machine in a path and assigning a path weight using an equation which determines the probability of a particular attack path (paragraphs 0435, 0439). It would have been obvious to one of ordinary skill in the art to assign weights, as is performed in Gukal, in the system of An and Kahlhofer in order to determine a probability of attack using a certain path (Gukal: paragraph 0435). Claim 13 is rejected as applied above in rejecting claim 12. Furthermore, the combination of An and Kahlhofer does not explicitly disclose wherein evaluating the graph to discover one or more potential attack paths to at least a first cloud computing resource comprises selecting a node as a first endpoint and determining one or more paths from the first endpoint to one or more second endpoints in the graph, computing a score for each path in the graph based, at least partly, on the assigned weights and ranking and/or filtering the potential attack paths according to the scores, wherein either the first endpoint or the one or more second endpoints represents the cloud computing resource. In an analogous art, Gukal discloses assigning weights to each machine in a path and assigning a path weight using an equation which determines the probability of a particular attack path (paragraphs 0435, 0439). It would have been obvious to one of ordinary skill in the art to assign weights, as is performed in Gukal, in the system of An and Kahlhofer in order to determine a probability of attack using a certain path (Gukal: paragraph 0435). Claim 14 is rejected as applied above in rejecting claim 13. Furthermore, the combination of An and Kahlhofer does not explicitly disclose remediation of discovered attack paths based, at least partly, on the scores. In an analogous art, Gukal discloses remediation of an intrusion (paragraph 0281) and uses weight to determine the severity of the attack (paragraph 0353, 0371) and the probability of the attack using a certain path (paragraph 0435, 0439). The assigning of a weight based on the severity and probability of an attack allows Gukal to remediate the attacks which have a higher weight first (paragraph 0281). It would have been obvious to one of ordinary skill in the art to use the weighting of Gukal so that attacks can be remediated efficiently (Gukal: paragraph 0281). Claim 20 is rejected as applied above in rejecting claim 17. In an analogous art, Gukal discloses assigning weights to each machine in a path and assigning a path weight using an equation which determines the probability of a particular attack path (paragraphs 0435, 0439). It would have been obvious to one of ordinary skill in the art to assign weights, as is performed in Gukal, in the system of An and Kahlhofer in order to determine a probability of attack using a certain path (Gukal: paragraph 0435). Gukal further discloses remediation of an intrusion (paragraph 0281) and uses weight to determine the severity of the attack (paragraph 0353, 0371) and the probability of the attack using a certain path (paragraph 0435, 0439). The assigning of a weight based on the severity and probability of an attack allows Gukal to remediate the attacks which have a higher weight first (paragraph 0281). It would have been obvious to one of ordinary skill in the art to use the weighting of Gukal so that attacks can be remediated efficiently (Gukal: paragraph 0281). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAVEH ABRISHAMKAR whose telephone number is (571)272-3786. The examiner can normally be reached M-F 9-5:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached at 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KAVEH ABRISHAMKAR/ 01/02/2026 Primary Examiner, Art Unit 2494
Read full office action

Prosecution Timeline

Oct 23, 2023
Application Filed
Jul 30, 2025
Non-Final Rejection — §101, §103
Nov 28, 2025
Response Filed
Jan 01, 2026
Final Rejection — §101, §103
Apr 01, 2026
Notice of Allowance

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12598086
TOKENIZED INDUSTRIAL AUTOMATION SOFTWARE
2y 5m to grant Granted Apr 07, 2026
Patent 12598216
SMALL-FOOTPRINT ENDPOINT DATA LOSS PREVENTION
2y 5m to grant Granted Apr 07, 2026
Patent 12585761
SYSTEM AND METHOD FOR COMBINING CYBER-SECURITY THREAT DETECTIONS AND ADMINISTRATOR FEEDBACK
2y 5m to grant Granted Mar 24, 2026
Patent 12585771
LEARNED CONTROL FLOW MONITORING AND ENFORCEMENT OF UNOBSERVED TRANSITIONS
2y 5m to grant Granted Mar 24, 2026
Patent 12579280
SYSTEMS AND METHODS FOR VULNERABILITY SCANNING OF DEPENDENCIES IN CONTAINERS
2y 5m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
78%
Grant Probability
99%
With Interview (+23.3%)
3y 0m
Median Time to Grant
Moderate
PTA Risk
Based on 1020 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month