Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsVaronis Systems, Inc. › 18494631
Last updated: April 19, 2026
Application No. 18/494,631

Object Security Control

Final Rejection §103
Filed
Oct 25, 2023
Examiner
LITTLE, VANCE M
Art Unit
2494
Tech Center
2400 — Computer Networks
Assignee
Varonis Systems, Inc.
OA Round
2 (Final)
83%
Grant Probability
Favorable
3-4
OA Rounds
2y 7m
To Grant
99%
With Interview

Interview Optional

+25.4% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 392 resolved cases, 2023–2026

Examiner Intelligence

LITTLE, VANCE M View full profile →
Grants 83% — above average
83%
Career Allow Rate
326 granted / 392 resolved
+25.2% vs TC avg
Strong +25% interview lift
Without
With
+25.4%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
25 currently pending
Career history
417
Total Applications
across all art units

Statute-Specific Performance

§101
12.9%
-27.1% vs TC avg
§103
50.2%
+10.2% vs TC avg
§102
9.9%
-30.1% vs TC avg
§112
14.7%
-25.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 392 resolved cases

Office Action

§103
DETAILED ACTION This Office action is in response to the amendments and remarks filed by Applicant on 11/19/2025. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment Applicant presents amendments to claim 1. All amendments have been fully considered. Applicant’s amendments clarify the subject matter of claim 1 and are sufficient to overcome the previously cited combination of references serving as the basis for the rejection under 35 U.S.C. 103. A new search was conducted and a new secondary reference was identified and a new rejection is presented below. The Examiner notes that claim 11 is indicated as being “currently amended”, but the Examiner was unable to locate any amendments in this claim. According to MPEP §714, “[a]ny claim presented in clean version will constitute an assertion that it has not been changed relative to the immediate prior version”. Therefore, the Examiner concludes the claim is not changed from previous versions of the claim set. Response to Arguments Applicant presents arguments with respect to the pending claims. All arguments have been fully considered. The Examiner agrees with Applicant’s arguments that the previously cited combination of references fail to fully cover all of the subject matter of the amended claims and appreciates the explanation of the relationship between the relevant elements. As mentioned above, a new search was required and a new rejection is presented below. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 3–4, 16, 19, 21, 29 rejected under 35 U.S.C. 103 as being unpatentable over Doyle (US 2024/0135009 A, published Apr. 25, 2024) in view of Dhindsa (US 2022/0224685 A1, published Jul. 14, 2022) in view of Rangarajan (US 2022/0303322 A1, published Sep. 22, 2022). Regarding claim 1, Doyle discloses: a computer system for a security control, comprising: one or more computer readable storage media storing program instruction and one or more processors which, in response to executing the program instructions, are configured to: receive user input requesting access to an object of the computing system (receiving a request for content. Doyle ¶ 48.), wherein the user input identifies the object and includes a natural language justification of why access is desired and a user description of content of the file for requesting access (content requestor provides a description of the reason or reasons justifying the request for a content item to the access management platform. Doyle ¶¶ 42 and 48.); perform a language analysis of the natural language justification and the object to identify a similarity score between the natural language justification based at least in part on why access is desired and the object (the access determination unit compares the semantic information for the content item with the semantic information and natural language processed information of the justification information to determine a relevance score. Doyle ¶ 48.), determine whether access should be granted to the object based at least in part on the similarity score (access determination unit uses the relevance score for determining whether to automatically grant access to the content item. Doyle ¶ 48.). Doyle does not disclose: a comparison of the user description and actual content of the object; and configure permissions for the object to enable access by a user when a determination is made to grant access. However, Dhindsa does disclose: a comparison of the user description and actual content of the object (in order to authenticate and provide access to a user, prompting the user to provide a contextual description of the operation (interpreted as the recited object) and in response, using a natural language processing model to identify a described characteristic of the operation, compare the described characteristic with a corresponding parameter of the operation and determine that the authentication response is valid based on the comparing. Dhindsa ¶ 2.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the facilitation of access to an object by analyzing the natural language of an access justification of Doyle with comparing a description of a requested item with the item to determine whether access should be granted to that item based upon the teaching of Dhindsa. The motivation being to determine whether the requesting use knows the context of the item being requested. Dhindsa ¶ 1. Doyle in view of Dhindsa does not disclose: configure permissions for the object to enable access by a user when a determination is made to grant access. However, Rangarajan does disclose: configure permissions for the object to enable access by a user when a determination is made to grant access (reconfigure object permissions to grant access to user accounts. Rangarajan ¶ 9.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the facilitation of access to an object by analyzing the natural language of an access justification of Doyle with the configuration of an object permissions following a grant of access based upon the teachings of Rangarajan. The motivation being to enable collaboration between a variety of allowed user accounts. Rangarajan ¶ 9. Regarding claim 3, Doyle in view of Dhindsa in view of Rangarajan discloses the limitations of claim 1, wherein the similarity score is based at least in part on a comparison of a user description and actual content of the object (the access determination unit compares the semantic information for the content item with the semantic information and natural language processed information of the justification information to determine a relevance score. Doyle ¶ 48.). Regarding claim 4, Doyle in view of Dhindsa in view of Rangarajan discloses the limitations of claim 1, wherein the program instructions are further configured to cause the one or more processors to receive metadata associated with the object, wherein the determination whether access should be granted is based at least in part on the metadata (Doyle ¶ 32.). Regarding claim 16, Doyle in view of Dhindsa in view of Rangarajan discloses the limitations of claim 1, wherein when a determination is made to not grant access, sending, by the processor, a notification to a user responsible for the object to take a decision (content owner verifies that the automated access decision by the content access management platform was correct. Doyle ¶ 50.). Regarding claim 19, Doyle in view of Dhindsa in view of Rangarajan discloses the limitations of claim 1, wherein the determination is based at least in part on a classification of the object, as determined by a classification engine (access related data source are used to access the relationship between the content requestor and the content owner and help determine whether access should be granted. Doyle ¶ 35. Access-related data source include content-related classification information such as the impact of the subject matter of the content. Doyle ¶ 36.). Regarding claim 21, Doyle in view of Dhindsa in view of Rangarajan discloses the limitations of claim 1, wherein the determination is based at least in part on a creator or owner of the object (content owner verifies that the automated access decision by the content access management platform was correct. Doyle ¶ 50.). Regarding claim 29, Doyle in view of Dhindsa in view of Rangarajan discloses the limitations of claim 1, wherein the object is a file stored in the computer system, which optionally represents human-readable text (Doyle ¶¶ 21 and 24.). Claim 2 rejected under 35 U.S.C. 103 as being unpatentable over Doyle in view of Dhindsa in view of Rangarajan in view of Koren (US 2019/0122272 A1, published Sep. 22, 2022). Regarding claim 2, Doyle in view of Dhindsa in view of Rangarajan discloses the limitations of claim 1. Doyle in view of Dhindsa in view of Rangarajan does not disclose: wherein the natural language justification comprises a description of what the user believes to be the content of the object. However, Koren does disclose: wherein the natural language justification comprises a description of what the user believes to be the content of the object (the request is made in natural language and describes the specific object. Koren ¶¶ 27–29.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the facilitation of access to an object by analyzing the natural language of an access justification of Doyle with a natural language description of the content of the object based upon the teachings of Koren. The motivation being to match user requests to appropriate transaction using user-friendly replies. Koren ¶ 67. Claim 5–11 rejected under 35 U.S.C. 103 as being unpatentable over Doyle in view of Dhindsa in view of Rangarajan in view of Sweet (US 2002/0031230 A1, published Mar. 14, 2002). Regarding claim 5, Doyle in view of Dhindsa in view of Rangarajan discloses the limitations of claim 1. Doyle in view of Dhindsa in view of Rangarajan does not disclose: wherein the determination whether access should be granted is based at least in part on whether users related to the user have access to the object. However, Sweet does disclose: wherein the determination whether access should be granted is based at least in part on whether users related to the user have access to the object (granting access to an individual based upon permissions allocated to members of a role. Sweet ¶ 9.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the facilitation of access to an object by analyzing the natural language of an access justification of Doyle with determining access based on whether users related to the user have access to an object based upon the teachings of Sweet. The motivation being if a user's organizational assignment changes, his or her access permissions are also changed to reflect this new organizational role. Sweet ¶ 9. Regarding claim 6, Doyle in view of Dhindsa in view of Rangarajan in view of Sweet discloses the limitations of claim 5, wherein the users are related by being in a common group in a directory server (granting access to an individual based upon permissions allocated to members of a role. Sweet ¶ 9.). Regarding claim 7, Doyle in view of Dhindsa in view of Rangarajan in view of Sweet discloses the limitations of claim 5, wherein relations between the users are determined based at least in part on communications between the users (granting access to an individual based upon permissions allocated to members of a role. Sweet ¶ 9.). Regarding claim 8, Doyle in view of Dhindsa in view of Rangarajan in view of Sweet discloses the limitations of claim 5, wherein the relations between the users are determined based at least in part on organization data of an organization to which the users belong (granting access to an individual based upon permissions allocated to members of a role. Sweet ¶ 9.). Regarding claim 9, Doyle in view of Dhindsa in view of Rangarajan in view of Sweet discloses the limitations of claim 5, wherein the relations between the users are determined based at least in part on interactions in workflow management systems (granting access to an individual based upon permissions allocated to members of a role. Sweet ¶ 9.). Regarding claim 10, Doyle in view of Dhindsa in view of Rangarajan in view of Sweet discloses the limitations of claim 5, wherein the related users are based on access to the same files by the requesting user and other users (granting access to an individual based upon permissions allocated to members of a role. Sweet ¶ 9.). Regarding claim 11, Doyle in view of Dhindsa in view of Rangarajan discloses the limitations of claim 1. Doyle in view of Dhindsa in view of Rangarajan does not disclose: wherein the determination whether access should be granted is based at least in part on the user's access rights in relation to related objects, the user's role in the organization to which the object belongs, and/or a weighted score of a plurality of parameters including the similarity score. However, Sweet does disclose: wherein the determination whether access should be granted is based at least in part on the user's access rights in relation to related objects, the user's role in the organization to which the object belongs, and/or a weighted score of a plurality of parameters including the similarity score (granting access to an individual based upon permissions allocated to members of a role. Sweet ¶ 9.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the facilitation of access to an object by analyzing the natural language of an access justification of Doyle with determining access based on whether users related to the user have access to an object based upon the teachings of Sweet. The motivation being if a user's organizational assignment changes, his or her access permissions are also changed to reflect this new organizational role. Sweet ¶ 9. Claim 14 rejected under 35 U.S.C. 103 as being unpatentable over Doyle in view of Dhindsa in view of Rangarajan in view of Silverstein (US 2022/0365860 A1, published Nov. 17, 2022). Regarding claim 14, Doyle in view of Dhindsa in view of Rangarajan discloses the limitations of claim 1, wherein the determination whether access should be granted is based at least in part on a weighted score of a plurality of parameters including the similarity score (access determination unit uses the relevance score for determining whether to automatically grant access to the content item. Doyle ¶ 48.). Doyle in view of Dhindsa in view of Rangarajan does not disclose: wherein the score weightings are dependent on the object and/or user. However, Silverstein does disclose: wherein the score weightings are dependent on the object and/or user (access control program generates weighted access scores for each user. Silverstein ¶ 25.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the facilitation of access to an object by analyzing the natural language of an access justification of Doyle with scores weighted dependent on parameters relative to objects or users based upon the teachings of Silverstein. The motivation being to generate scored access controlled following a performance disruption. Silverstein ¶ 3. Claim 15 rejected under 35 U.S.C. 103 as being unpatentable over Doyle in view of Dhindsa in view of Rangarajan in view of Ezra (US 2024/0054240 A1, published Feb. 15, 2024). Regarding claim 15, Doyle in view of Dhindsa in view of Rangarajan discloses the limitations of claim 1. Doyle in view of Dhindsa in view of Rangarajan does not disclose: wherein the determination is based at least in part on previous network and object access by the user. However, Ezra does disclose: wherein the determination is based at least in part on previous network and object access by the user (access control scores determined based upon data including access history data. Ezra ¶ 23.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the facilitation of access to an object by analyzing the natural language of an access justification of Doyle with determining using previous network and object access by users based upon the teachings of Ezra. The motivation being incorporating contextual information in to the recommendation of authorization of access. Ezra ¶ 23. Claims 24, 26–27 rejected under 35 U.S.C. 103 as being unpatentable over Doyle in view of Dhindsa in view of Rangarajan in view of Blohm (US 2024/0346255 A1, published Oct. 17, 2024). Regarding claim 24, Doyle in view of Dhindsa in view of Rangarajan discloses the limitations of claim 1. Doyle in view of Dhindsa in view of Rangarajan does not disclose: wherein the language analysis is performed by a Large Language Model (LLM), which may optionally be trained on prior human decisions in relation to user requests. However, Blohm does disclose: wherein the language analysis is performed by a Large Language Model (LLM), which may optionally be trained on prior human decisions in relation to user requests (leveraging the strong natural language capabilities of large language modules for safeguarding privileged or confidential information access. Blohm ¶ 55.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the facilitation of access to an object by analyzing the natural language of an access justification of Doyle with language analysis performed by large language models trained by previous human decision data based upon the teachings of Blohm. The motivation being to generate permission definitions for protection of privileged and confidential information for a specific set of users. Blohm ¶ 55. Regarding claim 26, Doyle in view of Dhindsa in view of Rangarajan in view of Blohm discloses the limitations of claim 24, wherein the LLM is fine-tuned using a subset of annotated human decisions in relation to user requests (access controls can be defined with a certain scope with a user interface. Blohm ¶ 55.). Regarding claim 27, Doyle in view of Dhindsa in view of Rangarajan in view of Blohm discloses the limitations of claim 24, wherein details of prior requests related to the current request are provided as an input to the LLM (previously authorized access to controlled files is used to determine suitability for future access determinations. Blohm ¶ 55.). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE LITTLE whose telephone number is (571)270-0408. The examiner can normally be reached Monday - Friday 9:30am - 5:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached at (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /VANCE M LITTLE/Primary Examiner, Art Unit 2494
Read full office action

Prosecution Timeline

Oct 25, 2023
Application Filed
Aug 11, 2025
Non-Final Rejection — §103
Nov 19, 2025
Response Filed
Feb 27, 2026
Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/820,959
Patent 12603862
Methods and Systems for Efficient Adaptive Logging of Cyber Threat Incidents
2y 5m to grant Granted Apr 14, 2026
17/291,411
Patent 12596819
Method and System for Data Valuation and Secure Commercial Monetization Platform
2y 5m to grant Granted Apr 07, 2026
18/825,239
Patent 12592911
SECURE RELAY DEVICE AND DATA TRANSMISSION RECEPTION SYSTEM
2y 5m to grant Granted Mar 31, 2026
18/134,122
Patent 12574390
Unauthorized Activity Detection Based on User Agent String
2y 5m to grant Granted Mar 10, 2026
18/619,624
Patent 12563057
METHOD AND A SYSTEM FOR TRAFFIC TUNNELING IN A DISTRIBUTED NETWORK FOR MALWARE DETECTION
2y 5m to grant Granted Feb 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
83%
Grant Probability
99%
With Interview (+25.4%)
2y 7m
Median Time to Grant
Moderate
PTA Risk
Based on 392 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month