Prosecution Insights
Last updated: July 17, 2026
Application No. 18/516,449

Systems and Methods for Monitoring and Detection of Anomalous Activity in Software-Defined Radio Access Networks

Final Rejection §103
Filed
Nov 21, 2023
Priority
Nov 29, 2022 — provisional 63/385,238
Examiner
EBRAHIM, ANEZ C
Art Unit
2467
Tech Center
2400 — Computer Networks
Assignee
The Ohio State University
OA Round
2 (Final)
83%
Grant Probability
Favorable
3-4
OA Rounds
2m
Est. Remaining
91%
With Interview

Examiner Intelligence

Grants 83% — above average
83%
Career Allowance Rate
639 granted / 773 resolved
+24.7% vs TC avg
Moderate +8% lift
Without
With
+7.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
26 currently pending
Career history
809
Total Applications
across all art units

Statute-Specific Performance

§101
0.8%
-39.2% vs TC avg
§103
87.4%
+47.4% vs TC avg
§102
6.2%
-33.8% vs TC avg
§112
2.7%
-37.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 773 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION 1. This communication is response to the application filed 11/21/2023 havingclaims 1-26 pending and presented for examination. Priority 2. Application filed on 11/21/2023 is a has PRO 5,238 11/29/2022 are acknowledged. Drawings 3. The drawings were received on 11/21/2023 and these drawings are accepted. 4. Information Disclosure Statement The information disclosure statement (IDS) submitted on 11/21/2023 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Oath/Declaration 4. The Oath/Declaration filed on 11/21/2023 is accepted by the examiner. Claim Rejections - 35 USC § 103 1. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 2. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 3. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 1-5, 10, 13-15, 17-19 9 16 11-12, 20 6-8 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 4. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-3, 7-8, 12-14, 18, 21, 23-26 are rejected under 35 U.S.C. 103 as being unpatentable over US Publication US 20190230531 A1 Myron, Pietrzyk et al. (Hereinafter “Myron, ") in view of US Publication US 20220210794 A1 Pietrzyk et al. (Hereinafter “Pietrzyk "). As per claim 1, Myron, teaches a computer-implemented method for monitoring a software-defined radio access network (SD-RAN), comprising: receiving, by a computing device, data indicative of communications between a base station configured to provide radio access and one or more network devices (para 0057-0059], fig. 1,4, mobile computing device receiving communication data between a base station and plurality of mobile stations in a mobile computing environment as shown in fig.1); generating, by the computing device and based on the data, a telemetry stream indicative of potential anomalous activity in the SD-RAN(para 0057-0059], fig. 3-5, based on the data received at the mobile station mobile station determines whether indicative of potential anomalous activity in the SD-RAN); and providing, by the computing device and based on the telemetry stream, an indication of the potential anomalous activity(para 0057-0059], fig. 3-5, based on the data available to the mobile unit provides the an indication of the potential anomalous activity and tries to communicate with station). 20190230531 Pietrzyk teaches receiving, by a computing device, data indicative of communications between a base station configured to provide radio access and one or more network devices, wherein the data is received from at least one logical node of the SD-RAN via an E2 interface (para 0061-0079], fig, 8A, receiving by the computing device such as the 804 information such as wherein the data is received from at least one logical node of the SD-RAN via an E2 interface ). 20220210794 Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date, to modify the combination system of Myron, by receiving, by a computing device, data indicative of communications between a base station configured to provide radio access and one or more network devices, wherein the data is received from at least one logical node of the SD-RAN via an E2 interface as suggested by Pietrzyk, this modification would benefit Myron, for enabling a better understand the efficient data transmission mechanism in a mobile communication system. As per claim 2, , Myron, Pietrzyk , teaches the computer-implemented method of claim 1, wherein the potential anomalous activity comprises one or more of an attack on the base station, a fault in the RAN, a failure of the RAN, a security threat, a noncompliance by one or more network devices, or a violation of a service level agreement (SLA) (para 0057-0059], fig. 1,4, wherein the potential anomalous activity comprises power failure and failure of base station ). As per claim 3, Myron, Pietrzyk , teaches the computer-implemented method of claim 1, wherein the telemetry stream is configured to reduce one or more of a network packet delay or a packet drop rate (para 0059], fig. 3-5, telemetry stream is configured to reduce one or more of a network a packet drop rate ). As per claim 7, Myron, Pietrzyk teaches the computer-implemented method of claim 1, wherein the receiving of the data comprises: receiving one or more network packets associated with the given network device during a granularity period (para 0072], receiving data at the mobile device periodically one or more network packets associated with the given network device); and storing the one or more network packets in a buffer associated with the given network device prior to the sending of the indication message (para 0049], monitoring device stores the information associated with base station in a buffer). As per claim 8, Myron, Pietrzyk teaches the computer-implemented method of claim 1, wherein the generating of the telemetry stream is performed by a security service component, and wherein the security service component is compliant with one or more policies of the RAN (para 0080], generating of the telemetry stream is performed by a security service component, and wherein the security service component is compliant with one or more policies of the RAN). As per claim 12, Myron, Pietrzyk teaches the computer-implemented method of claim 1, wherein the telemetry stream is a RAN-centric telemetry stream, and further comprising: tracking aggregated statistics of one or more states associated with the RAN (para 0058], tracking the base station associated with RAN ). As per claim 13, Myron, Pietrzyk teaches the computer-implemented method of claim 12, wherein the one or more states comprises one or more of a number of connected network devices, a number of idle network devices, or a maximum capacity associated with the RAN (para 0022], one or more states comprises one or more of a number of connected network devices). As per claim 14, Myron, Pietrzyk teaches the computer-implemented method of claim 1, wherein the providing of the indication of the potential anomalous activity is performed by an application layer of the software-defined radio access network (para 0057-0059], fig. 3-5, potential anomalous activity is performed by an application layer of the software-defined radio access network). As per claim 18, Myron, Pietrzyk teaches the computer-implemented method of claim 1, wherein the receiving of the data comprises: collecting, by a software agent deployed on the at least one logical node, respective RAN-related telemetry or network device-related telemetry (para 0057-0059], fig. 3-5, collecting, mobile devices software system deployed on the at least one logical node, respective RAN-related telemetry or network device-related telemetry). As per claim 21, Myron, teaches a system for monitoring a software-defined radio access network (SD-RAN), comprising: one or more network devices; a base station configured to provide radio access to the one or more network devices; one or more processors; and data storage, wherein the data storage has stored thereon computer-executable instructions that, when executed by the one or more processors, cause a computing device to carry out operations comprising: receiving, by the computing device, data indicative of communications between the base station and the one or more network devices (para 0057-0059], fig. 1,4, mobile computing device receiving communication data between a base station and plurality of mobile stations in a mobile computing environment as shown in fig.1); generating, by the computing device and based on the data, a telemetry stream indicative of potential anomalous activity in the SD-RAN (para 0057-0059], fig. 3-5, based on the data received at the mobile station mobile station determines whether indicative of potential anomalous activity in the SD-RAN); and providing, by the computing device and based on the telemetry stream, an indication of the potential anomalous activity (para 0057-0059], fig. 3-5, based on the data available to the mobile unit provides the an indication of the potential anomalous activity and tries to communicate with station). Pietrzyk teaches receiving, by a computing device, data indicative of communications between a base station configured to provide radio access and one or more network devices, wherein the data is received from at least one logical node of the SD-RAN via an E2 interface (para 0061-0079], fig, 8A, receiving by the computing device such as the 804 information such as wherein the data is received from at least one logical node of the SD-RAN via an E2 interface ). Examiner supplies the same rationale as supplied in claim 1. As per claim 23, Myron, Pietrzyk teaches the system of claim 21, wherein the computing device comprises a first computing device in a network layer of the SD-RAN, and wherein the receiving of the data is performed by the first computing device, and wherein the first computing device is configured to operate in parallel with one or more logical nodes that manage protocols for the SD-RAN ((para 0057-0059], fig. 3-5, first computing device in a network layer of the SD-RAN, and wherein the receiving of the data is performed by the first computing device, and wherein the first computing device is configured to operate in parallel with one or more logical nodes that manage protocols for the SD-RAN ). As per claim 24, Myron, Pietrzyk teaches the system of claim 21, wherein the computing device comprises a second computing device in a control layer of the SD-RAN, wherein the generating of the telemetry stream is performed by the second computing device, and wherein the second computing device is configured to run in a RAN intelligent controller (RIC) (para 0057-0059], fig. 3-5first computing device in a network layer of the SD-RAN, and wherein the receiving of the data is performed by the first computing device, and wherein the first computing device is configured to operate in parallel with one or more logical nodes that manage protocols for the SD-RAN). As per claim 25, Myron, Pietrzyk teaches the system of claim 21, Myron, Pietrzyk teaches the wherein the computing device comprises a third computing device in an application layer of the SD-RAN, and wherein the providing of the indication is performed by the third computing device (para 0057-0059], fig. 3-5, third computing device in an application layer of the SD-RAN, and wherein the providing of the indication is performed by the third computing device). As per claim 26, Myron, Pietrzyk teaches a computing device for monitoring a software-defined radio access network (SD-RAN), comprising: one or more processors; and data storage, wherein the data storage has stored thereon computer-executable instructions that, when executed by the one or more processors, cause the computing device to carry out operations comprising: receiving, by the computing device, data indicative of communications between a base station configured to provide radio access and one or more network devices (para 0057-0059], fig. 1,4, mobile computing device receiving communication data between a base station and plurality of mobile stations in a mobile computing environment as shown in fig.1); generating, by the computing device and based on the data, a telemetry stream indicative of potential anomalous activity in the SD-RAN (para 0057-0059], fig. 3-5, based on the data received at the mobile station mobile station determines whether indicative of potential anomalous activity in the SD-RAN); and providing, by the computing device and based on the telemetry stream, an indication of the potential anomalous activity (para 0057-0059], fig. 3-5, based on the data available to the mobile unit provides the an indication of the potential anomalous activity and tries to communicate with station).. Pietrzyk teaches receiving, by a computing device, data indicative of communications between a base station configured to provide radio access and one or more network devices, wherein the data is received from at least one logical node of the SD-RAN via an E2 interface (para 0061-0079], fig, 8A, receiving by the computing device such as the 804 information such as wherein the data is received from at least one logical node of the SD-RAN via an E2 interface ). Examiner supplies the same rationale as supplied in claim 1. 5. Claim(s) 4-6,20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Myron, Pietrzyk further view of US PG Pub US 20220345387 A1 to Ehrlich et al (hereinafter Ehrlich). As per claim 4, Myron, Pietrzyk teaches the computer-implemented method of claim 1, Ehrlich teaches wherein the receiving of the data comprises: aggregating, for a given network device of the one or more network devices, the one or more network packets associated with the given network device into an indication message(para 0058], aggregating the data received from the network device associated with given indication); detecting a triggering event associated with the given network device (para 0058], ); and responsive to the detecting of the triggering event, sending the indication message (para 0059], responsive to the detecting of the triggering event, sending the indication message). 20220345387 Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date, to modify the combination system of Myron, Pietrzyk by wherein the receiving of the data comprises: aggregating, for a given network device of the one or more network devices, the one or more network packets associated with the given network device into an indication message detecting a triggering event associated with the given network device and responsive to the detecting of the triggering event, sending the indication message as suggested by Ehrlich, this modification would benefit Myron, Pietrzyk for enabling a better understand the security analysis in a mobile communication system. As per claim 5, Myron, Pietrzyk teaches the computer-implemented method of claim 4, Ehrlich teaches wherein the triggering event is a new state for the given network device or a control traffic for the given network device (para 0059], chaning the state of the device based on the trigger). Examiner supplies the same rationale as supplied claim 4. As per claim 6, Myron, Pietrzyk teaches the computer-implemented method of claim 4, Ehrlich teaches wherein the indication message is indicative of a session establishment or a device authentication (para 0058], indication message is indicative of a session establishment). Examiner supplies the same rationale as supplied claim 4. As per claim 20, Myron, Pietrzyk teaches the computer-implemented method of claim 1, Ehrlich teaches wherein the SD-RAN is a higher generation cellular network (para 0001], wherein the SD-RAN is a higher generation cellular network). Examiner supplies the same rationale as supplied claim 4. 5. Claim(s) 9-11, is/are rejected under 35 U.S.C. 103 as being unpatentable over Myron, Pietrzyk further view of US PG Pub US 20240155533 A1 to BJERRUM et al (hereinafter BJERRUM). As per claim 9, Myron, Pietrzyk teaches the computer-implemented method of claim 1, BJERRUM teaches wherein the telemetry stream is a network device-centric telemetry stream, and further comprising: tracking a temporary identifier associated with a given network device of the one or more network devices, wherein the temporary identifier enables an identification of a unique session establishment between the given network device and the RAN (para 0168], network is tracking a temporary identifier associated with a given network device of the one or more network devices and temporary id is unique id). 20240155533 Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date, to modify the combination system of Myron, Pietrzyk by tracking a temporary identifier associated with a given network device of the one or more network devices, wherein the temporary identifier enables an identification of a unique session establishment between the given network device and the RAN as suggested by BJERRUM, this modification would benefit Myron, Pietrzyk for improves efficiency in resource planning in a mobile communication network system. Examiner supplies the same rationale as supplied claim 9. As per claim 10, Myron, Pietrzyk teaches the computer-implemented method of claim 1, BJERRUM teaches wherein the telemetry stream is a network device-centric telemetry stream, and further comprising: tracking a temporary identifier associated with a given network device of the one or more network devices, wherein the temporary identifier enables an identification of a unique device authentication between the given network device and the RAN (para 0168], tracking a temporary identifier associated with a given network device of the one or more network devices, wherein the temporary identifier enables an identification of a unique device authentication between the given network device and the RAN). Examiner supplies the same rationale as supplied claim 9. As per claim 11, Myron, Pietrzyk teaches the computer-implemented method of claim 1, BJERRUM teaches wherein the telemetry stream is a network device-centric telemetry stream, and further comprising: tracking a permanent identifier associated with a given network device of the one or more network devices, wherein the permanent identifier comprises one or more of an International Mobile Equipment Identity (IMEI), an International Mobile Subscriber Identity (IMSI), or a Subscription Concealed Identifier (SUCI) (para 0124], tracking a permanent identifier associated with a given network device of the one or more network devices such as Subscription Concealed Identifier (SUCI)). Examiner supplies the same rationale as supplied claim 9. 5. Claim(s) 16-17, 19, 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Myron, Pietrzyk further view of US PG Pub US 20250106647 A1 to Pateromichelakis et al (hereinafter Pateromichelakis). As per claim 16, Myron, Pietrzyk teaches the computer-implemented method of claim 1, Pateromichelakis teaches wherein a central unit (CU) comprises a CU-control (CU-C) and a CU-user (CU-U), and wherein: the receiving of the data comprises: receiving session establishment data from the CU-C, and receiving device performance data from the CU-U, and the providing of the indication of the potential anomalous activity is based on a correlation of the session establishment data and the device performance data (para 0135], central unit (CU) comprises a CU-control (CU-C) and a CU-user (CU-U), and wherein: the receiving of the data comprises: receiving session establishment data from the CU-C, and receiving device performance data from the CU-U, and the providing of the indication of the potential anomalous activity is based on a correlation of the session establishment data and the device performance data). Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date, to modify the combination system of Myron, Pietrzyk by the receiving of the data comprises: receiving session establishment data from the CU-C, and receiving device performance data from the CU-U, and the providing of the indication of the potential anomalous activity is based on a correlation of the session establishment data and the device performance data as suggested by Pateromichelakis, this modification would benefit Myron, Pietrzyk for reducing complexity in a mobile communication network. As per claim 17, Myron, Pietrzyk teaches the computer-implemented method of claim 1, Pateromichelakis teaches wherein the SD-RAN is an open radio access network (O-RAN) (para 0134], the SD-RAN is an open radio access network (O-RAN) ). Examiner supplies the same rationale as supplied claim 16. As per claim 19, Myron, Pietrzyk teaches the computer-implemented method of claim 18, Pateromichelakis teaches wherein the at least one logical node comprises a Radio Unit (RU), a Distributed Unit (DU), or a Central Unit (CU) (para 0022, comprises radio unit) ((para 0135], wherein the at least one logical node comprises a Radio Unit (RU), a Distributed Unit (DU), or a Central Unit (CU) (para 0022, comprises radio unit) ) Examiner supplies the same rationale as supplied claim 16. As per claim 22, Myron, Pietrzyk teaches the system of claim 21, Pateromichelakis teaches wherein the SD-RAN is an open radio access network (O-RAN) (para 0134], the SD-RAN is an open radio access network (O-RAN) ). Examiner supplies the same rationale as supplied claim 16. 5. Claim(s) 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Myron, Pietrzyk further view of US PG Pub US 20170169217 A1 to Rahaman et al (hereinafter Rahaman). As per claim 15, Myron, Pietrzyk teaches the computer-implemented method of claim 14, Rahaman teaches wherein the application layer is configured based on a Production-Based Expert System Toolset (P-BEST) language (para 0039], application layer is configured based on a Production-Based Expert System Toolset (P-BEST) language). 20170169217 Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date, to modify the combination system of Myron, Pietrzyk by getting re-accessing, by the UE, the network of the first RAT, carrying, by the UE, an update type as ISR synch information or a temporary identity assigned by the network of the second RAT and enabling the network of the first RAT ne to obtain context from the network of the second RAT and updating bearer information as suggested by Rahaman, this modification would benefit Myron, Pietrzyk for enabling a better data handling resource in a mobile communication system. Response to Arguments On page 11 of applicant’s argument regarding claim 1, applicant argues that, “configured to provide radio access and one or more network devices," Myron, Pietrzyk fails to teach, disclose, suggest, or motivate at least "a telemetry stream indicative of potential anomalous activity in the SD-RAN," (emphasis added), as recited in amended claim 1. Accordingly, Myron, Pietrzyk fails to teach, disclose, suggest, or motivate at least "generating, by the computing device and based on the data, a telemetry stream indicative of potential anomalous activity in the SD-RAN," (emphasis added), as recited in amended claim 1.”.Applicant’s argument have been considered but are not persuasive. Myron, Pietrzyk para 0057-0059], fig. 1,4, teaches a mechanism in which a computer which collects data including anomalous data between a base station and one or more network devices that the base station provide radio access, radio access network base station provides the data to a computer. Pietrzyk fig.8A, SD-RAN which provides data access through an E2 interface, it is would obvious to combine the teaching of Myron, Pietrzyk and Pietrzyk for providing a data anomalies between base station and connected devices that provides the information to a computer. Conclusion Prior arts made of record, not relied upon: US Patent Publication US 20190158606 A1; US Patent Publication US 20200412565 A1, US Patent Publication US 20200259896 A1 Applicant's amendment necessitated the new ground(s) of rejection presented inthis Office action. THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANEZ EBRAHIM whose telephone number is (571)270-7153. The examiner can normally be reached on M-F 8 AM to 5 PM If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hassan Phillips can be reached on (571) 272-3940. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ANEZ C EBRAHIM/Primary Examiner, Art Unit 2467
Read full office action

Prosecution Timeline

Nov 21, 2023
Application Filed
Dec 02, 2025
Non-Final Rejection mailed — §103
Feb 27, 2026
Response Filed
Jun 03, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12684416
SYSTEM AND METHOD FOR OFFLOADING DEVICES IN A CELLULAR NETWORK
3y 3m to grant Granted Jul 14, 2026
Patent 12684626
METHOD AND APPARATUS FOR SMALL DATA TRANSMISSION
3y 2m to grant Granted Jul 14, 2026
Patent 12652605
NETWORK ACCESS METHOD, TERMINAL DEVICE, AND NETWORK DEVICE
3y 5m to grant Granted Jun 09, 2026
Patent 12652695
WIRELESS COMMUNICATION METHOD AND APPARATUS, DEVICE, AND STORAGE MEDIUM
2y 5m to grant Granted Jun 09, 2026
Patent 12647988
SIDELINK MINI-SLOT OPERATION IN MODES 1 AND 2
4y 4m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
83%
Grant Probability
91%
With Interview (+7.9%)
2y 10m (~2m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 773 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month