Prosecution Insights
Last updated: July 17, 2026
Application No. 18/531,376

Security Escrow System

Final Rejection §103
Filed
Dec 06, 2023
Examiner
CHANG, TOM Y
Art Unit
2455
Tech Center
2400 — Computer Networks
Assignee
Bank of America Corporation
OA Round
2 (Final)
53%
Grant Probability
Moderate
3-4
OA Rounds
1y 6m
Est. Remaining
74%
With Interview

Examiner Intelligence

Grants 53% of resolved cases
53%
Career Allowance Rate
242 granted / 453 resolved
-4.6% vs TC avg
Strong +20% interview lift
Without
With
+20.5%
Interview Lift
resolved cases with interview
Typical timeline
4y 1m
Avg Prosecution
14 currently pending
Career history
477
Total Applications
across all art units

Statute-Specific Performance

§101
1.7%
-38.3% vs TC avg
§103
86.4%
+46.4% vs TC avg
§102
6.8%
-33.2% vs TC avg
§112
1.5%
-38.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 453 resolved cases

Office Action

§103
CTFR 18/531,376 CTFR 85278 DETAILED ACTION Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. This action is responsive to communication received on 03/12/2026 Claims 1-20 are pending of which claims 1, 5, 6, 9, 13, 14, and 17-19 are amended. The Examiner recommends filing a written authorization for Internet communication in response to the present action. Doing so permits the USPTO to communicate with Applicant using Internet email to schedule interviews or discuss other aspects of the application. Without a written authorization in place, the USPTO cannot respond to Internet correspondence received from Applicant. The preferred method of providing authorization is by filing form PTO/SB/439, available at: https://www.uspto.gov/patent/forms/forms. See MPEP § 502.03 for other methods of providing written authorization. Claim Rejections - 35 USC § 103 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-21-aia AIA Claim s 1-5, 8-13, and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over McCaffery US 11,388,195, and further in view of Shete US 2024/0039954 . Regarding claims 1, 9 and 17, McCaffery teaches a system, method and non-transitory computer readable medium comprising instruction executed by a processor perform the method comprising: a first computing network (vendor network) comprising a first application computing platform exchanging data with a second application computing platform (corporate organization networks) via an application programming interface (API) (vendors devices access the data resources/application of an organization, Col 7 Lines14-39 , the granting of API keys to vendors to access the data implies that API are used for access of data from the vendor to the organization, Col 8 Lines 18-32 ) [Once the information and security criteria associated with the vendor is accessed, the compliance platform 102 can be configured to access one or more databases 108, services, remote computers, or information stores (including remote computer 106), to determine vendor compliance in connection with the information and security criteria. In a particular configuration, such as represented in FIG. 2, the compliance platform 102 is configured by one or more modules to query data stores for data regarding the information security posture of a given vendor (step 208). Such query can be conducted on an on-demand basis, or on a periodic schedule, or some combination thereof. For instance, one or more DNS servers (such as a DNS host server 106A) are queried by the compliance platform 102, or a processor configured by one or more modules thereof. In a particular configuration, the query includes the domain name used by the vendor. The response to the query includes data values corresponding to particular information and security criteria relevant to cybersecurity posture of the vendor. In an alternative configuration, the query parses the web domain such as hosted by web host server 106B) of the vendor for one or more privacy policies or terms of use. In another configuration, the compliance platform queries a vendor website host to determine if the queried website has SSL enabled, the website's DNS security status, and the status of the associated DNS record associated record. , Col 7 Lines14-39] [(27) Depending on a particular outcome of the information and security criteria evaluation of step 210, the compliance platform 102 can be configured to either permit the vendor to access data from a customer-controlled data source or deny access to the customer-controlled data source. For instance, as shown in step 212, where the vendor has been evaluated as compliant with the information and security criteria, the vendor is granted access to customer-controlled data. For example, where a vendor is processing payroll for a customer, upon a determination of compliance, the vendor is given API keys to access the payroll database of a specific customer. In another arrangement, where the vendor is in a pre-existing relationship with the customer, a determination of compliance will cause the access previously granted to the customer data to be maintained., Col 8 Lines 18-32] wherein the first computing network performs operations based on first network security policy information (each vendor implements their own security policies/practices, Col 3 Line 42-62) [(7) More particularly, the systems, methods and computer products described herein are directed to identifying public and/or private information security and other criteria that are relevant to one or more vendors that provide a good or service. The identified information and security criteria are then used to determine the compliance state of a specific vendor. For instance, the vendor operational or information security practices are evaluated against a list of attributes. The results of this evaluation are used to determine if the vendor is compliant with information and security criteria, or a portion thereof, relevant to a customer, agency or other party. By comparing the information security data for a specific vendor against the one or more standards, regulations or policies for information security, an accurate and transparent determination regarding the vendor information security practices can be obtained. Thus, the systems, methods and computer products described are directed to a specific application that allows for rapid assessment of a vendor's information security practices and thus enables customer and vendors to confidently enter into commercial relationships therewith. , Col 3 Line 42-62] a second computing network comprising the second application computing platform, wherein the API controls data exchange to and from the second application computing platform) (vendors devices access the data resources/application of an organization, Col 7 Lines14-39 , the granting of API keys to vendors to access the data implies that API are used for access of data from the vendor to the organization, Col 8 Lines 18-32 ) a security escrow computing system (security compliance platform) comprising: a processor; and memory storing computer-readable instructions that, when executed by the processor, cause the security escrow computing system to: receive, from the second computing network, second network security policy information associated with the second computing network (security criteria/rules from a organization is received by the compliance platform, the system determines a vendor’s compliance to such criteria/rules, Col 11 Lines 8-23) [(42) More generally, in one or more implementations, at least one computing device can determine, based at least on an evaluation of the first and second subsets, whether the vendor is in compliance or is out of compliance with the information and security criteria. For example, vendor may be out of compliance with one or more specific aspects of the information and security criteria (e.g., a respective firewall setting), but is in compliance with all other respective aspects. Based on the organization's history or specific rules set forth in a profile or other resource, the vendor may be in compliance with the organization's overall hiring rules under the information and security criteria, notwithstanding the vendor not complying with one or more aspects. Alternatively, one or more additional rules can be implemented, such as timeframes for a vendor to be brought into compliance with one or more of the various aspects., Col 11 Lines 8-23] generate, based on analysis of the second network security policy information, a user interface screen comprising information identifying whether the first network security policy information complies with the second network security policy information (screen displayed with status of compliance determination results, Col 10 Lines 4-12 ) [(37) FIG. 10 illustrates an example data entry display screen 1000 that provides a table showing information associated with vendor policy. For example, information is provided to show whether there is appropriate regulation compliance or whether there are applicable privacy or other regulations that are being followed by a respective vendor. As with display screens 700 and 800, information is provided in display screen 1000 to identify a type, status, inquiry, results, notes, and relevance/next steps. Col 10 Lines 4-12] and set, automatically and based on a first level of compliance, a flag indicating whether the first application computing platform is allowed to access data from the second application computing platform via the API, wherein API function calls are enabled or disabled, wherein data exchange between the first application computing platform and the second application computing platform is enabled or disabled based on the flag (vendor is flagged as compliant noncompliant, Col 4 Lines 25-44, API keys to access resources are granted to enable access to API or revoked to disable access, API keys imply control of the use of the API and its respective function calls, Col8 Lines 18-45) [(9) Based on results of an evaluation data, such as returned from one or more executed queries, a vendor can be flagged as compliant or non-compliant with customer specific, industry specific, or mandated information security practices. Likewise, specific shortcomings in connection with a vendor's non-compliance can be identified and one or more processes can be implemented to resolve such non-compliance. Such processes can depend, for example, on the degree and severity of respective non-compliance. For example, automatic notification procedures can be implemented to resolve non-compliance. More aggressive actions, such as to automatically implement corrective measures, can be taken in other contexts. For example, specific details associated with a status of non-compliance of the vendor can be used to revoke or temporally suspend the vendor's access pending one or more remediation actions. In a further example illustrating an extreme case, a vendor may be determined to be non-compliant and a domain name reference to the vendor is deleted or altered to as to prevent public access to the network domain of a non-compliant vendor. Col 4 Lines 25-44] [(27) Depending on a particular outcome of the information and security criteria evaluation of step 210, the compliance platform 102 can be configured to either permit the vendor to access data from a customer-controlled data source or deny access to the customer-controlled data source. For instance, as shown in step 212, where the vendor has been evaluated as compliant with the information and security criteria, the vendor is granted access to customer-controlled data. For example, where a vendor is processing payroll for a customer, upon a determination of compliance, the vendor is given API keys to access the payroll database of a specific customer. In another arrangement, where the vendor is in a pre-existing relationship with the customer, a determination of compliance will cause the access previously granted to the customer data to be maintained. Col8 Lines 18-32] [(28) In an alternative configuration, where the evaluation of the information and security criteria indicates that a vendor is non-compliant with the one or more information and security criteria, the vendor can be denied access to the customer-controlled data, as in step 214. For instance, the compliance platform 102 is configured to revoke API keys associated with a vendor that is non-compliant. In an alternative configuration, the compliance platform 102 causes the DNS registration or domain access of the vendor to be suspended. Alternatively, the compliance platform 102 is configured to disable public access to the vendor domain until a subsequent evaluation indicates that the vendor is complaint with all the information and security criteria. Col 8 Line 33-45] McCaffrey teaches generating a third user interface screen showing automatically generated mitigation measures (Col 8 Lines 48-62) but does not teach how such automatically generated migration measure are derived. Thus McCaffrey does not teach generate, based on an indication of non-compliance, a third user interface screen showing automatically generated mitigation measures based on learned compatibility information aggregated from a plurality of sources. Shete in the same field of endeavor as the invention teaches a system for vulnerability analysis and remediation. Shete teaches teach generate, based on an indication of non-compliance, a third user interface screen showing automatically generated mitigation measures based on learned compatibility information aggregated from a plurality of sources. [0258] A process of the present disclosure may include detecting one or more cybersecurity risk factors associated with the organization to determine a risk posture of the organization. The process may include attaining one or more remediation recommendations for enabling a person associated with the organization to select one or more actions for mitigating the one or more cybersecurity risk factors and improving the risk posture of the organization. The action of attaining the remediation recommendations may include retrieving known solutions from the data store 208 or determining recommended actions based on algorithms, techniques, Machine Learning (ML) models, etc. The process may include communicating display information to a user device associated with the organization, where the display information may include data regarding at least the one or more cybersecurity risk factors and the one or more remediation recommendations to be exhibited on a GUI of the user device. It would have been obvious to a person of ordinary skill in the art before the effective filing of the invention to modify McCaffrey with retrieving known solution to for remediating vulnerability/security issues from a data store as taught by Shete. The reason for this modification would be to provide a way to generate recommended remediation actions using known solution leading to quicker resolution of security compliance violations. Regarding claims 2 and 10, McCaffery teaches wherein a first user interface screen generated by the security escrow computing system comprises compliance information identifying one of a compliance indication, a partial compliance indication, and a non-compliance indication ( vendor can be flagged s compliant or non-complaint access being revoked to non-compliant status, Col 4 Lines 25-44, fig.6) . [(9) Based on results of an evaluation data, such as returned from one or more executed queries, a vendor can be flagged as compliant or non-compliant with customer specific, industry specific, or mandated information security practices. Likewise, specific shortcomings in connection with a vendor's non-compliance can be identified and one or more processes can be implemented to resolve such non-compliance. Such processes can depend, for example, on the degree and severity of respective non-compliance. For example, automatic notification procedures can be implemented to resolve non-compliance. More aggressive actions, such as to automatically implement corrective measures, can be taken in other contexts. For example, specific details associated with a status of non-compliance of the vendor can be used to revoke or temporally suspend the vendor's access pending one or more remediation actions. In a further example illustrating an extreme case, a vendor may be determined to be non-compliant and a domain name reference to the vendor is deleted or altered to as to prevent public access to the network domain of a non-compliant vendor. Col 4 Lines 25-44] Regarding claims 3 and 11, McCaffery teaches wherein enabling the flag enables data exchange via the API when a first level of compliance indicates that the first network security policy complies with the second network security policy ( vendor can be flagged s compliant or non-complaint access being granted to compliant status, Col 8 Lines 18-32) . [(27) Depending on a particular outcome of the information and security criteria evaluation of step 210, the compliance platform 102 can be configured to either permit the vendor to access data from a customer-controlled data source or deny access to the customer-controlled data source. For instance, as shown in step 212, where the vendor has been evaluated as compliant with the information and security criteria, the vendor is granted access to customer-controlled data. For example, where a vendor is processing payroll for a customer, upon a determination of compliance, the vendor is given API keys to access the payroll database of a specific customer. In another arrangement, where the vendor is in a pre-existing relationship with the customer, a determination of compliance will cause the access previously granted to the customer data to be maintained. Col 8 Lines 18-32] Regarding claims 4 and 12, McCaffery teaches wherein disabling the flag disables data exchange via the API when a first level of compliance indicates that the first network security policy fails to comply with the second network security policy ( vendor can be flagged non-complaint with access being revoked on non-compliant status, Col 4 Lines 25-44,) . [(9) Based on results of an evaluation data, such as returned from one or more executed queries, a vendor can be flagged as compliant or non-compliant with customer specific, industry specific, or mandated information security practices. Likewise, specific shortcomings in connection with a vendor's non-compliance can be identified and one or more processes can be implemented to resolve such non-compliance. Such processes can depend, for example, on the degree and severity of respective non-compliance. For example, automatic notification procedures can be implemented to resolve non-compliance. More aggressive actions, such as to automatically implement corrective measures, can be taken in other contexts. For example, specific details associated with a status of non-compliance of the vendor can be used to revoke or temporally suspend the vendor's access pending one or more remediation actions. In a further example illustrating an extreme case, a vendor may be determined to be non-compliant and a domain name reference to the vendor is deleted or altered to as to prevent public access to the network domain of a non-compliant vendor. Col 4 Lines 25-44] Regarding claims 5, 13 and 18, McCafery teaches wherein a first user interface screen generated by the security escrow computing system comprises compliance information comprising a compliance indication, a partial compliance indication, and a non-compliance indication and wherein the flag comprises a parameter that corresponds to a range of compliance levels between the first network security policy and the second network security policy (compliance status can be provided to vendors and organizations served by vendors, multiple degrees of severity can be flagged i.e. indicated and displayed Col 8 Lines 8-17, Col 4 Lines 25-44, see also Fig 5 ) wherein the instructions cause the security escrow computing platform to cause display, on a user device associated with the second computing network, the user interface screen. between the first network security policy fails to comply with the second network security policy ( status of multiple degrees/severity of non-compliance determined and displayed, vendor can be flagged non-complaint with access being revoked on non-compliant status, Col 4 Lines 25-44, see Fig. 6 ) . [(9) Based on results of an evaluation data, such as returned from one or more executed queries, a vendor can be flagged as compliant or non-compliant with customer specific, industry specific, or mandated information security practices. Likewise, specific shortcomings in connection with a vendor's non-compliance can be identified and one or more processes can be implemented to resolve such non-compliance. Such processes can depend, for example, on the degree and severity of respective non-compliance. For example, automatic notification procedures can be implemented to resolve non-compliance. More aggressive actions, such as to automatically implement corrective measures, can be taken in other contexts. For example, specific details associated with a status of non-compliance of the vendor can be used to revoke or temporally suspend the vendor's access pending one or more remediation actions. In a further example illustrating an extreme case, a vendor may be determined to be non-compliant and a domain name reference to the vendor is deleted or altered to as to prevent public access to the network domain of a non-compliant vendor. Col 4 Lines 25-44] Regarding claims 8 and 16, McCaffery teaches wherein the instructions further cause the security escrow computing system to predict, whether the first network security policy may be subject to security vulnerabilities and, based on a security vulnerability prediction, enable or disable API function calls (non-compliance to security policy by the vender poses a risk of data breaches, access to data is disabled in response, Col6 Lines 30-48, Col6 Lines 30-48) [(19) Moreover, policy management criteria can include information relating to the existence and or compliance of a vendor with one or more operational policies that the vendor has drafted or implemented. For example, the policy management criteria include information representing a determination vendor compliance with one or more terms of service or terms of use, privacy policy, data use policy, customer agreement and end-user license agreement. The present application includes one or more implementations that are focused heavily on supporting privacy of information, including as a function of various technical and policy-based security measures. Moreover, the present application can include one or more modules to evaluate whether a website is properly collecting consent from its users, whether membership is in place for third-party privacy monitoring (e.g., PRIVACY SHIELD), whether and how many data breaches have [(28) In an alternative configuration, where the evaluation of the information and security criteria indicates that a vendor is non-compliant with the one or more information and security criteria, the vendor can be denied access to the customer-controlled data, as in step 214. For instance, the compliance platform 102 is configured to revoke API keys associated with a vendor that is non-compliant. In an alternative configuration, the compliance platform 102 causes the DNS registration or domain access of the vendor to be suspended. Alternatively, the compliance platform 102 is configured to disable public access to the vendor domain until a subsequent evaluation indicates that the vendor is complaint with all the information and security criteria. Col 8 Line 33-45]occurred or that a vendor has had, and whether alerts can be timely provided in response to new breaches. Col6 Lines 30-48] 07-22-aia AIA Claim s 6-7 and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over McCaffery/Shete as applied to claim s 5 and 13 above, and further in view of Girdhar US 2021/0089978 . Regarding claims 6 and 14, Mccafrey teaches wherein the user interface screen comprises a selectable option associated with the partial compliance indicator and the non-compliance indicator to display a second user interface screen but does not teach a network map( interactive interface presented to user and vendor where additional information can be displayed on selection, Col 8 Line 8-17, Figs 5-11 showing interactive elements display of more information related to compliance i.e. fig. 5 view, fig 7 relevance/next steps gui items) [(26) The results of the information and security criteria evaluation can be stored and made accessible to a customer, agency or other interested party. For example, a customer wishing to execute a contract with a given vendor is provided an interactive graphical user interface that indicates the evaluated information and security criteria, the vendor's compliance state relative to the evaluated information and security criteria, the relevance of the information and security criteria evaluated, and any comments, notes or metadata associated therewith. Col 8 Line 8-17] Thus McCaffery/Shete do not teach a second user interface screen comprising a network map. Girdhar in the same field of endeavor as the invention teaches a system for vendor security risk assessment. Girdhar teaches teach a second user interface screen comprising a network map (¶50, fig 6 showing subsystems(application, network, organization) of a vendor network as it related to security compliance) [0050] FIG. 6 is an exemplary user interface 600 of a dashboard showing a set of monitored objectives for an organizational entity, according to some embodiments. The interface 600 shows three categories, namely Application Security, Network Security, and Organizational Security, each in a respective sub-window 602, 604 and 606, respectively. Each category includes a set of monitored software components. The Application Security category, as shown in the sub-window 602, includes the objectives Dependency Screening, Code Analysis, Software Development Life Cycle, Change Management, and Data Encryption. In this example, the organizational entity has only connected a third-party vendor component for the Dependency Scanning objective. Therefore, the interface 600 includes a pie chart showing a status of only 25% active (only ¼ objectives are connected). As described herein, such a status is just an illustrative example of a risk score, and it should be appreciated that various calculations and metrics can be used without departing from the spirit of the techniques described herein. The Network Security category, as shown in sub-window 604, includes the objectives Identity & Access Management, Vulnerability Scan, Intrusion Detection, Infrastructure Security, and IT Operations Management. In this example, the organizational entity has connected software application components for all of the objectives besides IT Operations Management. Therefore, the interface 600 shows a status of 80% active ( ⅘ objectives are connected). The Organization Security category, as shown in sub-window 606, includes the objectives Endpoint Protection, Vendor Risk Management, Background, and Mobile Management. In this example, the organizational entity has connected software application components for the Endpoint Protection and Vendor Risk Management objectives. Therefore, the interface 600 shows a status of 50% active ( 2/4 objectives are connected). It would have been obvious to a person of ordinary skill in the art at the time of the effective filing of the instant application to modify McCaffery/Walstad with displaying a network map of system compliance as taught by Girdhar. The reason for this modification would be to provide a more informative view of what aspects of the network are non-compliant so actions may be taken to resolve the non-compliance. Regarding claims 7 and 15, Girdhar teaches wherein the network map comprises an indication of a network subsystem of the first computing network that fails to comply with the second network security policy (¶50, fig 6 showing subsystems(application, network, organization) of a vendor network as it related to security compliance) Applicant Remarks Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Prior Art Cited But Not Used In The Rejection US 2021/0014256 - AUTOMATED INTELLIGENT DETECTION AND MITIGATION OF CYBER SECURITY THREATS. Conclusion 07-40 AIA Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL . See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tom Y. Chang whose telephone number is 571-270-5938. The examiner can normally be reached on Monday-Friday from 9am to 5pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise, can be reached on (571)272-3865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from Patent Center. Status information for published applications may be obtained from Patent Center. Status information for unpublished applications is available through Patent Center for authorized users only. Should you have questions about access to Patent Center, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form. /TOM Y CHANG/ Primary Examiner, Art Unit 2455 Application/Control Number: 18/531,376 Page 2 Art Unit: 2455 Application/Control Number: 18/531,376 Page 3 Art Unit: 2455 Application/Control Number: 18/531,376 Page 4 Art Unit: 2455 Application/Control Number: 18/531,376 Page 5 Art Unit: 2455 Application/Control Number: 18/531,376 Page 6 Art Unit: 2455 Application/Control Number: 18/531,376 Page 7 Art Unit: 2455 Application/Control Number: 18/531,376 Page 8 Art Unit: 2455 Application/Control Number: 18/531,376 Page 9 Art Unit: 2455 Application/Control Number: 18/531,376 Page 10 Art Unit: 2455 Application/Control Number: 18/531,376 Page 11 Art Unit: 2455 Application/Control Number: 18/531,376 Page 12 Art Unit: 2455 Application/Control Number: 18/531,376 Page 13 Art Unit: 2455
Read full office action

Prosecution Timeline

Dec 06, 2023
Application Filed
Dec 12, 2025
Non-Final Rejection mailed — §103
Mar 12, 2026
Response Filed
Jun 03, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12627665
ADMITTING AN ENTITY COMPUTING DEVICE TO A NETWORK BASED ON A SIGNAL STRENGTH AND NETWORK CONDITIONS
2y 9m to grant Granted May 12, 2026
Patent 12547828
TRAFFIC-BASED GPU LOAD ROUTING WITHIN LLM CLUSTERS
2y 0m to grant Granted Feb 10, 2026
Patent 12542838
METHODS, DEVICES, AND SYSTEMS FOR DETERMINING A SUBSET FOR AUTONOMOUS SHARING OF DIGITAL MEDIA
1y 11m to grant Granted Feb 03, 2026
Patent 12536243
SYSTEM AND METHOD FOR URL FETCHING RETRY MECHANISM
2y 9m to grant Granted Jan 27, 2026
Patent 12524490
SYSTEM AND METHOD FOR URL FETCHING RETRY MECHANISM
2y 8m to grant Granted Jan 13, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
53%
Grant Probability
74%
With Interview (+20.5%)
4y 1m (~1y 6m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 453 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month