Prosecution Insights
Last updated: July 17, 2026
Application No. 18/591,019

SYSTEMS AND METHODS FOR DETERMINING EFFECTIVENESS OF DATA LOSS PREVENTION TESTING

Non-Final OA §DP
Filed
Feb 29, 2024
Examiner
APONTE, FRANCISCO JAVIER
Art Unit
2151
Tech Center
2100 — Computer Architecture & Software
Assignee
Capital One Services LLC
OA Round
1 (Non-Final)
88%
Grant Probability
Favorable
1-2
OA Rounds
2m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 88% — above average
88%
Career Allowance Rate
542 granted / 615 resolved
+33.1% vs TC avg
Strong +25% interview lift
Without
With
+24.6%
Interview Lift
resolved cases with interview
Typical timeline
2y 6m
Avg Prosecution
11 currently pending
Career history
630
Total Applications
across all art units

Statute-Specific Performance

§101
8.1%
-31.9% vs TC avg
§103
57.9%
+17.9% vs TC avg
§102
12.1%
-27.9% vs TC avg
§112
8.5%
-31.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 615 resolved cases

Office Action

§DP
DETAILED ACTION 1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 2. This communication is in response to the communication filed on 02/29/2024. 3. Claims filed 02/29/2024 have been acknowledged. Claims 1-20 are pending in the application. Double Patenting 4. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Omum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321 (c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to: http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. 5. Claim(s) 1-20 of the instant application are rejected on the ground of non-statutory obviousness type double patenting as being unpatentable over claims 1-20 of U.S. Patent Application No. 19/339,018. Although the claims at issue are not identical, they are not patentably distinct from each other because they are substantially similar in scope and they use the same limitations. This is a provisional non-statutory obviousness type double patenting rejection. Instant Application 18/591,019 Patent Application No. 19/339,018 1. A system comprising: one or more processors; and a memory in communication with the one or more processors and storing instructions that, when executed by the one or more processors, are configured to cause the system to: receive data loss prevention (DLP) sample test data, wherein the DLP sample test data comprises a plurality of data element types; run a plurality of DLP tests utilizing the DLP sample test data by utilizing one or more test channels; identify, for each data element type of the plurality of data element types, an inherent risk measure associated with the data type element; receive DLP test results; determine, based on the DLP test results, a plurality of data element type-channel effectiveness measures, wherein each of the plurality of data element type-channel effectiveness measures comprises an enforcement effectiveness measure and a detection effectiveness measure associated with one of the plurality of data element types tested on one of the one or more test channels; determine, based on the plurality of data element type-channel effectiveness measures and the inherent risk measure associated with each data element type of the plurality of data element types, a plurality of residual risk measures, wherein each of the plurality of residual risk measures represents a residual risk associated with one of the plurality of data element types tested on one of the one or more test channels; and output the plurality of residual risk measures for display via a graphical user interface (GUI) of a user device. 1. A system comprising: one or more processors; and a memory in communication with the one or more processors and storing instructions that, when executed by the one or more processors, are configured to cause the system to: select, based on a request to perform data exfiltration prevention testing, one or more data element types; select, based on the one or more data element types, one or more test data generation programs from a plurality of test data generation programs; generate, using the one or more test data generation programs, a set of test data that comprises sample data of the one or more data element types; and utilize the set of test data to conduct the data exfiltration prevention testing. 10. A system comprising: one or more processors; and a memory in communication with the one or more processors and storing instructions that, when executed by the one or more processors, are configured to cause the system to: identify, for each data element type of a plurality of data element types, an inherent risk measure associated with the data type element; receive data loss prevention (DLP) test results; determine, based on the DLP test results, a plurality of data element type-channel effectiveness measures, wherein each of the plurality of data element type-channel effectiveness measures comprises an enforcement effectiveness measure and a detection effectiveness measure associated with one of the plurality of data element types tested on one of one or more test channels; determine, based on the plurality of data element type-channel effectiveness measures and the inherent risk measure associated with each data element type of the plurality of data element types, a plurality of residual risk measures, wherein each of the plurality of residual risk measures represents a residual risk associated with one of the plurality of data element types tested on one of the one or more test channels; and output the plurality of residual risk measures for display via a graphical user interface (GUI) of a user device. 8. A system comprising: one or more processors; and a memory in communication with the one or more processors and storing instructions that, when executed by the one or more processors, are configured to cause the system to: select, based on a request to perform data exfiltration prevention testing, one or more data element types; select, based on the one or more data element types, one or more test data generation programs from a plurality of test data generation programs; generate, using the one or more test data generation programs, a set of test data that comprises sample data of the one or more data element types; and output the set of test data to a test executor queue for execution of the data exfiltration prevention testing. 15. A system comprising: one or more processors; and a memory in communication with the one or more processors and storing instructions that, when executed by the one or more processors, are configured to cause the system to: receive an indication of a selected data element type and a selected test channel; cause one or more data loss prevention (DLP) tests to be run using the selected test channel and using test data comprising data of the selected data element type; receive DLP test results associated with the one or more DLP tests; determine, based on the DLP test results, an effectiveness measure, wherein the effectiveness measure comprises an enforcement effectiveness measure and a detection effectiveness measure associated with the selected data element type tested on the selected test channel; determine, based on the effectiveness measure and an inherent risk measure associated with the selected data element type, a residual risk measure; and output the residual risk measure for display by a graphical user interface (GUI) of a user device. 15. A system comprising: one or more processors; and a memory in communication with the one or more processors and storing instructions that, when executed by the one or more processors, are configured to cause the system to: select, based on at least a specified data element type, one or more test data generation programs from a plurality of test data generation programs; generate, using the one or more test data generation programs, a set of test data that comprises sample data of the specified data element type; generate one or more test files, wherein each of the one or more test files comprises at least a portion of the set of test data; and transmit the one or more test files via a test channel. Same interpretation for the dependent claims, and the other set of claims. The examiner recognizes that the instant application discloses systems for determining effectiveness of data loss prevention testing. The related US Patent Application No. 19/339,018 includes similar systems for automated generative data loss prevention testing; even though some of the elements are not included on the instant application, one of ordinary skill in the art would recognize that they are functionally similar and not patentably distinct from each other; the claims as presented can be instrumented individually, or in combination without limitations, or without departing from the spirit and scope of the inventions as specified in Applicant’s Specifications. Thus, one of ordinary skill in the art would recognize that the limitations and their differences are obvious variations of the invention defined in the claim of instant application: 18/591,019. Consequently, claims 1-20 are provisionally rejected on the ground of non-statutory obviousness double patenting as being unpatentable over claims stated in the rejection above. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to FRANCISCO JAVIER APONTE whose telephone number is (571)270-7164. The examiner can normally be reached M-F: 8-4. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, James Trujillo can be reached on (571)272-3677. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /FRANCISCO J APONTE/Primary Examiner, Art Unit 2151 05/22/2026.
Read full office action

Prosecution Timeline

Feb 29, 2024
Application Filed
May 28, 2026
Non-Final Rejection mailed — §DP (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12675272
PROCESS FOR AUTOMATICALLY UPGRADING AN OPERATING SYSTEM ON A COMPUTER
3y 1m to grant Granted Jul 07, 2026
Patent 12669985
Compile-Time Checking For Exhaustive Switch Statements And Expressions
2y 9m to grant Granted Jun 30, 2026
Patent 12657117
FAULT SET SELECTION
2y 11m to grant Granted Jun 16, 2026
Patent 12657008
AUTOMATED DATA EXTRACTION PIPELINE FOR LARGE LANGUAGE MODEL TRAINING
2y 10m to grant Granted Jun 16, 2026
Patent 12645435
USING A LARGE LANGUAGE MODEL FOR CODE GENERATION FOR NETWORK ANALYTICS WITH CODING HINTS
2y 9m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
88%
Grant Probability
99%
With Interview (+24.6%)
2y 6m (~2m remaining)
Median Time to Grant
Low
PTA Risk
Based on 615 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month