Office Action Predictor
Last updated: April 16, 2026
Application No. 18/645,921

GENERATING ENHANCED DESCRIPTIONS OF DETECTED NETWORK EVENTS FOR EFFICIENT HUMAN INTERPRETATION AND RESPONSE

Final Rejection §101§103§112
Filed
Apr 25, 2024
Examiner
SISON, JUNE Y
Art Unit
2455
Tech Center
2400 — Computer Networks
Assignee
Vectra Ai, INC.
OA Round
2 (Final)
68%
Grant Probability
Favorable
3-4
OA Rounds
3y 3m
To Grant
99%
With Interview

Examiner Intelligence

Grants 68% — above average
68%
Career Allow Rate
316 granted / 461 resolved
+10.5% vs TC avg
Strong +32% interview lift
Without
With
+32.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 3m
Avg Prosecution
20 currently pending
Career history
481
Total Applications
across all art units

Statute-Specific Performance

§101
16.7%
-23.3% vs TC avg
§103
52.7%
+12.7% vs TC avg
§102
4.8%
-35.2% vs TC avg
§112
14.6%
-25.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 461 resolved cases

Office Action

§101 §103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Remarks This communication is considered fully responsive to the Amendment filed on 9/12/25. 101 rejection is maintained. See details below. Response to Arguments Applicant’s 9/12/25 arguments with respect to claims have been considered but are moot in view of new ground(s) of rejection. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The independent claim(s) 1, 19 and 20 recite(s) a method, system and medium (step 1) for analyzing a plurality of alerts or notifications generated in response to a detected network event on a private network using an artificial intelligence based framework of an external service that provides network and security operations to the private network (see IFW title: “GENERATING ENHANCED DESCRIPTIONS OF DETECTED NETWORK EVENTS FOR EFFICIENT HUMAN INTERPRETATION AND RESPONSE” [0045-49]; PGPub [0045-49] - artificial intelligence (AI) or machine learning (ML) framework or architecture for generating an enhanced description of detected network event(s) for more efficient human interpretation and response); generating a summary of the detected network event using the artificial intelligence based framework of the external service that comprises a more concise description of the detected network event than the plurality of alerts or notifications generated in response to the detected network event; and providing the summary of the detected network event to a user of the private network, wherein the summary of the detected network event facilitates more efficient interpretation and response than the plurality of alerts or notifications generated in response to the detected network (see IFW [0045-49]; PGPub [0045-49] - automates alert analysis and summary or report generation, eliminating the need for human analysis ... employs one or more language models to automatically aggregate, format and enrich presentation of event data in a single summary that enables a user to more efficiently interpret and respond to alerts generated by network and security operations platform for a detected event ... provides various useful features that collectively facilitate improved human understanding of network performance and security events in a monitored network ... framework provides enhancement of context ... that is, one or more appropriate tags, labels, and metadata are identified and associated with a detected network event or generated summary or report thereto to provide additional context to users, aiding in understanding of event significance and potential impact ... that is, users are provided with clear, actionable insights into and recommendations for detected events, enabling more informed decisions and more effective responses to identified issues ... generated summary or report presented in natural language and with terminology understandable to target user ... generated summary or report may be specifically tailored to various stakeholders responsible ... such as network operations experts, network security experts, chief information security officer etc with different versions of the summaries or reports generated for different types of users). If claim limitation(s), under broadest reasonable interpretation, covers performance of the limitations automating human activity and/or performance in the mind but for the recitation of generic “computer hardware”, then it falls within the “certain methods of organizing human activity” and/or “mental processes”. Accordingly, the claim(s) recites an abstract idea (Step 2A Prong One). This judicial exception is not integrated into a practical application because the additional elements of “a memory coupled to the processor” and “computer program product embodied in a non-transitory computer readable medium” amounts to no more than mere instructions to apply the exception using generic computer component claimed at a high-level of abstraction. That is, the additional elements are not an improvement in the functioning of a computer or other technology, they do not implement the judicial exception with a particular machine integral to the claim(s), and they do not use the judicial exception in some meaningful way beyond generally linking the use of the judicial exception to a particular technological environment of a computer. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim(s) as a whole, looking at the elements individually and in combination, does not integrate the abstract idea into a practical application. Furthermore, IFW specification amended claims 1, 8, 18, 19 and 20; IFW [0013-15;26-27;29-31; 44-49;51;55;57] recite the artificial intelligence based framework empowers users to make more informed decisions and respond more efficiently to detected network issues, improving overall network performance and security (IFW [0049]) is not a technological improvement but, rather, “automates” otherwise manual human processes of “stakeholders” and/or other users. Accordingly, the claim(s) recite an abstract idea. (Step 2A Prong Two, Step 2B). The claim(s) is/are not patent eligible. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. The term(s)/ phrase(s) “more concise” and “more efficient” in claims 1, 19 and 20 is/are a relative term(s)/ phrase(s) which renders the claim(s) indefinite. The term(s)/phrase(s) “more concise” and “more efficient” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. Specifically, IFW [0045-46;49] merely discloses “more concise” and “more efficient” without providing more to ascertain the requisite degree of “more concise” and “more efficient” and, therefore, the metes and bounds of claims are indefinite. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-11 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Publication No. 2020/0137118 to Lyon et al. (“Lyon”) in view of U.S. Patent Publication No. 2020/0021607 to Muddu et al. (“Muddu”). As to claim 1, Lyon discloses a method (Lyon: fig 1-6; claims 19-20: system comprising a processor ... memory coupled to processor to provide processor instructions ... product embodied in non-transitory medium), comprising: analyzing a plurality of alerts or notifications generated in response to a detected network event on a private network using an artificial intelligence based framework of an external service that provides network and security operations to the private network (Lyon: fig 1-6, [0004-54]: fig 1-3 ... step 202 302 data is received from one or more nodes of a private enterprise network by a network and security operations service that is external to the private network such as a distributed cloud-based service such as network and security operations platform 100 of fig 1 (... on a private network using ... framework of an external service that provides network and security operations to the private network) ... at step 204 304 the data received is processed and analyzed ... at step 306, a security event in the private network is detected from analyzing the data at step 304 (analyzing a plurality of alerts or notifications generated in response to a detected network event ...), for example, the security event may be associated with a DDoS attack, bot or botnet, unauthorized data extraction, port scan, enumeration attempt, repeated login, etc [0034-35; 39-41] ... fig 4 ... a robot (bot) representing network and security operations 400 provides an interface to network and security operations 400 ( ... using an artificial intelligence based framework) in a chat or channel of a team messaging application or service 404 via which members of one or more teams 406 communication with each other [0045]). Lyon did not explicitly disclose generating a summary of the detected network event using the artificial intelligence based framework of the external service that comprises a more concise description of the detected network event than the plurality of alerts or notifications generated in response to the detected network event. Muddu discloses generating a summary of the detected network event using the artificial intelligence based framework of the external service that comprises a more concise description of the detected network event than the plurality of alerts or notifications generated in response to the detected network event (Muddu: fig 1-85, [0009-226;270-515]: ... the security platform can be deployed at any of various locations ... in the case of cloud-based application where an organization may rely on internet-based computer servers for data storage and processing, at least part of the security platform can be implemented, for example, at cloud-based servers ... additionally or alternatively, the security platform can be implemented in a private network but nonetheless receive/monitor events that occur on the cloud-based servers. In some embodiments, the security platform can monitor a hybrid of both intranet and cloud-based network traffic. (see with [0195;270] - ... using the artificial intelligence based framework of the external service ...) [0141] ... various data connectors 802 employed by security platform supports various data sources e.g. data directly from a machine at which an event occurs, data from a third-party provider e.g. threat feeds such as Norce, or messages from AWS, CloudTrail or data from a distributed file system HDFS ... ... enables the security platform to obtain machine data from various different sources (see with [0141;270] - ... using the artificial intelligence based framework of the external service that comprises ... description(s) of the detected network event(s) ... the plurality of alerts or notifications generated in response to the detected network event(s)) 0195] ... machine learning- (ML-) based complex event processing (CEP) engine (artificial intelligence based framework) that provides a mechanism to process data from multiple sources in a target computer network to derive anomaly-related or threat-related conclusions in real-time so that an appropriate response can be formulated prior to escalation (see with [0141;195] - comprises ... description(s) of the detected network event(s) ... the plurality of alerts or notifications generated in response to the detected network event(s)) [0270] ... and see figs 33-51, for example, fig 38 block 3830 acquire anomaly data indicative of a plurality of security-related anomalies detected from event data ... block 3840 condense (a summary) the computer activities in the event-specific relationship graph into combined computer network activities (generating a summary of the detected network event ...) ... block 3850 combine event-specific relationship graphs for the plurality of events with anomaly data (of the detected network event ... the plurality of alerts or notifications generated in response to the detected network event) into a composite (a more concise description) relationship graph (see with [0141;195;270] - generating a summary of the detected network event using the artificial intelligence based framework of the external service that comprises a more concise description of the detected network event than the plurality of alerts or notifications generated in response to the detected network event)). Lyon and Muddu are analogous art because they are from the same field of endeavor with respect to machine learning models. Before the effective filing date, for AIA , it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Muddu into the method by Lyon. The suggestion/motivation would have been to provide machine learning- (ML-) based complex event processing (CEP) engine (artificial intelligence based framework) that provides a mechanism to process data from multiple sources in a target computer network to derive anomaly-related or threat-related conclusions in real-time so that an appropriate response can be formulated prior to escalation (Muddu: [0270]). Lyon and Muddu further disclose providing the summary of the detected network event to a user of the private network (Muddu: fig 1-85, [0009-226;270-515]:... the security platform can be deployed at any of various locations ... in the case of cloud-based application where an organization may rely on internet-based computer servers for data storage and processing, at least part of the security platform can be implemented, for example, at cloud-based servers ... additionally or alternatively, the security platform can be implemented in a private network but nonetheless receive/monitor events that occur on the cloud-based servers. In some embodiments, the security platform can monitor a hybrid of both intranet and cloud-based network traffic. (see with fig 39 & [0195;270; 451-452] - providing the summary of the detected network event to a user of the private network) [0141] ... fig 39 ... home screen view 3900 may include a summary status bar 3911 (providing the summary of the detected network event(s)) indicating, for example, the number of threats (providing the summary of the detected network event), anomalies (providing the summary of the detected network event), total users (providing the summary of the detected network event), total devices (providing the summary of the detected network event), total apps (providing the summary of the detected network event) and total sessions (providing the summary of the detected network event) on the network being monitored ... the summary status bar can enable the GUI user to see, at a glance, the volume of information that can be reviewed and evaluated (see with fig 39 & [0195;270; 452] - providing the summary of the detected network event to a user of the private network) [0451])., wherein the summary of the detected network event facilitates more efficient interpretation and response than the plurality of alerts or notifications generated in response to the detected network event based on the analyzed event data (Muddu: fig 1-85, [0009-226;270-515]: see fig 33-51 and example fig 40 given below (marked up by examiner) ... the summary status bar can enable the GUI user to see, at a glance, the volume of information that can be reviewed and evaluated (see with fig 39 & 40 [0195;270; 452-457] - wherein the summary of the detected network event facilitates more efficient interpretation and response than the plurality of alerts or notifications generated in response to the detected network event(s) based on the analyzed event(s) data) [451] ... fig 40A ... “threats review’ view 4000 can additionally include status chart 4004 that provides timeline, list of anomalies, list of users, list of devices, list of apps and a suggestion of “what next” and see fig 40 given below “What next” lists ‘collect more information for users involved and investigate their activities. Disable the account of user’ (see with fig 39 [0195;270; 451-455;457] - wherein the summary of the detected network event facilitates more efficient interpretation and response than the plurality of alerts or notifications generated in response to the detected network event(s) based on the analyzed event(s) data) [0456]). MUDDU - Figure 40 – MARKED UP BY EXAMINER PNG media_image1.png 674 1018 media_image1.png Greyscale Same motivation applies as mentioned above to make the proposed modification. As to claim 2, Lyon and Muddu disclose wherein the detected network event on the private network comprises a network performance event (Lyon: fig 1-6, [0004-54]: fig 1-3 ... step 202 302 data is received from one or more nodes of a private enterprise network by a network and security operations service that is external to the private network such as a distributed cloud-based service such as network and security operations platform 100 of fig 1 (wherein the detected network event on the private network ...) [0034] ... algorithms 112 identify network performance and security events such as anomalies, failures, threats, attacks, etc in data 106 and generate appropriate alerts (... comprises a network performance event) [0026]). For motivation, see rejection of claim 1. As to claim 3, Lyon and Muddu disclose wherein the detected network event on the private network comprises a network security event (Lyon: fig 1-6, [0004-54]: fig 1-3 ... step 202 302 data is received from one or more nodes of a private enterprise network by a network and security operations service that is external to the private network (wherein the detected network event on the private network ...) such as a distributed cloud-based service such as network and security operations platform 100 of fig 1 [0034] ... algorithms 112 identify network performance and security events such as anomalies, failures, threats, attacks, etc in data 106 and generate appropriate alerts (... comprises a network security event) [0026]). For motivation, see rejection of claim 1. As to claim 4, Lyon and Muddu disclose wherein the detected network event is based on real-time data reception from the private network at the external service (Lyon: fig 1-6, [0004-54]: fig 1-3 ... step 202 302 data is received from one or more nodes of a private enterprise network by a network and security operations service that is external to the private network such as a distributed cloud-based service such as network and security operations platform (... from the private network at the external service) 100 of fig 1 [0034] ... algorithms 112 identify network performance and security events such as anomalies, failures, threats, attacks, etc in data 106 and generate appropriate alerts ... real-time and/or historic monitoring and analysis of received data performed by a set of one or more network and/or security algorithms (wherein the detected network event is based on real-time data reception ...) [0026]). For motivation, see rejection of claim 1. As to claim 5, Lyon and Muddu disclose wherein the detected network event is based on post-processing of stored data of the private network at the external service (Lyon: fig 1-6, [0004-54]: fig 1-3 ... step 202 302 data is received from one or more nodes of a private enterprise network by a network and security operations service that is external to the private network such as a distributed cloud-based service such as network and security operations platform (... of the private network at the external service) 100 of fig 1 [0034] ... algorithms 112 identify network performance and security events such as anomalies, failures, threats, attacks, etc in data 106 and generate appropriate alerts ... real-time and/or historic (post-processing of stored data) monitoring and analysis of received data performed by a set of one or more network and/or security algorithms (wherein the detected network event is based on post-processing of stored data ...) [0026]). For motivation, see rejection of claim 1. As to claim 6, see similar rejection to claims 1-5 where the system is taught by the system. As to claim 6, Lyon and Muddu further disclose wherein the generated summary of the detected network event comprises a report of the detected network event (Muddu: fig 1-85, [0009-226;270-515]: see fig 46F given below (marked up by examiner) ... fig 46f is a second example of an anomaly details view ... includes a summary section identifying anomaly by type (fig 46F machine generated beacon), event date (July 27 2024 4:36pm) and a short description ‘detected beaconing with irregular period’ [0488-491]). For motivation, see rejection of claim 1. MUDDU: Figure 46F – MARKED UP BY EXAMINER PNG media_image2.png 700 916 media_image2.png Greyscale As to claim 7, see similar rejection to claims 1-6. As to claim 7, Lyon and Muddu further disclose wherein the generated summary of the detected network event comprises insights associated with the detected network event (Muddu: fig 1-85, [0009-226;270-515]: ... a data processing and analytics system, and a security platform, that employs a variety of techniques and mechanisms for anomalous activity detection in a networked environment in ways that are more insightful and scalable than the conventional techniques [0137]). For motivation, see rejection of claim 1. As to claim 8, see similar rejection to claims 1-7. As to claim 8, Lyon and Muddu further disclose wherein the generated summary of the detected network event comprises recommendations associated with remediating the detected network event (Muddu: fig 1-85, [0009-226;270-515]: and see fig 40 given above “What next” (recommendations associated with remediating the detected network event) recommends ‘collect more information for users involved and investigate their activities. Disable the account of user’). For motivation, see rejection of claim 1. As to claim 9, see similar rejection to claims 1-8. As to claim 9, Lyon and Muddu further disclose wherein the generated summary of the detected network event comprises a single alert associated with the detected network event (Muddu: fig 1-85, [0009-226;270-515]: see fig 46C single alert given below ... fig includes a summary section 4651 identifying anomaly by type (‘unusual AD activity’), event date (Jan 2 2014 10:10pm) and a short description ‘an unusual event appeared for this account login ...’ [0488]). For motivation, see rejection of claim 1. MUDDU: Figure 46C PNG media_image3.png 760 892 media_image3.png Greyscale As to claim 10, see similar rejection to claims 1-9. As to claim 10, Lyon and Muddu further disclose wherein the generated summary of the detected network event comprises a master or super alert associated with the detected network event (Muddu: fig 1-85, [0009-226;270-515]: see figs 50B & 51 examples of a master or super alert associated with the detected network event given below ... GUI generates a “threats geo map” 5020 in fig 50B depicts, on a globe, each identified threat as a circle on the map at the threat’s location ... each circle designating a threat is color-coded according to the score associated with the threat for example, threat 5023 is yellow color, indicating threat is minor – see reference table at 5026 – whereas threat 5028 in China may be orange, indicating threat is major [0511] ... GUI generates “analytics dashboard” 5100 as shown in fig 51 and this dashboard represents several charts and other graphics similar to those shown in other figures including ‘threats by threat type’ ‘anomalies by anomaly type’ ‘latest threats’ and ‘latest anomalies’ [0515]). For motivation, see rejection of claim 1. MUDDU: Figure 50B PNG media_image4.png 688 942 media_image4.png Greyscale MUDDU: Figure 51 PNG media_image5.png 662 988 media_image5.png Greyscale As to claim 11, see similar rejection to claims 1-10. As to claim 11, Lyon and Muddu further disclose wherein the generated summary of the detected network event comprises a tag or label that describes the detected network event (Lyon: fig 1-6, [0004-54]: ... received data 106 and/or parts thereof analyzed for network security events, indexed for searchability, optionally enriched or tagged with applicable metadata or tags such as security business and/or performance details and/or stored in associated databases 110 [0025]; Muddu: fig 1-85, [0009-226;270-515]: fig 40A & 44A ... GUI provides a bubble 4400 prompting user to tag a threat with ‘threat watchlist’ ‘false’ ‘positive’ ‘important’ ‘reviewed’ save for later’ or define a category for tagging ... the tag remains associated with the threat [0476] ... event feature sets can be labeled with event view labels corresponding to the event views and ML-based CEP engine 1500 can select event feature sets based on event view labels of the event feature sets e.g. selecting only feature sets based on event view labels corresponding to the event view ... organize selected event feature sets and provide format/bind at least a subset of features within the selected feature sets to a preferred data structure for a model-related process thread of the model type [0292]). For motivation, see rejection of claim 1. As to claim 19-20, see similar rejection to claim 1 where the system and medium, respectively, is/are taught by the method. Claims 12-18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Publication No. 2020/0137118 to Lyon et al. (“Lyon”) in view of U.S. Patent Publication No. 2020/0021607 to Muddu et al. (“Muddu”) and further in view of U.S. Patent Publication No. 2019/0260764 to Humphrey et al. (“Humphrey”) [IDS 10/9/24]. As to claim 12, Lyon and Muddu disclose the system of claim 1. For motivation, see rejection of claim 1. Lyon did not explicitly disclose wherein the artificial intelligence based framework of the external service comprises one or more natural language processing (NLP) models. Humphrey discloses wherein the artificial intelligence based framework of the external service comprises one or more natural language processing (NLP) models (Humphrey: fig 1- 7, [0009-137]: ... autonomous report composer cooperates with natural language processing engine to assess overall coherence of generated output and, thus, the natural language processing engine analyzes (... comprises one or more natural language processing (NLP) models) the composed sentences pulled from libraries and populated with relevant data to check for human understandability and whether the composed sentences would make sense to a human ready [0039] ... fig 3 illustrates the AI cyber-security analyst plugging in as an appliance platform to protect the system (the artificial intelligence based framework of the external service ...) [0011] .. gatherer module consists of multiple automatic data gatherers ... data relevant to each type of possible hypothesis will be automatically pulled from additional external and internal sources (see with [0011] - the artificial intelligence based framework of the external service ...) [0089]). Lyon Muddu and Humphrey are analogous art because they are from the same field of endeavor with respect to security and threat intelligence. Before the effective filing date, for AIA , it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Humphrey into the method by Lyon and Muddu. The suggestion/motivation would have been to provide an autonomous report composer and machine learning models compose a type of report on cyber threats that is composed of human-readable format with natural language prose, terminology and level of detail on the cyber threats aimed at a target audience (Humphrey: [0020]). As to claim 13, Lyon Muddu and Humphrey disclose wherein the artificial intelligence based framework of the external service comprises one or more large language models (LLMs ) (Lyon: fig 1-6, [0004-54]: fig 1-3 ... step 202 302 data is received from one or more nodes of a private enterprise network by a network and security operations service that is external to the private network such as a distributed cloud-based service such as network and security operations platform 100 of fig 1 (... on a private network using ... the artificial intelligence based framework of the external service) [0034] ... fig 4 ... a robot (bot) (one or more large language models (LLMs)) representing network and security operations 400 provides an interface to network and security operations 400 (see with [0034] - the artificial intelligence based framework of the external service comprises ...) in a chat or channel of a team messaging application or service 404 via which members of one or more teams 406 communication with each other [0045]). For motivation, see rejection of claim 12. As to claim 14, Lyon Muddu and Humphrey disclose wherein the artificial intelligence based framework of the external service is trained at least in part on domain knowledge associated with network and security operations (Humphrey: fig 1-7, [0009-137]: analyzer module uses one or more AI models trained through complex machine-learning techniques on a behavior and input of how a plurality of human cyber security analysts make a decision (... is trained at least in part on domain knowledge associated with network and security operations) and analyze a risk level regarding and a probability of a potential cyber threat ... AI model learns how expert humans tackle investigations into specific real and synthesized cyber threats (... is trained at least in part on domain knowledge associated with network and security operations) [0090] ... fig 3 illustrates the AI cyber-security analyst plugging in as an appliance platform to protect the system (the artificial intelligence based framework of the external service ...) [0011] .. gatherer module consists of multiple automatic data gatherers ... data relevant to each type of possible hypothesis will be automatically pulled from additional external and internal sources (see with [0011] - the artificial intelligence based framework of the external service ...) [0089]). For motivation, see rejection of claim 12. As to claim 15, Lyon Muddu and Humphrey disclose wherein the artificial intelligence based framework of the external service is trained at least in part on network specific data that specifies infrastructures of one or more networks (Lyon: fig 1-6, [0004-54]: fig 1-3 ... step 202 302 data is received from one or more nodes of a private enterprise network by a network and security operations service that is external to the private network such as a distributed cloud-based service such as network and security operations platform 100 of fig 1 (... on a private network using ... wherein the artificial intelligence based framework of the external service ...) [0034] ... output automatically generated that facilitates modifying routing performed by at least one or more nodes of a private network (... network specific data that specifies infrastructures of one or more networks) ... in response to detecting a network performance or security event, at step 204 output generated by rules engine maps a detected event to an action according to one or more rules (see with [0034] - the artificial intelligence based framework of the external service is trained ...) ... the output facilitates route filtering, manipulation and/or modification in the private network nodes (... at least in part on network specific data that specifies infrastructures of one or more networks) [0036]). For motivation, see rejection of claim 12. As to claim 16, Lyon Muddu and Humphrey disclose wherein the artificial intelligence based framework of the external service is trained at least in part on network and security event data associated with one or more networks (Lyon: fig 1-6, [0004-54]: fig 1-3 ... step 202 302 data is received from one or more nodes of a private enterprise network by a network and security operations service that is external to the private network such as a distributed cloud-based service such as network and security operations platform 100 of fig 1 (... on a private network using ... wherein the artificial intelligence based framework of the external service ...) [0034] ... output automatically generated that facilitates modifying routing performed by at least one or more nodes of a private network ... in response to detecting a network performance or security event, at step 204 output generated by rules engine maps a detected event to an action according to one or more rules (see with [0034] - wherein the artificial intelligence based framework of the external service is trained at least in part on network and security event data associated with one or more networks) ... the output facilitates route filtering, manipulation and/or modification in the private network nodes [0036]). For motivation, see rejection of claim 12. As to claim 17, Lyon Muddu and Humphrey disclose wherein the artificial intelligence based framework comprises an external, cloud-based service that is external to a private network with which the detected network event is associated (Lyon: fig 1-6, [0004-54]: fig 1-3 ... step 202 302 data is received from one or more nodes of a private enterprise network by a network and security operations service that is external to the private network such as a distributed cloud-based service such as network and security operations platform 100 of fig 1 [0034]). For motivation, see rejection of claim 12. As to claim 18, Lyon Muddu and Humphrey disclose wherein the summary of the detected network event is customized to the user of the private network.(Lyon: fig 1-6, [0004-54]: fig 1 ... portal 118 provides a customizable dashboard with user interface elements and tools for identifying, processing, analyzing, displaying and generally comprehending real-time and historical information associated with the monitored network 102 [0030] ... that is, network and security operations platform 100 has a comprehensive view across multiple private networks, and, thus, the benefit of being able to more quickly and automatically learn and identify similar events and patterns and respond with appropriate actions (see with [0030] - wherein the summary of the detected network event is customized to the user of the private network) [0021]). For motivation, see rejection of claim 12. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUNE SISON whose telephone number is (571)270-5693. The examiner can normally be reached 9:00 am - 5:00 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached at 571-272-3865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JUNE SISON/Primary Examiner, Art Unit 2455
Read full office action

Prosecution Timeline

Apr 25, 2024
Application Filed
Jun 10, 2025
Non-Final Rejection — §101, §103, §112
Sep 11, 2025
Applicant Interview (Telephonic)
Sep 11, 2025
Examiner Interview Summary
Sep 12, 2025
Response Filed
Oct 02, 2025
Final Rejection — §101, §103, §112
Apr 13, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12592896
METHOD AND APPARATUS FOR QUALITY OF SERVICE ASSURANCE FOR WEBRTC SESSIONS IN 5G NETWORKS
2y 5m to grant Granted Mar 31, 2026
Patent 12592982
INFORMATION PROCESSING DEVICE AND STORAGE MEDIUM
2y 5m to grant Granted Mar 31, 2026
Patent 12587585
SYSTEM, METHOD, AND STORAGE MEDIUM OF DISTRIBUTED EDGE COMPUTING FOR COOPERATIVE AUGMENTED REALITY WITH MOBILE SENSING CAPABILITY
2y 5m to grant Granted Mar 24, 2026
Patent 12580829
SERVICE ORCHESTRATION IN A COMMUNICATION INFRASTRUCTURE WITH DIFFERENT NETWORK DOMAINS
2y 5m to grant Granted Mar 17, 2026
Patent 12531937
COMMUNICATION APPARATUS, METHOD, AND PROGRAM
2y 5m to grant Granted Jan 20, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
68%
Grant Probability
99%
With Interview (+32.1%)
3y 3m
Median Time to Grant
Moderate
PTA Risk
Based on 461 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month