Office Action Predictor
Last updated: April 16, 2026
Application No. 18/677,800

system and method for detecting cyber-attacks

Final Rejection §101§103
Filed
May 29, 2024
Examiner
WYSZYNSKI, AUBREY H
Art Unit
2434
Tech Center
2400 — Computer Networks
Assignee
Bank Of America Corporation
OA Round
2 (Final)
89%
Grant Probability
Favorable
3-4
OA Rounds
2y 8m
To Grant
99%
With Interview

Examiner Intelligence

Grants 89% — above average
89%
Career Allow Rate
635 granted / 710 resolved
+31.4% vs TC avg
Strong +23% interview lift
Without
With
+22.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
26 currently pending
Career history
736
Total Applications
across all art units

Statute-Specific Performance

§101
11.4%
-28.6% vs TC avg
§103
35.8%
-4.2% vs TC avg
§102
25.0%
-15.0% vs TC avg
§112
8.1%
-31.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 710 resolved cases

Office Action

§101 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments The response of 12/18/25 was received and considered. Claims 1-5, 8-12 and 15-19 are pending. In view of Applicant’s arguments and amendments, filed 12/18/25, with respect to 35 USC 102 have been fully considered and are persuasive. Therefore, the 35 USC 102 rejection of claims 1-20 has been withdrawn. However, upon further consideration, a new ground of rejection is made in view of 35 USC 103 and 35 USC 101. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Step 1: Claims 1-5 are directed towards a system (machine). Claims 8-12 are directed towards a method (process). Claims 15-19 are directed to a non-transitory computer readable medium (manufacture). Step 2A: Prong 1: Judicial Exception. The core concepts of the independent claim are: receiving a request with identity data, gathering data parameters, comparing an “actual value” to an “expected value” and concluding an anomaly occurred, generating a hash value from that data, comparing the generated hash to a previously stored/verified hash, applying a logical rule on the comparison (if no match, determine it’s unauthenticated, generate an alert and stop the process). The courts have consistently held that authenticating a user or verifying identity by comparing data against stored records is an abstract idea. Furthermore, collecting data, performing mathematical operation on it (hashing), and comparing the results are considered as mental processes or mathematical concepts, as they are steps that could conceptually be performed in the human mind or with pen and paper. Prong 2: Practical Application. The claims recite generic computer components: memory and a processor. The processor is performing generic computer functions such as “store”, “detect”, “generate”, “monitor”, “compare” and “stop processing”. The processor is being used as a tool to execute an abstract idea. Step 2B: Inventive Concept. Storing data, generating hashes, monitoring parameters, comparing values, generating alerts and stopping processes are well-understood, routine and conventional activities in the field. As per the dependent claims: Specifying that the system uses “a particular hashing algorithm”. Applying a standard mathematical hashing algorithm is a routine computer function. Storing a verified hash on a blockchain or in a distributed ledger is an abstract idea to a particular technological environment. It is treated as conventional data storage. The claim, as drafted, does not improve upon how the blockchain functions. An NFT is a known digital data structure. Using an NFT for identity verification is limiting the use of the abstract idea to a specific technological context. Data names such as numerical identifiers, file identifiers and device identifiers is classified as data gathering, limiting of generic data fields, and is directed to “insignificant extra-solution activity”, that does not provide an inventive concept. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-5, 8-12 and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over US 2022/0094550 to Keith, JR, and further in view of US 2022/0237501 to Hamerla et al. Regarding claim 1, Keith teaches a system comprising: a memory that stores for each user of a plurality of users, a verified hash key value representing a verified digital identity of the user (paragraph 0354: a 1-way hash and compared to a central analytics password repository (e.g., in the Cloud)); and a processor communicatively coupled to the memory and configured to: detect a request from a first user to perform a data interaction, wherein the request comprises a digital identity associated with the first user, wherein the digital identity associated with the first user comprises a first set of data values associated with a plurality of parameters configured to define the digital identity of the first user (0152: the server (or proxy server) provides a login request with the appropriate credentials, and the backend device accepts the request and allows access to the service, or rejects the request and denies access to the service. In some embodiments, the server sends a hash or other code which identifies the user and indicates the user has been validated/authorized by the server to the backend device, and in some embodiments, the server sends identification information and verification information to the backend device, and the backend device performs the verification/authentication. 0210: a token or a hash is generated using the trust score analytics. In some embodiments, the token is a Non-Fungible Token (NFT). The token is able to be a user's password, facial scan or other acquired data and/or used as a password or otherwise to gain access to a service); generate a first hash key value based at least in part upon the first set of data values; compare the first hash key value to a verified second hash key value associated with the first user, wherein the verified second hash key value is generated based at least in part upon a verified second set of data values associated with the plurality of parameters (0353: The analytics dataset is able to be processed into a 1-way hashing algorithm which, even if exposed, does not expose the actual human analytics data. This 1-way hashed data is then able to be used as a central password repository. The user analytics, processed into the 1-way hash are then able to be compared with the central version to authenticate the identity of the user.); in response to detecting, based on the comparing, that the first hash key value does not match with the verified second hash key value: determine that the digital identity of the first user is not authenticated; generate an alert indicating that the digital identity of the first user is not authenticated; and stop processing of the requested data interaction (Col. 43, claims 6-7: triggering an alert when the information does not match). Keith lacks or does not expressly disclose detect, based on the monitoring, that an actual value of a first parameter of the set of parameters associated with the data interaction is different from an expected value of the first parameter. However, Hamerla discloses monitor a set of parameters associated with processing of the requested data interaction, wherein the set of parameters define a particular type of the data interaction (Fig. 4. And 0062: Flowchart 470 may further include identifying, based on the validity assessment performed in action 475, one or more anomalies in interaction data 124 (action 476).); detect, based on the monitoring, that an actual value of a first parameter of the set of parameters associated with the data interaction is different from an expected value of the first parameter; in response to detecting that the actual value of the first parameter associated with the data interaction is different from the expected value of the first parameter, determine that an anomalous activity has occurred relating to processing of the data interaction; in response to determining that the anomalous activity has occurred relating to processing the data interaction (0062: When sequences of interaction events are logged and obtained front user devices 140a/240a and 140b/240b, for example, and interaction data 124 is conformed to the conforming or same data format, the sequences of interaction events described by interaction data 124 may be vectorized as described above and may be compared to expected-value vectors in order to calculate an anomaly score for each sequence. Such comparisons may be performed based on predefined rules, where expected sequences are also mapped into vectors and a similarity function is applied to compare the expected-value vectors and the vectors generated from the tracked interaction event sequences. For instance, an actual vector that begins with a “video player loading” interaction event may be compared to an expected-value vector that describes what interaction events should follow the video player being loaded. If the measured similarity between the two vectors is below a predetermined threshold, then the tracked sequence of event interactions, or one or more interaction events included in the sequence, may be determined to be anomalous.) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to modify Keith with Hamerla to include monitoring parameters of user interactions, in order to perform a validity assessment of the interaction, as taught by Hamerla, Fig 4. Regarding claim 2, Keith, as modified above, teaches the system of Claim 1, wherein: the verified second hash key value associated with the first user is generated by running a particular hashing algorithm based on the verified second set of data values associated with the plurality of parameters; and the processor is configured to generate the first hash key value by running the particular hashing algorithm based on the first set of data values associated with the plurality of parameters (0353: The analytics dataset is able to be processed into a 1-way hashing algorithm which, even if exposed, does not expose the actual human analytics data. This 1-way hashed data is then able to be used as a central password repository. The user analytics, processed into the 1-way hash are then able to be compared with the central version to authenticate the identity of the user.). Regarding claim 3, Keith, as modified above, teaches the system of Claim 1, wherein the verified second hash key value is stored in a blockchain associated with a blockchain network (0125: blockchain integration and functionality. 0210: the NFT is a unit of data stored on a digital ledger, referred to as a blockchain, that certifies a digital asset to be unique and not interchangeable). Regarding claim 4, Keith, as modified above, teaches the system of Claim 1, wherein the verified second hash key value is associated with a Non-Fungible Token (NFT) that uniquely identifies the digital identity of the first user (Fig. 25 and paragraph 0210: a token or a hash is generated using the trust score analytics. In some embodiments, the token is a Non-Fungible Token (NFT)). Regarding claim 5, Keith, as modified above, teaches the system of Claim 1, wherein the plurality of parameters comprise a registered name of the first user, a numerical identifier assigned to the first user, an identifier associated with a data file managed by the first user, an identifier of a registered user device, or a combination thereof (0446: step S102, the identified user information (e.g., a unique user identifier) is compared with permission information) As per claims 8-12 and 15-19, this is a method and medium version of the claimed system discussed above in claims 1-5 wherein all claimed limitations have also been addressed and/or cited as set forth above. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ALI SHAYANFAR can be reached at 571-270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /AUBREY H WYSZYNSKI/Examiner, Art Unit 2434
Read full office action

Prosecution Timeline

May 29, 2024
Application Filed
Sep 20, 2025
Non-Final Rejection — §101, §103
Dec 18, 2025
Response Filed
Mar 25, 2026
Final Rejection — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12598211
CYBERATTACK SCORING METHOD, CYBERATTACK SCORING APPARATUS, AND COMPUTER READABLE STORAGE MEDIUM STORING INSTRUCTIONS TO PERFORM CYBERATTACK SCORING METHOD
2y 5m to grant Granted Apr 07, 2026
Patent 12592932
METHOD AND SYSTEM FOR AN INTEGRATED PROCESS TO STREAMLINE PRIVILEGED ACCESS MANAGEMENT
2y 5m to grant Granted Mar 31, 2026
Patent 12580964
OPTIMIZATION FOR ACCESS POLICIES IN COMPUTER SYSTEMS
2y 5m to grant Granted Mar 17, 2026
Patent 12580887
SCALABLE FLOW DIFFERENTIATION FOR NETWORKS WITH OVERLAPPING IP ADDRESSES
2y 5m to grant Granted Mar 17, 2026
Patent 12580967
CONTEXTUAL SECURITY POLICY ENGINE FOR COMPUTE NODE CLUSTERS
2y 5m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
89%
Grant Probability
99%
With Interview (+22.9%)
2y 8m
Median Time to Grant
Moderate
PTA Risk
Based on 710 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month