Prosecution Insights
Last updated: July 17, 2026
Application No. 18/680,921

AI-ENABLED DEVICE OWNERSHIP IDENTIFICATION FOR SECURING NATIONWIDE CRITICAL INFRASTRUCTURE SYSTEMS

Final Rejection §101§103
Filed
May 31, 2024
Examiner
BROWN, CHRISTOPHER J
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Palo Alto Networks Inc.
OA Round
2 (Final)
75%
Grant Probability
Favorable
3-4
OA Rounds
1y 3m
Est. Remaining
88%
With Interview

Examiner Intelligence

Grants 75% — above average
75%
Career Allowance Rate
536 granted / 711 resolved
+17.4% vs TC avg
Moderate +13% lift
Without
With
+13.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
34 currently pending
Career history
753
Total Applications
across all art units

Statute-Specific Performance

§101
0.5%
-39.5% vs TC avg
§103
92.8%
+52.8% vs TC avg
§102
3.5%
-36.5% vs TC avg
§112
1.3%
-38.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 711 resolved cases

Office Action

§101 §103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed 1/16/26 have been fully considered but they are not persuasive. Applicant argues that the art of the prior office action fails to teach “enrich the vulnerable devices with sector, location, and POC information including “collect meta information”. It is unclear based on the claim limitations, including the reading the specification, how “enriching” a vulnerable device would include “collecting meta information”. Applicant has added the limitation “meta information”. It is unclear if the term “meta” has any narrowing limitation or is just a precursor for the information collected. Examiner asserts that if one interprets “enriching” as, sending data to a vulnerable device, then this would be counter to “collecting” data, as collected data from a vulnerable device would not be “enriching” the device. The claim language a whole is not clear. It is also unclear, that if the data is not collected from vulnerable devices, then where this metadata *is* collected from. Applicant includes a “sector model”, “HQ location model” and “point of contact model” as novel features. It is unclear, even from the specification, what would be required to anticipate these claimed limitations as it is not well understood in the art what constitutes a “critical infrastructure sector model”, a “HQ location model” , or a “POC model”. Examiner argues that the prior art relied upon incorporates at minimum an “HQ location model” as it discovers the location of devices in a geographic sector. Examiner points to use of CVE alerts as used in the prior art as “critical” vulnerabilities and thus anticipate critical digital infrastructure issues. Examiner points to use of “a POC model” in the prior art as the alert sent includes contact information for services (to enrich the device). In the alternate, the POC information retrieved for the device is an IP address because the alert is sent to said device and an address to send the device an alert would be required. Examiner encourages Applicant to request a telephone interview in order to expedite prosecution. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected. The claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) utilizing an LLM to discover device ownership and send data to devices. Step2A Prong One: The claims recite determining vulnerability data about devices, learning device ownership, and sending further information to said devices. The learning of data, and sending of data maybe done by a human being and is a mental process. Step2A Prong Two: The claims implement an LLM on a generic computer that does not significantly improve the technology. The claims as stated do not significantly improve the art and therefore do not amount to significantly more than the judicial exception. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 3-8, 10-15, 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Benefield US 2025/0267162 in view of Dhakshanamoorthy US 12,333,622 As per claims 1, 8, 15 Benefield teaches A system, comprising: a processor configured to: discover vulnerable devices across a plurality of networks; automatically identify device owners; including extracting CI, HQ, and POC metadata [0015]-[0018] [0038]-[0043] (identifies vulnerable devices across networks, identifies owners and sends reports to owners with vulnerability information, and remediation) (IP address, owner identity, critical vulnerability information, mapping software information, hardware information, dependencies, IP address, MAC address, fingerprint, location, vulnerability data, contact information) Benefield does not teach an LLM. Dhakshanamoothy teaches automatically identify device owners using a large-language model (LLM)and automatically enrich the discovered vulnerable devices with sector, location, and point of contact (POC) information; and a memory coupled to the processor and configured to provide the processor with instructions. (Column 10 line 39 to Column 11 line 8) (Column 11 lines 22-26) (Column 18 lines 15-44) (teaches using AI/NLP to determine user devices to notify devices, including instructions, sector, location and contact information) Dhakshanamoorthy teaches the system of claim 1, wherein the processor is further configured to: execute a point of contact model, a headquarters location model, and a sector model to facilitate automatically enriching the discovered vulnerable devices comprising collecting metadata that includes with the sector, location and POC information. (Column 10 line 39 to Column 11 line 8) (Column 11 lines 22-26) (Column 18 lines 15-44) (teaches using AI/NLP to determine user devices to notify devices, based on point of contact, including instructions, sector, location and contact information) (real time AI and NLP engine, keyword extraction, severity, alert to appropriate devices including their address, GPS location, critical alert, contact information for users) It would have been obvious to one of ordinary skill in the art to use the teaching of Dhakshanamoothy with the prior are because it promotes more efficient emergency response. As per claims 3, 10, 17. Benefield teaches the system of claim 1, wherein the LLM is prompted to facilitate identifying the device owners. [0015]-[0018] [0038]-[0043] (identify asset owners) Dhakshanamoothy teaches automatically identify device owners using a large-language model (LLM) (Column 10 line 39 to Column 11 line 8) (Column 11 lines 22-26) (Column 18 lines 15-44) (teaches using AI/NLP to determine user devices to notify devices, including instructions, sector, location and contact information) As per claims 4, 11, 18. Benefield teaches the system of claim 1, wherein the LLM is prompted to facilitate identifying the device owners including instructions to prioritize predetermined information for identifying the device owners. [0015]-[0018] [0038]-[0043] (identify asset owners and prioritize alerts/vulnerability alerts based on prioritization) Dhakshanamoothy teaches automatically identify device owners using a large-language model (LLM) (Column 10 line 39 to Column 11 line 8) (Column 11 lines 22-26) (Column 18 lines 15-44) (teaches using AI/NLP to determine user devices to notify devices, including instructions, sector, location and contact information) As per claims 5, 12, 19. Benefield teaches the system of claim 1, wherein the processor is further configured to: generate an output that includes a plurality of fields including device information, IP address, location information, device owner information, and POC information. [0041][0043][0067] (teaches the variety of contact/owner IP address information) As per claims 6, 13, 20. Benefield teaches the system of claim 1, wherein the processor is further configured to: execute an asset owner model to facilitate identifying the device owners. [0015]-[0018] [0038]-[0043] (identify asset owners and prioritize alerts/vulnerability alerts based on prioritization) Claim(s) 2, 9, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Benefield US 2025/0267162 in view of Dhakshanamoorthy US 12,333,622 in view of Cosgrove US 2020/0394305 As per claims 2, 9, 16. Dhakshanamoorthy teaches a national response. (Column 18 lines 34-38) (national alert system) Cosgrove teaches the system of claim 1, wherein nationwide incident response to known exploited vulnerabilities is performed using the discovered vulnerable devices, the identified device owners, and enriched information associated with the discovered vulnerable devices, wherein the enriched information includes certificate or domain registration information associated with the identified device owners. [0044][0103] (teaches update and distribution to remediate and notify of threats including pushing new certificate information) It would have been obvious to one of ordinary skill in the art at the time the invention was field to use the teaching of Cosgrove with the prior art because it promotes efficient threat management. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

May 31, 2024
Application Filed
Aug 20, 2024
Response after Non-Final Action
Sep 24, 2025
Non-Final Rejection mailed — §101, §103
Jan 16, 2026
Response Filed
May 12, 2026
Final Rejection mailed — §101, §103
Jul 09, 2026
Applicant Interview (Telephonic)
Jul 09, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12652290
CYBER SECURITY FOR SOFTWARE-AS-A-SERVICE FACTORING RISK
5y 3m to grant Granted Jun 09, 2026
Patent 12652315
REMOTE MONITORING OF A SECURITY OPERATIONS CENTER (SOC)
3y 8m to grant Granted Jun 09, 2026
Patent 12641111
Automated Security Analysis of Software Libraries
2y 5m to grant Granted May 26, 2026
Patent 12621339
SYSTEM AND METHOD FOR PROVIDING SECURITY POSTURE MANAGEMENT FOR AI APPLICATIONS
2y 5m to grant Granted May 05, 2026
Patent 12615280
DETECTING POLYMORPHIC BOTNETS USING AN IMAGE RECOGNITION PLATFORM
2y 9m to grant Granted Apr 28, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
75%
Grant Probability
88%
With Interview (+13.0%)
3y 5m (~1y 3m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 711 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month