Office Action Predictor
Last updated: April 16, 2026
Application No. 18/701,290

DETERMINATION SYSTEM, DETERMINATION METHOD, AND RECORDING MEDIUM

Non-Final OA §101§102§103§112
Filed
Apr 15, 2024
Examiner
RONI, SYED A
Art Unit
2432
Tech Center
2400 — Computer Networks
Assignee
Nec Corporation
OA Round
1 (Non-Final)
82%
Grant Probability
Favorable
1-2
OA Rounds
2y 9m
To Grant
95%
With Interview

Examiner Intelligence

Grants 82% — above average
82%
Career Allow Rate
537 granted / 655 resolved
+24.0% vs TC avg
Moderate +13% lift
Without
With
+13.4%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
26 currently pending
Career history
681
Total Applications
across all art units

Statute-Specific Performance

§101
14.5%
-25.5% vs TC avg
§103
33.1%
-6.9% vs TC avg
§102
31.2%
-8.8% vs TC avg
§112
10.9%
-29.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 655 resolved cases

Office Action

§101 §102 §103 §112
DETAILED ACTION Authorization for Internet Communications The examiner encourages Applicant to submit an authorization to communicate with the examiner via the Internet by making the following statement (from MPEP 502.03): “Recognizing that Internet communications are not secure, I hereby authorize the USPTO to communicate with the undersigned and practitioners in accordance with 37 CFR 1.33 and 37 CFR 1.34 concerning any subject matter of this application by video conferencing, instant messaging, or electronic mail. I understand that a copy of these communications will be made of record in the application file.” Please note that the above statement can only be submitted via Central Fax (not Examiner's Fax), Regular postal mail, or EFS Web using PTO/SB/439. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on 04/15/2024 is being considered by the examiner. Claim Objections Claims 5, 11 and 17 are objected to because of the following informalities: Regarding claims 5, 11, and 17; the limitations “the count” lacks proper antecedent basis. Regarding claim 17; there appears to be a typographical error “The determination” of -- the determination --. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 3 – 4, 6, 9 – 10, 12, 15 – 16 and 18 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. The term “severity degree” in claims 3, 4, 9, 10, 15 and 16 is a relative term which renders the claim indefinite. The term “severity degree” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree i.e., does not provide objective boundaries or criteria for determining what constitutes a particular severity (i.e., CVSS, vendor scoring, heuristic scoring, or user defined policies), and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. Claims 4, 10, and 16 are dependent claims and thus also rejected. For the purpose of the following rejection, the Examiner interpreted the claims on their merit. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1 - 18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., an abstract idea) without reciting significantly more. Regarding claims 1 - 18, the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. For example, Claim(s) 7 is directed to an abstract idea because the claims recite mental processes and certain methods of organizing human activity. The steps of “receiving a first inspection result that is a result of a first inspection for vulnerability of target software; receiving a second inspection result that is a result of a second inspection for vulnerability of the target software; determining validity of the first inspection from an undetected vulnerability that is a vulnerability detected in a result of the second inspection and not detected in a result of the first inspection; and outputting a result of determination of the validity” are performed by collecting information, analyzing it and displaying certain results of the collection and analysis (Electric Power Group). The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements i.e., “processor”, “memory” (claim 1) are simply a generic recitation of a computer. The claims amounts to no more than performing an abstract idea by using a computer. Taking the elements both individually and as a combination, the computer components in the claims perform purely generic computer functions. Thus, the claim as a whole does not amount to significantly more than the abstract idea itself. Accordingly, the above claims are ineligible. Claims 1 and 13 are system and product claims of the abstract method claim 7. Claims 2 – 6, 8 – 12 and 14 – 18 further limit the abstract idea with abstract idea itself and/or add pre/post extra solution activities and thus do no amount to significantly more than the abstract idea. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1 – 5, 7 – 11 and 13 – 17 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by BOBROV et al., (US 2023/0021226 A1) (hereinafter “BOBROV”). BOBROV discloses; Regarding claim 1, a determination system [i.e., a system configured to manage multiple software scanning tool (see ref. 100 of figure 1), (page 1, para 0012)] comprising: at least one memory storing a set of instructions [i.e., the system comprises a memory (see ref. 134 figure 1), (page 5, para 0040)]; and at least one processor configured to execute the set of instructions [the system comprises a processor (see ref. 128 of figure 1), (page 5, para 0040)] to: receive a first inspection result that is a result of a first inspection of vulnerability of target software [i.e., receive, from the first scanning tool, a first scanning tool output that identifies a first issue of the software target (see ref. 530 of figure 5), (page 8, para 0071) i.e., the scanning tool identify three instances of a vulnerability in a portion of the software under test 108 (page 4, para 0032), (see figure 1)]; receive a second inspection result that is a result of a second inspection of vulnerability of the target software [i.e., receive, from the second scanning tool, a second scanning tool output that identifies a second issue of the software target (see ref. 540 of figure 5), (page 8, para 0071) i.e., different scanning tools analyzing the same portion of the software under test 108 (page 4, para 0032), (see figure 1)]; determine validity of the first inspection from undetected vulnerability that is vulnerability detected in the result of the second inspection and not detected in the result of the first inspection [i.e., compare the scanning tool output…determine whether the issues identified by the additional scanning tools are different than the issues identified by the first scanning tool (page 7, para 0067) i.e., scanning the same portion of the software with more than one scanning tool of the same type to determine the strength and weakness in identifying issues and vulnerabilities in software (page 2, para 0020) i.e., the scanning tool identify three instances of the same vulnerability in the portion of the software under test 108. A different scanning tool identify four instances of the same vulnerability in the portion of the software under test 108 (page 4, para 0032), (see figure 1) Note; determining strength or weakness of the first scanner by comparing the first scanner output with the second scanner output to find out undetected vulnerabilities by the first scanner is same as determining correctness, reliability or trustworthiness i.e., validity]; and output a result of determination of the validity [i.e., the scanning tool output analyzer 122 output a issue notification 124 that indicates the synthetic issues and status of the synthetic issues (see figure 1), (page 4, para 0034), (page 7, para 0067)]. Regarding claim 2, the determination system according to claim 1, wherein the at least one processor is further configured to execute the instructions to determine the validity from a count of the undetected vulnerability [i.e., the scanning tool identify three instances of the same vulnerability in the portion of the software under test 108. A different scanning tool identify four instances of the same vulnerability in the portion of the software under test 108 (page 4, para 0032), (see figure 1)]. Regarding claim 3, the determination system according to claim 2, wherein the at least one processor is further configured to execute the instructions to determine the validity from the count of the undetected vulnerability whose severity degree representing severity is higher than a predetermined severity degree [i.e., the scanning tool output analyzer 122 classify the issues according to the severity of the issue (page 7, para 0058), (see figure 1) i.e., the output of the scanning tool includes a severity of each vulnerability (page 6, para 0053), (page 5, para 0044)]. Regarding claim 4, the determination system according to claim 3, wherein the at least one processor is further configured to execute the instructions to determine the validity from the count for each severity degree of the undetected vulnerability [i.e., the scanning tool output analyzer 122 classify the issues according to the severity of the issue (page 7, para 0058), (see figure 1) i.e., the output of the scanning tool includes a severity of each vulnerability (page 6, para 0053), (page 5, para 0044) i.e., compare the scanning tool output…determine whether the issues identified by the additional scanning tools are different than the issues identified by the first scanning tool (page 7, para 0067) i.e., the scanning tool identify three instances of the same vulnerability in the portion of the software under test 108. A different scanning tool identify four instances of the same vulnerability in the portion of the software under test 108 (page 4, para 0032), (see figure 1)]. Regarding claim 5, the determination system according claim 1, wherein the at least one processor is further configured to execute the instructions to determine the validity from the count for each type of the undetected vulnerability [i.e., compare the scanning tool output…determine whether the issues identified by the additional scanning tools are different than the issues identified by the first scanning tool (page 7, para 0067) i.e., the scanning tool identify three instances of the same vulnerability in the portion of the software under test 108. A different scanning tool identify four instances of the same vulnerability in the portion of the software under test 108 (page 4, para 0032), (see figure 1)]. Regarding claim 7, a determination method comprising: receiving a first inspection result that is a result of a first inspection for vulnerability of target software [i.e., receive, from the first scanning tool, a first scanning tool output that identifies a first issue of the software target (see ref. 530 of figure 5), (page 8, para 0071) i.e., the scanning tool identify three instances of a vulnerability in a portion of the software under test 108 (page 4, para 0032), (see figure 1)]; receiving a second inspection result that is a result of a second inspection of vulnerability of the target software [i.e., receive, from the second scanning tool, a second scanning tool output that identifies a second issue of the software target (see ref. 540 of figure 5), (page 8, para 0071) i.e., different scanning tools analyzing the same portion of the software under test 108 (page 4, para 0032), (see figure 1)]; determining validity of the first inspection from undetected vulnerability that is vulnerability detected in the result of the second inspection and not detected in the result of the first inspection [i.e., compare the scanning tool output…determine whether the issues identified by the additional scanning tools are different than the issues identified by the first scanning tool (page 7, para 0067) i.e., scanning the same portion of the software with more than one scanning tool of the same type to determine the strength and weakness in identifying issues and vulnerabilities in software (page 2, para 0020) i.e., the scanning tool identify three instances of the same vulnerability in the portion of the software under test 108. A different scanning tool identify four instances of the same vulnerability in the portion of the software under test 108 (page 4, para 0032), (see figure 1) Note; determining strength or weakness of the first scanner by comparing the first scanner output with the second scanner output to find out undetected vulnerabilities by the first scanner is same as determining correctness, reliability or trustworthiness i.e., validity]; and outputting a result of determination of the validity [i.e., the scanning tool output analyzer 122 output a issue notification 124 that indicates the synthetic issues and status of the synthetic issues (see figure 1), (page 4, para 0034), (page 7, para 0067)]. Regarding claim 8, the determination method according to claim 7, further comprising determining the validity from a count of the undetected vulnerability [i.e., the scanning tool identify three instances of the same vulnerability in the portion of the software under test 108. A different scanning tool identify four instances of the same vulnerability in the portion of the software under test 108 (page 4, para 0032), (see figure 1)]. Regarding claim 9, the determination method according to claim 8, further comprising determining the validity from the count of the undetected vulnerability whose severity degree representing severity is higher than a predetermined severity degree [i.e., the scanning tool output analyzer 122 classify the issues according to the severity of the issue (page 7, para 0058), (see figure 1) i.e., the output of the scanning tool includes a severity of each vulnerability (page 6, para 0053), (page 5, para 0044)]. Regarding claim 10, the determination method according to claim 9, further comprising determining the validity from the count for each severity degree of the undetected vulnerability [i.e., the scanning tool output analyzer 122 classify the issues according to the severity of the issue (page 7, para 0058), (see figure 1) i.e., the output of the scanning tool includes a severity of each vulnerability (page 6, para 0053), (page 5, para 0044) i.e., compare the scanning tool output…determine whether the issues identified by the additional scanning tools are different than the issues identified by the first scanning tool (page 7, para 0067) i.e., the scanning tool identify three instances of the same vulnerability in the portion of the software under test 108. A different scanning tool identify four instances of the same vulnerability in the portion of the software under test 108 (page 4, para 0032), (see figure 1)]. Regarding claim 11, the determination method according to claim 7, further comprising determining the validity from the count for each type of the undetected vulnerability [i.e., compare the scanning tool output…determine whether the issues identified by the additional scanning tools are different than the issues identified by the first scanning tool (page 7, para 0067) i.e., the scanning tool identify three instances of the same vulnerability in the portion of the software under test 108. A different scanning tool identify four instances of the same vulnerability in the portion of the software under test 108 (page 4, para 0032), (see figure 1)]. Regarding claim 13, a non-transitory computer readable storage medium storing a program for causing a computer to execute [i.e., the system comprises a memory (see ref. 134 figure 1), (page 5, para 0040)]: first result reception processing of receiving a first inspection result that is a result of a first inspection of vulnerability of target software [i.e., the server 106 receive, from the first scanning tool, a first scanning tool output that identifies a first issue of the software target (see ref. 530 of figure 5 and figure 1), (page 8, para 0071) i.e., the scanning tool identify three instances of a vulnerability in a portion of the software under test 108 (page 4, para 0032), (see figure 1)]; second result reception processing of receiving a second inspection result that is a result of a second inspection of the vulnerability of the target software [i.e., the server 106 receive, from the second scanning tool, a second scanning tool output that identifies a second issue of the software target (see ref. 540 of figure 5 and figure 1), (page 8, para 0071) i.e., different scanning tools analyzing the same portion of the software under test 108 (page 4, para 0032), (see figure 1)]; determination processing of determining a validity of the first inspection from undetected vulnerability that is the vulnerability detected in the result of the second inspection and not detected in the result of the first inspection [i.e., the server 106 compare the scanning tool output…determine whether the issues identified by the additional scanning tools are different than the issues identified by the first scanning tool (page 7, para 0067) i.e., scanning the same portion of the software with more than one scanning tool of the same type to determine the strength and weakness in identifying issues and vulnerabilities in software (page 2, para 0020) i.e., the scanning tool identify three instances of the same vulnerability in the portion of the software under test 108. A different scanning tool identify four instances of the same vulnerability in the portion of the software under test 108 (page 4, para 0032), (see figure 1) Note; determining strength or weakness of the first scanner by comparing the first scanner output with the second scanner output to find out undetected vulnerabilities by the first scanner is same as determining correctness, reliability or trustworthiness i.e., validity]; and output processing of outputting the result of the determination of the validity [i.e., the scanning tool output analyzer 122 output a issue notification 124 that indicates the synthetic issues and status of the synthetic issues (see figure 1), (page 4, para 0034), (page 7, para 0067)]. Regarding claim 14, the non-transitory computer readable storage medium according to claim 13, wherein the determination processing determines the validity from a count of the undetected vulnerability [i.e., the scanning tool identify three instances of the same vulnerability in the portion of the software under test 108. A different scanning tool identify four instances of the same vulnerability in the portion of the software under test 108 (page 4, para 0032), (see figure 1)]. Regarding claim 15, the non-transitory computer readable storage medium according to claim 14, wherein the determination processing determines the validity from the count of the undetected vulnerability whose severity degree representing severity is higher than a predetermined severity degree [i.e., the scanning tool output analyzer 122 classify the issues according to the severity of the issue (page 7, para 0058), (see figure 1) i.e., the output of the scanning tool includes a severity of each vulnerability (page 6, para 0053), (page 5, para 0044)]. Regarding claim 16, the non-transitory computer readable storage medium according to claim 15, wherein the determination processing determines the validity from the count for each severity degree of the undetected vulnerability [i.e., the scanning tool output analyzer 122 classify the issues according to the severity of the issue (page 7, para 0058), (see figure 1) i.e., the output of the scanning tool includes a severity of each vulnerability (page 6, para 0053), (page 5, para 0044) i.e., compare the scanning tool output…determine whether the issues identified by the additional scanning tools are different than the issues identified by the first scanning tool (page 7, para 0067) i.e., the scanning tool identify three instances of the same vulnerability in the portion of the software under test 108. A different scanning tool identify four instances of the same vulnerability in the portion of the software under test 108 (page 4, para 0032), (see figure 1)]. Regarding claim 17, the non-transitory computer readable storage medium according to claim 13, wherein The determination processing determines the validity from the count for each type of the undetected vulnerability [i.e., compare the scanning tool output…determine whether the issues identified by the additional scanning tools are different than the issues identified by the first scanning tool (page 7, para 0067) i.e., the scanning tool identify three instances of the same vulnerability in the portion of the software under test 108. A different scanning tool identify four instances of the same vulnerability in the portion of the software under test 108 (page 4, para 0032), (see figure 1)]. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 6, 12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over BOBROV in view of Groeneveld et al., (US 6,981,151 B1) (hereinafter “Groeneveld”). Regarding claim 6, BOBROV discloses; the determination system according to claim 1, further comprising information storage that stores the target software [i.e., the memory 134 store the software under text 108 (page 5, para 0042), (see figure 1)] and authenticity information of the target software [i.e., credentials associated with software copy (page 2, para 0022), (see figure 1)], wherein the at least one processor is further configured to execute the instructions to: provide the target software and the authenticity information to a first inspection device that performs the first inspection and a second inspection device that performs the second inspection [i.e., the scanning tools 114 store credential data to access the scanning tool. The scanning tool 114 provide that data to the scanning tool manger 112. The scanning tool manager 112 access the third-party computing device and provide the third-party with the software copy (page 2, para 0022), (see figure 1)]; receive the result of the first inspection [i.e., receive, from the first scanning tool, a first scanning tool output that identifies a first issue of the software target (see ref. 530 of figure 5), (page 8, para 0071) and storing the received result of the first inspection in the information storage [i.e., the scanning manager 112 store the outputs and results in the scanning tool outputs 116 (page 3, para 0024), (see figure 1)]; receive the result of the second inspection [i.e., receive, from the second scanning tool, a second scanning tool output that identifies a second issue of the software target (see ref. 540 of figure 5), (page 8, para 0071); output the result of determination of the validity [i.e., the scanning tool output analyzer 122 output a issue notification 124 that indicates the synthetic issues and status of the synthetic issues (see figure 1), (page 4, para 0034), (page 7, para 0067)], and the at least one processor is further configured to execute the instructions to output information on the undetected vulnerability [i.e., the scanning tool output analyzer 122 output a issue notification 124 that indicates the synthetic issues and status of the synthetic issues (see figure 1), (page 4, para 0034), (page 7, para 0067)]. BORBOV does not disclose; receive an electronic signature of the result of the first inspection; storing the electronic signature of the result of the first inspection in the information storage; receive an electronic signature of the result of the second inspection, wherein the information storage stores the first inspection result in such a way that the stored first inspection result is not able to be changed. However, Groeneveld disclose; receive an electronic signature of a result of a first inspection [i.e., digitally the sign snapshot (see ref. S18 of figure 3), (col. 9, lines 36 – 37)]; storing the electronic signature of the result of the first inspection in a information storage [i.e., store the signed snapshot in snapshot database 32 (see ref. S20 of figure 3 and figure 2), (col. 9, lines 40 – 43)]; receive an electronic signature of a result of the second inspection [i.e., newly signed snapshots (col. 5, line 32) i.e., snapshot database 32 is configured to store a series of snapshot data records (col. 5 lines 42 – 43) Note; each time, the snapshot process is run, there is a new processing results (data sets) that’s is stored with a digital sign], wherein the information storage stores the first inspection result in such a way that the stored first inspection result is not able to be changed [i.e., store the signed snapshot in snapshot database 32 (see ref. S20 of figure 3 and figure 2), (col. 9, lines 40 – 43)]. Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of BORBOV by adapting the teachings of Groeneveld to provide an improved storage and verification systems utilizing digital signatures (See Groeneveld; col. 1, lines 57 – 58). Regarding claim 12, BOBROV discloses; the determination method according to claim 7, further comprising: storing the target software [i.e., the memory 134 store the software under text 108 (page 5, para 0042), (see figure 1)] and authenticity information of the target software in information storage [i.e., credentials associated with software copy (page 2, para 0022), (see figure 1)]; providing the target software and the authenticity information to a first inspection device that performs the first inspection and a second inspection device that performs the second inspection [i.e., the scanning tools 114 store credential data to access the scanning tool. The scanning tool 114 provide that data to the scanning tool manger 112. The scanning tool manager 112 access the third-party computing device and provide the third-party with the software copy (page 2, para 0022), (see figure 1)]; receiving the result of the first inspection [i.e., receive, from the first scanning tool, a first scanning tool output that identifies a first issue of the software target (see ref. 530 of figure 5), (page 8, para 0071) and storing the received result of the first inspection in the information storage [i.e., the scanning manager 112 store the outputs and results in the scanning tool outputs 116 (page 3, para 0024), (see figure 1)]; receive the result of the second inspection [i.e., receive, from the second scanning tool, a second scanning tool output that identifies a second issue of the software target (see ref. 540 of figure 5), (page 8, para 0071); output the result of determination of the validity [i.e., the scanning tool output analyzer 122 output a issue notification 124 that indicates the synthetic issues and status of the synthetic issues (see figure 1), (page 4, para 0034), (page 7, para 0067)]; and the at least one processor is further configured to execute the instructions to output information on the undetected vulnerability [i.e., the scanning tool output analyzer 122 output a issue notification 124 that indicates the synthetic issues and status of the synthetic issues (see figure 1), (page 4, para 0034), (page 7, para 0067)]. BORBOV does not disclose; receive an electronic signature of the result of the first inspection; storing the electronic signature of the result of the first inspection in the information storage; receive an electronic signature of the result of the second inspection, wherein the information storage stores the first inspection result in such a way that the stored first inspection result is not able to be changed. However, Groeneveld disclose; receive an electronic signature of a result of a first inspection [i.e., digitally the sign snapshot (see ref. S18 of figure 3), (col. 9, lines 36 – 37)]; storing the electronic signature of the result of the first inspection in a information storage [i.e., store the signed snapshot in snapshot database 32 (see ref. S20 of figure 3 and figure 2), (col. 9, lines 40 – 43)]; receive an electronic signature of a result of the second inspection [i.e., newly signed snapshots (col. 5, line 32) i.e., snapshot database 32 is configured to store a series of snapshot data records (col. 5 lines 42 – 43) Note; each time, the snapshot process is run, there is a new processing results (data sets) that’s is stored with a digital sign], wherein the information storage stores the first inspection result in such a way that the stored first inspection result is not able to be changed [i.e., store the signed snapshot in snapshot database 32 (see ref. S20 of figure 3 and figure 2), (col. 9, lines 40 – 43)]. Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of BORBOV by adapting the teachings of Groeneveld to provide an improved storage and verification systems utilizing digital signatures (See Groeneveld; col. 1, lines 57 – 58). Regarding claim 18, BOBROV discloses; the non-transitory computer readable storage medium according to claim 13, further causing a computer to execute: information storage processing of storing the target software [i.e., the memory 134 store the software under text 108 (page 5, para 0042), (see figure 1)] and authenticity information of the target software in information storage [i.e., credentials associated with software copy (page 2, para 0022), (see figure 1)]; and software provision processing of providing the target software and the authenticity information to a first inspection device that performs the first inspection and a second inspection device that performs the second inspection [i.e., the scanning tools 114 store credential data to access the scanning tool. The scanning tool 114 provide that data to the scanning tool manger 112. The scanning tool manager 112 access the third-party computing device and provide the third-party with the software copy (page 2, para 0022), (see figure 1)], wherein the first result reception processing receives the result of the first inspection [i.e., receive, from the first scanning tool, a first scanning tool output that identifies a first issue of the software target (see ref. 530 of figure 5), (page 8, para 0071) and storing the received result of the first inspection in the information storage [i.e., the scanning manager 112 store the outputs and results in the scanning tool outputs 116 (page 3, para 0024), (see figure 1)]; receive the result of the second inspection [i.e., receive, from the second scanning tool, a second scanning tool output that identifies a second issue of the software target (see ref. 540 of figure 5), (page 8, para 0071); output the result of determination of the validity [i.e., the scanning tool output analyzer 122 output a issue notification 124 that indicates the synthetic issues and status of the synthetic issues (see figure 1), (page 4, para 0034), (page 7, para 0067)], and the at least one processor is further configured to execute the instructions to output information on the undetected vulnerability [i.e., the scanning tool output analyzer 122 output a issue notification 124 that indicates the synthetic issues and status of the synthetic issues (see figure 1), (page 4, para 0034), (page 7, para 0067)]. BORBOV does not disclose; receive an electronic signature of the result of the first inspection; storing the electronic signature of the result of the first inspection in the information storage; receive an electronic signature of the result of the second inspection, wherein the information storage stores the first inspection result in such a way that the stored first inspection result is not able to be changed. However, Groeneveld disclose; receive an electronic signature of a result of a first inspection [i.e., digitally the sign snapshot (see ref. S18 of figure 3), (col. 9, lines 36 – 37)]; storing the electronic signature of the result of the first inspection in a information storage [i.e., store the signed snapshot in snapshot database 32 (see ref. S20 of figure 3 and figure 2), (col. 9, lines 40 – 43)]; receive an electronic signature of a result of the second inspection [i.e., newly signed snapshots (col. 5, line 32) i.e., snapshot database 32 is configured to store a series of snapshot data records (col. 5 lines 42 – 43) Note; each time, the snapshot process is run, there is a new processing results (data sets) that’s is stored with a digital sign], wherein the information storage stores the first inspection result in such a way that the stored first inspection result is not able to be changed [i.e., store the signed snapshot in snapshot database 32 (see ref. S20 of figure 3 and figure 2), (col. 9, lines 40 – 43)]. Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of BORBOV by adapting the teachings of Groeneveld to provide an improved storage and verification systems utilizing digital signatures (See Groeneveld; col. 1, lines 57 – 58). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Chang (US 8,285,656 B1) disclose selecting, by a processor of a computing device, a portion of data to be verified, wherein the data is associated with an individual; and selecting, by the processor, one or more data verification methods from web-crawling and one or more of tele-verification, agent web verification, direct-mail verification, email verification, and in-person verification to apply to the selected portion of the data, based on prior results of use of the data verification methods, wherein the data is verified, updated, or appended as a result of application of the one or more data verification methods to the selected portion of the data. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A RONI whose telephone number is (571)270-7806. The examiner can normally be reached M-F 9:00-5:00 pm (EST). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SYED A RONI/Primary Examiner, Art Unit 2432
Read full office action

Prosecution Timeline

Apr 15, 2024
Application Filed
Nov 28, 2025
Non-Final Rejection — §101, §102, §103
Mar 31, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12591684
CENTRALIZED SECURITY ANALYSIS AND MANAGEMENT OF SOURCE CODE IN NETWORK ENVIRONMENTS
2y 5m to grant Granted Mar 31, 2026
Patent 12574354
CLIENT FILTER VPN
2y 5m to grant Granted Mar 10, 2026
Patent 12572379
Static Trusted Execution Environment for Inter-Architecture Processor Program Compatibility
2y 5m to grant Granted Mar 10, 2026
Patent 12561420
SYSTEM AND METHOD FOR AUTHENTICATING USERS VIA PATTERN BASED DIGITAL RESOURCES ON A DISTRIBUTED DEVELOPMENT PLATFORM
2y 5m to grant Granted Feb 24, 2026
Patent 12547760
METHOD FOR EVALUATING THE RISK OF RE-IDENTIFICATION OF ANONYMISED DATA
2y 5m to grant Granted Feb 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
82%
Grant Probability
95%
With Interview (+13.4%)
2y 9m
Median Time to Grant
Low
PTA Risk
Based on 655 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month