Prosecution Insights
Last updated: April 17, 2026
Application No. 18/739,438

SYSTEMS AND METHODS FOR ASSESSMENT OF CYBER RESILIENCE

Non-Final OA §101§103
Filed
Jun 11, 2024
Examiner
TOLENTINO, RODERICK
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
unknown
OA Round
1 (Non-Final)
77%
Grant Probability
Favorable
1-2
OA Rounds
3y 4m
To Grant
99%
With Interview

Examiner Intelligence

Grants 77% — above average
77%
Career Allow Rate
545 granted / 705 resolved
+19.3% vs TC avg
Strong +35% interview lift
Without
With
+35.4%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
25 currently pending
Career history
730
Total Applications
across all art units

Statute-Specific Performance

§101
15.7%
-24.3% vs TC avg
§103
56.2%
+16.2% vs TC avg
§102
11.9%
-28.1% vs TC avg
§112
8.3%
-31.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 705 resolved cases

Office Action

§101 §103
Notice of Pre-AIA or AIA Status The present application is being examined under the pre-AIA first to invent provisions. DETAILED ACTION Office Action is in response to the Instant Application 18/739,438, filed on 6/11/2024. Claims 1-20 are pending. This Office Action is Non-Final. Information Disclosure Statement The information disclosure statement (IDS), submitted on 6/11/2024, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Interpretation - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “one or more computing systems programmed to perform the operations comprising: quantifying/obtaining/generating/executing/propagating/accessing/ ….,” recited in claims 1 and 11. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U. S. C. 101 as being directed to non-statutory subject matter as being directed to an abstract idea without being integrated into a practical application or significantly more. Regarding claims 1 and 11, the claims are directed to an abstract idea as reciting the limitations “quantifying correlated risk…,” “generating a report…,” “generating a threat…,” “assessing, based on the plurality of Monte Carlo simulations, a loss for each asset…,” “aggregating the losses,…” and “generating a cyber resilience rating value.” The aforementioned steps are “mental process/mathematical calculation” as broadly interpreted said steps could be performed in the human mind. Therefore, the claim recites an abstract idea. Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that utilize determination result into a practical application. It’s noted that the claims t’s noted that the claim recites the operations “obtaining, by the one or more computer agents, electronic threat and security event information..,” “obtaining a plurality of entity indicators…,” and “propagating a disabling event…,” However, said operations are not sufficient to consider that the abstract idea is being interpreted into a practical application. Said operations are recited at a high level of generality in gathering/processing information, which are a form of insignificant extra-solution activity. It’s also noted that the claims recite additional elements (i.e., processor/memory, computing system). However, said additional elements are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of quantifying, obtaining, generating, propagating, assessing, and aggregating operation etc.,) such that it amounts no more than mere instructions to apply the exception or abstract idea using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. See US Applications 2013/0254535, 2015/0156194 and 2011/0154027. As discussed above, the additional elements recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter. Regarding claims 2-10 and 12-20; the dependent claims are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims recite an abstract idea without being integrated into a practical application or significantly more. It’s noted that claims 3-6 and 13-15 recites the limitations: “receiving information …,” “storing information…,” and “observing traffic….” Said steps are either directed to mental processes and/or in a form of insignificant extra-solution activities; The aforementioned steps are not sufficient to consider that the abstract idea is being integrated into a practical application or significantly more. Therefore, claims 2-10 and 12-20 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. Claim Objections Claims 1 and 11 are objected to because of the following informalities: Appropriate correction is required. As per claims 1 and 11, the claims each recites “executing a plurality of Monte Carlo simulations over the plurality of data, wherein each of the plurality of Monte Carlo simulations executes by; (Emphasis Added) generating a threat event in the plurality of data, the threat event having a probability distribution; propagating a disabling event through the data representing relationships between the plurality of assets based on the threat event; and assessing, based on the plurality of Monte Carlo simulations, a loss for each asset of the plurality of assets;” where the semicolon leaves the claim indefinite because its unclear if the limitations are done as part of the Monte Carlo simulations or independent of. It would seem that a colon “:” is more appropriate and/or language tying all the limitations which are part of the Monte Carlo simulations. For purposes of examination, it will be interpreted that the limitations are performed in general. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of pre-AIA 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action: (a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are is/are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Boyle et al. (US 8,918,883) in view of Granville (US 2011/0161492). As per claim 1, Boyle teaches a system for providing a cyber resilience rating the system comprising: one or more computing systems programmed to perform operations comprising (Boyle, Col. 5 Lines 46-57 recites “The processor 202 may be any general-purpose processor such as an INTEL x86 compatible-CPU. The storage device 208 is, in one embodiment, a hard disk drive but can also be any other device capable of storing data, such as a writeable compact disk (CD) or DVD, or a solid-state memory device. The memory 206 may be, for example, firmware, read-only memory (ROM), non-volatile random access memory (NVRAM), and/or RAM, and holds instructions and data used by the processor 202. The pointing device 214 may be a mouse, track ball, or other type of pointing device, and is used in combination with the keyboard 210 to input data into the computer system 200.”): quantifying correlated risk in a network of a plurality of assets having at least one dependency, each asset belonging to at least one entity, the system comprising one or more computing systems comprising a threat assessment system, a model control system, an analysis and reporting system, and one or more computer agents programmed to perform operations comprising; obtaining, by the one or more computer agents, electronic threat and security event information, from at least publicly available information; obtaining electronic threat event information by the one or more computer agents, from observed network data transmitted via a public or private network, or networks, to the entity's individual, or geographically distributed interconnected private network, or networks; obtaining a plurality of entity indicators comprising characteristic information for a respective entity's network of a plurality of assets having at least one dependency (Boyle, Col. 10 Line 45 – Col. 11 Line 5 recites “Initially, the device profilers 120 identify 610 the hosts 116 on the enterprise network 110. In addition, the device profilers 120 identify 612 the services present on the hosts, and the vulnerabilities possessed by those services. In one embodiment, this profiling is performed by device profilers 120 in a first threat zone. In one embodiment, data describing the profiled hosts and services on the enterprise network 110 are shared with the device profilers 120 in other zones via the control server 122. These device profilers 120, in turn, determine 614 whether the vulnerabilities (i.e., the services having the vulnerabilities) are accessible from their respective threat zones. Some vulnerabilities are accessible while others may be inaccessible. The risks presented by the vulnerabilities are determined 616. In one embodiment, the risks are determined by calculating a risk metric for each vulnerability. This metric is based on the severity of the vulnerability and the threat levels of the threat zones from which the vulnerability is accessible and in one embodiment the value of the asset (i.e., host) on which the service having the vulnerability resides”); generating a report based on relationships between the plurality of assets, the at least one dependency, and the at least one entity, wherein the report comprises: (i) a plurality of data representing relationships between the plurality of assets, including an identity, name, and category identity, systems categories, such as its identity and name, operational processes, such as its identity, name and value, and process dependencies, such as process identity, system identity, dependency description and dependency level; (ii) a plurality of data representing the plurality of assets, the at least one dependency and the at least one entity, wherein each operational process has a conditional probability that an operational process dependent upon the one or more system categories is compromised, given that the one or more system categories is compromised (Boyle. Col. 11 Lines 5-11 recites “These risks are reported 618 to the network administrator. In one embodiment, the risks are reported as a prioritized list, where vulnerabilities having the highest risks have the highest priorities. The administrator can use this list in conjunction with other sortings and groupings to identify the vulnerabilities to remediate first.”). But fails to teach executing a plurality of Monte Carlo simulations over the plurality of data, wherein each of the plurality of Monte Carlo simulations executes by; generating a threat event in the plurality of data, the threat event having a probability distribution; propagating a disabling event through the data representing relationships between the plurality of assets based on the threat event; and assessing, based on the plurality of Monte Carlo simulations, a loss for each asset of the plurality of assets; and aggregating the losses for two or more assets of the plurality of assets to determine correlated risk in the network; generating a cyber resilience rating value for the entity, based on the probable loss to the organisation arising from operational processes being disabled. However, in an analogous art Granville teaches executing a plurality of Monte Carlo simulations over the plurality of data, wherein each of the plurality of Monte Carlo simulations executes by; generating a threat event in the plurality of data, the threat event having a probability distribution; propagating a disabling event through the data representing relationships between the plurality of assets based on the threat event; and assessing, based on the plurality of Monte Carlo simulations, a loss for each asset of the plurality of assets (Granville, Paragraph 0139 recites “At a block 1745 the facility parses the association table in order to identify clusters or subsets of the n rules. A large number of subsets (e.g., 5,000) may be identified according to an optimization algorithm, such as simulated annealing or Markov chain Monte Carlo (MCMC) methods.”); and aggregating the losses for two or more assets of the plurality of assets to determine correlated risk in the network; generating a cyber resilience rating value for the entity, based on the probable loss to the organisation arising from operational processes being disabled (Granville, Paragraph 0122 recites “Once a session score has been generated for each session within the traffic data set, at a block 535 the facility may aggregate all session scores to generate a score for all or portions of the traffic data set. An aggregate score may therefore be calculated for all traffic received by a publisher or advertising network, or it may calculated for a more limited environment defined by a single advertiser, publisher affiliate, or other group. In this manner, the quality of traffic may be determined globally for a publisher or advertiser network, or it may be determined on a per publisher affiliate, advertiser, or other group basis.”). It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Granville’s preservation of scores of the quality of traffic to network sites across clients and over time with Boyle’s Prioritizing Network Security Vulnerabilities Using Accessibility because it offers the advantage of using simulations to help analyze data. As per claim 2, Boyle in combination with Granville teaches the system of claim 1, Boyle further teaches wherein: each of the plurality of assets is selected from the group consisting of: operating system type, operating system version, software application type, software application version, and server processor type; each of the at least one dependency is selected from the group consisting of: operating system type, operating system version, software application type, software application version, and server processor type (Boyle, Col. 4 Lines 21-34 recites “Each service provided by a host 116 has zero or more vulnerabilities. Generally, a "vulnerability" is a weakness in the service's security procedures that allows the service or host to be exploited. Oftentimes, there are many potential vulnerabilities associated with a service. Whether a service possess a particular vulnerability depends upon the version and/or patch level of the software providing the service, among other factors. For example, a host 116 executing a particular version and patch level of a web serving application might be susceptible to a buffer overflow exploit that allows an attacker to gain control of the host. Similarly, a host 116 executing a Trojan Horse program can have an open port through which a malicious actor can control the computer.”). As per claim 3, Boyle in combination with Granville teaches the system of claim 1, Boyle further teaches receiving information indicative of the relationships between the plurality of assets, the at least one dependency, and the at least one entity (Boyle, Col. 5 Lines 22-37 recites “A control server 122 coordinates the operation of the device profilers 120 and receives the results of the vulnerability scans. In one embodiment, the control server 122 generates reports prioritizing the vulnerabilities of the enterprise network 110. Depending upon the report, the vulnerabilities can be prioritized based on the asset values of the hosts having the vulnerabilities, the threat levels of the threat zones from which the vulnerabilities can be accessed, the inherent risk associated with the vulnerabilities, and/or other factors. Thus, the control server 122 might prioritize a relatively low-risk vulnerability that is accessible from a threat zone having a high threat level as a higher priority than a high-risk vulnerability that is accessible from only low-threat zones. This prioritization based on accessibility provides a network administrator with an accurate picture of the risks associated with the enterprise network 110.”). As per claim 4, Boyle in combination with Granville teaches the system of claim 3, Boyle further teaches storing information indicative of the relationships between the plurality of assets, the at least one dependency, and the at least one entity in a database, wherein the information is at least one of the group, consisting of: observed threat data, operating system type, operating system version, software application type, software application version, and server processor type (Boyle, Col. 5 Lines 22-37 recites “A control server 122 coordinates the operation of the device profilers 120 and receives the results of the vulnerability scans. In one embodiment, the control server 122 generates reports prioritizing the vulnerabilities of the enterprise network 110. Depending upon the report, the vulnerabilities can be prioritized based on the asset values of the hosts having the vulnerabilities, the threat levels of the threat zones from which the vulnerabilities can be accessed, the inherent risk associated with the vulnerabilities, and/or other factors. Thus, the control server 122 might prioritize a relatively low-risk vulnerability that is accessible from a threat zone having a high threat level as a higher priority than a high-risk vulnerability that is accessible from only low-threat zones. This prioritization based on accessibility provides a network administrator with an accurate picture of the risks associated with the enterprise network 110.”). As per claim 5, Boyle in combination with Granville teaches the system of claim 3, Boyle further teaches observing traffic to and from a particular one of the plurality of assets in the network to identify at least one of (i) an entity; and (ii) a dependency related to the particular asset (Boyle, Col. 5 Lines 22-37 recites “A control server 122 coordinates the operation of the device profilers 120 and receives the results of the vulnerability scans. In one embodiment, the control server 122 generates reports prioritizing the vulnerabilities of the enterprise network 110. Depending upon the report, the vulnerabilities can be prioritized based on the asset values of the hosts having the vulnerabilities, the threat levels of the threat zones from which the vulnerabilities can be accessed, the inherent risk associated with the vulnerabilities, and/or other factors. Thus, the control server 122 might prioritize a relatively low-risk vulnerability that is accessible from a threat zone having a high threat level as a higher priority than a high-risk vulnerability that is accessible from only low-threat zones. This prioritization based on accessibility provides a network administrator with an accurate picture of the risks associated with the enterprise network 110.”). As per claim 6, Boyle in combination with Granville teaches the system of claim 3, Boyle further teaches wherein the information indicative of the relationships includes operational process data (Boyle, Col. 5 Lines 22-37 recites “A control server 122 coordinates the operation of the device profilers 120 and receives the results of the vulnerability scans. In one embodiment, the control server 122 generates reports prioritizing the vulnerabilities of the enterprise network 110. Depending upon the report, the vulnerabilities can be prioritized based on the asset values of the hosts having the vulnerabilities, the threat levels of the threat zones from which the vulnerabilities can be accessed, the inherent risk associated with the vulnerabilities, and/or other factors. Thus, the control server 122 might prioritize a relatively low-risk vulnerability that is accessible from a threat zone having a high threat level as a higher priority than a high-risk vulnerability that is accessible from only low-threat zones. This prioritization based on accessibility provides a network administrator with an accurate picture of the risks associated with the enterprise network 110.”). As per claim 7, Boyle in combination with Granville teaches the system of claim 1, Boyle further teaches wherein the system compromise is a breach or failure of the at least one dependency (Boyle, Col. 4 Lines 21-34 recites “Each service provided by a host 116 has zero or more vulnerabilities. Generally, a "vulnerability" is a weakness in the service's security procedures that allows the service or host to be exploited. Oftentimes, there are many potential vulnerabilities associated with a service. Whether a service possess a particular vulnerability depends upon the version and/or patch level of the software providing the service, among other factors. For example, a host 116 executing a particular version and patch level of a web serving application might be susceptible to a buffer overflow exploit that allows an attacker to gain control of the host. Similarly, a host 116 executing a Trojan Horse program can have an open port through which a malicious actor can control the computer.”). As per claim 8, Boyle in combination with Granville teaches the system of claim 1, Boyle further teaches wherein the system compromise is a security failure and loss of one, or more, of confidentiality, integrity or availability of the at least one operational process (Boyle, Col. 4 Lines 21-34 recites “Each service provided by a host 116 has zero or more vulnerabilities. Generally, a "vulnerability" is a weakness in the service's security procedures that allows the service or host to be exploited. Oftentimes, there are many potential vulnerabilities associated with a service. Whether a service possess a particular vulnerability depends upon the version and/or patch level of the software providing the service, among other factors. For example, a host 116 executing a particular version and patch level of a web serving application might be susceptible to a buffer overflow exploit that allows an attacker to gain control of the host. Similarly, a host 116 executing a Trojan Horse program can have an open port through which a malicious actor can control the computer.”). As per claim 9, Boyle in combination with Granville teaches the system of claim 1, Boyle further teaches wherein the probability distribution is a probability that the asset will become unavailable when the at least one dependency fails (Boyle, Col. 4 Lines 21-34 recites “Each service provided by a host 116 has zero or more vulnerabilities. Generally, a "vulnerability" is a weakness in the service's security procedures that allows the service or host to be exploited. Oftentimes, there are many potential vulnerabilities associated with a service. Whether a service possess a particular vulnerability depends upon the version and/or patch level of the software providing the service, among other factors. For example, a host 116 executing a particular version and patch level of a web serving application might be susceptible to a buffer overflow exploit that allows an attacker to gain control of the host. Similarly, a host 116 executing a Trojan Horse program can have an open port through which a malicious actor can control the computer.”). As per claim 10, Boyle in combination with Granville teaches the system of claim 1, Granville further teaches wherein the executing, for each group of loss event records, the plurality of Monte Carlo simulations to generate the respective loss simulation data further comprises: generating an expected probability loss value, corresponding to the materiality loss value of the entity, based on the selected loss simulation data (Granville, Paragraph 0101 recites “Based on the score of the traffic it receives, an advertiser may also decide to make adjustments to the keywords it purchases from the advertising service 1165 or to its methodology for placing advertisements. In addition, an advertiser or publisher may use the score to assess the damage or loss of revenue resulting from low quality traffic.”). It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Granville’s preservation of scores of the quality of traffic to network sites across clients and over time with Boyle’s Prioritizing Network Security Vulnerabilities Using Accessibility because it offers the advantage of using simulations to help analyze data. Regarding claim 11, claim 11 is directed to a similar method associated with the system of claim 1 respectively. Claim 11 is similar in scope to claim 1, respectively, and are therefore rejected under similar rationale. Regarding claim 12, claim 12 is directed to a similar method associated with the system of claim 2 respectively. Claim 12 is similar in scope to claim 2, respectively, and are therefore rejected under similar rationale. Regarding claim 13, claim 13 is directed to a similar method associated with the system of claim 3 respectively. Claim 13 is similar in scope to claim 3, respectively, and are therefore rejected under similar rationale. Regarding claim 14, claim 14 is directed to a similar method associated with the system of claim 4 respectively. Claim 14 is similar in scope to claim 4, respectively, and are therefore rejected under similar rationale. Regarding claim 15, claim 15 is directed to a similar method associated with the system of claim 5 respectively. Claim 15 is similar in scope to claim 5, respectively, and are therefore rejected under similar rationale. Regarding claim 16, claim 16 is directed to a similar method associated with the system of claim 6 respectively. Claim 16 is similar in scope to claim 6, respectively, and are therefore rejected under similar rationale. Regarding claim 17, claim 17 is directed to a similar method associated with the system of claim 7 respectively. Claim 17 is similar in scope to claim 7, respectively, and are therefore rejected under similar rationale. Regarding claim 18, claim 18 is directed to a similar method associated with the system of claim 8 respectively. Claim 18 is similar in scope to claim 8, respectively, and are therefore rejected under similar rationale. Regarding claim 19, claim 19 is directed to a similar method associated with the system of claim 9 respectively. Claim 19 is similar in scope to claim 9, respectively, and are therefore rejected under similar rationale. Regarding claim 20, claim 20 is directed to a similar method associated with the system of claim 10 respectively. Claim 20 is similar in scope to claim 10, respectively, and are therefore rejected under similar rationale. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. RODERICK . TOLENTINO Examiner Art Unit 2439 /RODERICK TOLENTINO/Primary Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Jun 11, 2024
Application Filed
Nov 04, 2025
Non-Final Rejection — §101, §103
Feb 06, 2026
Response after Non-Final Action
Feb 06, 2026
Response Filed
Mar 14, 2026
Response after Non-Final Action
Mar 14, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12603907
SERVER AND METHOD FOR PROVIDING ONLINE THREAT DATA BASED ON USER-CUSTOMIZED KEYWORDS FOR PRIVATE CHANNEL
2y 5m to grant Granted Apr 14, 2026
Patent 12592915
INFERENCE-BASED SELECTIVE FLOW INSPECTION
2y 5m to grant Granted Mar 31, 2026
Patent 12580946
SYSTEMS AND METHODS FOR TRIGGERING TOKEN ALERTS
2y 5m to grant Granted Mar 17, 2026
Patent 12580948
CYBERSECURITY OPERATIONS MITIGATION MANAGEMENT
2y 5m to grant Granted Mar 17, 2026
Patent 12572632
SYSTEMS AND METHODS FOR DATA SECURITY MODEL MODIFICATION AND ANOMALY DETECTION
2y 5m to grant Granted Mar 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
77%
Grant Probability
99%
With Interview (+35.4%)
3y 4m
Median Time to Grant
Low
PTA Risk
Based on 705 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month