Office Action Predictor
Last updated: April 16, 2026
Application No. 18/744,788

Attribute-based detection of malicious software and code packers

Non-Final OA §103§112
Filed
Jun 17, 2024
Examiner
WALIULLAH, MOHAMMED
Art Unit
2498
Tech Center
2400 — Computer Networks
Assignee
Acronis International GMBH
OA Round
1 (Non-Final)
86%
Grant Probability
Favorable
1-2
OA Rounds
2y 4m
To Grant
99%
With Interview

Examiner Intelligence

Grants 86% — above average
86%
Career Allow Rate
623 granted / 721 resolved
+28.4% vs TC avg
Strong +18% interview lift
Without
With
+18.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 4m
Avg Prosecution
15 currently pending
Career history
736
Total Applications
across all art units

Statute-Specific Performance

§101
9.4%
-30.6% vs TC avg
§103
55.4%
+15.4% vs TC avg
§102
5.0%
-35.0% vs TC avg
§112
14.3%
-25.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 721 resolved cases

Office Action

§103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Objections Claim 14, 20 objected to because of the following informalities: Claim 14 recites “wherein the machine learning classifier is configured to classify the unknown file as malicious if the class of the unknown unknown file does not indicate the use of the packer”. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 1, 14 are recites the limitation "classifying the unknown file based on the results of the clustering and determining whether the classification indicates the use of a packer” in line 17. There is insufficient antecedent basis for this limitation in the claim. Dependent claim 2-7, 15-20 do not cure the deficiencies, also rejected accordingly. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-4, 6-17, 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Seifert et al(US 11689561 B2) in view of Vincent et al(US 10515214 B1) . With regards claim 1, Seifert A method for malware detection in a computing environment, implemented by at least one microprocessor, a malware collection, and a safe collection, the method comprising: loading test files comprising known safe and known malicious files; (Col 9 line 10-25; Emulator 203 is generally responsible for running or simulating content (e.g., applications, code, files, or other objects) in the labeled data 213 and/or unknown data 215 and extracting raw information from the labeled data 213 and/or the unknown data 215. The labeled data 213 includes files or other object samples that are tagged or indicated with labels or classifications for training in a machine learning system. For instance the labeled data 213 can include multiple files where the files have been tagged according to particular malicious code or file families (and/or sub-families) and/or labeled benign (or families/sub-families) of benign files….. For example, the unknown data 215 can be any incoming file (e.g., a test file) that is analyzed after a machine learning model has been deployed, or trained or tested using the labeled data 213.); filtering attributes of the test files based on attribute statistics of the test files (Col 16 line 45-55; Depending on the number of known variants of the prevalent families and the incoming rate of the unknown files, it may be desirable to further prefilter the number of file pairs to be considered. In some embodiments, this prefiltering includes employing a MinHash algorithm to reduce the quantity of pairs of files used during training or the number of file pairs included during evaluation. A locality sensitive hash algorithm may alternatively or additionally be used. The MinHash algorithm is approximately 0(n) and identifies only a small number of samples which need to be compared to each unknown file being evaluated.); clustering the test files using a probabilistic algorithm based on similarities calculated with a Jaccard measure (Col 16 line 65- col 17 line 10; Some embodiments alternatively determine similarity scores or otherwise detect if an unknown file is malicious by replacing the cosine( ) distance with an optional K-Nearest Neighbor (KNN) classifier and assign the unknown file to the voted majority malware family or benign class of the K known files with the highest similarity score(s). Assigning the label of the single closest file (K=1) may perform well. Accordingly, some embodiments only need to find a single file (e.g., as stored to the labeled files 313) that is most similar to an unknown file (in the unknown files 315) col 2 line 5-15; Existing technologies have various shortcomings, leading to lower prediction accuracy and higher error rate, among other things. For example, existing tools use the Jaccard Index to implement a similarity score between files. However, the Jaccard Index and other technologies require all features from a file to have equal weight. ); obtaining an unknown file for analysis and searching for similar files from among the test files using a probabilistic MinHash LSH algorithm that applies the Jaccard measure (Col 16 line 45-55; Depending on the number of known variants of the prevalent families and the incoming rate of the unknown files, it may be desirable to further prefilter the number of file pairs to be considered. In some embodiments, this prefiltering includes employing a MinHash algorithm to reduce the quantity of pairs of files used during training or the number of file pairs included during evaluation. A locality sensitive hash algorithm may alternatively or additionally be used. The MinHash algorithm is approximately 0(n) and identifies only a small number of samples which need to be compared to each unknown file being evaluated); entering the unknown file into an existing cluster or forming a new cluster using at least one clustering model derived from the test files (Col 5 line 20-40; Existing technologies have various functionality shortcomings leading to lower prediction accuracy and higher error rate, among other things. A key component of some malware detection technologies is determining similar content in a high-dimensional input space. For example, instance-based malware classifiers such as the K-Nearest Neighbor (KNN) classifier rely on the similarity score or distance between two files. The K-Nearest Neighbor classifier may be an optimal classifier in certain situations given an infinite amount of training data. Malware clustering, which identifies groups of malicious content may also rely on computing a similarity score between sets of content. A large portion of existing technologies use the Jaccard Index as the similarity score. For instance, some technologies create behavior profiles from execution traces. A locality sensitive hashing scheme is used to reduce the number of pairs that are considered. Malware files are grouped by hierarchical clustering where the Jaccard Index is used as the similarity metric. ); and classifying the unknown file based on the results of the clustering and determining whether the classification indicates the use of a packer (Col 17 line 35-45; In some embodiments, the detonation and extraction module 404 first detonates and extracts strings and behavior features from the file repository 402. In some embodiments, the detonation and extraction module 404 includes the functionality described with respect to the emulator 203 of FIG. 2 and/or the file emulation 303 of FIG. 3. In an illustrative example, the detonation and extraction module may extract packed file strings (and then unpack them) and API calls with their associated parameters from the file repository 402. In various embodiments, the file repository represents a data store of files that are not yet labeled, such that it is unknown whether files are associated without malicious content. ); Seifert does not exclusively but , Vincent teaches, performing static analysis of the test files without unpacking them to generate a non-vectorized set of strings and opcodes (Col 16 line 5-15; Based on the information provided by static and dynamic analysis modules 102-103, controller 106 and/or classifier 105 determine that at least one further analysis is required on the unpacked files. ); wherein dynamic analysis is performed on the unknown file only if it is classified as packed (Col 15 line 15-25; In a further example, a first static analysis performed on a specimen determines that the specimen is a packed file. In response, the controller configures a dynamic analysis or emulation performed on the specimen, which may unpack the file. A second static analysis may be performed on the unpacked file. The second static analysis may detect the evasion (also referred to as anti-detection defense or anti-analysis defense) such as virtual machine evasion. Based in part on the detected evasion, a classifier may classify the specimen as malware.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Sifert’s method and system with teaching of Vincent in order to detecting malware in a specimen of computer content or network traffic (Vincent Abstract). With regards to claim 2, 15 Seifert further discloses, wherein labels are assigned to clusters only if all files belonging to the cluster have a label of the same class (Col 17 line 45-55; (72) In some embodiments, responsive to the detonation and extraction module 404 performing its functionality, the combine and build module 408 combines features with labels from the label database 406 and combines into a similarity training dataset where similar files are paired (with a label called “similar”) and dissimilar files are paired (with a label called “dissimilar”).). With regards to claim 3, 16 Seifert further discloses,, wherein if all files belonging to a cluster do not have a label of the same class, then the file cluster is not used for classifying the unknown file (Col 1line 60- col 2line 10; In some embodiments, unique deep learning models, such as variations of a Siamese Neural Network (SNN) or variations of a Deep Structured Semantic Model (DSSM) can be used to detect unknown malicious content. Certain embodiments train a model that learns to give different weights to features based on their importance. In this way, deep learning model embodiments can be useful for taking unknown content or indications and mapping them in feature space to determine a distance or similarity to known malicious files or indications based on the particular features of the unknown file and the trained weights associated with the features of known files or indications. ). With regards to claim 4, 17 Seifert further discloses, wherein the step of filtering attributes comprises using a frequency filter (Col 13 line 59-col 14 line 10; In some embodiments, the training set construction 307 is functionality performed by the training set construction component 207 of FIG. 2. In some embodiments, before training, embodiments of the training set construction 307 first construct a training set that includes the selected N-Gram features from pairs of malware files, which are known to be similar, as well as those from benign files, which are dissimilar (for labeling purposes, even though they may be in-fact similar). Embodiments determine the similar malware file or other content pairs for the training set based on several criteria. For example, in order to correctly train the model, similar file pairs are first carefully chosen. Randomly selecting two files whose families match, may not work well in practice. The problem is that there may be many different variants of some of these families. To solve this problem, a malware file's detection signature can be utilized. An anti-malware engine may utilize specific signatures to determine if an unknown file or content is malicious or benign.). With regards to claim 6, 19 Examiner taking Official Notice that “wherein when a cluster is formed without a label, the cluster?s members are not classified” is well known or not an inventive step. With regards to claim 7, 13, 20 Seifert in view of Vincent discloses, wherein the machine learning classifier is configured to classify the unknown file as malicious if the class of the unknown unknown file does not indicate the use of the packer (Vincent Col 16 line 15-25; In a further example, a first static analysis performed on a specimen determines that the specimen is a packed file. In response, the controller configures a dynamic analysis or emulation performed on the specimen, which may unpack the file. A second static analysis may be performed on the unpacked file. The second static analysis may detect the evasion (also referred to as anti-detection defense or anti-analysis defense) such as virtual machine evasion. Based in part on the detected evasion, a classifier may classify the specimen as malware.). Motivation would be same as stated in claim 8. With regards to claim 8, Seifert discloses, A system for malware detection for an unknown file in a computing environment with at least one microprocessor, an unknown file, a malware file collection, and a safe file collection, the system comprising: a static analyzer and a first file attributes filter, under program control by the at least one microprocessor, the static analyzer configured to receive as input the unknown file, the malware collection, or the safe file collection (Col 16 line 45-col 17 line 6; Depending on the number of known variants of the prevalent families and the incoming rate of the unknown files, it may be desirable to further prefilter the number of file pairs to be considered. In some embodiments, this prefiltering includes employing a MinHash algorithm to reduce the quantity of pairs of files used during training or the number of file pairs included during evaluation. A locality sensitive hash algorithm may alternatively or additionally be used. The MinHash algorithm is approximately 0(n) and identifies only a small number of samples which need to be compared to each unknown file being evaluated.); a dynamic analyzer and a second file attributes filter and an n-gram builder under program control by the at least one microprocessor, the dynamic analyzer configured to receive as input the unknown file, the malware collection, or the safe collection (Col 21 line 4- 15; Some embodiments modify a DSSM training to require the input of an extra item known to be dissimilar to the matching items in the pair. In this context, the third item is the set of selected N-Gram features from a randomly selected benign content. Performing feature selection on a data set may yield sparse binary features corresponding to the input layer size 14067 illustrated in FIG. 6. In embodiments, the first hidden layer is h.sub.1=f(W.sub.1x+b.sub.1) where x is the input vector, W.sub.1 and b.sub.1 are the learned parameters of the first hidden layer, and f( ) is the activation function for the hidden layers. In some embodiments, the output of the remaining N−1 hidden layer are:); wherein the at least one microprocessor is further configured for program control of a file attributes weight analysis unit comprising an attributes weights assessment unit (Col 1 line 62-col 2 line 7; In some embodiments, unique deep learning models, such as variations of a Siamese Neural Network (SNN) or variations of a Deep Structured Semantic Model (DSSM) can be used to detect unknown malicious content. Certain embodiments train a model that learns to give different weights to features based on their importance. In this way, deep learning model embodiments can be useful for taking unknown content or indications and mapping them in feature space to determine a distance or similarity to known malicious files or indications based on the particular features of the unknown file and the trained weights associated with the features of known files or indications. ): a machine-learning clustering unit comprising a clustering model based on a Jaccard measure, in communication with file attributes analysis unit; wherein the machine learning clustering unit further configured for applying a file similarity assessment based on probabilistic Min Hash LSH algorithm that applies the Jaccard measure; (Col 5 line 20-40; Existing technologies have various functionality shortcomings leading to lower prediction accuracy and higher error rate, among other things. A key component of some malware detection technologies is determining similar content in a high-dimensional input space. For example, instance-based malware classifiers such as the K-Nearest Neighbor (KNN) classifier rely on the similarity score or distance between two files. The K-Nearest Neighbor classifier may be an optimal classifier in certain situations given an infinite amount of training data. Malware clustering, which identifies groups of malicious content may also rely on computing a similarity score between sets of content. A large portion of existing technologies use the Jaccard Index as the similarity score. For instance, some technologies create behavior profiles from execution traces. A locality sensitive hashing scheme is used to reduce the number of pairs that are considered. Malware files are grouped by hierarchical clustering where the Jaccard Index is used as the similarity metric.); a machine learning classifier configured for receiving the results of the machine learning clustering unit; a library, in communication with the classifier, comprising a plurality of machine learning or detection rules; (Col 17 line 35-45; In some embodiments, the detonation and extraction module 404 first detonates and extracts strings and behavior features from the file repository 402. In some embodiments, the detonation and extraction module 404 includes the functionality described with respect to the emulator 203 of FIG. 2 and/or the file emulation 303 of FIG. 3. In an illustrative example, the detonation and extraction module may extract packed file strings (and then unpack them) and API calls with their associated parameters from the file repository 402. In various embodiments, the file repository represents a data store of files that are not yet labeled, such that it is unknown whether files are associated without malicious content.); Seifert does not exclusively but , Vincent teaches, wherein the unknown file is a packed file and the classifier identifies the unknown file as packed or not packed; (Col 15 line 65-col 16 line 8; In another example, referring back to FIG. 1A or 1B, a specimen is a packed file and captured by controller 106. After a static analysis, static analysis module 102 reveals that the packed file contains no DLL. However, a dynamic analysis performed by dynamic analysis module 103 reveals there are 2 DLLs in the packed file, for example, after unpacking the packed file. Based on the information provided by static and dynamic analysis modules 102-103, controller 106 and/or classifier 105 determine that at least one further analysis is required on the unpacked files. ); and wherein the dynamic analyzer operates only on files identified as packed files (Col 15 line 15-25; In a further example, a first static analysis performed on a specimen determines that the specimen is a packed file. In response, the controller configures a dynamic analysis or emulation performed on the specimen, which may unpack the file. A second static analysis may be performed on the unpacked file. The second static analysis may detect the evasion (also referred to as anti-detection defense or anti-analysis defense) such as virtual machine evasion. Based in part on the detected evasion, a classifier may classify the specimen as malware.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Sifert’s method and system with teaching of Vincent in order to detecting malware in a specimen of computer content or network traffic (Vincent Abstract). With regards to claim 9, Seifert further discloses, wherein the dynamic analyzer under program control by the at least one microprocessor is configured to extract new file attributes from the packed file (Col 15 line 35-50; For example, a first set of files in the unknown files 315 may first be subject to file emulation 333 (which may be the same functionality performed by file emulation 303 and performed by the emulator 203), such that the first set of files are emulated and particular information is extracted, such as API calls and packed strings, which are then unpacked. Then features can be selected from the first set of files per 335 (e.g., via the same or similar functionality as described with respect to feature selection 305 or via the feature selector 205). Responsively, unknown pair construction 320 can be performed (e.g., via the same or similar functionality with respect to the training set construction 307 or via the unknown construction component 220) such that similar malicious test files are grouped together and any other benign test files are grouped together. ). With regards to claim 10, 12, Seifert further discloses, wherein the file attributes analysis unit is coupled to an attributes database; wherein the file attributes analysis unit is configured to access the attributes database to update attribute data(Col 4 line 10-25; A “feature” as described herein represents a particular attribute or attribute value of content. For example, a first feature can be the length and format of a file, a second feature can be a particular URL of a file, a fourth feature can be operation characteristics, such as writing as short blocks, and a fifth feature can be a registry key pattern. A “weight” in various instances represents the importance or significant of a feature or feature value for classification or prediction. For example, each feature may be associated with an integer or other real number where the higher the real number, the more significant the feature is for prediction or classification. In some embodiments, a weight in a neural network or other machine learning application can represent the strength of a connection between nodes or neurons from one layer (an input) to the next layer (an output).). With regards to claim 11, Seifert further discloses, wherein the clustering model based on the Jaccard measure is coupled to the attributes database (Col 5 line 0-30; Some deep learning model embodiments include two or more identical sub networks or branches, meaning that the sub networks have the same configuration with the same or tied parameters and weights. Each sub network receives distinct inputs (e.g., two different files) but are joined by an energy function at the top of the two identical sub networks, which determine how similar the two inputs are. Weight tying guarantees or raises the probability that two extremely similar sets of malicious content or indications could not possibly be mapped by their respective identical networks to very different locations in feature space because each network computes the same function. In this way, deep learning model embodiments can be useful for taking unknown content or indications and mapping them in feature space to determine a distance or similarity to known sets of malicious content or indications based on the particular features of the unknown file and the trained weights associated with the features of known files or indications. ). With regards to claim 14, Seifert discloses, A method for malware detection in a computing environment, implemented by at least one microprocessor, the method comprising: obtaining an unknown file for analysis and searching for similar files from among test files using a probabilistic MinHash LSH algorithm that applies a Jaccard measure (Col 9 line 10-25; Emulator 203 is generally responsible for running or simulating content (e.g., applications, code, files, or other objects) in the labeled data 213 and/or unknown data 215 and extracting raw information from the labeled data 213 and/or the unknown data 215. The labeled data 213 includes files or other object samples that are tagged or indicated with labels or classifications for training in a machine learning system. For instance the labeled data 213 can include multiple files where the files have been tagged according to particular malicious code or file families (and/or sub-families) and/or labeled benign (or families/sub-families) of benign files….. For example, the unknown data 215 can be any incoming file (e.g., a test file) that is analyzed after a machine learning model has been deployed, or trained or tested using the labeled data 213.); entering the unknown file into an existing cluster or forming a new cluster using at least one clustering model derived from the test files (Col 16 line 65- col 17 line 10; Some embodiments alternatively determine similarity scores or otherwise detect if an unknown file is malicious by replacing the cosine( ) distance with an optional K-Nearest Neighbor (KNN) classifier and assign the unknown file to the voted majority malware family or benign class of the K known files with the highest similarity score(s). Assigning the label of the single closest file (K=1) may perform well. Accordingly, some embodiments only need to find a single file (e.g., as stored to the labeled files 313) that is most similar to an unknown file (in the unknown files 315) col 2 line 5-15; Existing technologies have various shortcomings, leading to lower prediction accuracy and higher error rate, among other things. For example, existing tools use the Jaccard Index to implement a similarity score between files. However, the Jaccard Index and other technologies require all features from a file to have equal weight. ); and wherein the test files have been clustered using a probabilistic algorithm based on similarities calculated with the Jaccard measure(Col 16 line 45-55; Depending on the number of known variants of the prevalent families and the incoming rate of the unknown files, it may be desirable to further prefilter the number of file pairs to be considered. In some embodiments, this prefiltering includes employing a MinHash algorithm to reduce the quantity of pairs of files used during training or the number of file pairs included during evaluation. A locality sensitive hash algorithm may alternatively or additionally be used. The MinHash algorithm is approximately 0(n) and identifies only a small number of samples which need to be compared to each unknown file being evaluated). attributes of the test files have been filtered based on attribute statistics of the test files (Col 16 line 45-55; Depending on the number of known variants of the prevalent families and the incoming rate of the unknown files, it may be desirable to further prefilter the number of file pairs to be considered. In some embodiments, this prefiltering includes employing a MinHash algorithm to reduce the quantity of pairs of files used during training or the number of file pairs included during evaluation. A locality sensitive hash algorithm may alternatively or additionally be used. The MinHash algorithm is approximately 0(n) and identifies only a small number of samples which need to be compared to each unknown file being evaluated.) Seifert does not exclusively but , Vincent teaches, wherein the test files have been analyzed with a static analyzer without unpacking them to generate a non-vectorized set of strings and opcodes and (Col 16 line 5-15; Based on the information provided by static and dynamic analysis modules 102-103, controller 106 and/or classifier 105 determine that at least one further analysis is required on the unpacked files. ); and classifying the unknown file based on the results of the clustering and determining whether the classification indicates the use of a packer ; wherein dynamic analysis is performed on the unknown file only if it is classified as packed (Col 15 line 15-25; In a further example, a first static analysis performed on a specimen determines that the specimen is a packed file. In response, the controller configures a dynamic analysis or emulation performed on the specimen, which may unpack the file. A second static analysis may be performed on the unpacked file. The second static analysis may detect the evasion (also referred to as anti-detection defense or anti-analysis defense) such as virtual machine evasion. Based in part on the detected evasion, a classifier may classify the specimen as malware.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Sifert’s method and system with teaching of Vincent in order to detecting malware in a specimen of computer content or network traffic (Vincent Abstract). Allowable Subject Matter Claims 5, 18 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Beloussov et al(JP 2023003363 A) Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987. The examiner can normally be reached 8.30 to 430 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498
Read full office action

Prosecution Timeline

Jun 17, 2024
Application Filed
Sep 29, 2025
Non-Final Rejection — §103, §112
Oct 20, 2025
Interview Requested
Oct 28, 2025
Applicant Interview (Telephonic)
Oct 28, 2025
Examiner Interview Summary
Apr 07, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12602517
SYSTEMS AND METHODS FOR AUTOMATIC REDACTION OF SENSITIVE INFORMATION FROM VIDEO STREAMS
2y 5m to grant Granted Apr 14, 2026
Patent 12602491
METHOD AND SYSTEM FOR USING SECURE REMOTE DIRECT MEMORY ACCESS (RDMA) SYSTEM
2y 5m to grant Granted Apr 14, 2026
Patent 12598063
IMPROVED CLOCK SECURITY FOR STATISTICAL OBJECT GENERATION
2y 5m to grant Granted Apr 07, 2026
Patent 12592835
METHOD AND APPARATUS FOR GENERATING, PROVIDING AND DISTRIBUTING A TRUSTED ELECTRONIC RECORD OR CERTIFICATE BASED ON AN ELECTRONIC DOCUMENT RELATING TO A USER
2y 5m to grant Granted Mar 31, 2026
Patent 12587538
TECHNIQUES FOR ACCESS CERTIFICATION REVIEWER SELECTION
2y 5m to grant Granted Mar 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
86%
Grant Probability
99%
With Interview (+18.0%)
2y 4m
Median Time to Grant
Low
PTA Risk
Based on 721 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month