Prosecution Insights
Last updated: July 17, 2026
Application No. 18/757,523

SYSTEM AND METHOD FOR PREDICTIVE PROTECTION OF CLOUD-BASED APPLICATIONS AND SERVICES

Final Rejection §102§103
Filed
Jun 28, 2024
Examiner
BROWN, CHRISTOPHER J
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Salesforce Inc.
OA Round
2 (Final)
75%
Grant Probability
Favorable
3-4
OA Rounds
1y 4m
Est. Remaining
88%
With Interview

Examiner Intelligence

Grants 75% — above average
75%
Career Allowance Rate
536 granted / 711 resolved
+17.4% vs TC avg
Moderate +13% lift
Without
With
+13.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
34 currently pending
Career history
753
Total Applications
across all art units

Statute-Specific Performance

§101
0.5%
-39.5% vs TC avg
§103
92.8%
+52.8% vs TC avg
§102
3.5%
-36.5% vs TC avg
§112
1.3%
-38.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 711 resolved cases

Office Action

§102 §103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed 3/6/26 have been fully considered but they are not persuasive. Applicant argues that the prior art Deshmukh fails to teach receiving data from a web browser/extension in order to generate a signature and share that vulnerability information with other web browsers. Applicant has only changed the language, but not the subject matter for claim 1. Applicant has failed to amend independent claim 11. Examiner asserts that while Examiner appreciates Applicants argument that “specific” data is sent from browser plugin, the claim only recites a “request” and “receiving data”. The data is not specified. For example, the data and vulnerability and signature could be derived from observing normal web traffic at the web application firewall. Examiner asserts that Deshmukh clearly states that once vulnerability information is found/detected then the information is shared and distributed to all systems for remediation. Thus Examiner asserts that the claims are anticipated as stated. Examiner has cited supplemental paragraphs for additional background. In the interest of expediting prosecution Examiner cites Vatamanu US 2016/0335432 which more explicitly teaches a browser plugin sending specific security data to a server in order to generation a malware signature. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1, 4, 7-12, 17-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Deshmukh US 2023/0231884. As per claim 1. Deshmukh A method implemented in a set of one or more electronic devices of a web application firewall (WAF) to detect and mitigate vulnerabilities, the method comprising: evaluating requests from a plurality of instances of a web application to detect a vulnerability, the plurality of instances of the web application operable in browsers with browser extensions, each browser extension corresponding to one of the plurality of instances of the web application; [0036][0037] [0038] [0042] [0044] [0047] [0058] [0118][0119] [0123][0124] [0227]-[0231] (teaches a web application firewall, deep packet inspection, intrusion prevention system, cloud web apps, and api protection; new vulnerabilities, detection of vulnerabilities in browser extensions/plugins, sharing vulnerability data widely once detected to remediate, based on traffic inspection from WAF, and WAAP using browser and plugin data) Deshmukh teaches generating a signature corresponding to the vulnerability based on data retrieved from at least one of the browser extensions; dynamically providing vulnerability information corresponding to the vulnerability to the browser extensions, the vulnerability information to be used by each browser extension to detect conditions capable of triggering the vulnerability; [0218]-[0225] (generating a signature for vulnerabilities and checking for violations including in a web application, and API rules) Deshmukh providing the signature to at least one browser extension which has detected the conditions capable of triggering the vulnerability, the at least one browser extension to use the signature to confirm the vulnerability and, once confirmed, to responsively perform mitigation operations including generating an alert to a user or administrator of the browser extension. [0228][0231]-[0233] [0245][0246] (provides a full report including traffic attacks, browser issues, compromised sessions and users, compliance checks for vulnerability, and browser session profiles, applications, taking mitigation actions) As per claim 4. Deshmukh teaches wherein for the API vulnerability, the data retrieved from the at least one of the browser extensions comprises a path associated with the API call, a history of API calls, or both. [0123] [0134][0148][0157] (unexpected API behavior based on attack, API security, traffic inspection) [0222]-[0225] (signatures including API attacks) As per claim 7. Deshmukh teaches establishing persistent bi-directional communication channels with the browser extensions, wherein the data retrieved from the each of the browser extensions is to be provided over at least one corresponding persistent bi-directional communication channel, and wherein dynamically providing vulnerability information and providing the signature to the at least one browser extension are performed over at least one corresponding persistent bi-directional communication channel. [0042][0044] [0056] (persistent cloud based internet connection) As per claim 8. Deshmukh teaches wherein the persistent bi-directional communication channels comprise WebSocket communication channels. [0042] (SSL connection) As per claim 9. Deshmukh teaches wherein the vulnerability information corresponding to the vulnerability comprises an indication of a path within a corresponding domain. [0042] [0057] (domain filtering in a cloud firewall, restricted domains) As per claim 10. Deshmukh generating a report including the vulnerability information, the data retrieved from the at least one of the browser extensions, the signature, or any combination thereof; and providing the report to an administrator to aid the administrator in mitigating the vulnerability in subsequent versions of the web application, the browser extension, or both. [0245][0246][0228] (provides a full report including traffic attacks, browser issues, compromised sessions and users, compliance reports, and browser session profiles, applications, taking mitigation actions) As per claim 11. Deshmukh teaches A non-transitory machine-readable medium having program code stored thereon which, when executed by a set of one or more processors, are to cause operations, comprising: implementing a browser extension associated with a web application instance operable within a browser, the web application instance to send requests and receive responses from a corresponding web application running on a server cluster, and the browser extension to establish a persistent communication channel with a web application firewall (WAF) configured to evaluate the requests and responses and requests and responses from other web application instances to detect a vulnerability; [0036][0037] [0038] [0042] [0044] [0047] [0058] [0118][0119] [0123][0124] [0227]-[0231] (teaches a web application firewall, deep packet inspection, intrusion prevention system, cloud web apps, and api protection; new vulnerabilities, detection of vulnerabilities in browser extensions/plugins, sharing vulnerability data widely once detected to remediate, based on traffic inspection from WAF, and WAAP using browser and plugin data) Deshmukh teaches receiving from the WAF vulnerability information corresponding to the vulnerability; detecting conditions capable of triggering the vulnerability based on the vulnerability information; receiving a signature corresponding to the vulnerability from the WAF, the signature generated based on data retrieved from another browser extension corresponding to another web application instance in which the vulnerability was detected; [0218]-[0225] (generating a signature for vulnerabilities and checking for violations including in a web application, and API rules) Deshmukh teaches confirming the vulnerability based on the signature; and responsively performing mitigation operations including generating an alert to a user or administrator of the browser extension. [0228][0231]-[0233] [0245][0246] (provides a full report including traffic attacks, browser issues, compromised sessions and users, compliance checks for vulnerability, and browser session profiles, applications, taking mitigation actions) As per claim 12. Deshmukh teaches wherein the vulnerability comprises one or both of: a view vulnerability associated with a view generated from the web application instance and an application programming interface (API) vulnerability generated from an API call by the web application instance. As per claim 17. Deshmukh teaches wherein the persistent communication channel comprises a persistent bi-directional communication channel and wherein the WAF is to establish other persistent bi-direction communication channels with other browser extensions corresponding to the other web application instances. [0037] [0038] [0047] [0042][0044] [0056] (persistent cloud based internet connection including to WAF) As per claim 18. Deshmukh teaches, wherein the persistent bi-directional communication channel and the other persistent bi-directional communication channels comprise WebSocket communication channels. [0042] (SSL connection) As per claim 19. Deshmukh teaches wherein the vulnerability information corresponding to the vulnerability comprises an indication of a path within a corresponding domain. [0042] [0057] (domain filtering in a cloud firewall, restricted domains) As per claim 20. Deshmukh teaches wherein the WAF is to generate a report including the vulnerability information, the data retrieved from another browser extension corresponding to another web application instance, the signature, or any combination thereof, the report to be provided to administrator, to aid the administrator in mitigating the vulnerability in subsequent versions of the web application, the browser extension, or both. [0245][0246][0228] (provides a full report including traffic attacks, browser issues, compromised sessions and users, compliance reports, and browser session profiles, applications, taking mitigation actions) Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 2, 3, 13, 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh US 2023/0231884 in view of Hulick US 2025/0265346 As per claim 2. Hulick teaches wherein the vulnerability comprises one or both of: a view vulnerability associated with a view generated from a corresponding instance of the web application and an application programming interface (API) vulnerability generated from an API call by the corresponding instance of the web application. [0011][0021][0044]-[0046] (teaches a web application history including API calls to determine vulnerability issues) It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Hulick with the prior art because it allows prevention of API call vulnerabilities, thus increasing security. As per claim 3. Hulick teaches wherein for the view vulnerability, the data retrieved from the at least one of the browser extensions comprises a view document object model (DOM), a history of views, or both. [0011][0021][0044]-[0046] (teaches a web application history including APU calls to determine vulnerability issues) As per claim 13. Hulick teaches, wherein the vulnerability information for the view vulnerability and the signature are generated by the WAF using the data retrieved from another browser extension corresponding to another web application instance, the data comprising a view document object model (DOM), a history of views, or both. [0011][0021][0044]-[0046] (teaches a web application history including APU calls to determine vulnerability issues) As per claim 14. Hulick teaches, wherein the vulnerability information for the API vulnerability and the signature are generated by the WAF using the data retrieved from another browser extension corresponding to another web application instance, the data comprising a path associated with the API call, a history of API calls, or both. [0011][0021][0044]-[0046] (teaches a web application history including APU calls to determine vulnerability issues) Claim(s) 5, 6, 15, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh US 2023/0231884 in view of Benameur US 2024/0214348. As per claim 5. Benameur teaches wherein generating an alert comprises presenting an alert window above an active view of a respective instance the web application, the alert window informing the user of a vulnerability associated with the active view or API call and providing an option to abort the active view or API call or proceed with the active view or API call. [0043][0045] (generating an alert for an API call view and taking remedial action ) Examiner asserts a “pop up” is well known in the art. Deshmukh teaches an interface and window allowing the user to take actions via the interface. [0244] It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Benameur with the prior art because it allows immediate remedial action in the case of a malicious attack. As per claim 6. Benameur teaches wherein generating an alert further comprises presenting a pop-up window at or near a periphery of the active view, the pop-up window including a list of restricted views and APIs associated with the web application. [0043][0045] (generating an alert for an API call view and taking remedial action ) Examiner asserts a “pop up” is well known in the art. Deshmukh teaches an interface and window allowing the user to take actions via the interface. [0244] As per claim 15. Benameur teaches wherein generating an alert comprises presenting an alert window above an active view of the web application instance, the alert window informing the user of a vulnerability associated with the active view or API call and providing an option to abort the active view or API call or proceed with the active view. [0043][0045] (generating an alert for an API call view and taking remedial action ) Examiner asserts a “pop up” is well known in the art. Deshmukh teaches an interface and window allowing the user to take actions via the interface. [0244] As per claim 16. Benameur teaches, wherein generating an alert further comprises presenting a pop-up window at or near a periphery of the active view, the pop-up window including a list of restricted views and APIs associated with the web application. [0043][0045] (generating an alert for an API call view and taking remedial action ) Examiner asserts a “pop up” is well known in the art. Deshmukh teaches an interface and window allowing the user to take actions via the interface. [0244] Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Jun 28, 2024
Application Filed
Dec 08, 2025
Non-Final Rejection mailed — §102, §103
Feb 13, 2026
Applicant Interview (Telephonic)
Feb 13, 2026
Examiner Interview Summary
Mar 06, 2026
Response Filed
Jun 01, 2026
Final Rejection mailed — §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12652290
CYBER SECURITY FOR SOFTWARE-AS-A-SERVICE FACTORING RISK
5y 3m to grant Granted Jun 09, 2026
Patent 12652315
REMOTE MONITORING OF A SECURITY OPERATIONS CENTER (SOC)
3y 8m to grant Granted Jun 09, 2026
Patent 12641111
Automated Security Analysis of Software Libraries
2y 5m to grant Granted May 26, 2026
Patent 12621339
SYSTEM AND METHOD FOR PROVIDING SECURITY POSTURE MANAGEMENT FOR AI APPLICATIONS
2y 5m to grant Granted May 05, 2026
Patent 12615280
DETECTING POLYMORPHIC BOTNETS USING AN IMAGE RECOGNITION PLATFORM
2y 9m to grant Granted Apr 28, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
75%
Grant Probability
88%
With Interview (+13.0%)
3y 5m (~1y 4m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 711 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month