Office Action Predictor
Last updated: April 16, 2026
Application No. 18/766,150

SECURITY INTELLIGENT AUTOMATION FOR SOFTWARE DEVELOPMENT, SECURITY, AND OPERATIONS

Non-Final OA §102
Filed
Jul 08, 2024
Examiner
RAHIM, MONJUR
Art Unit
2436
Tech Center
2400 — Computer Networks
Assignee
Oracle International Corporation
OA Round
1 (Non-Final)
84%
Grant Probability
Favorable
1-2
OA Rounds
2y 11m
To Grant
97%
With Interview

Examiner Intelligence

Grants 84% — above average
84%
Career Allow Rate
742 granted / 879 resolved
+26.4% vs TC avg
Moderate +13% lift
Without
With
+12.6%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
37 currently pending
Career history
916
Total Applications
across all art units

Statute-Specific Performance

§101
11.7%
-28.3% vs TC avg
§103
41.7%
+1.7% vs TC avg
§102
26.6%
-13.4% vs TC avg
§112
5.5%
-34.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 879 resolved cases

Office Action

§102
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION 1. This action is responsive to: an original application filed on 8 July 2024. 2. Claims 1-20 are currently pending and claims 1, 8 and 16 are independent claims. Information Disclosure Statement 3. The information disclosure statement (IDS) submitted on 22 July 2024. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Priority 4. No Priority claimed. Drawings 5. The drawings filed on 8 July 2024 are accepted by the examiner. Claim Rejections - 35 USC § 102 6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-20 are rejected 35 U.S.C §102 (a)(1) as being anticipated by Feiman et al. (US Patent No. 10855717), hereinafter Feiman. Regarding claim 1: A computing apparatus comprising: a computer-readable storage medium (Feiman, col 12, lines 11-12). processor-executable instructions stored on the computer-readable storage medium (Feiman, col 12, lines 11-17). and one or more processors coupled to the computer-readable storage medium and configured to execute the processor-executable instructions to provide a security intelligent automation (SIA) engine comprising a plurality of security test plug-ins configured to perform a security assessment on a plurality of Open System Interconnection (OSI) layers (Feiman, col 15, line 31), of a target application, such that the processor-executable instructions (Feiman, Fig.1, col 5, line 37-67), wherein plugin application 106 can be installed in an integrated development environment (IDE). The plugin application can monitor changes in the source code ( e.g., via a representation of the source code). For example, when a developer writes new source code or modifies existing source code in the IDE, the plugin application can monitor the changes that are made. When the plugin application determines change(s) are made, the plugin application can analyze the changes to detennine what type(s) of change(s) are made. when executed by the one or more processors, direct the computing apparatus, to at least: determine security inputs for a one or more security test plug-ins (Feiman, col 9, lines 56-60), wherein the convolutional neural networks (CNN) can classify the input text utilizing parameters such as length of the input array of numbers, vocabulary and convolutional filter configuration to enable vulnerability detection and verification. generate one or more templates based on the security inputs, wherein the one or more templates correspond to a respective security test plug-in of the one or more security test plug-ins (Feiman, col 10, line 29-50, col 2, lines 29-35), wherein the historical datasets can also include the vulnerability, identifier, verification, remediation options, relationship to other vulnerabilities, etc. The historical data sets can be continuously updated with each attack. The historical data sets can be used to create attack files as shown in FIG. 3. The vulnerabilities detected (e.g., historically) can be stored in the data store, along with associated metadata. perform the security assessment on the target application based on the one or more templates (Feiman, col 7, lines 33-40). and generate a report comprising results from the security assessment, wherein the report comprises results for each of the one or more security test plug-ins evaluated during the security assessment (Feiman, col 9, lines 44-51), wherein at block 212, the attacker or computing system (e.g., 102) can generate a report with results of the attack. Regarding claim 2: wherein the processor-executable instruction to perform the security assessment on the target application based on the one or more templates, when executed by the one or more processors, further direct the computing apparatus to: perform the security assessment on the target application based on one or more of the security test plug-ins (Feiman, col 9, lines 16-29). Regarding claim 3: wherein the processor-executable instructions, to determine the security inputs for one or more of the security test plug-ins comprises when executed by the one or more processors, further direct the computing apparatus to: determine an Application Programming Interface (API) specification associated with the target application; determine an API schema based on the API specification (Feiman, col 7, lines 1-14); generate context-based security inputs based on the API schema (Feiman, col 8, lines 1-7); and configure the one or more templates based on the context-based security inputs, wherein the security inputs comprise the context-based security inputs (Feiman, col 10, lines 35-50). Regarding claim 4: wherein the processor-executable instructions, to determine the security inputs for one or more of the security test plug-ins comprises when executed by the one or more processors, further direct the computing apparatus to: query the target application to prompt one or more responses; (Feiman, col 9, lines 1-15) receive the one or more responses from the target application (Feiman, col 9, lines 30-36); extract, from the one or more responses, API schema; generate context-based security inputs based on the API schema (Feiman, col 10, lines 1-7); and configure the one or more templates based on the context-based security inputs, wherein the security inputs comprise the context-based security inputs (Feiman, col 41, lines 41-39). Regarding claim 5: wherein the processor-executable instructions, to determine the security inputs for one or more of the security test plug-ins when executed by the one or more processors, further direct the computing apparatus to: determine API schema associated with the target application; extract one or more elements from the API schema; perform text similarity analysis between the one or more elements from the API schema; and generate the security inputs based on the text similarity analysis (Feiman, col 9, lines 52-67). Regarding claim 6: wherein the processor-executable instructions, to generate the report comprising the results from the security assessment comprises when executed by the one or more processors, further direct the computing apparatus to: generate a results section for each of the one or more security test plug-ins executed during the security assessment, wherein the results section comprises a security test name, test criteria, and identified vulnerabilities for each respective security test plug-in (Feiman, col 9, lines 44-51). Regarding claim 7: wherein the plurality of security test plug-ins are configured to perform the security assessment within OSI layer 4 to layer 7 of the target application (Feiman, col 13, line 31). Regarding claim 8: A method comprising: determining, by a security intelligent automation (SIA) engine, security inputs for a one or more security test plug-ins, wherein the SIA engine comprises a plurality of security test plug-ins configured to perform a security assessment on a plurality of Open System Interconnection (OSI) layers a target application (Feiman, col 15, line 31, Fig.1, col 5, line 37-67), generating, by the SIA engine, one or more templates based on the security inputs, wherein the one or more templates correspond to a respective security test plug-in of the one or more security test plug-ins (Feiman, col 10, line 29-50), wherein the historical datasets can also include the vulnerability, identifier, verification, remediation options, relationship to other vulnerabilities, etc. The historical data sets can be continuously updated with each attack. The historical data sets can be used to create attack files as shown in FIG. 3. The vulnerabilities detected (e.g., historically) can be stored in the data store, along with associated metadata. performing, by the SIA engine, the security assessment on the target application based on the one or more templates (Feiman, col 7, lines 33-40). and generating, by the SIA engine, a report comprising results from the security assessment, wherein the report comprises results for each of the one or more security test plug-ins evaluated during the security assessment (Feiman, col 9, lines 44-51), wherein at block 212, the attacker or computing system (e.g., 102) can generate a report with results of the attack. Regarding claim 9: wherein: determining, by the SIA engine, the security inputs for the one or more security test plug-ins comprises: determining, by the SIA engine, API schema; extracting, by the SIA engine, a plurality of elements from the API schema; generating, by the SIA engine, context-based security inputs based on the plurality of elements, wherein the security inputs comprise the context-based security inputs; and generating, by the SIA engine, the one or more templates based on the security inputs comprises: generating, by the SIA engine, one or more request bodies based on the context-based security inputs (Feiman, col 10, lines 35-50). Regarding claim 10: wherein: the method further comprises determining, by the SIA engine, criteria for each of the one or more security test plug-ins; and performing, by the SIA engine, the security assessment on the target application based on the one or more templates comprises: performing, by the SIA engine, the security assessment on the target application based on the criteria for each of the one or more security test plug-ins (Feiman, col 9, lines 16-29). Regarding claim 11: wherein the method further comprises: determining, from an input configuration file, a plurality of security tests; determining, by the SIA engine, the plurality of security test plug-ins based on the security tests, wherein each security test plug-in corresponds to a respective security test; and configuring, by the SIA engine, each of the security test plug-ins based on the security inputs (Feiman, col 8, lines 30-42). Regarding claim 12: wherein performing, by the SIA engine, the security assessment on the target application based on the one or more templates comprises: generating, by the SIA engine, malicious payloads based on the security inputs, wherein each of the malicious payloads are configured to identify a respective vulnerability within a target application (Feiman, col 4, lines 41-39). Regarding claim 13: wherein the SIA engine is executed within a DevSecOps (DSO) pipeline (Feiman, col 7, lines 50-64). Regarding claim 14: wherein the performing, by the SIA engine, the security assessment on the target application based on the one or more templates comprises: sequentially executing, by the SIA engine, each security test plug-in of the one or more security test plug-in (Feiman, col 8, lines 54-63). Regarding claim 15: wherein the one or more security test plug-ins comprise one or more of: a Transport Layer Security (TLS) test plug-in; a Cloud-Infrastructure test plug-in; a Crawler test plug-in; an Application Programming Interface (API) test plug-in; or an Open API test plug-in (Feiman, col 1, lines 22-33). Regarding claim 16: A computer-readable storage medium comprising processor-executable instructions, wherein the processor-executable instructions, in part, cause one or more processors to: determine, by a security intelligent automation (SIA) engine, security inputs for a one or more security test plug-ins, wherein the SIA engine comprises a plurality of security test plug-ins configured to perform a security assessment on a plurality of Open System Interconnection (OSI) layers of a target application (Feiman, Fig.1, col 5, line 37-67), wherein plugin application 106 can be installed in an integrated development environment (IDE). The plugin application can monitor changes in the source code ( e.g., via a representation of the source code). For example, when a developer writes new source code or modifies existing source code in the IDE, the plugin application can monitor the changes that are made. When the plugin application determines change(s) are made, the plugin application can analyze the changes to detennine what type(s) of change(s) are made. generate one or more templates based on the security inputs, wherein the one or more templates correspond to a respective security test plug-in of the one or more security test plug-ins (Feiman, col 10, line 29-50), wherein the historical datasets can also include the vulnerability, identifier, verification, remediation options, relationship to other vulnerabilities, etc. The historical data sets can be continuously updated with each attack. The historical data sets can be used to create attack files as shown in FIG. 3. The vulnerabilities detected (e.g., historically) can be stored in the data store, along with associated metadata perform the security assessment on the target application based on the one or more templates (Feiman, col 7, lines 33-40). and generate a report comprising results from the security assessment, wherein the report comprises results for each of the one or more security test plug-ins evaluated during the security assessment (Feiman, col 9, lines 44-51), wherein at block 212, the attacker or computing system (e.g., 102) can generate a report with results of the attack. Regarding claim 17: wherein the processor-executable instructions to determine the security inputs for one or more of the security test plug-ins cause the one or more processors to further execute processor-executable instructions stored in the computer-readable storage medium to: determine API schema associated with the target application (Feiman, col 9, lines 30-36); extract one or more elements from the API schema (Feiman, col 10, lines 1-7); perform text similarity analysis between the one or more elements from the API schema; and generate the security inputs based on the text similarity analysis (Feiman, col 9, lines 16-29). Regarding claim 18: wherein the processor-executable instructions cause the one or more processors to further execute processor-executable instructions stored in the computer-readable storage medium to: generate, by a SIA engine, a vulnerability rating for each of the one or more security test plug-ins based on the security assessment (Feiman, col 9, lines 57-65). Regarding claim 19: wherein the processor-executable instructions cause the one or more processors to further execute processor-executable instructions stored in the computer-readable storage medium to: generate, by the SIA engine, a link to raw results for each of the one or more templates based on security assessment, wherein the report comprises the link to the raw results (Feiman, col 4, lines 48-55). Regarding claim 20: wherein: the processor-executable instructions to determine, by the SIA engine, the security inputs for the plurality of security test plug-ins cause the one or more processors to further execute processor-executable instructions stored in the computer-readable storage medium to: determine, by the SIA engine, an API schema associated with the target application; and generate, by the SIA engine, context-based security inputs based on the API schema specification (Feiman, col 7, lines 1-14); and the processor-executable instructions to generate, by the SIA engine, the one or more templates based on the security inputs cause the one or more processors to further execute processor-executable instructions stored in the computer-readable storage medium to: configure, by the SIA engine, the one or more templates based on the context-based security inputs (Feiman, col 10, lines 35-50). Conclusion 7. The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Monjour Rahim whose telephone number is (571)270-3890. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (in USA or CANANDA) or 571-272-1000. /Monjur Rahim/ Patent Examiner United States Patent and Trademark Office Art Unit: 2436; Phone: 571.270.3890 E-mail: monjur.rahim@uspto.gov Fax: 571.270.4890
Read full office action

Prosecution Timeline

Jul 08, 2024
Application Filed
Dec 22, 2025
Non-Final Rejection — §102
Feb 26, 2026
Interview Requested
Mar 26, 2026
Response Filed
Mar 26, 2026
Examiner Interview Summary
Mar 26, 2026
Applicant Interview (Telephonic)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12596807
UNIFIED EXTENSIBLE FIRMWARE INTERFACE (UEFI)-LEVEL PROCESSING OF OUT-OF-BAND COMMANDS IN HETEROGENEOUS COMPUTING PLATFORMS
2y 5m to grant Granted Apr 07, 2026
Patent 12598458
METHODS AND DEVICES FOR SECURE COMMUNICATION WITH AND OPERATION OF AN IMPLANT
2y 5m to grant Granted Apr 07, 2026
Patent 12580742
SECURE MEMORY SYSTEM PROGRAMMING FOR HOST DEVICE VERIFICATION
2y 5m to grant Granted Mar 17, 2026
Patent 12574214
DISTRIBUTION AND USE OF ENCRYPTION KEYS TO DIRECT COMMUNICATIONS
2y 5m to grant Granted Mar 10, 2026
Patent 12572671
ACCESS CONTROL SYSTEM FOR AUTOMATICALLY ADJUSTING ACCESS TO RESOURCES IN RESPONSE TO DETECTING A ROLE CHANGE
2y 5m to grant Granted Mar 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
84%
Grant Probability
97%
With Interview (+12.6%)
2y 11m
Median Time to Grant
Low
PTA Risk
Based on 879 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month