Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsDarktrace Holdings Limited › 18778140
Last updated: April 19, 2026
Application No. 18/778,140

MODIFICATION OF CONNECTIONS

Non-Final OA §102§103
Filed
Jul 19, 2024
Examiner
LIPMAN, JACOB
Art Unit
2434
Tech Center
2400 — Computer Networks
Assignee
Darktrace Holdings Limited
OA Round
1 (Non-Final)
84%
Grant Probability
Favorable
1-2
OA Rounds
2y 10m
To Grant
98%
With Interview

Interview Optional

+14.1% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 782 resolved cases, 2023–2026

Examiner Intelligence

LIPMAN, JACOB View full profile →
Grants 84% — above average
84%
Career Allow Rate
654 granted / 782 resolved
+25.6% vs TC avg
Moderate +14% lift
Without
With
+14.1%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
33 currently pending
Career history
815
Total Applications
across all art units

Statute-Specific Performance

§101
3.6%
-36.4% vs TC avg
§103
39.4%
-0.6% vs TC avg
§102
31.0%
-9.0% vs TC avg
§112
17.1%
-22.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 782 resolved cases

Office Action

§102 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Election/Restrictions Applicant’s election without traverse of invention I in the reply filed on 9 January 2026 is acknowledged. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-10 and 12-14, and 21-26 are is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Cella et al., USPN 2020/0225655. With regard to claims 1, 14, and 26, Cella discloses an apparatus, including a cyber threat autonomous response engine (0247, 1757, 2269) configured to control connectivity between a first computing device and a second computing device (1728-1735, 1590, 1646, 2295, 3317, 1751, 2112) and take one or more actions to mitigate a cyber threat (0247, 1757, 2269), which is further configured to determine that a connection between the first computing device and the second computing device needs to be modified (3444, 0972, 1024, 1060, 1751, 2112), identify an indicator in a message transmitted via the connection in accordance with a communication protocol (1712-1715, 1959, 1024, 1060, 1751, 2112), determine, based on the indicator and knowledge about a previously observed sequence of messages communicated between the first computing device and the second computing device in accordance with the communication protocol (2095, 1727-1735, 1069, 1751), a plurality of triggers to be sent to one or both of the first computing device and the second computing device to modify the connection (1033, 1609-1610), and cause the plurality of triggers to be sent (1580-1582, 1710-1715, 1742, 1751-1761, 2112-2119), and where instructions implemented in software for the cyber threat autonomous response engine are configured to be stored in one or more non-transitory storage mediums to be executed by one or more processing units (1869, 3316, 3324, 3444, 1742, 1919-1921, 1931, 1936). With regard to claim 2, Cella discloses the apparatus of claim 1, as outlined above, and further discloses the communication protocol is a server message block (SMB) protocol (1726-1729). With regard to claim 3, Cella discloses the apparatus of claim 1, as outlined above, and further discloses each trigger of the plurality of triggers includes a unique indicator, and wherein at least one of the plurality of triggers has a unique indicator configured to cause modification of the connection, where the modification of the connection is one or more of a disruption, an interruption, and a resetting of the connection (1710-1715, 1742, 1751-1761, 2112-2119) in order to mitigate the cyber threat (0247, 1757, 2269). With regard to claim 4, Cella discloses the apparatus of claim 1, as outlined above, and further discloses indicator is a sequence number that uniquely identifies the message (1712-1715, 3444, 1727, 2112). With regard to claim 5, Cella discloses the apparatus of claim 1, as outlined above, and further discloses each message in the sequence of messages is identified by a unique indicator (1712-1715, 3444, 1727, 2112). With regard to claim 6, Cella discloses the apparatus of claim 1, as outlined above, and further discloses the indicator comprises a size associated with the message (1712-1727). With regard to claims 7 and 21, Cella discloses the apparatus of claim 1, as outlined above, and further discloses the knowledge includes information, derived from the previously observed sequence of messages, about a size associated with each message in the previously observed sequence of message (1712-1735, 2095, 1069, 1751). With regard to claims 8 and 22, Cella discloses the apparatus of claim 1, as outlined above, and further discloses the knowledge includes information, derived from the previously observed sequence of messages (2095, 1727-1735, 1069, 1751), about a property associated with each message in the previously observed sequence of messages (2095, 1727-1735, 1069, 1751), wherein a first trigger includes the property expected for a subsequent message to the message including the indicator (2095, 1727-1735, 1069, 1751), wherein the property includes one or more of a unique indicator, a sequence number, a payload size, and a packet size (1712-1727). With regard to claim 9, Cella discloses the apparatus of claim 1, as outlined above, and further discloses the cyber threat autonomous response engine is configured to determine a latency associated with the message between the first computing device and the second computing device (1739-1747, 1942-1959, 2104-2112), and then based upon the latency the cyber threat autonomous response engine is configured to predict a permutation of an upcoming connection, which is the connection, and send the triggers for predicted stages of the connection (1739-1747, 1942-1959, 2104-2112, 2095, 1727-1735, 1069, 1751). With regard to claim 10, Cella discloses the apparatus of claim 1, as outlined above, and further discloses a trigger of the plurality of triggers is configured to modify the connection during a stage of the communication protocol to prevent a subsequent stage of the communication protocol from being carried out, wherein the trigger includes a unique indicator configured to allow the connection to be disrupted by the trigger at the stage, in accordance with the communication protocol, to prevent the subsequent stage of the communication protocol being carried out (1710-1715, 1742, 1751-1761, 2112-2119). With regard to claims 12, 23, and 25, Cella discloses the apparatus of claim 1, as outlined above, and further discloses the cyber threat autonomous response engine is configured to determine that the connection needs to be modified based on an indication that one or both of the first computing device and the second computing device has exhibited a metric indicative of anomalous behavior (0360, 1010, 1341, 1684). With regard to claims 13 and 24, Cella discloses the apparatus of claim 1, as outlined above, and further discloses the cyber threat autonomous response engine is configured to determine a latency associated with the message between the first computing device and the second computing device, and based upon the latency associated with the message between the first computing device and the second computing device, then the cyber threat autonomous response engine is configured to send the plurality of triggers to arrive at the connection to modify that connection (1739-1747, 1942-1959, 2104-2112, 2095, 1727-1735, 1069, 1751). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Cella. With regard to claim 11, Cella discloses the apparatus of claim 1, as outlined above, and further discloses a trigger of the plurality of triggers is configured to spoof a behavior to monitor the response (0977), but does not disclose a trigger of the plurality of triggers is configured to spoof a message that is communicated between the first computing device and the second computing device in accordance with the communication protocol. It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to use the method of spoofing behavior, as taught by Cella, to further investigate a possible anomaly in messages between devices by sending a spoof message, for the stated motivation of Cella, to improve analysis (0977). References Cited Mahaffey et al., USPN 2015/0128205, discloses a method of monitoring a connection between two devices, and modifying the channel upon anomaly detection (0006). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB LIPMAN whose telephone number is (571)272-3837. The examiner can normally be reached 5:30AM-6:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Shayanfar can be reached at 571-270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JACOB LIPMAN/Primary Examiner, Art Unit 2434
Read full office action

Prosecution Timeline

Jul 19, 2024
Application Filed
Feb 18, 2026
Non-Final Rejection — §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/514,881
Patent 12585819
SYSTEMS, METHODS, AND MEDIA FOR GENERATING DOCUMENTS CONTAINING CONFIDENTIAL INFORMATION
2y 5m to grant Granted Mar 24, 2026
18/530,037
Patent 12585748
RECONFIGURABLE BRAILLE BOARD-BASED AUTHENTICATION SYSTEM AND METHOD THEREFOR
2y 5m to grant Granted Mar 24, 2026
18/595,055
Patent 12579233
APPARATUSES, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR PROACTIVE OFFLINE AUTHENTICATION
2y 5m to grant Granted Mar 17, 2026
18/013,415
Patent 12530442
DEVICE FOR AUTOMATICALLY DETECTING COUPLING BETWEEN ELECTRONIC DEVICES
2y 5m to grant Granted Jan 20, 2026
17/773,738
Patent 12511363
METHOD AND TOKEN FOR DOCUMENT AUTHENTICATION
2y 5m to grant Granted Dec 30, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
84%
Grant Probability
98%
With Interview (+14.1%)
2y 10m
Median Time to Grant
Low
PTA Risk
Based on 782 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month