Prosecution Insights
Last updated: July 17, 2026
Application No. 18/788,024

A system and method for generating real-time obfuscated data

Final Rejection §103
Filed
Jul 29, 2024
Examiner
GRACIA, GARY S
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
Bank of America Corporation
OA Round
2 (Final)
71%
Grant Probability
Favorable
3-4
OA Rounds
1y 5m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 71% — above average
71%
Career Allowance Rate
402 granted / 563 resolved
+13.4% vs TC avg
Strong +49% interview lift
Without
With
+48.7%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
20 currently pending
Career history
586
Total Applications
across all art units

Statute-Specific Performance

§101
0.5%
-39.5% vs TC avg
§103
94.9%
+54.9% vs TC avg
§102
4.1%
-35.9% vs TC avg
§112
0.2%
-39.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 563 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status 1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments 2. Applicant’s arguments filed on 03/18/2026, with respect to the 35 U.S.C 103 rejection of claims 1-3, 7-11, and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 20240289489 hereinafter Ezrielev in view of U.S. Publication No. 20200265159 hereinafter Schmatz have been fully considered. However, upon further consideration, a new ground(s) of rejection is made in view of amended claims. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 3. Claims 1-3, 7-11, and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 20240289489 hereinafter Ezrielev in view of U.S. Publication No. 20200265159 hereinafter Schmatz, and further in view of U.S. 20250226089 hereinafter Barve. As per claim 1, Ezrielev discloses: A system (para 0010 "In general, embodiments disclosed herein relate to methods and systems for managing access to data stored in a data storage system.") comprising: a memory configured to store, and a processor communicatively coupled to the memory (para 00161 In one embodiment, system 400 includes processor 401, memory 403, and devices 405-408 via a bus or an interconnect 410.") configured to: detect that an authorized user has initiated a data interaction, wherein the data interaction comprises transmission of data over a data network from a source node to a target node (para 0119 "At operation 302, a data access request for a portion of data may be obtained from a requesting device. Para 0124 "At operation 304, a determination may be made regarding whether the requesting device and the user of the requesting device may be validated. The determination may be made by authenticating the user and the device independently (e.g., using the second key pair), as described with respect to FIG. 2C. The authentication of the user may be made using password-based authentication, multi-factor authentication, biometric authentication, and/or endpoint authentication methods (e.g., media access control and/or physical device address verification).' Para 0125 "If both the user and the requesting device are validated, the method may proceed to operation 308."); detect that an unauthorized access to the data network has occurred and in response to detecting the unauthorized access to the data network (Para 0128 "At operation 308, a determination may be made regarding whether the portion of data includes sensitive data. The determination may be made by obtaining a classification of a sub-portion of the portion of requested data. The classification may describe the level of sensitivity of the sub-portion. The classification of a sub-portion of the requested data may be read from metadata of the sub- portion."), obfuscate, in real-time, at least a portion of the data transiting via the data network, wherein obfuscating the data comprises: intercepting the data originating from the source node; generating obfuscated data by obfuscating the data relating to the data interaction using one or more data obfuscating algorithms; (para 0153-0154 "Returning to operation 316, if the likelihood exceeds the risk threshold (e.g., the environment has a likelihood of being unsecure), the method may proceed to operation 320. [0154] At operation 320, access to at least a portion of the sensitive data is prevented. Access may be prevented by modifying an access level of the user to reduce risk of unauthorized disclosure of the sensitive data. The modified access level may result in (i) denying access to the portion of the sensitive data, (ii) performing an obfuscation operation to render the portion of the sensitive data inaccessible. Access to the portion of the sensitive data may remain restricted while the access level remains modified. The access level may be modified based on updated risk scores generated in operation 314.") and transmitting the obfuscated data over the data network to the target node (para 0151 "For example, if the security likelihood of the environment changes from secure to unsecure (e.g., crosses the risk threshold boundary), the display device may perform an obfuscation operation rendering the sensitive data temporarily inaccessible (e.g., by disabling the display system and/or by blurring the sensitive data).") Ezrielev does not disclose: a plurality of data obfuscating algorithms wherein generating the obfuscated data comprises: extract a portion of the data to be used as sample data for generating the obfuscated data; and generate, based on data properties of the sample data, the obfuscated data such that the obfuscated data at least partially mimics the data Schmatz discloses: a plurality of data obfuscating algorithms (para 0020 "Moreover, this module is adapted to obfuscate data (via the protected enclave) with one or more obfuscation algorithms, the latter yielding different levels of obfuscation.") Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the managing access to data stored in a data storage of Ezrielev to include a plurality of data obfuscating algorithms, as taught by Schmatz. The motivation would have been to provide obfuscated data to users using algorithms while preserving the original format of the data. Ezrielev in view of Schmatz does not disclose: wherein generating the obfuscated data comprises: extract a portion of the data to be used as sample data for generating the obfuscated data; and generate, based on data properties of the sample data, the obfuscated data such that the obfuscated data at least partially mimics the data Barve discloses: wherein generating the obfuscated data comprises: extract a portion of the data to be used as sample data for generating the obfuscated data; and generate, based on data properties of the sample data, the obfuscated data such that the obfuscated data at least partially mimics the data (para 0024 “As used in the current disclosure, an “anonymization process” is the process of anonymizing personally identifiable information within the data. Anonymization involves removing or obfuscating personally identifiable information (PII) and sensitive data while retaining the utility and quality of the data for model training. In another embodiment, the anonymization process may replace PII with pseudonyms or tokens. For example, processor 104 may replace names with unique identifiers, such as “User12345,” and email addresses with placeholders like user@email.com. In some cases, processor 104 may group data into broader categories to reduce the granularity of information. For instance, processor 104 can generalize ages into age groups (e.g., 20-30, 31-40) rather than using exact ages. In some cases, anonymization process may create synthetic data that mimics the statistical properties of the original data. This can help maintain data utility while preventing re-identification.”) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the managing access to data stored in a data storage of Ezrielev to include wherein generating the obfuscated data comprises: extract a portion of the data to be used as sample data for generating the obfuscated data; and generate, based on data properties of the sample data, the obfuscated data such that the obfuscated data at least partially mimics the data, as taught by Schmatz. The motivation would have been to provide obfuscated data to users using algorithms while preserving the original format of the data. As per claim 2, Ezrielev in view of Schmatz and Barve discloses: The system of Claim 1, wherein the plurality of data obfuscating algorithms are grouped into a plurality of obfuscating levels, wherein: each obfuscating level is assigned a particular group of the data obfuscating algorithms from the plurality of data obfuscating algorithms; and the data obfuscating algorithms associated with a higher obfuscating level are configured to apply a higher level of data obfuscation as compared to the data obfuscating algorithms associated with a lower obfuscating level, wherein the higher level of data obfuscation modifies the data to a greater extent as compared to a lower level of data obfuscation (Schmatz para 0033 "hat the present methods propose is to handle requests from users 10 based on authorization levels of the users. In response to such requests, data are supplied to the user in obfuscated form (i.e., altered), wherein the level of obfuscation of the data provided depends on the authorization levels of the users. In the present context, obfuscation means altering the original data, SO as not to retain all of the information contained in the original data i.e., the original information is at least partly lost, so as to potentially comply with various requirements, such as originating from authorizations set by the owners, privacy law, and regulatory needs, for example. Note, data provided back to the users 10 are never intended to infringe or circumvent any legal provision." Para 0044 "One may, by convention, define the authorization level such that the highest authorization level allows access to data having any level of obfuscation. E.g., similarly to privilege levels in the intel x86 instruction set, the authorization level may range from 0 (most privileged) to n>0, where n is less privileged than n-1, which is less privileged than n-2, etc. Thus, any resource available to level n would also be available to authorization levels 0 to n. The obfuscation level may thus similarly be coded from 0 (corresponding to a low level of alteration) to m>1 (corresponding to a higher level of alteration). Thus, given a data-obfuscation level 1 desired and a data access authorization level k identified for the requester, access to the requested data is only allowed if the authorization level is higher (in the sense of privilege) than or equal to the data obfuscation level, i.e., if 1≤k. Thus, an authorized user having a high authorization level (e.g., a data owner) may typically access data having any level of obfuscation." Though Ezrielev discloses obfuscation, Schmatz discloses each obfuscating level is assigned a particular group of the data obfuscating algorithms from the plurality of data obfuscating algorithms. The motivation would have been to provide obfuscated data to users using algorithms while preserving the original format of the data.). As per claim 3, Ezrielev in view of Schmatz and Barve discloses: The system of Claim 1, wherein: each obfuscating level is associated with a particular data sensitivity level, the data sensitivity level assigned to a piece of data is indicative of a degree of confidentiality that is to be maintained with respect to the piece of data; and a higher data sensitivity level is assigned to the piece of data when a higher degree of confidentiality is to be maintained for the piece of data (Schmatz Para 0044 "One may, by convention, define the authorization level such that the highest authorization level allows access to data having any level of obfuscation. E.g., similarly to privilege levels in the intel x86 instruction set, the authorization level may range from 0 (most privileged) to n>0, where n is less privileged than n-1, which is less privileged than n-2, etc. Thus, any resource available to level n would also be available to authorization levels 0 to n. The obfuscation level may thus similarly be coded from 0 (corresponding to a low level of alteration) to m>1 (corresponding to a higher level of alteration). Thus, given a data-obfuscation level 1 desired and a data access authorization level k identified for the requester, access to the requested data is only allowed if the authorization level is higher (in the sense of privilege) than or equal to the data-obfuscation level, i.e., if 1≤k. Thus, an authorized user having a high authorization level (e.g., a data owner) may typically access data having any level of obfuscation." Though Ezrielev discloses obfuscation, Schmatz discloses each obfuscating level is assigned a particular group of the data obfuscating algorithms from the plurality of data obfuscating algorithms. The motivation would have been to provide obfuscated data to users using algorithms while preserving the original format of the data.). As per claim 7, Ezrielev in view of Schmatz and Barve discloses: The system of Claim 1, wherein the processor is configured to use a generative Artificial Intelligence (AI) algorithm to generate the obfuscated data (Ezrielev para 0076 and 0128). As per claim 8, the implementation of the system of claim 1 will execute the method of claim 8. The claim is analyzed with respect to claim 1. As per claim 9, the claim is analyzed with respect to claim 2. As per claim 10, the claim is analyzed with respect to claim 3. As per claim 14, the claim is analyzed with respect to claim 7. As per claim 15, the implementation of the system of claim 1 will execute the non-transitory computer-readable medium (Ezrielev paragraph 0040) of claim 8. The claim is analyzed with respect to claim 1. As per claim 16, the claim is analyzed with respect to claim 2. As per claim 17, the claim is analyzed with respect to claim 3. 4. Claims 4-6, 11-13 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ezrielev in view of Schmatz, and further in view of Barve, and further in view of U.S. Publication No. 20180285592 hereinafter Sharifi. As per claim 4, Ezrielev in view of Schmatz and Barve discloses: The system of Claim 3, wherein the processor is further configured to: generate the obfuscated data by obfuscating the data relating to the data interaction using one or more data obfuscating algorithms associated with the first obfuscating level (Schmatz para 0033 "hat the present methods propose is to handle requests from users 10 based on authorization levels of the users. In response to such requests, data are supplied to the user in obfuscated form (i.e., altered), wherein the level of obfuscation of the data provided depends on the authorization levels of the users. In the present context, obfuscation means altering the original data, so as not to retain all of the information contained in the original data. I.e., the original information is at least partly lost, so as to potentially comply with various requirements, such as originating from authorizations set by the owners, privacy law, and regulatory needs, for example. Note, data provided back to the users 10 are never intended to infringe or circumvent any legal provision." Para 0044 "One may, by convention, define the authorization level such that the highest authorization level allows access to data having any level of obfuscation. E.g., similarly to privilege levels in the intel x86 instruction set, the authorization level may range from 0 (most privileged) to n>0, where n is less privileged than n-1, which is less privileged than n-2, etc. Thus, any resource available to level n would also be available to authorization levels 0 to n. The obfuscation level may thus similarly be coded from 0 (corresponding to a low level of alteration) to m>1 (corresponding to a higher level of alteration). Thus, given a data-obfuscation level 1 desired and a data access authorization level k identified for the requester, access to the requested data is only allowed if the authorization level is higher (in the sense of privilege) than or equal to the data- obfuscation level, i.e., if 1≤k. Thus, an authorized user having a high authorization level (e.g., a data owner) may typically access data having any level of obfuscation." Though Ezrielev discloses obfuscation, Schmatz discloses each obfuscating level is assigned a particular group of the data obfuscating algorithms from the plurality of data obfuscating algorithms. The motivation would have been to provide obfuscated data to users using algorithms while preserving the original format of the data.) Ezrielev in view of Schmatz and Barve does not disclose: assign a first data sensitivity level to the data relating to the data interaction based on data properties of the data; identify a first obfuscating level associated with the assigned data sensitivity level Sharifi discloses: assign a first data sensitivity level to the data relating to the data interaction based on data properties of the data (para 0028 “PMM 126 may determine a privacy level for all or various portions of the information to be displayed and compare the privacy level to a threshold privacy level. In some examples, the privacy level is bucketed (e.g., private or non-private; or non- private, semi-private, or very private). In some examples, the privacy level may be rated on a sliding scale (e.g., 0-100). PMM 126 may determine the privacy level based at least in part on a type of information to be displayed. In some instances, the type of information may be based on an application module 124 associated with the information, a data structure or format of the information, or the content of the information. In some examples, the information to be displayed by GUI 114 may include employee name, employee start date, salary, and social security number. In these examples, IPM 230 may assign a privacy level of "very private" for the social security information, a privacy level of "semi-private" for the salary information, and a privacy level of "non-private" for the start date."); identify a first obfuscating level associated with the assigned data sensitivity level (para 0069 "OM 232 may determine an obfuscation level for each portion of the information and may output an indication of the obfuscation level to UI module 220, such that UI module 220 may cause PSD 212 to obscure a portion of the information based on the obfuscation level. OM 232 may determine an obfuscation level for a particular portion of information based on obfuscation rules data store 228. Obfuscation rules data store 228 may include one or more files, tables, databases, or other data structure that represents rules for obscuring private information. For example, obfuscation rules data store 228 may include a set of privacy levels and an obfuscation level corresponding to each privacy level. In some examples, the obfuscation levels indicate one or more techniques to obscure information, such as blurring text, replacing characters with placeholder characters, changing a font (e.g., size, color, type, or other attribute), dimming a screen, increasing the speed of audio data, replacing audible words with a generic audible tone, etc.") Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the managing access to data stored in a data storage of Ezrielev in view of to include assign a first data sensitivity level to the data relating to the data interaction based on data properties of the data; identify a first obfuscating level associated with the assigned data sensitivity level, as taught by Sharifi. The motivation would have been to obscure private information output by the computing device. As per claim 5, Ezrielev in view of Schmatz, Barve and Sharifi discloses: The system of Claim 3, wherein the processor is further configured to: assign a first data sensitivity level to a first portion of the data relating to the data interaction based on data properties of the first portion of the data; identify a first obfuscating level associated with the assigned first data sensitivity level; assign a second data sensitivity level to a second portion of the data relating to the data interaction based of the data properties of the second portion of the data; identify a second obfuscating level associated with the assigned second data sensitivity level; generate the obfuscated data by: obfuscating the first portion of the data relating to the data interaction using one or more data obfuscating algorithms associated with the first obfuscating level; and obfuscating the second portion of the data relating to the data interaction using one or more data obfuscating algorithms associated with the second obfuscating level (Sharifi para 0069 "OM 232 may determine an obfuscation level for each portion of the information and may output an indication of the obfuscation level to UI module 220, such that UI module 220 may cause PSD 212 to obscure a portion of the information based on the obfuscation level. OM 232 may determine an obfuscation level for a particular portion of information based on obfuscation rules data store 228. Obfuscation rules data store 228 may include one or more files, tables, databases, or other data structure that represents rules for obscuring private information. For example, obfuscation rules data store 228 may include a set of privacy levels and an obfuscation level corresponding to each privacy level. In some examples, the obfuscation levels indicate one or more techniques to obscure information, such as blurring text, replacing characters with placeholder characters, changing a font (e.g., size, color, type, or other attribute), dimming a screen, increasing the speed of audio data, replacing audible words with a generic audible tone, etc." Para 0070 " In some examples, OM 232 may determine a single obfuscation level for all of the information to be output by computing device 210. In other words, IPM 230 may determine to obscure all of the information using same obfuscation techniques. In some instances, IPM 230 may determine the single obfuscation level based on the highest privacy level associated with the information. For instance, if IPM 230 determines the privacy level for a particular portion of information is "private" and the privacy level for another portion of the information is "very private," OM 232 may determine the obfuscation level for both portions of information should be the obfuscation level corresponding to a "very private" privacy level. Thus, in examples where a privacy level of "private" corresponds to dimming the screen brightness and a privacy level of "very private" corresponds to blurring text, OM 232 may determine that PSD 212 should display blurred text when outputting the information." The motivation would have been to obscure private information output by the computing device." Para 0071 " In some examples, OM 232 determines a privacy level for each respective portion of information. For instance, if the information to be output by computing device 210 includes personally identifiable information and financial information, IPM 230 may determine the privacy level for personally identifiable information is 90 out of 100 and the privacy level for financial information is 70 out of 100. OM 232 may query obfuscation rules data store 228 and determine that a privacy level of 90 corresponds to the high obfuscation level, such that the personally identifiable information is obscured by replacing the personally identifiable information with placeholder characters. Similarly, OM 232 may query obfuscation rules data store 228 and may determine that a privacy level of 70 corresponds to a medium obfuscation level, such that the financial information is obscured by truncating the information to only display a portion of the financial information or by removing reference to units. For instance, as illustrated by graphical user interface 114 of FIG. 1, OM 232 may determine that personally identifiable information (e.g., social security numbers) should be obscured by replacing digits [0-9] with letters, and that the financial information (e.g., salary) should be obscured by removing reference to whether the salary is hourly, annually, or some other unit." Though Ezrielev discloses obfuscation, Sharifi discloses assign a first data sensitivity level to a first portion of the data relating to the data interaction based on data properties of the first portion of the data. The motivation would have been to obscure private information output by the computing device."). As per claim 6, Ezrielev in view of Schmatz, Barve and Sharifi discloses: The system of Claim 3, wherein the processor is further configured to: assign a first data sensitivity level to a first portion of the data relating to the data interaction based on data properties of the first portion of the data; identify a first obfuscating level associated with the assigned first data sensitivity level; determine that second portion of the data relating to the data interaction does not comprise sensitive data based on the data properties of the second portion of the data; in response to determining that the second portion of the data does not comprise sensitive data, determine not to obfuscate the second portion of the data; and generate the obfuscated data by obfuscating only the first portion of the data relating to the data interaction using one or more data obfuscating algorithms associated with the first obfuscating level The system of Claim 3, wherein the processor is further configured to: assign a first data sensitivity level to a first portion of the data relating to the data interaction based on data properties of the first portion of the data; identify a first obfuscating level associated with the assigned first data sensitivity level; assign a second data sensitivity level to a second portion of the data relating to the data interaction based on the data properties of the second portion of the data; identify a second obfuscating level associated with the assigned second data sensitivity level; generate the obfuscated data by: obfuscating the first portion of the data relating to the data interaction using one or more data obfuscating algorithms associated with the first obfuscating level; and obfuscating the second portion of the data relating to the data interaction using one or more data obfuscating algorithms associated with the second obfuscating level. (Sharifi para 0069 "OM 232 may determine an obfuscation level for each portion of the information and may output an indication of the obfuscation level to UI module 220, such that UI module 220 may cause PSD 212 to obscure a portion of the information based on the obfuscation level. OM 232 may determine an obfuscation level for a particular portion of information based on obfuscation rules data store 228. Obfuscation rules data store 228 may include one or more files, tables, databases, or other data structure that represents rules for obscuring private information. For example, obfuscation rules data store 228 may include a set of privacy levels and an obfuscation level corresponding to each privacy level. In some examples, the obfuscation levels indicate one or more techniques to obscure information, such as blurring text, replacing characters with placeholder characters, changing a font (e.g., size, color, type, or other attribute), dimming a screen, increasing the speed of audio data, replacing audible words with a generic audible tone, etc." Para 0070 " In some examples, OM 232 may determine a single obfuscation level for all of the information to be output by computing device 210. In other words, IPM 230 may determine to obscure all of the information using same obfuscation techniques. In some instances, IPM 230 may determine the single obfuscation level based on the highest privacy level associated with the information. For instance, if IPM 230 determines the privacy level for a particular portion of information is "private" and the privacy level for another portion of the information is "very private," OM 232 may determine the obfuscation level for both portions of information should be the obfuscation level corresponding to a "very private" privacy level. Thus, in examples where a privacy level of "private" corresponds to dimming the screen brightness and a privacy level of "very private" corresponds to blurring text, OM 232 may determine that PSD 212 should display blurred text when outputting the information." The motivation would have been to obscure private information output by the computing device." Para 0071 " In some examples, OM 232 determines a privacy level for each respective portion of information. For instance, if the information to be output by computing device 210 includes personally identifiable information and financial information, IPM 230 may determine the privacy level for personally identifiable information is 90 out of 100 and the privacy level for financial information is 70 out of 100. OM 232 may query obfuscation rules data store 228 and determine that a privacy level of 90 corresponds to the high obfuscation level, such that the personally identifiable information is obscured by replacing the personally identifiable information with placeholder characters. Similarly, OM 232 may query obfuscation rules data store 228 and may determine that a privacy level of 70 corresponds to a medium obfuscation level, such that the financial information is obscured by truncating the information to only display a portion of the financial information or by removing reference to units. For instance, as illustrated by graphical user interface 114 of FIG. 1, OM 232 may determine that personally identifiable information (e.g., social security numbers) should be obscured by replacing digits [0-9] with letters, and that the financial information (e.g., salary) should be obscured by removing reference to whether the salary is hourly, annually, or some other unit." Though Ezrielev discloses obfuscation, Sharifi discloses assign a first data sensitivity level to a first portion of the data relating to the data interaction based on data properties of the first portion of the data. The motivation would have been to obscure private information output by the computing device."). As per claim 11, the claim is analyzed with respect to claim 4. As per claim 12, the claim is analyzed with respect to claim 5. As per claim 13, the claim is analyzed with respect to claim 6. As per claim 18, the claim is analyzed with respect to claim 4. As per claim 19, the claim is analyzed with respect to claim 5. As per claim 20, the claim is analyzed with respect to claim 6. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GARY S GRACIA/Primary Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

Jul 29, 2024
Application Filed
Jan 07, 2026
Non-Final Rejection mailed — §103
Mar 18, 2026
Response Filed
May 07, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682027
Access Control Using User Behavior Profile and Storage System-Based Multi-Factor Authentication
5y 1m to grant Granted Jul 14, 2026
Patent 12682236
METHOD AND SYSTEM FOR LIGHTWEIGHTING ARTIFICIAL NEURAL NETWORK MODEL, AND NON-TRANSITORY COMPUTER-READABLE RECORDING MEDIUM
2y 10m to grant Granted Jul 14, 2026
Patent 12682095
PLUGGABLE DATA TAXONOMY AND PROCESSING
3y 2m to grant Granted Jul 14, 2026
Patent 12671597
SECURE IDENTITY CARD USING UNCLONABLE FUNCTIONS
4y 4m to grant Granted Jun 30, 2026
Patent 12645793
Known-Deployed File Metadata Repository and Analysis Engine
5y 0m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
71%
Grant Probability
99%
With Interview (+48.7%)
3y 4m (~1y 5m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 563 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month