Prosecution Insights
Last updated: May 04, 2026
Application No. 18/816,806

AUTONOMIC INCIDENT RESPONSE SYSTEM

Final Rejection §102§DP
Filed
Aug 27, 2024
Priority
Aug 04, 2021 — continuation of 12/113,810
Examiner
HOFFMAN, BRANDON S
Art Unit
2433
Tech Center
2400 — Computer Networks
Assignee
802 Secure Inc.
OA Round
2 (Final)
91%
Grant Probability
Favorable
3-4
OA Rounds
10m
Est. Remaining
97%
With Interview

Examiner Intelligence

Grants 91% — above average
91%
Career Allowance Rate
1131 granted / 1245 resolved
+32.8% vs TC avg
Moderate +6% lift
Without
With
+6.4%
Interview Lift
resolved cases with interview
Typical timeline
2y 6m
Avg Prosecution
25 currently pending
Career history
1270
Total Applications
across all art units

Statute-Specific Performance

§101
7.7%
-32.3% vs TC avg
§103
34.8%
-5.2% vs TC avg
§102
33.8%
-6.2% vs TC avg
§112
5.2%
-34.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 1245 resolved cases

Office Action

§102 §DP
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Claims 12-31 are pending in this office action. Information Disclosure Statement The information disclosure statement (IDS) submitted on August 27, 2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Specification The disclosure is objected to because of the following informalities: the CROSS-REFERENCE TO RELATED APPLICATIONS section needs updated to reflect applications that have matured into patents. Appropriate correction is required. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 12-31 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 12,113,810. Although the claims at issue are not identical, they are not patentably distinct from each other because both application and patent claim: PATENT receiving an alert indicating a detected cyber threat incident on a monitored resource; collecting information about an entity associated with the detected cyber threat incident; pre-processing the collected information to generate entity footprint data, the entity footprint data comprising at least one of: system features, network features, or application features of the entity associated with the detected cyber threat incident; obtaining attack footprint data based on the generated entity footprint data; classifying the attack footprint data using statistical time series analysis, to identify an attack pattern; invoking a machine learning model to determine at least one response instruction based on the identified attack pattern; and generating a counter measure based on the at least one response instruction. INSTANT APPLICATION receiving information about a current state of a monitored resource; generating an alert indicating a detected cyber threat incident on the monitored resource based on the information about the current state of the monitored resource; pre-processing the information about the current state of the monitored resource, to generate entity footprint data, the entity footprint data comprising information about the alert and at least one of: system data associated with the monitored resource, network data associated with the monitored resource, or application data associated with the monitored resource; generating attack footprint data associated with the detected cyber threat incident based on the entity footprint data; generating a plurality of attack pattern data sets based on the attack footprint data; grouping a plurality of samples from the plurality of attack pattern data sets into a data structure; and determining attack pattern statistical metrics for the plurality of samples in the data structure. The patent further claims machine learning model and obtaining footprint data, whereas the instant application claims generating footprint data. It would have been obvious to generate footprint data (instant application) in order for the data to be obtained (patent) for use. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Barel (U.S. Patent Pub. No. 2016/0119365). Regarding claims 12 and 22, Barel teaches an autonomic incident detection and response system, comprising: at least one processor coupled to at least one memory storing instructions, which when executed by the at least one processor, cause the autonomic incident detection and response system to perform operations, the operations comprising (paragraph 0023): receiving information about a current state of a monitored resource (paragraph 0037); generating an alert indicating a detected cyber threat incident on the monitored resource based on the information about the current state of the monitored resource (paragraph 0037); pre-processing the information about the current state of the monitored resource, to generate entity footprint data, the entity footprint data comprising information about the alert and at least one of: system data associated with the monitored resource, network data associated with the monitored resource, or application data associated with the monitored resource (paragraph 0039); generating attack footprint data associated with the detected cyber threat incident based on the entity footprint data (paragraph 0039); generating a plurality of attack pattern data sets based on the attack footprint data (paragraph 0188); grouping a plurality of samples from the plurality of attack pattern data sets into a data structure (fig. 4); and determining attack pattern statistical metrics for the plurality of samples in the data structure (paragraph 0097-0097). Regarding claims 13 and 23, Barel teaches wherein the operations further comprise: determining an attack pattern associated with the alert based on the attack pattern statistical metrics; and identifying attack pattern attributes based on the determined attack pattern (paragraph 0160). Regarding claims 14 and 24, Barel teaches wherein the operations further comprise: based on the identified attack pattern attributes, providing at least one of: one or more detected threats, one or more response instructions, a vulnerability scanning service, or an asset inventory service (paragraph 0081). Regarding claims 15 and 25, Barel teaches wherein the attack pattern attributes include at least one of: (i) target information associated with the detected cyber threat incident, (ii) vulnerabilities information associated with the detected cyber threat incident, (iii) method information associated with the detected cyber threat incident, (iv) counter measure information associated with the detected cyber threat incident, or (v) consequence information associated with the detected cyber threat incident (paragraph 0036). Regarding claims 16 and 26, Barel teaches wherein: the one or more detected threats provide one or more attack pattern footprint data structures associated with the detected cyber threat incident with respect to the system data, the network data, or the application data; the one or more response instructions are used to counter measure the detected cyber threat incident; the vulnerability scanning service periodically analyzes the monitored resource to identify an existing vulnerability; the asset inventory service identifies physical and logical resources and flags an unauthorized physical or logical resource from the physical and logical resources (paragraph 0026). Regarding claims 17 and 27, Barel teaches wherein generating the attack footprint data associated with the detected cyber threat incident comprises: selecting, from the entity footprint data, numerical data having one or more variations; and selecting, from the numerical data, data having largest component values in a transformation matrix, to generate the attack footprint data (paragraph 0115). Regarding claims 18 and 28, Barel teaches wherein the transformation matrix transforms scaled x-values to a plurality of principal component analysis (PCA) components (paragraph 0115). Regarding claims 19 and 29, Barel teaches wherein the alert indicating the detected cyber threat incident is generated based on at least one of: (i) an anomaly behavior analysis, (ii) a signature-based detection against a cyber-attack, or (iii) a user biometric behavior analysis (paragraph 0168). Regarding claims 20 and 30, Barel teaches wherein the operations further comprise: storing the attack pattern statistical metrics for the plurality of samples in the data structure into a database (paragraph 0160). Regarding claims 21 and 31, Barel teaches wherein the information about the current state of the monitored resource is collected using a security information and event management (SIEM) process (paragraph 0036). Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON HOFFMAN whose telephone number is (571)272-3863. The examiner can normally be reached Monday-Friday 8:30AM-5:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BRANDON HOFFMAN/Primary Examiner, Art Unit 2433
Read full office action

Prosecution Timeline

Aug 27, 2024
Application Filed
Jan 07, 2026
Non-Final Rejection — §102, §DP
Feb 13, 2026
Response Filed
Apr 24, 2026
Final Rejection — §102, §DP (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12613957
A Method of Preventing Capture of an AI Module and an AI System Thereof
2y 1m to grant Granted Apr 28, 2026
Patent 12598185
DESCENDENT CASE ROLE ALIAS
2y 0m to grant Granted Apr 07, 2026
Patent 12597311
Access Control System for Electric Vehicle Charging
1y 11m to grant Granted Apr 07, 2026
Patent 12579293
SYSTEMS AND METHODS FOR API GATEWAY SYNCHRONIZATION WITH CLOUD STORAGE
2y 3m to grant Granted Mar 17, 2026
Patent 12579295
SYSTEMS AND METHODS FOR ELECTRONIC DEVICE ACCESS
1y 12m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
91%
Grant Probability
97%
With Interview (+6.4%)
2y 6m (~10m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 1245 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month