Office Action Predictor
Last updated: April 16, 2026
Application No. 18/825,562

SYSTEM AND METHOD FOR CLOUD-BASED OPERATING SYSTEM EVENT AND DATA ACCESS MONITORING

Non-Final OA §103
Filed
Sep 05, 2024
Examiner
BAROT, BHARAT
Art Unit
2453
Tech Center
2400 — Computer Networks
Assignee
F5, INC.
OA Round
1 (Non-Final)
88%
Grant Probability
Favorable
1-2
OA Rounds
2y 8m
To Grant
98%
With Interview

Examiner Intelligence

Grants 88% — above average
88%
Career Allow Rate
760 granted / 866 resolved
+29.8% vs TC avg
Moderate +10% lift
Without
With
+9.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
27 currently pending
Career history
893
Total Applications
across all art units

Statute-Specific Performance

§101
13.9%
-26.1% vs TC avg
§103
33.6%
-6.4% vs TC avg
§102
29.4%
-10.6% vs TC avg
§112
11.1%
-28.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 866 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Claims 1-20 are presented for examination. Notice for all Patent Application as subject to AIA In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-20 are rejected under AIA 35 U.S.C. 103 as being un-patentable over Kouznetsov (U.S. Patent Application Publication No. 2016/0156642 A1) in view of Reiter (U.S. Patent Application Publication No. 2014/0067377 A1). As to claim 1, Kouznetsov discloses a non-transitory computer readable medium having stored thereon instructions comprising executable code that, when executed by one or more processors (figure 2, pars. 0033-0034), causes the one or more processors to: collect event information from cloud-based information system services running on at least one container using an agent (figure 3, pars. 0037-0038 & 0044-0046, collecting event information from services running on an OS using an OC object manager); generate an event file by grouping and time stamping the event information; validate the event file to produce one or more validated event collections (figure 1, pars. 0026-0027, figure 3, pars. 0047-0049, figure 4, pars. 0055-0056, generating and validating events group); serialize the one or more validated event collections into a real-time event stream (figures 3-4, pars. 0050, 0053 & 0058, serializing virtual events into real-time stream); filter the one or more validated event collections to remove redundant structured event payloads (figures 3-4, pars. 0053-0054 & 0057-0058, filtering virtual events for reducing loads); generate threat intelligence based on the filtered one or more validated event collections (figure 4, pars. 0008-0009 & 0058-0059, detecting threat based on the filtered virtual events); and generate alerts for a customer to the raw event logs (figure 1, par. 0027, producing alerts for the events). However, Kouznetsov does not explicitly teach that generate threat intelligence from raw event logs, wherein the raw event logs are based on the filtered one or more validated event collections; and generate alerts for a customer by applying customer-specific rules to the raw event logs. Reiter teaches that generate threat intelligence from raw event logs, wherein the raw event logs are based on the validated event collections; and generate alerts for a customer by applying customer-specific rules to the raw event logs (figure 1, pars. 0016, 0018 & 0021-0022, figure 4, pars. 0095-0097, reference teaches about determining causes of an alert from the raw event logs and generating an awareness text based on user rules). It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to incorporate the teaching of Reiter as stated above with the apparatus/method of Kouznetsov for generating threat intelligence from raw event logs and generating alerts for a user by using user rules to the raw event logs because it would have improved utilization and efficiency of the system by providing situational awareness related to the alert condition to the user. As to claim 2, Kouznetsov does not explicitly teach that identify vulnerabilities posed to cataloged assets, wherein the cataloged assets are based on the raw event logs; and generate a threat corpus based on the identified vulnerabilities and based on data from a national database of known security threats. Reiter teaches that identify vulnerabilities posed to cataloged assets, wherein the cataloged assets are based on the raw event logs (figure 1, pars. 0031, 0033, 0043, figure 4, par. 0095, identifying causes of an alert condition based on the raw event logs); and generate a threat corpus based on the identified vulnerabilities and based on data from a national database of known security threats (figure 1, pars. 0026, 0048, figure 4, par. 0097, generating an awareness text using historical data contain information related to a previous alert condition, action taken, and result). It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to incorporate the teaching of Reiter as stated above with the apparatus/method of Kouznetsov for identifying causes of an alert condition and generating an awareness text using historical data because it would have improved utilization and efficiency of the system by providing situational awareness related to the alert condition to the user. As to claim 3, Kouznetsov discloses that the at least one container comprises a Docker container (figure 1, pars. 0024-0025, figure 3, pars. 0037-0038 & 0044-0046, OS using an OS object manager for loading and unloading events and also UIM loading and unloading events to a datalogger). As to claim 4, Kouznetsov discloses that the collected event information comprises real-time continuous event information from an operating system kernel (figure 3, par. 0039). As to claim 5, Kouznetsov does not teach that the alerts are generated based on a time window, frequency threshold, a system criteria, and a user criteria. Reiter teaches that the alerts are generated based on a time window, frequency threshold, a system criteria, and a user criteria (pars. 0019, 0044, 0047, figure 7, par. 0102). It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to incorporate the teaching of Reiter as stated above with the apparatus/method of Kouznetsov for generating alerts based on time, threshold, and user criteria because it would have improved utilization and efficiency of the system by providing situational awareness related to the alert condition to the user. As to claims 6-10, they are also rejected for the same reasons set forth to rejecting claims 1-5 above, since claims 6-10 are merely method of operations for the program product for the claims 1-5, and claims 6-10 do not teach or define any new limitations than above rejected claims 1-5. As to claims 11-15, they are also rejected for the same reasons set forth to rejecting claims 1-5 above, since claims 11-15 are merely an apparatus for the program product for the claims 1-5, and claims 11-15 do not teach or define any new limitations than above rejected claims 1-5. As to claims 16-20, they are also rejected for the same reasons set forth to rejecting claims 1-5 above, since claims 16-20 are merely an apparatus for the program product for the claims 1-5, and claims 16-20 do not teach or define any new limitations than above rejected claims 1-5. Additional References The examiner as of general interest cites the following references. Pereira et al, U.S. Patent Application Publication No. 2019/0050560 A1. Reiter et al, U.S. Patent Application Publication No. 2016/0217133 A1. Content Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to Bharat Barot whose telephone number is (571)272-3979. The examiner can normally be reached on 7:00AM-3:30PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on (571)272-5863. The fax phone number for the organization where this application or proceeding is assigned is (571)273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BHARAT BAROT/Primary Examiner, Art Unit 2453December 16, 2025
Read full office action

Prosecution Timeline

Sep 05, 2024
Application Filed
Dec 27, 2025
Non-Final Rejection — §103
Mar 31, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12585809
PRIVACY-PRESERVING DATA PROCESSING FOR CONTENT DISTRIBUTION
2y 5m to grant Granted Mar 24, 2026
Patent 12580771
INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM
2y 5m to grant Granted Mar 17, 2026
Patent 12579244
SHARED VIRTUAL REALITY SYSTEM USING WEARABLE ACCESSARY
2y 5m to grant Granted Mar 17, 2026
Patent 12574287
DETERMINING INTERNET PROTOCOL (IP) ADDRESSES FOR SCANNING IN WIRELESS NETWORK
2y 5m to grant Granted Mar 10, 2026
Patent 12572557
DATA DIGITIZATION VIA CUSTOM INTEGRATED MACHINE LEARNING ENSEMBLES
2y 5m to grant Granted Mar 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
88%
Grant Probability
98%
With Interview (+9.9%)
2y 8m
Median Time to Grant
Low
PTA Risk
Based on 866 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month