Prosecution Insights
Last updated: July 17, 2026
Application No. 18/888,964

Computer-Implemented Method of Providing a Technical Assessment for Certification Of A Managed Cybersecurity Service Provider

Final Rejection §103
Filed
Sep 18, 2024
Priority
Sep 29, 2023 — provisional 63/586,505
Examiner
SHINGLES, KRISTIE D
Art Unit
2453
Tech Center
2400 — Computer Networks
Assignee
Spectra Ltd.
OA Round
2 (Final)
82%
Grant Probability
Favorable
3-4
OA Rounds
1y 0m
Est. Remaining
96%
With Interview

Examiner Intelligence

Grants 82% — above average
82%
Career Allowance Rate
656 granted / 797 resolved
+24.3% vs TC avg
Moderate +13% lift
Without
With
+13.4%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
27 currently pending
Career history
829
Total Applications
across all art units

Statute-Specific Performance

§101
1.5%
-38.5% vs TC avg
§103
51.6%
+11.6% vs TC avg
§102
42.2%
+2.2% vs TC avg
§112
0.2%
-39.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 797 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Response to Amendment Claims 1 and 3-11 have been amended. Claims 1-11 are pending. Response to Arguments Applicant’s arguments with respect to the pending claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 I. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. II. CLAIMS 1-11 are rejected under 35 U.S.C. 103 as being unpatentable over GARYANI et al (US 2023/0107335) in view of BEHL et al (USPN 11,575,499). Per claim 1, GARYANI et al teach a computer-implemented method of providing a technical assessment for certification of a in providing a cybersecurity service in a field, the method being implemented with computer processes carried out by a certification agent server system, the computer processes comprising: receiving and storing, by the certification agent server system, general organizational and performance data of the managed cybersecurity service provider, such data being obtained from the managed cybersecurity service provider and a set of auditors (paras 0037, 0086, 0092, 0268-269—auditors, agents and user agent; paras 0065, 0082, 0126-128, 0311-317—detecting a cybersecurity attack against customers of a service provider, storing activity data and performance level constraints of service providers following cybersecurity attacks for cyberattack risk mitigation); receiving and storing, by the certification agent server system, (i) organizational and performance data of the managed cybersecurity service provider in providing its service in the field, (ii) the managed cybersecurity service provider ’s system architecture configuration data for providing its service in the field, (iii) the managed cybersecurity service provider ’s qualification data for providing its service in the field, (v) data characterizing cyber risk exposure of the managed cybersecurity service provider in providing its service in the field (paras 0071-73, 0075, 0083—customer-localized cybersecurity attack detection tool configured to perform an analysis of the shared activity subset of the dataset, calculate probabilities and statistical measures based on environmental parameters including anomaly detection; paras 0067, 0127-128, 0261, 0311—generating a security alert, enhancing a security requirement, auditing or suspending an account, credentialed access authentication; paras 0250-260, 0311—risk mitigation executed by cybersecurity tool); processing, by the certification agent server system, the received data in relation to a set of benchmarks defining technical performance by the managed cybersecurity service provider in providing its service in the field to arrive at a determination if the managed cybersecurity service provider is providing its service in the field in a reliable manner (paras 0021, 0031-32, 0312-314—providing performance level constraints for assessing performance satisfaction); and causing, by the certification agent server system, the determination to be supplied as an output (paras 0003, 0311, 0315-338—sharing, providing and reporting anomaly analysis based on attack detection). GARYANI et al teach the limitations as applied above along with implementation into economic and business practices (para 0352), yet fail to explicitly teach the claimed feature of “(iv) financial data as to charges by the managed cybersecurity service provider for providing its service in the field”. However, BEHL et al teach a managed service provider, MSP, processing, storing and validating transactions in a blockchain ledger via smart contracts and cryptographic trust services for asset exchange transactions (col.5 line 18-col.6 line 54, col.6 lines 31-42). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed the invention to combine the teachings of GARYANI et al with BEHL et al for the purpose of receiving financial data associated with the service provider, which is well-known in the art for logging and assessing the validity of the financial data. Per claim 2, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the field is selected from the group consisting of (i) backup as a service, (ii) disaster recovery as a service, (iii) firewall as a service, (iv) business email protection as a service, (v) managed endpoint security as a service, and (vi) any other similar service (paras 0039, 0222, 0250, 0311—backup, restore, endpoint security via location blocking, access restriction, firewall services, etc.). Per claim 3, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the computer processes include: processing, by the certification agent server system, the received general organizational and performance data of the managed cybersecurity service provider to arrive at an initial determination of the managed cybersecurity service provider’s ability to deliver services in an initial certifiable manner (paras 0067, 0260-263, 0311—requiring multifactor authentication, requiring human review of access requests; paras 0031, 0046-48, 0052—sharing anomaly analysis data based on machine learning and tools for attack detection among customers of a service provider). Per claim 4, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the general organizational and performance data, in a context of evaluating the managed cybersecurity service provider for certification, comprises data relating to a management and a performance in providing services that apply to the managed cybersecurity service provider as a whole (paras 0131-134, 0137, 0139—evaluating anomalousness using statistical models to decide which entities are suspicious with detection alerts processed by security researchers inside a service provider). Per claim 5, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the organizational and performance data, in a context of evaluating the managed cybersecurity service provider for certification, comprises data relating to a management and a performance in providing the service in the field by the managed cybersecurity service provider (paras 0065, 0082, 0126-128, 0311-317—detecting a cybersecurity attack against customers of a service provider, storing activity data and performance level constraints of service providers). Per claim 6, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the system architecture configuration data for providing its service in the field, in a context of evaluating the managed cybersecurity service provider for certification, comprises data relating to a computer architecture, including communications between computing entities, in providing the service in the field by the managed cybersecurity service provider (paras 0131-134, 0137, 0139—evaluating anomalousness using statistical models to decide which entities are suspicious with detection alerts processed by security researchers inside a service provider). Per claim 7, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the qualification data for providing its service in the field, in a context of evaluating the managed cybersecurity service provider for certification, comprises data relating to a specialty knowledge, qualifications, or experience of the managed cybersecurity service provider to manage the providing of the service in the field (paras 0067, 0260-263, 0311—requiring multifactor authentication, requiring human review of access requests; paras 0031, 0046-48, 0052—sharing anomaly analysis data based on machine learning and tools for attack detection among customers of a service provider; para 0135—credentials of virtual machines for gaining access). Per claim 8, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, BEHL et al further teach wherein the financial data as to the charges by the managed cybersecurity service provider for providing its service in the field, in a context of evaluating the managed cybersecurity service provider for certification, comprises data relating to a financial value of the service in the field provided by the managed cybersecurity service provider (col.5 line 18-col.6 line 54, col.6 lines 31-42—processing, storing and validating transactions in a blockchain ledger via smart contracts and cryptographic trust services for asset exchange transactions). Per claim 9, GARYANI et al with BEHL et al teaches the computer-implemented method according to claim 1, GARYANI et al further teach wherein the data characterizing cyber risk exposure of the managed cybersecurity service provider in offering its service in the field, in a context of evaluating the managed cybersecurity service provider for certification, comprises data relating to an exposure of the managed cybersecurity service provider in specific risk scenarios (paras 0065, 0082, 0126-128, 0311-317—detecting a cybersecurity attack against customers of a service provider, storing activity data and performance level constraints of service providers following cybersecurity attacks for cyberattack risk mitigation). Per claim 10, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein a data source of the organizational data performance data of the managed cybersecurity service provider in providing its service in the field, the managed cybersecurity service provider’s architectural configuration data for providing its service in the field, the managed cybersecurity service provider’s qualification data for providing its service in the field, the financial data as to the charges by the managed cybersecurity service provider for providing its service in the field, and the data characterizing the cyber risk exposure of the managed cybersecurity service provider in providing its service in the field, is selected from the group consisting of: data of the managed cybersecurity service provider from audit sources; data from historical performance and success rate of service of the managed cybersecurity service provider; and data from scenario based cyber risk exposure (paras 0005, 0031, 0067, 0343—analysis of historic data to determine anomalous patterns, enhancing security requirements using auditing and auditors; BEHL et al: col.2 lines 8-29—self-auditing to determine compromised applications). Per claim 11, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the set of benchmarks comprises minimum requirements that apply to the service in the field with which the managed cybersecurity service provider must comply (paras 0005, 0067, 0127-128—enhancing security requirements of the service provider, mitigation may be performed to heighten resource access requirements, increase logging and auditing, suspend account access, enhancing security requirements (by requiring multifactor authentication, requiring human review of access requests, etc.), increasing logging or auditing or both, suspending an account, or invoking additional mitigation tool(s); para 0112, 0229—service provider provides a security service to a particular customer pursuant to an agreement). Conclusion III. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. WO 20204/073843; WO 2024/211703. IV. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. V. Any inquiry concerning this communication or earlier communications from the examiner should be directed to KRISTIE D SHINGLES whose telephone number is (571)272-3888. The examiner can normally be reached on Monday-Thursday 10am-7pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal Divecha can be reached on 571-272-5863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KRISTIE D SHINGLES/ Primary Examiner, Art Unit 2453
Read full office action

Prosecution Timeline

Sep 18, 2024
Application Filed
Dec 08, 2025
Non-Final Rejection mailed — §103
Mar 09, 2026
Response Filed
Mar 09, 2026
Interview Requested
Apr 10, 2026
Applicant Interview (Telephonic)
Apr 10, 2026
Examiner Interview Summary
May 06, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683939
DEVICE AND A METHOD FOR THE DEVICE
2y 2m to grant Granted Jul 14, 2026
Patent 12683980
STREAMING AND FILTERING EVENT OBJECTS INTO A DATA LAKE
1y 10m to grant Granted Jul 14, 2026
Patent 12665927
SYSTEMS AND METHODS FOR INTERCEPTING CONVERGENT DATA STREAMS
2y 6m to grant Granted Jun 23, 2026
Patent 12652321
TECHNIQUES FOR DYNAMIC RESOLUTIONS
4y 10m to grant Granted Jun 09, 2026
Patent 12645821
EVENT INTEGRATED ACCESS GRAPH DATA MANAGEMENT
2y 3m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
82%
Grant Probability
96%
With Interview (+13.4%)
2y 10m (~1y 0m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 797 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month