Prosecution Insights
Last updated: July 17, 2026
Application No. 18/894,372

Prediction of False Positive Cybersecurity Detections

Final Rejection §101§102
Filed
Sep 24, 2024
Examiner
IDOWU, OLUGBENGA O
Art Unit
2494
Tech Center
2400 — Computer Networks
Assignee
CrowdStrike Inc.
OA Round
2 (Final)
71%
Grant Probability
Favorable
3-4
OA Rounds
1y 6m
Est. Remaining
90%
With Interview

Examiner Intelligence

Grants 71% — above average
71%
Career Allowance Rate
464 granted / 650 resolved
+13.4% vs TC avg
Strong +19% interview lift
Without
With
+19.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 3m
Avg Prosecution
25 currently pending
Career history
677
Total Applications
across all art units

Statute-Specific Performance

§101
0.5%
-39.5% vs TC avg
§103
82.5%
+42.5% vs TC avg
§102
14.8%
-25.2% vs TC avg
§112
0.5%
-39.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 650 resolved cases

Office Action

§101 §102
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) “by the computer system,” but nothing in the claim element precludes the steps from practically being performed in the human mind with the aid of pen and paper. This judicial exception is not integrated into a practical application. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Claim 1: Step 2a, prong 1: The limitations of claim 1 “comparing, by the computer system… generating, by the computer system …” as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitations in the human mind with the aid of pen and paper but for the recitation of generic computer components. Except for the words “by the computer system,” nothing in the claim element precludes the steps from practically being performed in the human mind with the aid of pen and paper. For example, but for the “by the computer system” language, the steps of “comparing, … generating, …” encompass a user predicting a false positive cybersecurity detection based on a cybersecurity detection and a false positive cybersecurity detection characteristic. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. Prong 2: This judicial exception is not integrated into a practical application. In particular, the claim recites the additional elements “by the computer system” to perform the steps “comparing, … generating, …” The computer system of these steps are recited at a high-level of generality (i.e., as a generic computer performing generic computer functionality) such that it amounts to no more than mere instructions to apply the exception using a generic computer component. The claim is directed to an abstract idea. Step 2b: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using “the computer system” to perform the steps “comparing, … generating, …” amounts to no more than mere instructions to apply the exception using generic computer. Mere instructions to apply an exception using a generic computer cannot provide an inventive concept. Hence, these additional elements do not amount to an inventive concept. The claim is not patent eligible. Dependent claims 2-5 further recite using machine learning models to implement the abstract idea. These claims merely invokes the use of generic computers to perform the abstract idea and do not include any details about how the generating steps are accomplished. See MPEP 2106.05(f). Furthermore, the recitation of “using a machine learning model” also merely indicates a field of use or technological environment in which the judicial exception is performed. This type of limitation merely confines the use of the abstract idea to a particular technological environment (machine learning) and thus fails to add an inventive concept to the claims. See MPEP 2106.05(h). Note: the further recitation of training a ML model as recited in claim 4 are inherent steps to the training of a ML model to perform such a prediction. Hence, these claims are not patent eligible. Response to Arguments Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot based on new grounds of rejection. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1 – 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ding, publication number: US 2024/0250979. As per claim 1, Ding teaches a method executed by a computer system that generates a false positive cybersecurity prediction, comprising: comparing, by the computer system, a cybersecurity detection to [[a]] false positive cybersecurity detection characteristics profile representing false positive kernel activity determined to be normal computer behavior (determining probability of exploitation, [0094-0096]); and generating, by the computer system, the false positive cybersecurity prediction based on the comparing of the cybersecurity detection to the false positive cybersecurity detection characteristics profile representing the false positive kernel activity determined to be the normal computer behavior (Ranking based on probability, [0097]). As per claim 2, Ding teaches further comprising generating the false positive cybersecurity prediction using a machine learning model (Machine learning model, [0074]). As per claim 3, Ding teaches further comprising generating the false positive cybersecurity detection characteristics profile using a machine learning model (Machine learning model, [0074]). As per claim 4, Ding teaches further comprising generating the false positive cybersecurity prediction using a machine learning model trained using the false positive kernel activity determined to be the normal computer behavior (Prediction, [0096]). As per claim 5, Ding teaches further comprising generating the false positive cybersecurity prediction using a machine learning model trained using three-dimensional graphical data representing the false positive kernel activity determined to be the normal computer behavior (Knowledge graphs, [0024]). As per claim 6, Ding teaches at least one computer system that generates a false positive cybersecurity prediction, comprising: at least one central processing unit; and at least one memory device storing instructions that, when executed by the at least one central processing unit, perform operations, the operations comprising: pre-screening a cybersecurity detection by routing the cybersecurity detection to a false positive prediction service (using trained models to determine vulnerability probabilities, [0094][0104]); comparing the cybersecurity detection to a false positive cybersecurity detection profile associated with the false positive prediction service, the false positive cybersecurity detection profile generated by a machine learning model trained using an entitative batch of false positive kernel activity determined to be normal computer behavior associated with an entity (determining probabilities, [0094-0096]); and generating the false positive cybersecurity prediction based on the comparing of the cybersecurity detection to the false positive cybersecurity detection profile generated by the machine learning model (Ranking based on probabilities, [0097]). As per claim 7, Ding teaches wherein the operations further comprise determining the cybersecurity detection conforms to the false positive cybersecurity detection profile (Using machine learning models to determine probabilities, [0095]). As per claim 8, Ding teaches wherein the operations further comprise categorizing the cybersecurity detection as false positive (Ranking [0097]). As per claim 9, Ding teaches wherein the operations further comprise determining the cybersecurity detection fails to conform to the false positive cybersecurity detection profile (Ranking, [0097]). As per claim 10, Ding teaches wherein the operations further comprise categorizing the cybersecurity detection as true positive (Ranking, [0097]). As per claim 11, Ding teaches wherein the operations further comprise grouping the false positive cybersecurity detections based on the entity (Vendor, [0094], Platform – table 1). As per claim 12, Ding teaches wherein the operations further comprise grouping the false positive cybersecurity detections based on devices associated with the entity (device, [0045]). As per claim 13, Ding teaches wherein the operations further comprise grouping the false positive cybersecurity detections based on users associated with the entity (Repositories, [0031], vendors [0094], Table 1). As per claim 14, Ding teaches wherein the operations further comprise grouping the false positive cybersecurity detections based on an operating system process associated with the entity (Software, [0062]). As per claim 15, Ding teaches a memory device storing instructions that, when executed by at least one central processing unit, perform operations that generate a false positive cybersecurity prediction, the operations comprising: pre-screening a cybersecurity detection by routing the cybersecurity detection to a false positive prediction service (determining probability of exploitation, [0094-0096]); comparing the cybersecurity detection to a false positive cybersecurity detection profile associated with the false positive prediction service, the false positive cybersecurity detection profile generated by a graph machine learning model trained using graphical data representing an entitative batch of false positive kernel activity determined to be normal computer behavior, the graphical data having weighted edges representing false positive cybersecurity detection characteristics associated with an entity (determining probabilities, [0094-0096], data having severity scores, [0064][0071], knowledge graphs, [0024]); and generating a false positive cybersecurity prediction based on the comparing of the cybersecurity detection to the false positive cybersecurity detection profile generated by the graph machine learning model (Ranking based on probabilities, [0097]). As per claim 16, Ding teaches wherein the operations further comprise determining the cybersecurity detection conforms to the false positive cybersecurity detection profile (Prediction, [0096]). As per claim 17, Ding teaches wherein the operations further comprise categorizing the cybersecurity detection as false positive (Prediction, [0096]). As per claim 18, Ding teaches wherein the operations further comprise grouping the false positive cybersecurity detections based on the entity (vendor, [0094], platforms- table 1). As per claim 19, Ding teaches wherein the operations further comprise grouping the false positive cybersecurity detections based on devices associated with the entity (devices, [0045][0062]). As per claim 20, Ding teaches wherein the operations further comprise grouping the false positive cybersecurity detections based on users associated with the entity (Repositories, [0031], vendors [0094], Table 1). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLUGBENGA O IDOWU whose telephone number is (571)270-1450. The examiner can normally be reached Monday-Friday 8am - 5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached at 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /OLUGBENGA O IDOWU/Primary Examiner, Art Unit 2494
Read full office action

Prosecution Timeline

Sep 24, 2024
Application Filed
Jan 12, 2026
Non-Final Rejection mailed — §101, §102
Feb 04, 2026
Applicant Interview (Telephonic)
Feb 06, 2026
Examiner Interview Summary
Apr 10, 2026
Response Filed
Jun 04, 2026
Final Rejection mailed — §101, §102
Jun 23, 2026
Applicant Interview (Telephonic)
Jul 10, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670410
PRIVACY ENHANCED FEDERATED TRAINING AND INFERENCE OVER VERTICALLY AND HORIZONTALLY PARTITIONED DATA
3y 4m to grant Granted Jun 30, 2026
Patent 12665777
BLOCKCHAIN-BASED DATA PROCESSING METHOD AND APPARATUS, DEVICE, MEDIUM, AND PRODUCT
2y 7m to grant Granted Jun 23, 2026
Patent 12659166
BIOSECURITY CONTROL SYSTEM BASED ON BLOCKCHAIN TECHNOLOGY FOR REGULATION AND MONITORING THE PRINTING OF GENETIC SEQUENCES
2y 0m to grant Granted Jun 16, 2026
Patent 12652181
MANAGEMENT SYSTEM, CONTENT MANAGEMENT METHOD, AND STORAGE MEDIUM FOR MANAGING CONTENT DATA USING BLOCKCHAIN
2y 5m to grant Granted Jun 09, 2026
Patent 12634145
CRYPTOGRAPHIC TRUST SYSTEM FOR ELECTRONIC COMMUNICATIONS INTEGRITY USING TUPLE SPACES AND MESSAGING USER AGENTS
2y 4m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
71%
Grant Probability
90%
With Interview (+19.1%)
3y 3m (~1y 6m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 650 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month