Prosecution Insights
Last updated: July 17, 2026
Application No. 18/958,268

REVERSE SHELL DETECTION

Non-Final OA §102
Filed
Nov 25, 2024
Priority
Dec 28, 2023 — CN 202311842128.8
Examiner
IDOWU, OLUGBENGA O
Art Unit
2494
Tech Center
2400 — Computer Networks
Assignee
Beijing Volcano Engine Technology Co., Ltd.
OA Round
1 (Non-Final)
71%
Grant Probability
Favorable
1-2
OA Rounds
1y 8m
Est. Remaining
90%
With Interview

Examiner Intelligence

Grants 71% — above average
71%
Career Allowance Rate
464 granted / 650 resolved
+13.4% vs TC avg
Strong +19% interview lift
Without
With
+19.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 3m
Avg Prosecution
25 currently pending
Career history
677
Total Applications
across all art units

Statute-Specific Performance

§101
0.5%
-39.5% vs TC avg
§103
82.5%
+42.5% vs TC avg
§102
14.8%
-25.2% vs TC avg
§112
0.5%
-39.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 650 resolved cases

Office Action

§102
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1 – 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kraemer, publication number: US 2017/0270296. As per claims 1 and 20, Kraemer teaches a reverse shell detection method, comprising: obtaining a first shell command (Command shell, [0083]); performing syntax analysis on the first shell command to obtain a command execution intention for the first shell command (analyze syntax to detect nature of initiated command, [0085-0086]); determining a command execution path corresponding to the first shell command based on the command execution intention (determining if there is a connection to an external server, [0014][0045][0107]); and in response to at least one node in the command execution path satisfying a first predetermined condition, determining whether the first shell command is a reverse shell intrusion command (Tracking API calls, [0085], remediating reverse command shell, [0091]). As per claim 2, Kraemer teaches wherein the first shell command is generated by a first server, and the first shell command is configured to cause the first server to access a second server (Remote network connection, [0017][0030]). As per claim 3, Kraemer teaches wherein performing the syntax analysis on the first shell command to obtain the command execution intention for the first shell command comprises: performing semantic parsing on the first shell command to obtain at least one command element in the first shell command; and performing intention analysis on the at least one command element to obtain the command execution intention (Analyzing command to detect nature of command, [0085-0086]). As per claim 4, Kraemer teaches wherein performing the intention analysis on the at least one command element to obtain the command execution intention comprises: determining a first code language of the first shell command; obtaining an intention tag library corresponding to the first code language based on the first code language, wherein the intention tag library comprises a function attribute of at least a portion of basic commands in the first code language; and parsing the at least one command element based on the intention tag library to obtain a command execution intention for each of the command elements (Command line interpretation, [0025][0085]). As per claim 5, Kraemer teaches wherein parsing the at least one command element based on the intention tag library to obtain the command execution intention for each of the command elements comprises: obtaining a basic command and an execution object of the basic command in one of the command elements; and obtaining the command execution intention for each of the command elements based on a function attribute of the basic command and the execution object of the basic command (Analyzing API calls, [0084-0085]). As per claim 6, Kraemer teaches wherein obtaining the command execution intention for each of the command elements comprises: determining at least one of pipe information, file information, network interaction information, input information, output information, or a command executor in each of the command elements (API calls to read file, [0085-0086]). As per claim 7, Kraemer teaches wherein determining the command execution path corresponding to the first shell command based on the command execution intention comprises: obtaining, based on the command execution intention, target command elements that satisfy a second predetermined condition and a connection relationship between the target command elements in the at least one command element; and determining a command execution path between the target command elements based on the connection relationship (Determining reverse shell, [0091], tracking pipe, [0018][0109]). As per claim 8, Kraemer teaches wherein the second predetermined condition comprises: at least one of network interaction, a command executor, or a pipe being present in a node corresponding to the command element (Tracking pipe, [0018][0109]). As per claim 9, Kraemer teaches wherein before determining a detection result of the first shell command in response to the at least one node in the command execution path satisfying the first predetermined condition, the method further comprises: determining that the command execution path is a closed-loop path; wherein the command execution path is a closed-loop path comprises: the first server obtaining a second command from the second server and executing the second command, and sending an execution result to the second server (Determine reverse shell intrusion, [0012][0028][0109]). As per claim 10, Kraemer teaches wherein the first predetermined condition comprises: a network node being present in the command execution path; an executor node being present in the command execution path; and the network node being directly or indirectly connected to the executor node (Remote network connection, [0017][0027][0045]). Claims 11 – 19 are rejected based on claims 1-9 Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLUGBENGA O IDOWU whose telephone number is (571)270-1450. The examiner can normally be reached Monday-Friday 8am - 5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached at 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /OLUGBENGA O IDOWU/Primary Examiner, Art Unit 2494
Read full office action

Prosecution Timeline

Nov 25, 2024
Application Filed
Apr 30, 2026
Non-Final Rejection mailed — §102 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670410
PRIVACY ENHANCED FEDERATED TRAINING AND INFERENCE OVER VERTICALLY AND HORIZONTALLY PARTITIONED DATA
3y 4m to grant Granted Jun 30, 2026
Patent 12665777
BLOCKCHAIN-BASED DATA PROCESSING METHOD AND APPARATUS, DEVICE, MEDIUM, AND PRODUCT
2y 7m to grant Granted Jun 23, 2026
Patent 12659166
BIOSECURITY CONTROL SYSTEM BASED ON BLOCKCHAIN TECHNOLOGY FOR REGULATION AND MONITORING THE PRINTING OF GENETIC SEQUENCES
2y 0m to grant Granted Jun 16, 2026
Patent 12652181
MANAGEMENT SYSTEM, CONTENT MANAGEMENT METHOD, AND STORAGE MEDIUM FOR MANAGING CONTENT DATA USING BLOCKCHAIN
2y 5m to grant Granted Jun 09, 2026
Patent 12634145
CRYPTOGRAPHIC TRUST SYSTEM FOR ELECTRONIC COMMUNICATIONS INTEGRITY USING TUPLE SPACES AND MESSAGING USER AGENTS
2y 4m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
71%
Grant Probability
90%
With Interview (+19.1%)
3y 3m (~1y 8m remaining)
Median Time to Grant
Low
PTA Risk
Based on 650 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month