Prosecution Insights
Last updated: July 17, 2026
Application No. 19/013,917

DYNAMIC RISK PROFILING USING DIMENSIONAL RISK FACTORS IN VENDOR-CLIENT DATA SECURITY

Non-Final OA §103
Filed
Jan 08, 2025
Priority
Sep 29, 2017 — continuation of 11/055,415 +2 more
Examiner
ANDERSON, MICHAEL D
Art Unit
Tech Center
Assignee
Valente Sherman Inc.
OA Round
1 (Non-Final)
80%
Grant Probability
Favorable
1-2
OA Rounds
1y 9m
Est. Remaining
95%
With Interview

Examiner Intelligence

Grants 80% — above average
80%
Career Allowance Rate
568 granted / 711 resolved
+19.9% vs TC avg
Strong +16% interview lift
Without
With
+15.5%
Interview Lift
resolved cases with interview
Typical timeline
3y 3m
Avg Prosecution
23 currently pending
Career history
735
Total Applications
across all art units

Statute-Specific Performance

§101
0.7%
-39.3% vs TC avg
§103
82.2%
+42.2% vs TC avg
§102
15.4%
-24.6% vs TC avg
§112
1.0%
-39.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 711 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on 1/08/2025 was filed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Patent No.: US 8,396,890 B2 to Lim in view of Pub.No.: US 2015/0127416 A1 to Showalter et al(hereafter referenced as Showalter). Regarding claim 1, Lim discloses “ a method comprising: receiving security practices information from a vendor computing system (server system [Fig.1/item 122]) and computing services interaction information from a client computing system (Client system [Fig.1/item 113]), wherein the security practices information characterizes security measures in place at the vendor computing system(policy server rules [Fig.4/item 401]) and the computing services interaction information characterizes data for transmission from the client computing system to the vendor computing system”(policy enforcer [Fig.9]). Lim does not explicitly disclose “determining a risk profile for the vendor computing system by using a processor to estimate a first dimensional risk factor for a first security dimension associated with the security practices information”; transmitting a risk profile message to the client computing system, wherein the risk profile message is client-specific to the client computing system and depends on information to be transmitted from the client computing system to the vendor computing system; and detecting a change in security practices information at the vendor computing system, wherein a first weight to a first dimensional risk factor corresponding to a first security dimension associated with security practices information is adjusted at the processor based on the change in security practices information. However, Showalter in an analogous art discloses “determining a risk profile for the vendor computing system by using a processor to estimate a first dimensional risk factor for a first security dimension associated with the security practices information” (method can also include scoring the application, using the one or more processors, by processing the scoring values in a multi-dimensional risk assessment system including an operational risk model Showalter [par.0009]) ; transmitting a risk profile message to the client computing system, wherein the risk profile message is client-specific to the client computing system and depends on information to be transmitted from the client computing system to the vendor computing system”(Score application by sending extracted scoring data through multi-dimensional risk assessment system Showalter [Fig.8/item 808]) ; “and detecting a change in security practices information at the vendor computing system, wherein a first weight to a first dimensional risk factor corresponding to a first security dimension associated with security practices information is adjusted at the processor based on the change in security practices information.”(manufacture defect risk assessment system Showalter [Fig.1/item 102]). Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Lim’s system to detect behavioral patterns with Showalter’s risk assessment process in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Lim teaches a system which detect behavioral patterns, Showalter discloses a risk assessment process and both are from the same field of endeavor. Regarding claim 2 in view of claim 1, the references combined disclose “wherein an updated risk profile message is transmitted to the client computing system, the updated risk profile message including an updated risk profile” (transmit rules Lim[Fig.4]). Regarding claim 3 in view of claim 2, the references combined disclose “wherein determining the risk profile comprises analyzing a third-party assessment of security measures at the vendor computing system” (i.e. policy server analyzes client system Lim[Fig.17]). Regarding claim 4 in view of claim 3, the references combined disclose “wherein the third-party assessment of security measures comprises third-party audit information” (i.e. policy server analyzes client system Lim[Fig.17]). Regarding claim 5 in view of claim 1, the references combined disclose “wherein the risk profile is determined by estimating a plurality of dimensional risk factors for a plurality of security dimensions” (Score application by sending extracted scoring data through multi-dimensional risk assessment system Showalter [Fig.8/item 808]). Regarding claim 6 in view of claim 5, the references combined disclose “wherein a plurality of weights to a plurality of dimensional risk factors corresponding to a plurality of security dimensions are adjusted based on the change in security practices information” (Score application by sending extracted scoring data through multi-dimensional risk assessment system Showalter [Fig.8/item 808]). Regarding claim 7 in view of claim 6, the references combined disclose “wherein the first dimensional risk factor reflects a reported security practice associated with the first security dimension” (Score application by sending extracted scoring data through multi-dimensional risk assessment system Showalter [Fig.8/item 808]), “the first dimensional risk factor reflecting a level of assurance associated with the reported security practice”(manufacturing defect risk assessment system Showalter [Fig.1/item 102]), “and wherein determining the risk profile comprises calculating a weighted average of the plurality of dimensional risk factors”(comprehensive risk profile system Showalter [Fig.4/402]). Regarding claim 8 in view of claim 7, the references combined disclose “wherein determining the estimate of the information security risk comprises determining a weighting value for each of the dimensional risk factors based on the computing services interaction information, the weighting reflecting a relative importance of the dimensional risk factor to the estimate of an information security risk.” (Score application by sending extracted scoring data through multi-dimensional risk assessment system Showalter [Fig.8/item 808]). Regarding claim 9 in view of claim 8, the references combined disclose “wherein determining the risk profile comprises applying natural language processing to free-form text information to determine a respective dimensional risk level.” (Score application by sending extracted scoring data through multi-dimensional risk assessment system Showalter [Fig.8/item 808]). Regarding claim 10 in view of claim 9, the references combined disclose “wherein the computing services interaction information includes a data sensitivity level associated with the transmitted data.” (highly sensitive level Lim[Fig.16/item 1502]). Regarding claim 11 in view of claim 10, the references combined disclose “wherein determining the risk profile comprises matching the third-party assessment with the free-form text information using natural language processing” (select variables for Use in Risk Model Showalter[Fig.2/item 210]). Regarding claim 12 in view of claim 8, the references combined disclose “wherein the security practices information comprises information characterizing a user authentication procedure and an encryption algorithm employed at a first computing device”(encrypt and log confidential document Lim[Fig.20/item 1909]). Regarding claim 13 in view of claim 8, the references combined disclose “wherein the risk profile is determined in part based on automated security analysis performed by transmitting a security practice detection message to a first computing device, the security practice detection message being designed to test the security measures in place at the first computing device.”(obligation action includes logging an action or sending a notification message to an administrator. An obligation can depend (or not depend) on the ALLOW and DENY state Lim[Col.28/line 50-53]). Regarding claim 14, Lim discloses “a system comprising: an input interface configured to receive security practices information from a vendor computing system(server system [Fig.1/item 122]) and computing services interaction information from a client computing system(Client system [Fig.1/item 113]),, wherein the security practices information characterizes security measures in place at the vendor computing system (policy server rules [Fig.4/item 401]) and the computing services interaction information characterizes data for transmission from the client computing system to the vendor computing system(policy enforcer [Fig.9]). Lim does not explicitly disclose “a processor configured to determine a risk profile for the vendor computing system by using a processor to estimate a first dimensional risk factor for a first security dimension associated with the security practices information; and an output interface configured to transmit a risk profile message to the client computing system, wherein the risk profile message is client-specific to the client computing system and depends on information to be transmitted from the client computing system to the vendor computing system, wherein a first weight to a first dimensional risk factor corresponding to a first security dimension associated with security practices information is adjusted at the processor based on the change in security practices information when a change in security practices information at the vendor computing system is detected. However, Showalter in an analogous art discloses “Lim does not explicitly disclose “a processor configured to determine a risk profile for the vendor computing system by using a processor to estimate a first dimensional risk factor for a first security dimension associated with the security practices information(method can also include scoring the application, using the one or more processors, by processing the scoring values in a multi-dimensional risk assessment system including an operational risk model Showalter [par.0009]); and an output interface configured to transmit a risk profile message to the client computing system, wherein the risk profile message is client-specific to the client computing system and depends on information to be transmitted from the client computing system to the vendor computing system(Score application by sending extracted scoring data through multi-dimensional risk assessment system Showalter [Fig.8/item 808]), wherein a first weight to a first dimensional risk factor corresponding to a first security dimension associated with security practices information is adjusted at the processor based on the change in security practices information when a change in security practices information at the vendor computing system is detected” (manufacture defect risk assessment system Showalter [Fig.1/item 102]). Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Lim’s system to detect behavioral patterns with Showalter’s risk assessment process in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Lim teaches a system which detect behavioral patterns, Showalter discloses a risk assessment process and both are from the same field of endeavor. Regarding claim 15 in view of claim 14, the references combined disclose “wherein an updated risk profile message is transmitted to the client computing system, the updated risk profile message including an updated risk profile” (transmit rules Lim[Fig.4]). Regarding claim 16 in view of claim 14, the references combined disclose “wherein determining the risk profile comprises analyzing a third-party assessment of security measures at the vendor computing system” (i.e. policy server analyzes client system Lim[Fig.17]). Regarding claim 17 in view of claim 16, the references combined disclose “wherein the third-party assessment of security measures comprises third-party audit information” (i.e. policy server analyzes client system Lim[Fig.17]). Regarding claim 18 in view of claim 14, the references combined disclose “wherein the risk profile is determined by estimating a plurality of dimensional risk factors for a plurality of security dimensions” (Score application by sending extracted scoring data through multi-dimensional risk assessment system Showalter [Fig.8/item 808]). Regarding claim 19 in view of claim 18, the references combined disclose “wherein a plurality of weights to a plurality of dimensional risk factors corresponding to a plurality of security dimensions are adjusted based on the change in security practices information” (Score application by sending extracted scoring data through multi-dimensional risk assessment system Showalter [Fig.8/item 808]). Regarding claim 20, Lim discloses “a non-transitory computer readable medium comprising: computer code for receiving security practices information from a vendor computing system(server system [Fig.1/item 122]) and computing services interaction information from a client computing system(Client system [Fig.1/item 113]),, wherein the security practices information characterizes security measures in place at the vendor computing system(policy server rules [Fig.4/item 401]) and the computing services interaction information characterizes data for transmission from the client computing system to the vendor computing system(policy enforcer [Fig.9]). Lim does not explicitly disclose “computer code for determining a risk profile for the vendor computing system by using a processor to estimate a first dimensional risk factor for a first security dimension associated with the security practices information; computer code for transmitting a risk profile message to the client computing system, wherein the risk profile message is client-specific to the client computing system and depends on information to be transmitted from the client computing system to the vendor computing system; and computer code for detecting a change in security practices information at the vendor computing system, wherein a first weight to a first dimensional risk factor corresponding to a first security dimension associated with security practices information is adjusted at the processor based on the change in security practices information. However, Showalter in an analogous art discloses “computer code for determining a risk profile for the vendor computing system by using a processor to estimate a first dimensional risk factor for a first security dimension associated with the security practices information(method can also include scoring the application, using the one or more processors, by processing the scoring values in a multi-dimensional risk assessment system including an operational risk model Showalter [par.0009]); computer code for transmitting a risk profile message to the client computing system, wherein the risk profile message is client-specific to the client computing system and depends on information to be transmitted from the client computing system to the vendor computing system; and computer code for detecting a change in security practices information at the vendor computing system(Score application by sending extracted scoring data through multi-dimensional risk assessment system Showalter [Fig.8/item 808]), wherein a first weight to a first dimensional risk factor corresponding to a first security dimension associated with security practices information is adjusted at the processor based on the change in security practices information” (manufacture defect risk assessment system Showalter [Fig.1/item 102]). Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Lim’s system to detect behavioral patterns with Showalter’s risk assessment process in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Lim teaches a system which detect behavioral patterns, Showalter discloses a risk assessment process and both are from the same field of endeavor Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL D ANDERSON whose telephone number is (571)270-5159. The examiner can normally be reached Mon-Fri 9am-6pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MICHAEL D ANDERSON/Examiner, Art Unit 2433 /JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433
Read full office action

Prosecution Timeline

Jan 08, 2025
Application Filed
Jun 04, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12671692
NETWORK SYSTEM AND CONTROL METHOD THEREOF
3y 1m to grant Granted Jun 30, 2026
Patent 12659745
METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR INDICATING CONSUMER NETWORK FUNCTION (NF) TYPE FOR ACCESS TOKEN REQUESTS FORWARDED BETWEEN NF REPOSITORY FUNCTIONS (NRFs)
2y 3m to grant Granted Jun 16, 2026
Patent 12640907
MODULATION-AGNOSTIC TRANSFORMATIONS USING UNITARY BRAID DIVISIONAL MULTIPLEXING (UBDM)
3y 2m to grant Granted May 26, 2026
Patent 12627469
ELECTRONIC DEVICE FOR STORING SECURE DATA AND METHOD FOR OPERATING THE SAME
2y 5m to grant Granted May 12, 2026
Patent 12603865
SYSTEMS AND METHODS FOR REMOTE ACCESS LATENCY REDUCTION
2y 12m to grant Granted Apr 14, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
80%
Grant Probability
95%
With Interview (+15.5%)
3y 3m (~1y 9m remaining)
Median Time to Grant
Low
PTA Risk
Based on 711 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month