Prosecution Insights
Last updated: July 17, 2026
Application No. 19/088,619

THREAT MITIGATION SYSTEM AND METHOD

Non-Final OA §DP
Filed
Mar 24, 2025
Priority
Nov 23, 2020 — provisional 63/117,193 +2 more
Examiner
REVAK, CHRISTOPHER A
Art Unit
Tech Center
Assignee
ReliaQuest Holdings LLC
OA Round
1 (Non-Final)
89%
Grant Probability
Favorable
1-2
OA Rounds
1y 4m
Est. Remaining
98%
With Interview

Examiner Intelligence

Grants 89% — above average
89%
Career Allowance Rate
995 granted / 1114 resolved
+29.3% vs TC avg
Moderate +9% lift
Without
With
+8.6%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
17 currently pending
Career history
1125
Total Applications
across all art units

Statute-Specific Performance

§101
5.1%
-34.9% vs TC avg
§103
31.9%
-8.1% vs TC avg
§102
41.9%
+1.9% vs TC avg
§112
2.0%
-38.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 1114 resolved cases

Office Action

§DP
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on July 16, 2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 32-51 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4, 6-14, 16-24, 26, 27, 29, and 30 of U.S. Patent No. 11,861,001 (cited in the IDS filed on 7/16/25). Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application are anticipated by the earlier filed ‘001 patented claims in that the ‘001 claims of the patent contain all of the limitations of the instant application. Claim 32 of the instant application corresponds to claim 1 of the ‘001 patent; Claim 33 of the instant application corresponds to claim 2 of the ‘001 patent; Claim 34 of the instant application corresponds to claim 3 of the ‘ 001 patent; Claim 35 of the instant application corresponds to claim 4 of the ‘001 patent; Claim 36 of the instant application corresponds to claim 1 of the ‘001 patent; Claim 37 of the instant application corresponds to claims 6, 7, 9, and 10 of the ‘001 patent; Claim 38 of the instant application corresponds to claim 8 of the ‘001 patent; Claim 39 of the instant application corresponds to claim 11 of the ‘001 patent; Claim 40 of the instant application corresponds to claim 12 of the ‘001 patent; Claim 41 of the instant application corresponds to claim 13 of the ‘001 patent; Claim 42 of the instant application corresponds to claim 14 of the ‘001 patent; Claim 43 of the instant application corresponds to claim 11 of the ‘001 patent; Claim 44 of the instant application corresponds to claims 16, 17, 19, and 20 of the ‘001 patent; Claim 45 of the instant application corresponds to claim 18 of the ‘001 patent; Claim 46 of the instant application corresponds to claim 21 of the ‘001 patent; Claim 47 of the instant application corresponds to claim 22 of the ‘001 patent; Claim 48 of the instant application corresponds to claim 23 of the ‘001 patent; Claim 49 of the instant application corresponds to claim 24 of the ‘001 patent; Claim 50 of the instant application corresponds to claim 21 of the ‘001 patent; and Claim 51 of the instant application corresponds to claims 26, 27, 29, and 30 of the ‘001 patent. Claims 32-51 therefore are not patentably distinct from the earlier filed ‘001 patented claims, and as such, is unpatentable for obvious-type double patenting. Claims 32-51 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4, 6-14, 16-24, 26, 27, 29, and 30 of U.S. Patent No. 12,259,972. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application are anticipated by the earlier filed ‘972 patented claims in that the claims of the ‘ 972 patent contain all of the limitations of the instant application. Claim 32 of the instant application corresponds to claim 1 of the ‘972 patent; Claim 33 of the instant application corresponds to claim 2 of the ‘972 patent; Claim 34 of the instant application corresponds to claim 3 of the ‘972 patent; Claim 35 of the instant application corresponds to claim 4 of the ‘972 patent; Claim 36 of the instant application corresponds to claim 1 of the ‘972 patent; Claim 37 of the instant application corresponds to claims 6, 7, 9, and 10 of the ‘972 patent; Claim 38 of the instant application corresponds to claim 8 of the ‘972 patent; Claim 39 of the instant application corresponds to claim 11 of the ‘972 patent; Claim 40 of the instant application corresponds to claim 12 of the ‘972 patent; Claim 41 of the instant application corresponds to claim 13 of the ‘972 patent; Claim 42 of the instant application corresponds to claim 14 of the ‘972 patent; Claim 43 of the instant application corresponds to claim 11 of the ‘972 patent; Claim 44 of the instant application corresponds to claims 16, 17, 19, and 20 of the ‘972 patent; Claim 45 of the instant application corresponds to claim 18 of the ‘972 patent; Claim 46 of the instant application corresponds to claim 21 of the ‘972 patent; Claim 47 of the instant application corresponds to claim 22 of the ‘972 patent; Claim 48 of the instant application corresponds to claim 23 of the ‘972 patent; Claim 49 of the instant application corresponds to claim 24 of the ‘972 patent; Claim 50 of the instant application corresponds to claim 21 of the ‘972 patent; and Claim 51 of the instant application corresponds to claims 26, 27, 29, and 30 of the ‘972 patent. Claims 32-51 therefore are not patentably distinct from the earlier filed ‘972 patented claims, and as such, is unpatentable for obvious-type double patenting. Allowable Subject Matter Claims 32-51 would be allowable upon filing of terminal disclaimers to overcome the obvious-type double patenting rejections. The following is a statement of reasons for the indication of allowable subject matter: The closest prior art of record Pinto, U.S. Patent 9,306,962 and Friedrichs et al, US 2016/0164917 (both cited in the IDS filed on 7/16/25) fail to meet the instant claim limitations. Pinto teaches of obtaining object information concerning one or more initial objects within a computing platform in response to a security event (log and event data is obtained from sensors and log sources that are located in one server, multiple servers distributed in one network, interconnected or not, or any combination thereof (i.e., object information), col. 4, lines 49-67); identifying an event type for the security event (relevant features are mined out of historical and real-time log data to assist in classifying (i.e., identifying) malicious behavior, col. 2, lines 48-54; event classifier processes event data from event sources, col. 3, lines 51-61; and an identifiable actor (i.e., event type) can be represented as an IP address, domain name, user name, user identifier, or some other uniquely identified characteristics according to the context, col. 3, line 62 through col. 4, line 15); executing a response script based, at least in part, upon the event type (feedback is provided to export configuration changes of active responses (i.e., response scripts), such as a firewall blocking future traffic to and/or from a specific IP address found to be malicious, col. 10, lines 6-14 & 17-31); and Friedrichs et al discloses of providing suggestions concerning additional actions to be taken concerning investigating the security event (flagged incident information results determining suggested actions based on identified rule sets based upon the event types, paragraph 0022, lines 4-31). Friedrichs applies an improvement in the prior art for identifying security incident information and its related enrichment information to identify action recommendations based upon a rule set (paragraph 0005, lines 7-13). Limitations in the prior art exist in SIEM systems to generate security alerts that force administrators to translate each of the alerts, which takes up time and resources (paragraph 0004, lines 9-14). Pinto and Friedrich, alone or in combination fail to meet the Applicant’s claimed invention. As per claim 32, it was not found to be taught in the prior art of obtaining object information concerning one or more initial objects within a computing platform in response to a security event; identifying an event type for the security event; monitoring artifacts gathered by the third party during the investigation of the security event; monitoring objects reviewed by the third party during the investigation of the security event; and providing suggestions concerning additional actions to be taken concerning investigating the security event based upon, at least in part, the gathered artifacts and the reviewed objects. Independent claims 39 and 46 are similar in scope to independent claim 32, and would be allowable for similar reasons upon the filing of terminal disclaimers to overcome the obvious-type double patenting rejections. Conclusion The relevant art made of record and not relied upon is considered pertinent to applicant's disclosure. Cambell et al, WO 2022/214819 A1 is relied upon for disclosing of a user-assisted workflow system can be configured to generate a workflow of suggested tasks to guide a user through the security incident response under investigation. The user-assisted workflow system can select operations (for the workflow) that are contextual to the attributes of the security incident under investigation, see paragraph 0028. If the user-assisted workflow system detected a malicious domain name, then the user-assisted workflow system can generate a contextual user-assisted workflow that includes a recommendation of an action to block this domain name from accessing the attacked network. The user can then select the recommended action, which can cause the user-assisted workflow system to perform or facilitate performance of the recommended action, see paragraph 0029. Berger et al, US 2023/0283521 is relied upon for disclosing of vulnerability analysis and threat prediction may be applied or adapted to analyze user responses and determine cybersecurity factors of greatest concern from a cybersecurity framework compliance standpoint. As another example, threat analysis and remediation recommendation may be applied or adapted to analyze user responses, cybersecurity factor scores, and cybersecurity framework compliance results, and then provide guidance on actions that can be taken to improve cybersecurity framework compliance, see paragraph 0102. Khanna et al, US 2023/0185908 is relied upon for disclosing of determining a security response, which functions to determine whether the user acted upon the notification and/or recommend a security response to the user. In a first variant, includes determining the response that a user took responsive to the security event. Determining which security response was taken can be based on: input from a user (e.g., security personnel communications, a questionnaire, etc.), measurements (e.g., subsequent sensor measurements of the space observing the executed response, subsequent primitive values, etc.), and/or otherwise determined. In a second variant, includes determining a security response recommendation based on the security event. The recommended security response can be based on historical responses to similar events, a ruleset (e.g., specific detected event triggers an automatic response), learned, and/or otherwise determined, see paragraph 0073. Anderson, US 2021/0342442 is relied upon for disclosing of an action generator to generate at least one suggested security response action in response to a user security investigation action, wherein the suggested security response action is based on an execution of the security investigation model, and a software product controller to adjust a display of the destination security software product of the security threat object in response to the security response action, see abstract. Steele et al, US 2019/0166152 is relied upon for disclosing of a third party analytics engine may assess the services offered by the particular third party and propose alternate courses of action to mitigate the security threat. For example, the third party analytics engine may propose the utilization of a competing third party service provider with a lower calculated security threat level. The recommendation may be pushed to the user via a notification on the user computing system, where the notification may contain an interactive option allowing the user to select the recommendation. Once the user selects the recommendation, the system may dynamically execute the actions needed to mitigate the security threat level posed by the third party in question, see paragraph 0033. Dharmadhikari et al, US 2019/0065736 is relied upon for disclosing of determining that an application represents a potential security risk, (iii) prompting a user of the computing device to remediate the potential security risk posed by the application by performing a recommended security action, and (iv) while waiting for the user to perform the recommended security action, securing the computing device by blocking the attempt by the application to launch the application service, see abstract. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER REVAK whose telephone number is (571)272-3794. The examiner can normally be reached 5:30am - 3:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER A REVAK/Primary Examiner, Art Unit 2407
Read full office action

Prosecution Timeline

Mar 24, 2025
Application Filed
Jun 10, 2026
Non-Final Rejection mailed — §DP (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12664278
SECURITY THREAT MITIGATION
2y 6m to grant Granted Jun 23, 2026
Patent 12659168
DYNAMICALLY VERIFYING AUTHENTICITY AND VALIDITY OF CREDENTIALS
2y 7m to grant Granted Jun 16, 2026
Patent 12657324
DETECTING DATA EXFILTRATION
2y 2m to grant Granted Jun 16, 2026
Patent 12651061
CYBERSECURITY TOOLS FOR MANAGING ANOMALOUS SECURITY DATA ITEMS
2y 1m to grant Granted Jun 09, 2026
Patent 12645803
GENERATING TELEMETRY BASED ON DATA PROCESSING UNITS PERFORMING REAL-TIME ANALYSIS CLOSE TO DATA SOURCE
2y 2m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
89%
Grant Probability
98%
With Interview (+8.6%)
2y 7m (~1y 4m remaining)
Median Time to Grant
Low
PTA Risk
Based on 1114 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month