Prosecution Insights
Last updated: July 17, 2026
Application No. 19/097,283

METHOD FOR DETECTING ATTACKS ON A COMPUTER SYSTEM

Non-Final OA §103
Filed
Apr 01, 2025
Priority
Apr 29, 2024 — DE 10 2024 203 983.7
Examiner
GAVRILENKO, VLADIMIR I
Art Unit
Tech Center
Assignee
Robert Bosch GmbH
OA Round
1 (Non-Final)
71%
Grant Probability
Favorable
1-2
OA Rounds
1y 10m
Est. Remaining
98%
With Interview

Examiner Intelligence

Grants 71% — above average
71%
Career Allowance Rate
132 granted / 187 resolved
+10.6% vs TC avg
Strong +27% interview lift
Without
With
+27.4%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
15 currently pending
Career history
202
Total Applications
across all art units

Statute-Specific Performance

§101
0.2%
-39.8% vs TC avg
§103
89.7%
+49.7% vs TC avg
§102
7.4%
-32.6% vs TC avg
§112
0.6%
-39.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 187 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Claims 1 – 7 posted on 04/01/2025 are presently pending in the application and have been examined below, of which claims 1, 6 and 7 are presented in independent form. Drawings The drawings were received on 04/01/2025. These drawings are accepted. Information Disclosure Statement The information disclosure statements (IDS) submitted on 04/01/2025 and 07/15/2025, have been considered. The submissions are in compliance with the provisions of 37 CFR 1.97. Accordingly, initialed and dated copies of Applicant’s IDS form 1449 filed as stated above are attached to the instant Office Action. Examiner Notes Examiner cites particular paragraphs, columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1 – 4 and 6 – 7 are rejected under 35 U.S.C. 103 as being unpatentable over Holub et al. (US 12386980) (hereafter Holub) and in view of Hannis et al. (US 20150047032) (hereafter Hannis). As per claim 1 Holub discloses: A method for detecting attacks on a computer system, comprising the following steps: for each of one or more security vulnerabilities, extracting at least one exploit string assigned to the security vulnerability from code of a program that exploits the security vulnerability (Holub, in col. 2, ll.45-53 discloses detection of security vulnerability in a code by execution of specially generated string), wherein each of the extracted exploit strings is a string sent by the program for exploiting the security vulnerability to which the exploit string is assigned (Holub, in col. 2, ll.54-62 further discloses generation of execution detection token, i.e., extraction, identifying detected security vulnerability); receiving messages by a computer system (Holub, in col. 4, ll.23-33 and in Fig. 1 discloses a detection system performing scanning, i.e., searching, of the data files/messages processed in the system); searching for the extracted exploit strings in payload data of the received messages (Holub, in col. 4, ll.47-53 further discloses storage in a respective database the detected execution detected token, EDT, related to the detected security vulnerability; the detected strings are compared for matching with the stored strings); Holub does not explicitly disclose: usage of specialized detection system performing network traffic scanning, i.e., scanning of received messages for vulnerability and respective exploits, followed by identification, i.e., assignment, and generation alarm. However, Hannis discloses: and in response to one of the extracted exploit strings being found in one of the received messages, issuing an alarm indicating that an attack to exploit the security vulnerability assigned to the found exploit string has occurred, and alarm information indicating the message and the security vulnerability (Hannis, in para. [0065-0066] discloses Network Intrusion Detection System, NIDS, performing a search for pattern, indicating malicious activity in the system, Hannis, in para. [0074] discloses generation an alert in the network in response to the detected security vulnerability); It would have been obvious to one having ordinary skill in the art, before the effective filing date of the claimed invention to modify Holub in view of teaching of Hannis because they both disclose methods for detection and treatment of malicious actions by using exploits analysis. The motivation to combine would be to modify Holub for teaching of Hannis for using an intrusion detection system generating identifiers and alarms for found system vulnerabilities to improve security in the system. As per claim 2 Holub as modified discloses: The method according to claim 1, wherein the computer system by which the messages are received implements a honeypot (Hannis in para. [0242-0244] discloses implementation of honeypot for system vulnerability treatment). It would have been obvious to one having ordinary skill in the art, before the effective filing date of the claimed invention to modify Holub in view of teaching of Hannis because they both disclose methods for detection and treatment of malicious actions by using exploits analysis. The motivation to combine would be to modify Holub for teaching of Hannis for using honeypot technology to treat system vulnerabilities and to improve security in the system. As per claim 3 Holub as modified discloses: The method according to claim 1, further comprising: in response to one of the extracted exploit strings being found in one of the received messages, establishing a security measure against the security vulnerability assigned to the found exploit string on the computer system or another computer system (Examiner note: the limitation “a security measure” is disclosed by applicant in para. [0032] of SPECS as a honeypot implemented in the system) (Hannis in para. [0242-0244] discloses implementation of honeypot for system vulnerability treatment). It would have been obvious to one having ordinary skill in the art, before the effective filing date of the claimed invention to modify Holub in view of teaching of Hannis because they both disclose methods for detection and treatment of malicious actions by using exploits analysis. The motivation to combine would be to modify Holub for teaching of Hannis for using honeypot technology to treat system vulnerabilities and to improve security in the system. As per claim 4 Holub as modified discloses: The method according to claim 1, further comprising: ascertaining the one or more security vulnerabilities by filtering security vulnerabilities from a security vulnerability database, wherein those security vulnerabilities are filtered out which include functions which the computer system does not comprise (Holub, in col.12, ll63-65, col. 13, ll.2-18 discloses the assessment service 470 for vulnerability analysis, i.e., filtering of specified features, followed by providing additional processes to monitor security in the system). As per claim 6, claim 6 encompasses same or similar scope as claim 1. Therefore, claim 6 is rejected based on the same reasons set forth above in rejecting claim 1. As per claim 7, claim 7 encompasses same or similar scope as claim 1. Therefore, claim 7 is rejected based on the same reasons set forth above in rejecting claim 1. Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Holub et al. (US 12386980) (hereafter Holub), in view of Hannis et al. (US 20150047032) (hereafter Hannis) and in view of Cameron et al. (US 20250165616) (hereafter Cameron). As per claim 5 Holub as modified failed to explicitly disclose: implementation of machine learning technology for security vulnerability detection, analysis and treatment. However, Cameron discloses: The method according to claim 1, further comprising: training a machine learning model for detecting malicious communication traffic using training data elements that are in each case formed from a message in which one of the extracted exploit strings was found, and indicating the security vulnerability assigned to the exploit strings found in the message (Cameron, in para. [0032] discloses implementation of machine learning-based data processing in the system to detect security-vulnerability information and perform security exploits related improvement actions, [0070]). It would have been obvious to one having ordinary skill in the art, before the effective filing date of the claimed invention to modify Holub-Hannis in view of teaching of Cameron because they all disclose methods for detection and treatment of malicious actions in computing network. The motivation to combine would be to modify Holub-Hannis for teaching of Cameron for machine learning technology to detect and treat system vulnerabilities and to improve security in the system. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Hebert US_20240291858, Yellapragada US_20230208871, Marion US_20140298469, Belva US_20150264082, Ichnowski US_20110219446. Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313)446-6530. The examiner can normally be reached on Monday-Friday 7:30-4:30 EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /VLADIMIR I GAVRILENKO/Examiner, Art Unit 2431
Read full office action

Prosecution Timeline

Apr 01, 2025
Application Filed
Jun 17, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12664318
ELECTRONIC DEVICE FOR RECOVERING BLOCK DATA IN BLOCKCHAIN NETWORK AND OPERATION METHOD THEREOF
3y 2m to grant Granted Jun 23, 2026
Patent 12659180
Methods and Apparatuses for Registering and Executing Smart Contract in Blockchain
2y 10m to grant Granted Jun 16, 2026
Patent 12652164
METHODS AND SYSTEMS FOR EFFICIENT TRANSFER OF ENTITIES ON A PEER-TO-PEER DISTRIBUTED LEDGER USING THE BLOCKCHAIN
1y 10m to grant Granted Jun 09, 2026
Patent 12645840
WATERFALL CONFIDENCE VISUALIZATION GAP IDENTIFICATION AND CORRECTION VIA CONFIDENCE VECTORS
2y 8m to grant Granted Jun 02, 2026
Patent 12640929
SECURE VALIDATION OF SPATIAL COMPUTING DATA TRANSMITTED OVER SPINE-LEAF NETWORK USING HOMOMORPHIC SERPENT CRYPTOGRAPHIC ALGORITHM
2y 1m to grant Granted May 26, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
71%
Grant Probability
98%
With Interview (+27.4%)
3y 1m (~1y 10m remaining)
Median Time to Grant
Low
PTA Risk
Based on 187 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month