Prosecution Insights
Last updated: July 17, 2026
Application No. 19/181,259

DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF

Non-Final OA §101
Filed
Apr 16, 2025
Priority
Jan 10, 2022 — divisional of 12/301,616
Examiner
WILLIAMS, CLAYTON R
Art Unit
2443
Tech Center
2400 — Computer Networks
Assignee
Microsoft Technology Licensing, LLC
OA Round
1 (Non-Final)
82%
Grant Probability
Favorable
1-2
OA Rounds
1y 4m
Est. Remaining
77%
With Interview

Examiner Intelligence

Grants 82% — above average
82%
Career Allowance Rate
561 granted / 686 resolved
+23.8% vs TC avg
Minimal -5% lift
Without
With
+-5.1%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
16 currently pending
Career history
700
Total Applications
across all art units

Statute-Specific Performance

§101
4.9%
-35.1% vs TC avg
§103
74.7%
+34.7% vs TC avg
§102
6.2%
-33.8% vs TC avg
§112
7.8%
-32.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 686 resolved cases

Office Action

§101
CTNF 19/181,259 CTNF 84551 Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. Claims 1-20 are pending. Claim Rejections - 35 USC § 101 07-04-01 AIA 07-04 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Utilizing the process described in the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG), claims 1, 10 and 19 satisfy Step 1 because the claims are drawn to a system, method and computer program product comprising a computer-readable storage medium, respectively. Note: Paragraph 0139 of instant PGPub explicitly defines “computer-readable storage medium” as not being a signal per se. In Step 2A prong 1, claims 1, 10 and 19 recite “bind a SQL statement to an event…; compare textual content of the SQL statement and an effect of the event; detect that the SQL statement is malicious based at least on the textual content of the SQL statement lacking an indication of the effect of the event; and …prevent execution of the SQL statement”, which, under the broadest reasonable interpretation, are “mental processes”, steps that are performed in the human mind. That is, such fundamental data processing steps of comparing an expected output (based on textual content inputs) to an actual (unexpected, simulated/sandboxed) output can be performed via human mental processes or manually on paper. The fact this logic is applied to computer code does not shift nature of the claim away from an abstract idea. If claim limitations, under their broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claims 1, 10 and 19 recite an abstract idea. In Step 2A prong 2, the judicial exception is not integrated into a practical application because processing system, computing system and memory are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using generic computer components. The additional elements or steps do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The limitation “…prevent execution of the SQL statement” is insignificant extra-solution activity. Additionally, the limitation serves to generally link the use of the identified judicial exception to a particular technological environment. (MPEP 2106.04(d)) In Step 2B, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because processor, system, system and memory are general purpose computer components, which are well-understood, routine and conventional. Claims 3, 11, and 20 recite steps for parsing and assigning identifiers which are conventional data management techniques. Claims 4 and 12 recite steps reading system logs, which are conventional, long-standings techniques. Claims 5-9 and 13-18 limit abstract comparison to parameters such as registry keys, modifying suer priority, or making network connections. These features simply limit field of use and do not supply an inventive concept. Therefore, the dependent claims do not add meaningful limitation to the abstract idea. The elements recited in claims 1-20, when considered individually or in an ordered combination, fail to amount to significantly more than the abstract idea. Accordingly, claims 1-20 are not eligible. 07-96 AIA The prior art made of record and not relied upon is considered pertinent to applicant's disclosure : Dewey US 20090150374: “System, method and program product for detecting a malicious SQL query in a parameter value field of a request. The parameter value field is searched for query operands, characters and/or symbols and combinations of query operands, characters and/or symbols indicative of malicious SQL injection.” (abstract). Johnson US 20070156644: “The generator 116, detector 112, trace output 102, and detector output 110 may be used in connection with the techniques described herein for automatic generation of input data generation and detection of SQL injection vulnerabilities. The techniques described herein may be used in facilitating determination of injection vulnerabilities. The detector 112 monitors the results of executing SQL statements and indicates when an SQL injection may have occurred. The generator 116 supplies values that may be used in constructing the SQL statements when testing for SQL injections.” (par. 0032). Klein US 20200097587: “Techniques and solutions are described for detecting malicious database activity, such as SQL injection attempts. A first machine learning classifier can be trained by comparing processed and unprocessed user input, where a difference between the two can indicate suspicious or malicious activity. The trained classifier can be used to analyze user input before query execution.” (abstract) Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLAYTON R WILLIAMS whose telephone number is (571)270-3801. The examiner can normally be reached M-F 10:00am - 6:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached at 571-272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CLAYTON R WILLIAMS/Primary Examiner, Art Unit 2443 Application/Control Number: 19/181,259 Page 2 Art Unit: 2443 Application/Control Number: 19/181,259 Page 3 Art Unit: 2443 Application/Control Number: 19/181,259 Page 4 Art Unit: 2443 Application/Control Number: 19/181,259 Page 5 Art Unit: 2443
Read full office action

Prosecution Timeline

Apr 16, 2025
Application Filed
Jun 17, 2026
Non-Final Rejection mailed — §101 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682033
DEVICE AND NETWORK-BASED ENFORCEMENT OF BIOMETRIC DATA USAGE
1y 11m to grant Granted Jul 14, 2026
Patent 12664246
TERMINAL, SYSTEM, CONTROL METHOD OF TERMINAL, AND STORAGE MEDIUM
1y 12m to grant Granted Jun 23, 2026
Patent 12657278
METHOD FOR MANAGING MOBILE APPS
2y 5m to grant Granted Jun 16, 2026
Patent 12652271
METHOD AND APPARATUS FOR SECURITY COMMUNICATION
3y 4m to grant Granted Jun 09, 2026
Patent 12640958
METHOD AND NODE OF A DATA NETWORK FOR FORWARDING DATA CONTENT
2y 8m to grant Granted May 26, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
82%
Grant Probability
77%
With Interview (-5.1%)
2y 7m (~1y 4m remaining)
Median Time to Grant
Low
PTA Risk
Based on 686 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month