Prosecution Insights
Last updated: July 17, 2026
Application No. 19/203,273

INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM

Non-Final OA §103
Filed
May 09, 2025
Priority
May 21, 2024 — JP 2024-082831
Examiner
MAI, KEVIN S
Art Unit
2431
Tech Center
2400 — Computer Networks
Assignee
NEC Corporation
OA Round
1 (Non-Final)
30%
Grant Probability
At Risk
1-2
OA Rounds
3y 6m
Est. Remaining
55%
With Interview

Examiner Intelligence

Grants only 30% of cases
30%
Career Allowance Rate
128 granted / 432 resolved
-28.4% vs TC avg
Strong +26% interview lift
Without
With
+25.7%
Interview Lift
resolved cases with interview
Typical timeline
4y 8m
Avg Prosecution
36 currently pending
Career history
474
Total Applications
across all art units

Statute-Specific Performance

§101
0.5%
-39.5% vs TC avg
§103
95.8%
+55.8% vs TC avg
§102
3.1%
-36.9% vs TC avg
§112
0.5%
-39.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 432 resolved cases

Office Action

§103
DETAILED ACTION Claims 1-9 have been examined and are pending. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-9 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. 2025/0016183 to Sergeev (hereinafter “Sergeev”) and further in view of US Pat. No. 12/652302 to Parikh et al. (hereinafter “Parikh”). As to Claim 1, Sergeev discloses an information processing apparatus comprising: at least one memory storing instructions; and at least one processor configured to execute the instructions to: acquire environment information indicating an environment of communication that is monitored by a monitoring apparatus that monitors communication in a network, for detection information indicating an abnormal event detected by the monitoring apparatus (Figure 2 of Sergeev discloses collecting additional information and then generating and sending an LLM query); transmit inquiry information for inquiring about a factor in the occurrence of the event included in the detection information, to a language model, and acquire response information in response to the inquiry information, from the language model (Figure 2 of Sergeev discloses collecting additional information and then generating and sending an LLM query. Paragraph [0093] of Sergeev discloses receives a response from LLM 105 and parses the received response); and display the detection information, the environment information, and the response information (Paragraph [0093] of Sergeev discloses receives a response from LLM 105 and parses the received response. Because LLM 105 outputs a response as natural language text, the request processor 104 uses connected natural language processing libraries, such as SpaCy or NTLK, to highlight the desired terms and phrases. Analysis involves highlighting pre-known phrases or text elements). Parikh further discloses displaying output from an LLM. Column 107 lines 25-30 of Parikh disclose used by the monitoring tool 1800 to obtain output from the LLM. Column 8 lines 45-50 of Parikh disclose one or more devices for presenting output to a user. It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine LLM security system as disclosed by Sergeev, with displaying the output as disclosed by Parikh. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Sergeev and Parikh are directed toward LLM security systems and as such it would be obvious to use the techniques of one in the other. Column 6 lines 50-65 of Parikh disclose a natural language query may be constructed and passed to the LLM 1814 as input (e.g., “retrieve information associated with accessing a known malicious IP address”). In response, the LLM 1814 may process the input, understand its context, and leverage its training data to generate a response (including augmenting it's response with information in a knowledge base such as, for example, pre-existing knowledge about the domain, historical data, or information from external sources). As to Claim 2, Sergeev-Parikh discloses the information processing apparatus according to claim 1, wherein the one or more processors is further configured to execute the instructions to: acquires history information indicating a history of anomalies detected by the monitoring apparatus, for the detection information, and displays information that includes the history information (Column 6 lines 50-65 of Parikh disclose a natural language query may be constructed and passed to the LLM 1814 as input (e.g., “retrieve information associated with accessing a known malicious IP address”). In response, the LLM 1814 may process the input, understand its context, and leverage its training data to generate a response (including augmenting it's response with information in a knowledge base such as, for example, pre-existing knowledge about the domain, historical data, or information from external sources). Examiner recites the same rationale to combine used for claim 1. As to Claim 3, Sergeev-Parikh discloses the information processing apparatus according to claim 2, further comprising: the one or more processors is further configured to execute the instructions to: generates a prompt for generating analysis assistance information for assisting in anomaly analysis, using the detection information, the environment information, the history information, and the response information; and transmits the prompt to the language model, and acquiring the analysis assistance information for the prompt, from the language model (Figure 2 of Sergeev discloses collecting additional information and then generating and sending an LLM query). As to Claim 4, Sergeev-Parikh discloses the information processing apparatus according to claim 3, further comprising the one or more processors is further configured to execute the instructions to: generates control instruction information for avoiding the anomaly based on the analysis assistance information, and control a device that is an anomaly detection target and is provided in the network (Paragraph [0116] of Sergeev discloses Yes, this could be an indicator of compromise. It is possible that the attacker has created a malicious task in the registry to launch PowerShell with a hidden flag and encoded base64 string. This code could potentially execute malicious commands on the system, such as installing malware or stealing data. In order to confirm if this indeed an indicator of compromise, it would be necessary to analyze script further and look for other clues that indicate malicious activity). As to Claim 5, Sergeev-Parikh discloses the information processing apparatus according to claim 1 wherein anomaly detection set for each of a plurality of monitoring apparatuses in advance is executed, the monitoring apparatuses being provided at a plurality of locations in the network (Paragraph [0025] of Sergeev discloses he components of the system may be realized within a single computing device, or distributed amongst several interconnected computing devices). As to Claim 6, Sergeev discloses an information processing method comprising: acquiring, by an information processing apparatus, environment information indicating an environment of communication that is monitored by a monitoring apparatus that monitors communication in a network, for detection information indicating an abnormal event detected by the monitoring apparatus (Figure 2 of Sergeev discloses collecting additional information and then generating and sending an LLM query); transmitting, by the information processing apparatus, inquiry information for inquiring about a factor in the occurrence of the event included in the detection information, to a language model (Figure 2 of Sergeev discloses collecting additional information and then generating and sending an LLM query); acquiring, by the information processing apparatus, response information in response to the inquiry information, from the language model (Paragraph [0093] of Sergeev discloses receives a response from LLM 105 and parses the received response); and displaying, by the information processing apparatus, the detection information, the environment information, and the response information, on a display unit (Paragraph [0093] of Sergeev discloses receives a response from LLM 105 and parses the received response. Because LLM 105 outputs a response as natural language text, the request processor 104 uses connected natural language processing libraries, such as SpaCy or NTLK, to highlight the desired terms and phrases. Analysis involves highlighting pre-known phrases or text elements). Parikh further discloses displaying output from an LLM. Column 107 lines 25-30 of Parikh disclose used by the monitoring tool 1800 to obtain output from the LLM. Column 8 lines 45-50 of Parikh disclose one or more devices for presenting output to a user. Examiner recites the same rationale to combine used for claim 1. As to Claim 7, Sergeev-Parikh discloses the information processing method according to claim 6, further comprising: acquiring, by the information processing apparatus, history information indicating a history of anomalies detected by the monitoring apparatus, for the detection information; and displaying, by the information processing apparatus, information that includes the history information on a display unit (Column 6 lines 50-65 of Parikh disclose a natural language query may be constructed and passed to the LLM 1814 as input (e.g., “retrieve information associated with accessing a known malicious IP address”). In response, the LLM 1814 may process the input, understand its context, and leverage its training data to generate a response (including augmenting it's response with information in a knowledge base such as, for example, pre-existing knowledge about the domain, historical data, or information from external sources). Examiner recites the same rationale to combine used for claim 1. As to Claim 8, Sergeev discloses a non-transitory computer-readable recording medium on which a program is recorded, the program for causing a computer to carry out processing for: acquiring environment information indicating an environment of communication that is monitored by a monitoring apparatus that monitors communication in a network, for detection information indicating an abnormal event detected by the monitoring apparatus (Figure 2 of Sergeev discloses collecting additional information and then generating and sending an LLM query); transmitting inquiry information for inquiring about a factor in the occurrence of the event included in the detection information, to a language model (Figure 2 of Sergeev discloses collecting additional information and then generating and sending an LLM query); acquiring response information in response to the inquiry information, from the language model (Paragraph [0093] of Sergeev discloses receives a response from LLM 105 and parses the received response); and displaying the detection information, the environment information, and the response information, on a display unit (Paragraph [0093] of Sergeev discloses receives a response from LLM 105 and parses the received response. Because LLM 105 outputs a response as natural language text, the request processor 104 uses connected natural language processing libraries, such as SpaCy or NTLK, to highlight the desired terms and phrases. Analysis involves highlighting pre-known phrases or text elements). Parikh further discloses displaying output from an LLM. Column 107 lines 25-30 of Parikh disclose used by the monitoring tool 1800 to obtain output from the LLM. Column 8 lines 45-50 of Parikh disclose one or more devices for presenting output to a user. Examiner recites the same rationale to combine used for claim 1. As to Claim 9, Sergeev-Parikh discloses the non-transitory computer-readable recording medium according to claim 8 causing the computer to further execute processing for: acquiring history information indicating a history of anomalies detected by the monitoring apparatus, for the detection information; and displaying information that includes the history information on a display unit (Column 6 lines 50-65 of Parikh disclose a natural language query may be constructed and passed to the LLM 1814 as input (e.g., “retrieve information associated with accessing a known malicious IP address”). In response, the LLM 1814 may process the input, understand its context, and leverage its training data to generate a response (including augmenting it's response with information in a knowledge base such as, for example, pre-existing knowledge about the domain, historical data, or information from external sources). Examiner recites the same rationale to combine used for claim 1. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin S Mai whose telephone number is (571)270-5001. The examiner can normally be reached Monday to Friday 9AM to 5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KEVIN S MAI/Primary Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

May 09, 2025
Application Filed
Jun 30, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12657306
BMC BASED HROT IMPLEMENTATION ESTABLISHING CHAIN OF TRUST IN A SECURED SERVER SYSTEM
3y 5m to grant Granted Jun 16, 2026
Patent 12506731
Conference Data Sharing Method and Conference Data Sharing System Capable of Communicating with Remote Conference Members
4y 8m to grant Granted Dec 23, 2025
Patent 12413610
ASSESSING SECURITY OF SERVICE PROVIDER COMPUTING SYSTEMS
3y 9m to grant Granted Sep 09, 2025
Patent 12406064
PRE-BOOT CONTEXT-BASED SECURITY MITIGATION
3y 3m to grant Granted Sep 02, 2025
Patent 12363200
PROVIDING EVENT STREAMS AND ANALYTICS FOR ACTIVITY ON WEB SITES
3y 2m to grant Granted Jul 15, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
30%
Grant Probability
55%
With Interview (+25.7%)
4y 8m (~3y 6m remaining)
Median Time to Grant
Low
PTA Risk
Based on 432 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month