Prosecution Insights
Last updated: July 17, 2026
Application No. 17/629,341

COMPUTER-IMPLEMENTED METHOD FOR CONTROLLING ACCESS IN A NETWORK

Non-Final OA §103§112
Filed
Jan 21, 2022
Priority
Jul 24, 2019 — EU 19187996.4 +1 more
Examiner
SAVENKOV, VADIM
Art Unit
2432
Tech Center
2400 — Computer Networks
Assignee
Robert Bosch GmbH
OA Round
5 (Non-Final)
62%
Grant Probability
Moderate
5-6
OA Rounds
0m
Est. Remaining
82%
With Interview

Examiner Intelligence

Grants 62% of resolved cases
62%
Career Allowance Rate
193 granted / 314 resolved
+3.5% vs TC avg
Strong +21% interview lift
Without
With
+20.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
30 currently pending
Career history
371
Total Applications
across all art units

Statute-Specific Performance

§101
1.6%
-38.4% vs TC avg
§103
92.0%
+52.0% vs TC avg
§102
2.6%
-37.4% vs TC avg
§112
2.3%
-37.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 314 resolved cases

Office Action

§103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 2/17/2026 has been entered. Drawings New corrected drawings in compliance with 37 CFR 1.121(d) are required in this application because as per 37 CFR 1.84(o), suitable descriptive legends are required for understanding the drawing. Figures 1-3 are not labeled except for reference numbering, and currently require extensive use of the specification for even a cursory understanding. Applicant is advised to employ the services of a competent patent draftsperson outside the Office, as the U.S. Patent and Trademark Office no longer prepares new drawings. The corrected drawings are required in reply to the Office action to avoid abandonment of the application. The requirement for corrected drawings will not be held in abeyance. Response to Amendment / Arguments Regarding claims rejected under 35 USC 103: Applicant’s arguments, sin view of the amended claim language, have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Allburn (US 20200145410 A1). Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 12-15 and 18-21 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Independent claims 1 and 21 each recite “wherein the first identity corresponds to a distributed ledger identity or a blockchain identity into which the first consent and the first biometric information are merged,” which renders the respective claims indefinite because it is not clear how to interpret this limitation. Specifically, it is not clear how to demarcate the “or” in “a distributed ledger identity or a blockchain identity.” This limitation may be interpreted as being drawn to a choice between the first identity corresponding to (i) a distributed ledger identity or (ii) a blockchain identity into which the first consent and the first biometric information are merged. This limitation may also be interpreted as being drawn to the first identity corresponding to either of (1) a distributed ledger identity or (2) a blockchain identity, where the first consent and the first biometric information are merged into (1) or (2). For the purpose of applying prior art, the claim limitation has been interpreted as being drawn to the first identity corresponding to either of (1) a distributed ledger identity or (2) a blockchain identity, where the first consent and the first biometric information are merged into (1) or (2). The dependent claims do not rectify this issue and are therefore likewise rejected. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 12-15 and 18-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Andrade (US 2018/0248699 A1) in view of Scanlon (US 2020/0286490 A1) and Allburn (US 20200145410 A1). Regarding claim 12, Andrade discloses: A computer-implemented method for controlling access in a network (e.g., the abstract and [0004] of Andrade concerning access to user documents over a network) with at least two users (e.g., “two or more entities” in [0004] of Andrade), the method comprising the following steps: creating a first identity corresponding to a first user of the at least two users, and storing the first identity in encrypted form in an identity management system (trust utility / blockchain resident in server(s) 102 in [0008] and [0028] of Andrade; further see 102 and 202 in FIG. 1 and 2); Refer to at least [0040] of Andrade with respect to identifiers associated with entities’ identities, such as a first identifier for a first entity. Refer to at least [0077], [0033], and [0019]-[0023] of Andrade with respect to providing documents for respective identities. Further see at least [0036] and [0062] of Andrade with respect to encrypted documents and information related to the documents. creating a second identity corresponding to a second user of the at least two users, and storing the second identity in encrypted form in the identity management system; Refer to at least [0019], [0040], [0051]-[0053], and [0092] of Andrade with respect to identities for all participating entities. assigning to the first identity a first right to access first information or to access a first software function or to access a first product; Refer to at least [0082]-[0083] of Andrade with respect to access levels for identities. requesting by the second user an access to the first information or the first software function or the first product from the first user by sending a request to the identity management system; Refer to at least [0037], [0062], and [0078] of Andrade with respect to receiving a request for first identity information from a second entity. checking, by the identity management system, the authentication of the second user based on the second identity; Refer to at least 634-636 in FIG. 6, [0096], and [0109] of Andrade with respect to verification of the second entity based on registered identity information. sending, by the identity management system, the request to the first user; Refer to at least [0038], [0063], and [0079] of Andrade with respect to providing the request for the first entity to perform a decision. denying or approving the request, by the first user, by responding to the identity management system; Refer to at least [0039], [0064], and [0080] of Andrade with respect to an approval or denial by the first entity. checking, by the identity management system, authentication of the first user based on the first identity; Refer to at least [0040]-[0041], [0053]-[0055], and [0096]-[0097] of Andrade with respect to verifying an identity of entities (e.g., the identity of the first entity in the approval/denial response). providing by the identity management system to the second user secret information stored in encrypted form with the first identity, wherein the secret information allows the second user to access the first information or the first software function or the first product; and accessing, by the second user, the first information or the first software function or the first product, Refer to at least the abstract, [0004], and [0096]-[0097] of Andrade with respect to transferring the first entity information for access by the requesting second entity. wherein, to deny or approve the request, the first user authenticates to the identity management system by providing via a software application a first biometric information or a further biometric information or a secret information. Refer to at least [0052]-[0055] of Andrade with respect to verifying an entity based on biometric information. Andrade does not specify: wherein the first identity is at least initially formed as a root string based on a first consent of the first user and the first biometric information or the further biometric information to create the first identity, wherein the root string is formed by digitizing the first consent into a digital string and adding the first biometric information or the further biometric information to the digital string representing the first consent, wherein the first identity corresponds to a distributed ledger identity or a blockchain identity into which the first consent and the first biometric information are merged. However, Andrade in view of Scanlon discloses: wherein the first identity is at least initially formed as a root string based on a first consent of the first user and the first biometric information or the further biometric information to create the first identity, wherein the root string is formed by digitizing the first consent into a digital string and adding the first biometric information or the further biometric information to the digital string representing the first consent. Refer to at least FIG. 2-3 and [0105]-[0114] of Scanlon with respect to user profile creation, where the respective user profiles are associated with a consent. The consent is recorded as a string to the user profile. The profile further includes a biometric file ID. The teachings of Andrade and Scanlon both concern user identity storage and validation, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Andrade to further implement verifiable consent written into identities for at least the reasons discussed in [0004]-[0009] of Scanlon (i.e., user privacy and regulations concerning lawful access to biometric information, such as for children). Although Andrade-Scanlon discloses storing records of consent in a blockchain as in [0110] of Scanlon, Andrade-Scanlon does not specify: wherein the first identity corresponds to a distributed ledger identity or a blockchain identity into which the first consent and the first biometric information are merged. However, Andrade-Scanlon in view of Allburn discloses: wherein the first identity corresponds to a distributed ledger identity or a blockchain identity into which the first consent and the first biometric information are merged. Refer to at least the abstract and [0048] of Allburn with respect to associating biometrics and user consent sessions, followed by storage to a blockchain. The teachings of Allburn likewise concern user identity storage and validation, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Andrade-Scanlon to further implement storing the profile and biometric data files together to a blockchain for at least the reasons discussed in [0009]-[0011] of Allburn (i.e., compliance with regulations via the security properties of blockchain storage—e.g., immutable storage to allow for trustworthy auditing). Regarding claim 13, Andrade-Scanlon-Allburn discloses: The method according to claim 12, wherein: the first user connects to the network via a first of two network nodes (e.g., FIG. 1 and 7 of Andrade), the first user creates the first identity corresponding to the first user in the network via a software application running on the first network node, the creation including the first user providing the first biometric information or the further biometric information characterizing the first user, the first biometric information or the further biometric information is stored in encrypted form by the identity management system. Refer to at least [0049], [0055], [0067], [0081], [0094], and [0101] of Andrade with respect to entities providing biometric information via a biometric application; with respect to encrypted biometric information. Regarding claim 14, Andrade-Scanlon-Allburn discloses: The method according to claim 12, wherein the first user authenticates to the identity management system by providing the first biometric information or the further biometric information via software application running on the first network node, Refer to at least [0049], [0055], [0067], [0081], [0094], and [0101] of Andrade with respect to entities providing biometric information via a biometric application; with respect to encrypted biometric information. and wherein after the authentication, the first user alters the first identity or information stored with the first identity corresponding to the first user via the software application running on the first network node, and wherein the altering includes: (i) adding or removing the further biometric information corresponding to the first user, or (ii) adding or removing secret information, or (iii) adding or removing a certificate. Refer to at least [0081], [0093], and [0101] of Andrade with respect to adding, deleting, or otherwise altering identity information such as the biometric information. Regarding claim 15, it is rejected for substantially the same reasons as claims 13-14 above (i.e., the citations concerning biometric information). Regarding claim 18, Andrade-Scanlon-Allburn discloses: The method according to claim 13, wherein the first biometric information or the further biometric information includes at least one of an iris sample of the first user, or a fingerprint sample of the first user, or a palm veins sample of the first user, or a specific gesture of the first user, or a voice sample of the first user. Refer to at least [0047]-[0048] of Andrade with respect to exemplary biometrics such as a fingerprint and a palm print. Regarding claim 19, it is rejected for substantially the same reasons as claim 12 above (i.e., the citations concerning approval by the first entity). Regarding claim 20, Andrade-Scanlon-Allburn discloses: The method according to claim 19, wherein an overview over at least one of recorded and still open consent requests is provided to the first user, and one of the requests can be accessed by the first user to deny or grant or revoke the corresponding consent. Refer to at least [0050] and [0055] of Andrade with respect to a graphical user interface for the first entity and approving / denying requests. Regarding independent claim 21, it is substantially similar to independent claim 12 above, and is therefore likewise rejected. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432 /V.S/Examiner, Art Unit 2432
Read full office action

Prosecution Timeline

Show 6 earlier events
Oct 01, 2024
Non-Final Rejection mailed — §103, §112
Jan 02, 2025
Response after Non-Final Action
Jan 02, 2025
Response Filed
Jun 25, 2025
Response Filed
Oct 16, 2025
Final Rejection mailed — §103, §112
Feb 17, 2026
Request for Continued Examination
Feb 26, 2026
Response after Non-Final Action
Apr 13, 2026
Non-Final Rejection mailed — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12639449
SYSTEM AND METHOD FOR SCANNING CONTAINERS FOR VULNERABILITIES
2y 4m to grant Granted May 26, 2026
Patent 12632534
ACCESSING SECURE SYSTEM RESOURCES BY LOW PRIVILEGE PROCESSES
7y 12m to grant Granted May 19, 2026
Patent 12613999
DETECTING ELECTRONIC SYSTEM MODIFICATION
6y 10m to grant Granted Apr 28, 2026
Patent 12608482
DETERMINING A SECURITY SCORE IN BINARY SOFTWARE CODE
6y 5m to grant Granted Apr 21, 2026
Patent 12608501
Privacy-Preserving Log Analysis
5y 11m to grant Granted Apr 21, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
62%
Grant Probability
82%
With Interview (+20.8%)
3y 4m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 314 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month