Office Action Predictor
Application No. 17/894,372

ELECTRONIC DEVICE AND CONTROL METHOD THEREOF

Final Rejection §103
Filed
Aug 24, 2022
Examiner
POWERS, WILLIAM S
Art Unit
2496
Tech Center
2400 — Computer Networks
Assignee
Samsung Electronics Co., LTD.
OA Round
4 (Final)
80%
Grant Probability
Favorable
5-6
OA Rounds
2y 11m
To Grant
81%
With Interview

Examiner Intelligence

80%
Career Allow Rate
539 granted / 678 resolved
Without
With
+1.5%
Interview Lift
avg trend
2y 11m
Avg Prosecution
17 pending
695
Total Applications
career history

Statute-Specific Performance

§101
9.2%
-30.8% vs TC avg
§103
44.4%
+4.4% vs TC avg
§102
9.1%
-30.9% vs TC avg
§112
19.7%
-20.3% vs TC avg
Black line = Tech Center average estimate • Based on career data

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed 9/25/2025 have been fully considered but they are not persuasive. As to Applicant’s arguments on pages 12-13 contend that Powell uses a security device and not the user device to extract the encryption key and save the encryption key and identification of the encryption key, the Examiner respectfully disagrees. The previous Request for Continued Examination had substantially the same arguments and the Examiner responds with the previous response to the arguments. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). The Applicant has not argued that the security device of Powell does not teach the limitations, but rather, the user device does not teach the limitations. Case law supports that certain modifications are deemed obvious to one of ordinary skill in the art, including making elements integral (In re Larson, 340 F.2d 965, 968, 144 USPQ 347, 349 (CCPA 1965)) (MPEP, 2144.04, V, B). Therefore, the rejection is maintained. As to Applicant’s argument that, Powell does not teach that an electronic device inserts ‘a second instruction for backing up the encryption key and the metadata’ into a second memory address in the non-volatile memory of the electronic device as claimed” (Remarks, p. 14), the Examiner respectfully disagrees. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Additionally, “for backing up the encryption key and the metadata” is an intended use or reason for the storing of the encryption key and the metadata and not a patentable distinction. Case law supports that certain modifications are deemed obvious to one of ordinary skill in the art, including making elements integral (In re Larson, 340 F.2d 965, 968, 144 USPQ 347, 349 (CCPA 1965)) (MPEP, 2144.04, V, B). Therefore, the rejection is maintained. As to Applicant’s argument that, “Powell does not teach or suggest ‘based on the first instruction and the second instruction being sequentially executed by the electronic device, storing, by the electronic device, the encryption key and the metadata in the non-volatile memory of the electronic device” (Remarks, p. 14), the Examiner respectfully disagrees. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). It is pointed out the instructions have to be executed sequentially. The first instruction identifies the performance of an encryption operation, the encryption key is then extracted, and finally the encryption key is saved, the second instruction. Case law supports that certain modifications are deemed obvious to one of ordinary skill in the art, including making elements integral (In re Larson, 340 F.2d 965, 968, 144 USPQ 347, 349 (CCPA 1965)) (MPEP, 2144.04, V, B). Therefore, the rejection is maintained. Response to Amendment Claims 3 and 10 have been cancelled. Claims 1 and 8 have been amended. Claims 1, 2, 4-9, and 11-14 are pending. Information Disclosure Statement The IDS filed 8/20/2025 has been considered by the Examiner. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1, 6-8, 13, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub. No. 2017/0034189 to Powell in view of US PG Pub. No. 2008/0215860 to Jacob et al. (hereinafter Jacob). As to claims 1 and 8, Powell teaches: Identifying, by the electronic device (examples include a computer or computer system) (Powell, [0009]), a first instruction for performing an encryption operation on a file in the electronic device being identified (identification of ransomware application through a data signature, extracting the encryption key and metadata and saving the encryption key and metadata to non-volatile memory) (Powell, [0008-0009, 0014, and 0025-0026]). While Powell does not explicitly recite identifying a first instruction, it is obvious to one of ordinary skill to equate identifying the ransomware application with the identification of the encryption operation as the goal of Powell is to thwart ransomware attacks through the extraction of encryption key(s) to circumvent the necessity of paying for decryption to the attackers. Powell as modified further teaches: Based on the first instruction being identified by the electronic device, obtaining, by the electronic device, an encryption key and metadata for the encryption operation and storing, by the electronic device, the encryption key and the metadata in a non-volatile memory of the electronic device (Powell, [0008-0009, 0014, and 0025-0026]). Based on a user command for an access operation to the file in the electronic device being obtained by the electronic device, identifying, by the electronic device, the encryption key used for the encryption operation based on the metadata (user requests access to an encrypted file and the correct encryption key is used based on the user id (metadata) that is stored with the encryption key) (Powell, [0026-0027]). d. Based on the first instruction being identified by the electronic device, inserting, by the electronic device, into a second memory address in the non-volatile memory of the electronic device, a second instruction for backing up the encryption key and the metadata, wherein the second instruction is an instruction for storing the encryption key and the metadata for the encryption operation in the non-volatile memory of the electronic device, and the second memory address is separated by a predetermined value from the memory address in which the first instruction is stored (Remediation method including extracting and saving encryption key and metadata (network user id) are stored in memory. (Powell, [0008-0012]). Upon identification of the ransomware application, the encryption key is extracted and saved in memory for future use in undoing the ransomware attack. While Powell as modified does not explicitly recite a predetermined separation value in which to store the encryption key, it is obvious to one of ordinary skill that two items of data cannot be stored in the same location, and it does not matter how “faraway” the instructions are stored from each other.) (Powell, [0008-0009, 0014, and 0025-0027]). e. Based on the first instruction and the second instruction being sequentially executed by the electronic device, storing, by the electronic device, the encryption key and the metadata in the non-volatile memory (Powell, [0008-0009, 0014, and 0025-0027]). It is noted that the first instruction and the second instruction must be executed sequentially since the first instruction identifies the encryption operation and thus the encryption key that is stored by the second instruction. Powell as modified does not expressly mention an instruction for guiding memory addresses (jump instruction). However, in an analogous art, Jacob teaches: f. Wherein a third instruction for guiding the second memory address is stored at an address following the first memory address in the non-volatile memory of the electronic device (jump instruction used for guiding execution of the software) (Jacob, [0076]). Therefore, one of ordinary skill in the art at the time the application was filed would have been motivated to implement the ransomware protections of Powell as modified with the use of jump instructions of Jacob in order to protect the software from attacks as suggested by Jacob (Jacob, [0002]). Powell as modified further teaches: g. Wherein the second instruction is executed after sequentially executing the first instruction and the third instruction (execution is sequential) (Jacob, [0076]). As to claims 6 and 13, Powell as modified teaches: a. Performing a decryption operation on the file using the identified encryption key (decrypting encrypted file) (Powell, [0022-0027]). b. Obtaining at least one encryption key based on information on a time based on the first instruction being executed (timestamp of when the infection was detected) (Powell, [0026]). c. Performing the decryption operation of the file using the obtained encryption key (decrypting encrypted file) (Powell, [0022-0024]). As to claims 7 and 14, Powell as modified teaches: a. Identifying other applications excluding a first application having predetermined identification information among at least one application based on the identification information on the at least one application that executes the first instruction (ransomware signature repository can contain more than one signature of a ransomware application and thus protects against a plurality of different ransomware attacks) (Powell, [0025]). b. Obtaining an encryption key and metadata for an encryption operation performed by the other applications and storing the encryption key and the metadata for the encryption operation performed by the other applications in the nonvolatile memory (identification of ransomware application through a data signature, extracting the encryption key and metadata and saving the encryption key and metadata to non-volatile memory) (Powell, [0008-0009, 0014, and 0025-0026]). Claim 2 and claim 9 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub. No. 2017/0034189 to Powell in view of US PG Pub. No. 2008/0215860 to Jacob et al. (hereinafter Jacob)as applied to claim 1 and claim 8 respectively above, and further in view of US Patent No. 10,387,648 to Hirschberg et al. (hereinafter Hirschberg). As to claims 2 and 9, as best understood, Powell as modified does not explicitly recite using memory addresses. However, in an analogous art, Hirschberg teaches the metadata includes information on a third memory address in which the encryption key is stored wherein identifying the encryption key based on the information on the third memory address in which the encryption key is stored (memory address is used to find/store the encryption key needed to decrypt files encrypted by a ransomware attack based on metadata (instruction pointer)) (Hirschberg, 5:18-27 and claim 8). Therefore, one of ordinary skill in the art at the time the application was filed would have been motivated to implement the ransomware protections of Powell as modified with the use of memory addresses to access decryption keys of Hirschberg in order to successfully overcome a ransomware attack as suggested by Hirschberg (Hirschberg, 1:45-60). Claim 4 and claim 11 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub. No. 2017/0034189 to Powell in view of US PG Pub. No. 2008/0215860 to Jacob et al. (hereinafter Jacob) as applied to claim 1 and claim 8 respectively above, and further in view of US Patent No. 6,961,806 to Agesen et al. (hereinafter Agesen). As to claims 4 and 11, Powell as modified does not expressly mention using the terms privileged instructions and traps in the ransomware protection scheme. However, in an analogous art, Agesen teaches: a. Setting the first instruction as a privileged instruction to identify the first instruction (setting an instruction as a privileged instruction) (Agesen, 6:26-55). b. Based on a trap being identified as the first instruction set as the privileged instruction is executed, obtaining the encryption key and the metadata through a trap handler that processes the trap (when a privileged instruction is encountered a trap is triggered that passes control of the program to the Virtual Machine Monitor and it executes the trap instructions) (Agesen, 6:26-55) and (Powell, [0008-0009, 0014, and 0025-0026]). Therefore, one of ordinary skill in the art at the time the application was filed would have been motivated to implement the ransomware protections of Powell as modified with the use of privileged instructions and traps of Agesen in order to make the computer system more efficient and economical as suggested by Agesen (Agesen, 1:14-22). Claim 5 and claim 12 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub. No. 2017/0034189 to Powell in view of US PG Pub. No. 2008/0215860 to Jacob et al. (hereinafter Jacob) as applied to claim 1 above, and further in view of US PG Pub. No. 2014/0237622 to Chang et al. (hereinafter Chang). As to claims 5 and 12, Powell as modified does not expressly mention the terms debug, interrupt, or breakpoint. However, in an analogous art, Chang teaches:a. Based on the first instruction and the memory address in which the first instruction is stored being identified, setting the identified the first memory address as a breakpoint in a debug register of the electronic device (when breakpoints are encountered in debugging, the interrupt is handled by the appropriate code specified) (Chang, [0050-0051]). b. Based on an interrupt being detected at the breakpoint, executing a predetermined routine to obtain the encryption key and the metadata and storing the encryption key and the metadata in the non-volatile memory (when breakpoints are encountered in debugging, the interrupt is handled by the appropriate code specified) (Chang, [0050-0051]) and (Powell, [0008-0009, 0014, and 0025-0026]). Therefore, one of ordinary skill in the art at the time the application was filed would have been motivated to implement the ransomware protections of Powell as modified with the use of breakpoints, interrupts, and debugging in order to protect a system from malicious intent as suggested by Chang (Chang, [0004]). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM S POWERS whose telephone number is (571)272-8573. The examiner can normally be reached M-F 7:30-17:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L Ortiz-Criado can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /WILLIAM S POWERS/ Primary Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Aug 24, 2022
Application Filed
Dec 28, 2024
Non-Final Rejection — §103
Apr 03, 2025
Response Filed
Apr 10, 2025
Final Rejection — §103
Jun 13, 2025
Request for Continued Examination
Jun 21, 2025
Response after Non-Final Action
Jun 23, 2025
Non-Final Rejection — §103
Sep 25, 2025
Response Filed
Oct 08, 2025
Final Rejection — §103
Apr 13, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology. Study what changed to get past this examiner.

Patent 12585787
SYSTEM AND METHOD FOR ANALYZING CONTAMINATION PATHS TO ANALYZE VULNERABILITIES IN IOT DEVICES
2y 5m to grant Granted Mar 24, 2026
Patent 12585788
SYSTEM AND METHOD FOR ANLAYZING VULNERABILITY IN IOT DEVICES THROUGH PREPROCESSING IDENTIFICATION INFORMATION OF CONTAMINATION PATHS
2y 5m to grant Granted Mar 24, 2026
Patent 12580885
Method and device for detecting the use of an uncertified domain name server
2y 5m to grant Granted Mar 17, 2026
Patent 12580759
METHOD OF UTILIZING PHYSICAL OBJECTS IN A BLOCKCHAIN
2y 5m to grant Granted Mar 17, 2026
Patent 12574839
NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM STORING PROGRAM AND METHOD
2y 5m to grant Granted Mar 10, 2026

AI Strategy Recommendation

Click below to generate an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

5-6
Expected OA Rounds
80%
Grant Probability
81%
With Interview (+1.5%)
2y 11m
Median Time to Grant
High
PTA Risk
Based on 678 resolved cases by this examiner