Prosecution Insights
Last updated: July 17, 2026
Application No. 18/063,151

Systems and Methods to Ensure Proximity of a Multi-Factor Authentication Device

Final Rejection §103
Filed
Dec 08, 2022
Examiner
CELANI, NICHOLAS P
Art Unit
2449
Tech Center
2400 — Computer Networks
Assignee
Cisco Technology Inc.
OA Round
6 (Final)
46%
Grant Probability
Moderate
7-8
OA Rounds
0m
Est. Remaining
89%
With Interview

Examiner Intelligence

Grants 46% of resolved cases
46%
Career Allowance Rate
212 granted / 461 resolved
-12.0% vs TC avg
Strong +43% interview lift
Without
With
+42.7%
Interview Lift
resolved cases with interview
Typical timeline
3y 2m
Avg Prosecution
32 currently pending
Career history
498
Total Applications
across all art units

Statute-Specific Performance

§101
3.1%
-36.9% vs TC avg
§103
88.4%
+48.4% vs TC avg
§102
1.1%
-38.9% vs TC avg
§112
5.9%
-34.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 461 resolved cases

Office Action

§103
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims The following claim(s) is/are pending in this office action: 1-2, 4, 6-9, 11, 13-16, 18, 20-26 The following claim(s) is/are amended: 1, 8, 15 The following claim(s) is/are cancelled: 3, 5, 10, 12, 17, 19 The following claim(s) is/are new: 24-26 Claim(s) 1-2, 4, 6-9, 11, 13-16, 18, 20-26 is/are rejected. This rejection is FINAL. Response to Arguments Applicant’s arguments filed in the amendment filed 4/27/2026, have been fully considered but are moot in view of new grounds of rejection. The reasons set forth below. Applicant’s Invention as Claimed Claim Rejections - 35 USC § 103 A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 4, 6-9, 11, 13-16, 18, 20-26 are rejected under 35 U.S.C. 103 as being unpatentable over Neuman (US Pub. 2013/0262858) in view of Golwalkar (US Pub. 2017/0208055) in view of Balakrishnan (US Pub. 2019/0036940) and further in view of Knaappila (US Pub. 2020/0103513). With respect to Claim 1, Neuman teaches a method for using multi-factor authentication to authenticate a user account, the method comprising: (Abstract, para. 6; Second user device is used in logging in a first device into a user account. Authentication could use one or more factors such as a password.) Programming a computer system of electronic computer hardware in combination with software to perform operations including: receiving, at an authentication service, an authentication request to authenticate a user account to use a first service, wherein the authentication request is from an access device; (Fig. 1, paras. 6-7; first user device such as laptop transmits a request to a service provider to login to an account of a service provider. The request is received by network and authentication servers which work together to authenticate the login.) in response to the determining, performing a co-location check by sending a passcode to the access device from the authentication service, wherein the passcode is associated with the authentication request; (Determining will be taught later. paras. 7-8; servers generate a random number that is sent to the first device pursuant to the request.) and receiving, at the authentication service, a communication from the authentication device including the passcode and the unique identifier, wherein the authentication device extracts the passcode and the unique identifier from a message broadcast over Bluetooth Low Energy from the access device to determine co-location of the authentication device and the access device. (Broadcasting over Bluetooth LE and a unique identifier will be taught later. paras. 7-8; The first device receives the code. The random number is transferred to the second device. It can be transferred manually by display, or via camera, or audio code or near field radio communication. Para. 9; the second device then transmits the random number to the servers. See also Golwalkar, para. 24; to avoid manually entering the code from a first device to a second device, the code may be broadcast or multicast.) in response to a successful co-location check authenticating the user account with the first service based on the unique identifier and the passcode having been received from the authentication device during the co-location check, (A unique identifier is taught below. paras. 9-13; authentication server authenticates user for the first service based on random number.) Wherein the authentication device and the access device are both under control of a user of the user account. (paras. 7-8; first and second device both operated by first user, may even be same device. See also Golwalkar, paras. 15-21; user uses both devices.) But Neuman does not explicitly teach ensuring geographic proximity. Golwalkar, however, does teach wherein the co-location check ensures geographic proximity between the access device and the authentication device(para. 24; to avoid manually entering the code from a first device to a second device, the code may be broadcast or multicast. Communication may be done via Bluetooth. Bluetooth is a technology that has a limited range and therefore ensures geographic proximity between the devices. See also Balakrishnan, para. 40; system determines whether a login location is the same as a previous location, which is a co-location check that ensures geographic proximity. paras. 53-55; rules based on a distance from previous locations.) It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of Neuman with the co-location check to perform authentication of the user and further because it would allow for copying to the other device without relying on the user to manually enter the code. (Golwalkar, para. 24) But modified Neuman does not explicitly teach a unique identifier. Balakrishnan, however, does teach determining, based on the received authentication request and contextual information about the request that a co-location check between the access device and an authentication device is required for the user account to access the first service (Examiner asserts that Golwalkar may teach on its own, see Golwalkar, paras. 19-20; Code-based linking used when API on a particular device cannot fully service the authentication, which is a context information about the request. Regardless, see Balakrishnan, para. 40; system may require an additional authentication factor based upon, e.g., a user attempting to log in from a location that is different from one or more previous login locations or if a user is logging in from a particular IP address. IP address, previous and current geographic locations are both contextual information. Fig. 3, paras. 47-48; authentication based on a question based on location. paras. 122-123; resources may be processing resources. Claim 14; resource can be account or application. For a co-location check see Golwalkar, paras. 19-24; Bluetooth used to transfer code used for logging in. Further, Examiner asserts that logging in from the same location requiring different authentication is itself a co-location check.) And a unique identifier, the unique identifier uniquely identifying of the first service (para. 36; request is for a resource and the system identifies a resource requested. See also Golwalkar, para. 13-14; service provider. Para. 31; multiple services operated by one or more organizations. See also Neuman, para. 6; multiple services such as banking or merchants.) It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of modified Neuman with the unique identifier in order to confirm to all devices that a particular service was being logged-in to. But modified Neuman does not explicitly teach Bluetooth Low Energy. Knaappila, however, does teach without being paired with the access device (Paras. 89-94, 98-100; broadcasting of advertising packets and other pre-pairing communications including device and service data. Para. 4; beacon advertisements with a unique identifier. Regardless, the feature is obvious because it was obvious to a person of ordinary skill prior to the effective filing date to recognize that pairing is a mechanism for secure communication, and is related to the delivery of messages. It has no bearing on the reading of a delivered message.) broadcast over Bluetooth Low Energy (paras. 2-4; Bluetooth Low Energy. Paras. 89-94; broadcasting of advertising packets. See also Golwalkar, para. 24; to avoid manually entering the code from a first device to a second device, the code may be broadcast or multicast. Communication may be done via Bluetooth.) And wherein the unique identifier identifies, to the authentication device, the message broadcast over Bluetooth Low Energy from which the passcode is extracted (paras. 98-100; Advertising can include a scan response that contains information on the advertising device and services. Para. 103; in both advertising and connected state, data transfer occurs. See also Balakrishnan, para. 36; request is for a resource and the system identifies a resource requested. para. 61; device identifier. See also Neuman, para. 7; random number used as a session identifier. See also Golwalkar, para. 34; application identifier for identifying primary clients or native applications. Therefore, the pre-pairing advertising phase of Bluetooth allows for identification of which device and service is sending the message.) It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of modified Neuman with the Bluetooth Low Energy to save energy. (Knaappila, para. 3) With respect to Claim 2, modified Neuman teaches the method of claim 1, and Neuman also teaches further comprising: sending a successful authentication message to the first service, wherein the successful authentication message causes the first service to establish a session between the access device and a resource. (A unique ID will be taught later. paras. 10-14; authentication server authenticates the user based on random number and transmits notification of authentication. See also Golwalkar, para. 23, 57; authentication service reports successful authentication and user can access resource, which suggests that the successful authentication is also reported to the resource.) And Golwalkar also teaches wherein the successful authentication message causes the first service to establish a session between the access device and a resource. (para. 23, 53, 57; authentication service reports successful authentication and user can access resource, which suggests that the successful authentication is also reported to the resource.) The same motivation to combine as the independent claim applies here. And Balakrishnan also teaches a unique ID (para. 36; request is for a resource and the system identifies a resource requested. See also Golwalkar, para. 13-14; service provider. Para. 31; multiple services operated by one or more organizations. See also Neuman, para. 6; multiple services such as banking or merchants.) The same motivation to combine as the independent claim applies here. With respect to Claim 4, modified Neuman teaches the method of claim 1, and Golwalkar also teaches further comprising: setting a time period associated with the unique identifier and passcode, wherein after the time period expires, the unique identifier and passcode are no longer valid to authenticate the user account with the first service. (A unique id will be taught later. paras. 33-34; codes may be valid for a predetermined length of time such as an hour or a day. Para. 16; expiration of code. See also Richardson, paras. 62-64; temporary id assigned and used to verify during a pre-determined timeframe.) The same motivation to combine as the independent claim applies here. And Balakrishnan also teaches a unique identifier (para. 36; request is for a resource and the system identifies a resource requested. See also Golwalkar, para. 13-14; service provider. Para. 31; multiple services operated by one or more organizations. See also Neuman, para. 6; multiple services such as banking or merchants.) The same motivation to combine as the independent claim applies here. With respect to Claim 6, modified Neuman teaches the method of claim 1, and Golwalkar also teaches wherein the communication further comprises additional contextual information associated with at least one of the user account, the access device, and the authentication device. (para. 15; email and password for account. para. 17; browser may be already authenticated or may require input of security credentials or authentication factors. para. 32; username, password, biometric information of the user, social security number, answers to knowledge-based questions. Para. 34; device identifiers, network addresses, MAC addresses, serial numbers for the devices. Paras. 42-44; version number used to identify what authentication is supported by the device.) The same motivation to combine as the independent claim applies here. With respect to Claim 7, modified Neuman teaches the method of claim 1, and Neuman also teaches wherein the first service is associated with an access policy configured at an authentication service, the access policy specifies a rule for determining when a unique ID and the passcode are sent to the access device. (A unique ID will be taught later. paras. 132-133; authentication policy that identifies what types of authentication data such as password or biometric is needed. Para. 186; authentication is valid for a set period of time. See also Golwalkar, para. 17; device may already be authenticated. Para. 16; expiration of a code. Para. 32-34; trusted security credentials such as device identifiers, MAC addresses or passwords are long-lived credentials and may never expire or may expire after months. Para. 33; codes may expire after a time or in response to events. Para. 53; user may also have to provide a knowledge-based question if certain resources have a higher level of security.) And Balakrishnan also teaches a unique identifier (para. 36; request is for a resource and the system identifies a resource requested. See also Golwalkar, para. 13-14; service provider. Para. 31; multiple services operated by one or more organizations. See also Neuman, para. 6; multiple services such as banking or merchants.) The same motivation to combine as the independent claim applies here. With respect to Claim 8, it is substantially similar to Claim 1 and is rejected in the same manner, the same art and reasoning applying. Further, Neuman teaches a computing system comprising: at least one processor; and at least one memory storing instructions that, when executed by the processor, configure the system to perform operations including: (para. 39; processor and memory containing instructions that configured the processor.) With respect to Claims 9, 11, 13-14, they are substantially similar to Claims 2, 4, 6-7, respectively and are rejected in the same manner, the same art and reasoning applying. With respect to Claim 15, it is substantially similar to Claim 1 and is rejected in the same manner, the same art and reasoning applying. Further, Neuman teaches a non-transitory computer-readable storage medium, the computer-readable storage medium including instructions that when executed by a computer, cause the computer to: (para. 39; non-transitory storage medium such as a hard disk.) With respect to Claims 16, 18, 20, they are substantially similar to Claims 2, 4, 6, respectively and are rejected in the same manner, the same art and reasoning applying. With respect to Claim 21, modified Neuman teaches the method of Claim 1, and Balakrishnan also teaches wherein the contextual information includes at least one of: an IP address of the access device, a browser version, an identification of browser extensions; an operating system on the access device; a type of access device; a time of day; and/or geographical information. (para. 40; location of device, time or day, IP address.) The same motivation to combine as the independent claim applies here. With respect to Claims 22-23, they are substantially similar to Claim 21 and are rejected in the same manner, the same art and reasoning applying. With respect to Claim 24, modified Neuman teaches the method of Claim 1, and Knaappila also teaches wherein the unique identifier identifies, to the authentication device, which Bluetooth Low Energy broadcast message from the access device is to be parsed to obtain the passcode. (paras. 98-100; Advertising can include a scan response that contains information on the advertising device and services. See also Balakrishnan, para. 36; request is for a resource and the system identifies a resource requested. para. 61; device identifier. See also Neuman, para. 7; random number used as a session identifier. See also Golwalkar, para. 34; application identifier for identifying primary clients or native applications. Therefore, the pre-pairing advertising phase of Bluetooth allows for identification of which device and service is sending the message.) The same motivation to combine as the independent claim applies here. With respect to Claims 25-26, they are substantially similar to Claim 21 and are rejected in the same manner, the same art and reasoning applying. Remarks Applicant argues at Remarks, pgs. 11 that Balakrishnan, para. 40 does not teach determining that a co-location check is required. Balakrishnan, para. 39 discloses an access request for a resource and “[i]n some examples, the access request may include one or more credentials for authentication by the access management system.” Para. 40 then goes on to state “[i]n some examples, the login processor may determine to perform an additional factor of authentication, in addition to one or more authentications using the one or more credentials provided in the access request. In such examples, the determination may be based on a past location of the remote device…a time, a day, a number of login failures…” or other context. Para. 41 begins “[i]n response to determining to perform the additional factor of authentication, the login processor may send a request to the location-based authenticator” and begins to describe a location-based authentication. Para. 40 clearly discloses that the login processor may accept the credentials as sufficient for logging in, or it may determine that based on the request and context such as a past location, an additional factor is required. Neuman/Golwalkar supplied the co-location check. Further, Examiner asserts that Balakrishnan, which teaches authentication based on the location being similar to previous locations, is also a co-location check. Regardless, the Balakrishnan teaching about its authentication is cumulative, because the salient feature is that para. 40 discloses a device may determine to include an additional, location-base authentication factor based on context. That teaching in combination with the prior-cited Neuman/Golwalkar range-limited protocol code-transfer teaches the claim limitation. Applicant’s argument that Examiner “substitutes a generalized location based authentication concept for the specific claimed determination” ignores that Balakrishnan is a secondary reference modifying a reference that already taught a proximity-based authentication. The rejection already cited a co-location check, and Balakrishnan merely evidences the unsurprising technique that a given authentication check can be discriminatorily applied based on context. In other words, Applicant incorrectly asserts that the only way to properly render the claim obvious was to find a single reference that fully anticipated all the language in this claim limitation, rather than the correct act of asking whether this feature (along with all the other features) was obvious over the combination of teachings. Consequently, the argument is unpersuasive because it argues against Balakrishnan individually. At Remarks, pgs. 11-12, Applicant argues Golwalkar does not teach a co-location check that ensures geographic proximity. Golwalkar discloses a code transfer that is done over Bluetooth, a range limited communication means. Applicant does not dispute that Bluetooth is range limited or that Golwalkar discloses Bluetooth. Applicant argues that Golwalkar’s Bluetooth “may be used to move the code between devices for convenience.” But Applicant does not dispute that the usage of Bluetooth or other near-field communication links as a step for authentication creates an authentication that is necessarily range-limited. The usage of the Golwalkar Bluetooth embodiment would succeed when the device are within Bluetooth range and would necessarily fail when the devices are not within the range, which is a co-location check that ensures geographic proximity within the broadest reasonable meaning of that term. At Remarks, pg. 12, Applicant argues Balakrishnan does not teach sending a passcode and a unique identifier. Multiple references posit the system may authenticate to multiple resources. The most direct example is Balakrishnan’s teaching that there is a request for a resource and an authentication is done after which “the user is allowed to access the resource identified in the new access request.” Golwalkar discloses multiple services and Neuman discloses multiple services. The Neuman/Golwalkar passcodes are authentication information and all of the references, but most clearly Balakrishnan, identifying which one of a plurality of things for which access authentication is sought. Consequently the combination of teachings suggest using both a passcode and a unique identifier of the service because the system manages access to a plurality of services. Examiner further notes that simple combination is obvious, and Applicant does not dispute the individual element teachings, and therefore uniting the two pieces of information for predictable results is not an inventive act. At Remarks, pg. 13, Applicant argues receiving the passcode and unique identifier is nonobvious. The same reply as above applies. At Remarks, pgs. 13-14, Applicant argues extracting the passcode and unique identifier from a non-paired Bluetooth LE message. Applicant argues “the issue is not whether BLE advertisements can be observed before pairing; the issue is whether the prior art teaching the claimed use of such a BLE broadcast in a MFA flow in which the authentication service determines a co-location check is required and authenticates the account based on the authentication device’s pairless extraction and return of the extracted data” which appears to Examiner to be an argument that if you throw out the rest of the teachings, the Knaappila reference standing on its own fails to anticipate the entire claim. On this point, Examiner agrees. But, applying obviousness analysis, the Neuman and Golwalkar references teach extracting a code from a near field communication used in authentication. Golwalkar teaches Blueooth is therefore deficient, relevant to this claim language, in that it fails to disclose that (1) a system may control access to multiple things and therefore require identification as to which particular resource or service is being sought, (2) Bluetooth LE is a type of Bluetooth and (3) Bluetooth LE allows for communication of information prior to pairing. (1) is dealt with above. Knaappila teaches both (2) and (3). Further, Examiner notes that Knaappila additionally teaches that pre-pairing communication in BLE can include “information on the name of the advertising device and on the services the advertising device is able to provide…[the communication] is not limited to carry only this information but may contain other data as well or instead.” Therefore, Knaappila does teach extracting “a unique identifier identifying the first service” from a message broadcast over BLE without being paired. Regardless, communicating information over BLE without first pairing was a known technique for data communication and application of a known technique to convey different data (here authentication data) in the same way it conveys other data is obvious. At Remarks, pg. 14, Applicant argues a new feature which is taught above. At Remarks, pg. 15, Applicant argues neither Neuman nor Golwalkar teach authenticating based on both the unique identifier and the passcode. The unique identifier is discussed above. Balakrishnan teaches access management to a plurality of resources, and requires identification of the resource to be accessed. Neuman and Golwalkar give detailed examples with only a single service, but the management of access to a plurality of things was performed in the prior art and the usage of a unique identifier to identify communications related to that service is obvious. At Remarks, pg. 15, Applicant argues that two devices “both under control of a user of the user account” is not taught. Examiner simply disagrees. It is clear the purpose of the Neuman/Golwalkar systems are to use the second device as a factor of authentication for the first device. At Remarks, pg. 16, Applicant argues the combination is improper. Since this is the first time in the argument Applicant invites a wholistic discussion of the references and claim scope, Examiner will respond generally to the entire rejection. Despite Applicant characterizing Golwalkar as “optional local transfer of a linking code” both Neuman and Golwalkar utilize a code sent from a device to another device via range-limited protocols as an authentication factor. Balakrishnan is entitled “location-based authentication” and unsurprisingly utilizes location in an authentication scheme. Therefore three references deal with authentication that requires a threshold distance of a device to either another device (within Bluetooth or NFC range) or a fixed location. All three references premise authentication, in part, on the possession of information: Neuman and Golwalkar generate codes and Balakrishnan relies upon answers to questions. None of these are surprising, since Applicant admits that Two Factor authentication was known to the art (Spec, para. 2), and Balakrishnan discloses multifactor authentication including a knowledge factor (such as a PIN), a possession factor “based on an item in possession of a user” or a location factor. (para. 62) Consequently, the instant claims do nothing nonobvious when they simply rely upon possession of a passcode, or possession of two devices, or location, to be authenticating factors. The transmission of a passcode in Neuman and Golwalkar is nothing more than a means of proving possession of two devices and the transmission over a range-limited medium has the effect of proving possession of co-located devices. Mindful Examiner is not to distill the claims to a gist or thrust, these references are each anticipatory of the central feature of the claims. Beyond that, the amended claims assert the information is carried in a non-paired Bluetooth LE broadcast along with a unique identifier. But data transfer prior to pairing appears to be a standard feature of Bluetooth LE. Bluetooth LE has a mechanism for explaining services, and Balakrishnan explains that an access management system may manage access to a plurality of resources. Contrary to Applicant’s assertion, Examiner does not isolate broad concepts and then assumes they can be recombined. Rather Examiner is led by a reference that explicitly posits data transfer using Bluetooth for authentication (Golwalkar), and then asks if a person of ordinary skill would have found it obvious to use a closely related protocol (Bluetooth LE) to do something the known protocol was known to do (transfer data prior to pairing). Examiner concludes it was. Similarly, the usage of an identifier to identify a service is an obvious usage in a system that provides for authentications to a plurality of things. Applicant does not assert that they are the first to authenticate for a plurality of services, so Examiner fails to see how “a unique identifier uniquely identifying the first service” that a user requests authentication for is nonobvious. Applicant apparently faults Examiner because the Neuman reference which posits extracting a code by transfer “via other methods for example by an audio code or a near field radio communication” or the Golwalkar reference which states “the code could be sent directly from the television to the laptop via a Bluetooth connection, an NFC connection, etc” did not explicitly list pre-paired Bluetooth LE communications amongst the means for data transfer. But data transfer in a pre-paired BLE communication pre-existed the instant invention, and Applicant does not persuasively explain why a person of skill would not find it obvious to use a known means of BLE data transfer especially when they were explicitly told to use a Bluetooth connection. A known means of data transfer does not become nonobvious simply because there are a large amount of data transfer means are known to the art and prior inventors did not anticipatorily list every possible means of data transfer. The other features Applicant points to are obvious for analogous reasons. The sum of Applicant’s argument, which finds fault in a majority of the claim language and all of the references ignores that Applicant is using known things in their expected or inherent ways. The Balakrishnan reference is largely used because it evidences that an authentication system can be used to manage access to multiple resources and those resources may or may not require additional factors of authentication. Examiner supposes that two different references could have been cited, one to teach determination and one to teach a unique identifier, but it is unsurprising to find both features together because access to a plurality of different things invites discrimination in the access process, in much the same way a software engineer may utilize the same keychain that has one or even multiple keys to enter their office and a separate key to enter their home. Accessing the home uses a similar-but-different process than accessing the office, and in order for either access to succeed there has to be an unique identification of which building is being entered. Applicant faults Examiner for “isolate[ing] broad concepts” but there is nothing isolated about them. The two features have a logical nexus in their ordinary usage, because not every office or every home (every service, in analogy to the instant claims) feels the same level of security is appropriate. Nor is Balakrishnan isolated from Neuman/Golwalkar. Neuman/Golwalkar merely discuss the particular manner of (to continue the analogy) putting a key into a lock to open a door, but focusing on that aspect of access does not change the fact that it is commonly known that multiple keys to multiple doors and keychain usage exists. Finally, and here the analogy breaks down a bit, Knaappila discusses the contours of a specific key, and is therefore connected to Neuman/Golwalkar because they specifically suggest using keys. The fact that Applicant has claimed, e.g., a double-sided flat key when Golwalkar only explicitly suggested using an extremely similar single-sided flat key does not lead to nonobviousness, because the art knew of double-sided keys, and can hardly be said to be hindsight reconstruction in any event. The argument is unpersuasive and the amended claims are taught above. All claims are rejected. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS P CELANI whose telephone number is (571)272-1205. The examiner can normally be reached on M-F 9-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NICHOLAS P CELANI/Examiner, Art Unit 2449
Read full office action

Prosecution Timeline

Show 15 earlier events
Sep 10, 2025
Final Rejection mailed — §103
Dec 04, 2025
Response after Non-Final Action
Dec 10, 2025
Notice of Allowance
Dec 10, 2025
Response after Non-Final Action
Jan 15, 2026
Response after Non-Final Action
Jan 27, 2026
Non-Final Rejection mailed — §103
Apr 27, 2026
Response Filed
Jun 08, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682092
SYSTEMS AND METHODS FOR USER DATA COLLECTION
3y 8m to grant Granted Jul 14, 2026
Patent 12647250
CIPHERTEXT CONVERSION SYSTEM, CIPHERTEXT CONVERSION METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM
1y 9m to grant Granted Jun 02, 2026
Patent 12634201
Detecting site locations of unknown network devices
4y 10m to grant Granted May 19, 2026
Patent 12625938
ELECTRONIC DEVICE FOR PERFORMING USER AUTHENTICATION BY USING USER BIOMETRIC INFORMATION, AND OPERATION METHOD THEREOF
4y 6m to grant Granted May 12, 2026
Patent 12592949
METHODS AND SYSTEMS FOR CATEGORIZING CYBER INCIDENT LOGS FEATURING DYNAMIC RELATIONSHIPS TO PRE-EXISTING CYBER INCIDENT REPORTS IN REAL-TIME
2y 5m to grant Granted Mar 31, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

7-8
Expected OA Rounds
46%
Grant Probability
89%
With Interview (+42.7%)
3y 2m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 461 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month