Prosecution Insights
Last updated: July 17, 2026
Application No. 18/146,076

SYSTEM AND METHOD FOR ENCRYPTED DISK INSPECTION

Final Rejection §101§103§112
Filed
Dec 23, 2022
Priority
Dec 27, 2021 — provisional 63/266,031
Examiner
AHSAN, SYED M
Art Unit
2491
Tech Center
2400 — Computer Networks
Assignee
Wiz Inc.
OA Round
5 (Final)
74%
Grant Probability
Favorable
6-7
OA Rounds
0m
Est. Remaining
93%
With Interview

Examiner Intelligence

Grants 74% — above average
74%
Career Allowance Rate
212 granted / 288 resolved
+15.6% vs TC avg
Strong +19% interview lift
Without
With
+19.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
21 currently pending
Career history
323
Total Applications
across all art units

Statute-Specific Performance

§101
4.1%
-35.9% vs TC avg
§103
82.3%
+42.3% vs TC avg
§102
9.2%
-30.8% vs TC avg
§112
2.7%
-37.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 288 resolved cases

Office Action

§101 §103 §112
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority This application claims the benefit of U.S. Provisional Application No. 63/266,031 filed on December 27, 2021, the contents of which are hereby incorporated by reference. Information Disclosure Statement The information disclosure statement (IDS) submitted on 07/07/2026 was filed after the mailing date of the Non-Final Office Action on 01/09/2026. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. DETAILED ACTION This Office Action is in response to an Amendment application received on 04/20/2026. In the application, no claims have been amended or cancelled. Claim 24 has been added as new claim. For this Office Action, claims 1-24 have been received for consideration and have been examined. Response to Arguments Rejections – 35 USC § 101 Applicant’s remarks regarding rejection of claims under 35 USC § 101 reciting an Abstract Idea has been reviewed, however, remarks are not found to be persuasive. After review, the remarks have been summarized as follows: # 1. Claims 1-23 stand rejected under 35 U.S.C. §101 because the claimed invention is alleged to be directed to an abstract idea without significantly more based on the assumption that allocating at least one queue to each of the plurality of Al virtual instances is a judgement mental process which can reasonably be performed in the human mind with the aid of pencil and paper and that Instantiating a plurality of Al virtual instances amounts to a mere instructions to apply the abstract ideas on a generic computer. However, claim 1 requires as follows (emphasis added): generating a snapshot of the first encrypted disk with a reencrypt command using the generated key; generating a second encrypted disk from the snapshot; generating an inspectable disk based on the decrypted second encrypted disk. This step cannot be performed in the human mind as they are hardware based and must be performed by a computer system. The Office Action states (emphasis added): Mental process: the administrator generates a copy with the generated key of the encrypted disk using a command However, even if, arguendo, an administrator issued a command to generate disks, which Applicants deny, and further, that issuing a command was a mental step, which again Applicants deny, the claim elements do not call for merely commands but rather for the actual generation of snapshots and disks. That is something a person cannot do but must be performed by hardware of the computer system. Thus, the claim is clearly hardware-based given that a disk, even a virtual disk, is clearly hardware-based and implemented and so these claim elements cannot be performed in the human mind. (Page # 7-8). Examiner’s Response Regarding remark # 1, that steps mentioned in the remarks are the “steps cannot be performed in the human mind as they are hardware based and must be performed by a computer system”, to which examiner respectfully disagree. Examiner would like to emphasize the fact that claim recites steps which can be manually performed by an administrator. No where in the claim it is positively mentioned that the steps are being performed by “hardware of the computer system”. Claims merely recite “inspecting encrypted disks … on a workload in a cloud computing environment” which does not reveal that the method steps are being perform by the hardware of the computer system. Additionally, Applicant’s remark that “the claim is clearly hardware-based given that a disk, even a virtual disk, is clearly hardware-based and implemented and so these claim elements cannot be performed in the human mind” and “nevertheless issuing commands means taking real-world action, not merely thought”, examiner would like to mention that it is never stated in the Office Action that claim limitations are interpreted as reciting as “a thought” without being performed by a human, instead examiner has mentioned that claim limitations can be performed by a “human administrator”. Examiner would like to point out that Office Action (dated 01/09/2026) clearly elaborates limitation-by-limitation that “an administrator” can perform the method steps and therefore recites the concept of data manipulation and duplicating/decrypting information for inspection by a human. While the method occurs in a cloud computing environment, simply applying a mental process or mathematical algorithm in a specific technological field does not make the idea non-abstract. # 2. Furthermore, the invention as claimed provides an improvement to computer technology because it enables inspection of encrypted disks which heretofore was not possible as explained in paragraph 4 of the instant specification. In addition, it should be appreciated that, as explained in the background section of the instant specification, encryption makes inspection difficult or impossible. Thus, there is a real, computer-based problem which is solved technically by the invention as claimed. Withdrawal of this ground of rejection is respectfully requested. In addition, it is well-established that a claim does not recite a mental process because the steps are not practically performed in the mind. The October 2019 patent eligibility guidelines update explains that: Claims do not recite a mental process when they do not contain limitations that can practically be performed in the human mind, for instance when the human mind is not equipped to perform the claim limitations. New claim 24 requires that the cloud computing environment is implemented on a cloud computing infrastructure. As is well-known, operating system (OS)-level virtualizations are spun up, i.e., deployed, and spun down, i.e., deprovisioned, at rates which can be hundreds or thousands in a matter of seconds. A human operator cannot successfully issue commands for disk generation within such small timeframes. However, dealing with such is exactly what is required by the claims (Page # 8-9). Examiner’s Response Regarding remark # 2, that “Claims do not recite a mental process when they do not contain limitations that can practically be performed in the human mind, for instance when the human mind is not equipped to perform the claim limitations. New claim 24 requires that the cloud computing environment is implemented on a cloud computing infrastructure”, examiner respectfully disagree. Examiner would like to reiterate that claim limitations merely recite the steps which can be performed by a human are being implemented in a cloud computing environment on a cloud computing infrastructure. Under the Supreme Court’s Alice Corp. v. CLS Bank test, the core of the method claim is data manipulation and duplicating/decrypting information for inspection. Specifically, creating a copy of data, assigning a new key, and decrypting a file is a mental process or an algorithmic mathematical concept. While the method occurs in a cloud computing environment, simply applying a mental process or mathematical algorithm in a specific technological field does not make the idea non-abstract. The limitations recite generic steps such as generating keys, taking snapshots, and re-encrypting disks are routine, well-understood, and widely used tools in modern cloud administration. The claim describes what you want to do (inspect a disk by decrypting it) but does not provide a novel, specific how (such as a unique, patentable cryptographic hardware method or software logic that improves computer functionality). Claim Rejections – 35 USC § 112 Applicant’s remarks regarding rejection of claims under 35 USC § 112(a) have been reviewed, however, remarks are not found to be persuasive. After review, the remarks have been summarized as follows: # 1. As is well known "a" processing circuitry does not mean a single entity. Beyond the fact that "a" when used to introduce an element in a patent claim conventionally means the same as "at least one", processing circuitry in terms of the claims does not mean a single entity, notwithstanding the Office Action's suggestion to the contrary. Rather, "a processing circuitry" can mean any type of processing circuitry, e.g., from a single circuit to a cloud computing infrastructure. Note, too, that the "inspector" and the "inspector account" are not themselves processing circuitry but they are made up of processing circuitry combined with software. Therefore, even if, arguendo, there was a requirement for a single processing circuitry of some type, which Applicants deny, both the inspector and the inspection account could be implemented by the same processing circuitry executing different software at different times. This merely requires a straightforward reading of the text of the claim and a basic knowledge of computers (Page # 9-10). Examiner’s Response Regarding remark # 1, Examiner respectfully disagree with Applicant’s statement that “the "inspector" and the "inspector account" are not themselves processing circuitry but they are made up of processing circuitry combined with software”. Examiner consulted instant specification [0021] and other sections and notice that no where it is mentioned that the processing circuitry combined with software is made up of "inspector" and the "inspector account". On the contrary, Figure 1 depicts that “Inspector Account 130” is part of “production cloud environment 102” whereas “Inspector 150” is part of “inspecting cloud environment 104”. So as mentioned in the previous Office Action, “Inspector Account 130” and “Inspector 150” are two different entities are performing the recited steps. Therefore, claim limitations do not align with the specification because as per claim a processing circuitry (i.e., one entity) is performing all the steps which is not the case and not supported by the disclosure and hence the rejection has been maintained. Claim Rejections – 35 USC § 103 Applicant’s arguments, filed 04/20/2026, with respect to rejection of claims under 35 USC § 103 have been fully considered and are persuasive. The obviousness rejection has been withdrawn. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 11-20, and 23 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 11 (a non-transitory computer readable medium) and claim 12 (a system) recite following steps performed by “a processing circuitry”: (1) detecting a first encrypted disk on a workload in a cloud computing environment; (2) generating a key for an inspector account; (3) generating a snapshot of the first encrypted disk with a reencrypt command using the generated key; (4) generating a second encrypted disk from the snapshot; (5) decrypting the second encrypted disk using the generated key; and (5) generating an inspectable disk based on the decrypted second encrypted disk. Examiner consulted instant specification and notice that two different entities are performing the recited steps. In paragraphs [0056-0062], the first four limitations are being performed by an inspector account 130 through Figure 4 steps S410 through S440 whereas last two limitations are being performed by an inspector 150 through steps S450 through S460. Examiner would like to note that Figure 1 depicts that “Inspector Account 130” is part of “production cloud environment 102” whereas “Inspector 150” is part of “inspecting cloud environment 104”. So practically, “Inspector Account 130” and “Inspector 150” are two different entities and are performing the recited steps in separate capacity. One of the ordinary skills in the art would understand that the claimed “processing circuitry” would be applicable to either one of the cloud environments at a time but cannot be applied to both when it comes to claiming in the patent application. The preamble of claims 11, and 12 specifically recite “a processing circuitry to execute a process” which means only one entity is suppose to perform/execute the steps. Therefore, claim limitations do not align with the specification because as per claim a processing circuitry (i.e., one entity) is performing all the steps which is not the case and not supported by the disclosure. Dependent claims inherit these deficiencies. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-24 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more analyzed according to MPEP 2106. Step 1: The independent claims 1, 11, and 12 do fall into one of the four statutory categories of “method, non-transitory machine-readable medium, and a system” claims. Nevertheless, the claim(s) still is/are considered as abstract idea (i.e., Mental processes - concepts performed in the human mind (including an observation, evaluation, judgment, opinion)) for the following prongs and reasons. Step 2A: Prong 1: The limitations of the independent claims 1, 11, and 12 recite the abstract idea of: “detecting a first encrypted disk [[on a workload in a cloud computing environment]] (Mental process: an human administrator detects a first encrypted disk); generating a key for an inspector account (Mental process: the human administrator generates a key for an inspector account); generating a snapshot of the first encrypted disk with a reencrypt command using the generated key (Mental process: the human administrator generates a copy with the generated key of the encrypted disk using a command); generating a second encrypted disk from the snapshot (Mental process: the human administrator generates second encrypted disk from the generated copy); decrypting the second encrypted disk using the generated key (Mental process: the human administrator decrypts the second encrypted disk using the generated key); and generating an inspectable disk based on the decrypted second encrypted disk (Mental process: the human administrator generates another disk using decrypted second encrypted disk)”. The claim generically recites the concept of generating a key for an account, and using the key to perform Asymmetric encryption, also known as public key cryptography, is an abstract idea that encapsulates the principles of secure communication and data protection. It is an essential concept in the field of cryptography, which is the study of secure communication methods and mental processes, i.e., concepts performed in the human. The above limitations are steps which clearly fall into the “Mental Process” bucket which under its broadest reasonable interpretation, covers performance of the limitations in the human mind and / or with pen and paper. The above-described limitations can all be performed by a human administrator who is tasked to generate encrypted disk and re-encrypt them and decrypt them for desired purposes. Step 2A: Prong 2: The judicial exception (i.e., inspecting encrypted disk using a key) is not integrated into a practical application. The patentability of asymmetrical encryption is determined by the criteria of novelty, inventive step, and industrial applicability. These criteria ensure that the encryption method introduces a technical innovation beyond mere algorithmic concepts or abstract ideas. The method must demonstrate that it is new and not previously disclosed, involve an inventive step that is not obvious to a person skilled in the art, and have clear industrial applicability. In particular, the claims do not recite any additional element to perform beyond routine steps. To show that the involvement of a computer assists in improving the technology, the claims must recite the details regarding how a computer aids the method, the extent to which the computer aids the method, or the significance of a computer to the performance of the method. Merely adding generic computer components to perform the method is not sufficient. Thus, the claim must include more than mere instructions to perform the method on a generic component or machinery to qualify as an improvement to an existing technology (MPEP 2106.5(a) II). In this particular case, the additional elements of the claims are: “a method, a non-transitory machine-readable medium, and a system”. The additional elements are recited at a high-level of generality (i.e., as generic terms performing generic computer functions (instant spec. [0063-0064] discloses that the functions of the disclosed claims can be implemented using generic computer(s)) such that it amounts no more than mere instructions to apply the exception using generic computer components. Accordingly, the additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Therefore, the claims are directed to an abstract idea. Step 2B: The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the claims do not reflect improvement in the technology. Further, mere automated instructions to apply an exception using a generic computer component cannot provide an inventive concept. Thus, the claims are not patent eligible. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements (i.e., “method, non-transitory machine-readable medium, and a system”) amount to no more than mere instructions to apply the exception using general purpose computer. To support this factual conclusion, the examiner takes Official Notice that one of the ordinary skill in the art, before the effective filing date of the claimed invention, would have found processors and/or software well-known and routine in technology that involves computers (instant spec. [0063-0064] discloses that the functions of the disclosed claims can be implemented using generic computer(s)) such that it amounts no more than mere instructions to apply the exception using generic computer components. Accordingly, the additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Thus, the examiner asserts that the above noted elements, when considered individually or in combination, do not constitute as “significantly more” than the abstract idea. Dependent claims 2-10, and 13-24 have been analyzed and fall into one of the statutory categories and therefore passes step 1 analysis. However, under step 2, 2A & 2B analysis, the claims fail to recite any limitations that create a difference in the 101 analyses as indicated for claims 1, 11, and 12 because dependent claims merely recite additional steps of generating the copy of encrypted disk which is a mental process where human administrator can perform these steps manually. Thus, claims dependent claims are ineligible. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Korzuch can be reached at 571-272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SYED M AHSAN/Primary Examiner, Art Unit 2491
Read full office action

Prosecution Timeline

Show 3 earlier events
Apr 17, 2025
Non-Final Rejection mailed — §101, §103, §112
Jul 17, 2025
Response Filed
Sep 05, 2025
Final Rejection mailed — §101, §103, §112
Dec 04, 2025
Request for Continued Examination
Dec 18, 2025
Response after Non-Final Action
Jan 09, 2026
Non-Final Rejection mailed — §101, §103, §112
Apr 20, 2026
Response Filed
Jul 09, 2026
Final Rejection mailed — §101, §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12676833
Firewall System for Controlling Data Flow Between Computing Resources
4y 5m to grant Granted Jul 07, 2026
Patent 12671709
NETWORK ANOMALY DETECTION METHOD, ELECTRONIC DEVICE, AND STORAGE MEDIUM
1y 11m to grant Granted Jun 30, 2026
Patent 12671568
Device for Counteracting Side-Channel Attacks
1y 10m to grant Granted Jun 30, 2026
Patent 12665910
METHOD AND SYSTEM FOR DETERMINING AND ACTING ON A STRUCTURED DOCUMENT CYBER THREAT RISK
2y 2m to grant Granted Jun 23, 2026
Patent 12657269
Using Continuous Biometric Information Monitoring For Security
4y 1m to grant Granted Jun 16, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

6-7
Expected OA Rounds
74%
Grant Probability
93%
With Interview (+19.0%)
3y 4m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 288 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month