Prosecution Insights
Last updated: July 17, 2026
Application No. 18/180,238

EMBEDDING PROGRAMMING CODE IN AN ELECTRONIC MESSAGE

Non-Final OA §103§112
Filed
Mar 08, 2023
Priority
Mar 09, 2022 — provisional 63/318,151
Examiner
SAVENKOV, VADIM
Art Unit
2432
Tech Center
2400 — Computer Networks
Assignee
Kno2 LLC
OA Round
5 (Non-Final)
62%
Grant Probability
Moderate
5-6
OA Rounds
0m
Est. Remaining
82%
With Interview

Examiner Intelligence

Grants 62% of resolved cases
62%
Career Allowance Rate
193 granted / 314 resolved
+3.5% vs TC avg
Strong +21% interview lift
Without
With
+20.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
30 currently pending
Career history
371
Total Applications
across all art units

Statute-Specific Performance

§101
1.6%
-38.4% vs TC avg
§103
92.0%
+52.0% vs TC avg
§102
2.6%
-37.4% vs TC avg
§112
2.3%
-37.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 314 resolved cases

Office Action

§103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 4/9/2026 has been entered. Response to Amendment / Arguments Regarding claims rejected under 35 USC 103: Applicant’s amendment is considered to have overcome the applied rejection(s). Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Jakobsson (US 11,757,914 B1). In response to Applicant’s arguments that “Office improperly reads limitations from the specification into the claims with respect to the claim term "electronic message,"” the relevant portion of the Office action has been modified to state that the prior art has been applied in view of one of the examples of “electronic message” in the instant specification. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a receiving component,” “a security component,” “a parsing component,” and “a decryption component” in claims 8-14. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. For instance, [0032] of the instant specification defines the components as follows: “components 310-320 may be implemented as hardware (e.g., an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA)), as software, or as a combination of hardware and software.” If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-2, 4-9, 11-16, and 18-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Example independent claim 1 recites the limitation “whereby processing of the rejected message by the receiver device stops”. There is insufficient antecedent basis for this limitation (“processing of the rejected message”) in the claim. The claim only refers to “processing” where it states that the receiver device is “to process programming code contained in an electronic message.” This limitation concerns processing the programming code specifically. It is not clear whether “processing of the rejected message” refers to the processing of the programming code inside of the message or to a general processing of the message rather than its contents specifically (e.g., receiving a message versus executing code within the received message). There is insufficient antecedent basis for “processing of the rejected message” where the “processing” is not meant to refer to “process programming code.” Additionally, a person of ordinary skill in the art could not interpret the metes and bounds of the claim so as to understand how to avoid infringement with respect to which processing is stopped (i.e., whether this is drawn to filtering / quarantining messages or to filtering / quarantining the contents of messages). Independent claims 8 and 15 are substantially similar to claim 1, and are therefore rejected under the same analysis. The respective dependent claims do not rectify this issue and are therefore likewise rejected. For the purpose of applying prior art, “rejecting the message on a condition that the security check does not pass, whereby processing of the rejected message by the receiver device stops” has been interpreted to comprise quarantining / blocking / deleting the message in the case where a security check fails. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 4-8, 11-15, and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ambaljeri (US 10,284,507 B1) in view of Kuroyanagi (US 2021/0144113 A1), Jain (US 2006/0276208 A1), and Jakobsson (US 11,757,914 B1). Regarding claim 1, Ambaljeri discloses: A method for a receiver device to process programming code (e.g., an instruction/command as in Col. 1, Ll. 55-59 and Col. 3, Ll. 57-62 of Ambaljeri; [0030] of the instant specification defines “programming code” to include information needed to invoke one or more workflows at the receiver) contained in an electronic message (email in Ambaljeri, which is consistent with [0029] of the instant specification stating that “electronic message” may include an email), the method comprising: receiving the electronic message; Refer to at least Col. 4, Ll. 25-32 and Col. 1, Ll. 55-59 of Ambaljeri with respect to receiving a specially-coded email. performing a security check, including: determining whether a sender of the electronic message is an authorized sender; and Refer to at least the abstract and Col. 1, Ll. 55-59 of Ambaljeri with respect to requiring an authorized user as the sender (e.g., admin1 in FIG. 3-4 of Ambaljeri). and on a condition that the security check passes: parsing the programming code; and Refer to at least Col. 1, Ll. 59-62 and Col. 4, Ll. 33-50 of Ambaljeri with respect to obtaining a command phrase from the email sent by an authorized user. performing the workflow identified [based on] the electronic message at the receiver device based on the programming code. Refer to at least Col. 1, Ll. 28-30&59-62, Col. 3, Ll. 23-49, and Col. 5, Ll. 12-14 of Ambaljeri with respect to performing, e.g., data protection operations based on receiving the command phrase and executing it. and sending a response to the sender. Refer to at least Col. 5, Ll. 12-32 of Ambaljeri with respect to sending status updates resulting from performing the data protection operation. Ambaljeri requires that the sender be an authorized user, but does not specify the authorization procedure. As such, Ambaljeri does not specify: determining whether the sender is authorized to access one or more workflows to be performed at the receiver device, wherein each of the one or more workflows is identified by a different address of the electronic message at the receiver device; rejecting the message on a condition that the security check does not pass, whereby processing of the rejected message by the receiver device stops. Ambaljeri further does not specify: the workflow identified based on the electronic message further comprising the workflow identified by the address of the electronic message; the response including content created by performing the workflow. However, Ambaljeri in view of Kuroyanagi discloses: determining whether the sender is authorized to access one or more workflows to be performed at the receiver device, wherein each of the one or more workflows is identified by a different address of the electronic message at the receiver device; the workflow identified based on the electronic message further comprising the workflow identified by the address of the electronic message. Refer to at least the abstract, FIG. 7, FIG. 9, [0050]-[0051], [0053], and [0060]-[0068] of Kuroyanagi with respect to an email being the trigger for performing a workflow, where the sender and destination addresses are verified to determine authorization and a workflow ID. The workflow corresponding to the workflow ID is executed. The teachings of Ambaljeri and Kuroyanagi both relate to securely triggering execution via emails, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Ambaljeri to implement an authorization procedure for at least the reasons discussed in [0087]-[0089] of Kuroyanagi (i.e., improved security for remote workflow execution). It further would have been obvious to modify the teachings of Ambaljeri to implement workflow selection information in the address fields because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time of the invention (i.e., where to include request data as part of the email). Ambaljeri-Kuroyanagi discusses sender authorization validation and message error processing (e.g., Col. 5, Ll. 25-32 of Ambaljeri; [0067]-[0069] of Kuroyanagi), but does not specify: rejecting the message on a condition that the security check does not pass, whereby processing of the rejected message by the receiver device stops. Ambaljeri-Kuroyanagi further does not specify: the response including content created by performing the workflow. However, Ambaljeri-Kuroyanagi in view of Jain discloses: the response including content created by performing the workflow. Refer to at least [0039] and [0033] of Jain with respect to sending a message with remote execution instructions and receiving back a message with the execution results. The teachings of Ambaljeri-Kuroyanagi and Jain relate to embedding code in electronic messages for remote execution, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to further modify the teachings of Ambaljeri-Kuroyanagi to include support for remote application execution and dispatching the results because design incentives or market forces provided a reason to make an adaptation (i.e., support for additional applications other than just data protection), and the invention resulted from application of the prior knowledge in a predictable manner (i.e., substituting the content of a response message—e.g., status indicator versus execution result). Ambaljeri-Kuroyanagi-Jain does not specify: rejecting the message on a condition that the security check does not pass, whereby processing of the rejected message by the receiver device stops. However, Ambaljeri-Kuroyanagi-Jain in view of Jakobsson discloses: rejecting the message on a condition that the security check does not pass, whereby processing of the rejected message by the receiver device stops. Refer to at least Col. 13, Ll. 23-40 and Col. 15, Ll. 56-60 of Jakobsson with respect to security actions taken in response to failed sender authorization, including blocking the message, quarantine, and/or censoring message content. The teachings of Jakobsson likewise concern secure electronic messaging, authorization, and securing message contents, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to further modify the teachings of Ambaljeri-Kuroyanagi-Jain to include security actions blocking message processing following authorization failure for at least the purpose of improving security and quality of use by preventing the accumulation of malicious messages in an inbox (i.e., users having less spam and phishing attempt messages crowding out useful messages). Regarding claim 4, it is rejected for substantially the same reasons as claim 1 above (e.g., FIG. 5 and FIG. 10 of Kuroyanagi). Regarding claim 5, Ambaljeri-Kuroyanagi-Jain-Jakobsson discloses: The method of claim 1, further comprising: storing message information in an audit trail on a condition that the sender is not determined to be authorized to access the one or more workflows. Refer to at least Col. 5, Ll. 29-32 of Ambaljeri with respect to logging errors via update messages to a system administrator. Refer to at least [0084]-[0086] of Kuroyanagi with respect to transmitting emails to an administrator concerning failed verifications. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to further modify the teachings of Ambaljeri-Kuroyanagi to implement sending a record of failed verifications to an administrator for at least the purpose of improving the security/error review process as in [0086] of Kuroyanagi (i.e., an analyst and/or analysis system is provided with better information to address errors or security issues). Regarding claim 6, Ambaljeri-Kuroyanagi-Jain-Jakobsson discloses: The method of claim 1, wherein parsing the programming code includes invoking one or more application programming interfaces. Refer to at least Col. 7, Ll. 15-19 of Ambaljeri with respect to an API as part of the extraction and execution of the instruction/command. Regarding claim 7, Ambaljeri-Kuroyanagi-Jain-Jakobsson discloses: The method of claim 1, wherein the electronic message is encrypted and the method further comprises: decrypting the electronic message before parsing the programming code. Refer to at least Col. 76, Ll. 4-Col.77, Ll. 2 of Jakobsson with respect to the message content being encrypted content to be decrypted. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to further modify the teachings of Ambaljeri-Kuroyanagi-Jain-Jakobsson to implement email encryption and decryption for at least the purpose of improving security by preventing eavesdropping on plaintext data in transit. Regarding independent claim 8, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., the citations and obviousness rationale). Regarding claims 9 and 11-13, they are substantially similar to claims 2-6 above, and are therefore likewise rejected. Regarding independent claim 15, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., the citations and obviousness rationale). Regarding claims 16 and 18-19, they are substantially similar to claims 2-6 above, and are therefore likewise rejected. Regarding claims 14 and 20, they are substantially similar to claim 7 above, and are therefore likewise rejected. Claim(s) 2, 9, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ambaljeri-Kuroyanagi-Jain-Jakobsson as applied to claims 1, 4-8, 11-15, and 18-20 above, and further in view of Stuntebeck (US 20160094522 A1). Regarding claim 2, Ambaljeri-Kuroyanagi-Jain-Jakobsson does not disclose: the security check is based on a certificate-based trust mechanism; and the sender is determined to be an authorized sender on a condition that the sender possesses a valid certificate. However, Ambaljeri-Kuroyanagi-Jain-Jakobsson in view of Aleksandrov discloses: the security check is based on a certificate-based trust mechanism; and the sender is determined to be an authorized sender on a condition that the sender possesses a valid certificate. Refer to at least [0023], [0025], [0031], [0033], and [0036] of Aleksandrov with respect to checking whether the sender possesses a valid certificate. The teachings of Aleksandrov likewise concern securely sending information via email, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to further modify the teachings of Ambaljeri-Kuroyanagi-Jain-Jakobsson to additionally implement a certificate verification for at least the purpose of utilizing trusted identities to improve security. Regarding claims 9 and 16, they are substantially similar to claim 2 above, and are therefore likewise rejected. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432 /V.S/Examiner, Art Unit 2432
Read full office action

Prosecution Timeline

Show 11 earlier events
Dec 08, 2025
Applicant Interview (Telephonic)
Dec 09, 2025
Response Filed
Dec 12, 2025
Examiner Interview Summary
Jan 05, 2026
Final Rejection mailed — §103, §112
Mar 17, 2026
Response after Non-Final Action
Apr 09, 2026
Request for Continued Examination
Apr 20, 2026
Response after Non-Final Action
Jun 01, 2026
Non-Final Rejection mailed — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12639449
SYSTEM AND METHOD FOR SCANNING CONTAINERS FOR VULNERABILITIES
2y 4m to grant Granted May 26, 2026
Patent 12632534
ACCESSING SECURE SYSTEM RESOURCES BY LOW PRIVILEGE PROCESSES
7y 12m to grant Granted May 19, 2026
Patent 12613999
DETECTING ELECTRONIC SYSTEM MODIFICATION
6y 10m to grant Granted Apr 28, 2026
Patent 12608482
DETERMINING A SECURITY SCORE IN BINARY SOFTWARE CODE
6y 5m to grant Granted Apr 21, 2026
Patent 12608501
Privacy-Preserving Log Analysis
5y 11m to grant Granted Apr 21, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
62%
Grant Probability
82%
With Interview (+20.8%)
3y 4m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 314 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month