Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsNcipher Security Limited › 18261505
Last updated: April 19, 2026
Application No. 18/261,505

A DEVICE AND A COMMUNICATION METHOD

Non-Final OA §103
Filed
Jul 14, 2023
Examiner
LANIER, BENJAMIN E
Art Unit
2437
Tech Center
2400 — Computer Networks
Assignee
Ncipher Security Limited
OA Round
3 (Non-Final)
69%
Grant Probability
Favorable
3-4
OA Rounds
3y 6m
To Grant
86%
With Interview

Interview Optional

+17.0% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 913 resolved cases, 2023–2026

Examiner Intelligence

LANIER, BENJAMIN E View full profile →
Grants 69% — above average
69%
Career Allow Rate
632 granted / 913 resolved
+11.2% vs TC avg
Strong +17% interview lift
Without
With
+17.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 6m
Avg Prosecution
32 currently pending
Career history
945
Total Applications
across all art units

Statute-Specific Performance

§101
7.5%
-32.5% vs TC avg
§103
48.1%
+8.1% vs TC avg
§102
17.7%
-22.3% vs TC avg
§112
17.1%
-22.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 913 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 22 December 2025 has been entered. Response to Amendment Applicant’s amendment filed 22 December 2025 amends claims 1, 4, 13, and 14. Claim 17 is added. Applicant’s amendment has been fully considered and entered. Response to Arguments Applicant argues on page 6 of the response, “In the present response, claim 14 is amended to recite ‘the secure connection’ rather than ‘the first secure connection.’ Reconsideration and withdrawal of the rejection of claim 14 under 35 U.S.C. 112 is respectfully requested.” This argument has been fully considered and is persuasive. The previous §112 rejection has been withdrawn. Applicant argues on page 7 of the response, “While Johnson states that the secure workspace configurator may store the secure workspace data structure, the storing of the secure workspace data structure is done after the secure workspace configurator creates the secure workspace…Accordingly, in Johnson the secure workspace is created using a secure workspace data structure received from a client device, not a secure workspace data structure stored in memory of the remote resource.” This argument is not persuasive because Johnson explicitly discloses that the secure workspace data structure is stored in memory of the remote resource. Specifically, Johnson discloses (Col. 4, lines 43-45) that the EC 110 is generated including at least SWDS 114 (secure workspace data structure). Johnson makes it clear that EC 110 is stored in memory 204 of the remote resource 104 (Figure 2). Therefore, the SWDS 114 is clearly stored in the memory 204 of remote resource 104. Applicant argues on page 7 of the response, “Therefore, Johnson does not describe ‘responsive to a request received through the input, run the first isolated environment using the information stored in the memory.” This argument is not persuasive because Johnson discloses that the client device 102 transmits a request to the remote resource such that the secure workspace 112 verifies the request (Col. 8, lines 57-64). The secure workspace 112 verifying the request shows that the secure workspace 112 is run by the remote resource 104 and the secure workspace data structure is stored in EC 110 and used by the EC 110 to generate the secure workspace 112, which is run to verify the request (Col. 4. Lines 43-45). Therefore, the SWDS 114 stored in the memory of the remote resource 104 is used to run the executed secure workspace 112 that verifies the request. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 2, 4, 8, 9, 11, 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson, U.S. Patent No. 9,667,628, in view of Mishra, U.S. Patent No. 8,161,173, and further in view of Brin, EP 3428825. Referring to claim 1, Johnson discloses a system for establishing secure workspaces that includes a remote resource 104 device accessible to a client device 102 (Col. 3, lines 60-62: remote resource 104 reads to the claimed device) such that the remote resource 104 can include a communications module (Col. 2, lines 41-44: communications module reads on the claimed input), memory (Figure 2, 204), and a processor (Col. 10, lines 41-65), which meets the limitation of an input, a memory, and a processor module. The remote resource 104 receives a secure workspace 112 from the client device 102, such that the remote resource 104 stores the received secure workspace 112 in the EC 110 that is part of memory 204 (Col. 4, lines 30-48: secure workspace 112 reads on the claimed isolated environment; causing EC 110 to be generated including at least SWDS 114 shows that the secure workspace data structure is stored in the EC 110), which meets the limitation of store information in the memory defining a first isolated environment associated with a first user. The client device 102 transmits a request to the remote resource such that the secure workspace 112 verifies the request (Col. 8, lines 57-64: secure workspace 112 verifying the request shows that the secure workspace 112 is run; communication between client device 102 and remote resource 104 is performed using communication module as shown in column 2, lines 41-44 & Col. 4. Lines 43-45: secure workspace data structure 114 is stored in EC 110 and used by the EC 110 to generate the secure workspace 112, which is run to verify the request), which meets the limitation of responsive to a request received through the input, run the first isolated environment using information stored in the memory. If the user is determined to be the owner of the secure workspace 112, the user is provided with access to the secure workspace 112 (Col. 6, lines 5-13), such that secure workspace access includes the execution of programs loaded in the secure workspace 112 (Col. 4, lines 6-10), which meets the limitation of responsive to a user command received [over the first secure connection], execute, in the first isolated environment, a first operation corresponding to the user command. Johnson does not disclose the remote resource 104 performing user authentication and establishing a secure connection with the client device 102 upon successful user authentication such that the authentication and secure connection establishment is performed by the secure workspace. Mishra discloses a container performing user authentication and establishing a service session upon successful user authentication (Col. 8, line 58 – Col. 9, line 31: container would correspond with the secure workspace of Johnson), which meets the limitation of authenticate the first user in the first isolated environment, and if the first user is authenticated, establish a first [secure] connection with the first user in the first isolated environment, wherein authenticating the first user and establishing the first [secure] connection with the first user are performed within the first isolated environment. It would have been obvious to one of ordinary skill in the before the effective filing date of the claimed invention for the secure workspaces of Johnson to have performed user authentication and established connections in order to provide the ability to update/change access functionality at any time “on-the-fly” without requiring new programming logic as suggested by Mishra (Col. 2, line 55 – Col. 3, line 3). Mishra does not specify that the service sessions are secure. Brin discloses authenticating a user and establishing a secure remote connection with a remote server upon successful authentication ([0073]), which meets the limitation of authenticate the first user in the first isolated environment and, if the first user is authenticated, establish a first secure connection with the first user in the first isolated environment. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the remote resource 104 to have established a secure communication tunnel with the client device 102 after successful authentication of the client device user in order to securely provide client device users with access to remote data while enabling control over the client devices that access network resources as suggested by Brin ([0005]). Referring to claim 2, Johnson discloses that the execution of programs in the secure workspace include the implementation of encrypted computations that only the program can decrypt (Col. 4, line 48- Col. 5, line 35), which meets the limitation of wherein the first operation comprises at least one of performing an encryption operation, performing a decryption operation. Referring to claim 4, Johnson discloses that a public key, generated along with a corresponding private key, is stored in the secure workspace data structure 114 that is stored in the EC 110 that is part of memory 204 (Col. 4, lines 30-43 & Col. 5, lines 36-43), which meets the limitation of wherein a first public key is stored in the information in the memory defining the first isolated environment, the first public key being part of a first key pair comprising the first public key and a first private key associated with the first user. Referring to claim 8, Johnson discloses that if the user is determined to be the owner of the secure workspace 112, the user is provided with access to the secure workspace 112 (Col. 6, lines 5-13), such that secure workspace access includes the execution of programs loaded in the secure workspace 112 (Col. 4, lines 6-10), which meets the limitation of wherein the information in the memory defining the first isolated environment comprises information identifying program instructions which, when executed, cause the processor to perform the first operation. Referring to claim 9, Johnson discloses that if the user is determined to be the owner of the secure workspace 112, the user is provided with access to the secure workspace 112 (Col. 6, lines 5-13), such that secure workspace access includes the execution of programs loaded in the secure workspace 112 (Col. 4, lines 6-10) such that the identity of the programs loaded into the secure workspace 112 is verified when loaded (Col. 5, lines 4-11: Examiner notes that the notion of a first/second version of a program represents a program name that does not define structure nor does the program name require functional steps to be performed. Therefore, the program name represents non-functional descriptive material that is not given patentable weight. See MPEP 2111.04-2111.05), which meets the limitation of wherein a first version of the program instructions and a second version of the program instructions are stored in the memory, and wherein the information identifying the program instructions comprises an indication of the first version. Referring to claim 11, Johnson discloses that remote resource 104 receives a secure workspace 112 from the client device 102, such that the remote resource 104 stores the received secure workspace 112 in the EC 110 that is part of memory 204 (Col. 4, lines 30-43) and the received secure workspace 112 includes a digital signature (Col. 8, lines 44-51: digital signature reads on the claimed encrypted file), which meets the limitation of wherein information stored in the memory defining the first isolated environment associated with the first user comprises an encrypted file. Referring to claim 13, Johnson discloses a system for establishing secure workspaces that includes a remote resource 104 device accessible to a client device 102 (Col. 3, lines 60-62) such that the remote resource 104 can include a communications module (Col. 2, lines 41-44), memory (Figure 2, 204), and a processor (Col. 10, lines 41-65). The remote resource 104 receives a secure workspace 112 from the client device 102, such that the remote resource 104 stores the received secure workspace 112 in the EC 110 that is part of memory 204 (Col. 4, lines 30-43: secure workspace 112 reads on the claimed first isolated environment). The client device 102 transmits a request to the remote resource such that the secure workspace 112 verifies the request (Col. 8, lines 57-64: secure workspace 112 verifying the request shows that the secure workspace 112 is run; communication between client device 102 and remote resource 104 is performed using communication module as shown in column 2, lines 41-44 & Col. 4. Lines 43-45: secure workspace data structure 114 is stored in EC 110 and used by the EC 110 to generate the secure workspace 112, which is run to verify the request; secure workspace data structure 114 reads on the claimed information stored on the device defining the first isolated environment), which meets the limitation of running a first isolated environment corresponding to a first user on a device in response to receiving a request, wherein the first isolated environment is run using information stored on the device defining the first isolated environment. If the user is determined to be the owner of the secure workspace 112, the user is provided with access to the secure workspace 112 (Col. 6, lines 5-13), such that secure workspace access includes the execution of programs loaded in the secure workspace 112 (Col. 4, lines 6-10), which meets the limitation of receiving a user command [over the first secure connection], executing, in the first isolated environment, a first operation corresponding to the user command. Johnson does not disclose the remote resource 104 performing user authentication and establishing a secure connection with the client device 102 upon successful user authentication. Mishra discloses a container performing user authentication and establishing a service session upon successful user authentication (Col. 8, line 58 – Col. 9, line 31: container would correspond with the secure workspace of Johnson), which meets the limitation of authenticating the first user in the first isolated environment, and if the first user is authenticated, establishing a first [secure] connection with the first user in the first isolated environment, wherein authenticating the first user and establishing the first [secure] connection with the first user are performed within the first isolated environment. It would have been obvious to one of ordinary skill in the before the effective filing date of the claimed invention for the secure workspaces of Johnson to have performed user authentication and established connections in order to provide the ability to update/change access functionality at any time “on-the-fly” without requiring new programming logic as suggested by Mishra (Col. 2, line 55 – Col. 3, line 3). Mishra does not specify that the service sessions are secure. Brin discloses authenticating a user and establishing a secure remote connection with a remote server upon successful authentication ([0073]), which meets the limitation of authenticate the first user in the first isolated environment and, if the first user is authenticated, establishing a first secure connection with the first user in the first isolated environment. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the remote resource 104 to have established a secure communication tunnel with the client device 102 after successful authentication of the client device user in order to securely provide client device users with access to remote data while enabling control over the client devices that access network resources as suggested by Brin ([0005]). Referring to claim 14, Johnson discloses a system for establishing secure workspaces that includes a remote resource 104 device accessible to a client device 102 (Col. 3, lines 60-62) such that the remote resource 104 can include a communications module (Col. 2, lines 41-44), memory (Figure 2, 204), and a processor (Col. 10, lines 41-65). The remote resource 104 receives a secure workspace 112 from the client device 102, such that the remote resource 104 stores the received secure workspace 112 in the EC 110 that is part of memory 204 (Col. 4, lines 30-43: secure workspace 112 reads on the claimed isolated environment). The client device 102 transmits a request to the remote resource such that the secure workspace 112 verifies the request (Col. 8, lines 57-64: secure workspace 112 verifying the request shows that the secure workspace 112 is run; communication between client device 102 and remote resource 104 is performed using communication module as shown in column 2, lines 41-44 & Col. 4. Lines 43-45: secure workspace data structure 114 is stored in EC 110 and used by the EC 110 to generate the secure workspace 112, which is run to verify the request; secure workspace data structure 114 reads on the claimed information stored at the device defining the first isolation environment), which meets the limitation of receiving, at a device, a request to create an isolated environment associated with a first user, creating the first isolated environment associated with the first user using information stored at the device defining the first isolated environment. If the user is determined to be the owner of the secure workspace 112, the user is provided with access to the secure workspace 112 (Col. 6, lines 5-13), such that secure workspace access includes the execution of programs loaded in the secure workspace 112 (Col. 4, lines 6-10), which meets the limitation of receiving information allowing performance of one or more operations in relation to the first user over [the secure connection]. Johnson does not disclose the remote resource 104 performing user authentication and establishing a secure connection with the client device 102 upon successful user authentication. Mishra discloses a container performing user authentication and establishing a service session upon successful user authentication (Col. 8, line 58 – Col. 9, line 31: container would correspond with the secure workspace of Johnson), which meets the limitation of establishing a [secure] connection with the first user in the first isolated environment, wherein establishing the first [secure] connection with the first user are performed within the first isolated environment. It would have been obvious to one of ordinary skill in the before the effective filing date of the claimed invention for the secure workspaces of Johnson to have performed user authentication and established connections in order to provide the ability to update/change access functionality at any time “on-the-fly” without requiring new programming logic as suggested by Mishra (Col. 2, line 55 – Col. 3, line 3). Mishra does not specify that the service sessions are secure. Brin discloses authenticating a user and establishing a secure remote connection with a remote server upon successful authentication ([0073]), which meets the limitation of establish a secure connection with the first user in the first isolated environment, performance of one of more operations in relation to the first user over the secure connection. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the remote resource 104 to have established a secure communication tunnel with the client device 102 after successful authentication of the client device user in order to securely provide client device users with access to remote data while enabling control over the client devices that access network resources as suggested by Brin ([0005]). Referring to claims 15, 16, Johnson discloses the remote resource 104 can include memory (Figure 2, 204) implementing instructions to perform system functionality (Col. 10, lines 22-65), which meets the limitation of non-transitory computer readable storage medium comprising computer readable code configured to cause a computer to perform the method of claim 13 and 14. Claims 3, 5-7, 10 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson, U.S. Patent No. 9,667,628, in view of Mishra, U.S. Patent No. 8,161,173, in view of Brin, EP 3428825, and further in view of Kozlowski, U.S. Publication No. 2019/0332421. Referring to claim 3, Johnson discloses that the execution of programs in the secure workspace include the implementation of encrypted computations that only the program can decrypt (Col. 4, line 48- Col. 5, line 35), which meets the limitation of wherein the first operation is executed using a first application key, and wherein the first application key is retrieved using [the first master key]. Johnson does not disclose that the secure workstations can be encrypted. Kozlowski discloses a first IHS encrypting secured containers using a private migration key ([0054]: private migration key reads on the claimed first master key: IHS would correspond with the remote resource 104 of Johnson), which meets the limitation of wherein a first master key associated with the first user is stored in the information in the memory defining the first isolated environment. Secure containers are decrypted at a second IHS ([0058]: as applied to the secure workspaces of Johnson, decryption of the secure workspaces using the private migration key would allow for the encrypted computations to be performed.), which meets the limitation of wherein the first application key is retrieved using the first master key. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the secure workstations of Johnson to have been encrypted in order to allow for migration of the secure workstations as suggested by Kozlowski ([0054]). Referring to claim 5, Johnson does not specify that the remote resource 104 stores a private key. Kozlowski discloses a first IHS encrypting secured containers using a private migration key ([0048] & [0054]) and that the encrypted secured containers can be digitally signed using a private key that is part of a public/private key pair ([0049] & [0051]), which meets the limitation of wherein a second private key is stored in the information in the memory defining the first isolated environment, the second private key being part of a second key pair comprising the second private key and a second public key. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the secure workstations of Johnson to have been encrypted in order to allow for migration of the secure workstations in a manner that allows for validating the authenticity of the secure workstations as suggested by Kozlowski ([0052] & [0054]). Referring to claim 6, Johnson discloses the client device 102 digitally signing data using the client device private key and transmitting the digital signature to the remote resource 104 (Col. 8, lines 44-60 & Figure 3), which meets the limitation of receiving a communication comprising a first signature from the user. The remote resource 104 verifies the received signature using the secure workspace 112 (Col. 8, lines 60-64 & Figure 3), which meets the limitation of validating, in the first isolated environment, the first signature using the first public key. Johnson does not specify that the remote resource 104 stores a private key. Kozlowski discloses a first IHS encrypting secured containers using a private migration key ([0048] & [0054]) and that the encrypted secured containers can be digitally signed using a private key that is part of a public/private key pair ([0049] & [0051]), which meets the limitation of generating a second signature using the second private key in the first isolated environment. The signed and encrypted secured container is transmitted to the IHS ([0051]) operated by the user ([0047]), which meets the limitation of sending a communication comprising the second signature to the first user. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the secure workstations of Johnson to have been encrypted in order to allow for migration of the secure workstations in a manner that allows for validating the authenticity of the secure workstations as suggested by Kozlowski ([0052] & [0054]). Referring to claim 7, Johnson does not disclose that the secure workstations can be encrypted. Kozlowski discloses a first IHS encrypting secured containers using a private migration key (Figure 5, step 510 & [0054]: private migration key reads on the claimed third key; IHS would correspond with the remote resource 104 of Johnson). Migration key is encrypted using the public key of the verifier (Figure 5, step 520 & [0056]: verifier corresponds with the client device of Johnson), which meets the limitation of encrypting a third key using the first public key in the first isolated environment. Encrypted migration key is transmitted to the verifier ([0056]), which meets the limitation of sending the encrypted third key to the first user. The signed and encrypted secured container is transmitted to the IHS ([0051]) operated by the user ([0047]), which meets the limitation of wherein the third key is used to encrypt communications between the first user and the first isolated environment thus providing the first secure connection. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the secure workstations of Johnson to have been encrypted in order to allow for migration of the secure workstations as suggested by Kozlowski ([0054]). Referring to claim 10, Johnson discloses a system for establishing secure workspaces that includes a remote resource 104 device accessible to a client device 102 (Col. 3, lines 60-62: remote resource 104 reads to the claimed device) such that the remote resource 104 can include a communications module (Col. 2, lines 41-44: communications module reads on the claimed input), memory (Figure 2, 204), and a processor (Col. 10, lines 41-65). The remote resource 104 receives a secure workspace 112 from the client device 102, such that the remote resource 104 stores the received secure workspace 112 in the EC 110 that is part of memory 204 (Col. 4, lines 30-43: secure workspace 112 reads on the claimed isolated environment), which meets the limitation of store information in the memory defining a [second] isolated environment associated with a [second] user. The client device 102 transmits a request to the remote resource such that the secure workspace 112 verifies the request (Col. 8, lines 57-64: secure workspace 112 verifying the request shows that the secure workspace 112 is run; communication between client device 102 and remote resource 104 is performed using communication module as shown in column 2, lines 41-44), which meets the limitation of responsive to a request received through the input, run the [second] isolated environment. If the user is determined to be the owner of the secure workspace 112, the user is provided with access to the secure workspace 112 (Col. 6, lines 5-13), such that secure workspace access includes the execution of programs loaded in the secure workspace 112 (Col. 4, lines 6-10), which meets the limitation of responsive to a user command received [over the second secure connection], execute, in the [second] isolated environment, a [second] operation corresponding to the user command. Johnson does not disclose the remote resource 104 performing user authentication and establishing a secure connection with the client device 102 upon successful user authentication. Brin discloses authenticating a user and establishing a secure remote connection with a remote server upon successful authentication ([0073]), which meets the limitation of authenticate the [second] user in the [second] isolated environment and, if the [second] user is authenticated, establish a [second] secure connection with the [second] user in the [second] isolated environment. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the remote resource 104 to have established a secure communication tunnel with the client device 102 after successful authentication of the client device user in order to securely provide client device users with access to remote data while enabling control over the client devices that access network resources as suggested by Brin ([0005]). Johnson does not specify that the remote resource 104 stores secure workspaces 112 for multiple users. Kozlowski discloses a container service that stores secured containers for multiple users such that the service provides each user with access to their particular container ([0037] & [0046]), which meets the limitation of a second isolated environment associated with a second user, a second secure connection, a second operation corresponding to the user command. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the remote resource 104 of Johnson to have stored secure workspaces 112 for multiple users in order to provide the resources necessary to each user in a manner that promotes user productivity while maintaining security as suggested by Kozlowski ([0037]). Claims 12 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson, U.S. Patent No. 9,667,628, in view of Mishra, U.S. Patent No. 8,161,173, in view of Brin, EP 3428825, and further in view of Porter, “Security in plaintext: use Shielded VMs to harden your GCP workloads”, published in 2018. Referring to claim 12, Johnson discloses the client device 102 digitally signing data using the client device private key and transmitting the digital signature to the remote resource 104 (Col. 8, lines 44-60 & Figure 3), which meets the limitation of a first user device, wherein the first user device [operates a shielded virtual machine, and wherein the first private key is stored in the shielded virtual machine]. Johnson does not specify that the client devices 102 utilize shielded VMs. Porter discloses the utilization of shielded virtual machines to run cloud platform services (Page 4), which meets the limitation of wherein the first user device operates a shielded virtual machine, and wherein the first private key is stored in the shielded virtual machine. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the client devices of Johnson to have utilized shielded VMs in order to access the remote resources in order to provide assurances that the code running on the client devices has not been compromised as suggested by Porter (Page 4). Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Johnson, U.S. Patent No. 9,667,628, in view of Mishra, U.S. Patent No. 8,161,173, in view of Brin, EP 3428825, and further in view of Griffin, U.S. Patent No. 10,764,036. Referring to claim 17, Johnson discloses that the remote resource can be a data server operating as part of a cloud computing architecture (Col. 3, line 65 – Col. 4, line 4). Johnson does not disclose that the remote resource includes an HSM. Griffin discloses a cloud provider server that includes an HSM (Col. 10, lines 58-59), which meets the limitation of wherein the device is a hardware security module. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the remote resource of Johnson to have included an HSM in order to provide protection against penetration or tampering attacks as suggested by Griffin (Col. 10, lines 49-57). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at 5712705143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BENJAMIN E LANIER/ Primary Examiner, Art Unit 2437
Read full office action

Prosecution Timeline

Jul 14, 2023
Application Filed
Jun 12, 2025
Non-Final Rejection — §103
Sep 15, 2025
Response Filed
Sep 22, 2025
Final Rejection — §103
Dec 22, 2025
Request for Continued Examination
Jan 08, 2026
Response after Non-Final Action
Jan 13, 2026
Non-Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/906,646
Patent 12602474
USE OF AN APPLICATION CONTROLLER TO MONITOR AND CONTROL SOFTWARE FILE AND APPLICATION ENVIRONMENTS
2y 5m to grant Granted Apr 14, 2026
18/697,315
Patent 12598079
DIGITAL SIGNATURES WITH KEY-DERIVATION
2y 5m to grant Granted Apr 07, 2026
18/508,345
Patent 12587541
SECURE CONNECTION BROKER FOR SWARM COMMUNICATIONS
2y 5m to grant Granted Mar 24, 2026
18/608,599
Patent 12566846
TURING MACHINE AGENT FOR BEHAVIORAL THREAT DETECTION
2y 5m to grant Granted Mar 03, 2026
19/214,617
Patent 12566884
MULTIMODAL FINGERPRINTING OF DIGITAL ASSETS
2y 5m to grant Granted Mar 03, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
69%
Grant Probability
86%
With Interview (+17.0%)
3y 6m
Median Time to Grant
High
PTA Risk
Based on 913 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month