Prosecution Insights
Last updated: July 17, 2026
Application No. 18/326,945

TECHNIQUES FOR VERIFYING CREDENTIALS WHEN ACCESSING SHARED STORAGE

Final Rejection §103
Filed
May 31, 2023
Examiner
JACKSON, JENISE E
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
NVIDIA Corporation
OA Round
3 (Final)
76%
Grant Probability
Favorable
4-5
OA Rounds
6m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 76% — above average
76%
Career Allowance Rate
408 granted / 540 resolved
+17.6% vs TC avg
Strong +32% interview lift
Without
With
+32.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 7m
Avg Prosecution
9 currently pending
Career history
551
Total Applications
across all art units

Statute-Specific Performance

§101
4.3%
-35.7% vs TC avg
§103
83.0%
+43.0% vs TC avg
§102
9.1%
-30.9% vs TC avg
§112
1.9%
-38.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 540 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to amendments filed 3/12/2026. Claims 1-20 have been examined. This office action is Final. Response to Amendments Applicant's arguments filed 3/12/2026 have been fully considered but they are not persuasive. The Applicant states that Horn discloses “determining whether an access terminal is authorized to perform a requested operation. In Horn, an access terminal sends a request to access data, and an access system determines whether the access is authorized based on whether a node identifier (ID) for the access terminal is included in a list of authorized nodes”. See Horn at [0042]. The Examiner disagrees with the Applicant. Horn does not disclose in citation the above. Horn discloses authenticating file operations on file stored in a database file system where the database file system can authenticate a client-user request based upon the client-user’s database credentials (see Abstract). Horn discloses a file operation request from the client-user. The client-user has a user ID (UID). The client UID is compared against the UID associated with the particular file. Authentication occurs when the client has privileges to perform the requested file operations (Horn: para. 0025). The mapping is the UID compared against the UID associated with the file. The prior art of Zhao discloses a mapping a first user identifier associated with the first request and a first identifier (i.e. file identifier) associated with the first request, and in response, determining that the request is authorized (Zhao: para. 0083). Zhao discloses authentication request includes a user identifier and file identifier and authentication is performed and return an authentication result to determine whether the user has a relevant right to operate the file (Zhao: para. 0083). The prior art of Surin discloses determining whether credential data includes a mapping that specifies both a user ID and an ID associated with a received request, because Surin discloses authentication request an identifier of user device (Surin: para. 0055). Surin discloses additional information may be included in the authentication request (Surin: para. 0056). The Examiner asserts that this includes a user ID. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 7, 10-11, 16-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Morris (2016/0140354) in view of Horn et al. (2009/0197570). As per claim 1, Morris discloses a computer-implemented method for filtering requests to access a storage system, the method comprising: receiving credential data from a scheduling server (Morris: para. 0014, receiving credentials); receiving a first request from a first compute node (Morris: para. 0017, receiving file operation request from a client); determining that the credential data includes a mapping that specifies a first user identifier associated with the first request , and in response, determining that the first request is authorized (Morris: para. 0025, determine if the request is authorized based on the (UID) associated with the first request), and causing a file server to perform at least one operation at a first location within the storage system in accordance with the first request (Morris: para. 0020, 0023, 0025, DBMS to perform at least one operation (i.e. create file, open, read, write, create or change directory) at a first location with the storage system in accordance with the first request). Morris does not disclose a first identifier associated with the first request. However, Horn discloses a first identifier associated with the first request (Horn: para. 0042, requesting node ID). It would have been obvious to one of ordinary skill at the time of the effective filing date of the claimed invention to include first identifier associated with the first request of Horn with the system/method of Morris, the motivation is that the node ID provides a unique label for a device allowing for precise identification (Horn: para. 0042). As per claim 7, Morris, and Horn disclose the computer-implemented method of claim 1. Morris further discloses wherein the first compute node comprises a data processing unit (Morris: para. 0017), and the first node identifier corresponds to the data processing unit or a first client node associated with both the first request and the data processing unit (Morris: para. 0025, client node associated with the request and data processing unit). As per claim 10, Morris, and Horn disclose the computer-implemented method of claim 1. Morris further discloses wherein the storage system comprises at least one of shared file storage, shared block storage, or object storage (Morris: para. 0042, claim recites “at least one”, shared storage). As per claims 11 and 20, rejected under similar scope as claim 1 above. As per claim 16, Morris and Horn disclose the one or more non-transitory computer readable media of claim 11. Morris further discloses wherein the at least one operation either establishes a connection between a data processing unit associated with the first compute node and the file server or mounts a directory corresponding to the first location on the data processing unit (Morris: para. 0040, establishes a connection between a data processing unit associated with the first compute node and the file server). As per claim 17, Morris, and Horn disclose the one or more non-transitory computer readable media of claim 11. The combination of Morris, and Horn further discloses receiving a second request from a second compute node; determining that the second request is authorized based on a second user identifier associated with the second request (Morris: para. 0017, receiving file operation request from a client; on a per request basis, the Examiner asserts includes more than one request), a second node identifier associated with the second compute node (Horn: para. 0042), and the credential data; and causing the file server to perform a first operation at a second location within the storage system in accordance with the second request (Morris: para. 0017, credential data (i.e. user identifier). Same motivation as claim 1 above. As per claim 19, Morris, and Horn disclose the one or more non-transitory computer readable media of claim 11. Morris further discloses wherein the at least one operation comprises a file write operation, a file read operation, a file open operation, a file close operation, a file creation operation, a file deletion operation, a directory listing operation, a directory creation operation, or a directory deletion operation (Morris: para. 0020, “at least one” only one needs to be recited, Morris discloses create file, open, read, write, create directory, list directory, change directory). Claims 2-5, and 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over Morris (2016/0140354) in view of Horn et al. (2009/0197570) and further in view of Surin et al. (2022/0207527). As per claim 2, Morris and Horn disclose the computer-implemented method of claim 1. Morris and Zhao do not disclose wherein the credential data comprises one or more authorization mappings, and each authorization mapping specifies a node identifier and one or more user identifiers. However, analogous art of Surin discloses wherein the credential data comprises one or more authorization mappings, and each authorization mapping specifies a node identifier and one or more user identifiers (Surin: para. 0047 mapping device identifier (i.e. node identifier) and credential(i.e. user identifier). It would have been obvious to one of ordinary skill at the time of the effective filing date of the claimed invention to include the credential data comprises one or more authorization mappings, and each authorization mapping specifies a node identifier and one or more user identifiers of Surin with Morris, the motivation is that mapping links the node identifier and user identifier together in an efficient manner (Surin: para. 0047). As per claim 3, Morris, and Horn disclose the computer-implemented method of claim 1. Morris, and Horn do not disclose wherein determining that the first request is authorized comprises determining that a first authorization mapping included in the credential data includes both the first node identifier and the first user identifier. However, analogous art of Surin discloses determining that the first request is authorized comprises determining that a first authorization mapping included in the credential data includes both the first node identifier and the first user identifier (Surin: mapping device identifier and credential (i.e. first user identifier). It would have been obvious to one of ordinary skill at the time of the effective filing date of the claimed invention to include determining that the first request is authorized comprises determining that a first authorization mapping included in the credential data includes both the first node identifier and the first user identifier of Surin with Morris, and Horn, the motivation is that mapping links the node identifier and user identifier together in an efficient manner (Surin: para. 0047). As per claim 4, Morris, Horn and Surin disclose the computer-implemented method of claim 1. The combination of Morris, and Horn further disclose receiving a second request from the first compute node (Morris: para. 0017, receiving file operation request from a client; on a per request basis, the Examiner asserts includes more than one request); determining that the second request is not authorized based on a second user identifier associated with the second request (Morris: para. 0025-0026, denies the client request), the first node identifier (Horn: para. 0042, node ID), and the credential data (Morris: para. 0025, credential data (i.e. user identifier) ; and transmitting a response to the first compute node indicating that the second request is not authorized (Morris: para. 0031, denies the request). Same motivation as claim 1 above. As per claim 5, Morris, Horn, and Surin disclose the computer-implemented method of claim 4. The combination of Morris and Surin further discloses wherein determining that the second request is not authorized (Morris: para. 0017, 0026, on a per request basis, the Examiner asserts includes more than one request, request is not authorized is denied) comprises determining that no authorization mapping included in the credential data includes both the first node identifier and the first user identifier (Surin: para. 0047 mapping device identifier (i.e. node identifier) and credential(i.e. user identifier). Same motivation as claim 1 above. As per claims 12-14, rejected under similar scope as claims 2-4. Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Morris (2016/0140354) in view of Horn (2009/0197570) and further in view of Yoshida (2004/0064485). As per claim 6, Morris, and Horn disclose the computer-implemented method of claim 1. Morris, and Horn do not disclose wherein the first compute node comprises a proxy server, and the first node identifier corresponds to a first client node. Yoshida discloses wherein the first compute node comprises a proxy server, and the first node identifier corresponds to a first client node (Yoshida: para. 0035, proxy server). It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include first compute node comprises a proxy server, and the first node identifier corresponds to a first client node of Yoshida with Morris and Horn, the motivation is that having a proxy server enhances security (Yoshida: para. 0035, proxy server). As per claim 15, rejected under similar scope as claim 6 above. Claim Objections Claims 8-9, and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Prior arts of Morris (2016/0140354) and Zhao (2014/0365537) do not disclose the limitations of claims 8-9, and 18. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791. The examiner can normally be reached M-F 7:00am-3:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip J Chea can be reached at (571) 272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 6/2/2026 /J.E.J/Examiner, Art Unit 2499 /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

May 31, 2023
Application Filed
Jun 04, 2025
Non-Final Rejection mailed — §103
Sep 03, 2025
Response Filed
Dec 16, 2025
Non-Final Rejection mailed — §103
Mar 12, 2026
Response Filed
Jun 10, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682049
METHOD AND SYSTEM FOR INSERTION OF CYBERSECURITY AND HARDWARE ASSURANCE INSTRUMENTS WITHIN INTEGRATED CIRCUITS AND ELECTRONIC SYSTEMS USING MULTI-STAGE HARDWARE MARKING
1y 6m to grant Granted Jul 14, 2026
Patent 12657283
PROCESSING METHOD OF REMOTE ATTESTATION REPORT, DATABASE SERVICE END AND DATABASE CLIENT END
1y 8m to grant Granted Jun 16, 2026
Patent 12647780
COMMUNICATION APPARATUS, CONTROL METHOD FOR INFORMATION PROCESSING APPARATUS, AND CONTROL METHOD FOR SYSTEM
3y 1m to grant Granted Jun 02, 2026
Patent 12609827
AUTHENTICATION BASED ON TRANSACTIONS STORED IN BLOCKCHAIN
4y 7m to grant Granted Apr 21, 2026
Patent 12609922
MULTI-FACTOR ENABLED ACCESS USING RANDOMLY SELECTED DIGITAL IDENTITY AUTHENTICATION FACTORS
3y 0m to grant Granted Apr 21, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

4-5
Expected OA Rounds
76%
Grant Probability
99%
With Interview (+32.0%)
3y 7m (~6m remaining)
Median Time to Grant
High
PTA Risk
Based on 540 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month