Office Action Predictor
Last updated: April 15, 2026
Application No. 18/366,924

Managing Edge Application Permissions

Final Rejection §103
Filed
Aug 08, 2023
Examiner
WYSZYNSKI, AUBREY H
Art Unit
2434
Tech Center
2400 — Computer Networks
Assignee
Cisco Technology, INC.
OA Round
2 (Final)
89%
Grant Probability
Favorable
3-4
OA Rounds
2y 8m
To Grant
99%
With Interview

Examiner Intelligence

Grants 89% — above average
89%
Career Allow Rate
635 granted / 710 resolved
+31.4% vs TC avg
Strong +23% interview lift
Without
With
+22.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
26 currently pending
Career history
736
Total Applications
across all art units

Statute-Specific Performance

§101
11.4%
-28.6% vs TC avg
§103
35.8%
-4.2% vs TC avg
§102
25.0%
-15.0% vs TC avg
§112
8.1%
-31.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 710 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-20 are pending. Response to Arguments Applicant’s arguments and amendments, filed 09/18/25, with respect to claims 3-4 and 10-20 have been fully considered and are persuasive. The 35 USC § 103 rejection of claims 3-4 and 10-20 has been withdrawn. As per claim 1, Applicant's arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2 and 5-9 are rejected under 35 U.S.C. 103 as being unpatentable over Zhu et al, US 2023/0344899 and further in view of Pabon et al, US 2022/0385647. Regarding claim 1, Zhu teaches an apparatus, comprising: one or more processors; one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the apparatus to perform operations comprising: accessing a first description of a plurality of edge applications and a cluster level security policy (107: method 200, the cluster-level redirection policy or cluster-level proxy policy is one of two or more application-specific policies for the edge cluster), wherein the plurality of edge applications and the cluster level security policy are deployed on an edge site of an Internet of Things (IoT) network (Fig. 2A network and abstract: The cluster level reinforcement learning model optimizes a policy for an application that determines which neighboring edge node shall be considered to handle a client request for the given application in case of redirection or proxy by the edge node receiving the client request). Zhu lacks or does not expressly disclose description of a storage related operation. However, Pabon teaches receiving a second description of a storage related operation associated with an edge application to be deployed on the edge site; determining a permission level associated with the storage related operation based on the first description and the second description (Fig. 6, 606: determine whether the worker node is authorized to perform one or more operations on a storage system associated with the cluster); determining, using the cluster level security policy and the permission level associated with the storage related operation, an updated cluster level security policy (00264: At operation 606, application 410 may determine, based on the second authentication, whether worker node 406 is authorized to perform one or more operations on the storage system associated with cluster 402); in response to determining the permission level is privileged, performing, using a first secure agent, an edge cluster, and the updated clustered level security policy, the storage related operation associated with the edge application on the edge site of the IoT network (0264: f worker node 406 successfully passes the second authentication, application 410 may authorize worker node 406 to access the storage system and perform the one or more operations on the data stored within the storage system. In some examples, the authorization granted to worker node 406 based on the second authentication may be referred to a second level of permissions or a second level of access granted to worker node 406, which second level of access provides a different set of permissions to worker node 406 than does the first level of access. On the other hand, if worker node 406 fails the second authentication, application 410 may reject worker node 406 from accessing the storage system and performing the one or more operations on the data stored within the storage system.). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zhu with Pabon to include a storage related operation in order to determine whether a node is authorized, as taught by Pabon, paragraph 00264. Regarding claim 2, Pabon as modified above further discloses apparatus of claim 1, wherein the one or more components of the apparatus perform operations further comprising: in response to determining the permission level is not privileged, performing, using a second secure agent, the edge cluster, and the updated clustered level security policy, the storage related operation associated with the edge application on the edge cluster of the edge site of the IoT network, wherein the second secure agent is a secure agent for non-privileged operations and the second secure agent is different from the first secure agent (Fig. 7, 704: perform a second authentication for the worker node). Regarding claim 5, Pabon as modified above further discloses apparatus of claim 1, wherein the plurality of edge applications are associated with one or more applications executed in the edge cluster on the edge site of the IoT network (0177 and 0185: IoT). Regarding claim 6, Pabon as modified above further discloses apparatus of claim 1, wherein the plurality of edge applications are Kubernetes® operations (092: Kubernetes). Regarding claim 7, Pabon as modified above further discloses apparatus of claim 1, wherein the one or more components of the apparatus perform operations further comprising: in response to determining the permission level is privileged, extending one or more existing resource types available in the edge cluster of the edge site of the IoT network (0193: the systems described above may be deployed in a variety of ways, including being deployed in ways that support fifth generation (‘5G’) networks. 5G networks may support substantially faster data communications than previous generations of mobile communications networks and, as a consequence may lead to the disaggregation of data and computing resources as modern massive data centers may become less prominent and may be replaced, for example, by more-local, micro data centers that are close to the mobile-network towers.). Regarding claim 8, Pabon as modified above further discloses apparatus of claim 7, wherein the one or more existing resource types comprise one or more new storage class types and correlating provisioner configuration (0024: the storage array controllers 110A-D may be configured to carry out various storage task). Regarding claim 9, Pabon as modified above further discloses apparatus of claim 1, wherein the storage related operation is a Linux® OS operation with privileged mechanisms comprising Longhorn StorageClass, Persistent Volumes (PV) creation, and PV deletion (0194: to support ZNS, the storage controllers described herein may be configured with to interact with zoned block devices through the usage of, for example, the Linux™ kernel zoned block device interface or other tools.). Allowable Subject Matter Claims 10-20 are allowed. Claims 3 and 4 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form combining and including all of the limitations of the base claim and any intervening claims. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMBIZ ZAND can be reached at 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /AUBREY H WYSZYNSKI/Examiner, Art Unit 2434
Read full office action

Prosecution Timeline

Aug 08, 2023
Application Filed
Jun 14, 2025
Non-Final Rejection — §103
Sep 17, 2025
Applicant Interview (Telephonic)
Sep 17, 2025
Examiner Interview Summary
Sep 18, 2025
Response Filed
Dec 27, 2025
Final Rejection — §103
Mar 30, 2026
Request for Continued Examination
Apr 03, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12598211
CYBERATTACK SCORING METHOD, CYBERATTACK SCORING APPARATUS, AND COMPUTER READABLE STORAGE MEDIUM STORING INSTRUCTIONS TO PERFORM CYBERATTACK SCORING METHOD
2y 5m to grant Granted Apr 07, 2026
Patent 12592932
METHOD AND SYSTEM FOR AN INTEGRATED PROCESS TO STREAMLINE PRIVILEGED ACCESS MANAGEMENT
2y 5m to grant Granted Mar 31, 2026
Patent 12580964
OPTIMIZATION FOR ACCESS POLICIES IN COMPUTER SYSTEMS
2y 5m to grant Granted Mar 17, 2026
Patent 12580887
SCALABLE FLOW DIFFERENTIATION FOR NETWORKS WITH OVERLAPPING IP ADDRESSES
2y 5m to grant Granted Mar 17, 2026
Patent 12580967
CONTEXTUAL SECURITY POLICY ENGINE FOR COMPUTE NODE CLUSTERS
2y 5m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
89%
Grant Probability
99%
With Interview (+22.9%)
2y 8m
Median Time to Grant
Moderate
PTA Risk
Based on 710 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month