Prosecution Insights
Last updated: July 17, 2026
Application No. 18/392,805

SYSTEMS AND METHODS FOR PERFORMING REMOTE ATTESTATION ON LEGACY TECHNOLOGY

Non-Final OA §103
Filed
Dec 21, 2023
Examiner
MAHMOUDI, RODMAN ALEXANDER
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
Denso Corporation
OA Round
3 (Non-Final)
80%
Grant Probability
Favorable
3-4
OA Rounds
2m
Est. Remaining
96%
With Interview

Examiner Intelligence

Grants 80% — above average
80%
Career Allowance Rate
197 granted / 247 resolved
+21.8% vs TC avg
Strong +17% interview lift
Without
With
+16.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
18 currently pending
Career history
269
Total Applications
across all art units

Statute-Specific Performance

§101
2.5%
-37.5% vs TC avg
§103
81.6%
+41.6% vs TC avg
§102
1.9%
-38.1% vs TC avg
§112
5.7%
-34.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 247 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendments This communication is in response to the amendments filed on 3 September 2025: Claims 1, 4, 8, 11, 15 and 18 are amended. Claims 1-20 are pending. Response to Arguments In response to Applicant’s remarks filed on 3 September 2025: a. Applicant’s arguments that the amended independent claims clarify and require that the secure boot process and subsequent messaging steps are not merely optional or presented in the alternative, but are instead mandatory steps that occur in response to the outcome of a safety test have been fully considered but is deemed not-persuasive. Applicant’s attention is directed to the fact that the secure boot is only initiated with the device in response to the predetermined condition not being present. In other words, if the predetermined condition IS present, the subsequent steps of initiating a secure boot never occurs. Therefore, the amendments of initiating a secure boot with the device “in response to,” is still presented in the alternative. b. Applicant’s arguments that neither Kornegay nor Goru discloses or suggests the specific sequence and dependencies now required by amended claim 1 have been fully considered but are deemed moot due to the fact that the specific sequence and dependencies are still presented in the alternative. c. Applicant’s arguments that the combination of Kornegay and Goru therefore fails to teach or suggest: (1) performing a safety test to determine whether a predetermined condition is present has been fully considered but is deemed not-persuasive. Applicant’s attention is directed to Goru, Paragraph [0035], see “…when where the vehicle 1 is not parked, meaning that the vehicle 1 is moving, a test is made in order to determine whether a child is present in the child seat…”, which is analogous to performing a safety test configured to determine whether a predetermined condition is present (a vehicle is moving). d. Applicant’s arguments that the cited prior art fails to disclose or suggest the specific sequence and interplay of steps recited in the claims, for example, the claims require: (1) sending an integrity request to a Root of Trust (ROT); (2) sending an attestation request from the ROT to a device, where the attestation request comprises an encrypted secret; and (3) verifying at least one of authenticity, integrity, and freshness of the attestation request with the device has been fully considered but is deemed not-persuasive. Applicant’s attention is directed to Kornegay, Paragraph [0026], see “…integrity measuring by computing hashes of executable code, configuration data, and other system state information…thus establishing a root-of-trust within such heterogeneous network environment” and Kornegay, Paragraph [0027], see “Data traffic module 100 is thus configured to provide integrity measurement to the various legacy components in the non-TPM enabled network 10…”, where “Data traffic module 10” is being read as being comprised in the system that acts as a root-of-trust in heterogeneous computer networks and provides one or more of remote attestation, integrity measuring, secure boot operations, remote authentications, etc., therefore, an integrity request/attestation request/secure boot request is received by the system to provide the different features, which discloses the limitation of (1). Applicant’s attention is further directed to Kornegay, Paragraph [0010], see “…the data traffic module having computer executable code stored thereon configured to provide remote attestation of the one or more legacy components to a trusted remote host computer outside of the system” and Kornegay, Paragraph [0027], see “Data traffic module 100 is thus configured to provide integrity measurement to the various legacy components…The hashtags are used in remote attestation to reliably establish code identity to remote or local verifiers…A secret can be sealed along with a list of hashtags of programs…,” which discloses the limitation of (2). Applicant’s attention is further directed to Kornegay, Paragraph [0009], see “…remote attestation, which allows a trusted device to present reliable evidence to remote parties about the software it is running” and Kornegay, Paragraph [0025], see “…the data traffic module 100 to perform remote attestation and authentication on each respective legacy computing device 208 in order to prevent firmware downgrade/rollback attacks”, which is verifying authenticity and integrity of the attestation request with the device, which discloses the limitation of (3). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-4, 8, 10-11 and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Kornegay et al. (U.S. PGPub. 2018/0196945), hereinafter Kornegay, in view of GORU et al. (U.S. PGPub. 2020/0017066), hereinafter Goru. Regarding claim 1, Kornegay teaches A method for performing remote attestation on legacy technology input (Kornegay, Paragraph [0010], see “…the data traffic module having computer executable code stored thereon configured to provide remote attestation of the one or more legacy components to a trusted remote host computer outside of the system”), the method comprising: sending an integrity request to a Root of Trust (ROT) (Kornegay, Paragraph [0026], see “…integrity measuring by computing hashes of executable code, configuration data, and other system state information…thus establishing a root-of-trust within such heterogeneous network environment”) (Kornegay, Paragraph [0027], see “Data traffic module 100 is thus configured to provide integrity measurement to the various legacy components in the non-TPM enabled network 10…”, where “Data traffic module 10” is being read as being comprised in the system that acts as a root-of-trust in heterogeneous computer networks and provides one or more of remote attestation, integrity measuring, secure boot operations, remote authentications, etc., therefore, an integrity request/attestation request/secure boot request is received by the system to provide the different features); sending an attestation request from the ROT to a device, the attestation request comprising an encrypted secret (Kornegay, Paragraph [0010], see “…the data traffic module having computer executable code stored thereon configured to provide remote attestation of the one or more legacy components to a trusted remote host computer outside of the system”) (Kornegay, Paragraph [0027], see “Data traffic module 100 is thus configured to provide integrity measurement to the various legacy components…The hashtags are used in remote attestation to reliably establish code identity to remote or local verifiers…A secret can be sealed along with a list of hashtags of programs…”); verifying at least one of authenticity, integrity, and freshness of the attestation request with the device (Kornegay, Paragraph [0009], see “…remote attestation, which allows a trusted device to present reliable evidence to remote parties about the software it is running”) (Kornegay, Paragraph [0025], see “…the data traffic module 100 to perform remote attestation and authentication on each respective legacy computing device 208 in order to prevent firmware downgrade/rollback attacks”, which is verifying authenticity and integrity of the attestation request with the device); initiating a secure boot with the device in response to the predetermined condition not being present; in response to the secure boot being successful, the device creates a primary message comprising the encrypted secret, and sends the message to the ROT; in response to the secure boot failing, the device creates a secondary message indicating that the secure boot has failed, and sends the message to the ROT (Applicant’s attention is directed to the fact that the secure boot limitation is presented in the alternative, therefore, since the references provided disclose the predetermined condition being present, the secure boot is never initiated). Kornegay does not teach the following limitation(s) as taught by Goru: performing a safety test configured to determine whether a predetermined condition is present (Goru, Paragraph [0035], see “…when where the vehicle 1 is not parked, meaning that the vehicle 1 is moving, a test is made in order to determine whether a child is present in the child seat…”, which is analogous to performing a safety test configured to determine whether a predetermined condition is present (a vehicle is moving)). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Kornegay, by implementing techniques of performing a safety test configured to determine whether a vehicle is moving, disclosed of Goru. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for performing remote attestation on legacy technology, comprising of performing a safety test configured to determine whether a vehicle is moving. This allows for better security management and safety to determine whether a vehicle is in a predetermined condition during the safety test. Goru is deemed as analogous art due to the art disclosing techniques of performing a safety test configured to determine whether a vehicle is moving (Goru, Paragraph [0035]). Regarding claim 2, Kornegay does not teach the following limitation(s) as taught by Goru: The method of claim 1, wherein the legacy technology is related to a vehicle, and the predetermined conditions is at least one of: a vehicle is in drive, the vehicle is not in park, or the vehicle is moving (Goru, Paragraph [0035], see “…when where the vehicle 1 is not parked, meaning that the vehicle 1 is moving, a test is made in order to determine whether a child is present in the child seat…”, which is analogous to performing a safety test configured to determine whether a predetermined condition is present (a vehicle is moving)). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Kornegay, by implementing techniques of the predetermined condition being when the vehicle is moving, disclosed of Goru. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for performing remote attestation on legacy technology, comprising of the predetermined condition being when the vehicle is moving. This allows for better security management and effectiveness for performing the safety test when the predetermined condition is met. Goru is deemed as analogous art due to the art disclosing techniques of the predetermined condition being when the vehicle is moving (Goru, Paragraph [0035]). Regarding claim 3, Kornegay as modified by Goru teaches The method of claim 1, wherein the primary message further comprises an indication that the secure boot was successful (Applicant’s attention is directed to the fact that the secure boot limitation is presented in the alternative, therefore, since the references provided disclose the predetermined condition being present, the secure boot is never initiated). Regarding claim 4, Kornegay as modified by Goru teaches The method of claim 1, wherein, in response to the secure boot failing, the device creates a message indicating that the secure boot has failed, and sends the message to the ROT (Applicant’s attention is directed to the fact that the secure boot limitation is presented in the alternative, therefore, since the references provided disclose the predetermined condition being present, the secure boot is never initiated). Regarding claims 8 and 15, the claims are rejected under the same reasoning as claim 1. Regarding claims 10 and 17, the claims are rejected under the same reasoning as claim 3. Regarding claims 11 and 18, the claims are rejected under the same reasoning as claim 4. Regarding claim 16, the claim is rejected under the same reasoning as claim 2. Claims 5-6, 12-13 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kornegay, in view of Goru, in further view of POCHEUV et al. (U.S. PGPub. 2020/0145409), hereinafter Pocheuv. Regarding claim 5, Kornegay as modified by Goru do not teach the following limitation(s) as taught by Pocheuv: The method of claim 1, wherein the integrity request is sent from a remote server to the ROT or based on a scheduled task stored by the ROT (Pocheuv, Paragraph [0064], see “…The authentication policy server 112 sends the authentication request 903 to the RoT identity server 114…”, which is analogous to the integrity request being sent from a remote server (authentication policy server) to the ROT (RoT identity server)). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Kornegay, and techniques disclosed of Goru, by implementing techniques of the integrity request being sent from a remote server to the ROT, disclosed of Pocheuv. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for performing remote attestation on legacy technology, comprising of the integrity request being sent from a remote server to the ROT. This allows for better security management and allows for the ROT to access data and resources from anywhere remotely with an internet connection. Pocheuv is deemed as analogous art due to the art disclosing techniques of the integrity request being sent from a remote server to the ROT (Pocheuv, Paragraph [0064]). Regarding claim 6, Kornegay as modified by Goru and further modified by Pocheuv teaches The method of claim 5, further comprising sending a message, with the ROT, to the remote server indicating whether the secure boot was successful or failed (Applicant’s attention is directed to the fact that the secure boot limitation is presented in the alternative, therefore, since the references provided disclose the predetermined condition being present, the secure boot is never initiated). Regarding claim 12, the claim is rejected under the same reasoning as claim 5. Regarding claims 13 and 19, the claims are rejected under the same reasoning as claim 6. Claims 7, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kornegay, in view of Goru, in further view of Sheth et al. (U.S. PGPub. 2022/0070251), hereinafter Sheth. Regarding claim 7, Kornegay as modified by Goru do not teach the following limitation(s) as taught by Sheth: The method of claim 1, further comprising: verifying the integrity of the received integrity request with the ROT (Sheth, Paragraph [0058], see “…the kernel metrics storage service may require that the application provide a nonce in order to prevent MitM and replay attacks. If the kernel metrics storage service successfully validates the connection details provided…”, which is analogous to verifying the integrity of the received integrity request); and verifying the test is safe to proceed based on the verified integrity request (Sheth, Paragraph [0058], see “…If the kernel metrics storage service successfully validates the connection details provided by the application, the kernel metrics storage service may generate a response comprising the requested kernel secure boot metrics for the kernel, the nonce provided by the application, and the description of the connection validated by the kernel metrics storage service,” where “response” is analogous to verifying that the test is safe to proceed based on the verified integrity request). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Kornegay, and techniques disclosed of Goru, by implementing techniques of verifying the integrity of the integrity request and verifying that the test is safe to proceed based on the verified integrity request, disclosed of Sheth. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for performing remote attestation on legacy technology, comprising of verifying the integrity of the integrity request and verifying that the test is safe to proceed based on the verified integrity request. This allows for better security management by validating the request before providing the details needed to fulfil the request (perform the test)). Sheth is deemed as analogous art due to the art disclosing techniques of verifying the integrity of the integrity request and verifying that the test is safe to proceed based on the verified integrity request (Sheth, Paragraph [0058]). Regarding claims 14 and 20, the claims are rejected under the same reasoning as claim 7. Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Kornegay, in view of Goru, in further view of SCHMIDT et al. (U.S. PGPub. 2018/0270230), hereinafter Schmidt. Regarding claim 9, Kornegay as modified by Goru do not teach the following limitation(s) as taught by Schmidt: The computer program product of claim 8, wherein the computer readable code when executed using one or more computing device processors, cause the one or more computing processors to: perform a safety test and a reboot with the device (Schmidt, Paragraph [0024], see “…the authenticity test is performed when starting up or booting the motor vehicle, when the device and/or the switch device are switched on or taken into operation after a parked phase”). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Kornegay, and techniques disclosed of Goru, by implementing techniques of performing a safety test and a reboot with the device, disclosed of Schmidt. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for performing remote attestation on legacy technology, comprising of performing a safety test and a reboot with the device. This allows for better security management by performing a safety test alongside a reboot with the device to ensure the device is at its peak performance and capabilities. Schmidt is deemed as analogous art due to the art disclosing techniques of performing a safety test and a reboot with the device (Schmidt, Paragraph [0024]). Conclusion THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747. The examiner can normally be reached on M-F 11:00am – 7:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /RODMAN ALEXANDER MAHMOUDI/Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

Dec 21, 2023
Application Filed
Jun 11, 2025
Non-Final Rejection mailed — §103
Sep 03, 2025
Response Filed
Dec 23, 2025
Final Rejection mailed — §103
Mar 20, 2026
Notice of Allowance
Mar 25, 2026
Response after Non-Final Action
Apr 12, 2026
Response after Non-Final Action
Jul 13, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12651053
APP PROFILE VERIFICATION SETUP
2y 0m to grant Granted Jun 09, 2026
Patent 12645780
VEHICLE CONTROL DEVICE, SYSTEM, AND METHOD
2y 0m to grant Granted Jun 02, 2026
Patent 12647432
Quantification of Adversary Tactics, Techniques, and Procedures using Threat Attribute Groupings and Correlation
1y 10m to grant Granted Jun 02, 2026
Patent 12632559
OPEN-SOURCE SOFTWARE VULNERABILITY ANALYSIS
7y 9m to grant Granted May 19, 2026
Patent 12632533
INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM
2y 3m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
80%
Grant Probability
96%
With Interview (+16.7%)
2y 9m (~2m remaining)
Median Time to Grant
High
PTA Risk
Based on 247 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month