Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsMicrosoft Technology Licensing, LLC › 18400471
Last updated: May 29, 2026
Application No. 18/400,471

APPLICATION IDENTIFICATION

Non-Final OA §101§102§103
Filed
Dec 29, 2023
Priority
Dec 08, 2023 — provisional 63/608,143
Examiner
MAHMOUDI, RODMAN ALEXANDER
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
Microsoft Technology Licensing, LLC
OA Round
1 (Non-Final)
80%
Grant Probability
Favorable
1-2
OA Rounds
4m
Est. Remaining
96%
With Interview

Interview Optional

+16.5% interview lift. Interview already conducted in this application's prosecution history. This examiner has a 80% grant rate with +16.5% interview lift. Since an interview has already been tried, recommend written response with narrowed claims based on precedent claim evolution patterns.
Based on 244 resolved cases, 2023–2026

Examiner Intelligence

MAHMOUDI, RODMAN ALEXANDER View full profile →
Grants 80% — above average
80%
Career Allowance Rate
195 granted / 244 resolved
+21.9% vs TC avg
Strong +16% interview lift
Without
With
+16.5%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
13 currently pending
Career history
267
Total Applications
across all art units

Statute-Specific Performance

§101
2.6%
-37.4% vs TC avg
§103
82.4%
+42.4% vs TC avg
§102
2.0%
-38.0% vs TC avg
§112
4.8%
-35.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 244 resolved cases

Office Action

§101 §102 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Objections Claim 14 is objected to because of the following informalities: In Claim 14, Line 4 “…challenge answer is the hah value” should read “…challenge answer is the hash value” Appropriate correction is required. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 12-19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Regarding claim 12, the claim recites the abstract idea of a mental process. For example limitations: receiving a challenge request; providing a challenge input to a challenge computation; providing the candidate challenge answer to the verifier; see MPEP 2106.04. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim only includes well-understood, routine, conventional computer functions in addition to the cited abstract idea and does not recite an inventive concept. see MPEP 2106.05(d) For example the courts have recognized the following computer functions as well understood, routine, and conventional. Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network); but see DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1258, 113 USPQ2d 1097, 1106 (Fed. Cir. 2014) ("Unlike the claims in Ultramercial, the claims at issue here specify how interactions with the Internet are manipulated to yield a desired result‐‐a result that overrides the routine and conventional sequence of events ordinarily triggered by the click of a hyperlink." (emphasis added)); Storing and retrieving information in memory, Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93; Furthermore, this judicial exception is not integrated into a practical application. In particular, the claim recites two additional elements – an application and a verifier. The application and verifier are recited at a high-level of generality such that it amounts to no more than using a generic computer component. Accordingly, the additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. MPEP section 2106.05 I is titled THE SEARCH FOR AN INVENTIVE CONCEPT; here, the MPEP makes it clear that patentability does not rest on novelty or non-obviousness alone, but that there must be an inventive concept. Section A provides six examples of what may constitute an inventive concept; applicants claim does not include limitations corresponding to any of the items i-vi. Section A also provides 4 examples of what may not constitute an inventive concept; similarly, applicant’s claim does not include limitations that amount to enough to qualify as significantly more than the abstract idea itself because the limitations in addition to the abstract ideas amount to insignificant extra-solution activity, a general linking the use of the judicial exception to a particular technological environment or field of use, and well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception. Regarding claims 13-19, the claims recite limitations that are considered insignificant extra-solution activities that fail to integrate the concept into a practical application. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-2, 4, 8, 11-14 and 19-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Shao et al. (U.S. PGPub. 2017/0180373), hereinafter Shao. Regarding claim 1, Shao teaches A method for verifying an application structured to execute on a client device (Shao, Paragraph [0001], see “…systems and methods that limit access to online resources by verifying browser authenticity through challenges and responses”) (Shao, Paragraph [0082], see “…The system 500 can be implemented using a client-server architecture that includes a server 510 that communicates with one or more requesting devices 530…”), the method comprising: sending, to the application, a challenge request (Shao, Paragraph [0018], see “…the verification system can provide a challenge to the requesting device…the challenge can require the requesting device to perform a browser task that causes the requesting device to generate a response that can be used to determine if the browser is authorized to access the online resource”, which is being read as sending to the application, a challenge request); receiving, from the application in response to the challenge request, a candidate challenge answer (Shao, Paragraph [0050], see “…method (200) can include receiving a response to the challenge from requesting device 110…The response can include a second set of data generated by the browser of requesting device 110 through performance of the browser task with respect to the first set of data”, where “second set of data” is being read as comprising a candidate challenge answer); providing, as input to a verification computation, the candidate challenge answer and a challenge input (Shao, Paragraph [0022], see “The verification system can receive the response from the requesting device and determine whether the browser of the requesting device is an authorized browser…the verification system can compare the second set of data (included in the response) to target data…”, where “target data” is being read as comprising a challenge input and where the comparison between the target data and the second set of data is being read as input to a verification computation); determining, based on an output of the verification computation, that the candidate challenge answer is generated by providing the challenge input to a challenge computation (Shao, Paragraph [0038], see “…The responses included in the target data can include metadata, a pointer, a link, and/or some other type of identifier by which verification system 104 can identify which responses are associated with a particular challenge…”) (Shao, Paragraph [0039], see “…the responses stored in the target data can be associated with a browser-type…The known responses can be associated with one or more browser-types of one or more browsers that are known to generate a known response to a given challenge”, which is being read as determining that the candidate challenge answer is generated by providing the challenge input to a challenge computation); and based on the determination that the candidate challenge answer is generated by providing the challenge input to the challenge computation, verifying the application (Shao, FIG. 2, see “210”, which determines whether the browser (application) of the requesting device is an authorized browser) (Shao, Paragraph [0023], see “Based at least in part on the comparison of the second set of data to the target data, the verification system can determine if the browser of the requesting device is an authorized browser…The verification system can determine whether the browser-type associated with the browser is an authorized browser-type…in the event that the browser-type associated with the browser of the requesting device is an authorized browser-type, the verification system can determine that the browser is an authorized browser”). Regarding claim 2, Shao teaches The method of claim 1, wherein the challenge input comprises challenge seed data (Shao, Paragraph [0025], see “…the verification system can generate a challenge that includes a plurality of portions. Each portion can include one or more seeds, where each seed represents or otherwise includes a different browser task to be performed and/or the respective data upon which the task should be performed…”), wherein the method further comprises: generating the challenge seed data (Shao, Paragraph [0025], see “…the verification system can generate a challenge that includes a plurality of portions. Each portion can include one or more seeds, where each seed represents or otherwise includes a different browser task to be performed and/or the respective data upon which the task should be performed…”); sending the challenge seed data to the application in the challenge request (Shao, Paragraph [0026], see “…every challenge provided by the verification system will include the one or more static seeds…”); storing the challenge seed data in a memory (Shao, Paragraph [0037], see “…As verification system 104 generates challenges and receives responses, it may store the challenge-response pair in the target database 106”, where storing challenge-response pairs includes storing the challenge seed data); and retrieving the challenge seed data from the memory in response to receiving the candidate challenge answer for providing as input to the verification computation (Shao, Paragraph [0037], see “…The target data can include, for example, one or more previously received responses to one or more challenges and the data associated therewith…”, where “the data associated therewith” is being read as including the challenge seed data) (Shao, Paragraph [0038], see “…target data can include previously received and/or known indications of browser DOM, SVG images, hash values, and/or other portions of a response for each verification challenge. The responses included in the target data can include metadata, a pointer, a link, and/or some other type of identifier by which verification system 104 can identify which responses are associated with a particular challenge…”) (Shao, Paragraph [0041], see “…Verification system 104 can be configured to compare the second set of data (included in the response) to the target data to determine whether an authorized browser exists”, which is being read as retrieving the challenge seed data (comprised within the target data of known responses and data associated therewith) from the memory (target database) in response to receiving the challenge answer for providing as input to the verification computation (i.e., comparison)). Regarding claim 4, Shao teaches The method of claim 1, wherein the candidate challenge answer is a candidate hash value (Shao, Paragraph [0021], see “…A response can include a second set of data generated by the browser of the requesting device…a second stage requires the requesting device to apply a hash function to the intermediate answer to provide a hashed answer…”, where “hashed answer” is being read as a candidate hash value), wherein the verification computation, when executed, is configured to: apply a hash function to the challenge input to generate a target hash value (Shao, Paragraph [0038], see “…target data can include previously received and/or known indications of browser DOM, SVG images, hash values, and/or other portions of a response for each verification challenge. The responses included in the target data can include metadata, a pointer, a link, and/or some other type of identifier…”, where “target data” is being read as comprising a target hash value); and compare the target hash value to the candidate hash value to determine that the target hash value is equal to the candidate hash value (Shao, Paragraph [0022], see “…the verification system can compare the second set of data (included in the response) to target data…”, where “second set of data” comprises the hashed answer and where “target data” includes the target hash value); wherein it is determined that the candidate challenge answer is generated by providing the challenge input to the challenge computation based on the determination that the target hash value is equal to the candidate hash value (Shao, Paragraph [0022], see “The verification system can receive the response from the requesting device and determine whether the browser of the requesting device is an authorized browser…the verification system can compare the second set of data to target data…”) (Shao, Paragraph [0038], see “…The responses included in the target data can include metadata, a pointer, a link, and/or some other type of identifier by which verification system 104 can identify which responses are associated with a particular challenge…”) (Shao, Paragraph [0039], see “…the responses stored in the target data can be associated with a browser-type…The known responses can be associated with one or more browser-types of one or more browsers that are known to generate a known response to a given challenge”, which is being read as determining that the candidate challenge answer is generated by providing the challenge input to a challenge computation). Regarding claim 8, Shao teaches The method of claim 1, wherein the challenge input comprises assertion data (Shao, Paragraph [0021], see “…the browser task can include applying a hash function to various data, including, for example, the indication of the DOM of the browser, the SVG image, or other items generated in response to portions of the challenge other than the hash function…where the first stage requires the requesting device to perform a first browser task to generate an intermediate answer”, where “other times generated in response to portions of the challenge other than the hash function” is being read as comprising assertion data) (Shao, Paragraph [0037], see “…The target data can include, for example, one or more previously received responses to one or more challenges and the data associated therewith…”), wherein the method further comprises: receiving the assertion data from the application (Shao, Paragraph [0021], see “…After generation of the response, the requesting device can provide the response to the verification system”, where the requesting device includes the browser (application)); and providing the assertion data as input to the verification computation (Shao, Paragraph [0022], see “The verification system can receive the response from the requesting device and determine whether the browser of the requesting device is an authorized browser…the verification system can compare the second set of data (included in the response) to target data…”). Regarding claim 11, Shao teaches The method of claim 1, wherein the method further comprises, in response to verifying the application, granting access to a remote application (Shao, FIG. 4, see “430”, “434”, “436”, which grants access to a remote application (i.e., resource) in response to verifying the application). Regarding claim 12, the claim is rejected under the same reasoning as claim 1 (Client device is being read as the requesting device). Regarding claim 13, the claim is rejected under the same reasoning as claim 8. Regarding claim 14, Shao teaches The method of claim 12, wherein the challenge computation comprises a hash function (Shao, Paragraph [0019], see “…the challenge can include a hash function and the browser task can include application of the hash function to various data…”), wherein the challenge computation is configured, when executed, to apply the hash function to the challenge input to generate a hash value (Shao, Paragraph [0019], see “…the challenge can include a hash function and the browser task can include application of the hash function to various data…”, where “the browser task can include application of the hash function to various data” is being read as applying the hash function to the challenge input to generate a hash value) (Shao, Paragraph [0021], see “…the challenge can include a first stage and a second stage, where the first stage requires the requesting device to perform a first browser task to generate an intermediate answer…and a second stage requires the requesting device to apply a hash function to the intermediate answer to provide a hashed answer…”), wherein the candidate challenge answer is the hah value (Shao, Paragraph [0021], see “…A response can include a second set of data generated by the browser of the requesting device…a second stage requires the requesting device to apply a hash function to the intermediate answer to provide a hashed answer…”, where “hashed answer” is being read as the candidate challenge answer). Regarding claim 19, the claim is rejected under the same reasoning as claim 11. Regarding claim 20, Shao teaches A computer system comprising: at least one network interface (Shao, Paragraph [0083], see “…Server 510 can also include a network interface…”); at least one memory configured to store computer-readable instructions (Shao, Paragraph [0084], see “…The one or more memory devices 514 can store information accessible by the one or more processors 512, including computer-readable instructions 516…”); and at least one processor coupled to the at least one network interface and the at least one memory, and configured to execute the computer-readable instructions (Shao, FIG. 5) (The rest of the claim is rejected under the same reasoning as claim 1). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Shao, in view of PATEL (U.S. PGPub. 2024/0137763), hereinafter Patel. Regarding claim 3, Shao does not teach the following limitation(s) as taught by Patel: The method of claim 1, wherein the challenge input comprises a challenge time (Patel, Paragraph [0069], see “A local timer function 1330 provided by the NFS 1300 provides local time information to the challenge generator 1320…), wherein the method further comprises: sending the challenge time to the application in the challenge request (Patel, Paragraph [0069], see “A local timer function 1330 provided by the NFS 1300 provides local time information to the challenge generator 1320…) (Patel, Paragraph [0080], see “…the NFS 1300 does not generate any challenges by means of the challenge generator 1320 until a remote device 1900 successfully connects…”, where the challenge time (and request) is sent to the application (i.e., remote device)); storing the challenge time in a memory (Patel, Paragraph [0069], see “…When storing the result of an operation (the expected ‘Response’) using the argument information generated by the random number generator function 1325, the challenge generator 1320 also stores the local time information provided by the local timer function 1330 when the result of the operation is stored in the NVM 1335…”); and retrieving the challenge time from the memory in response to receiving the candidate challenge answer for providing as input to the verification computation (Patel, Paragraph [0087], see “…the NFS 1300 determines an amount of time that has elapsed since the most recent value of periodic timer start value was stored. It does this by comparing the current value of time information output by the local timer function 1330 with the stored periodic timer start value…”, which is analogous to retrieving the challenge time from the memory (periodic timer start value) in response to receiving the candidate challenge answer (i.e., current value of time information output)). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Shao, by implementing techniques of the challenge comprising a challenge time, disclosed of Patel. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for application identification, comprising of the challenge comprising a challenge time. This allows for better security management and replay attack prevention by including a time to ensure that a captured challenge/response cannot be reused at a later time. Patel is deemed as analogous art due to the art disclosing techniques of the challenge comprising a challenge time (Patel, Paragraph [0069]). Claims 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Shao, in view of MINEAR et al. (U.S. PGPub. 2006/0281440), hereinafter Minear. Regarding claim 9, Shao does not teach the following limitation(s) as taught by Minear: The method of claim 8, wherein the method further comprises: determining, based on the assertion data, that an application environment criterion is met (Minear, Claim 2, see “…testing the application to ensure that the application satisfies requirements for an environment in which the application will execute…”); wherein the application is further verified based on the determination that the application environment criterion is met (Minear, Claim 2, see “…verifying that the application is being executed on a permitted device and on a permitted wireless network…”, wherein the application is further verified based on the determination that the application environment criterion is met). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Shao, by implementing techniques of authenticating an application based on an application environment criterion being met, disclosed of Minear. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for application identification, comprising of authenticating an application based on an application environment criterion being met. This allows for better security management by requiring stricter verification for the application by verifying the environment where the application is executing. Minear is deemed as analogous art due to the art disclosing techniques of authenticating an application based on an application environment criterion being met (Minear, Claim 2). Regarding claim 10, Shao does not teach the following limitation(s) as taught by Minear: The method of claim 8, wherein the method further comprises: determining, based on the assertion data, that an application environment criterion is not met (Minear, Claim 2, see “…testing the application to ensure that the application satisfies requirements for an environment in which the application will execute…and removing the application if the application performs illegal or undesirable actions”, where the disclosure tests the application to validate whether an application environment criterion is met or not met, and if it’s not met, it removes the application); in response to determining that the application environment criterion is not met, executing an application limitation action (Minear, Claim 2, see “…removing the application if the application performs illegal or undesirable actions”, which is analogous to executing an application limitation action in response to determining that the application environment criterion is not met). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Shao, by implementing techniques of removing an application based on an application environment criterion not being met, disclosed of Minear. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for application identification, comprising of removing an application based on an application environment criterion not being met. This allows for better security management and enhanced system performance by removing applications running in mismatched environments. Minear is deemed as analogous art due to the art disclosing techniques of removing an application based on an application environment criterion not being met (Minear, Claim 2). Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Shao, in view of Hassan et al. (U.S. Patent 11,805,122), hereinafter Hassan. Regarding claim 15, Shao does not teach the following limitation(s) as taught by Hassan: The method of claim 12, wherein the challenge computation comprises an encryption function (Hassan, Abstract, see “…generating first encrypted challenge data by encrypting, by applying the encryption parameter to the encryption function, challenge data to create encrypted authentication data…”), wherein the challenge computation is configured, when executed, to encrypt assertion data using an encryption key, wherein the challenge input comprises the assertion data (Hassan, Abstract, see “…selecting, based on a first set of data points representing a biometric characteristic of a user, an encryption parameter of an encryption function…generating first encrypted challenge data by encrypting, by applying the encryption parameter to the encryption function, challenge data to create encrypted authentication data…, where “encryption parameter” is analogous to comprising an encryption key and where “first encrypted challenge data” is analogous to comprising assertion data that is encrypted using an encryption key (encryption parameter)) (Hassan, Claim 1, see “…generating first encrypted challenge data by encrypting, by applying the encryption parameter to the encryption function, challenge data, wherein the challenge data is a user specific value specific to the user; receiving, from a network based authentication device, during an authentication process, second encrypted challenge data for authenticating the user; determining…whether to authenticate the user using a comparison of the first encrypted challenge data to the second encrypted challenge data…”, where the challenge input (i.e., second encrypted challenge data) comprises the assertion data (i.e., user specific value specific to the user) since the first and second encrypted challenge data need to match). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Shao, by implementing techniques of utilizing an encryption function for the challenge computation, wherein the challenge computation encrypts data using the encryption key, disclosed of Hassan. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for application identification, comprising of utilizing an encryption function for the challenge computation, wherein the challenge computation encrypts data using the encryption key. This allows for better security management, as well as mitigation of replay attacks, by encrypting a unique challenge for each session. Hassan is deemed as analogous art due to the art disclosing techniques of utilizing an encryption function for the challenge computation, wherein the challenge computation encrypts data using the encryption key (Hassan, Abstract). Claims 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Shao, in view of Hassan, in further view of Muftic (U.S. PGPub. 2019/0158298). Regarding claim 16, Shao as modified by Hassan teaches The method of claim 15, wherein the challenge input comprises challenge seed data (Shao, Paragraph [0025], see “…the verification system can generate a challenge that includes a plurality of portions. Each portion can include one or more seeds, where each seed represents or otherwise includes a different browser task to be performed and/or the respective data upon which the task should be performed…”), Shao as modified by Hassan do not teach the following limitation(s) as taught by Muftic: wherein the challenge computation comprise a key generation function, wherein the challenge computation is configured, when executed, to apply the key generation function to the seed data to generate the encryption key (Muftic, Paragraph [0147], see “…he/she gives his/her login parameter. This parameter is used as the seed to generate private key and that key is then used in a challenge/response authentication protocol and all other cryptographic operations”, where “private key” is analogous to an encryption key, wherein a key generation function is applied to the seed data to generate the encryption key). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Shao, and techniques disclosed of Hassan, by implementing techniques of applying a key generation function to seed data to generate an encryption key, disclosed of Muftic. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for application identification, comprising of applying a key generation function to seed data to generate an encryption key. This allows for better security management by reducing the possibility of brute-force attacks by utilizing a key generation function with seed data, making guessing attempts computationally expensive for attackers. Muftic is deemed as analogous art due to the art disclosing techniques of applying a key generation function to seed data to generate an encryption key (Muftic, Paragraph [0147]). Regarding claim 17, Shao as modified by Hassan and further modified by Muftic teaches The method of claim 16, wherein the challenge request comprises the challenge seed data (Shao, Paragraph [0025], see “…the verification system can generate a challenge that includes a plurality of portions. Each portion can include one or more seeds, where each seed represents or otherwise includes a different browser task to be performed…”), wherein the method further comprises obtaining the challenge seed data from the challenge request for providing as input to the challenge computation (Shao, FIG. 4, see “418”, which obtains the challenge seed data from the challenge request for providing as input to the challenge computation (420, 422)) (Shao, Paragraph [0026], see “…every challenge provided by the verification system will include the one or more static seeds…the one or more seeds can include one or more known seeds with known responses…). Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Shao, in view of Hassan, in further view of ISHIKAWA (U.S. PGPub. 2020/0346619), hereinafter Ishi. Regarding claim 18, Shao as modified by Hassan do not teach the following limitation(s) as taught by Ishi: The method of claim 15, wherein the encryption key is stored in a memory, wherein the method further comprises, in response to the challenge request, obtaining the encryption key from the memory for providing as input to the challenge computation (Ishi, Paragraph [0104], see “…The flash memory 213 stores an encryption key and the like used for generating a response code from a challenge code…”, which is analogous to in response to a challenge request (challenge code), obtaining the encryption key from the memory for providing as input to the challenge computation (i.e., computing the response)). Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Shao, and techniques disclosed of Hassan, by implementing techniques of obtaining the encryption key from a memory for providing as input to a challenge computation, disclosed of Ishi. One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for application identification, comprising of obtaining the encryption key from a memory for providing as input to a challenge computation. This allows for better security management by storing an encryption key in memory, avoiding repeatedly transmitting secret knowledge (key information) over a network. Ishi is deemed as analogous art due to the art disclosing techniques of obtaining the encryption key from a memory for providing as input to a challenge computation (Ishi, Paragraph [0104]). Allowable Subject Matter Claims 5-7 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747. The examiner can normally be reached on M-F 11:00am – 7:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /RODMAN ALEXANDER MAHMOUDI/Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

Dec 29, 2023
Application Filed
Apr 22, 2026
Non-Final Rejection mailed — §101, §102, §103
May 27, 2026
Examiner Interview Summary
May 27, 2026
Applicant Interview (Telephonic)

Precedent Cases

Applications granted by this same examiner with similar technology

16/050,050
Patent 12632559
OPEN-SOURCE SOFTWARE VULNERABILITY ANALYSIS
7y 9m to grant Granted May 19, 2026
18/428,204
Patent 12632533
INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM
2y 3m to grant Granted May 19, 2026
17/822,558
Patent 12596782
CONTINUOUS AUTHENTICATION FOR A REAL TIME HOLOGRAM
3y 7m to grant Granted Apr 07, 2026
18/480,747
Patent 12596783
System and Method for Securing IoT Communications
2y 6m to grant Granted Apr 07, 2026
18/041,795
Patent 12591654
FLEXIBLE AUTHORIZATION ACCESS CONTROL METHOD, RELATED APPARATUS, AND SYSTEM
3y 1m to grant Granted Mar 31, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
80%
Grant Probability
96%
With Interview (+16.5%)
2y 9m (~4m remaining)
Median Time to Grant
Low
PTA Risk
Based on 244 resolved cases by this examiner. Grant probability derived from career allowance rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month