Prosecution Insights
Last updated: July 17, 2026
Application No. 18/409,173

USING HALLUCINATIONS FROM GENERATIVE AI FOR CHALLENGE-RESPONSE IN SECURE ACCESS

Final Rejection §103
Filed
Jan 10, 2024
Examiner
SKWIERAWSKI, PAUL J
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Cisco Technology Inc.
OA Round
2 (Final)
80%
Grant Probability
Favorable
3-4
OA Rounds
12m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 80% — above average
80%
Career Allowance Rate
48 granted / 60 resolved
+22.0% vs TC avg
Strong +20% interview lift
Without
With
+19.6%
Interview Lift
resolved cases with interview
Typical timeline
3y 6m
Avg Prosecution
13 currently pending
Career history
74
Total Applications
across all art units

Statute-Specific Performance

§101
1.5%
-38.5% vs TC avg
§103
90.1%
+50.1% vs TC avg
§102
8.0%
-32.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 60 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This Office Action is in response to the U.S. patent application 18409173 filed on January 10, 2024, and to Applicant’s papers filed on March 17, 2026. Of original prior claims 1-20: No claims have been canceled or added; claims 1, 3, 8, 10 and 15 have been amended, where claims 1, 8 and 15 are independent claims. Accordingly, claims 1-20 remain pending, and have been examined in this application. This Action is made FINAL. Information Disclosure Statement The information disclosure statement (IDS) submitted on March 17, 2026, complies with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement has been considered by the examiner. Response to Arguments The claim objections to claims 1, 8 and 15 have been withdrawn in view of Applicant’s Amendments. The 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph, rejections of claims 3, 10 and 17 as being indefinite, have been withdrawn in view of Applicant’s Amendments. The rejections of claims 1-20 under 35 U.S.C. § 103 are maintained as the amended claims are found obvious. Applicants’ arguments in the instant Amendment, filed on March 17, 2026, with respect to §103, have been fully considered but they are not persuasive as follows. Applicant’s arguments: “Walters generally describes ''methods and systems [that] allow for users to be securely authenticated based on data known to the user over remote communication networks without storing the data known to the user.", and “Walters actually describes that ''generative models to create synthetic images based on user's own images. As the system creates synthetic images, the system does not need to store the user's own images." Walters, col. 1, lines 47-50.” The Examiner traverses such argument. More particularly, as a first traversal, It is noted that the “without storing the data known to the user” feature upon which Applicant relies is not recited in the rejected claim(s). Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See 7.37.08 Unpersuasive Argument, and In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). As a second traversal, regarding “saving images”, Walters teaches that “images” can be saved or not saved. More particularly, Walters col. 1, last four lines states, “After the system has trained the generative model, the system no longer needs to store the plurality of images and can delete them-saving data storage space and alleviating any privacy concerns.” It is respectfully noted that “can” is a voluntary word, and is not mandatory. Applicant’s arguments: “Additionally, ''as the synthetic images are based on the user's own images, the user is able to identify the synthetic images." Id., col. 1, lines 54-55. Thus, all response options are ''synthetic." Walters simply does not teach or suggest ''generating a challenge and response to be used as a challenge-response authentication for the user to access a network resource, wherein response options for the challenge-response include the memorable event and the one or more plausible events," as recited in amended claim 1.” The Examiner traverses such argument. More particularly, Walters discloses an arrangement wherein differing types of images can be concurrently displayed together (Walters col. 3, lines 25-28, “The user interface may allow a user to view a set of images 102 (e.g., synthetic images, generated images, fake images, real images, normal images, etc.) and select an image that is known to the user.”). The Examiner respectfully suggests that the claim be further amended; details in the specification be incorporated, to distinguish the claimed invention over prior art of record. Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 272-2642 to schedule an interview. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claim(s) 1-5, 8-12 and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Walters et al. (“Walters”; US11182468B1) in view of Plenderleith et al. (“Plenderleith”; US11636193B). Per claim 1: Walters disclosed a method for generating a generative artificial intelligence (AI) challenge-response performed at least in part by a generative AI engine (Walters FIG. 5), the method comprising: receiving, from a classifier, information indicating a memorable event associated with a user (Walters col. 2, lines 17-21, “system may categorize the first plurality of images into a plurality of categories, wherein the first plurality of images is categorized into the plurality of categories based on objects depicted in the first plurality of images”; (Walters col. 17, lines 50-56, “the first synthetic image may be generated based on cat images of the user's own cat and the user's own cat may include an identifying feature of a spot on its fur as in the first synthetic image 104 (FIG. 1). The first user knows that the first synthetic image 104 resembles his own pet cat and that the second synthetic image 106 is merely a general image of a cat (FIG. 1).”; [Note: the user’s cat was memorable to the user in that the user had made an effort to obtain an image of his/her cat.]); receiving, from a time series database (Walters col. 7, lines 59-60, “Cloud components 310 may be a database configured to store user data for a user.”), time series sensor data associated with the user for a period of time associated with the memorable event (Walters col. 10, line 66 to col. 11, line 7, “the system may retrieve, via a user device, the first plurality of images corresponding to the first user based on when the images were taken. For example, the system may determine a set of available images corresponding to the first user. The system may then determine a respective time stamp for each image of the set of available images and filter each image of the set of available images based on the respective time stamp to determine the first plurality of images.”); receiving, from an authentication server (Walters col. 6, lines 27-45, “user device 322 and user terminal 324 may be any computing device, including, but not limited to, …other computer equipment (e.g., a server), …Users may, for instance, utilize one or more devices to interact with one another, one or more servers, or other components of system 300. It should be noted that, while one or more operations are described herein as being performed by particular components of system 300, those operations may, in some embodiments, be performed by other components of system 300.”), parameters for determining one or more plausible events that are similar to the memorable event (Walters col. 15, lines 46-50,”the third generative model may be a generic model that generates synthetic images of a general cat. The first generative model may then use the parameters of the third generative model to more efficiently generate synthetic images that resemble the user's own personal cat.”), the parameters including a level of hallucination for generating the one or more plausible events (Walters col. 16, lines 17-30, “determine features that the synthetic image and the original image have in common. Additionally, these machine learning models may correlate a level of similarity (e.g., a score, value, number, etc.) between the synthetic image and the original image based on the number of features in common. Moreover, for example, by comparing the first synthetic image to an original corresponding image based on similarity, the system can ensure that an unauthorized user cannot simply guess which image is the synthetic image corresponding to the first user. By comparing the level of similarity that is not equal to or is exceeding the threshold level of similarity, the system prevents an unauthorized user from recognizing a “deep fake” image and selecting the first synthetic image to gain access to the first user's content.”); generating one or more plausible events (Walters claim 1, “generate for display, the set of images to the first user, wherein the set of images includes the first synthetic image and a second synthetic image that is not of the first subset of images, and wherein a first user selection of the first synthetic image causes authentication of the first use”) based at least in part on the memorable event, the time series sensor data (Walters col. 10, line 66 to col. 11, line 7, “the system may retrieve, via a user device, the first plurality of images corresponding to the first user based on when the images were taken. For example, the system may determine a set of available images corresponding to the first user. The system may then determine a respective time stamp for each image of the set of available images and filter each image of the set of available images based on the respective time stamp to determine the first plurality of images.”; [Note: the first plurality of images selected using time data, is then used to generate the plausible events]), and the parameters received (Walters col. 16, lines 19-30, ”may correlate a level of similarity (e.g., a score, value, number, etc.) between the synthetic image and the original image based on the number of features in common. Moreover, for example, by comparing the first synthetic image to an original corresponding image based on similarity, the system can ensure that an unauthorized user cannot simply guess which image is the synthetic image corresponding to the first user. By comparing the level of similarity that is not equal to or is exceeding the threshold level of similarity, the system prevents an unauthorized user from recognizing a “deep fake” image and selecting the first synthetic image to gain access to the first user's content.”); and generating a challenge and response to be used as a challenge-response authentication for the user to access a network resource (Walter FIG. 1’s cat images; (Walters col. 1, line 60 to col. 2, line 7, ”the generative model is tasked with creating similar images, each of the synthetic images may resemble one of the user's cats as opposed to cats in general (e.g., if the user has grey cats, the generative model may create images of grey cats). …The system may then use one of the synthetic images along with other images as an authentication mechanism for the user. That is, the system may require the user to select which one of a plurality of images of cats resembles the user's own cat.”), wherein response options for the challenge-response include the memorable event and the one or more plausible events (Walters col. 3, lines 25-28, “The user interface may allow a user to view a set of images 102 (e.g., synthetic images, generated images, fake images, real images, normal images, etc.) and select an image that is known to the user.”). Walters does not disclose an arrangement transmitting the challenge and response to the authentication server. However, in an analogous art, Plenderleith discloses an arrangement transmitting the challenge (Plenderleith col. 7, lines 26-28, “the expected answer 122 can be directly associated with a given challenge subject matter 116”) and response (Plenderleith col. 7, line(s) 46-49, “the verification engine 130 can receive …the user response 128 associated with the challenge presented via the user device 124”) to the authentication server (Plenderleith col. 7, line 46, “the verification engine 130”). It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Walters to include, as taught by Plenderleith, to further include an arrangement transmitting the challenge and response to the authentication server. Motivation for modifying would have been to use common sense to provide information needed by an authentication arrangement, and broaden adoption of the Walters/Plenderleith combination within the authentication field. Per claim 2: The Walters/Plenderleith combination disclosed the method of claim 1. Plenderleith further discloses an arrangement wherein the information indicating a memorable event comprises an image captured during the memorable event, and wherein the generative AI engine includes a caption generating model that generates a caption for the image, the caption being a natural language description of a scene that is captured in the image (Plenderleith col. 7, lines 33-36, ”the challenge can be presented to the user in the form of a challenge question 126 that provides instructions to the user regarding the challenge and the media object 120”; (Plenderleith col. 21, lines 13-15, ” the intuition-based challenge formats 620 include question formats that can be configured by the question generation engine 608”). Per claim 3: The Walters/Plenderleith combination disclosed the method of claim 1. Walters further discloses an arrangement wherein the information indicating a memorable event comprises an image captured during the memorable event, and wherein the generative AI engine includes an image generating model (Walters col. 1, lines 46-48, “the methods and systems recite the use of generative models to create synthetic images”) and further comprising: receiving, by the image generating model, one of (i) a human readable text that describes a desired image (Walters FIG. 1, “Please select the photo that is known to you”; Walters col. 2, lines 17-21, “system may categorize the first plurality of images into a plurality of categories, wherein the first plurality of images is categorized into the plurality of categories based on objects depicted in the first plurality of images”; (Walters col. 17, lines 50-56, “the first synthetic image may be generated based on cat images of the user's own cat and the user's own cat may include an identifying feature of a spot on its fur as in the first synthetic image 104 (FIG. 1). The first user knows that the first synthetic image 104 resembles his own pet cat and that the second synthetic image 106 is merely a general image of a cat (FIG. 1).”; [Note: the user’s cat was memorable to the user in that the user had made an effort to obtain an image of his/her cat.]), (ii) the image captured during the memorable event and a human readable text that describes how the image should be modified, or (iii) the image captured during the memorable event and a temperature parameter that describes a level of hallucination permitted; generating, by the image generating model one or more plausible images (Walters col. 17, lines 50-65, “, the first synthetic image may be generated based on cat images of the user's own cat and the user's own cat may include an identifying feature of a spot on its fur as in the first synthetic image 104 (FIG. 1). The first user knows that the first synthetic image 104 resembles his own pet cat and that the second synthetic image 106 is merely a general image of a cat (FIG. 1). Based on this knowledge, the first user may authenticate themselves as the true user of the system (for access to their content) and an unauthorized user may not be privy to such knowledge (e.g., that the first user's cat has a spot on its fur). Thus, the unauthorized user may be challenged by making a correct determination of which image of the set of images displayed will allow access to the first user's content because of how similar the images are in combination with not knowing identifying features of the first user's pet cat”); and generating, using the image captured during the memorable event and the one or more plausible events, a challenge and response to be used as a challenge-response authentication for the user to access a network resource (Walter FIG. 1’s cat images; (Walters col. 1, line 60 to col. 2, line 7, ”the generative model is tasked with creating similar images, each of the synthetic images may resemble one of the user's cats as opposed to cats in general (e.g., if the user has grey cats, the generative model may create images of grey cats). …The system may then use one of the synthetic images along with other images as an authentication mechanism for the user. That is, the system may require the user to select which one of a plurality of images of cats resembles the user's own cat.”). Plenderleith further discloses an arrangement transmitting the challenge (Plenderleith col. 7, lines 26-28, “the expected answer 122 can be directly associated with a given challenge subject matter 116”) and response (Plenderleith col. 7, line(s) 46-49, “the verification engine 130 can receive …the user response 128 associated with the challenge presented via the user device 124”) to the authentication server (Plenderleith col. 7, line 46, “the verification engine 130”). Per claim 4: The Walters/Plenderleith combination disclosed the method of claim 1. Plenderleith further discloses an arrangement wherein the generative AI engine includes an audio generating model and wherein the challenge and response generated is auditory (Plenderleith col. 5, lines 41-43 “the challenge can be presented to the user visually via a visual display of the user device and/or audibly via one or more speakers of the user device.”; Plenderleith col. 5, lines 43-46, “the user can respond to the challenge via touch inputs on a touch-screen interface, verbal inputs recorded via a microphone”). Per claim 5: The Walters/Plenderleith combination disclosed the method of claim 1. Plenderleith further discloses an arrangement wherein the generative AI engine includes a text generating model and wherein the challenge and response generated is text based (Plenderleith col. 5, lines 37-39, “the challenge can be presented to the user within a visual/graphic user interface, via audio prompts, through text-based description”; Plenderleith col. 5, lines 43-46, ”the user can respond to the challenge via touch inputs on a touch-screen interface, verbal inputs recorded via a microphone, a mouse click, keyboard inputs,”). Per claim 8: Such system claim recites limitations with similar scope to claim 1. Therefore, claim 8 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 1. Per claim 9: Such system claim recites limitations with similar scope to claim 2. Therefore, claim 9 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 2. Per claim 10: Such system claim recites limitations with similar scope to claim 3. Therefore, claim 10 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 3. Per claim 11: Such system claim recites limitations with similar scope to claim 4. Therefore, claim 11 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 4. Per claim 12: Such system claim recites limitations with similar scope to claim 5. Therefore, claim 12 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 5. Per claim 15: Such media claim recites limitations with similar scope to claim 1. Therefore, claim 15 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 1. Per claim 16: Such media claim recites limitations with similar scope to claim 2. Therefore, claim 16 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 2. Per claim 17: Such media claim recites limitations with similar scope to claim 3. Therefore, claim 17 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 3. Per claim 18: Such media claim recites limitations with similar scope to claim 4. Therefore, claim 18 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 4. Per claim 19: Such media claim recites limitations with similar scope to claim 5. Therefore, claim 19 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 5. Claim(s) 6, 7, 13, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Walters et al. (“Walters”; US11182468B1) in view of Plenderleith et al. (“Plenderleith”; US11636193B) and Greenberger et al. (“Greenberger”; US11537694B2). Per claim 6: The Walters/Plenderleith combination disclosed the method of claim 1. Plenderleith further discloses an arrangement wherein the generative AI engine includes a video generating model and wherein the challenge and response generated is video based (Plenderleith col. 21, lines 22-26, ”media object generation engine 606 can render images or videos that are based on 2D or 3D scene in which objects or depicted individuals can be placed and configured based on the challenge that can be presented to a user”). The Walters/Plenderleith combination did not disclose an arrangement wherein the challenge and response generated is video based. However, in an analogous art, Greenberger discloses an arrangement wherein the challenge and response generated is video based (Greenberger col. 4, lines 15-19,”The camera 114 includes functionality for capturing images and/or videos. The camera 114 can, for example, capture images and/or videos of the user performing one or more motions as required by a motion-based challenge-response authentication mechanism”). It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the Walters/Plenderleith combination to include, as taught by Greenberger, to include an arrangement an arrangement wherein the challenge and response generated is video based. Motivation for modifying would have been to increase available interface options in order to increase a versatility, attractiveness and broadened adoption of the Walters/Plenderleith/Greenberger combination within the authentication field. Per claim 7: The Walters/Plenderleith combination disclosed the method of claim 1. The Walters/Plenderleith combination did not disclose an arrangement wherein the parameters received from the authentication server are based at least in part on a device posture of a user device associated with the user. However, in an analogous art, Greenberger discloses an arrangement wherein the parameters received from the authentication server are based at least in part on a device posture of a user device associated with the user (Greenberger col. 9, lines 15-23, ”motions based on data from the accelerometer 116, gyroscope 118, and/or GPS 120. For example, test motions can be “rotate your phone 360°,” “shake your phone three times,” “hold your phone upside down for five seconds,” and the like while the range of motion information 126 stores data from the accelerometer 116, gyroscope 118, and/or GPS 120 as characterization data (such as authentication metrics 144) for each test motion”). It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the Walters/Plenderleith combination to include, as taught by Greenberger, wherein the parameters received from the authentication server are based at least in part on a device posture of a user device associated with the user. Motivation for modifying would have been to increase available interface options in order to increase a versatility, attractiveness and broadened adoption of the Walters/Plenderleith/Greenberger combination within the authentication field. Per claim 13: Such system claim recites limitations with similar scope to claim 6. Therefore, claim 13 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 6. Per claim 14: Such system claim recites limitations with similar scope to claim 7 Therefore, claim 14 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 7. Per claim 20: Such media claim recites limitations with similar scope to claim 6. Therefore, claim 20 is also rejected under 35 USC 103 as being unpatentable, for the same reason set forth above for claim 6. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Paul J Skwierawski whose telephone number is (571)272-2642. The examiner can normally be reached 6:00am-3:30pm weekdays. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisory primary examiner (SPE) Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Paul Skwierawski/ Patent Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Jan 10, 2024
Application Filed
Dec 18, 2025
Non-Final Rejection mailed — §103
Feb 10, 2026
Interview Requested
Feb 24, 2026
Applicant Interview (Telephonic)
Feb 25, 2026
Examiner Interview Summary
Mar 17, 2026
Response Filed
Jun 29, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12632544
GENERATING AND MONITORING FICTITIOUS DATA ENTRIES TO DETECT BREACHES
1y 9m to grant Granted May 19, 2026
Patent 12619749
SYSTEM FOR IMAGE/VIDEO AUTHENTICITY VERIFICATION
1y 8m to grant Granted May 05, 2026
Patent 12609817
Systems and Methods for a Quantum Safe Certificate Ledger
2y 3m to grant Granted Apr 21, 2026
Patent 12603790
CYBER SECURITY AUTHENTICATION METHOD FOR NON-INTERNET ELECTRONIC DEVICE
1y 10m to grant Granted Apr 14, 2026
Patent 12580732
ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION METHOD, DECRYPTION METHOD, AND COMPUTER READABLE MEDIUM
2y 7m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
80%
Grant Probability
99%
With Interview (+19.6%)
3y 6m (~12m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 60 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month