Prosecution Insights
Last updated: July 17, 2026
Application No. 18/419,873

System and method to dynamically manage access to network resources

Final Rejection §103
Filed
Jan 23, 2024
Examiner
WYSZYNSKI, AUBREY H
Art Unit
2434
Tech Center
2400 — Computer Networks
Assignee
Bank of America Corporation
OA Round
3 (Final)
90%
Grant Probability
Favorable
4-5
OA Rounds
2m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 90% — above average
90%
Career Allowance Rate
639 granted / 714 resolved
+31.5% vs TC avg
Moderate +12% lift
Without
With
+12.5%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
20 currently pending
Career history
745
Total Applications
across all art units

Statute-Specific Performance

§101
3.3%
-36.7% vs TC avg
§103
59.0%
+19.0% vs TC avg
§102
23.6%
-16.4% vs TC avg
§112
1.2%
-38.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 714 resolved cases

Office Action

§103
CTFR 18/419,873 CTFR 81070 DETAILED ACTION Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. Claims 7, 14, and 20 are canceled. Claims 1-6, 8-13 and 15-19 are presented for examination. Response to Arguments Applicant’s arguments, filed 03/12/26, with respect to claims 1-6 and 8-13 have been fully considered and are persuasive. The 35 U.S.C. 103 rejection of claims 1-6 and 8-13 has been withdrawn. Upon further review, the previous Office Action incorrectly cited claim 20 as objected to being dependent upon a rejected base claim, but would be allowable if rewritten in independent form. Claim 17 was meant to be objected to and has been corrected here within. Claim Rejections - 35 USC § 103 07-06 AIA 15-10-15 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-21-aia AIA Claim s 15, 16, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kremp, US 2018/0165183, in view of Magowan et al, US 2023/0068221, and further in view of Boreham et al, US 2003/0105733 . Regarding claim 15, Kremp teaches a non-transitory computer readable medium, comprising: determining a first configuration mapping corresponding to a first deployment operation (0028: The CDI 210 allows users to define a container logical name, container dependencies, container attributes, and access controls or privileges. The CDI 210 activates a container by creating a data structure with a physical name. The CDI 210 stores the mapping of the logical to the physical name. Fig. 4 and 0039: operation 410, the receiver component 310 receives test data comprising one or more privilege elements. The test data is received into a testing container defined within a set of processor-executable instructions comprising an application. In some example embodiments, an application is generated by a user of the validation system 112.). Kremp lacks or does not expressly disclose create a first secret parameter based at least in part upon the first configuration mapping. However, Magowan teaches create a first secret parameter based at least in part upon the first configuration mapping, the first secret parameter indicating secured information associated with a first portion of the application data (0076: The application owner also creates trusted execution environment contract 320. In this example, trusted execution environment contract 320 is encrypted using public key 321, which corresponds to the application owner. 0077: Trusted execution environment contract 320 may include, for example, signature information corresponding to container A 312 and container B 314 of set of containers 310 to be run within pod sandbox virtual machine 330 preventing any other container images from being pulled in at runtime. Trusted execution environment contract 320 may also include restrictions on container A 312 and container B 314, secrets, cryptographic keys, and the like. 0069: The restrictions on the containers define which containers in the set of containers can gain access to at least one of configuration maps, secrets. 0013: verify, using the agent, a digital signature of the trusted execution environment contract included in the pod sandbox virtual machine with the set of containers that corresponds to the service deployed in the trusted execution environment based on a contract verification key corresponding to an application owner providing the service in the container orchestration environment.). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Kremp with Magowan to include a secret parameter in order to create a trusted execution environment contract, as taught by Magowan, paragraph 0076. Kremp, as modified above, further discloses receive a first request to release a first plurality of testing operations to a first managed server (Fig. 4, step 410, receive test data comprising one or more privilege elements); identify a first source of the first request (0039: 410, the receiver component 310 receives test data comprising one or more privilege elements. The test data is received into a testing container defined within a set of processor-executable instructions comprising an application. In some example embodiments, an application is generated by a user of the validation system 112.). Kremp, as modified above, lacks or does not expressly disclose determine whether the first source at least partially matches one or more server profiles in a role directory. However, Boreham teaches determine whether the first source at least partially matches one or more server profiles in a role directory (0264: An directory client (or client for short) accesses a directory by interacting with a Directory server through the LDAP API, which is a set of functions (or classes) that request the server to perform operations defined by the LDAP protocol. For example, the server responds to a search request by searching the directory and returning a list of the matching entries.). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Kremp with Boreham to include a role directory in order to determine verification of a matching entry, as taught by Boreham, paragraph 0264. Kremp as modified above, further discloses in response to determining that the first source at least partially matches a first server profile of the one or more server profiles, determine that the first request is received from a first trusted device (0036: the validation system 112 may incorporate code origin validation, access controls for accessing the data set and the separate schema, and other security precautions to authenticate access to the data set.). Kremp lacks or fails to disclose a first plurality of pods associated with the first managed server. However, Magowan teaches determine a first plurality of pods associated with the first managed server (Fig. 1 and 0032: host node 106 may each represent a cluster of servers in one or more data centers. 0073: trusted execution environment for securing pods system 300 includes controller node 302, host node 304, and external image repository 306. Controller node 302 may be, for example, controller node 104 in FIG. 1. Host node 304 may be, for example, host node 106 in FIG. 1 or data processing system 200 in FIG. 2.); generate a first verification block based at least in part upon the first secret parameter and the first configuration mapping (0069: The secure agent verifies the contract signature using the owner’s contract signature verification key to confirm that the contract is authentic (e.g., not modified in any way). Illustrative embodiments can embed the contract signature verification key in a peer pod virtual machine image or can pass the contract signature verification key to the trusted execution environment via another path. The restrictions on the containers define which containers in the set of containers can gain access to at least one of configuration maps, secrets, or persistent volume claims, which describe how a container consumes a persistent volume. The secrets or cryptographic keys are used inside the trusted execution environment to decrypt at least one of secrets, configuration maps, or persistent volumes that are attached or provided to the trusted execution environment.); provide the first verification block to the first plurality of pods (0069: embed the contract signature verification key in a peer pod virtual machine image or can pass the contract signature verification key to the trusted execution environment via another path.); and enable access between the first plurality of pods and the first portion of the application data (Fig. 6: 610: receive application workload 0091: The computer, using the secure agent, receives a container runtime interface command to perform an orchestration action on the set of containers comprising an application workload that corresponds to the service from a kubelet located outside the trusted execution environment (step 610)); wherein the processor is configured to determine the first configuration mapping corresponding to the first deployment operation in response to receiving an updated of the application data (0066: the first operation mode may correspond to a testing mode. In some embodiments, the first data set is the data set accessed in operation 430. Other modes of the set of operation modes comprise a production mode, an update mode, a programming mode, and any other suitable modes corresponding to varying types of operations associated with operation or maintenance of the application or system.). Regarding claim 16, Kremp, as modified above, further discloses wherein the first secret parameter comprises one or more configuration scripts configured to control operations of the application data (0018: injection of test data into the validation system indirectly influences the output of the application, where the application uses the access control enforcement framework of the validation system as an intermediary in performing specified operations. The test container may contain reference application output data. Upon injection of the test data into the application, appearance of the reference application output data within the output of the application verifies the test data and the access control scheme within the validation system.). Regarding claim 18, Kremp, as modified above, further discloses wherein the processor is further configured to perform one or more instructing node operations in a communication network (0001: automatically validating access control schemes within processor-executable instructions in a runtime environment. FIG. 1 is a network diagram illustrating a client-server system 100, in accordance with an example embodiment. A platform (e.g., machines and software), in the example form of a validation system 112, provides server-side functionality, via a network 114 (e.g., the Internet) to one or more clients.). Regarding claim 19, Kremp, as modified above, further discloses wherein the first managed server is configured to perform one or more worker node operations in a communication network (FIG. 1 illustrates, for example, a client machine 116 with programmatic client 118 (e.g., a browser), a small device client machine 122 with programmatic client 120 (e.g., a browser), and a client/server machine 117 with a programmatic client 119.) . Allowable Subject Matter 12-151-07 AIA 07-97 12-51-07 Claim s 1-6 and 8-13 are allowed. Claim 17 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Reasons for allowance will be furnished at the time of allowance. Conclusion 07-39 AIA THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ALI SHAYANFAR can be reached at 571-270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /AUBREY H WYSZYNSKI/Examiner, Art Unit 2434 Application/Control Number: 18/419,873 Page 2 Art Unit: 2434 Application/Control Number: 18/419,873 Page 3 Art Unit: 2434 Application/Control Number: 18/419,873 Page 4 Art Unit: 2434 Application/Control Number: 18/419,873 Page 5 Art Unit: 2434 Application/Control Number: 18/419,873 Page 6 Art Unit: 2434 Application/Control Number: 18/419,873 Page 7 Art Unit: 2434 Application/Control Number: 18/419,873 Page 8 Art Unit: 2434
Read full office action

Prosecution Timeline

Jan 23, 2024
Application Filed
Aug 27, 2025
Non-Final Rejection mailed — §103
Nov 12, 2025
Response Filed
Feb 24, 2026
Non-Final Rejection mailed — §103
Mar 12, 2026
Response Filed
Jun 04, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12676891
ENDPOINT SECURITY GROUPS IN PRIVATE MULTI-ACCESS EDGE COMPUTE NETWORKS
2y 6m to grant Granted Jul 07, 2026
Patent 12659351
SECURE NETWORK COMMUNICATION SYSTEM AND METHOD
2y 4m to grant Granted Jun 16, 2026
Patent 12652310
SELECTING ACTIONS RESPONSIVE TO COMPUTING ENVIRONMENT INCIDENTS BASED ON SEVERITY RATING
2y 10m to grant Granted Jun 09, 2026
Patent 12647406
CROSS APPLICATION AUTHORIZATION FOR ENTERPRISE SYSTEMS
2y 8m to grant Granted Jun 02, 2026
Patent 12641125
AUTOMATED EDGE DRIVEN COLLABORATIVE DATA PROTECTION POLICY MANAGEMENT IN LARGE SCALE EDGE ENVIRONMENTS
3y 3m to grant Granted May 26, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

4-5
Expected OA Rounds
90%
Grant Probability
99%
With Interview (+12.5%)
2y 8m (~2m remaining)
Median Time to Grant
High
PTA Risk
Based on 714 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month