Prosecution Insights
Last updated: July 17, 2026
Application No. 18/423,814

ELEVATED SECURITY EXECUTION MODE FOR NETWORK-ACCESSIBLE DEVICES

Non-Final OA §103
Filed
Jan 26, 2024
Priority
Jun 06, 2023 — provisional 63/506,503
Examiner
HARRIS, CHRISTOPHER C
Art Unit
2432
Tech Center
2400 — Computer Networks
Assignee
SOPHOS Limited
OA Round
2 (Non-Final)
76%
Grant Probability
Favorable
2-3
OA Rounds
4m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 76% — above average
76%
Career Allowance Rate
286 granted / 374 resolved
+18.5% vs TC avg
Strong +25% interview lift
Without
With
+25.3%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
13 currently pending
Career history
389
Total Applications
across all art units

Statute-Specific Performance

§101
3.2%
-36.8% vs TC avg
§103
78.8%
+38.8% vs TC avg
§102
6.2%
-33.8% vs TC avg
§112
10.2%
-29.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 374 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. DETAILED ACTION Remarks This Final action is in response to communications filed on 12/09/2025, claim 1-20 has been amended per Applicant' s request. Therefore, claims 1-20 are presently pending in the application and have been considered as follows. Response to Arguments Applicant's arguments filed 12/09/2025 have been fully considered but they are not persuasive. -The applicants’ remarks on 8-11 with respect to: “Applicant respectfully submits the combination of Mani and Philip do not teach nor suggest "wherein the restricting execution of the least one software application on the user device comprises allowing execution of a first functionality of the at least one software application on the user device and disallowing execution of a second functionality of the at least one software application on the user device for the first time period" as recited in amended claim.” “At most, the cited portions of Mani disclose "modify[ing] a network access control policy to alter the computing system's first level of access to the network to a second level of access to the network" and "may not permit any application that attempts to access system files of the computing system to access the files."” “The cited portions of Mani do not teach nor suggest "restricting execution of the least one software application on the user device" let alone "allowing execution of a first functionality of the at least one software application on the user device and disallowing execution of a second functionality of the at least one software application on the user device for the first time period" per amended claim 1. (emphasis added).” Have been carefully considered but are non-persuasive; After careful reconsideration of the and in light of a broad and reasonable interpretation of the claims the examiner respectfully disagrees. The claims as amended requires attempts to narrow the restriction of the execution of at least one software application by effectively allowing execution of a first functionality of the at least one software application on the user device and disallowing execution of a second functionality of the at least one software application on the user device for the first time period. Allowing, as defined by the merriam-webster dictionary for example, constitutes a meaning to be one of permitting, failing to restrain or preventing. In other words, any functionality that is not explicitly denied, prevented or restrained falls is passively allowing something. As the claims do not limit the scope of allowing, the definition provided by merriam-webster is a reasonable interpretation of the scope of allowing. As such, Mani discloses application specific firewall policy when applied that limits access to system files (e.g. disallowing execution of second functionality) as disclosed in Col 14 Ln 15-22 while allowing any local functionality, such as simply opening the application, closing the application, etc. (e.g. allowing execution of a first functionality). Any functionality not actively blocked by said firewall policy would fall within the scope of allowing. As such the applicant arguments are considered unpersuasive for the reasons listed above. Remaining arguments (see pages 9- 11) are considered unpersuasive as they are directed to the arguments above. -The applicants’ remarks on 11 with respect to: “Claims 1, 8 and 15 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6, 16 and 17 of copending Application No. 18/423,801 (reference application). Applicant respectfully requests that the rejection be held in abeyance while other issues are resolved and applications are copending.” Have been carefully considered but are non-persuasive; The double patenting rejection has been maintained until a terminal disclaimer has been filed or the claims have been amended to that they are patentably distinct. Information Disclosure Statement The information disclosure statement (IDS) submitted on 09/26/2025 and 03/10/2026 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1, 8 and 15 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6, 16 and 17 of copending Application No. 18/423,801 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because the co-pending application is directed to the broader and more generic method for elevating security measures associated with the user device for a first time period whereas the difference with the instance application is that the security measure is explicitly claim narrowing the method by stating “restricting execution of a subset of software available on the user device for a first time period” However, co-pending application claim 6 states “wherein elevating security measures associated with the user device comprises sending a command to the user device to prevent execution of untrusted software on the user device during the first time period.” which is determined to not be patentably distinct from one another. Claims 8 and 15 are also rejected for the same reasons described. This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 6, 8-10, 13, 15-17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20130036231 to Mani et al. (hereinafter “Mani .”) in view of US 20240126873 to Philip et al. (hereinafter “Philip”) Claim 1 Mani teaches computer-implemented method to automatically elevate security measures on a user device, [e.g. Mani; Abstract, Col 1 Ln 45 – Col 3 Ln 7, Col 3 Ln 62 – Col 4 Ln 8, Col 5 Ln 65 -Col 6 Ln 13, Col 7 Ln 4 – Col 15 Ln 4; Mani discloses protecting the computing network from infected computing devices through elevated security measures.] the method comprising: receiving an indication of a security threat to the user device, the indication of security threat associated with a device threat type; [e.g. Mani; Abstract, Col 1 Ln 45 – Col 3 Ln 7, Col 3 Ln 62 – Col 4 Ln 8, Col 5 Ln 65 -Col 6 Ln 13, Col 7 Ln 4 – Col 15 Ln 4; Mani discloses detecting that the computing device is infected with malware based on a set flag (e.g. device threat type).] determining that the device threat type is a threat type that requires elevated security measures; [e.g. Mani; Abstract, Col 1 Ln 45 – Col 3 Ln 7, Col 3 Ln 62 – Col 4 Ln 8, Col 5 Ln 65 -Col 6 Ln 13, Col 7 Ln 4 – Col 15 Ln 4; Mani discloses that the flag requires modifying network access rights.] responsive to the determining that the device threat type requires elevated security measures, elevating security measures on the user device by restricting execution of at least one software application on the user device for a first time period; [e.g. Mani; Abstract, Col 1 Ln 45 – Col 3 Ln 7, Col 3 Ln 62 – Col 4 Ln 8, Col 5 Ln 65 -Col 6 Ln 13, Col 7 Ln 4 – Col 15 Ln 4; Mani discloses providing a second policy (e.g. modifying the policy) to any device that has the flag set that limit network access for incoming and outgoing connections, blocking access by application to system files, locally attached removable devices (e.g. restricting execution of a subset of software) until the malware is neutralized.] wherein the restricting execution of the at least one software application on the user device comprises allowing execution of a first functionality of the at least one software application on the user device for the first time period and disallowing execution of a second functionality of the at least one software application on the user device for the first time period; [e.g. Mani; Abstract, Col 1 Ln 45 – Col 3 Ln 7, Col 3 Ln 62 – Col 4 Ln 8, Col 5 Ln 65 -Col 6 Ln 13, Col 7 Ln 4 – Col 15 Ln 4; Mani discloses application specific firewall policy when applied that limits access to system files (e.g. disallowing execution of second functionality) as disclosed in Col 14 Ln 15-22 while allowing any local functionality, such as simply opening the application, closing the application, etc. (e.g. allowing execution of a first functionality).] and after the elevating, automatically remediating the security threat on the user device ... the first time period. [e.g. Mani; Abstract, Col 1 Ln 45 – Col 3 Ln 7, Col 3 Ln 62 – Col 4 Ln 8, Col 5 Ln 65 -Col 6 Ln 13, Col 7 Ln 4 – Col 15 Ln 4; Mani discloses automated remediation.] While Mani teaches the computer-implemented method of claim 1 and teaches that the remediation process is implemented until the threat is neutralized Mani fails to explicitly teach neutralizing the threat within a specified time period. More specifically Mani fails to teach the claimed limitations of: however, Philip teaches: receiving an indication of a security threat to the user device, the indication of security threat associated with a device threat type; [e.g. Philip; Abstract, Claim 1, Para. 0006-0008, 0020, 0021, 0023, 0024, 0027, 0029, 0031- 0039; Philip discloses identifying threats.] determining that the device threat type is a threat type that requires elevated security measures; [e.g. Philip; Abstract, Claim 1, Para. 0006-0008, 0020, 0021, 0023, 0024, 0027, 0029, 0031- 0039; Philip discloses the threat triggering quarantine (e.g. elevated security).] responsive to the determining that the device threat type requires elevated security measures, restricting ... the user device for a first time period; [e.g. Philip; Abstract, Claim 1, Para. 0006-0008, 0020, 0021, 0023, 0024, 0027, 0029, 0031- 0039; Philip discloses the quarantine limits communication and an account of the user.] and after the elevating, automatically remediating the security threat on the user device within the first time period. [e.g. Philip; Abstract, Claim 1, Para. 0006-0008, 0020, 0021, 0023, 0024, 0027, 0029, 0031- 0039; Philip discloses the remediating the threat within a predefined duration (e.g. first time period).] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to include, the features above in the invention as disclosed by Mani as Mani discloses quarantining devices until threats are neutralized a time based mechanism for remediation ensures timely and efficient management of device for system administrators ensuring infected devices are not indefinitely removed from networks and further escalating mitigation within a reasonable time period if local remediation fails. Claim 2: Mani teaches the computer-implemented method of claim 1, wherein the at least one software application is a subset of software available on the user device. [e.g. Mani; Abstract, Col 1 Ln 45 – Col 3 Ln 7, Col 3 Ln 62 – Col 4 Ln 8, Col 5 Ln 65 -Col 6 Ln 13, Col 7 Ln 4 – Col 15 Ln 4; Mani discloses the application include applications installed on the computing device.] Claim 3: Mani teaches the computer-implemented method of claim 1, wherein restricting the execution of the at least one software application comprises restricting, for the at least one software application, one or more of: combinations of command-line parameters; network traffic; file modification; or downloads of specific file types. [e.g. Mani; Abstract, Col 1 Ln 45 – Col 3 Ln 7, Col 3 Ln 62 – Col 4 Ln 8, Col 5 Ln 65 -Col 6 Ln 13, Col 7 Ln 4 – Col 15 Ln 4; Mani discloses the application is restricted from communication (e.g. network traffic), access to system files (e.g. file modification) and restricts downloads to only downloads related to anti-malware definitions and restricting others (e.g. specific file types)] Claim 6: Mani teaches the computer-implemented method of claim 1, wherein restricting the execution of the at least one software application comprises restricting network traffic to only non-file transmissions. [e.g. Mani; Abstract, Col 1 Ln 45 – Col 3 Ln 7, Col 3 Ln 62 – Col 4 Ln 8, Col 5 Ln 65 -Col 6 Ln 13, Col 7 Ln 4 – Col 15 Ln 4; Mani discloses the application is restricted from communication (e.g. network traffic), access to system files (e.g. file modification) and connections available are for reporting the health of the computing device] Regarding claims 8-10, 13, 15-17 and 20 they are manufacture and system claims essentially corresponding to the above recitations, and they are rejected, at least, for the same reasons. Claims 4, 5, 11, 12, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20130036231 to Mani et al. (hereinafter “Mani .”) in view of US 20240126873 to Philip et al. (hereinafter “Philip”) and further in view of US 20200285752 to Wyatt et al. (hereinafter “Wyatt”) Claims 4 and 5 While the combination teaches the computer-implemented method of claim 1 and teaches various forms of restriction in order to neutralize threats including restriction of user accounts the combination fails to explicitly teach restricting initialization of software or child process of software. More specifically the combination fails to teach the claimed limitations of however, Wyatt teaches: wherein restricting the execution of the at least one software application comprises restricting initialization of the at least one software application from one or more user accounts. [e.g. Wyatt; Abstract, Claim 5, Para. 0070; Wyatt discloses the quarantining of the software includes preventing the software from launching (e.g. restricting initialization).] wherein restricting the execution of the at least one software application comprises restricting initialization of child processes for the at least one software application. [e.g. Wyatt; Abstract, Claim 5, Para. 0070; Wyatt discloses the quarantining of the software includes preventing the software from launching (e.g. restricting initialization of child process).]responsive to the determining that the device threat type requires elevated security measures, restricting ... the user device for a first time period; [e.g. Wyatt; Abstract, Claim 1, Para. 0006-0008, 0020, 0021, 0023, 0024, 0027, 0029, 0031- 0039; Wyatt discloses the quarantine limits communication and an account of the user.] and after the elevating, automatically remediating the security threat on the user device within the first time period. [e.g. Wyatt; Abstract, Claim 1, Para. 0006-0008, 0020, 0021, 0023, 0024, 0027, 0029, 0031- 0039; Wyatt discloses the remediating the threat within a predefined duration (e.g. first time period).] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to include, the features above in the invention as disclosed by Mani and Philip as preventing the execution of identified malware mitigates further potential damage of infected devices and improves the security of the network the infected device operates on. Regarding claims 11, 12, 18 and 19 they are manufacture and system claims essentially corresponding to the above recitations, and they are rejected, at least, for the same reasons. Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over US 20130036231 to Mani et al. (hereinafter “Mani .”) in view of US 20240126873 to Philip et al. (hereinafter “Philip”) and further in view of US 20200327225 to Nguyen et al. (hereinafter “Nguyen”) Claim 7 While the combination teaches the computer-implemented method of claim 1 and the combination fails to teach the claimed limitations of however, Nguyen teaches: wherein the at least one software application comprises a shell application, and wherein restricting the execution comprises restricting one or more combinations of command-line parameters for the shell application. [e.g. Nguyen; Abstract, Col 1 Ln 45 – Col 3 Ln 7, Col 3 Ln 62 – Col 4 Ln 8, Col 5 Ln 65 -Col 6 Ln 13, Col 7 Ln 4 – Col 15 Ln 4; Nguyen discloses the application is restricted any application from performing actions that are prohibited such as receiving or transmitting data, downloading or accessing system files.] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to include, the features above in the invention as disclosed by Mani and Philip to ensure sophisticated security violations are detected and addressed as disclosed by Nguyen in paragraph 0005. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER C HARRIS whose telephone number is (571)270-7841. The examiner can normally be reached Monday through Friday between 8:00 AM to 4:00 PM CST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER C HARRIS/Primary Examiner, Art Unit 2432
Read full office action

Prosecution Timeline

Jan 26, 2024
Application Filed
Sep 10, 2025
Non-Final Rejection mailed — §103
Nov 03, 2025
Interview Requested
Nov 13, 2025
Examiner Interview (Telephonic)
Nov 14, 2025
Examiner Interview Summary
Dec 09, 2025
Response Filed
Apr 29, 2026
Final Rejection mailed — §103
Jun 29, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670254
STORAGE ACCESS MONITORING METHOD AND STORAGE ACCESS MONITORING DEVICE
2y 2m to grant Granted Jun 30, 2026
Patent 12670251
STRUCTURING IPV6 ADDRESSES INTO BIT FIELDS TO EMBED LANGUAGE LOCALIZATION AND SERVICES
2y 1m to grant Granted Jun 30, 2026
Patent 12661778
SPARE ROBOT CONTROLLER
3y 8m to grant Granted Jun 23, 2026
Patent 12657287
SYSTEM AND METHOD AND FOR LOADING ENCLAVE-AWARE EXECUTABLES
1y 5m to grant Granted Jun 16, 2026
Patent 12645797
MALWARE DETECTION FROM APPROXIMATE INDICATORS
3y 1m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

2-3
Expected OA Rounds
76%
Grant Probability
99%
With Interview (+25.3%)
2y 10m (~4m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 374 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month