Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsFortinet Inc. › 18427252
Last updated: May 29, 2026
Application No. 18/427,252

SYSTEMS AND METHODS TO SAFELY PROVIDE FILES AND SOFTWARE UPDATES WITH A CLOUD SUBSCRIPTION SERVICE

Final Rejection §102
Filed
Jan 30, 2024
Examiner
SHINGLES, KRISTIE D
Art Unit
2453
Tech Center
2400 — Computer Networks
Assignee
Fortinet Inc.
OA Round
2 (Final)
82%
Grant Probability
Favorable
3-4
OA Rounds
6m
Est. Remaining
95%
With Interview

Interview Optional

+13.0% interview lift. Interview lift (+13.0%) is below the 15.0% threshold. A written response is recommended.
Based on 792 resolved cases, 2023–2026

Examiner Intelligence

SHINGLES, KRISTIE D View full profile →
Grants 82% — above average
82%
Career Allowance Rate
653 granted / 792 resolved
+24.4% vs TC avg
Moderate +13% lift
Without
With
+13.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
30 currently pending
Career history
824
Total Applications
across all art units

Statute-Specific Performance

§101
1.5%
-38.5% vs TC avg
§103
50.8%
+10.8% vs TC avg
§102
42.9%
+2.9% vs TC avg
§112
0.3%
-39.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 792 resolved cases

Office Action

§102
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Response to Amendments Claims 1, 8-9, 11-16 and 18-20 have been amended. Claims 1-20 are pending. Response to Arguments Applicant’s arguments with respect to the pending claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. CLAIM REJECTIONS - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. CLAIMS 1-20 are rejected under 35 U.S.C. 102(a)(1)/(2) as being anticipated by ETCHEGOYEN (US 2011/0093701). Per claim 1, ETCHEGOYEN teaches a computer-implemented method, comprising: building, with a network security platform, a trusted database having software including software updates and files including file information from trusted third party software providers (paras 0026, 0053-55—administrative database having software applications and versions, including both unauthorized and authorized versions; software signatures for new versions may be added by developers; new signatures indicating unauthorized versions may be discovered by client-side security components and reported to the database); receiving a first software update or file from a third party software provider (paras 0013, 0026-27, 0043, 0049, 0052—version tracking, receiving software update and version data from a provider/publisher/developer managed at an administrative node); determining an identifier for the first software update or file and determining whether the identifier is stored in the trusted database (paras 0031-34, 0049-53—determining software signature data, application version identifier and metadata are included in the database managed at an administrative node); validating the first software update or file based on whether the identifier is stored in the trusted database to determine validity of the first software update or file including determining valid first software update or file being safe or determining invalid first software update or file being suspicious or malicious (paras 0052-53—comparing the software signature to determine if it is authorized and stored in the administrative database, when it not authorized or found registered in the database it is determined to be suspicious and or discarded); and determining whether to update the trusted database with the identifier for the first software update or file based on determining valid first software update or file being safe or determining invalid first software update or file being suspicious or malicious (Abstract, paras 0026, 0055—determining to update the databased with the version identifiers indicating authorized versions, while assigning labels to unauthorized application version to prevent use of unauthorized software). Per claim 8, ETCHEGOYEN teaches the system comprising: one or more processing resource (paras 0021-22—processor); and a non-transitory computer readable medium coupled to the one or more processing resources and having stored therein instructions being executable by the one or more processing resources cause the one or more (paras 0021-23) processing resource to: build, with a network security platform, a trusted database having software including software updates and files including file information from trusted third-party software providers (paras 0026, 0053-55—administrative database having software applications and versions, including both unauthorized and authorized versions; software signatures for new versions may be added by developers; new signatures indicating unauthorized versions may be discovered by client-side security components and reported to the database); determine a hash identifier for the first software update or file and determining whether the identifier is stored in the trusted database (paras 0026, 0030, 0038-39, 0042—hash signatures are associated with each application and version and kept in the database as specified by the developer); validating the first software update or file based on whether the identifier is stored in the trusted database to determine validity of the first software update or file including determining valid first software update or file being safe or determining invalid first software update or file being suspicious or malicious (paras 0052-53—comparing the software signature to determine if it is authorized and stored in the administrative database, when it not authorized or found registered in the database it is determined to be suspicious and or discarded); and determining whether to update the trusted database with the identifier for the first software update or file based on determining valid first software update or file being safe or determining invalid first software update or file being suspicious or malicious (Abstract, paras 0026, 0055—determining to update the databased with the version identifiers indicating authorized versions, while assigning labels to unauthorized application version to prevent use of unauthorized software). Claim 15 contains limitations that are substantially equivalent to the limitations of claim 8 and are therefore rejected under the same basis. Per claim 2, ETCHEGOYEN teaches the computer-implemented method of claim 1, further comprises: updating the trusted database with at least one of the identifier and the first software update or file (paras 0012, 0026, 0034—authorizing updates to the database with updated software version data when an outdated or unauthorized version is detected). Per claim 4, ETCHEGOYEN teaches the computer-implemented method of claim 1, further comprises: receiving or detecting a second software update or file; and determining an identifier for the second software update or file (paras 0012-13, 0026, 0033-34—new file signatures, new software signatures for new version appear at client machines prior to version release, a software update is recommended or required, authorize updates to software versions when an outdated or unauthorized version is detected at the client, updates may be performed automatically is permitted by the applicable license agreement). Per claim 5, ETCHEGOYEN teaches the computer-implemented method of claim 4, further comprising: determining whether the identifier for the second software update or file is stored in the trusted database (paras 0031-34, 0049-53—determining software signature data, application version identifier and metadata are included in the database managed at an administrative node). Per claim 6, ETCHEGOYEN teaches the computer-implemented method of claim 5, further comprising: taking an action when the identifier for the second software update or file is stored in the trusted database (paras 0046-47, 0052-54—comparing the software signature to determine if it is authorized and stored in the administrative database, when it not authorized or found registered in the database it is determined to be suspicious and or discarded, the administrative node may refrain from any specific enabling or disabling action). Per claim 7, ETCHEGOYEN teaches the computer-implemented method of claim 5, further comprises: analyzing the second software update or file based on a scan policy when the identifier for the second software update or file is not stored in the trusted database (paras 0023, 0027—enforcing security policies set by the developer when software signature tracking indicates one or more clients is in violation of license terms; and tracking distribution and use of software versions by the various client devices using the software application). Per claim 9, ETCHEGOYEN teaches the system of claim 8, wherein the one or more instructions being executable by the one or more processing resource cause the processing resource to: update the trusted database with the hash identifier from the first software update or file (paras 0026, 0030, 0038-39, 0042—hash signatures associated with each application and version and stored in the database as specified by the developer). Per claim 10, ETCHEGOYEN teaches the system of claim 8, wherein the file information includes a file size, a publish date, a risk score, a software provider, a brief software description, and different hashes (paras 0026, 0042—hash identifier, signature date, developer information and metadata; paras 0006, 0008, 0013, 0027-28, 0055—software provider, developer). Claims 3 and 17 contain limitations that are substantially equivalent to the limitations of claim 10 and are therefore rejected under the same basis. Per claim 11, ETCHEGOYEN teaches the system of claim 8, wherein the instructions being executable by the one or more processing resources cause the one or more processing resources to: receive or detect a second software update or file; and determine a hash identifier for the second software update or file (paras 0012-13, 0026, 0033-34—new file signatures, new software signatures for new version appear at client machines prior to version release, a software update is recommended or required, authorize updates to software versions when an outdated or unauthorized version is detected at the client, updates may be performed automatically is permitted by the applicable license agreement; paras 0026, 0030, 0038-39, 0042—hash signatures associated with each application and version and stored in the database as specified by the developer). Per claim 12, ETCHEGOYEN teaches the system of claim 11, wherein the instructions being executable by the one or more processing resources cause the one or more processing resources to: determine whether the hash identifier for the second software update or file is stored in the trusted database (paras 0026, 0030, 0038-39, 0042—hash signatures associated with each application and version and stored in the database as specified by the developer). Per claim 13, ETCHEGOYEN teaches the system of claim 12, wherein the instructions being executable by the one or more processing resource cause the processing resources to: take an action to consider the second software update or file safe when the hash identifier for the second software update or file is stored in the trusted database (paras 0026, 0030, 0038-39, 0042—hash signatures associated with each application and version and stored in the database as specified by the developer; paras 0046-47, 0052-54—comparing the software signature to determine if it is authorized and stored in the administrative database, when it not authorized or found registered in the database it is determined to be suspicious and or discarded, the administrative node may refrain from any specific enabling or disabling action). Per claim 14, ETCHEGOYEN teaches the system of claim 13, wherein the instructions being executable by the one or more processing resource cause the one or more processing resources to: analyze the second software update or file based on a scan policy when the hash identifier for the second software update or file is not stored in the trusted database (paras 0023, 0026-27, 0034—enforcing security policies set by the developer when software signature tracking indicates one or more clients is in violation of license terms, license enforcement and tracking distribution and use of software versions by the various client devices using the software application). Claims 16-20 contain limitations that are substantially equivalent to the limitations of claims 9 and 11-14 and are therefore rejected under the same basis. Conclusion III. The prior art made of record and not relied upon is considered pertinent to Applicant's disclosure: USPN 7051211, US 2022/0294854; USPN 6697948. IV. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. V. Any inquiry concerning this communication or earlier communications from the examiner should be directed to KRISTIE D SHINGLES whose telephone number is (571)272-3888. The examiner can normally be reached on Monday-Thursday 10am-7pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal Divecha can be reached on 571-272-5863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KRISTIE D SHINGLES/ Primary Examiner, Art Unit 2453
Read full office action

Prosecution Timeline

Jan 30, 2024
Application Filed
Oct 22, 2025
Non-Final Rejection mailed — §102
Jan 22, 2026
Response Filed
Apr 17, 2026
Final Rejection mailed — §102 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/636,757
Patent 12640947
Scalable Cluster Based Scoring with Multi-Queue Dynamic Scheduling Consensus Mechanism in Blockchain
2y 1m to grant Granted May 26, 2026
15/345,817
Patent 12626569
DEVICE FOR DATA ROUTING IN NETWORKS
9y 6m to grant Granted May 12, 2026
18/651,499
Patent 12626003
POLICY BASED COMPLIANCE ENFORCEMENT IN A FEDERATED GRAPH
2y 0m to grant Granted May 12, 2026
18/238,115
Patent 12619687
Secure Software Life Duration Timer
2y 8m to grant Granted May 05, 2026
18/637,638
Patent 12609835
APPLYING CHANGESET WITH IMPROVED CYBER SECURITY
2y 0m to grant Granted Apr 21, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
82%
Grant Probability
95%
With Interview (+13.0%)
2y 10m (~6m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 792 resolved cases by this examiner. Grant probability derived from career allowance rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month