Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsSophos Limited › 18517321
Last updated: April 19, 2026
Application No. 18/517,321

DETECTING TAMPERING WITH HOSTED SERVICES

Non-Final OA §102§103
Filed
Nov 22, 2023
Examiner
PENA-SANTANA, TANIA M
Art Unit
2443
Tech Center
2400 — Computer Networks
Assignee
Sophos Limited
OA Round
3 (Non-Final)
72%
Grant Probability
Favorable
3-4
OA Rounds
2y 10m
To Grant
66%
With Interview

Interview Optional

-6.0% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 245 resolved cases, 2023–2026

Examiner Intelligence

PENA-SANTANA, TANIA M View full profile →
Grants 72% — above average
72%
Career Allow Rate
176 granted / 245 resolved
+13.8% vs TC avg
Minimal -6% lift
Without
With
+-6.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
29 currently pending
Career history
274
Total Applications
across all art units

Statute-Specific Performance

§101
10.4%
-29.6% vs TC avg
§103
54.8%
+14.8% vs TC avg
§102
17.6%
-22.4% vs TC avg
§112
10.0%
-30.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 245 resolved cases

Office Action

§102 §103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Claims Status Claims 1, 14 and 20 filed 10/31/2025 have been amended.Claims 1-22 are pending and have been rejected. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/30/2026 has been entered. Response to Arguments Applicant's arguments filed 01/30/2026 have been fully considered but they are not persuasive. Applicant’s representative asserts that the cited art does not teaches every feature of the independent claims. However, the Examiner respectfully disagrees as Shenoy Jr. et al. (U.S. Publication 2019/0098037) in paragraphs 0063-0064 and 0108, shows that user profiles are generated using the user identity profile. Paragraphs 0043-0044 and 0179, shows user accounts having authentication information in order for users to access services of an organization (i.e., email service). Paragraphs 0030-0031, shows user accounts need to comply with security system rules in order to avoid security violations based on their actions. As it is Applicant's right to claim as broadly as possible their invention, it is also the Examiner's right to interpret the claim language as broadly as possible. It is the Examiner's position that the detailed functionality that allows for Applicant's invention to overcome the prior art used in the rejection, fails to differentiate in detail how these features are unique. It is clear that Applicant must be able to submit claim language to distinguish over the prior arts used in the above rejection sections that discloses distinctive features of Applicant's claimed invention. It is suggested that Applicant compare the original specification and claim language with the cited prior art used in the rejection section above or the remark section below to draw an amended claim set to further the prosecution. Failure for Applicant to narrow the definition/scope of the claims and supply arguments commensurate in scope with the claims implies the Applicant's intent to broaden claimed invention. Based on the rationale explained above, the Examiner disagrees with the prior arts being silent to the claimed embodiment. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-3, 6-10, 12-18 & 20-22 are rejected under 35 U.S.C. 102(a)(1) as being unpatentable by Shenoy Jr. et al. (U.S. Publication 2019/0098037), hereinafter ‘Shenoy’. As to claim 1, Shenoy, Jr. discloses a computer program product comprising computer executable code embodied in a non- transitory computer readable medium that, when executing on one or more computing devices, causes the one or more computing devices to perform the steps of: creating a digital identity for access to an electronic mail tenant (Shenoy, Jr., see [0092], roles can be created using pre-defined policies), wherein: the digital identity is associated with user credential for the digital identity to login to the electronic mail tenant (Shenoy Jr., see [0063-0064] and table 1, the service provider can record when users log into a service, such as email. See [0108], user identity profile is used to generate user profiles that describe the use of cloud services, wherein those cloud services can maintain user data, such as authentication, changing passwords, etc.), the electronic mail tenant is configured to authenticate the digital identity (Shenoy Jr., see [0043-0044], user uses user account to access services of different service providers, wherein the service authorizes the use within the organization (i.e., email service. See [0179], users associated with certain user accounts may have to provide additional authentication information (e.g., biometric information, additional passwords, and the like)), and the digital identity supports remote configuration of mail flow rules on the electronic mail tenant (Shenoy Jr., see [0030-0031], the security system can compare the flagged actions associated with the first user account to the security rules to determine when there are one or more security violations. See [0041] & [0043-0044], the users of the organization can make use of the resources of the organization and the services that the organization subscribes to through the client devices, which can be owned by the organization and provided to the organization's members by the organization. An individual can have a user account with one or more of the services, wherein a cloud service can be authorized or unauthorized for use within the organization); with the digital identity, deploying one or more mail flow rules to the electronic mail tenant to support secure, remote management of electronic mail traffic for the electronic mail tenant from a remote mail security service (Shenoy, Jr., see [0247], IMS can be configured to provide various security-related services such as identity services, such as information access management, authentication and authorization services, services for managing customer identities and roles and related capabilities); with the digital identity, configuring the electronic mail tenant to create an audit log of changes to mail flow rules that control electronic mail flow for the electronic mail tenant (Shenoy, Jr., see [0031], the security system receives activity data to determine whether there are actions of interest associated with the user account in the activity data. See [0069], the log collector system is able to use the credentials of a tenant account with the service provider to request the activity logs. See [0100], activity data can include sources of information such as user logs and/or audit trails. See [0133], a security policy can also describe an action that is to be taken when an event is detected, such as blocking access to a service, or disabling a user account); with the digital identity, requesting a retrieval of the audit log from the electronic mail tenant to a threat management facility (Shenoy, Jr., see [0098], the data loader application can obtain the activity data by requesting the data from the service provider, wherein the data retrieved by the data loader application can be entered into a landing repository and/or analytics and threat intelligence repository); with the threat management facility, analyzing the audit log to identify mail flow modifications (Shenoy, Jr. see [0103], the data loader application formats activity data for storage in order to check for changed data); in response to identifying a modification to the mail flow rules in the audit log that redirects electronic mail traffic between the electronic mail tenant and a remote mail security service of the threat management facility, retrieving additional information for the modification from the electronic mail tenant to the threat management facility (Shenoy Jr., see [0083], cloud security system can conduct network threat analysis for a tenant of a service provider. See [0103], the cloud crawler application recognizes differences in the structure or values of the data retrieved, and can apply the changes to the application catalog database and/or the analytics and threat intelligence repository. See [0125-0126] and [0177], sensitive emails from user accounts can be redirected through the threat detection engine that detects threats.); performing a validation of a behavior of the mail flow rules, including the modification, by evaluating a risk presented by the modification to a security of the electronic mail tenant (Shenoy Jr., see [0048], the security monitoring and control system can analyze use of services and identify activities that can be a threat to an organization or individual subscriber. See [0154-0155], the threat detection engine can compute a risk score for a user, a service, etc. See [0195] and [0198], rule ID indicates rule identifiers that identify a rule, wherein the rule ID can indicate risk score associated with user accounts); and in response to a failure of the validation, remediating the electronic mail tenant with the digital identity to restore valid execution of the one or more mail flow rules (Shenoy Jr., see [0048], the security monitoring and control system can analyze use of services and identify activities that can be a threat to an organization or individual subscriber. Analysis performed by the security monitoring and control system can include determining models of normal and/or abnormal behavior in user activity, and using the models to detect patterns of suspicious activity. See [0050], users can have access information such as reports generated by the security management and control system and the ability perform remediation actions suggested by the security management and control system, among other capabilities. See [0110-0111], the cloud security system can include remediation functions for responding to threats. Analytics can use information received from tenant systems that describes threat intelligence provided by the tenant, such as specific IP addresses to watch or block, users to watch or block, email addresses to watch or block, etc.). As to claim 2, Shenoy Jr. discloses everything disclosed in claim 1, wherein the one or more mail flow rules redirect outbound electronic mail traffic from the electronic mail tenant to the remote mail security service for security analysis (Shenoy Jr., see [0074-0076], control manager maintains a security policy that can define an action or set of actions that, when detected, constitute a security violation or an event that otherwise requires attention, wherein actions that are defined by a policy as a security violation can occur through use of one service, wherein access to a service can be modified). As to claim 3, Shenoy Jr. discloses everything disclosed in claim 1, the one or more mail flow rules redirect inbound electronic mail traffic for the electronic mail tenant to the remote mail security service (Shenoy Jr., see [0074-0076], control manager maintains a security policy that can define an action or set of actions that, when detected, constitute a security violation or an event that otherwise requires attention, wherein actions that are defined by a policy as a security violation can occur through use of one service, wherein access to a service can be modified). As to claim 6, Shenoy Jr. discloses everything disclosed in claim 1, wherein performing the validation includes verifying a diversion of mail flow for the electronic mail tenant to the remote mail security service (Shenoy Jr., see [0048], the security monitoring and control system can provide network threat detection and remediation services for subscribers of the cloud services). As to claim 7, Shenoy Jr. discloses everything disclosed in claim 1, wherein performing the validation includes analyzing a type and source of the modification (Shenoy Jr., see [0062], the security monitoring and control system can use different types of data or data sources for conducting threat analysis based on user activity). As to claim 8, Shenoy Jr. discloses everything disclosed in claim 1, wherein performing the validation includes analyzing a behavior of the one or more mail flow rules when executing in a context of all mail flow rules for the electronic mail tenant (Shenoy Jr., see [0163], activity data is collected which can contain contractual information). As to claim 9, Shenoy Jr. discloses everything disclosed in claim 1, wherein remediating the electronic mail tenant includes deleting the modification (Shenoy Jr., see [0050], users can have access information such as reports generated by the security management and control system and the ability perform remediation actions suggested by the security management and control system, among other capabilities. See [0110-0111], the cloud security system can include remediation functions for responding to threats. Analytics can use information received from tenant systems that describes threat intelligence provided by the tenant, such as specific IP addresses to watch or block, users to watch or block, email addresses to watch or block, etc.). As to claim 10, Shenoy Jr. discloses everything disclosed in claim 1, wherein requesting the retrieval of the audit log includes subscribing to a logging service of the electronic mail tenant (Shenoy Jr., see [0003] & [0034], service providers have subscription model to provide service for other for a period of time. A subscriber, who is a tenant, can be given an account with the service provider and/or with a particular service, through which the tenant uses the service). As to claim 12, Shenoy Jr. discloses everything disclosed in claim 1, wherein the electronic mail tenant is hosted in a cloud computing environment (Shenoy Jr., see [0030], cloud-based service providers. See [0209], service provider can be an email). As to claim 13, Shenoy Jr. discloses everything disclosed in claim 1, wherein retrieving the additional information includes locally submitting one or more commands requesting information with a local scripting language on the electronic mail tenant (Shenoy Jr., see [0069], the log collector system is able to use the credentials of a tenant account with the service provider to request the activity logs). As to claim 14, Shenoy Jr. discloses a method for remote management of rules for a service tenant comprising: creating a digital identity for access to the service tenant (Shenoy, Jr., see [0092], roles can be created using pre-defined policies), wherein: the digital identity is associated with user credential for the digital identity to login to the electronic mail tenant (Shenoy Jr., see [0063-0064] and table 1, the service provider can record when users log into a service, such as email. See [0108], user identity profile is used to generate user profiles that describe the use of cloud services, wherein those cloud services can maintain user data, such as authentication, changing passwords, etc.), the electronic mail tenant is configured to authenticate the digital identity (Shenoy Jr., see [0043-0044], user uses user account to access services of different service providers, wherein the service authorizes the use within the organization (i.e., email service. See [0179], users associated with certain user accounts may have to provide additional authentication information (e.g., biometric information, additional passwords, and the like)), and the digital identity supports remote configuration of mail flow rules on the electronic mail tenant (Shenoy Jr., see [0041] & [0043-0044], the users of the organization can make use of the resources of the organization and the services that the organization subscribes to through the client devices, which can be owned by the organization and provided to the organization's members by the organization. An individual can have a user account with one or more of the services, wherein a cloud service can be authorized or unauthorized for use within the organization); with the digital identity, deploying one or more connection rules to the service tenant to support secure, remote management from a security tenant (Shenoy, Jr., see [0247], IMS can be configured to provide various security-related services such as identity services, such as information access management, authentication and authorization services, services for managing customer identities and roles and related capabilities); with the digital identity, configuring the service tenant to create an audit log of changes to one or more connection rules that control the service tenant (Shenoy, Jr., see [0031], the security system receives activity data to determine whether there are actions of interest associated with the user account in the activity data. See [0069], the log collector system is able to use the credentials of a tenant account with the service provider to request the activity logs. See [0099], the data loader application can obtain activity data by connecting to and communicating with the service provider, wherein the connection is made over an encrypted communication channel. See [0100], activity data can include sources of information such as user logs and/or audit trails. See [0133], a security policy can also describe an action that is to be taken when an event is detected, such as blocking access to a service, or disabling a user account); with the digital identity, requesting a retrieval of the audit log from the service tenant (Shenoy, Jr., see [0098], the data loader application can obtain the activity data by requesting the data from the service provider, wherein the data retrieved by the data loader application can be entered into a landing repository and/or analytics and threat intelligence repository); analyzing the audit log (Shenoy, Jr. see [0103], the data loader application formats activity data for storage in order to check for changed data); in response to identifying a modification to the one or more connection rules in the audit log that redirects electronic mail traffic between the service tenant and security tenant, retrieving details of the modification from the service tenant (Shenoy Jr., see [0083], cloud security system can conduct network threat analysis for a tenant of a service provider. See [0103], the cloud crawler application recognizes differences in the structure or values of the data retrieved, and can apply the changes to the application catalog database and/or the analytics and threat intelligence repository. See [0125-0126] and [0177], sensitive emails from user accounts can be redirected through the threat detection engine that detects threats.); performing a validation of behavior of the one or more connection rules with the modification by evaluating a risk presented by the modification to a security of the service tenant (Shenoy Jr., see [0048], the security monitoring and control system can analyze use of services and identify activities that can be a threat to an organization or individual subscriber. See [0154-0155], the threat detection engine can compute a risk score for a user, a service, etc. See [0195] and [0198], rule ID indicates rule identifiers that identify a rule, wherein the rule ID can indicate risk score associated with user accounts); and in response to a failure of the validation, remediating the service tenant to restore valid execution of the one or more connection rules to support secure, remote management from the security tenant (Shenoy Jr., see [0048], the security monitoring and control system can analyze use of services and identify activities that can be a threat to an organization or individual subscriber. Analysis performed by the security monitoring and control system can include determining models of normal and/or abnormal behavior in user activity, and using the models to detect patterns of suspicious activity. See [0050], users can have access information such as reports generated by the security management and control system and the ability perform remediation actions suggested by the security management and control system, among other capabilities. See [0110-0111], the cloud security system can include remediation functions for responding to threats. Analytics can use information received from tenant systems that describes threat intelligence provided by the tenant, such as specific IP addresses to watch or block, users to watch or block, email addresses to watch or block, etc.). As to claim 15, Shenoy Jr. discloses everything disclosed in claim 14, wherein the one or more connection rules include at least one mail flow rule for handling of electronic mail by the service tenant (Shenoy Jr., see [0074-0076], control manager maintains a security policy that can define an action or set of actions that, when detected, constitute a security violation or an event that otherwise requires attention, wherein actions that are defined by a policy as a security violation can occur through use of one service, wherein access to a service can be modified). As to claim 16, Shenoy Jr. discloses everything disclosed in claim 14, wherein the one or more connection rules include at least one connector rule for handling connections to external services by the service tenant (Shenoy Jr., see [0043], individuals and organizations can subscribe to services provided by different service providers, wherein an organization can use an email service (e.g. Gmail from GOOGLE) from one service provider. Separate computing systems for supporting their respective service and being controlled by different entities. Shenoy Jr., see [0074-0076], control manager maintains a security policy that can define an action or set of actions that, when detected, constitute a security violation or an event that otherwise requires attention, wherein actions that are defined by a policy as a security violation can occur through use of one service, wherein access to a service can be modified). As to claim 17, Shenoy Jr. discloses everything disclosed in claim 14, wherein the service tenant is an electronic mail tenant (Shenoy Jr., see [0034], the tenant can have an account with the service provider. See [0209], services provided can be email service). As to claim 18, Shenoy Jr. discloses everything disclosed in claim 14, wherein the security tenant is an electronic mail tenant (Shenoy Jr., see [0034], the tenant can have an account with the service provider. See [0055], the tenant configuration information, can include configuration information for tenants and tenant accounts, as well as user accounts associated with each tenant account. Security is provided to tenant accounts using services. See [0209], services provided can be email service). As to claim 20, Shenoy Jr. discloses a system comprising: a first cloud computing platform hosting a service tenant and a security tenant (Shenoy Jr., see [0034], the tenant can have an account with the service provider. See [0055], the tenant configuration information, can include configuration information for tenants and tenant accounts, as well as user accounts associated with each tenant account. Security is provided to tenant accounts using services. See [0209], services provided can be email service); and a threat management facility providing security services for the service tenant, wherein the security tenant is configured to, in response to a request from a user at a console of the threat management facility (Shenoy Jr., see [0055], tenant accounts using services are provided with security in order to determine threats), perform the steps of: causing the service tenant to create a digital identity for the security tenant to modify a set of rules of the service tenant (Shenoy, Jr., see [0092], roles can be created using pre-defined policies), wherein: the digital identity is associated with user credential for the digital identity to login to the electronic mail tenant (Shenoy Jr., see [0063-0064] and table 1, the service provider can record when users log into a service, such as email. See [0108], user identity profile is used to generate user profiles that describe the use of cloud services, wherein those cloud services can maintain user data, such as authentication, changing passwords, etc.), the electronic mail tenant is configured to authenticate the digital identity (Shenoy Jr., see [0043-0044], user uses user account to access services of different service providers, wherein the service authorizes the use within the organization (i.e., email service. See [0179], users associated with certain user accounts may have to provide additional authentication information (e.g., biometric information, additional passwords, and the like)), and the digital identity supports remote configuration of mail flow rules on the electronic mail tenant (Shenoy Jr., see [0041] & [0043-0044], the users of the organization can make use of the resources of the organization and the services that the organization subscribes to through the client devices, which can be owned by the organization and provided to the organization's members by the organization. An individual can have a user account with one or more of the services, wherein a cloud service can be authorized or unauthorized for use within the organization); with the digital identity, deploying one or more connection rules from the security tenant to the service tenant with the digital identity as one or more of the set of rules of the service tenant to support secure, remote management of the service tenant from the service tenant (Shenoy, Jr., see [0247], IMS can be configured to provide various security-related services such as identity services, such as information access management, authentication and authorization services, services for managing customer identities and roles and related capabilities), detecting a modification to one of the set of rules for the service tenant that redirects electronic mail traffic between the service tenant and the security tenant (Shenoy Jr., see [0083], cloud security system can conduct network threat analysis for a tenant of a service provider. See [0103], the cloud crawler application recognizes differences in the structure or values of the data retrieved, and can apply the changes to the application catalog database and/or the analytics and threat intelligence repository. See [0125-0126] and [0177], sensitive emails from user accounts can be redirected through the threat detection engine that detects threats.), validating a behavior of the one or more connection rules with the modification to the set of rules by evaluating a risk presented by the modification to a security of the service tenant (Shenoy Jr., see [0048], the security monitoring and control system can analyze use of services and identify activities that can be a threat to an organization or individual subscriber. See [0154-0155], the threat detection engine can compute a risk score for a user, a service, etc. See [0195] and [0198], rule ID indicates rule identifiers that identify a rule, wherein the rule ID can indicate risk score associated with user accounts), and in response to a failure of the validation, remediating the service tenant to restore valid execution of the one or more connection rules to support secure, remote management from the security tenant (Shenoy Jr., see [0048], the security monitoring and control system can analyze use of services and identify activities that can be a threat to an organization or individual subscriber. Analysis performed by the security monitoring and control system can include determining models of normal and/or abnormal behavior in user activity, and using the models to detect patterns of suspicious activity. See [0050], users can have access information such as reports generated by the security management and control system and the ability perform remediation actions suggested by the security management and control system, among other capabilities. See [0110-0111], the cloud security system can include remediation functions for responding to threats. Analytics can use information received from tenant systems that describes threat intelligence provided by the tenant, such as specific IP addresses to watch or block, users to watch or block, email addresses to watch or block, etc.). As to claim 21, Shenoy Jr. discloses everything disclosed in claim 20, wherein the service tenant is an electronic mail tenant (Shenoy Jr., see [0034], the tenant can have an account with the service provider. See [0209], services provided can be email service). As to claim 22, Shenoy Jr. discloses everything disclosed in claim 20, wherein the security tenant is hosted in a multi-tenant environment (Shenoy Jr., see [0034], the tenant can have an account with the service provider. See [0055], the tenant configuration information, can include configuration information for tenants and tenant accounts, as well as user accounts associated with each tenant account. Security is provided to tenant accounts using services. See [0209], services provided can be email service). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Shenoy Jr. et al. (U.S. Publication 2019/0098037), hereinafter ‘Shenoy Jr.’ in view of Tsong (U.S. Patent No.11,066,164), hereinafter ‘Tsong’. As to claim 4, Shenoy Jr. discloses everything disclosed in claim 1, but is silent to wherein the digital identity is associated with a cryptographic key, the cryptographic key used to create a digitally signed certificate for the remote mail security service to obtain an access token for programmatic access to the electronic mail tenant. However, Tsong discloses wherein the digital identity is associated with a cryptographic key, the cryptographic key used to create a digitally signed certificate for the remote mail security service to obtain an access token for programmatic access to the electronic mail tenant (Tsong, see col. 4 lines 37-40, a user account associated with a client device is authenticated, the public key signing service use the public key identified for the user account to generate a digital certificate). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Shenoy Jr. in view of Tsong in order to further modify the method for cloud-based threat detection from the teachings of Shenoy Jr. with the method for providing secure remote access from the teachings of Tsong. One of ordinary skill in the art would have been motivated because it would allow to authenticate the user in order to provide access (Tsong – Abstract). Claims 5, 11 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Shenoy Jr. et al. (U.S. Publication 2019/0098037), hereinafter ‘Shenoy Jr.’ in view of Osborne III (U.S. Publication 2019/0364007), hereinafter ‘Osborne III’. As to claim 5, Shenoy Jr. discloses everything disclosed in claim 1, but is silent to wherein the remote mail security service is a second electronic mail tenant hosted in a multi-tenant environment with the electronic mail tenant. However, Osborne III discloses wherein the remote mail security service is a second electronic mail tenant hosted in a multi-tenant environment with the electronic mail tenant (Osborne III, see [0020], network environment of a multitenant system, comprises a network connecting one or more tenants, wherein tenants comprise one or more servers hosting one or more services including e-mail accounts). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Shenoy Jr. in view of Osborne III in order to further modify the method for cloud-based threat detection from the teachings of Shenoy Jr. with the method for message redirection from the teachings of Osborne III. One of ordinary skill in the art would have been motivated because it would allow to directing messages between tenants in a multitenant system or network and users external to those tenants (Osborne III – Abstract). As to claim 11, Shenoy Jr. discloses everything disclosed in claim 1, but is silent to wherein the electronic mail tenant is hosted in a multi-tenant environment. However, Osborne III discloses wherein the electronic mail tenant is hosted in a multi-tenant environment (Osborne III, see [0020], network environment of a multitenant system with tenants that host services of email accounts). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Shenoy Jr. in view of Osborne III in order to further modify the method for cloud-based threat detection from the teachings of Shenoy Jr. with the method for message redirection from the teachings of Osborne III. One of ordinary skill in the art would have been motivated because it would allow to directing messages between tenants in a multitenant system or network and users external to those tenants (Osborne III – Abstract). As to claim 19, Shenoy Jr. discloses everything disclosed in claim 14, but is silent to wherein the service tenant is hosted in a multi-tenant platform. However, Osborne III discloses wherein the service tenant is hosted in a multi-tenant platform Osborne III, see [0020], network environment of a multitenant system with tenants that host services of email accounts). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Shenoy Jr. in view of Osborne III in order to further modify the method for cloud-based threat detection from the teachings of Shenoy Jr. with the method for message redirection from the teachings of Osborne III. One of ordinary skill in the art would have been motivated because it would allow to directing messages between tenants in a multitenant system or network and users external to those tenants (Osborne III – Abstract). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. This includes: U.S. Publication 2013/0198871, which describes a program product for messaging in an on-demand database service. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TANIA M PENA-SANTANA whose telephone number is (571)270-0627. The examiner can normally be reached Monday - Friday 8am to 4pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas R Taylor can be reached at 5712723889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TANIA M PENA-SANTANA/Examiner, Art Unit 2443 /NICHOLAS R TAYLOR/Supervisory Patent Examiner, Art Unit 2443
Read full office action

Prosecution Timeline

Nov 22, 2023
Application Filed
May 29, 2025
Non-Final Rejection — §102, §103
Oct 09, 2025
Applicant Interview (Telephonic)
Oct 14, 2025
Examiner Interview Summary
Oct 31, 2025
Response Filed
Nov 19, 2025
Final Rejection — §102, §103
Jan 30, 2026
Request for Continued Examination
Feb 02, 2026
Response after Non-Final Action
Feb 06, 2026
Non-Final Rejection — §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

17/718,207
Patent 12592924
SMART HUB QUANTUM KEY DISTRIBUTION AND SECURITY MANAGEMENT IN ADVANCED NETWORKS
2y 5m to grant Granted Mar 31, 2026
18/188,438
Patent 12585754
TRUSTED ROOT RECOVERY
2y 5m to grant Granted Mar 24, 2026
17/399,867
Patent 12574343
SYSTEMS AND METHODS FOR MULTI-AGENT CONVERSATIONS
2y 5m to grant Granted Mar 10, 2026
18/314,111
Patent 12574260
CONSENSUS PROCESSING METHOD, APPARATUS, AND SYSTEM FOR BLOCKCHAIN NETWORK, DEVICE, AND MEDIUM
2y 5m to grant Granted Mar 10, 2026
18/045,673
Patent 12561477
AUTOMATED SPARSITY FEATURE SELECTION
2y 5m to grant Granted Feb 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
72%
Grant Probability
66%
With Interview (-6.0%)
2y 10m
Median Time to Grant
High
PTA Risk
Based on 245 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month