Prosecution Insights
Last updated: July 17, 2026
Application No. 18/532,386

SECURITY APPLIANCE EXTENSION

Non-Final OA §101§103
Filed
Dec 07, 2023
Priority
Mar 12, 2019 — provisional 62/817,304 +1 more
Examiner
BROPHY, MATTHEW J
Art Unit
2191
Tech Center
2100 — Computer Architecture & Software
Assignee
Universal City Studios LLC
OA Round
1 (Non-Final)
69%
Grant Probability
Favorable
1-2
OA Rounds
1y 0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 69% — above average
69%
Career Allowance Rate
427 granted / 621 resolved
+13.8% vs TC avg
Strong +34% interview lift
Without
With
+33.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 7m
Avg Prosecution
8 currently pending
Career history
637
Total Applications
across all art units

Statute-Specific Performance

§101
1.0%
-39.0% vs TC avg
§103
90.3%
+50.3% vs TC avg
§102
7.5%
-32.5% vs TC avg
§112
0.6%
-39.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 621 resolved cases

Office Action

§101 §103
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the application filed December 7, 2023. Claims 21-40 are pending. Information Disclosure Statement The information disclosure statement (IDS) submitted on December 7, 2023, August 5, 2024 and December 19, 2024 was filed after the mailing date of the Application on December 7, 2023. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 21-40 rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1-20 of U.S. Patent No US Patent No. 12,579,257 Although the claims at issue are not identical, they are not patentably distinct from each other because the pending claims of this application are obvious in view of the aligned patented claims below. Application 18/532,386 US Patent 12,579,257 21. (New) An electronic device, comprising:an embedded computer, comprising one or more processors configured to: receive one or more security event messages from a security appliance, the one or more security event messages each indicating a security event associated with a protected component; identify, based upon one or more characteristics of the one or more security event, a customized severity characterization of the one or more security event messages, wherein the customized severity characterization is not defined by the security appliance; determine one or more presentation or control actions to be performed based upon the customized severity characterization; and perform the one or more presentation or control actions. 22. (New) The electronic device of claim 21, wherein the customized severity characterization is determined by executing a mapping script that maps one or more characteristics of the one or more security event messages received by the security appliance to a particular customized severity characterization expected by the embedded computer. 23. (New) The electronic device of claim 22, wherein the one or more characteristics of the one or more security event messages received by the security appliance comprises a first severity level and the particular customized severity characterization expected by the embedded computer is a second severity level. Notice to 24. (New) The electronic device of claim 22, wherein the one or more processors of the embedded computer are configured to execute the mapping script. 25. (New) The electronic device of claim 22, wherein the customized severity characterization is received from the security appliance. 26. (New) The electronic device of claim 21, comprising a display, wherein the one or more presentation or control actions comprises:presenting, via a graphical user interface (GUI) on the display, one or more alarm banners associated with the one or more security event messages, the one or more alarm banners displayed based upon the customized severity characterization; or presenting, via a stack light, one or more visual alarm indications associated with the one or more security event messages, the one or more visual alarm indications based upon the customized severity characterization; or both. 27. (New) The electronic device of claim 21, wherein the one or more presentation or control actions comprises modifying an operational status of the protected component. 28. (New) The electronic device of claim 27, wherein the protected component comprises an amusement attraction. 29. (New) The electronic device of claim 21, wherein the one or more security event messages comprise a message generated in accordance with a Syslog standard for message logging. 30. (New) The electronic device of claim 21, comprising: Page 4 one or more input/output (I/O) devices configured to receive one or more I/O commands from an operator of the electronic device, or provide one or more output indications to the operator, or both; and a programmable logic controller (PLC) configured to:receive I/O data indicative of the one or more I/O commands, and implement the one or more I/O commands; or receive the one or more output indications, and present the one or more output indications via the one or more I/O devices; or both. 31. (New) The electronic device of claim 30, wherein the one or more I/O devices comprise a set of one or more lights that provide an indication of the customized severity characterization;wherein the set of one or more lights comprises a fault light-emitting diode (LED) that selectively indicates a critical severity security event when in a first state and a medium severity security event when in a second state; and wherein the set of one or more lights comprises a health light-emitting diode (LED) that indicates whether all expected interfaces are communicatively coupled to the electronic device. 32. (New) The electronic device of claim 30, wherein the embedded computer is configured to:determine when a continuously changing state of a variable of the PLC is not detected at the embedded computer within a threshold amount of time; and providing a fault in response to not detecting the continuously changing variable state within the threshold amount of time, the fault indicating a malfunction of the embedded computer. 33. (New) The electronic device of claim 30, wherein the one or more I/O devices comprise a run/bypass switch that:when in a run mode, causes logging and presentation of one or more alarm banners associated with the one or more security event messages and causes presentation of one or more alarms associated with the one or more security event messages, as they are received; and Page 5 when in a bypass mode, causes logging and presentation of the one or more alarm banners associated with the one or more security event messages, and causes refrain from presentation of the one or more alarms associated with the one or more security event messages, as they are received. 34. (New) The electronic device of claim 30, wherein the one or more I/O devices comprise a reset switch that, when set to a reset mode, causes the embedded computer to power down, or reboot, or both. 35. (New) A tangible, non-transitory, computer-readable medium, comprising computer- readable instructions that, when executed by one or more processors of a computer, cause the computer to:receive one or more security event messages from a security appliance, the one or more security event messages each indicating a security event associated with a protected component; identify, based upon one or more characteristics of the one or more security event, a customized severity characterization of the one or more security event messages, wherein the customized severity characterization is not defined by the security appliance; determine one or more presentation or control actions to be performed based upon the customized severity characterization; and perform the one or more presentation or control actions. 36. (New) The computer-readable medium of claim 35, comprising computer-readable instructions that, when executed by the one or more processors, cause the computer to:identify the customized severity characterization by executing a mapping script to map one or more characteristics of the one or more security event messages received from the security appliance to a particular customized severity characterization expected by the computer. 37. (New) The computer-readable medium of claim 35, comprising computer-readable instructions that, when executed by the one or more processors, cause the computer to: Page 6 present one or more alarm banners corresponding to the one or more security event messages along with an indication of the customized severity characterization of the one or more security event messages in a graphical user interface (GUI) of the computer. 38. (New) The computer-readable medium of claim 35, comprising computer-readable instructions that, when executed by the one or more processors, cause the computer to:determine when a continuously changing state of a variable of a programmable logic controller (PLC) is not detected at the computer within a threshold amount of time; and providing a fault in response to not detecting the continuously changing variable state within the threshold amount of time, the fault indicating a malfunction of the computer. 39. (New) A computer-implemented method, comprising:receiving, via a computer, one or more security event messages from a security appliance, the one or more security event messages each indicating a security event associated with a protected component; identifying, via the computer based upon one or more characteristics of the one or more security event, a customized severity characterization of the one or more security event messages, wherein the customized severity characterization is not defined by the security appliance; determining one or more presentation or control actions to be performed based upon the identified customized severity characterization; and performing the one or more presentation or control actions. 40. (New) The computer-implemented method of claim 39, comprising:presenting, via a graphical user interface (GUI), one or more alarm banners associated with the one or more security event messages, the one or more alarm banners displayed based upon the customized severity characterization; or presenting, via a stack light, one or more visual alarm indications associated with the one or more security event messages, the one or more visual alarm indications based upon the customized severity characterization; or both. 1. An electronic device, comprising: a security appliance comprising a sensor configured to: monitor a protected component for security events; and generate one or more security event messages for the security events, wherein each of the one or more security event messages comprises a respective first code and a respective first severity, wherein the respective first code is one of a predefined list of a plurality of codes, wherein each of the plurality of codes is used to specify a respective type of program logging the one or more security event messages; an embedded computer, comprising one or more processors configured to: receive the one or more security event messages from the security appliance; identify, from a first code in the one or more security event messages, an indication of a first type of program logging the one or more security event messages with a first severity classification; translate, via a syslog mapping script, the one or more security event messages from the first severity classification to a first customized severity characterization based at least in part upon the indication of the first type of program logging the one or more security event messages, wherein the first customized severity characterization is different from a second customized severity characterization identified based at least in part upon an indication of a second type of program logging the one or more security event messages specified by a second code of the predefined list of the plurality of codes; determine one or more presentation or control actions to be performed based upon the first customized severity characterization; and send instructions to a security appliance extension device to cause the security appliance extension device to automatically perform the one or more presentation or control actions comprising controlling a set of one or more lights to provide an indication of the first customized severity characterization using different lighting patterns. 2. The electronic device of claim 1, wherein the first customized severity characterization is determined by executing a mapping script that maps one or more characteristics of the one or more security event messages received by the security appliance to a particular customized severity characterization expected by the embedded computer. 3. The electronic device of claim 2, wherein the one or more characteristics of the one or more security event messages received by the security appliance comprises a first severity level and the particular customized severity characterization expected by the embedded computer is a second severity level. 4. The electronic device of claim 2, wherein the one or more processors of the embedded computer are configured to execute the mapping script. 5. The electronic device of claim 2, wherein the first customized severity characterization is received from the security appliance. 6. The electronic device of claim 1, comprising a display, wherein the one or more presentation or control actions comprises: presenting, via a graphical user interface (GUI) on the display, one or more alarm banners associated with the one or more security event messages, the one or more alarm banners displayed based upon the first customized severity characterization. 7. The electronic device of claim 1, wherein the one or more presentation or control actions comprises modifying an operational status of the protected component. 8. The electronic device of claim 7, wherein the protected component comprises an amusement attraction. 9. The electronic device of claim 1, wherein the one or more security event messages comprise a message generated in accordance with a Syslog standard for message logging. 10. The electronic device of claim 1, comprising: one or more input/output (I/O) devices configured to receive one or more I/O commands from an operator of the electronic device, or provide one or more output indications to the operator, or both; and a programmable logic controller (PLC) configured to: receive I/O data indicative of the one or more I/O commands, and implement the one or more I/O commands; or receive the one or more output indications, and present the one or more output indications via the one or more I/O devices; or both. 11. The electronic device of claim 10, wherein the one or more I/O devices comprise the set of one or more lights that provide the indication of the first customized severity characterization; wherein the set of one or more lights comprises a fault light that selectively indicates a critical severity security event when in a first state and a medium severity security event when in a second state; and wherein the set of one or more lights comprises a health light that indicates whether all expected interfaces are communicatively coupled to the electronic device. 12. The electronic device of claim 10, wherein the embedded computer is configured to: determine when a continuously changing state of a variable of the PLC is not detected at the embedded computer within a threshold amount of time; and provide a fault in response to not detecting the continuously changing state of the variable within the threshold amount of time, the fault indicating a malfunction of the embedded computer. 13. The electronic device of claim 10, wherein the one or more I/O devices comprise a run/bypass switch that: when in a run mode, causes logging and presentation of one or more alarm banners associated with the one or more security event messages and causes presentation of one or more alarms associated with the one or more security event messages, as they are received; and when in a bypass mode, causes logging and presentation of the one or more alarm banners associated with the one or more security event messages, and causes refrain from presentation of the one or more alarms associated with the one or more security event messages, as they are received. 14. The electronic device of claim 10, wherein the one or more I/O devices comprise a reset switch that, when set to a reset mode, causes the embedded computer to power down, or reboot, or both. 15. A tangible, non-transitory, computer-readable medium, comprising computer-readable instructions that, when executed by one or more processors of a computer system, cause the computer system to: monitor, via a security appliance comprising a sensor, a protected component for security events; generate, via the security appliance, one or more security event messages for the security events, wherein each of the one or more security event messages comprises a respective first code and a respective first severity, wherein the respective first code is one of a predefined list of a plurality of codes, wherein each of the plurality of codes is used to specify a respective type of program logging the one or more security event messages; receive the one or more security event messages from the security appliance; identify, from a first code in the one or more security event messages, an indication of a first type of program logging the one or more security event messages with a first severity classification; translate, via a syslog mapping script, the one or more security event messages from the first severity classification to a first customized severity characterization based at least in part upon the indication of the first type of program logging the one or more security event messages, wherein the first customized severity characterization is different from a second customized severity characterization identified based at least in part upon an indication of a second type of program logging the one or more security event messages specified by a second code of the predefined list of the plurality of codes; determine one or more presentation or control actions to be performed based upon the first customized severity characterization; and send instructions to a security appliance extension device to cause the security appliance extension device to automatically perform the one or more presentation or control actions comprising controlling a set of one or more lights to provide an indication of the first customized severity characterization using different lighting patterns. 16. The computer-readable medium of claim 15, comprising computer-readable instructions that, when executed by the one or more processors, cause the computer system to: identify the first customized severity characterization by executing a mapping script to map one or more characteristics of the one or more security event messages received from the security appliance to a particular customized severity characterization expected by the computer. 17. The computer-readable medium of claim 15, comprising computer-readable instructions that, when executed by the one or more processors, cause the computer system to: present one or more alarm banners corresponding to the one or more security event messages along with an indication of the first customized severity characterization of the one or more security event messages in a graphical user interface (GUI) of the computer. 18. The computer-readable medium of claim 15, comprising computer-readable instructions that, when executed by the one or more processors, cause the computer system to: determine when a continuously changing state of a variable of a programmable logic controller (PLC) is not detected at the computer within a threshold amount of time; and provide a fault in response to not detecting the continuously changing state of the variable within the threshold amount of time, the fault indicating a malfunction of the computer system. 19. A computer-implemented method, comprising: monitoring, via a security appliance, a protected component for security events; generating one or more security event messages for the security events, wherein each of the one or more security event messages comprises a respective first code and a respective first severity, wherein the respective first code is one of a predefined list of a plurality of codes, wherein each of the plurality of codes is used to specify a respective type of program logging the one or more security event messages; receiving, via a computer system, the one or more security event messages from the security appliance; identifying, via the computer system, from a first code in the one or more security event messages, an indication of a first type of program logging the one or more security event messages with a first severity classification; translating, via a syslog mapping script, the one or more security event messages from the first severity classification to a first customized severity characterization based at least in part upon the indication of the first type of program logging the one or more security event messages, wherein the first customized severity characterization is different from a second customized severity characterization identified based at least in part upon an indication of a second type of program logging the one or more security event messages specified by a second code of the predefined list of the plurality of codes; determining one or more presentation or control actions to be performed based upon the first customized severity characterization; and sending instructions to a security appliance extension device to cause the security appliance extension device to automatically perform the one or more presentation or control actions comprising controlling a set of one or more lights to provide an indication of the first customized severity characterization using different lighting patterns. 20. The computer-implemented method of claim 19, comprising: presenting, via a graphical user interface (GUI), one or more alarm banners associated with the one or more security event messages, the one or more alarm banners displayed based upon the first customized severity characterization. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 21-40 rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea of a mental process without significantly more, and such claims are ineligible under §101. See MPEP§ 2106.04. Claim 21 recites in part: 21. (New) An electronic device, comprising: an embedded computer, comprising one or more processors configured to: receive one or more security event messages from a security appliance, the one or more security event messages each indicating a security event associated with a protected component; identify, based upon one or more characteristics of the one or more security event, a customized severity characterization of the one or more security event messages, wherein the customized severity characterization is not defined by the security appliance; determine one or more presentation or control actions to be performed based upon the customized severity characterization; and perform the one or more presentation or control actions.; This claimed device, under its broadest reasonable interpretation in view of the specification (e.g. Spec. ¶¶33-36, 40,51-52,56). includes a user receiving a security event message, for example via a GUI, and performing a mental process to identify the type of program and the customized severity characterization and determining presentation or control actions when the claim is read in view of the specification The claims recite steps for “identify,” and “determine” which may be carried out by the human mind. MPEP §2106.04(a)(2)(III). The claimed mental process may be carried out by the human mind through observation, evaluation, judgement, opinion even if they are recited as claim elements requiring a generic-computer elements. See MPEP §2016.04(a)(2)(III). This judicial exception in claim 21 is not integrated into a practical application of the abstract idea. See MPEP §2106.04(d). Extra solution activity and generically recited computer components do not transform an abstract idea into a patentable claim. MPEP 2106.05(g). Specifically, claim 21 further recites An electronic device, comprising: an embedded computer, comprising one or more processors configured to: receive one or more security event messages from a security appliance, the one or more security event messages each indicating a security event associated with a protected component… and perform the one or more presentation or control actions. Here, the “receive” and “perform” steps recite insignificant extra solution activity of gathering and outputting data not consider a practical application permissible under §101. See MPEP §§2106.04(d)(I), 2106.05 (g). Further, the “electronic device”, “embedded computer” and “processors” are generic computer elements which generally apply the abstract idea in a computer or using the computer as a tool, and are not considered to be an integration of the mental process into a practical application with respect to §101. See MPEP §§2106.04(d)(I); 2106.05(f). Further claim 21 does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, extra solution activities and generic computer components do not amount to significantly more than a claim to the abstract idea itself. See MPEP §2106.05. The “receive” and “perform” step quoted above recite insignificant extra solution activity of gathering and outputting data which the courts have identified as well-understood, routine, conventional activities, thus not considered significantly more that the mental process itself. See MPEP2106.05(d). Likewise the generally recited computer elements (“electronic device”, “embedded computer” “processor”) do not add significantly more than the mental process such that the might be permissible under §101. See MPEP §2106.05(f). The other independent claims 35 and 39 are rejected for similar reasons as those above with respect to claim 21. They are interpreted in view of the specification as directed to a mental process including steps which may be taken by the human mind, a type of abstract idea found to be a judicial exception under §101. See MPEP §2106. Further, these claims do not integrate the abstract idea into a practical application of the abstract idea. See MPEP §2106.04(d). As cited with respect to claim 21, they recite extra solution activities and generic computer elements (including the “non-transitory computer readable medium” of claim 35 and “computer implemented method” of claim 39), neither of which integrates the mental process into a practical application permissible under §101. Finally, claims 35 and 39 do not include additional elements that are sufficient to amount to significantly more than the judicial exception. See MPEP §2106.05. Like claim 21, these claims recite extra solution activity and generic computer elements (including the “non-transitory computer readable medium” of claim 35 and “computer implemented-method” of claim 39 which do not amount to significantly more than a claim to the mental process itself impermissible under §101. See MPEP §§2106.05(g),2106.05(f). Dependent claims 2-14 and 21 dependent upon claim 21, 36-38 dependent upon claim 35, and 40 dependent upon claim 39 are rejected under §101 as directed to the same abstract idea mental process as those in independent claims 21, 35 and 39. Furthermore, the dependent claims fail to recite fail to recite any limitations that integrate the judicial exception of claims 21, 35 and 39 into a practical application nor amounts to significantly more than the abstract idea. Because the claims recite only generic computer elements (e.g. computer, processor, script etc. ) in claiming the abstract idea of this mental process and do not put meaningful limits on the practice of the abstract idea. The claim(s) also does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception of the mental process because as discussed above regarding the integration into a practical application, The claim recites generic computer elements in claiming the abstract idea. Further the receiving of the message and performing of the presentation or control actions comprise insignificant extra solution activity and do not amount to significantly more that a claim directed to the ineligible mental process. Claims 22-25 and 36 recite a “mapping script”, a generic computer element similar to those discussed above. Specifically, like the other generic computing elements, this script generally apply the abstract idea in a computer or using the computer as a tool, and are not considered to be an integration of the mental process into a practical application with respect to §101. See MPEP §§2106.04(d)(I). Likewise, the script is not considered significantly more than the abstract idea itself with respect to §101. See MPEP §2106.05(f). Claim 26 includes additional steps similarly interpreted as covering a mental process as previously described with respect to claim 21. Claim 6 further recites “presenting, via a graphical user interface (GUI) on the display, one or more alarm banners associated with the one or more security event messages, the one or more alarm banners displayed based upon the first customized severity characterization; or presenting, via a stack light, one or more visual alarm indications associated with the one or more security event messages, the one or more visual alarm indications based upon the first customized severity characterization; or both. Like the ‘perform’ steps in claim 21, the additional steps in claim 6 are interpreted as insignificant extra solution activity of outputting data which do not integrate the abstract idea into a practical application, which the courts have identified as well-understood, routine, conventional activity. See MPEP §§2106.04(d)(I), 2106.05 (g) and 2106.05(d). Further, the “GUIs”, “I/O” devices, and “stack light” are generic computer elements which generally apply the abstract idea in a computer or using the computer as a tool, and are not considered to be an integration of the mental process into a practical application with respect to §101 nor are they significantly more than the ineligible mental process itself. See MPEP §§2106.04(d)(I); 2106.05(f). Similarly, Claim 32 recites the additional steps of determine when a continuously changing state of a variable of the PLC is not detected at the embedded computer within a threshold amount of time; and provide a fault in response to not detecting the continuously changing variable state of the variable within the threshold amount of time, the fault indicating a malfunction of the embedded computer. The additional “determine” steps in claim 32 are interpreted as steps of a mental process which may be carried out by the human mind. MPEP §2106.04(a)(2)(III). The claimed mental process may be carried out by the human mind even if they are recited as claim elements requiring a generic-computer elements. See MPEP §2016.04(a)(2)(III). Further the “provide” step in claim 32 interpreted as insignificant extra solution activity of outputting data which do not integrate the abstract idea into a practical application, nor amount to significantly more. See MPEP §§2106.04(d)(I), 2106.05 (g) and 2106.05(d). Further, the PLC recited is a generic computer element which generally apply the abstract idea in a computer or using the computer as a tool, and are not considered to be an integration of the mental process into a practical application with respect to §101 (See MPEP §§2106.04(d)(I), 2106.05 (g)) nor are they significantly more than the ineligible mental process itself. See MPEP §§2106.04(d)(I); 2106.05(f). Claims 26-34, 37-38, and 40 recite the use of GUIs, I/O devices, and particular message types to perform insignificant extra solution activity of receiving the messages and performing the control actions recited in the independent claims. The gathering and output of data and use of generic computing elements is not considered to integrate an abstract idea into a practical application (See MPEP §2106.04) nor is it considered to render the claim significantly more than the judicial exception itself with respect to §101(See MPEP §2106.05(d)) Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 21-27, 29, 30, 32, and 34-40 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Park” (US Patent 10,250,619) in view of “Njemanze” (US Patent 7219239). Regading Claim 21, Park teaches: 21. (New) An electronic device, comprising: an embedded computer, comprising one or more processors (See e.g. 101 device, Fig. 7) configured to: receive one or more security event messages from a security appliance, the one or more security event messages each indicating a security event associated with a protected component; (See e.g. 210, Fig. 5, monitoring protected system for event messages e.g. Col. 12, Ln 15-47, see further embedded security devices in Col 14 Ln 30-65). determine one or more presentation or control actions to be performed based upon the customized severity characterization; ;(See 230-250 fig. 5, Col. 12, Ln 48 to Col. 13 Ln 47 describing identifying notification and correction steps to take in response to security events detected) and perform the one or more presentation or control actions. (See 230-250 fig. 5, Col. 12, Ln 48 to Col. 13 Ln 47 describing completing notification and correction steps to take in response to security events detected) Park does not explicitly teach, but Njemanze teaches: identify, based upon one or more characteristics of the one or more security event, a customized severity characterization of the one or more security event messages, wherein the customized severity characterization is not defined by the security appliance; (Col. 15, Ln 26-60 “The translator 216 can also perform other functions, such as value scaling. For example, if Value 2 represented the seriousness of the security event as determined by the network device, this seriousness may be on a different scale than the one used by the uniform schema 218. In one embodiment, the uniform schema 218 uses four severity levels: low, medium, high, and very high. Thus, if the scale used by the network device has eight levels, one possible severity mapping would map severity level 1 2 to low, 3 4 to medium, and so on. However, other mappings may be more appropriate depending on the network device. For example, if a network device overrates the seriousness of events as compared to other heterogeneous network devices, its reported severity may be mapped to lower severity levels to normalize the severities in relation to these other network devices. Furthermore, map 214 can also map one value to any number of fields. This is demonstrated in FIG. 7 by Value 3 being used to populate both Field 1 and Field 5. For example, the seriousness of the security event can be mapped through a translator 216 that performs the severity mapping, and can also mapped unaltered, that is as originally reported by the network device, to another field to preserve all the values contained in the security event.”) In addition, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Park and those of Njemanze as each is directed to cyber security event management and Njemanze recognized that “If intrusions can be detected and the appropriate personnel notified in a prompt fashion, measures can be taken to avoid compromises to the protected system” and provides methods including severity translation to carryout such notification and correction. (Col. 2, Ln1-13). Regarding the dependent claims, Park and Njemanze further teach: 22. (New) The electronic device of claim 21, wherein the customized severity characterization is determined by executing a mapping script that maps one or more characteristics of the one or more security event messages received by the security appliance to a particular customized severity characterization expected by the embedded computer. (Njemanze Col. 15, Ln 26-60 above). In addition, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Park and those of Njemanze as each is directed to cyber security event management and Njemanze recognized that “If intrusions can be detected and the appropriate personnel notified in a prompt fashion, measures can be taken to avoid compromises to the protected system” and provides methods including severity translation to carryout such notification and correction. (Col. 2, Ln1-13). 23. (New) The electronic device of claim 22, wherein the one or more characteristics of the one or more security event messages received by the security appliance comprises a first severity level and the particular customized severity characterization expected by the embedded computer is a second severity level. (Njemanze Col. 15, Ln 26-60 above). In addition, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Park and those of Njemanze as each is directed to cyber security event management and Njemanze recognized that “If intrusions can be detected and the appropriate personnel notified in a prompt fashion, measures can be taken to avoid compromises to the protected system” and provides methods including severity translation to carryout such notification and correction. (Col. 2, Ln1-13). 24. (New) The electronic device of claim 22, wherein the one or more processors of the embedded computer are configured to execute the mapping script. (Njemanze Col. 15, Ln 26-60 above). In addition, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Park and those of Njemanze as each is directed to cyber security event management and Njemanze recognized that “If intrusions can be detected and the appropriate personnel notified in a prompt fashion, measures can be taken to avoid compromises to the protected system” and provides methods including severity translation to carryout such notification and correction. (Col. 2, Ln1-13). 25. (New) The electronic device of claim 22, wherein the customized severity characterization is received from the security appliance. (Njemanze Col. 15, Ln 26-60 above). In addition, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Park and those of Njemanze as each is directed to cyber security event management and Njemanze recognized that “If intrusions can be detected and the appropriate personnel notified in a prompt fashion, measures can be taken to avoid compromises to the protected system” and provides methods including severity translation to carryout such notification and correction. (Col. 2, Ln1-13). 26. (New) The electronic device of claim 21, comprising a display, wherein the one or more presentation or control actions comprises:presenting, via a graphical user interface (GUI) on the display, one or more alarm banners associated with the one or more security event messages, the one or more alarm banners displayed based upon the customized severity characterization; or presenting, via a stack light, one or more visual alarm indications associated with the one or more security event messages, the one or more visual alarm indications based upon the customized severity characterization; or both. (See visual display of alerts to the user in Col. 13, Ln4-17 of Park). 27. (New) The electronic device of claim 21, wherein the one or more presentation or control actions comprises modifying an operational status of the protected component. (See Park Col. 19, Ln17-38 describing reseting the system device in a corrective action in response to a security event). 29. (New) The electronic device of claim 21, wherein the one or more security event messages comprise a message generated in accordance with a Syslog standard for message logging. (See Park Col. 20, Ln 27-29 syslog formatted event messages). 30. (New) The electronic device of claim 21, comprising: Page 4 one or more input/output (I/O) devices configured to receive one or more I/O commands from an operator of the electronic device, or provide one or more output indications to the operator, or both; and a programmable logic controller (PLC) configured to:receive I/O data indicative of the one or more I/O commands, and implement the one or more I/O commands; or receive the one or more output indications, and present the one or more output indications via the one or more I/O devices; or both. (See use of PLC in e.g. Park Col. 6, Ln 55-60, including processing I/O of commands in the security system). 32. (New) The electronic device of claim 30, wherein the embedded computer is configured to:determine when a continuously changing state of a variable of the PLC is not detected at the embedded computer within a threshold amount of time; (See Park Col. 47 Ln 26-53 checking periodic heartbeat signals as an indication of cybersecurity state) and providing a fault in response to not detecting the continuously changing variable state within the threshold amount of time, the fault indicating a malfunction of the embedded computer. (See Park Col. 47 Ln 26-53 checking periodic heartbeat signals as an indication of cybersecurity state – used to detect failure state when not detected within a set period of time) 34. (New) The electronic device of claim 30, wherein the one or more I/O devices comprise a reset switch that, when set to a reset mode, causes the embedded computer to power down, or reboot, or both. .(See e.g. Park Col. 19, Ln 35-40 corrective actions include resetting the system state, further Col. 29, Ln34-48 discussing corrective actions like restarting the system, reloading the security device etc; and e.g. Col. 42, 16-30 describing resetting a valve switch in the system in response to fault) Claims 35-38 are rejected on the same basis as claims 21,22, 26, and 32 respectively above. Claims 39 and 40 are rejected on the same basis as claims 21 and 26 respectively above. Claim 28 is rejected under 35 U.S.C. 103 as being unpatentable over “Park” (US Patent 10,250,619) in view of “Njemanze” (US Patent 7219239) as applied above and further in view of “Harhi” (US PG Publication 2015/0039758). Regarding Claim 28, Park et al taught the limtiations of claim 27 above but does not further teach, while Harthi teaches: 28. (New) The electronic device of claim 27, wherein the protected component comprises an amusement attraction. (See Harhi e.g. ¶10 “Aspects relate to an adverse event reporting system. In one embodiment, the system may comprise a server or other processing device with a memory and a processor. The server or other processing device may be configured to receive an indication that a user experienced an adverse event with respect to one of several of remote devices. At least some of the devices may be amusement devices, such as arcade games. In another embodiment, the devices may comprise reservations kiosks, portable devices, mechanical entertainment devices, or a combination thereof. As used herein, "an adverse event" refers to the reduced enjoyment of an intended user due to a malfunction that diminishes the intended functionality of the device. In one embodiment, visual indicia may be placed directly one or in close proximity to a remote device, such that a consumer may view the indicia when in proximity of device. The indicia may provide a unique identifier that is unique with respect to a first device among a plurality of other remote devices. The unique identification may be unique for reporting an adverse event of the device. In yet another embodiment, the unique identification is specific to a type of adverse event.”) In addition it would have been obvious to one of ordinary skill prior to the effective filing date of the application to combine the teachings of Park and Harhi as each is directed to reporting of adverse events and Harhi recognized “there exists a need for improved systems and methods for reporting and addressing adverse events experienced at remote devices.” (¶8). Claim 31 is rejected under 35 U.S.C. 103 as being unpatentable over “Park” (US Patent 10,250,619) in view of “Njemanze” (US Patent 7219239) as applied above and further in view of Regarding Claim 31, Park et al taught the limtiations of claim 30 above but does not further teach, while Harhi teaches: 31. (New) The electronic device of claim 30, wherein the one or more I/O devices comprise a set of one or more lights that provide an indication of the customized severity characterization; (See Miller ¶128 “FIG. 29c depicts an exemplary information indicator display format. Information indicators may be utilized to display alerts. Different patterns or formats of alerts may be utilized to indicate different classes or levels of alerts. For example, a first color may indicate an error condition, a second color may indicate a warning and a third color may indicate a notice. A user may utilize a monitor associated with the computing platform for more detail. A user may also be able to address a condition by taking one or more actions such as rebooting. Referring again to FIG. 28, a virtualization management system may monitor one or more virtualization platform statuses and may utilize proxy 2730 to manipulate one or more of RGB LEDs 2860 to provide status indicators, warnings, errors, notices, alerts, and/or options. In some embodiments, a brightness or a speed of flashing or scrolling may indicate a level of severity of an alert, error, and/or warning. Other patterns may be utilized.”) wherein the set of one or more lights comprises a fault light-emitting diode (LED) that selectively indicates a critical severity security event when in a first state and a medium severity security event when in a second state; (See Miller ¶128 “FIG. 29c depicts an exemplary information indicator display format. Information indicators may be utilized to display alerts. Different patterns or formats of alerts may be utilized to indicate different classes or levels of alerts. For example, a first color may indicate an error condition, a second color may indicate a warning and a third color may indicate a notice. A user may utilize a monitor associated with the computing platform for more detail. A user may also be able to address a condition by taking one or more actions such as rebooting. Referring again to FIG. 28, a virtualization management system may monitor one or more virtualization platform statuses and may utilize proxy 2730 to manipulate one or more of RGB LEDs 2860 to provide status indicators, warnings, errors, notices, alerts, and/or options. In some embodiments, a brightness or a speed of flashing or scrolling may indicate a level of severity of an alert, error, and/or warning. Other patterns may be utilized.”) and wherein the set of one or more lights comprises a health light-emitting diode (LED) that indicates whether all expected interfaces are communicatively coupled to the electronic device. (Miller see ¶128 above and further ¶131 “FIG. 32 depicts exemplary information indicators associated with network ports. In some embodiments, one or more information indicators, such as RGB LEDs, may be associated with a network port. Information indicators may enable a clear indication of a VLAN a port is associated with, a subnet a port is associated with or other attributes.”) In addition it would have been obvious to one of ordinary skill prior to the effective filing date of the application to combine the teachings of Park and Miller recognized use of Miller’s LEDs provide notification to users that, for example, “…may also occur based on events such as a hung virtual machine and/or a security violation (e.g., a user attempts to gain root access to a console).” (¶62). Claim 33 is rejected under 35 U.S.C. 103 as being unpatentable over “Park” (US Patent 10,250,619) in view of “Njemanze” (US Patent 7219239) as applied above and further in view of Chauvet (US PG Publication 2018/0316729). Regarding Claim 33, Park further teaches: 33. (New) The electronic device of claim 30, wherein the one or more I/O devices comprise a run/bypass switch that: when in a run mode, causes logging and presentation of one or more alarm banners associated with the one or more security event messages and causes presentation of one or more alarms associated with the one or more security event messages, as they are received; (See e.g. 210-250, Fig. 5, monitoring protected system for event messages e.g. Col. 12, Ln 15-47 including configurable notifications 240, and logging in e.g. See Park Col. 20, Ln 27-29 syslog formatted event messages) causes logging and presentation of the one or more alarm banners associated with the one or more security event messages, and causes refrain from presentation of the one or more alarms associated with the one or more security event messages, as they are received. (See e.g. 210-250, Fig. 5, monitoring protected system for event messages e.g. Col. 12, Ln 15-47 including configurable notifications 240, and logging in e.g. See Park Col. 20, Ln 27-29 syslog formatted event messages). Park et al taught the limitations of claim 30 above but does not further teach, while Chauvet teaches: . and when in a bypass mode, (Chauvet ¶189 “Similarly, the network orchestration component can cause the network controller to switch off the impacted router and/or switch ports so that traffic can bypass the impacted router and/or switch ports when flowing through the network. In alternative embodiments, a cyber security event response 1928B including the device and/or network response can be provided to the SDA orchestration component 1916. The SDA orchestration component 1916 can then parse the cyber security response 1928B and provide the cyber security device response 1932B to the fog orchestration component 1924 and/or the cyber security network response 1930 to the network orchestration component 1922.”) In addition it would have been obvious to one of ordinary skill prior to the effective filing date of the application to combine the teachings of Park and Chauvet as each is directed to cybersecurity event logging and response and Chauvet teaches a system that “can determine the response measures (or cyber security event response 1928B) needed to mitigate the cyber security event and provide relevant network response measures.” (¶189). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The Prior Art in the attached PTO-892 form is considered relevant to applicant’s disclosures related to error message reception and classification systems. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW J BROPHY whose telephone number is (571)270-1642. The examiner can normally be reached Monday-Friday, 9am-4:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wei Zhen can be reached on 571-272-3708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. MJB 6/11/2026 /MATTHEW J BROPHY/ Primary Examiner, Art Unit 2191
Read full office action

Prosecution Timeline

Dec 07, 2023
Application Filed
Jun 16, 2026
Non-Final Rejection mailed — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12681698
PLATFORM FOR INTEGRATING BACK-END DATA ANALYSIS TOOLS USING SCHEMA
2y 5m to grant Granted Jul 14, 2026
Patent 12664076
TEST COVERAGE OPTIMIZING MECHANISM BASED ON METRIC EVALUATION SYSTEM
3y 5m to grant Granted Jun 23, 2026
Patent 12608297
SYNCHRONIZING FULL LINK TRACING INFORMATION IN A MICROSERVICES ENVIRONMENT
3y 0m to grant Granted Apr 21, 2026
Patent 12585464
APPLICATION MATURITY DATA PROCESSING FOR SOFTWARE DEVELOPMENT
2y 11m to grant Granted Mar 24, 2026
Patent 12579257
SECURITY APPLIANCE EXTENSION
6y 9m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
69%
Grant Probability
99%
With Interview (+33.8%)
3y 7m (~1y 0m remaining)
Median Time to Grant
Low
PTA Risk
Based on 621 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month