Prosecution Insights
Last updated: July 17, 2026
Application No. 18/637,239

APPLICATION SECURITY THROUGH DECEPTIVE AUTHENTICATION

Non-Final OA §103
Filed
Apr 16, 2024
Priority
Sep 28, 2020 — divisional of 11/979,395
Examiner
MOHAMMADI, FAHIMEH M
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
SAP SE
OA Round
3 (Non-Final)
76%
Grant Probability
Favorable
3-4
OA Rounds
10m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 76% — above average
76%
Career Allowance Rate
225 granted / 296 resolved
+18.0% vs TC avg
Strong +52% interview lift
Without
With
+52.2%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
20 currently pending
Career history
325
Total Applications
across all art units

Statute-Specific Performance

§101
0.4%
-39.6% vs TC avg
§103
98.5%
+58.5% vs TC avg
§102
0.7%
-39.3% vs TC avg
§112
0.1%
-39.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 296 resolved cases

Office Action

§103
CTNF 18/637,239 CTNF 87598 DETAILED ACTION Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. Continued Examination Under 37 CFR 1.114 07-42-04 AIA A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant’s submission filed on 04/21/2026 has been entered. As per instant Amendment, Claim 12 was canceled; Claims 1, 21, and 28 are independent claims. Claims 1-11 and 21-28 have been examined and are pending. This Action is made Non-FINAL . Response to Arguments Applicants’ arguments in the instant Amendment, filed on 04/21/2026, with respect to limitations listed below, have been fully considered but they are not persuasive. Applicant’s arguments: “Seller does not teach or suggest the claimed “enhanced authentication token, the enhanced authentication token comprising indicating the malicious session request.”” The Examiner disagrees with the Applicants. The Examiner respectfully submits that Seller discloses the enhanced authentication token comprising information indication the malicious session request ( Sellers: col. 5 lines 65-67 through col. 6 lines 1-11 [] Honeytoken tracker engine 110 generates honeytoken tracker 185(1) and modifies honeytoken tracker state table 125(1) to include unique credential pair 180(1); col. 5 lines 22-25 honeytokens provide an indication that a repository or location [] holding the honeytoken has been compromised by the malicious attacker ). More specifically, Seller discloses honeytokens can include email addresses, database data, executable files, embedded links, web beacons, browser cookies, Amazon Web Services (AWS) keys, and the like. Honeytokens look enticing to attackers, are possible to detect when accessed and/or used, and in existing implementations and paradigms, do not have any actual value other than use detection (e.g., to indicate that a given data repository or network location has been compromised) [ col. 3 lines 28-35 ] and unique honeytokens (called honey trackers) are provided to malicious attackers (e.g., one or more attackers 150(1)-(N)) and are tracked as the malicious attacker(s) target multiple systems over time and/or source malicious attacks from multiple network addresses [ col. 4 lines 11-15 ]. Therefore, the examiner finds this argument not persuasive. Applicant’s arguments with respect to claims 1-11 and 21-28 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection. New reference Kapelevich et al. US 2021/0152598 is applied in the rejection below to address amended claims 1, 21, and 28, newly presented herein. The amended claims 1, 21 and 28 have been addressed in rejection below. Claim Rejections - 35 USC § 103 07-06 AIA 15-10-15 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status . 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-20-02-aia AIA This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 07-21-aia AIA Claim s 1, 21 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Sellers (US 11057429) in view of Kapelevich et al. (“Kapelevich,” US 2021/0152598) . Regarding claim 1: Sellers discloses a method for securing an application, the method comprising: comparing submitted credentials for an application session request to stored credentials ( Sellers: col. 5 lines 7-11 receives a malicious attack intended for protected host 155(1) from attacker 150(1) and determines that attack event 165(1) associated with the malicious attack includes compromised deceptive credential information ); responsive to determining that the submitted credentials indicate a malicious session request, generating an enhanced authentication token, the enhanced authentication token comprising information indication the malicious session request ( Sellers: col. 5 lines 65-67 through col. 6 lines 1-11 honeytoken tracker engine 110 determines that attack event 165(1) has compromised deceptive credential 135(1) maintained by honeypot 105(1) and generates unique credential pair 180(1) [] Honeytoken tracker engine 110 generates honeytoken tracker 185(1) and modifies honeytoken tracker state table 125(1) to include unique credential pair 180(1); col. 5 lines 22-25 honeytokens provide an indication that a repository or location [] holding the honeytoken has been compromised by the malicious attacker; col. 8 lines 4-6 the hashes are uniquely generated for this particular attacker and are logged with the honeytoken tracker state table ); and transmitting the enhanced authentication token to a requesting computing device ( Sellers: col. 5 lines 18-22 modifies honeytoken tracker state table 125(1) to include unique credential pair 180(1) [] and transmits unique credential pair 180(1) to attacker 150(1) ). Sellers does not explicitly disclose the enhanced authentication token comprising encoded information, establishment of an application clone session in place of the requested application session, wherein the application clone session includes at least some alternative data in place of data associated with an application account, providing the enhanced authentication token to a proxy and establishing, by the proxy in response to the encoded information in the enhanced authentication token, the application clone session in place of the requested application session. However, Kapelevich discloses the enhanced authentication token comprising encoded information ( Kapelevich: par. 0081 a modulated data signal is a signal that has one or more of its characteristics adjusted in such a manner as to encode information in the signal ); establishment of an application clone session in place of the requested application session, wherein the application clone session includes at least some alternative data in place of data associated with an application account ( Kapelevich: par. 0018 the attackers can be deceived and diverted to expend resources and malicious activity on fake virtual targets. One type of fake virtual target is a honeypot. Generally, a honeypot is a resource that appears to include valuable resources (e.g., data and/or computing resources) of a network application. A honeypot can be used to attract an attacker so the attacker expends its resources interacting [] with the honeypot instead of the main resources of the network application ); providing the enhanced authentication token to a proxy ( Kapelevich: par. 0047 at 410, a request destined for a network application can be received. For example, the request can be intercepted by a network application firewall [] the client or user identifier may be associated with one or more honeytraps that were embedded with earlier responses to the client or user identifier ); and establishing, by the proxy in response to the encoded information in the enhanced authentication token, the application clone session in place of the requested application session ( Kapelevich: par. 0050 at 440, a deceptive response can be sent to the client, without sending the request to the application server. Specifically, rather than sending a request from an attack to the network application, a response to the request can be generated at a firewall that executes on different resources than the application server ). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kapelevich with the system/method of Sellers to include establishing, by the proxy in response to the encoded information in the enhanced authentication token, the application clone session in place of the requested application session. One would have been motivated to increase the scalability, availability, security, and/or performance of the client-server architecture ( Kapelevich: par. 0003 ). Regarding claim 21: Sellers discloses a system, comprising: a processor ( Sellers: fig. 8 item 855 ); and one or more computer-readable storage media storing computer-readable instructions ( Sellers: fig. 8 item 860 ) that, when executed by the processor, perform operations comprising: comparing submitted credentials for an application session request to stored credentials ( Sellers: col. 5 lines 7-11 receives a malicious attack intended for protected host 155(1) from attacker 150(1) and determines that attack event 165(1) associated with the malicious attack includes compromised deceptive credential information ); responsive to determining that the submitted credentials indicate a malicious session request, generating an enhanced authentication token, the enhanced authentication token comprising information indication the malicious session request ( Sellers: col. 5 lines 65-67 through col. 6 lines 1-11 honeytoken tracker engine 110 determines that attack event 165(1) has compromised deceptive credential 135(1) maintained by honeypot 105(1) and generates unique credential pair 180(1) [] Honeytoken tracker engine 110 generates honeytoken tracker 185(1) and modifies honeytoken tracker state table 125(1) to include unique credential pair 180(1); col. 5 lines 22-25 honeytokens provide an indication that a repository or location [] holding the honeytoken has been compromised by the malicious attacker ); and transmitting the enhanced authentication token to a requesting computing device ( Sellers: col. 5 lines 18-22 modifies honeytoken tracker state table 125(1) to include unique credential pair 180(1) [] and transmits unique credential pair 180(1) to attacker 150(1) ). Sellers does not explicitly disclose the enhanced authentication token comprising encoded information, establishment of an application clone session in place of the requested application session, wherein the application clone session includes at least some alternative data in place of data associated with an application account, providing the enhanced authentication token to a proxy and establishing, by the proxy in response to the encoded information in the enhanced authentication token, the application clone session in place of the requested application session. However, Kapelevich discloses the enhanced authentication token comprising encoded information ( Kapelevich: par. 0081 a modulated data signal is a signal that has one or more of its characteristics adjusted in such a manner as to encode information in the signal ); establishment of an application clone session in place of the requested application session, wherein the application clone session includes at least some alternative data in place of data associated with an application account ( Kapelevich: par. 0018 the attackers can be deceived and diverted to expend resources and malicious activity on fake virtual targets. One type of fake virtual target is a honeypot. Generally, a honeypot is a resource that appears to include valuable resources (e.g., data and/or computing resources) of a network application. A honeypot can be used to attract an attacker so the attacker expends its resources interacting [] with the honeypot instead of the main resources of the network application ); providing the enhanced authentication token to a proxy ( Kapelevich: par. 0047 at 410, a request destined for a network application can be received. For example, the request can be intercepted by a network application firewall [] the client or user identifier may be associated with one or more honeytraps that were embedded with earlier responses to the client or user identifier ); and establishing, by the proxy in response to the encoded information in the enhanced authentication token, the application clone session in place of the requested application session ( Kapelevich: par. 0050 at 440, a deceptive response can be sent to the client, without sending the request to the application server. Specifically, rather than sending a request from an attack to the network application, a response to the request can be generated at a firewall that executes on different resources than the application server ). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kapelevich with the system/method of Sellers to include establishing, by the proxy in response to the encoded information in the enhanced authentication token, the application clone session in place of the requested application session. One would have been motivated to increase the scalability, availability, security, and/or performance of the client-server architecture ( Kapelevich: par. 0003 ). Regarding claim 28: Sellers discloses one or more non-transitory computer-readable storage media storing computer-executable instructions for securing an application, the securing comprising: comparing submitted credentials for an application session request to stored credentials ( Sellers: col. 5 lines 7-11 receives a malicious attack intended for protected host 155(1) from attacker 150(1) and determines that attack event 165(1) associated with the malicious attack includes compromised deceptive credential information ); responsive to determining that the submitted credentials indicate a malicious session request, generating an enhanced authentication token, the enhanced authentication token comprising information indication the malicious session request ( Sellers: col. 5 lines 65-67 through col. 6 lines 1-11 honeytoken tracker engine 110 determines that attack event 165(1) has compromised deceptive credential 135(1) maintained by honeypot 105(1) and generates unique credential pair 180(1) [] Honeytoken tracker engine 110 generates honeytoken tracker 185(1) and modifies honeytoken tracker state table 125(1) to include unique credential pair 180(1); col. 5 lines 22-25 honeytokens provide an indication that a repository or location [] holding the honeytoken has been compromised by the malicious attacker ); and transmitting the enhanced authentication token to a requesting computing device ( Sellers: col. 5 lines 18-22 modifies honeytoken tracker state table 125(1) to include unique credential pair 180(1) [] and transmits unique credential pair 180(1) to attacker 150(1) ). Sellers does not explicitly disclose the enhanced authentication token comprising encoded information, establishment of an application clone session in place of the requested application session, wherein the application clone session includes at least some alternative data in place of data associated with an application account, providing the enhanced authentication token to a proxy and establishing, by the proxy in response to the encoded information in the enhanced authentication token, the application clone session in place of the requested application session. However, Kapelevich discloses the enhanced authentication token comprising encoded information ( Kapelevich: par. 0081 a modulated data signal is a signal that has one or more of its characteristics adjusted in such a manner as to encode information in the signal ); establishment of an application clone session in place of the requested application session, wherein the application clone session includes at least some alternative data in place of data associated with an application account ( Kapelevich: par. 0018 the attackers can be deceived and diverted to expend resources and malicious activity on fake virtual targets. One type of fake virtual target is a honeypot. Generally, a honeypot is a resource that appears to include valuable resources (e.g., data and/or computing resources) of a network application. A honeypot can be used to attract an attacker so the attacker expends its resources interacting [] with the honeypot instead of the main resources of the network application ); providing the enhanced authentication token to a proxy ( Kapelevich: par. 0047 at 410, a request destined for a network application can be received. For example, the request can be intercepted by a network application firewall [] the client or user identifier may be associated with one or more honeytraps that were embedded with earlier responses to the client or user identifier ); and establishing, by the proxy in response to the encoded information in the enhanced authentication token, the application clone session in place of the requested application session ( Kapelevich: par. 0050 at 440, a deceptive response can be sent to the client, without sending the request to the application server. Specifically, rather than sending a request from an attack to the network application, a response to the request can be generated at a firewall that executes on different resources than the application server ). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kapelevich with the system/method of Sellers to include establishing, by the proxy in response to the encoded information in the enhanced authentication token, the application clone session in place of the requested application session. One would have been motivated to increase the scalability, availability, security, and/or performance of the client-server architecture ( Kapelevich: par. 0003 ) . 07-21-aia AIA Claim s 2 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Sellers (US 11057429) in view of Kapelevich et al. (“Kapelevich,” US 2021/0152598) and Palanisamy (US 2015/0312038) . Regarding claim 2: Sellers in view of Kapelevich discloses the method of claim 1. Sellers in view of Kapelevich does not explicitly disclose wherein the enhanced authentication token appears to authenticate the application session but contains encrypted information indicating the establishment of the application clone session. However, Palanisamy discloses wherein the enhanced authentication token appears to authenticate the application session but contains encrypted information indicating the establishment of the application clone session ( Palanisamy: par. 0042 the sensitive information or token issued by token server 102 can be encrypted by token server 102 to prevent the sensitive information or token form being stored in the clear ). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Palanisamy with the system/method of Sellers and Kapelevich to include the enhanced authentication token appears to authenticate the application session but contains encrypted information indicating the establishment of the application clone session. One would have been motivated to enhancing the security of storing sensitive information on a communication device ( Palanisamy: par. 0004 ). Regarding claim 22: Claim 22 is similar in scope to claim 2 and is therefore rejected under similar rationale . 07-21-aia AIA Claim s 3-4 and 23-24 are rejected under 35 U.S.C. 103 as being unpatentable over Sellers (US 11057429) in view of Kapelevich et al. (“Kapelevich,” US 2021/0152598) and Little (US 2011/0276597) . Regarding claim 3: Sellers in view of Kapelevich discloses the method of claim 1. Sellers in view of Kapelevich does not explicitly disclose wherein a signature of the enhanced authentication token indicates the establishment of the application clone session. However Little discloses wherein a signature of the enhanced authentication token indicates the establishment of the application clone session ( Little: par. 0028 each entry for an application server in the service registry 110 includes a unique signature value (e.g., a hash value) which identifies whether that application server is a decoy application server 130 or a designated application server 140 ). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Little with the system/method of Sellers and Kapelevich to include a signature of the enhanced authentication token indicates the establishment of the application clone session. One would have been motivated to use of decoy application servers to reduce an application server's vulnerability to hackers ( Little: par. 0001 ). Regarding claim 4: Sellers in view of Kapelevich and Little discloses the method of claim 3. Little further discloses wherein the signature is generated while the enhanced authentication token includes an attack indicator, wherein the attack indicator is removed prior to transmitting the enhanced authentication token to the requesting computing device, and wherein at a proxy between the requesting computing device and the application, the signature is determined to be invalid but when the attack indicator is added back into the enhanced authentication token, the signature is determined to be valid, indicating establishment of the application clone session ( Little: par. 0029 signature values from designated application servers, when processed by a key-checking algorithm, may be validated. In contrast, signature values from decoy application servers, when processed by a key-checking algorithm, may be identified as invalid; par. 0034 the decoy dispatcher 210 then determines which of the received service responses is a real service response, and forwards that service response to legitimate client 205 [] each service response includes a unique signature value associated with the application server that generated the service response [] decoy service responses may not be sent back to legitimate client 205 or decoy dispatcher 210 ). The motivation is the same that of claim 3 above. Regarding claims 23-24: Claims 23-24 are similar in scope to claims 3-4, respectively, and are therefore rejected under similar rationale . 07-21-aia AIA Claim s 5-9 and 25-27 are rejected under 35 U.S.C. 103 as being unpatentable over Sellers (US 11057429) in view of Kapelevich et al. (“Kapelevich,” US 2021/0152598) and Hebert (US 2012/0042364) . Regarding claim 5: Sellers in view of Kapelevich discloses the method of claim 1. Sellers in view of Kapelevich does not explicitly disclose wherein the malicious session request is indicated by a valid username and a password that matches a false password in a stored group of false passwords. However, Herbert discloses wherein the malicious session request is indicated by a valid username and a password that matches a false password in a stored group of false passwords ( Herbert: par. 0070 the log-in attempt may be determined to be potentially unauthorized, based on the receipt of at least one false password (210) [] the attack detector 130 may be configured to consider receipt of the false password [] and to associate the false password with the actual password stored in the password repository 124; par. 0025 in conjunction with the operations of the password manager 116, a false password generator 118 may be configured to generate or otherwise provide potential false passwords to be associated with the actual password associated with the user 104 ). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Herbert with the system/method of Sellers and Kapelevich to include the malicious session request is indicated by a valid username and a password that matches a false password in a stored group of false passwords. One would have been motivated for authenticating or otherwise securing user access to a computer or to a specific computing resource ( Herbert: par. 0002 ). Regarding claim 6: Sellers in view of Kapelevich and Herbert discloses the method of claim 5. Herbert further discloses wherein the stored group of false passwords includes one or more of: a default password, an administrator password, a password associated with the valid username for other accounts, a compromised password, a password based on user identification information, a previously used password for the valid username, or a modified version of a previously used password for the username ( Herbert: par. 0027 a unique username and associated password to be associated with the user profile within the application 106 ). The motivation is the same that of claim 5 above. Regarding claim 7: Sellers in view of Kapelevich and Herbert discloses the method of claim 5. Herbert further discloses wherein some of the false passwords in the group of false passwords are generated based on user identification information for a user corresponding to the valid username ( Herbert: par. 0070 the log-in attempt may be determined to be potentially unauthorized, based on the receipt of at least one false password (210) [] the attack detector 130 may be configured to consider receipt of the false password [] and to associate the false password with the actual password stored in the password repository 124; par. 0025 in conjunction with the operations of the password manager 116, a false password generator 118 may be configured to generate or otherwise provide potential false passwords to be associated with the actual password associated with the user 104 ). The motivation is the same that of claim 5 above. Regarding claim 8: Sellers in view of Kapelevich and Herbert discloses the method of claim 5. Herbert further discloses further comprising adding a new false password to the group of false passwords reflecting a password change performed in the application clone session ( Herbert: par. 0022 the password system 102 may redirect the provider of the false password, i.e., the user of the hostile computing system 108, to a honey pot system 114 ). The motivation is the same that of claim 5 above. Regarding claim 9: Sellers in view of Kapelevich discloses the method of claim 1. Sellers in view of Kapelevich does not explicitly disclose wherein the malicious session request is indicated by a valid username and a number of submitted incorrect passwords exceeding a threshold. However, Herbert discloses wherein the malicious session request is indicated by a valid username and a number of submitted incorrect passwords exceeding a threshold ( Herbert: par. 0092 checked for each password individually until a desired number of false passwords is reached ). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Herbert with the system/method of Sellers and Kapelevich to include the malicious session request is indicated by a valid username and a number of submitted incorrect passwords exceeding a threshold. One would have been motivated for authenticating or otherwise securing user access to a computer or to a specific computing resource ( Herbert: par. 0002 ). Regarding claims 25-27: Claims 25-27 are similar in scope to claims 5-7, respectively, and are therefore rejected under similar rationale . 07-21-aia AIA Claim s 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Sellers (US 11057429) in view of Kapelevich et al. (“Kapelevich,” US 2021/0152598) and Fan (US 2019/0319946) . Regarding claim 10: Sellers in view of Kapelevich discloses the method of claim 1. Sellers in view of Kapelevich does not explicitly disclose wherein the enhanced authentication token is generated by an identity provider. However, Fan discloses wherein the enhanced authentication token is generated by an identity provider ( Fan: par. 0052 the access token 242 [] may be generated by anyone of the different types of identity providers 240 ). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Fan with the system/method of Sellers and Kapelevich to include the enhanced authentication token is generated by an identity provider. One would have been motivated to providing authentication of a user operating a computing device requesting access to a service provider to determine if the user of the computing device has permission to access desired services ( Fan: par. 0005 ). Regarding claim 11: Sellers in view of Kapelevich and Fan discloses the method of claim 10. Fan further discloses wherein the application is a web application, the identity provider is a service that authenticates sessions with application through a web browser, and wherein the web browser receives the enhanced authentication token from the identity provider ( Fan: par. 0057 a web browser within the computing device 220 is in communications with the service provider 230 via communications path 250 at Block 306; par. 0043 the central authentication service 210 receives access tokens that may be generated by different types of identity providers 240(1)-240(n) ). The motivation is the same that of claim 10 above. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439 Application/Control Number: 18/637,239 Page 2 Art Unit: 2439 Application/Control Number: 18/637,239 Page 3 Art Unit: 2439 Application/Control Number: 18/637,239 Page 4 Art Unit: 2439 Application/Control Number: 18/637,239 Page 5 Art Unit: 2439 Application/Control Number: 18/637,239 Page 6 Art Unit: 2439 Application/Control Number: 18/637,239 Page 7 Art Unit: 2439 Application/Control Number: 18/637,239 Page 8 Art Unit: 2439 Application/Control Number: 18/637,239 Page 9 Art Unit: 2439 Application/Control Number: 18/637,239 Page 10 Art Unit: 2439 Application/Control Number: 18/637,239 Page 11 Art Unit: 2439 Application/Control Number: 18/637,239 Page 12 Art Unit: 2439 Application/Control Number: 18/637,239 Page 13 Art Unit: 2439 Application/Control Number: 18/637,239 Page 14 Art Unit: 2439 Application/Control Number: 18/637,239 Page 15 Art Unit: 2439 Application/Control Number: 18/637,239 Page 16 Art Unit: 2439 Application/Control Number: 18/637,239 Page 17 Art Unit: 2439 Application/Control Number: 18/637,239 Page 18 Art Unit: 2439 Application/Control Number: 18/637,239 Page 19 Art Unit: 2439
Read full office action

Prosecution Timeline

Show 1 earlier event
May 20, 2025
Non-Final Rejection mailed — §103
Sep 10, 2025
Applicant Interview (Telephonic)
Sep 10, 2025
Examiner Interview Summary
Sep 19, 2025
Response Filed
Jan 22, 2026
Final Rejection mailed — §103
Apr 21, 2026
Request for Continued Examination
Apr 30, 2026
Response after Non-Final Action
Jun 04, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12665896
ELECTRICITY METER AND SYSTEM HARDENED AGAINST ATTACK VECTORS
2y 8m to grant Granted Jun 23, 2026
Patent 12604186
Methods and Systems for Network Authentication Using a Unique Authentication Identifier
2y 12m to grant Granted Apr 14, 2026
Patent 12598078
NETWORK ACCESS USING HARDWARE-BASED SECURITY
3y 1m to grant Granted Apr 07, 2026
Patent 12598174
FLEET MANAGEMENT SYSTEM AND METHOD
1y 9m to grant Granted Apr 07, 2026
Patent 12568073
SECURE EXCHANGE OF CERTIFICATE AUTHORITY CERTIFICATE INLINE AS PART OF FILE TRANSFER PROTOCOL
3y 7m to grant Granted Mar 03, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
76%
Grant Probability
99%
With Interview (+52.2%)
3y 1m (~10m remaining)
Median Time to Grant
High
PTA Risk
Based on 296 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month