Office Action Predictor
Last updated: April 16, 2026
Application No. 18/639,481

Secret Protection During Software Development Life Cycle

Final Rejection §DP
Filed
Apr 18, 2024
Examiner
KIM, HEE SOO
Art Unit
2443
Tech Center
2400 — Computer Networks
Assignee
Salesforce, INC.
OA Round
2 (Final)
79%
Grant Probability
Favorable
3-4
OA Rounds
2y 12m
To Grant
78%
With Interview

Examiner Intelligence

Grants 79% — above average
79%
Career Allow Rate
430 granted / 545 resolved
+20.9% vs TC avg
Minimal -0% lift
Without
With
+-0.5%
Interview Lift
resolved cases with interview
Typical timeline
2y 12m
Avg Prosecution
34 currently pending
Career history
579
Total Applications
across all art units

Statute-Specific Performance

§101
14.1%
-25.9% vs TC avg
§103
43.9%
+3.9% vs TC avg
§102
21.2%
-18.8% vs TC avg
§112
11.4%
-28.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 545 resolved cases

Office Action

§DP
DETAILED ACTION This action is responsive to amendment filed December 22nd, 2025. Claims 21~40 are examined. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments, filed 12/22/25, with respect to claims 21~40 have been fully considered and are persuasive. The USC 102 and 103 rejections have been withdrawn. However, the Double Patenting rejection still applies and will require a terminal disclaimer to obviate the U.S Patent discussed below. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). Claims 21~40 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1~20 of U.S. Patent No. 11,997,215. Although the conflicting claims are not identical, they are not patentably distinct from each other because for example, claims 1 and 8 of the U.S Patent mentioned above, contain every element of claims 1 of the instant application and thus obvious. Claims 21~40 of the instant application is therefore not patently distinct from claims 1~20 of U.S. Patent No. 11,997,215 and as such are unpatentable over obvious-type double patenting. Instant App 18/639,481 U.S Patent 11,997,215 21. A method, comprising: receiving, at a data center that includes a plurality of computer systems, a manifest file specifying credentials to be created and used by a first application executing in the data center to communicate with a second application executing in the data center; creating, at the data center in response to the manifest file, a plurality of credentials for the first application; storing, at the data center, the plurality of credentials in a credentials repository; and executing, on a production server within the data center, a production version of the first application, wherein the executing includes receiving decrypted versions of the plurality of credentials from the credential repository, wherein the decrypted versions are accessible within the data center, but are inaccessible outside the data center. 1. A method, comprising: storing, at a storage location in a data center, a signed package that includes an encrypted version of a secret referenced by a first application, wherein the encrypted version of the secret has been encrypted by an encryption service using a symmetric key that has been generated using a data center public key of a data center key pair of the data center, and wherein the signed package includes information indicating that the secret is associated with the first application; sending, by the first application executing on a production server within the data center, a request for a decrypted version of the secret to a decryption service executing within the data center; the decryption service: verifying the signed package; in response to the signed package being verified, deriving the symmetric key using a data center private key of the data center key pair; decrypting the encrypted version of the secret using the symmetric key; and returning the decrypted version of the secret to the first application. 22. The method of claim 21, wherein the manifest file is received from a software automation pipeline that automatically performs compiling and testing of the first application. 5. (Original) The method of claim 1, wherein the signed package is received from a software automation pipeline that automatically performs compiling and testing of the first application. 23. The method of claim 21, wherein the manifest file includes a secret specification that defines secret parameters and application metadata for a first of the plurality of credentials; and wherein the creating includes creating the first credential in accordance with the secret specification. 6. The method of claim 1, wherein the secret is created by the encryption service based on specified secret parameters supplied to the encryption service. 29. The method of claim 27, wherein the encryption and decryption services are implemented using containers. 7. The method of claim 1, wherein the decryption service executes within a container. 8. The method of claim 1, further comprising: receiving, at the data center, a manifest file for the first application, the manifest file specifying a set of secrets to be created for use by the first application; creating the set of secrets and storing the created secrets within the data center for use by the first application while executing on the production server; and wherein the created secrets are not accessible outside the data center. Allowable Subject Matter Claims 21~40 are allowed once a Terminal Disclaimer is filed. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE SOO KIM whose telephone number is (571)270-3229. The examiner can normally be reached M-F 9AM-5PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on (571) 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HEE SOO KIM/Primary Examiner, Art Unit 2443
Read full office action

Prosecution Timeline

Apr 18, 2024
Application Filed
Oct 24, 2024
Response after Non-Final Action
Sep 17, 2025
Non-Final Rejection — §DP
Dec 22, 2025
Response Filed
Feb 02, 2026
Final Rejection — §DP
Mar 31, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12592968
Cloud-based deception technology with granular scoring for breach detection
2y 5m to grant Granted Mar 31, 2026
Patent 12587522
DATA CLASSIFICATION LABEL MANAGEMENT AND ACCESS CONTROL
2y 5m to grant Granted Mar 24, 2026
Patent 12587573
REPORTING OF DELTA CHANNEL QUALITY INDICATOR (CQI)-MODULATION AND CODING SCHEME (MCS) INFORMATION
2y 5m to grant Granted Mar 24, 2026
Patent 12579296
DATA SECURITY TRANSACTIONS USING SOFTWARE CONTAINER MACHINE READABLE CONFIGURATION DATA
2y 5m to grant Granted Mar 17, 2026
Patent 12574245
HEALTHCARE DATA MANAGEMENT METHOD AND APPARATUS USING HASH VALUES ON CLOUD SERVER
2y 5m to grant Granted Mar 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
79%
Grant Probability
78%
With Interview (-0.5%)
2y 12m
Median Time to Grant
Moderate
PTA Risk
Based on 545 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month