Office Action Predictor
Last updated: April 16, 2026
Application No. 18/667,536

GRAPHICAL USER AUTHENTICATION FOR EDGE DEVICES

Final Rejection §102§103
Filed
May 17, 2024
Examiner
KIM, HEE SOO
Art Unit
2443
Tech Center
2400 — Computer Networks
Assignee
Schneider Electric Systems Usa, INC.
OA Round
2 (Final)
79%
Grant Probability
Favorable
3-4
OA Rounds
2y 12m
To Grant
78%
With Interview

Examiner Intelligence

Grants 79% — above average
79%
Career Allow Rate
430 granted / 545 resolved
+20.9% vs TC avg
Minimal -0% lift
Without
With
+-0.5%
Interview Lift
resolved cases with interview
Typical timeline
2y 12m
Avg Prosecution
34 currently pending
Career history
579
Total Applications
across all art units

Statute-Specific Performance

§101
14.1%
-25.9% vs TC avg
§103
43.9%
+3.9% vs TC avg
§102
21.2%
-18.8% vs TC avg
§112
11.4%
-28.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 545 resolved cases

Office Action

§102 §103
DETAILED ACTION This action is responsive to amendment filed on January 8th, 2026. Claims 1~18 and 20 are examined. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments with respect to claims 1~18 and 20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim 12 is rejected under 35 U.S.C. 102(a)(1) as being anticipated by Siddesh et al. hereinafter Siddesh (U.S 2015/0244697). Regarding Claim 12, Siddesh taught a method for enabling secure access to an industrial edge device of an industrial plant, the method comprising: establishing communication between the industrial edge device and a user device [¶40, field device FD connected with a servicing device CU2]; transmitting, by the user device, a request to the industrial edge device, to access the industrial edge device [¶41, the servicing device CU2 requests interaction with the web server WS2 (FD)]; receiving, at the industrial edge device, the request [¶42, following receipt of the request by the web server WS (FD)]; in response to the request, transmitting, by an authentication processor associated with the industrial edge device, a graphical authentication task to the user device for the user device to execute to provide as a response thereto [¶11, the field device has a function for distinguishing computers from humans; ¶38]; and verifying, by the authentication processor, the response provided by the user device to determine whether to grant the user device access to the industrial edge devices wherein verifying the response comprises comparing the response to a predetermined range of predetermined model responses to detect if the response falls within the predetermined range of predetermined model responses such that the authentication processor grants the user access to the industrial edge device in response to the response falling within the range of predetermined model responses [¶11, upon an accessing of the field device via the web server, the function for distinguishing computers from humans is executed, in order to assure that the accessing of the field device is being done by a human user]. Note: utilizing CAPTCHAs imply (and/or well-known) that responses are compared to prior responses that are converted into a score that comprises a range or threshold. A lower score would be more indicative of a user (and thus, granted access) while a higher score would indicate a machine (access denied). Regarding Claims 13~17 and 20, the claims are similar in scope to claims 6~10 below and therefore, rejected under the same rationale. Claim Rejections - 35 USC § 103 The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. Claims 1~3 and 6~10 are rejected under 35 U.S.C. 103 as being unpatentable over Siddesh et al. hereinafter Siddesh (U.S 2015/0244697) in view of Yoo (U.S 2024/0422154). Regarding Claim 1, Siddesh taught an authentication system for an industrial plant, the authentication system comprising: an industrial edge device configured for at least one of monitoring and controlling an operation within the industrial plant [¶2, industrial plants are field devices, which serve for determining and/or monitoring process variables]; a user device configured to communicate with the industrial edge device to request access to the industrial edge device [¶40, servicing device CU2]; and an authentication processor associated with the industrial edge device, the authentication processor configured to communicate a graphical authentication task to the user device in response to the request for access [¶11, the field device has a function for distinguishing computers from humans; ¶38], the authentication processor further configured to verify a response to the graphical authentication task from the user device for determining whether to grant the user device access to the industrial edge device [¶11, upon an accessing of the field device via the web server, the function for distinguishing computers from humans is executed, in order to assure that the accessing of the field device is being done by a human user]. While Siddesh taught in order to verify that the request is from a human and not a computer, before accessing the web server WS by the computing unit CU1 is permitted, a CAPTCHA query is performed. To this end, the web server WS sends, likewise via the Internet I1, a request 2 to a CAPTCHA server CS, the CAPTCHA server creates a CAPTCHA or retrieves a CAPTCHA from a database DB1 and sends the CAPTCHA as response 3 to the request 2 to the web server WS1 [¶35] however, did not specifically teach the authentication processor being integrated on at least one of a separate device on a central server of the industrial plant or a Supervisory Control and Data Acquisition (SCADA) system of the industrial plant. Yoo taught the authentication processor being integrated on at least one of a separate device on a central server of the industrial plant or a Supervisory Control and Data Acquisition (SCADA) system of the industrial plant [¶75, user terminal 20 takes charge of managing and controlling the industrial control apparatus 10 provided by the central server 30; ¶77, the central server 30 may receive status information of the field equipment 40 collected by the industrial control apparatus 10; ¶78, Fig. 3, the central server 30 may include the OTAC verification server 31 for authentication of the industrial control apparatus 10]. Note: Since Siddesh teaches the web server sends a request to a CAPTCHA server, a person of ordinary creativity would have employed a CAPTCHA server in place of the OTAC verification server 31 to authenticate requests made by the user terminal 20 since the approach would have been a predictable variation of prior art elements according to their established functions. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Yoo’s teaching of limitations with the teachings of Siddesh, because the combination allows an industrial control apparatus to be protected from hacking risks and have a competitive advantage in cost, system-required specifications, etc. compared to existing authentication methods [¶57]. Regarding Claim 2, Siddesh taught wherein the industrial edge device comprises one of a remote terminal unit (RTU), programmable logic controller (PLC), programmable automation controller (PAC), sensor, instrument, data radio, and modem [¶2, field devices include all equipment used in a plant]. Regarding Claim 3, Siddesh-Nixon taught wherein the user device comprises a personal device or a shared device [¶40, the servicing device CU2 can also be a PC, or a mobile device, i.e., a smart phone or a tablet]. Regarding Claim 6, Siddesh taught wherein the graphical authentication task comprises at least one of a graphical puzzle task, a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) task, and a drawing task [Fig. 4, CAPTCHA]. Regarding Claim 7, Siddesh taught wherein the graphical authentication task comprises at least one of a static image and video image [¶45, CAPTCHA in the form of distorted pictures]. Regarding Claim 8, Siddesh taught wherein the authentication processor is further configured to communicate one or more additional authentication tasks to the user device in response to the request for access and to verify an additional response to the one or more additional authentication tasks for determining whether to grant the user device access to the industrial edge device [¶46, login page to input username/password followed by CAPTCHA]. Regarding Claim 9, Siddesh taught wherein at least one of the one or more additional authentication tasks comprises a credentials-based authentication task [¶46, login page to input username/password]. Regarding Claim 10, Siddesh taught wherein the authentication processor is configured to execute processor-executable instructions to generate the graphical authentication task [¶54, low power microprocessor used in field devices]. Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Siddesh and Yoo in view of Nixon et al. hereinafter Nixon (U.S 2022/0078267). Regarding Claim 4, Siddesh-Yoo-Nixon taught wherein the user device communicates with the industrial edge device using a Transmission Control Protocol/Internet (TCP/IP) protocol [¶50, different external devices, hosts or servers connected to the field device 10 via the communication interface 20 that conform to any desired standard communication protocol, such as an IP or packet-based protocol such as TCP, UDP]. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Nixon’s teaching of limitations with the teachings of Siddesh, because the combination enables communication connections between the field device 10 and external client devices to be established independently of one another [¶52]. Regarding Claim 5, Siddesh-Yoo-Nixon taught wherein the user device communicates with the industrial edge device using a User Datagram Protocol (UDP) [¶50, different external devices, hosts or servers connected to the field device 10 via the communication interface 20 that conform to any desired standard communication protocol, such as an IP or packet-based protocol such as TCP, UDP]. The rationale to combine as discussed in claim 4, applies here as well. Claims 11 and 18 is rejected under 35 U.S.C. 103 as being unpatentable over Siddesh and Yoo in view of Shimizu et al. hereinafter Shimizu (U.S 2023/0280724). Regarding Claims 11 and 18, Siddesh-Yoo-Shimizu taught wherein the authentication processor comprises the Supervisory Control and Data Acquisition (SCADA) system of the industrial plant, and wherein the SCADA system is configured to generate the graphical authentication task [¶53, SCADA Web HMI System includes HMI server device 2 and HMI client device 3. Note: since Siddesh’s field devices has a web server that allows access by servicing devices, the combination with Shimizu’s SCADA system reads on the claim]. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Shimizu’s teaching of limitations with the teachings of Siddesh and Yoo, because the combination enables real-time system monitoring, process control, and data collection [¶3]. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE SOO KIM whose telephone number is (571)270-3229. The examiner can normally be reached M-F 9AM-5PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on (571) 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HEE SOO KIM/Primary Examiner, Art Unit 2443
Read full office action

Prosecution Timeline

May 17, 2024
Application Filed
Oct 09, 2025
Non-Final Rejection — §102, §103
Jan 08, 2026
Response Filed
Feb 11, 2026
Final Rejection — §102, §103
Apr 06, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12592968
Cloud-based deception technology with granular scoring for breach detection
2y 5m to grant Granted Mar 31, 2026
Patent 12587522
DATA CLASSIFICATION LABEL MANAGEMENT AND ACCESS CONTROL
2y 5m to grant Granted Mar 24, 2026
Patent 12587573
REPORTING OF DELTA CHANNEL QUALITY INDICATOR (CQI)-MODULATION AND CODING SCHEME (MCS) INFORMATION
2y 5m to grant Granted Mar 24, 2026
Patent 12579296
DATA SECURITY TRANSACTIONS USING SOFTWARE CONTAINER MACHINE READABLE CONFIGURATION DATA
2y 5m to grant Granted Mar 17, 2026
Patent 12574245
HEALTHCARE DATA MANAGEMENT METHOD AND APPARATUS USING HASH VALUES ON CLOUD SERVER
2y 5m to grant Granted Mar 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
79%
Grant Probability
78%
With Interview (-0.5%)
2y 12m
Median Time to Grant
Moderate
PTA Risk
Based on 545 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month