Office Action Predictor
Last updated: April 16, 2026
Application No. 18/720,144

A METHOD FOR MONITORING OR VALIDATING COMPLIANCE OF A DEVICE ON A NETWORK

Non-Final OA §103§112
Filed
Jun 14, 2024
Examiner
ZOUBAIR, NOURA
Art Unit
2434
Tech Center
2400 — Computer Networks
Assignee
British Telecommunications Public Limited Company
OA Round
1 (Non-Final)
72%
Grant Probability
Favorable
1-2
OA Rounds
2y 8m
To Grant
99%
With Interview

Examiner Intelligence

Grants 72% — above average
72%
Career Allow Rate
256 granted / 353 resolved
+14.5% vs TC avg
Strong +62% interview lift
Without
With
+61.8%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
17 currently pending
Career history
370
Total Applications
across all art units

Statute-Specific Performance

§101
7.5%
-32.5% vs TC avg
§103
50.1%
+10.1% vs TC avg
§102
9.3%
-30.7% vs TC avg
§112
16.0%
-24.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 353 resolved cases

Office Action

§103 §112
DETAILED ACTION Claims 1-15 are presented for examination. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Interpretation 112(f) The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic place holder is not preceded by a structural modifier. Such claim limitation(s) is/are: “obtaining module configured to….”, “comparison module configured to….” and “determining module configured to….”, in claim 15. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The above claim limitations in claim 15 invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. Although the specification describes the modules being “of a computer system”, a computer system may comprise multiple elements and therefore it is not clear whether the modules are within a specific structure or they are independent components. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph. Applicant may: (a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph; (b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or (c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)). If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: (a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or (b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-11 and 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al (US Pub.No.2020/0374700). Re Claim 1. Smith discloses a method for monitoring or validating compliance of attributes of a device on a network (i.e. The onboarding tool may use the certification produced by the certification process (e.g., the Platform Certificate) to ensure that a device that is requested to be onboarded into a network conforms to certain hardware, software, firmware, or other features consistent or compatible with the network) [Smith, para.0054], the method comprising: obtaining, from a distributed ledger technology, a first tree data structure comprising compliance data associated with a network (i.e. The blockchain may include information corresponding to platform certificates or approved product lists of a plurality of devices in an example………………) [Smith, para.0080], and a second tree data structure comprising attribute data associated with an electronic device (i.e. The blockchain may include information corresponding to platform certificates or approved product lists of a plurality of devices in an example………………The ecosystem operator (EO) onboarding process may query the device to be onboarded to identify a product model number. The EO may use the product model number to locate a BoM record from the blockchain that in turn identifies other BoM records in a cascade of references that together defines the product ingredients) [Smith, para.0080, 0097], (i.e. The Platform Certificate or the APL may use a hash-tree structure for efficient verification of contents at the level of granularity that best suits onboarding objectives) [Smith, para.0046]; comparing the first [tree] data structure with the second [tree] data structure to compare the compliance data with the attribute data (i.e. compare elements in the platform certificate with elements from a corresponding approved product list. In an example, the elements in the platform certificate comprise platform attributes, container attributes, device attributes, conformance status, or security profile attributes…….. determine whether the device is trusted for onboarding on the IoT network by determining whether the attributes from the platform certificate match the corresponding attributes in the corresponding approved product list. The method 800 includes an operation 808 to determine whether a match exists) [Smith, para.0068-0069]; and determining, based on the comparison, whether the electronic device is compliant with the network (i.e. The onboarding tool may determine whether the attributes described in the APL match attributes of the Platform Certificate. In an example, when all attributes do not match, the device may be rejected (e.g., identified by the onboarding tool as Not Certified) and not onboarded) [Smith, para.0053]. Smith does not explicitly disclose that the comparing is specifically of one tree data structure to another, however it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the embodiments of Smith to include comparing a first tree data structure with a second tree data structure because Smith already discloses that the data structures are trees: The Platform Certificate or the APL may use a hash-tree structure for efficient verification of contents at the level of granularity that best suits onboarding objectives [Smith, para.0046]. Therefore, it is an expected result that comparing the elements within two tree data structures yields a comparison between the tree data structures themselves. Re Claim 2. Smith discloses the method according to claim 1, wherein the distributed ledger technology comprises a blockchain database (i.e. The blockchain may include information corresponding to platform certificates or approved product lists of a plurality of devices in an example………………) [Smith, para.0080], and the obtaining comprises accessing a set of transactions corresponding to the first tree data structure and the second tree data structure from the blockchain database (i.e. A manufacturer of devices or platforms may assert sovereign device identity by using a device asymmetric key to sign a blockchain transaction containing the device identity………………. ecosystem operator (EO) onboarding process may query the device to be onboarded to identify a product model number. The EO may use the product model number to locate a BoM record from the blockchain) [Smith, para.0086, 0097]. Re Claim 3. Smith discloses the method according to claim 2, further comprising registering the first tree data structure with the blockchain database, the registering comprising creating a block in the blockchain database comprising a block hash and a root hash value of the first tree data structure (i.e. A manufacturer of devices or platforms may assert sovereign device identity by using a device asymmetric key to sign a blockchain transaction containing the device identity………………. ecosystem operator (EO) onboarding process may query the device to be onboarded to identify a product model number. The EO may use the product model number to locate a BoM record from the blockchain) [Smith, para.0086, 0097]. Re Claim 4. Smith discloses the method according to claim 2, further comprising the electronic device registering the second tree data structure with the blockchain database, the registering comprising creating a block in the blockchain database comprising a block hash (i.e. A blockchain includes “blocks,” which hold data or both data and programs. Each block holds batches of individual “transactions” between blockchain participants. Each block includes a timestamp and linking information (usually a hash value) linking the current block to the previous block) [Smith, para.0105] and a root hash value of the second tree data structure (i.e. the Platform Certificate or the APL may be digitally signed such that an onboarding tool may verify integrity of the information being presented) [Smith, para.0046, Note: Fig. 3 depicts a signature may be a hash]. Re Claim 5. Smith discloses the method according to claim 1, wherein the attribute data and the compliance data comprise attributes, and the method further comprises, if the comparing determines that the attribute data comprises one or more attributes not in the compliance data, determining that the electronic device is not compliant with the network (i.e. when a change in the APL causes the already onboarded or to be onboarded (but already manufactured) device to have a defect in its Platform Certificate (e.g., an attribute that does not match the changed APL). The onboarding tool may dynamically re-evaluate previously onboarded devices to determine an appropriate quarantine action when an APL attribute changes (e.g., form a subnet consisting of non-Certified devices)) [Smith, para.0047]. Re Claim 6. Smith discloses the method according to claim 5, further comprising, if the electronic device is determined to be not compliant with the network, isolating the electronic device and determining if mitigation of the one or more attributes not in the compliance data is possible, and: if mitigation is possible, attempting mitigation of the one or more attributes not in the compliance data (i.e. when a change in the APL causes the already onboarded or to be onboarded (but already manufactured) device to have a defect in its Platform Certificate (e.g., an attribute that does not match the changed APL). The onboarding tool may dynamically re-evaluate previously onboarded devices to determine an appropriate quarantine action when an APL attribute changes (e.g., form a subnet consisting of non-Certified devices)………….. Compliance status may relate to individual sub-components of the composite product, and when relevant, the sub-component compliance status may also be checked. When all relevant status checks satisfy an orchestration policy, the product (device) is permitted on the network…the orchestration tools may re-verify status periodically or in response to dynamic updates to the public blockchain regarding status changes) [Smith, para.0047, 0109-0110, Note: therefore successful re-evaluation and re-verification is a mitigation step allowing a device to be onboarded again]; or if mitigation is not possible, continuing to isolate the electronic device and preventing the electronic device from accessing the network (i.e. when a change in the APL causes the already onboarded or to be onboarded (but already manufactured) device to have a defect in its Platform Certificate (e.g., an attribute that does not match the changed APL). The onboarding tool may dynamically re-evaluate previously onboarded devices to determine an appropriate quarantine action when an APL attribute changes (e.g., form a subnet consisting of non-Certified devices) ………………………………….. When the certification or compliance status (or device identity) is not verified or not verifiable, the technique 1200 may include not onboarding the component) [Smith, para.0047, 0119, Note: if re-verification is not possible, the device remains in quarantine/isolation]. Re Claim 7. Smith discloses the method according to claim 6, further comprising, Smith does not explicitly disclose: after attempting mitigation, if mitigation was unsuccessful, determining if further mitigation is possible, and if not, continuing to isolate the electronic device and preventing the electronic device from accessing the network, however as seen in the rejection of claim 6, above, Smith teaches attempting an initial mitigation, and if mitigation is not possible then isolating the device. Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith to repeat the attempt to mitigate if different mitigation strategies are possible. The motivation is that this will yield an expected result of increased likelihood of successful onboarding. Re Claim 8. Smith discloses the method according to claim 6, wherein when the electronic device is isolated, the method further comprises the electronic device attempting to reconfigure to remediate the one or more attributes not in the compliance data (i.e. allowing the IoT devices 202 to reconfigure their operations and communications, such as to determine needed resources in response to conditions, queries, and device failures) [Smith, para.0043]. Re Claim 9. Smith discloses the method according to claim 8, wherein: if the attempt to reconfigure remediates the one or more attributes not in the compliance data, the method further comprises granting the electronic device access to the network; and if the attempt to reconfigure does not remediate the one or more attributes not in the compliance data, the method further comprises determining that the device is not compliant with the network (i.e. the orchestration tools may re-verify status periodically or in response to dynamic updates to the public blockchain regarding status changes) [Smith, para.0110], (i.e. when all attributes do not match, the device may be rejected (e.g., identified by the onboarding tool as Not Certified) and not onboarded. When all (or a minimum or subset as required by the Platform Certificate, the APL, the onboarding tool, or a target IoT network) attributes do match, the device may be onboarded) [Smith, para.0053, Note: since Smith teaches that any updates will trigger re-verification, it implies that the initial evaluation criteria for onboarding will apply]. Re Claim 10. Smith discloses the method according to claim 6, further comprising: if mitigation of the one or more attributes not in the compliance data is successful, granting the electronic device access to the network (i.e. determining a change to the approved product list for the device, and dynamically determining whether to change a certification status of the device in response. In an example, when at least one attribute from the platform certificate no longer matches a corresponding attribute in the changed approved product list, the certification may be revoked, and the device may be removed from the IoT network……………………………….. onboard the device to the IoT network in response to determining that the attributes from the platform certificate match the corresponding attributes in the corresponding approved product list) [Smith, para.0070-0071]. Re Claim 11. Smith discloses the method according to claim 1, wherein the attribute data and the compliance data comprise one or more attributes, and the method further comprises: designating one or more of the attributes of the compliance data as essential attributes; and if it is determined that the attribute data does not comprise one or more of the essential attributes, determining that the electronic device is not compliant with the network (i.e. when all attributes do not match, the device may be rejected (e.g., identified by the onboarding tool as Not Certified) and not onboarded. When all (or a minimum or subset as required by the Platform Certificate, the APL, the onboarding tool, or a target IoT network) attributes do match, the device may be onboarded) [Smith, para.0053]. Re Claim 13. Smith discloses the method according to claim 1, further comprising: updating at least one of the first tree data structure or the second tree data structure to provide at least one of updated compliance data or updated attribute data, respectively; updating the distributed ledger technology with the updated compliance data or the updated attribute data; and performing a further comparison of the first tree data structure with the second tree data structure data (i.e. when a change in the APL causes the already onboarded or to be onboarded (but already manufactured) device to have a defect in its Platform Certificate (e.g., an attribute that does not match the changed APL). The onboarding tool may dynamically re-evaluate previously onboarded devices to determine an appropriate quarantine action when an APL attribute changes (e.g., form a subnet consisting of non-Certified devices)…………. Compliance status may relate to individual sub-components of the composite product, and when relevant, the sub-component compliance status may also be checked. When all relevant status checks satisfy an orchestration policy, the product (device) is permitted on the network…the orchestration tools may re-verify status periodically or in response to dynamic updates to the public blockchain regarding status changes) [Smith, para.0047, 0109-0110], (i.e. Product firmware or software can be updated in the field resulting in loss of compliance……………………………………. Each ingredient or component may be evaluated by an ingredient or component test and compliance validation service provider that contributes evaluation results/status to the blockchain) [Smith, para.0074, 0094]. Re Claims 14 and 15. These claims recite features similar to those in claim 1, therefore they are similarly rejected. Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Smith as applied to claim 1, in view of Ramabaja (US Pub.No.2023/0108083) based on its PCT and foreign priority dates. Re Claim 12. Smith discloses the method according to claim 1, Smith does not explicitly disclose whereas Ramabaja does: wherein the first tree data structure is a first bloom tree and the second tree data structure is a second bloom tree (i.e. The distributed bloom filters define a set of transactions, and the plurality of bloom trees are associated with different distributed bloom filters spread across the plurality of computing nodes. As discussed above, as transactions of a block (say a new block of blockchain created by a miner) gets inserted into “M” distributed bloom filters (DBFs), it can be deduced that each distributed bloom filter define a set of transactions in hashed form. In other words, the plurality of bloom trees and distributed bloom filters are spread across the plurality of computing nodes to provide a common factor for achieving verification of the one or more transaction at any of the computing nodes) [Ramabaja, para.0064], each of the first bloom tree and the second bloom tree comprising a plurality of nodes, each node of the plurality of nodes having: an associated hash generated based on the nodes beneath that respective node (i.e. an example of the bloom tree with a root hash is shown and described, for example, in FIG. 4. Moreover, similar to computation of one bloom tree for one distributed bloom filter, as described above, the plurality of bloom trees is computed. In the above example, “M” root hashes of plurality of bloom trees are computed and temporally stored at each computing node) [Ramabaja, para.0062-0063, Fig.4]; and a probabilistic data structure for evaluating a presence or an absence of one or more hashes associated with the plurality of nodes, the method further comprising using the probabilistic data structures to evaluate the presence or the absence of one or more hashes (i.e. the communicating a request for a multi-proof to the specified number of computing nodes from the plurality of computing nodes; and [0075] (ii) obtaining a proof of absence from one of the specified number of computing nodes, or proofs of presence from the specified number of computing nodes, to verify the presence of the first transaction,…………………….. the given computing node that initiates the interactive proof, requests up to ‘M’ nodes for the multi-proof. For example, in a given bloom block of the given computing node, if the stored one distributed bloom filter has a false positive value of 0.0001, and then collecting multi-proofs from 20 computing nodes would have a false positive value of 0.0001 to the power 20. Therefore, the probability for a false positive value after the interactive proof is almost negligible in comparison to conventional technologies. For example, the probability for a false positive hit after such an interaction (i.e. the interactive proof), would be smaller than correctly estimating the bit sequence for, for example, a SHA256 cryptographic hash) [Ramabaja, para.0073-0076]. It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith with Ramabaja because it combines the distributed bloom filters with Merkle trees. Moreover, using the bloom tree, the presence, or absence of any transaction is verified and transmitted in a secure and bandwidth efficient way [Ramabaja, para.0061]. Prior art made of record, however not relied upon, includes: Beard (US Pub.No.2020/0201620), discloses a system where each of a plurality of medical devices is configured to generate a device specific Software Bill of Materials (SBOM), and communicate the device specific SBOM to a validator system(s). A central authority system(s) is configured to authorize the validator system(s) to add a new block(s) to a SBOM blockchain. The SBOM blockchain is structured to contain updates to the device specific SBOM. The validator system(s) is configured to create a local copy of the SBOM blockchain, build a SBOM hash tree based on data in the SBOM blockchain, search the SBOM hash tree for the device specific SBOM, add a new block to the SBOM blockchain, the new block comprising an update(s) to the device specific SBOM, validate the update(s) in the device specific SBOM based on a vulnerability database, and communicate the new block to at least one other validator system. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285. The examiner can normally be reached Monday - Friday. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NOURA ZOUBAIR/Primary Examiner, Art Unit 2434
Read full office action

Prosecution Timeline

Jun 14, 2024
Application Filed
Sep 05, 2025
Non-Final Rejection — §103, §112
Apr 10, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12596790
Secure Environment Public Register (SEPR)
2y 5m to grant Granted Apr 07, 2026
Patent 12591664
System and method for remote users activities administration
2y 5m to grant Granted Mar 31, 2026
Patent 12574420
DYNAMIC POLICY AND NETWORK SECURITY ZONE GENERATION
2y 5m to grant Granted Mar 10, 2026
Patent 12563098
System and method for performing a secured operation
2y 5m to grant Granted Feb 24, 2026
Patent 12549608
CENTRALIZED SECURITY POLICY ADMINISTRATION USING NVMe-oF ZONING
2y 5m to grant Granted Feb 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
72%
Grant Probability
99%
With Interview (+61.8%)
2y 8m
Median Time to Grant
Low
PTA Risk
Based on 353 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month