Prosecution Insights
Last updated: July 17, 2026
Application No. 18/733,706

METHODS, DEVICES AND SYSTEMS FOR SECURING WIRELESS SYSTEMS FROM INSIDER INFORMATION ATTACKS

Non-Final OA §102§103
Filed
Jun 04, 2024
Priority
Oct 10, 2023 — provisional 63/543,406
Examiner
GIDDINS, NELSON S
Art Unit
2408
Tech Center
2400 — Computer Networks
Assignee
Infineon Technologies AG
OA Round
1 (Non-Final)
85%
Grant Probability
Favorable
1-2
OA Rounds
2m
Est. Remaining
95%
With Interview

Examiner Intelligence

Grants 85% — above average
85%
Career Allowance Rate
460 granted / 544 resolved
+26.6% vs TC avg
Moderate +10% lift
Without
With
+10.3%
Interview Lift
resolved cases with interview
Typical timeline
2y 3m
Avg Prosecution
13 currently pending
Career history
567
Total Applications
across all art units

Statute-Specific Performance

§101
0.7%
-39.3% vs TC avg
§103
86.7%
+46.7% vs TC avg
§102
2.6%
-37.4% vs TC avg
§112
3.1%
-36.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 544 resolved cases

Office Action

§102 §103
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to Application No. 18/733,706 filed on 06/04/2024. Claims 1-20 have been examined and are pending in this application. Priority Acknowledgment is made of Applicant’s claim for priority under 35 U.S.C. 119 (e) to Provisional Application No. 63/543,406, filed on 10/10/2023. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim(s) 1-5 and 9-14 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Shukla (US 10,966,277). Regarding claim 1, Shukla teaches a method, comprising: by operation of a first wireless device receiving wireless messages from a wireless network, determining that a received wireless message is a disconnect message directing the first wireless device to end communications over the wireless network (Shukla: Col. 5, Lines 48-67, Col. 6, Lines 1-10, In one embodiment, the processor 112 determines that the third wireless endpoint device 108 is an inside attacker by checking that the WAP device 102 advertises that the WAP device 102 will only use an encrypted unicast disconnect frame to disconnect a device from the wireless network 100 or that the WAP device 102 will not use a broadcast disconnect frame to disconnect a device from the wireless network 100. Alternatively, the wireless endpoint device can confirm whether the broadcast disconnect frame is authorized in a manner that cannot be spoofed by the third wireless endpoint device 108.), determining that the received disconnect message is not valid in response to decrypting at least a portion of the received disconnect message, and failing to find a shared secret value previously established during a network joining operation of the first wireless device (Shukla: Col. 6, Lines 51, When the WAP device 102 intends to disconnect the first wireless endpoint device 104, the WAP device 102 sends an encrypted unicast disconnect frame to confirm the intent to disconnect the first wireless endpoint device 104. In response, the processor 112 receives the encrypted unicast disconnect frame and decrypts the encrypted unicast disconnect frame with an encryption key shared between the WAP device 102 and the first wireless endpoint device 104. The WAP device 102 can share a common group key with each of the wireless endpoint devices and can share an individual device key with each of the wireless endpoint devices. Since the third wireless endpoint device 108 does not include the encryption key for the first wireless endpoint device 104, the communications between the first wireless endpoint device 104 and the WAP device 102 cannot be spoofed. Col. 5, Lines 55-67 [encryption key meets shared key limitation]), or after transmitting a query message addressed to at least a source address of the received disconnect message, receiving more response messages than expected (Shukla: Col. 7, Lines 5-20, In another embodiment, the processor 112 receives a second broadcast disconnect frame via the WLAN radio. The second broadcast disconnect frame includes a source address that identifies the WAP device and a destination address that identifies that the second broadcast disconnect frame is addressed to all wireless endpoint devices in the WLAN. Responsive to receiving the second broadcast disconnect frame, the processor 112 sends, responsive to receiving the second broadcast disconnect frame, a first frame to the WAP device after expiration of a configurable delay and while in an authorized state in which the wireless endpoint device is connected to the WLAN via the WAP device, wherein the configurable delay corresponds to an amount of time that allows the WAP device to clear an association record for the wireless endpoint device.), and ignoring the received disconnect message if it is determined to be not valid (Shukla: Col. 5, Lines 55-66, To discard the frame, as used herein, means that the frame is ignored, not processed, deleted, or otherwise so that the processor 112 does not disconnect the first wireless endpoint device 104 from the WLAN as a result of the broadcast disconnect frame 103. In other words, the processor 112 determines that the broadcast disconnect frame 103 can be discarded and maintains connection with the WLAN via the WAP device 102 as a result of the determination that the broadcast disconnect frame 103 originates from a device that is not authorized to send the broadcast disconnect frame 103 to disconnect the first wireless endpoint device 104 from the WLAN). Regarding claim 2, Shukla teaches The method of claim 1, wherein the received disconnect message comprises a disassociation or deauthentication frame compatible with at least one IEEE 802.11 wireless standard (Shukla: Col. 2, Lines 20-58, The deauthentication frame and the disassociation frame are management frames used by devices in different authentication or authorization states. The devices of the wireless network can use management frames like these during states or stages of authenticating, associating, de-authenticating, and dissociating devices. For example, once an endpoint device is associated to the WAP device, either the WAP device or the endpoint device can terminate the association at any time by sending a disassociation frame. The WAP device or the endpoint device can send a deauthentication frame when all communications are terminated between the devices. The endpoint device can send a disassociation frame when leaving the WAP device to roam to another WAP device. The WAP device can send the disassociation frame when the endpoint device is trying to use invalid parameters. The disassociation or deauthentication frames are Class 3 frames that are used when a station has been successfully authenticated and associated with an access point. Col. 7, Lines 25-28, This is accordance with disconnect rules in WLAN standards where, upon receiving a data or null frame for which there is no valid association record, the WAP 102 is required to reply with a disconnect frame. Col. 10, Lines 39-42, Col. 11, Lines 29-32, This is accordance with disconnect rules in WLAN standards where, upon receiving a data or null frame for which there is no valid association record, the WAP 102 is required to reply with a disconnect frame.). Regarding claim 3, Shukla teaches The method of claim 2, wherein the query message is selected from the group of: a block acknowledgement request, a power savings poll message, and a null data frame (Shukla: Col. 7, Lines 28-38, For example, if there is no association record for a device and the WAP device receives a data frame or null frame from the device, the WAP device is required to send a unicast disconnect frame to the device. After the configurable delay in which the association record is cleared, the processor 112 receives an encrypted unicast disconnect frame from the WAP device and decrypts the encrypted unicast disconnect frame with an encryption key shared only between the WAP device and the wireless endpoint device. The processor 112 disconnects the wireless endpoint device from the WLAN. Col. 7, Lines 25-28, This is accordance with disconnect rules in WLAN standards where, upon receiving a data or null frame for which there is no valid association record, the WAP 102 is required to reply with a disconnect frame. Col. 10, Lines 39-42, Col. 11, Lines 29-32, This is accordance with disconnect rules in WLAN standards where, upon receiving a data or null frame for which there is no valid association record, the WAP 102 is required to reply with a disconnect frame.). Regarding claim 4, Shukla teaches the method of claim 1, further including: by operation of the first wireless device, executing the network joining operation, comprising exchanging messages with a second wireless device to establish encryption operations for wireless messages on the wireless network, and establish at least the shared secret (Shukla: Col. 8, Lines 29-38, In another embodiment, the first frame is encrypted with a first key shared between the WAP device 102 and two or more devices that are part of the wireless network and the third frame is encrypted with a second key shared only between the WAP device 102 and the first device. This first key can be considered a group key. The group key can be shared with all devices in the wireless network. In other embodiments, the group key can be specified for a subset of all devices in the wireless network, such as done with multi-cast frames. Col. 7, Lines 25-28, This is accordance with disconnect rules in WLAN standards where, upon receiving a data or null frame for which there is no valid association record, the WAP 102 is required to reply with a disconnect frame. Col. 10, Lines 39-42, Col. 11, Lines 29-32, This is accordance with disconnect rules in WLAN standards where, upon receiving a data or null frame for which there is no valid association record, the WAP 102 is required to reply with a disconnect frame.) . Regarding claim 5, Shukla teaches The method of claim 4, wherein the network joining operation comprises an association operation compatible with at least one IEEE 802.11 wireless standard (Shukla: Col. 2, Lines 8-20, More specifically, IEEE 802.11w, now rolled into IEEE 802.11-2016 standard, introduced protection of Management frames that are being used to signal network activities e.g., disconnect events. All wireless endpoint devices connected to an Access Point have a common group key (also referred to a broadcast management group key) to decrypt and validate the broadcast management frames. This is done to ensure that an attacker, outside of the wireless network not having knowledge of the common management group key, cannot generate a broadcast deauthentication or a broadcast disassociation frame to disconnect all the wireless endpoint devices in the wireless network.). Regarding claims 9-13, Claims 9-13 are rejected under the same rational as claims 1-5. Regarding claim 14, Shukla teaches The device of claim 9, wherein: the processor circuits are further configured to (Shukla: Fig. 1) transmit at least the shared secret in an encrypted message to another device of the wireless network (Shukla: Col. 6, Lines 58-61, . The WAP device 102 can share a common group key with each of the wireless endpoint devices and can share an individual device key with each of the wireless endpoint devices.); and receive shared secrets corresponding to other wireless devices of the wireless network (Shukla: Col. 16, Lines 3-16, The processing logic updates a group key after the third wireless endpoint device is disconnected from the WAP device. The processing logic can send the updated group key to the wireless endpoint devices that are still connected to the WAP device.). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim(s) 6 is rejected under 35 U.S.C. 103 as being unpatentable over Shukla (US 10,966,277) in view of Singh et al. (US 2024/0224048; Hereinafter “Singh”). Regarding claim 6, Shukla teaches The method of claim 4, further including: the first wireless device comprises a first access point device (AP) compatible with at least one IEEE 802.11 wireless standard that is part of a distributed system (Shukla: Col. 2, Lines 8-20, More specifically, IEEE 802.11w, now rolled into IEEE 802.11-2016 standard, introduced protection of Management frames that are being used to signal network activities e.g., disconnect events. All wireless endpoint devices connected to an Access Point have a common group key (also referred to a broadcast management group key) to decrypt and validate the broadcast management frames. This is done to ensure that an attacker, outside of the wireless network not having knowledge of the common management group key, cannot generate a broadcast deauthentication or a broadcast disassociation frame to disconnect all the wireless endpoint devices in the wireless network. Col. 7, Lines 25-28, Col. 10, Lines 39-42, Col. 11, Lines 29-32, This is accordance with disconnect rules in WLAN standards where, upon receiving a data or null frame for which there is no valid association record, the WAP 102 is required to reply with a disconnect frame.); and Shukla does not explicitly teach by operation of the first wireless device, transmitting at least the shared secret in an encrypted message to a second AP of the distributed system. In an analogous art, Singh teaches by operation of the first wireless device, transmitting at least the shared secret in an encrypted message to a second AP of the distributed system (Singh: Para. [0049], Although not shown in FIG. 1, a STA 115 may be located in the intersection of more than one coverage area 110 and may associate with more than one AP 105. A single AP 105 and an associated set of STAs 115 may be referred to as a BSS. An ESS is a set of connected BSSs. A distribution system (not shown) may be used to connect APs 105 in an ESS. In some cases, the coverage area 110 of an AP 105 may be divided into sectors (also not shown). The WLAN 100 may include APs 105 of different types (e.g., metropolitan area, home network, etc.), with varying and overlapping coverage areas 110. Para. [0048], Para. [0050], In some cases, a STA 115 (or an AP 105) may be detectable by a central AP 105, but not by other STAs 115 in the coverage area 110 of the central AP 105. For example, one STA 115 may be at one end of the coverage area 110 of the central AP 105 while another STA 115 may be at the other end. [central AP may communicate and establish a connection with a second AP] Para. [0160], The method of any of aspects 1 through 11, further comprising: receiving, from the second wireless device, a security association query message; and transmitting, to the second wireless device, a security association response message key in response to the security association query message. Para. [0164], The method of aspect 16, further comprising: decrypting the deauthentication frame using the authentication key.). It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Singh with the system and method of Shukla to include by operation of the first wireless device, transmitting at least the shared secret in an encrypted message to a second AP of the distributed system because this functionality provides improved communication reliability and coordination between devices (Singh: Para. [0131]). Allowable Subject Matter Regarding Claim 7, Claim 7 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Regarding Claim 8, Claim 8 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Regarding Claims 15-20, Claims 15-20 are allowed over the cited prior art. The following is an Examiner’s statement of reasons for allowance: The closest prior art includes Shukla (US 10,966,277) in view of Singh et al. (US 2024/0224048; Hereinafter “Singh”). However, none of Shukla and Singh teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in dependent claim 7, dependent claim 8, and independent claim 15. For example, none of the cited prior art teaches or suggest the steps of “the method of claim 1, further including: the first wireless device comprises an access point device (AP) compatible with at least one IEEE 802.11 wireless standard that is part of a distributed system (DS); by operation of the first wireless device, generating and storing secure session data for a station device (STA) during association with the STA, secure session data including at least a device address of the STA and a corresponding shared secret that is shared with the STA, receiving and storing secure session data for at least one other STA associated with at last one other AP of the DS, in response to receiving a reassociation request having a device address of stored session data, decrypting the reassociation request, and executing a reassociation operation request if the decrypted reassociation request includes at least the corresponding shared secret, and ignoring the reassociation request if the decrypted reassociation request does not include at least the corresponding shared secret” as recited in dependent claim 7, “the method of claim 1, further including: the first wireless device comprises an access point device (AP) compatible with at least one IEEE 802.11 wireless standard that is part of a distributed system (OS); by operation of the first wireless device, generating and storing secure session data for a station device (STA) during association with the STA, secure session data including at least a device address of the STA and a corresponding shared secret with the STA, receiving and storing secure session data for at least one other STA associated with at least one other AP of the OS, in response to receiving a reassociation request having a device address of stored session data, decrypting the reassociation request and executing a reassociation operation, and dropping packets for transmission to the reassociated STA for a predetermined timeout period if the decrypted reassociation request does not include at least the shared secret” as recited in dependent claim 8, or “a system, comprising: a first wireless device configured to execute network joining operations to enable joining wireless devices to access a wireless network, the network joining operation establishing secure session data for the joining wireless devices that includes at least device identification values (IDs) of the joining wireless devices, and shared secret values with the joining wireless devices, execute identity check operations in response to receiving a network joining request having a device ID of the secure session data, the identity check operations comprising decrypting the network joining request, in response to the decrypted network joining message not including the shared secret value, ignoring the network joining message, or executing a network joining operation with a wireless device issuing the network joining message but dropping any wireless messages for transmission to the device ID for a predetermined timeout period” as recited in independent claim 15. As a result, the claims are allowable over the cited prior art. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. U.S. Patent Application Publication No. US 2023/0129553 by Wu et al. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Nelson Giddins whose telephone number is (571)272-7993. The examiner can normally be reached on Monday - Friday, 9:00 AM - 5:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached at (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NELSON S. GIDDINS/ Primary Examiner, Art Unit 2408
Read full office action

Prosecution Timeline

Jun 04, 2024
Application Filed
May 20, 2026
Non-Final Rejection mailed — §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682102
Data storage server and client devices for securely storing data
3y 6m to grant Granted Jul 14, 2026
Patent 12682237
COLLABORATIVE MACHINE LEARNING WHOSE RESULT IS STORED IN A SHARED MEMORY CONTROLLED BY A CENTRAL DEVICE
2y 11m to grant Granted Jul 14, 2026
Patent 12677149
ACCESS CONTROL METHOD AND APPARATUS
1y 10m to grant Granted Jul 07, 2026
Patent 12670242
PRE-OS AUTHENTICATION
3y 8m to grant Granted Jun 30, 2026
Patent 12651056
INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM
1y 10m to grant Granted Jun 09, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
85%
Grant Probability
95%
With Interview (+10.3%)
2y 3m (~2m remaining)
Median Time to Grant
Low
PTA Risk
Based on 544 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month