Prosecution Insights
Last updated: July 17, 2026
Application No. 18/823,936

WEBSOCKET SERVER FOR CLOUD-BASED ZERO TRUST NETWORK ACCESS DATA PLANE

Final Rejection §103
Filed
Sep 04, 2024
Priority
Sep 05, 2023 — IN 202311059706
Examiner
NARRAMORE, BLAKE I
Art Unit
2438
Tech Center
2400 — Computer Networks
Assignee
SOPHOS Limited
OA Round
2 (Final)
78%
Grant Probability
Favorable
3-4
OA Rounds
11m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 78% — above average
78%
Career Allowance Rate
133 granted / 171 resolved
+19.8% vs TC avg
Strong +24% interview lift
Without
With
+24.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
19 currently pending
Career history
193
Total Applications
across all art units

Statute-Specific Performance

§101
1.4%
-38.6% vs TC avg
§103
91.4%
+51.4% vs TC avg
§102
2.5%
-37.5% vs TC avg
§112
1.4%
-38.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 171 resolved cases

Office Action

§103
Detailed Action This is a Final Office action in response to communications received on 4/1/2026. Claims 1, 6, 12 and 20 were amended. Claims 1-20 are pending and are examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s amendments, filed 4/1/2026, to claim(s) 1 correcting the claim to recite structure for the methods performed are sufficient to overcome the rejection to the aforementioned claim(s). Accordingly, the rejection of claim(s) 1-5 under 101, as filed in (6) of the Non-Final Office action filed 1/15/2026, is withdrawn. Applicant’s arguments regarding the rejection under 35 U.S.C. 102 of the claims under Chanak have been considered, but are moot because the new ground of rejection necessitated from amending the independent claims 1, 6 and 12. The instant rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically argued in the Applicant's response. Consequently, the rejection of the claims under 35 U.S.C. 103 is presented as below. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 1, 4-7, 10-16 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Chanak (US 20220029965 A1), in view of Tourrilhes (US 20230344733 A1). Regarding claim 1, Chanak teaches the limitations of claim 1 substantially as follows: A system comprising: a first one or more computing devices hosting an application on a customer premises; (Chanak; [0032]: providing access with a lightweight software connector, in front of the applications, an application on the user device (i.e., the customer premises hosts an application), a central authority to push policy) a second one or more computing devices hosting a threat management facility for the customer premises, the threat management facility remote hosted from the customer premises on a cloud resource; (Chanak; [0043]: The central authority provide centralized policy, real-time threat updates, etc. and coordinates the distribution of this data between the enforcement nodes. The enforcement nodes (i.e., threat management facility) provide an onramp to the users and are configured to execute policy, based on the central authority) a third one or more computing devices hosting in a cloud platform external to the customer premises and the threat management facility, wherein a data plane for zero trust network access is deployed on the third one or more computing devices; (Chanak; [0004]: ZPA is an example cloud service that provides seamless, zero trust access to private applications running on the public cloud, within the data center, within an enterprise network, etc.) a tunnel component in the data plane, the tunnel component configured by the threat management facility to manage secure tunnels between the data plane and the customer premises; (Chanak; [0069]: dynamically creating connections through secure tunnels between three entities: the VPN device, the cloud, and an on-premises redirection proxy) a connector, wherein: the connector is deployed on the customer premises, (Chanak; [0069]: dynamically creating connections through secure tunnels between three entities: the VPN device, the cloud, and an on-premises redirection proxy) the connector is configured remotely from the threat management facility, (Chanak; [0043]: The central authority provide centralized policy, real-time threat updates, etc. and coordinates the distribution of this data between the enforcement nodes. The enforcement nodes (i.e., threat management facility) provide an onramp to the users and are configured to execute policy, based on the central authority) the connector is configured to communicate with the data plane through a secure tunnel created using the tunnel component of the data plane, and (Chanak; [0069]: dynamically creating connections through secure tunnels between three entities: the VPN device, the cloud, and an on-premises redirection proxy) the connector is configured to provide zero trust network access to the application for an external user through the data plane. (Chanak; [0004], [0069]: ZPA is an example cloud service that provides seamless, zero trust access to private applications running on the public cloud, within the data center, within an enterprise network, etc; dynamically creating connections through secure tunnels between three entities: the VPN device, the cloud, and an on-premises redirection proxy) Chanak does not teach the limitations of claim 1 as follows: a connection server executing on the data plane, wherein the connection server is configured to manage tunnels to balance traffic by creating a new tunnel, terminating an existing tunnel, or migrating a connection among the secure tunnels based on connection information stored in a persistent data store in the data plane; and However, in the same field of endeavor, Tourrilhes discloses the limitations of claim 1 as follows: a connection server executing on the data plane, wherein the connection server is configured to manage tunnels to balance traffic by creating a new tunnel, terminating an existing tunnel, or migrating a connection among the secure tunnels based on connection information stored in a persistent data store in the data plane; and (Tourrilhes; The SD-WAN gateway can create parallel tunnels over network 130 using each WAN link, and then use network traffic engineering to direct traffic to the most appropriate tunnel with the goal of optimally using the available network capacity. In some examples, the SD-WAN gateway can monitor the performance of each tunnel, in terms of latency and throughput, and then load balance traffic or map each traffic type to the most appropriate tunnel for that traffic) Tourrilhes is combinable with Chanak because all are from the same field of endeavor of systems communications. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Chanak to incorporate dynamic creation or modification of communication tunnels as in Tourrilhes to improve network traffic efficiency (Tourrilhes; [0104]). Regarding claim 4, Chanak and Tourrilhes teach the limitations of claim 1. Chanak and Tourrilhes teach the limitations of claim 4 as follows: The system of claim 1, wherein the tunnel component converts traffic in the data plane to TCP traffic for communication with the connector. (Chanak; [0088]: the request is not limited to web applications and can include anything such as a remote desktop or anything handling any static Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) applications) Regarding claim 5, Chanak and Tourrilhes teach the limitations of claim 1. Chanak and Tourrilhes teach the limitations of claim 5 as follows: The system of claim 1, wherein the connector executes on a firewall for the customer premises. (Chanak; [0067]: the user can be any user of the enterprise network that is physically located outside a firewall associated with the enterprise network) Regarding claim 6, Chanak teaches the limitations of claim 6 substantially as follows: A computer program product comprising computer executable code embodied in non-transitory computer readable media that, when executing on one or more computing devices, performs the steps of: (Chanak; [0056]: When the server is in operation, the processor is configured to execute software stored within the memory) providing a data plane for zero trust network access, wherein the data plane is deployed in a cloud platform external to a customer premises, and (Chanak; [0004]: ZPA is an example cloud service that provides seamless, zero trust access to private applications running on the public cloud, within the data center, within an enterprise network, etc.) wherein the data plane includes a tunnel component executing in the data plane, (Chanak; [0041]: the locations can use tunneling where all traffic is forward through the cloud-based system; various tunneling protocols are contemplated) the tunnel component configured to manage secure tunnels between the data plane and the customer premises; and (Chanak; [0069]: dynamically creating connections through secure tunnels between three entities: the VPN device, the cloud, and an on-premises redirection proxy) providing a connector, wherein: the connector is deployed on the customer premises, (Chanak; [0069]: dynamically creating connections through secure tunnels between three entities: the VPN device, the cloud, and an on-premises redirection proxy) the customer premises hosts an application, (Chanak; [0032]: providing access with a lightweight software connector, in front of the applications, an application on the user device (i.e., the customer premises hosts an application), a central authority to push policy) the connector is configured remotely from a threat management facility for the customer premises, (Chanak; [0043]: The central authority provide centralized policy, real-time threat updates, etc. and coordinates the distribution of this data between the enforcement nodes. The enforcement nodes (i.e., threat management facility) provide an onramp to the users and are configured to execute policy, based on the central authority) the connector is configured to communicate with the data plane through a secure tunnel created using the tunnel component of the data plane, and (Chanak; [0069]: dynamically creating connections through secure tunnels between three entities: the VPN device, the cloud, and an on-premises redirection proxy) the connector is configured to provide zero trust network access to the application for an external user through the data plane. (Chanak; [0004], [0069]: ZPA is an example cloud service that provides seamless, zero trust access to private applications running on the public cloud, within the data center, within an enterprise network, etc; dynamically creating connections through secure tunnels between three entities: the VPN device, the cloud, and an on-premises redirection proxy) Chanak does not teach the limitations of claim 6 as follows: executing a connection server on the data plane, wherein the connection server is configured to manage tunnels to balance traffic by creating a new tunnel, terminating an existing tunnel, or migrating a connection among the secure tunnels based on connection information stored in a persistent data store in the data plane; and However, in the same field of endeavor, Tourrilhes discloses the limitations of claim 6 as follows: executing a connection server on the data plane, wherein the connection server is configured to manage tunnels to balance traffic by creating a new tunnel, terminating an existing tunnel, or migrating a connection among the secure tunnels based on connection information stored in a persistent data store in the data plane; and (Tourrilhes; The SD-WAN gateway can create parallel tunnels over network 130 using each WAN link, and then use network traffic engineering to direct traffic to the most appropriate tunnel with the goal of optimally using the available network capacity. In some examples, the SD-WAN gateway can monitor the performance of each tunnel, in terms of latency and throughput, and then load balance traffic or map each traffic type to the most appropriate tunnel for that traffic) Tourrilhes is combinable with Chanak because all are from the same field of endeavor of systems communications. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Chanak to incorporate dynamic creation or modification of communication tunnels as in Tourrilhes to improve network traffic efficiency (Tourrilhes; [0104]). Regarding claim 7, Chanak and Tourrilhes teach the limitations of claim 6. Chanak and Tourrilhes teach the limitations of claim 7 as follows: The computer program product of claim 6, wherein the threat management facility executes on a second cloud platform external to the customer premises and external to the cloud platform hosting the data plane. (Chanak; [0043]: the cloud-based system includes a plurality of enforcement nodes (EN), labeled as enforcement nodes, interconnected to one another and interconnected to a central authority (CA) (i.e., the threat management facility executes on a second cloud platform external to the customer premises and external to the cloud platform hosting the data plane)) Regarding claim 10, Chanak and Tourrilhes teach the limitations of claim 6. Chanak and Tourrilhes teach the limitations of claim 10 as follows: The computer program product of claim 6, wherein the tunnel component converts traffic in the data plane to TCP traffic for communication with the connector. (Chanak; [0088]: the request is not limited to web applications and can include anything such as a remote desktop or anything handling any static Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) applications) Regarding claim 11, Chanak and Tourrilhes teach the limitations of claim 6. Chanak and Tourrilhes teach the limitations of claim 11 as follows: The computer program product of claim 6, wherein the connector executes on a firewall for the customer premises. (Chanak; [0067]: the user can be any user of the enterprise network that is physically located outside a firewall associated with the enterprise network) Regarding claim 12, Chanak teaches the limitations of claim 12 substantially as follows: A method comprising: hosting a data plane for zero trust network access on a cloud platform external to a customer premises, (Chanak; [0004]: ZPA is an example cloud service that provides seamless, zero trust access to private applications running on the public cloud, within the data center, within an enterprise network, etc.) the data plane including a secure tunnel component; and (Chanak; [0041]: the locations can use tunneling where all traffic is forward through the cloud-based system; various tunneling protocols are contemplated) executing a connector on a network component of the customer premises, wherein: (Chanak; [0069]: dynamically creating connections through secure tunnels between three entities: the VPN device, the cloud, and an on-premises redirection proxy) the customer premises hosts an application, (Chanak; [0032]: providing access with a lightweight software connector, in front of the applications, an application on the user device (i.e., the customer premises hosts an application), a central authority to push policy) the connector is configured remotely from a threat management facility coupled to the customer premises, (Chanak; [0043]: The central authority provide centralized policy, real-time threat updates, etc. and coordinates the distribution of this data between the enforcement nodes. The enforcement nodes (i.e., threat management facility) provide an onramp to the users and are configured to execute policy, based on the central authority) the connector is coupled to the data plane through a secure tunnel created using the secure tunnel component, and (Chanak; [0069]: dynamically creating connections through secure tunnels between three entities: the VPN device, the cloud, and an on-premises redirection proxy) the connector is configured to provide zero trust network access to the application for an external user through the data plane. (Chanak; [0004], [0069]: ZPA is an example cloud service that provides seamless, zero trust access to private applications running on the public cloud, within the data center, within an enterprise network, etc; dynamically creating connections through secure tunnels between three entities: the VPN device, the cloud, and an on-premises redirection proxy) Chanak does not teach the limitations of claim 12 as follows: executing a connection server on the data plane, wherein the connection server is configured to manage tunnels to balance traffic by creating a new tunnel, terminating an existing tunnel, or migrating a connection among secure tunnels based on connection information stored in a persistent data store in the data plane; However, in the same field of endeavor, Tourrilhes discloses the limitations of claim 12 as follows: executing a connection server on the data plane, wherein the connection server is configured to manage tunnels to balance traffic by creating a new tunnel, terminating an existing tunnel, or migrating a connection among secure tunnels based on connection information stored in a persistent data store in the data plane; (Tourrilhes; The SD-WAN gateway can create parallel tunnels over network 130 using each WAN link, and then use network traffic engineering to direct traffic to the most appropriate tunnel with the goal of optimally using the available network capacity. In some examples, the SD-WAN gateway can monitor the performance of each tunnel, in terms of latency and throughput, and then load balance traffic or map each traffic type to the most appropriate tunnel for that traffic) Tourrilhes is combinable with Chanak because all are from the same field of endeavor of systems communications. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Chanak to incorporate dynamic creation or modification of communication tunnels as in Tourrilhes to improve network traffic efficiency (Tourrilhes; [0104]). Regarding claim 13, Chanak and Tourrilhes teach the limitations of claim 12. Chanak and Tourrilhes teach the limitations of claim 13 as follows: The method of claim 12, wherein the network component includes a firewall for the customer premises. (Chanak; [0067]: the user can be any user of the enterprise network that is physically located outside a firewall associated with the enterprise network) Regarding claim 14, Chanak and Tourrilhes teach the limitations of claim 13. Chanak and Tourrilhes teach the limitations of claim 14 as follows: The method of claim 13, wherein the connector is configurable by the threat management facility to provide zero trust network access through either (a) the secure tunnel and the data plane or (b) a direct user connection to the firewall on the customer premises. (Chanak; [0004], [0069]: ZPA is an example cloud service that provides seamless, zero trust access to private applications running on the public cloud, within the data center, within an enterprise network, etc; dynamically creating connections through secure tunnels between three entities: the VPN device, the cloud, and an on-premises redirection proxy (i.e., provide zero trust network access through either (a) the secure tunnel and the data plane)) Regarding claim 15, Chanak and Tourrilhes teach the limitations of claim 12. Chanak and Tourrilhes teach the limitations of claim 15 as follows: The method of claim 12, wherein the network component includes a gateway for an enterprise network of the customer premises. (Chanak; [0034]: the cloud-based system can offer a Secure Internet and Web Gateway as a service to various users) Regarding claim 16, Chanak and Tourrilhes teach the limitations of claim 12. Chanak and Tourrilhes teach the limitations of claim 16 as follows: The method of claim 12, wherein the threat management facility executes on a second cloud platform external to the customer premises and external to the cloud platform hosting the data plane. (Chanak; [0043]: the cloud-based system includes a plurality of enforcement nodes (EN), labeled as enforcement nodes, interconnected to one another and interconnected to a central authority (CA) (i.e., the threat management facility executes on a second cloud platform external to the customer premises and external to the cloud platform hosting the data plane)) Regarding claim 18, Chanak and Tourrilhes teach the limitations of claim 12. Chanak and Tourrilhes teach the limitations of claim 18 as follows: The method of claim 12, wherein the secure tunnel component converts traffic in the data plane to TCP traffic for communication with the connector through the secure tunnel. (Chanak; [0088]: the request is not limited to web applications and can include anything such as a remote desktop or anything handling any static Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) applications) Regarding claim 19, Chanak and Tourrilhes teach the limitations of claim 12. Chanak and Tourrilhes teach the limitations of claim 19 as follows: The method of claim 12, further comprising authorizing application traffic with a policy manager executing in the data plane. (Chanak; [0032]: providing access with a lightweight software connector, in front of the applications, an application on the user device, a central authority to push policy (i.e., authorizing application traffic with a policy manager executing in the data plane)) Claims 2, 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Chanak (US 20220029965 A1), in view of Tourrilhes (US 20230344733 A1), as applied to independent claims, in view of Prunier (US 20230353567 A1), hereinafter “Prunier A”. Regarding claim 2, Chanak and Tourrilhes teach the limitations of claim 1. Chanak and Tourrilhes do not teach the limitations of claim 2 as follows: The system of claim 1, wherein the tunnel component includes a WebSocket server. However, in the same field of endeavor, Prunier A discloses the limitations of claim 2 as follows: The system of claim 1, wherein the tunnel component includes a WebSocket server. (Prunier ‘567; [0092]: After the HTTP connection has been converted to a Websocket connection (i.e., the secure tunnel component includes a WebSocket server), tunnel packet processing is initiated) Prunier A is combinable with Chanak and Tourrilhes because all are from the same field of endeavor of systems communications. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Chanak and Tourrilhes to incorporate Websockets as tunnel endpoints as in Prunier A as variants of communication endpoints. Regarding claim 8, Chanak and Tourrilhes teach the limitations of claim 6. Chanak and Tourrilhes do not teach the limitations of claim 2 as follows: The computer program product of claim 6, wherein the tunnel component includes a WebSocket server. However, in the same field of endeavor, Prunier A discloses the limitations of claim 8 as follows: The computer program product of claim 6, wherein the tunnel component includes a WebSocket server. (Prunier ‘567; [0092]: After the HTTP connection has been converted to a Websocket connection (i.e., the secure tunnel component includes a WebSocket server), tunnel packet processing is initiated) Prunier A is combinable with Chanak and Tourrilhes because all are from the same field of endeavor of systems communications. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Chanak and Tourrilhes to incorporate Websockets as tunnel endpoints as in Prunier A as variants of communication endpoints. Regarding claim 17, Chanak and Tourrilhes teach the limitations of claim 12. Chanak and Tourrilhes do not teach the limitations of claim 17 as follows: The method of claim 12, wherein the secure tunnel component includes a WebSocket server. However, in the same field of endeavor, Prunier A discloses the limitations of claim 17 as follows: The method of claim 12, wherein the secure tunnel component includes a WebSocket server. (Prunier ‘567; [0092]: After the HTTP connection has been converted to a Websocket connection (i.e., the secure tunnel component includes a WebSocket server), tunnel packet processing is initiated) Prunier A is combinable with Chanak and Tourrilhes because all are from the same field of endeavor of systems communications. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Chanak and Tourrilhes to incorporate Websockets as tunnel endpoints as in Prunier A as variants of communication endpoints. Claims 3 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Chanak (US 20220029965 A1), in view of Tourrilhes (US 20230344733 A1), as applied to independent claims, in view of Prunier A (US 20230353567 A1), further in view of Prunier (US 20240406169 A1), hereinafter “Prunier B”. Regarding claim 3, Chanak, Tourrilhes and Prunier A teach the limitations of claim 2. Chanak, Tourrilhes and Prunier A do not teach the limitations of claim 3 as follows: The system of claim 2, further comprising a policy manager executing on the WebSocket server and authorizing application traffic using Open Policy Agent. However, in the same field of endeavor, Prunier B discloses the limitations of claim 3 as follows: The system of claim 2, further comprising a policy manager executing on the WebSocket server and authorizing application traffic using Open Policy Agent. (Prunier ‘169; [0029]: As one example, policy server can be implemented as an open policy agent (OPA)) Prunier B is combinable with Chanak, Tourrilhes and Prunier A because all are from the same field of endeavor of systems communications. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Chanak, Tourrilhes and Prunier A to incorporate an Open Policy Agent as in Prunier B in as a variant of a policy manager. Regarding claim 9, Chanak, Tourrilhes and Prunier A teach the limitations of claim 8. Chanak, Tourrilhes and Prunier A do not teach the limitations of claim 9 as follows: The computer program product of claim 8, further comprising code that provides a policy manager executing on the WebSocket server and authorizing application traffic using Open Policy Agent. However, in the same field of endeavor, Prunier B discloses the limitations of claim 9 as follows: The computer program product of claim 8, further comprising code that provides a policy manager executing on the WebSocket server and authorizing application traffic using Open Policy Agent. (Prunier ‘169; [0029]: As one example, policy server can be implemented as an open policy agent (OPA)) Prunier B is combinable with Chanak, Tourrilhes and Prunier A because all are from the same field of endeavor of systems communications. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Chanak, Tourrilhes and Prunier A to incorporate an Open Policy Agent as in Prunier B in as a variant of a policy manager. Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Chanak (US 20220029965 A1), in view of Tourrilhes (US 20230344733 A1), as applied to independent claims, in view of Prunier B (US 20240406169 A1), hereinafter “Prunier B”. Regarding claim 20, Chanak and Tourrilhes teach the limitations of claim 19. Chanak and Tourrilhes do not teach the limitations of claim 20 as follows: The method of claim 19, wherein authorizing application traffic includes authorizing the application traffic using Open Policy Agent. However, in the same field of endeavor, Prunier B discloses the limitations of claim 20 as follows: The method of claim 19, wherein authorizing application traffic includes authorizing the application traffic using Open Policy Agent. (Prunier ‘169; [0029]: As one example, policy server can be implemented as an open policy agent (OPA)) Prunier B is combinable with Chanak and Tourrilhes because all are from the same field of endeavor of systems communications. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Chanak and Tourrilhes to incorporate an Open Policy Agent as in Prunier B in as a variant of a policy manager. Prior Art Considered But Not Relied Upon Darbarwar (US 20240356918 A1) which teaches information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. Neal (US 20220358240 A1) which teaches an adaptive data privacy platform that facilitates compliance with privacy laws and regulations, and compliance with organizational requirements within an organizational context. Conclusion For the above-stated reasons, claims 1-20 are rejected. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to BLAKE ISAAC NARRAMORE whose telephone number is (303)297-4357. The examiner can normally be reached on Monday - Friday 0700-1700 MT. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BLAKE I NARRAMORE/Examiner, Art Unit 2438
Read full office action

Prosecution Timeline

Sep 04, 2024
Application Filed
Jan 15, 2026
Non-Final Rejection mailed — §103
Mar 30, 2026
Applicant Interview (Telephonic)
Mar 30, 2026
Examiner Interview Summary
Apr 01, 2026
Response Filed
Jun 18, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683808
CERTIFICATE MANAGEMENT
4y 11m to grant Granted Jul 14, 2026
Patent 12683996
SYSTEMS AND METHODS FOR DETECTING DATA LEAKAGE OF ONLINE CONTENT
4y 1m to grant Granted Jul 14, 2026
Patent 12683778
ERROR REDUCTION DURING CRYPTOGRAPHIC KEY UPDATES IN SECURE MEMORY DEVICES
4y 1m to grant Granted Jul 14, 2026
Patent 12682040
Applying a Security Policy to an Instance of an Application
3y 11m to grant Granted Jul 14, 2026
Patent 12682112
DATA PRIVACY PROTECTION METHOD, SERVER DEVICE AND CLIENT DEVICE FOR FEDERATED LEARNING
3y 7m to grant Granted Jul 14, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
78%
Grant Probability
99%
With Interview (+24.0%)
2y 9m (~11m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 171 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month