Prosecution Insights
Last updated: July 17, 2026
Application No. 18/853,070

SIGNAL PROCESSING DEVICE, AND VEHICLE DISPLAY DEVICE HAVING SAME

Non-Final OA §103§112
Filed
Sep 30, 2024
Priority
Mar 31, 2022 — RE 10-2022-0040748 +2 more
Examiner
WICKRAMASURIYA, SAMEERA
Art Unit
2494
Tech Center
2400 — Computer Networks
Assignee
LG Electronics Inc.
OA Round
1 (Non-Final)
76%
Grant Probability
Favorable
1-2
OA Rounds
11m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 76% — above average
76%
Career Allowance Rate
137 granted / 180 resolved
+18.1% vs TC avg
Strong +34% interview lift
Without
With
+34.5%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
8 currently pending
Career history
190
Total Applications
across all art units

Statute-Specific Performance

§101
1.4%
-38.6% vs TC avg
§103
87.4%
+47.4% vs TC avg
§102
4.5%
-35.5% vs TC avg
§112
5.6%
-34.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 180 resolved cases

Office Action

§103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement 2. The information disclosure statement(s) (IDS) submitted on 09/30/2024, 11/25/2024, 08/08/2025 and 03/23/2026 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) is/are being considered by the examiner. Claim Objections 3. Claims 1, 16 and 17 are objected to because of the following informalities: In Claim 1, the limitation “wherein the first guest virtual machine and the second guest virtual machine is configured to decrypt the data received from the shared memory based on the security key” (emphasis added) should read as “*wherein the first guest virtual machine and the second guest virtual machine are configured to decrypt the data received from the shared memory based on the security key”(emphasis added). Claims 16 and 17 suffer similar deficiencies. Appropriate correction is required. Claim Rejections - 35 USC § 112 4. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 5. Claims 1- are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. 6. Claim 1 recites in a limitation “wherein the secure server is configured to transmit a security key and encrypted data to at least one of the plurality of zone signal processing devices” (emphasis added). Another limitation recites “transmit a security key to the first guest virtual machine and the second guest virtual machine” (Emphasis added). It is unclear whether the applicant is trying to refer to the same security key recited in the earlier limitation or a different key. Further, it is unclear whether the security key recited in the last limitation is referring to which of the security keys listed above, and therefore failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention. Claim17 suffers similar deficiencies and rejected using the same rationale. Dependent Claims 2-15 and 18-20 are rejected based upon their respective dependence from independent Claims 1 and 17. Claim 8 recites in a limitation “wherein the authentication manager in the secure server is configured to perform authentication with at least one of the plurality of zone signal processing devices” (Emphasis added). However, there is no prior recitation of “an authentication manager” in the claim or the claim which it depends on. There is insufficient antecedent basis for this limitation in the claim. Claim 10 recites in a limitation “wherein in response to not receiving a Key Encryption Key from some of the plurality of zone signal processing devices, the secure server does not transmit the generated security key and the encrypted data to the some of the plurality of zone signal processing devices” (Emphasis added). However, there is no prior recitation of “a generated security key” in the claim or the claim which it depends on. There is insufficient antecedent basis for this limitation in the claim. Claim 19 suffers similar deficiencies and rejected using the same rationale. Claim 14 recites in a limitation “wherein the secure server is configured to selectively encrypt data to be shared with the plurality of zone signal processing devices based on impacting levels according to the ASIL ratings and a data type, and to store the encrypted data in a shared memory” (Emphasis added). Claim 14 is dependent of Claim 1 and it is unclear whether the applicant is trying to refer to the same shared memory recited in Claim 1 or a different shared memory, and therefore failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention. Claim 15 is rejected based on its dependency on Claim 14. Claim 15 further recites in a limitation “in response to the impacting level being level 1, perform authentication and encryption without encrypting data” (Emphasis added). It is unclear as the limitation recites performing encryption while stating that the data is not encrypted at the same time. Therefore, claim fails to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention. For the examination purpose, the examiner is interpreting the limitation as “in response to the impacting level being level 1, perform authentication without encrypting data.” Claim 17 recites in a limitation “a plurality of zone signal processing devices” (emphasis added). Another limitation recites “a processor configured to perform authentication with a plurality of zone signal processing devices” (Emphasis added). It is unclear whether the applicant is trying to refer to the same plurality of zone signal processing devices recited in the earlier limitation or different plurality of zone signal processing devices. Further, it is unclear whether the plurality of zone signal processing devices recited in the latter limitations are referring to which of the plurality of zone signal processing devices listed above, and therefore failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention. Claims 18-20 are rejected based on their dependency on Claim 17. Claim Rejections - 35 USC § 103 7. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 8. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 9. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 10. Claims 1-2, 7-10 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Hitachi Ltd (JP 2007214696 A, hereinafter R1) [As disclosed in IDS] in view of Wu et al. ("Comprehensive VM protection against untrusted hypervisor through retrofitted AMD memory encryption." IEEE 2018, hereinafter R2) [As disclosed in IDS], and further in view of Kawabata et al. (US 2018/0183605 A1, hereinafter Kawabata). Regarding Claim 1, R1 discloses a signal processing device configured to perform signal processing in a vehicle, the signal processing device comprising (R1: ¶ [0021] control device (ECU) 1 used in the network between vehicle control devices of the present embodiment. The ECU 1 receives input signals from the sensors 2 attached to each part of the vehicle…, and issues control commands…, driving the control commands, ¶ [0001] vehicle control devices, and more particularly to a network between vehicle control devices that is optimal for encrypted communication on a network connecting the vehicle control devices): a secured storage device configured to store a digital signature from an external server (R1: ¶ [0021] non-volatile memory for storing non-volatile information necessary for control 11, a non-volatile memory 11, ¶ [0022] A certain RAM 15, a ROM 16 that is a non-volatile memory that stores a control program and various control setting information, an EEPROM 17 that is a non-volatile memory); and a processor configured to perform authentication with a plurality of zone signal processing devices (R1: ¶ [0022] ECU 1 is an input/output interface 13 that is connected to the sensors 2 and the actuators 5…, a CPU 18 that controls these and controls them are connected by a bus 19, ¶ [0023] the authentication means 10 are all stored as programs in the ROM 16, and these programs are read at the time of execution and executed by the CPU 18, ¶ [0025] authentication is performed between the control devices on the network before performing encrypted communication between the control devices, ¶ [0026]), wherein the processor is configured to execute a secure server to perform authentication with the plurality of zone signal processing devices (R1: ¶ [0022] a CPU 18 that controls these and controls them are connected by a bus 19, ¶ [0025] authentication is performed between the control devices on the network before performing encrypted communication between the control devices, ¶ [0026] (ECU-A20 → ECU-B21) of the authentication action performed by the authentication means 10, ¶[0023] The control means 4, the encryption/ decryption means 9 for performing encryption/decryption, and the authentication means 10 are all stored as programs in the ROM 16, and these programs are read at the time of execution and executed by the CPU 18, ¶¶ [0021, 0024, 0027-0030]), wherein the secure server is configured to transmit a security key and encrypted data to at least one of the plurality of zone signal processing devices (R1: ¶ [0026] (ECU-A20 → ECU-B21) of the authentication action performed by the authentication means 10, ¶ [0039] stores the encryption key and transmits the encryption key to the ECU-C 22 so that the ECU-B 21 does not know it (step S202), ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key, ¶ [0023]); and transmit a security key to the first guest virtual machine and the second guest virtual machine (R1: ¶ [0039] stores the encryption key and transmits the encryption key to the ECU-C 22, ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key, ¶¶ [0039, 0040-0043, 0046]). It is noted that R1 does not explicitly disclose: wherein the processor is configured to execute a server virtual machine, a first guest virtual machine, and a second guest virtual machine on a hypervisor, wherein the server virtual machine is configured to store data to be transmitted in a shared memory, and transmit a security key to the first guest virtual machine and the second guest virtual machine, wherein the first guest virtual machine and the second guest virtual machine is configured to decrypt the data received from the shared memory based on the security key. However, R2 from the same field of endeavor as the claimed invention discloses keys are managed by a secure processor and installed into the memory controller to support on-die AES encryption engine. The keys will be regenerated every time the host system resets in SME or guest reboots in SEV (R2: [Page: 442 Section: Col 2--Top]), memory mapping is still controlled by the hypervisor to map from guest physical address to host physical address…, and a key-sharing enabled guest (R2: [Page: 443 Section: Col 1--Top]). In addition, R2 teaches in Fig.1 and Fig. 2, Dom VMs, Guest VMs and a hypervisor (See R2: [Pages: 442,444, Figs. 1-2]), and guest VM can encrypt its block I/O data by directly using the AES instruction set, as shown in the left part of Figure 4…., back-end driver first copies the disk data to the shared memory, at this point, the data are encrypted and privacy preserved (i.e. encrypted data exchange via shared memory). Afterwards, the front-end driver decrypts the data in the shared memory using Kblk (R2: [Page: 447 Section: 4.3.5], See also Fig. 4 a and b). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of R2 in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so as shared memory is a fast mechanism providing lower latency, and further virtualization allows multiple control functions to execute on a single processing platform while preserving logical separation. It is noted that R1 and R2 do not explicitly disclose: a secured storage device configured to store a digital signature from an external server. However, Kawabata from the same field of endeavor as the claimed invention discloses a software distribution processing device stores a common key for each ECU and a verification key for an electronic signature of software updating data, verifies an electronic signature of the updating data received from management server (Kawabata: ¶[Abstract]), and When the result of the step S3 indicates that the ECU version of each ECU 30 in the automobile 1 does not indicate the latest version, the management server equipment 70 sends the updating firmware attached with an electronic signature to the gateway ECU 10 (Kawabata: ¶[0038], Also see ¶ [0030]). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kawabata in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so to verify software updates (See Kawabata: ¶[0038]), and/or to verify updates are received from trusted devices. Regarding Claim 2, Claim 2 is dependent on Claim 1, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 1. R1 further discloses wherein the secure server is configured to receive a request for encryption from at least one of the plurality of zone signal processing devices, and based on the request for encryption, transmit the security key and the encrypted data to at least one of the plurality of zone signal processing devices (R1: ¶[0023] The control means 4, the encryption/ decryption means 9 for performing encryption/decryption, and the authentication means 10 are all stored as programs in the ROM 16, and these programs are read at the time of execution and executed by the CPU 18, ¶ [0025] authentication is performed between the control devices on the network before performing encrypted communication between the control devices, ¶ [0021] authentication means 10 for authenticating other network participants, ¶ [0038] In this network between control devices, ECU-A20, ECU-C22, and ECU-D23 are good-will control devices, and any one of them is, for example, as shown in FIG. -A20 determines an encryption key based on a random number or the like (step S201), ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key, ¶¶ [0039, 0040-0043, 0046]). Regarding Claim 7, Claim 7 is dependent on Claim 1, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 1. R1 further discloses wherein an authentication manager in the secure server is configured to perform authentication with at least one of the plurality of zone signal processing devices (R1: ¶ [0025] authentication is performed between the control devices on the network before performing encrypted communication between the control devices, ¶ [0026] (ECU-A20 → ECU-B21) of the authentication action performed by the authentication means 10, ¶¶ [0023, 0027-0030]), and based on the authentication by the authentication manager, the encrypted data is transmitted to at least one of the plurality of zone signal processing devices (R1: ¶ [0025] authentication is performed between the control devices on the network before performing encrypted communication between the control devices, ¶ [0026] (ECU-A20 → ECU-B21) of the authentication action performed by the authentication means 10, ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key). Regarding Claim 8, Claim 8 is dependent on Claim 1, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 1. R1 further discloses wherein the authentication manager in the secure server is configured to perform authentication with at least one of the plurality of zone signal processing devices (R1: ¶ [0025] authentication is performed between the control devices on the network before performing encrypted communication between the control devices, ¶ [0026] (ECU-A20 → ECU-B21) of the authentication action performed by the authentication means 10, ¶¶ [0023, 0027-0030]), and based on the authentication by the authentication manager, data is transmitted among the plurality of zone signal processing devices (R1: ¶ [0025] authentication is performed between the control devices on the network before performing encrypted communication between the control devices, ¶ [0021] authentication means 10 for authenticating other network participants, ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key, ¶¶ [0045, 0051-0056]). Regarding Claim 9, Claim 9 is dependent on Claim 1, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 1. R1 further discloses wherein the secure server is configured to receive a Key Encryption Key from at least one of the plurality of zone signal processing devices (R1: ¶ [0051] ECU-A 20 generates an encryption key (key value) k, encrypts the encryption key k with the ECU-C public key 42, and transmits the encryption key k 42 encrypted with the ECU-C public key 42 to the ECU-C22. Transmit (step S301), ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key), ¶ [0023]), and to generate the security key based on the Key Encryption Key and transmit the generated security key and the encrypted data (R1: ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key, ¶ [0051] ECU-A 20 generates an encryption key (key value) k, encrypts the encryption key k with the ECU-C public key 42, and transmits the encryption key k 42 encrypted with the ECU-C public key 42 to the ECU-C22, ¶¶ [0052-0056]). Regarding Claim 10, Claim 10 is dependent on Claim 1, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 1. R1 further discloses wherein in response to not receiving a Key Encryption Key from some of the plurality of zone signal processing devices, the secure server does not transmit the generated security key and the encrypted data to the some of the plurality of zone signal processing devices (R1: ¶ [0045] vehicle control that logically eliminates the participation of malicious control devices detected in authentication by selectively distributing encryption keys (only to the bona fide control devices) between the control devices in the network. An inter-device encryption network can be configured, and the influence of a malicious control device that physically stays in the network can be minimized. Eliminating the logical participation of malicious control devices in the network is making effective data transmission between the control devices impossible, ¶¶ [0052-0056]). Regarding Claim 17, R1 discloses a vehicle display apparatus comprising (R1: ¶ [0021] control device (ECU) 1 used in the network between vehicle control devices of the present embodiment. The ECU 1 receives input signals from the sensors 2 attached to each part of the vehicle…, and issues control commands…, driving the control commands, ¶ [0032] it is possible to display to the user such that the physical exclusion of the malicious control device is performed, ¶ [0001] vehicle control devices, and more particularly to a network between vehicle control devices that is optimal for encrypted communication on a network connecting the vehicle control devices, ¶¶ [0020, 0066]): a signal processing device (R1: ¶ [0021] control device (ECU) 1 used in the network between vehicle control devices of the present embodiment. The ECU 1 receives input signals from the sensors 2 attached to each part of the vehicle…, and issues control commands…, driving the control commands, ¶ [0001] vehicle control devices, and more particularly to a network between vehicle control devices that is optimal for encrypted communication on a network connecting the vehicle control devices); and a plurality of zone signal processing devices (R1: ¶ [0021] control device (ECU) 1 used in the network between vehicle control devices of the present embodiment. The ECU 1 receives input signals from the sensors 2 attached to each part of the vehicle…, and issues control commands…, driving the control commands, ¶ [0024] ECU-A 20, ECU-B 21 and ECU-C 22 are connected to each other via a communication bus 7 so as to be able to transmit data, ¶ [0001] vehicle control devices, and more particularly to a network between vehicle control devices that is optimal for encrypted communication on a network connecting the vehicle control devices), wherein the signal processing device comprising: a secured storage device configured to store a digital signature from an external server (R1: ¶ [0021] non-volatile memory for storing non-volatile information necessary for control 11, a non-volatile memory 11, ¶ [0022] A certain RAM 15, a ROM 16 that is a non-volatile memory that stores a control program and various control setting information, an EEPROM 17 that is a non-volatile memory); and a processor configured to perform authentication with a plurality of zone signal processing devices (R1: ¶ [0022] ECU 1 is an input/output interface 13 that is connected to the sensors 2 and the actuators 5…, a CPU 18 that controls these and controls them are connected by a bus 19, ¶ [0023] the authentication means 10 are all stored as programs in the ROM 16, and these programs are read at the time of execution and executed by the CPU 18, ¶ [0025] authentication is performed between the control devices on the network before performing encrypted communication between the control devices, ¶¶ [0024, 0026]), wherein the processor is configured to execute a secure server to perform authentication with the plurality of zone signal processing devices (R1: ¶ [0022] a CPU 18 that controls these and controls them are connected by a bus 19, ¶ [0025] authentication is performed between the control devices on the network before performing encrypted communication between the control devices, ¶ [0026] (ECU-A20 → ECU-B21) of the authentication action performed by the authentication means 10, ¶[0023] The control means 4, the encryption/ decryption means 9 for performing encryption/decryption, and the authentication means 10 are all stored as programs in the ROM 16, and these programs are read at the time of execution and executed by the CPU 18, ¶¶ [0021, 0024, 0027-0030]), wherein the secure server is configured to transmit a security key and encrypted data to at least one of the plurality of zone signal processing devices (R1: ¶ [0026] (ECU-A20 → ECU-B21) of the authentication action performed by the authentication means 10, ¶ [0039] stores the encryption key and transmits the encryption key to the ECU-C 22 so that the ECU-B 21 does not know it (step S202), ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key, ¶¶ [0023, 0024]); and transmit a security key to the first guest virtual machine and the second guest virtual machine (R1: ¶ [0039] stores the encryption key and transmits the encryption key to the ECU-C 22, ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key, ¶¶ [0039, 0040-0043, 0046]). It is noted that R1 does not explicitly disclose: wherein the processor is configured to execute a server virtual machine, a first guest virtual machine, and a second guest virtual machine on a hypervisor, wherein the server virtual machine is configured to store data to be transmitted in a shared memory, and transmit a security key to the first guest virtual machine and the second guest virtual machine, wherein the first guest virtual machine and the second guest virtual machine is configured to decrypt the data received from the shared memory based on the security key. However, R2 from the same field of endeavor as the claimed invention discloses keys are managed by a secure processor and installed into the memory controller to support on-die AES encryption engine. The keys will be regenerated every time the host system resets in SME or guest reboots in SEV (R2: [Page: 442 Section: Col 2--Top]), memory mapping is still controlled by the hypervisor to map from guest physical address to host physical address…, and a key-sharing enabled guest (R2: [Page: 443 Section: Col 1--Top]). In addition, R2 teaches in Fig.1 and Fig. 2, Dom VMs, Guest VMs and a hypervisor (See R2: [Pages: 442,444, Figs. 1-2]), and guest VM can encrypt its block I/O data by directly using the AES instruction set, as shown in the left part of Figure 4…., back-end driver first copies the disk data to the shared memory, at this point, the data are encrypted and privacy preserved (i.e. encrypted data exchange via shared memory). Afterwards, the front-end driver decrypts the data in the shared memory using Kblk (R2: [Page: 447 Section: 4.3.5], See also Fig. 4 a and b). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of R2 in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so as shared memory is a fast mechanism providing lower latency, and further virtualization allows multiple control functions to execute on a single processing platform while preserving logical separation. It is noted that R1 and R2 do not explicitly disclose: a secured storage device configured to store a digital signature from an external server. However, Kawabata further discloses a software distribution processing device stores a common key for each ECU and a verification key for an electronic signature of software updating data, verifies an electronic signature of the updating data received from management server (Kawabata: ¶[Abstract]), and When the result of the step S3 indicates that the ECU version of each ECU 30 in the automobile 1 does not indicate the latest version, the management server equipment 70 sends the updating firmware attached with an electronic signature to the gateway ECU 10 (Kawabata: ¶[0038], Also see ¶ [0030]). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kawabata in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so to verify software updates (See Kawabata: ¶[0038]), and/or to verify updates are received from trusted servers. Regarding Claim 18, Claim 18 is dependent on Claim 17, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 17. The combination of R1, R2 and Kawabata discloses all the limitations of Claim 18 as discussed in Claim 2. Therefore, Claim 18 is rejected using the same rationales as discussed in Claim 2. Regarding Claim 19, Claim 19 is dependent on Claim 17, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 17. The combination of R1, R2 and Kawabata discloses all the limitations of Claim 19 as discussed in Claim 10. Therefore, Claim 19 is rejected using the same rationales as discussed in Claim 10. 11. Claims 3-6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Hitachi Ltd (JP 2007214696 A, hereinafter R1) [As disclosed in IDS] in view of Wu et al. ("Comprehensive VM protection against untrusted hypervisor through retrofitted AMD memory encryption." IEEE 2018, hereinafter R2) [As disclosed in IDS], in view of Kawabata et al. (US 2018/0183605 A1, hereinafter Kawabata) and further in view of Mondello et al.(US 2020/0021431 A1, hereinafter Mondello). Regarding Claim 3, Claim 3 is dependent on Claim 1, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 1. R1 further discloses wherein the secure server is configured to transmit a certificate together when transmitting the security key and the encrypted data (R1: ¶ [0038] In this network between control devices, ECU-A20, ECU-C22, and ECU-D23 are good-will control devices, and any one of them is, for example, as shown in FIG. -A20 determines an encryption key based on a random number or the like (step S201), ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key, ¶¶ [0040-0043]). It is noted that R1, R2 and Kawabata do not explicitly disclose: wherein the secure server is configured to transmit a certificate together when transmitting the security key and the encrypted data. However, Mondello from the same field of endeavor as the claimed invention discloses the vehicular communication component can be configured to generate a vehicular private key and a vehicular public key, provide the vehicular public key to a plurality of external communication components (Mondello: ¶[Abstract]), and data transmitted from a vehicular communication component can include a receiver ID (identifying data for all roads or lanes), a vehicle ID and optionally a VIN, a vehicle ID certificate, a vehicle public key, encrypted data (e.g., an external public key), and/or a digital signature of the vehicular entity (Mondello: ¶[0043]). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Mondello in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so in order to establish mutual trust and to verify the sender is authorized. Regarding Claim 4, Claim 4 is dependent on Claim 1, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 1. It is noted that R1, R2 and Kawabata do not explicitly disclose wherein after performing authentication with the external server, the secure server is configured to receive an updated digital signature, key, certificate information, or topic policy. However, Mondello further discloses the vehicular communication component can be configured to generate a vehicular private key and a vehicular public key, provide the vehicular public key to a plurality of external communication components (Mondello: ¶[Abstract]), data transmitted from an external communication component 446 can include a receiver ID (identifying data for all vehicles), Road or Lane ID numbers, Road or Lane ID certificates, a road or lane public key, encrypted data (e.g., vehicular public key), and/or a digital signature of the transportation assistance entity (Mondello: ¶[0043]), and the vehicular entity can log onto the system of the road lane (e.g., log into the external communication component 446-3) using either of an anonymous log in or an authenticated log in. The authentication log in can allow the vehicular entity to obtain additional information that may not be accessible when logging in anonymously in an anonymous mode. In at least one example, the authentication can include providing a vehicular identification number (VIN) and/or authentication information, such as an exchange of public keys (Mondello: ¶[0053]). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Mondello in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so to access information that that may not be accessible when logging in anonymously in an anonymous mode (Mondello: ¶[0053]). Regarding Claim 5, Claim 5 is dependent on Claim 4, and the combination of R1, R2, Kawabata and Mondello discloses all the limitations of Claim 4. R1 further discloses wherein the secured storage device is configured to store the updated digital signature, key, certificate information, or topic policy (R1: ¶ [0038] In this network between control devices, ECU-A20, ECU-C22, and ECU-D23 are good-will control devices, and any one of them is, for example, as shown in FIG. -A20 determines an encryption key based on a random number or the like (step S201), ¶ [0039] ECU-A 20 stores the encryption key and transmits the encryption key to the ECU-C 22 so that the ECU-B 21 does not know it (step S202), ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key, ¶¶ [0040-0043]). Regarding Claim 6, Claim 6 is dependent on Claim 4, and the combination of R1, R2, Kawabata and Mondello discloses all the limitations of Claim 4. R1 further discloses wherein the secure server is configured to transmit the updated digital signature, key, certificate information, or topic policy to the plurality of zone signal processing devices (R1: ¶ [0038] determines an encryption key based on a random number or the like (step S201), ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key, ¶¶ [0040-0043]). Mondello as well further discloses the vehicular communication component can be configured to generate a vehicular private key and a vehicular public key, provide the vehicular public key to a plurality of external communication components (Mondello: ¶[Abstract]), and the data transmitted from a vehicular communication component can include a receiver ID (identifying data for all roads or lanes), a vehicle ID and optionally a VIN, a vehicle ID certificate, a vehicle public key, encrypted data (e.g., an external public key), and/or a digital signature of the vehicular entity (Mondello: ¶[0043]). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Mondello in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so in order to establish mutual trust and to verify the sender is authorized. Regarding Claim 16, R1 discloses a signal processing device configured to perform signal processing in a vehicle, the signal processing device comprising (R1: ¶ [0021] control device (ECU) 1 used in the network between vehicle control devices of the present embodiment. The ECU 1 receives input signals from the sensors 2 attached to each part of the vehicle…, and issues control commands…, driving the control commands, ¶ [0001] vehicle control devices, and more particularly to a network between vehicle control devices that is optimal for encrypted communication on a network connecting the vehicle control devices): a secured storage device configured to store a digital signature from an external server (R1: ¶ [0021] non-volatile memory for storing non-volatile information necessary for control 11, a non-volatile memory 11, ¶ [0022] A certain RAM 15, a ROM 16 that is a non-volatile memory that stores a control program and various control setting information, an EEPROM 17 that is a non-volatile memory); and a processor configured to perform authentication with a plurality of zone signal processing devices (R1: ¶ [0022] ECU 1 is an input/output interface 13 that is connected to the sensors 2 and the actuators 5…, a CPU 18 that controls these and controls them are connected by a bus 19, ¶ [0023] the authentication means 10 are all stored as programs in the ROM 16, and these programs are read at the time of execution and executed by the CPU 18, ¶ [0025] authentication is performed between the control devices on the network before performing encrypted communication between the control devices, ¶ [0026]), wherein the processor is configured to execute a secure server to perform authentication with the plurality of zone signal processing devices (R1: ¶ [0022] a CPU 18 that controls these and controls them are connected by a bus 19, ¶ [0025] authentication is performed between the control devices on the network before performing encrypted communication between the control devices, ¶ [0026] (ECU-A20 → ECU-B21) of the authentication action performed by the authentication means 10, ¶[0023] The control means 4, the encryption/ decryption means 9 for performing encryption/decryption, and the authentication means 10 are all stored as programs in the ROM 16, and these programs are read at the time of execution and executed by the CPU 18, ¶¶ [0021, 0024, 0027-0030]); and transmit a security key to the first guest virtual machine and the second guest virtual machine(R1: ¶ [0039] stores the encryption key and transmits the encryption key to the ECU-C 22, ¶ [0017] the encryption key is encrypted and distributed, and the subsequent data transmission is encrypted using the distributed encryption key, ¶¶ [0039, 0040-0043, 0046]). However, R1 does not explicitly disclose: wherein the processor is configured to execute a server virtual machine, a first guest virtual machine, and a second guest virtual machine on a hypervisor, wherein the server virtual machine is configured to store data to be transmitted in a shared memory, and transmit a security key to the first guest virtual machine and the second guest virtual machine, wherein the first guest virtual machine and the second guest virtual machine is configured to decrypt the data received from the shared memory based on the security key. However, R2 further discloses keys are managed by a secure processor and installed into the memory controller to support on-die AES encryption engine. The keys will be regenerated every time the host system resets in SME or guest reboots in SEV (R2: [Page: 442 Section: Col 2--Top]), memory mapping is still controlled by the hypervisor to map from guest physical address to host physical address…, and a key-sharing enabled guest (R2: [Page: 443 Section: Col 1--Top]). In addition, R2 teaches in Fig.1 and Fig. 2, Dom VMs, Guest VMs and a hypervisor (See R2: [Pages: 442,444, Figs. 1-2]), and guest VM can encrypt its block I/O data by directly using the AES instruction set, as shown in the left part of Figure 4…., back-end driver first copies the disk data to the shared memory, at this point, the data are encrypted and privacy preserved (i.e. encrypted data exchange via shared memory). Afterwards, the front-end driver decrypts the data in the shared memory using Kblk (R2: [Page: 447 Section: 4.3.5], See also Fig. 4 a and b). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of R2 in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so as shared memory is a fast mechanism providing lower latency, and further virtualization allows multiple control functions to execute on a single processing platform while preserving logical separation. R1 and R2 do not explicitly disclose: a secured storage device configured to store a digital signature from an external server. However, Kawabata further discloses a software distribution processing device stores a common key for each ECU and a verification key for an electronic signature of software updating data, verifies an electronic signature of the updating data received from management server (Kawabata: ¶[Abstract]), and When the result of the step S3 indicates that the ECU version of each ECU 30 in the automobile 1 does not indicate the latest version, the management server equipment 70 sends the updating firmware attached with an electronic signature to the gateway ECU 10 (Kawabata: ¶[0038], Also see ¶ [0030]). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kawabata in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so to verify software updates (See Kawabata: ¶[0038]), and/or to verify updates are received from trusted servers. R1 and R2 and Kawabata do not explicitly disclose: wherein after performing authentication with the external server, the secure server is configured to receive an updated digital signature, key, certificate information, or topic policy, and to store the updated digital signature, key, certificate information, or topic policy. However, Mondello further discloses the vehicular communication component can be configured to generate a vehicular private key and a vehicular public key, provide the vehicular public key to a plurality of external communication components (Mondello: ¶[Abstract]), data transmitted from an external communication component 446 can include a receiver ID (identifying data for all vehicles), Road or Lane ID numbers, Road or Lane ID certificates, a road or lane public key, encrypted data (e.g., vehicular public key), and/or a digital signature of the transportation assistance entity (Mondello: ¶[0043]), and the vehicular entity can log onto the system of the road lane (e.g., log into the external communication component 446-3) using either of an anonymous log in or an authenticated log in. The authentication log in can allow the vehicular entity to obtain additional information that may not be accessible when logging in anonymously in an anonymous mode. In at least one example, the authentication can include providing a vehicular identification number (VIN) and/or authentication information, such as an exchange of public keys (Mondello: ¶[0053]). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Mondello in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so to access information that that may not be accessible when logging in anonymously in an anonymous mode (Mondello: ¶[0053]). 12. Claims 11 is rejected under 35 U.S.C. 103 as being unpatentable over Hitachi Ltd (JP 2007214696 A, hereinafter R1) [As disclosed in IDS] in view of Wu et al. ("Comprehensive VM protection against untrusted hypervisor through retrofitted AMD memory encryption." IEEE 2018, hereinafter R2) [As disclosed in IDS], in view of Kawabata et al. (US 2018/0183605 A1, hereinafter Kawabata) and further in view of David et al. (US 2017/0295188 A1, hereinafter David). Regarding Claim 11, Claim 11 is dependent on Claim 1, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 1. The combination of R1, R2 and Kawabata does not explicitly disclose wherein the secure server is configured to receive an updated policy table from the external server, and to transmit the updated policy table to at least one of the plurality of zone signal processing devices. However, David from the same field of endeavor as the claimed invention discloses system 100 for generating and implementing a custom security policy on an example controller. The example system 100 includes a policy generation computer system 104 (e.g., computer server system, cloud computing system, client computing device) that is programmed to automatically generate a custom security policy for a controller, an example IoT device 112 (e.g., ECU) that includes an example controller 114 that will use the generated security policy to operate securely and to prevent malware, and a management computer system 122 (David : ¶[0029]). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of David in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so in order for the controller to operate securely and stay up to date with central policies. 13. Claims 13 is rejected under 35 U.S.C. 103 as being unpatentable over Hitachi Ltd (JP 2007214696 A, hereinafter R1) [As disclosed in IDS] in view of Wu et al. ("Comprehensive VM protection against untrusted hypervisor through retrofitted AMD memory encryption." IEEE 2018, hereinafter R2) [As disclosed in IDS], in view of Kawabata et al. (US 2018/0183605 A1, hereinafter Kawabata) in view of David et al. (US 2017/0295188 A1, hereinafter David) and further in view of Feekes (US 2014/0337957 A1, hereinafter Feekes). Regarding Claim 13, Claim 13 is dependent on Claim 1, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 1. The combination of R1, R2 and Kawabata does not explicitly disclose wherein the secure server is configured to receive an updated policy table from the external server, and to transmit the updated policy table to at least one of the plurality of zone signal processing devices, wherein in response to receiving a request for use of a one-time password function from at least one of the plurality of zone signal processing devices, the secure server is configured to transmit information about the use of the one-time password function to another zone signal processing device. However, David from the same field of endeavor as the claimed invention discloses system 100 for generating and implementing a custom security policy on an example controller. The example system 100 includes a policy generation computer system 104 (e.g., computer server system, cloud computing system, client computing device) that is programmed to automatically generate a custom security policy for a controller, an example IoT device 112 (e.g., ECU) that includes an example controller 114 that will use the generated security policy to operate securely and to prevent malware, and a management computer system 122 (David : ¶[0029]). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of David in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so in order for the controller to operate securely and stay up to date with central policies. The combination of R1, R2 and Kawabata and David does not explicitly disclose wherein the secure server is configured to receive an updated policy table from the external server, and to transmit the updated policy table to at least one of the plurality of zone signal processing devices, wherein in response to receiving a request for use of a one-time password function from at least one of the plurality of zone signal processing devices, the secure server is configured to transmit information about the use of the one-time password function to another zone signal processing device. However, Feekes from the same field of endeavor as the claimed invention discloses that depicted system 200 utilizes an "out-of-band" communication channel to provide the user with a security credential such as an OTP. In this example, a user may utilize a general purpose computing device connected to the Internet, which connects to the primary or in-band communication channel on which the transaction will be conducted. Concurrently with a user initiating a transaction request, a network backend 202 and out-of-band authentication system 204 associated with the service provider may transmit an OTP (or other security credential such as a PIN number, username, etc.) in the SMS message 206 to the user's designated mobile phone 208 (Feekes: ¶ [0005]), security credentials that represent the possession authentication factor (i.e. OTP, digital certificate, etc.) may be communicated via an out-of-band communication system in a way that is entirely separate from the in-band communication (Feekes: ¶ [0021], also see ¶¶ [0031, 0038,0053]). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Feekes in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so to improve security of the system as the OTP is sent via a different channel. 14. Claims 12, 14, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hitachi Ltd (JP 2007214696 A, hereinafter R1) [As disclosed in IDS] in view of Wu et al. ("Comprehensive VM protection against untrusted hypervisor through retrofitted AMD memory encryption." IEEE 2018, hereinafter R2) [As disclosed in IDS], in view of Kawabata et al. (US 2018/0183605 A1, hereinafter Kawabata) and further in view of NAOYUKI et al. (WO 2018/047510 A1, hereinafter Naoyuki). Regarding Claim 12, Claim 12 is dependent on Claim 1, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 1. The combination of R1, R2 and Kawabata does not explicitly disclose wherein the secure server is configured to receive, from the external server, updated Automotive Safety Integrity Level (ASIL) ratings of the plurality of zone signal processing devices, and to transmit the updated ASIL ratings to at least one of the plurality of zone signal processing devices. However, Naoyuki from the same field of endeavor as the claimed invention discloses Automotive safety integrity level ASIL (Automotive Safety Integrity Level) prescribed by ISO (International Organization for Standardization) is assigned to each ECU (Naoyuki: [Page 2--top]), in-vehicle gateway device 1 includes a routing control unit 2 for determining a data transfer destination, a routing table 3 for indicating a correspondence between…, Key information management of each device, authentication information between ECUs, a security table 5 showing each ASIL information and encryption method, an encryption/decryption algorithm 6 (FIG. 2), and key information (Naoyuki: [Page 2--middle]), and in-vehicle gateway device 1 performs ECU device authentication with each ECU with challenge & response. The in-vehicle gateway device 1 delivers the key information 8 for each ASIL solved in the security table 5 to each ECU when the authentication with each ECU succeeds (Naoyuki: [Page 3--bottom]), Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Naoyuki in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so to allow the system to classify ECUs based on safety ratings and apply security measures based on the security risk and safety ratings. Regarding Claim 14, Claim 14 is dependent on Claim 1, and the combination of R1, R2 and Kawabata discloses all the limitations of Claim 1. R1 does not disclose wherein the secure server is configured to selectively encrypt data to be shared with the plurality of zone signal processing devices based on impacting levels according to the ASIL ratings and a data type, and to store the encrypted data in a shared memory. R2 further discloses wherein the secure server is configured to selectively encrypt data to be shared with the plurality of zone signal processing devices based on impacting levels according to the ASIL ratings and a data type, and to store the encrypted data in a shared memory. R2 discloses that guest VM can encrypt its block I/O data by directly using the AES instruction set, as shown in the left part of Figure 4…., back-end driver first copies the disk data to the shared memory, at this point, the data are encrypted and privacy preserved (i.e. encrypted data exchange via shared memory). Afterwards, the front-end driver decrypts the data in the shared memory using Kblk (R2: [Page: 447 Section: 4.3.5], See also Fig. 4 a and b). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of R2 in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so as shared memory is a fast mechanism providing lower latency. R1, R2 and Kawabata do not explicitly disclose wherein the secure server is configured to selectively encrypt data to be shared with the plurality of zone signal processing devices based on impacting levels according to the ASIL ratings and a data type, and to store the encrypted data in a shared memory. However, Naoyuki further discloses in-vehicle gateway device 1 includes a routing control unit 2 for determining a data transfer destination, a routing table 3 for indicating a correspondence between…, Key information management of each device, authentication information between ECUs, a security table 5 showing each ASIL information and encryption method, an encryption/decryption algorithm 6 (FIG. 2), and key information (Naoyuki: [Page 2--middle]), and reads the encryption method corresponding to the ASIL (safety degree information) from the FLASH 13 (storage device), and uses the read encryption method to transmit the data to be transferred to the transfer destination of the encryption strength (i.e. implies different encryption strengths for different data types) ( Naoyuki: [Page 3--top]). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Naoyuki in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so to improve the security of different data types while reducing overhead by avoiding uniformly encrypting all data with stronger encryption scheme. Regarding Claim 15, Claim 15 is dependent on Claim 14, and the combination of R1, R2, Kawabata and Naoyuki discloses all the limitations of Claim 14. R1, R2 and Kawabata do not explicitly disclose wherein the secure server is configured to: in response to the impacting level being level 1, perform authentication and encryption without encrypting data; in response to the impacting level being level 2, perform authentication and encrypt data without updating the security key; and in response to the impacting level being level 3, perform authentication, encrypt data, and update the security key. Naoyuki further discloses in the security table 5 stores "device name", "ASIL" indicating the vehicle safety level, "key ID" indicating the ID for identifying the encryption key, "encryption method", an ECU "Transmission data ID" indicating the ID of data to be transmitted, authentication" indicating the result of authentication by challenge-and-response…, security control unit 4 (microcomputer 11) of the in-vehicle gateway device 1 reads the ASIL (safety degree information) corresponding to the transfer destination from the FLASH 13 (storage device), and in accordance with the read ASIL, the security control unit 4 Set encryption strength. As a result, regardless of the encryption strength of the data before transfer, the encryption strength of the data to be transferred is determined according to the ASIL of the transfer destination (Naoyuki: [Page 2--bottom]), the in-vehicle gateway device 1 performs ECU device authentication with each ECU with challenge & response. The in-vehicle gateway device 1 delivers the key information 8 for each ASIL solved in the security table 5 to each ECU when the authentication with each ECU succeeds ( Naoyuki: [Page 3--bottom]), When the destination ECU of the security table 5 has an ASIL of QM, it is transmitted as encrypted data 402 ( Naoyuki: [Page 4--top]), The in-vehicle gateway device 1 determines whether the ASIL of the destination (destination) ECU is other than "QM" (S5). In the example of FIG. 5, since the ASIL of the destination ECU 2 is "QM", the in-vehicle gateway device 1 generates plaintext element data 402 (CAN frame) from the data 400 decrypted in S4 and transmits it (S7) (Naoyuki: [Page 4--Bottom]), and the microcomputer 11 (the security control unit 4) sets the encryption strength of the data 402, 403 (second data) according to the ASIL (safety level information) of the transfer destination. Specifically, the microcomputer 11 (the security control unit 4) exchanges the encryption key of the data 400 (first data) (Naoyuki: [Page 5--top]). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Naoyuki in the teachings of R1. A person having ordinary skill in the art would have been motivated to do so to improve the security of different data types while reducing overhead by avoiding uniformly encrypting all data with stronger encryption scheme. Regarding Claim 20, Claim 20 is dependent on Claim 17, and R1, R2 and Kawabata discloses all the limitations of Claim 17. The combination of R1, R2, Kawabata and Naoyuki discloses all the limitations of Claim 20 as discussed in Claim 12. Therefore, Claim 20 is rejected using the same rationales as discussed in Claim 12. Conclusion 15. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US-20200159940-A1 US-20120278803-A1 US-20190114195-A1 US-20090022317-A1 Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMEERA WICKRAMASURIYA whose telephone number is (571)272-1507. The examiner can normally be reached on MON-FRI 8AM-4:30PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W. KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SAMEERA WICKRAMASURIYA/ Examiner, Art Unit 2494 /ROBERT B LEUNG/Primary Examiner, Art Unit 2494
Read full office action

Prosecution Timeline

Sep 30, 2024
Application Filed
Jun 30, 2026
Non-Final Rejection mailed — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683973
SYSTEMS, METHODS, AND APPARATUSES FOR PRE-CONFIGURED PER-TENANT ISOLATION IN A MULTI-TENANT CLOUD BASED COMPUTING ENVIRONMENT
2y 6m to grant Granted Jul 14, 2026
Patent 12683960
Email Processing for Improved Authentication Question Accuracy
1y 10m to grant Granted Jul 14, 2026
Patent 12671705
SELECTING POLICIES TO APPLY TO NETWORK TRAFFIC FLOWS BASED ON PERCEPTION SCORES
3y 2m to grant Granted Jun 30, 2026
Patent 12652316
ADJUSTMENT OF ACCESS PERMISSIONS OF USER DEVICES BASED ON CREATED ACCESS POLICIES
2y 10m to grant Granted Jun 09, 2026
Patent 12647426
Nested Access Privilege Check for Multi-Tenant Organizations
3y 8m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
76%
Grant Probability
99%
With Interview (+34.5%)
2y 9m (~11m remaining)
Median Time to Grant
Low
PTA Risk
Based on 180 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month