Prosecution Insights
Last updated: July 17, 2026
Application No. 18/854,786

Forming a Cryptographically Protected Connection

Final Rejection §103§112
Filed
Oct 07, 2024
Priority
Apr 06, 2022 — EU 22166951.8 +1 more
Examiner
WADE-WRIGHT, SHAQUEAL D
Art Unit
2407
Tech Center
2400 — Computer Networks
Assignee
Siemens Aktiengesellschaft
OA Round
2 (Final)
85%
Grant Probability
Favorable
3-4
OA Rounds
6m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 85% — above average
85%
Career Allowance Rate
386 granted / 454 resolved
+27.0% vs TC avg
Strong +18% interview lift
Without
With
+18.2%
Interview Lift
resolved cases with interview
Typical timeline
2y 4m
Avg Prosecution
18 currently pending
Career history
466
Total Applications
across all art units

Statute-Specific Performance

§101
6.5%
-33.5% vs TC avg
§103
76.7%
+36.7% vs TC avg
§102
1.2%
-38.8% vs TC avg
§112
9.4%
-30.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 454 resolved cases

Office Action

§103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment Claims 1 and 3-13 are pending. Claims 1, 3-4, 6-7, 9 and 12-13 are currently amended. Claims 2 and 14 are canceled. Applicant’s amendments to the claims will overcome each and every claim objection, 112(a) and 112(b) rejections previously set forth in the Non-Final Office Action mailed 01/30/2026. Response to Arguments Applicant's arguments filed 03/31/2026 have been fully considered but they are not persuasive. Applicant argues on pages 7-8 “…The current rejection of Claim 1 as previously presented cites Gupta for the connection request, including first device connection information and device authentication information (Office Action, page 9). In the citation, it appears the Examiner is relying on the "bootstrap certificate from previous phase 1 connection" of Gupta as the first device connection information and the "device specific information" as the device authentication information. There is no citation, however, to any part of Gupta suggesting either of these data are "cryptographically protected" as required by Independent Claim 1.,” the examiner respectfully disagrees for the following reasons below: Gupta discloses establishing certificates based on secure, protected connections. The certificates are made temporary to avoid issues with decrypting the certificates; therefore the certificates are cryptographically protected (Gupta, pages 2-3, paragraphs 0026-0031). Applicant argues on page 8 “Further, amendments to the Independent Claims now require "the device connection information indicates a second device with which a connection currently exists," as previously presented in Dependent Claim 2. The rejection of Claim 2 asserts that Gupta teaches the second device connection in Paragraph 26 and 27 (Office Action, Page 11). The methods cited in the rejection Claim 1 rely on methods described in Gupta to establish a connection to an E-EST server (see, e.g., Paragraphs 29-32, describing Figure 5). Paragraphs 26 and 27, however, are describing Figure 4 which represents connection to a B-EST server that need not exist at the time of the connection to the E-EST server as shown in Figure 5.,” the examiner respectfully disagrees for the following reason below: Gupta discloses using the bootstrapping certificate to establish connection and authentication with the AAA server based on the B-EST server and manufacturer (Gupta, page 3, paragraphs 0029-0030 and page 2, paragraph 0020), which is equivalent to the argued limitations. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1 and 12-13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Regarding independent claims 1 and 12-13, it is unclear which “device connection information” the claim is referring to and if the “a second device” is the same second device as recited above and therefore the claims are indefinite. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-9 and 11-13 are rejected under 35 U.S.C. 103 as being unpatentable over Gupta et al. (US Pub No. 2020/0059881) in view of Khedouri et al. (US Pub No. 2006/0008256). Regarding independent claim 1, Gupta teaches a method for forming a first cryptographically protected connection of a device to a unit, comprising: transmitting a connection request from the device, wherein the connection request includes associated cryptographically protected first device connection information and device authentication information (Gupta, page 3, paragraphs 0029-0030; device connects with AAA server and sends bootstrap certificate from previous phase 1 connection and device specific information), wherein the first device connection information indicates a second connection of the device to a second device existed at an earlier time (Gupta, page 3, paragraphs 0029-0030; device connects with AAA server and sends bootstrap certificate from previous phase 1 connection and device specific information; page 2, paragraphs 0026-0027), wherein the device authentication information authenticates the device (Gupta, page 3, paragraphs 0029-0030; device connects with AAA server and sends bootstrap certificate from previous phase 1 connection and device specific information); checking the first device connection information against a second device connection information for a first match (Gupta, page 3, paragraphs 0029-0030; initial authentication with bootstrap certificate to determine client device is authorized); checking the device connection information and the device authentication information for a second match (Gupta, page 3, paragraphs 0029-0030; check bootstrap certificate with device specific information and security information); and allow access of the device to the unit on based on the first match and the second match (Gupta, pages 3-4, paragraphs 0031 & 0035; allow access to network); wherein the device connection information indicates a second device with which a connection currently exists (Gupta, page 2, paragraphs 0022-0023 & 0026-0027 and page 3, paragraphs 0029-0030; certificate for each established connections for phase 1 and phase 2). Gupta does not explicitly teaches forming the first cryptographically protected connection of the device to the unit on based on the first match and the second match. Khedouri teaches forming the first cryptographically protected connection of the device to the unit on based on the first match and the second match (Khedouri, page 11, paragraph 0080; establish secure connection with network based on previous network connections and device information). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Gupta with the teachings of Khedouri to establish secure socket layer connections based on previous connection information and device information to provide the advantage of improving session connections (Khedouri, page 1, paragraph 0003 and page 11, paragraph 0080). Regarding claim 3, Gupta in view of Khedouri teaches the method wherein the device connection information includes at least one item selected from the group consisting of: an identifier of a device manufacturer, device type or device serial number; or an authentication credential including a certificate, a cryptographic key, and/or a password hash of the second device with which the second connection existed (Gupta, page 2, paragraphs 0026-0027 and page 3, paragraphs 0029-0030; bootstrap certificate). Regarding claim 4, Gupta in view of Khedouri teaches each and every claim limitation of claim 1, however, Khedouri teaches the method wherein the connection request further includes the time at which, the duration for which, the device interface via which or a third connection in combination with which the second connection existed (Khedouri, page 11, paragraph 0080; previous network connections time). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Gupta with the teachings of Khedouri to establish secure socket layer connections based on previous connection information and device information to provide the advantage of improving session connections (Khedouri, page 1, paragraph 0003 and page 11, paragraph 0080). Regarding claim 5, Gupta in view of Khedouri teaches the method wherein the device connection information is provided by the device and/or an external unit (Gupta, page 2, paragraphs 0026-0027 and page 3, paragraphs 0029-0030). Regarding claim 6, Gupta in view of Khedouri teaches the method wherein the second device includes: a peripheral device, an expansion module, a tool of a machine tool, or an IoT device. (Gupta, page 1, paragraph 0017, page 2, paragraphs 0026-0027 and page 3, paragraphs 0029-0030). Regarding claim 7, Gupta in view of Khedouri teaches the method wherein the unit includes one element selected from the group consisting of: a server, a cloud service, an edge device, a controller, a control function, a third device, a communication network, an onboarding network, a provisioning server, or a device management server (Gupta, page 2, paragraphs 0026-0027 and page 3, paragraphs 0029-0030). Regarding claim 8, Gupta in view of Khedouri teaches the method wherein checking the connection request includes applying rules to decide to give permission, to give limited permission to, or form the first cryptographically protected connection of the device to the unit (Gupta, pages 3, paragraph 0030 and page 5, paragraph 0035). Regarding claim 9, Gupta in view of Khedouri teaches the method wherein: the connection request is transmitted to the unit or the unit checks the device connection information and/or the device authentication information (Gupta, page 3, paragraphs 0029-0030). Regarding claim 11, Gupta in view of Khedouri teaches each and every claim limitation of claim 1, however, Khedouri teaches the method wherein the device authentication information is cryptographically protected, (Khedouri, page 11, paragraph 0080; unique ID/serial number is encrypted). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Gupta with the teachings of Khedouri to establish secure socket layer connections based on previous connection information and device information to provide the advantage of improving session connections (Khedouri, page 1, paragraph 0003 and page 11, paragraph 0080). Regarding independent claim 12, Gupta teaches a device comprising: a network interface to transmit a connection request from the device, wherein the connection request includes associated cryptographically protected device connection information and device authentication information (Gupta, page 3, paragraphs 0029-0030; device connects with AAA server and sends bootstrap certificate from previous phase 1 connection and device specific information), wherein the device connection information indicates a second connection of the device to a second device existed at an earlier time (Gupta, page 3, paragraphs 0029-0030; device connects with AAA server and sends bootstrap certificate from previous phase 1 connection and device specific information; page 2, paragraphs 0026-0027), wherein the device authentication information authenticates the device (Gupta, page 3, paragraphs 0029-0030; device connects with AAA server and sends bootstrap certificate from previous phase 1 connection and device specific information); allow access based on a result of a check on the device connection information against the device authentication information and the first device connection information against second device connection information(Gupta, page 3, paragraphs 0029-0030; check bootstrap certificate with device specific information and security information; paragraphs 0031 & 0035; allow access to network); wherein the device connection information indicates a second device with which a connection currently exists (Gupta, page 2, paragraphs 0022-0023 & 0026-0027 and page 3, paragraphs 0029-0030; certificate for each established connections for phase 1 and phase 2).. Gupta does not explicitly teaches an input/output unit to form a first cryptographic protection connection of the device to a unit based on a result of a check. Khedouri teaches an input/output unit to form a first cryptographic protection connection of the device to a unit based on a result of a check (Khedouri, page 11, paragraph 0080; establish secure connection with network based on previous network connections and device information). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Gupta with the teachings of Khedouri to establish secure socket layer connections based on previous connection information and device information to provide the advantage of improving session connections (Khedouri, page 1, paragraph 0003 and page 11, paragraph 0080). Regarding independent claim 13, Gupta teaches a method for forming a first cryptographically protected connection of a unit to a device, the method comprising: receiving a connection request from the device, the connection request including cryptographically protected first device connection information and device authentication information (Gupta, page 3, paragraphs 0029-0030; device connects with AAA server and sends bootstrap certificate from previous phase 1 connection and device specific information), wherein the first device connection information indicates a second connection of the device to a second device existed at an earlier time (Gupta, page 3, paragraphs 0029-0030; device connects with AAA server and sends bootstrap certificate from previous phase 1 connection and device specific information; page 2, paragraphs 0026-0027), the device authentication information authenticates the device (Gupta, page 3, paragraphs 0029-0030; device connects with AAA server and sends bootstrap certificate from previous phase 1 connection and device specific information); checking the first device connection information against the device authentication information (Gupta, page 3, paragraphs 0029-0030; check bootstrap certificate with device specific information and security information); checking the first device connection information against a second device connection information (Gupta, page 3, paragraphs 0029-0030; check bootstrap certificate with device specific information and security information); and allow access of the device to the unit on based on the first match and the second match (Gupta, pages 3-4, paragraphs 0031 & 0035; allow access to network); wherein the device connection information indicates a second device with which a connection currently exists (Gupta, page 2, paragraphs 0022-0023 & 0026-0027 and page 3, paragraphs 0029-0030; certificate for each established connections for phase 1 and phase 2).. Gupta does not explicitly teaches forming the first cryptographically protected connection of the device to the unit on the basis of the checks. Khedouri teaches forming the first cryptographically protected connection of the device to the unit on the basis of the checks (Khedouri, page 11, paragraph 0080; establish secure connection with network based on previous network connections and device information). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Gupta with the teachings of Khedouri to establish secure socket layer connections based on previous connection information and device information to provide the advantage of improving session connections (Khedouri, page 1, paragraph 0003 and page 11, paragraph 0080). Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Gupta et al. (US Pub No. 2020/0059881) in view of Khedouri et al. (US Pub No. 2006/0008256) as applied to claims 1-9 and 11-13 above, and further in view of Das et al. (US Patent No. 10,193,698). Regarding claim 10, Gupta in view of Khedouri teaches each and every claim limitation od claim 1. Gupta in view of Khedouri does not explicitly teach the method wherein the device authentication information includes a device fingerprint of the device. Das teaches wherein the device authentication information includes a device fingerprint of the device (Das, column 1, lines 29-49 and column 4,ines 33-42;l use certificate fingerprint of device to establish secure session). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Gupta in view of Khedouri with the teachings of Das to establish secure session based on device certificate fingerprint to provide the advantage of improving secure communication (Das, column 1,lines 18-50). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357. The examiner can normally be reached M-F 8:00-5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SHAQUEAL D WADE-WRIGHT/ Primary Examiner, Art Unit 2407
Read full office action

Prosecution Timeline

Oct 07, 2024
Application Filed
Jan 30, 2026
Non-Final Rejection mailed — §103, §112
Mar 31, 2026
Response Filed
Jun 17, 2026
Final Rejection mailed — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12675587
SYMMETRIC AND ASYMMETRIC ENCRYPTION OF RECORDED DATA
2y 7m to grant Granted Jul 07, 2026
Patent 12665743
SYSTEMS AND METHODS FOR SECURE MULTI-PARTY COMPUTATION PROTOCOL EXECUTION USING CHECK POINTS
2y 9m to grant Granted Jun 23, 2026
Patent 12665756
JUST-IN-TIME POST-QUANTUM CRYPTOGRAPHY (PQC) KEY EXPANSION
3y 1m to grant Granted Jun 23, 2026
Patent 12664259
SCALAR MASKING COUNTERMEASURE
2y 4m to grant Granted Jun 23, 2026
Patent 12664282
CERTIFICATE UPDATE METHOD AND CERTIFICATE UPDATE SYSTEM OF DEVICE DRIVING THE SAME
2y 9m to grant Granted Jun 23, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
85%
Grant Probability
99%
With Interview (+18.2%)
2y 4m (~6m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 454 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month