Prosecution Insights
Last updated: July 17, 2026
Application No. 18/962,771

SAFETY AND SECURITY FOR MEMORY

Non-Final OA §101§102§103
Filed
Nov 27, 2024
Priority
Aug 20, 2020 — provisional 63/068,046 +1 more
Examiner
CHEEMA, ALI H
Art Unit
2497
Tech Center
2400 — Computer Networks
Assignee
Micron Technology Inc.
OA Round
1 (Non-Final)
74%
Grant Probability
Favorable
1-2
OA Rounds
1y 3m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 74% — above average
74%
Career Allowance Rate
155 granted / 208 resolved
+16.5% vs TC avg
Strong +54% interview lift
Without
With
+53.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
7 currently pending
Career history
214
Total Applications
across all art units

Statute-Specific Performance

§101
1.2%
-38.8% vs TC avg
§103
94.0%
+54.0% vs TC avg
§102
1.0%
-39.0% vs TC avg
§112
3.3%
-36.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 208 resolved cases

Office Action

§101 §102 §103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This office action is responsive to the application filed on 11/27/2024. In which, Claims 1-20 are pending and being considered. Claims 1, 10 and 18 are independent. Claims 1-20 are rejected. Information Disclosure Statement The information disclosure statement (IDS) submitted on 02/20/2025 was filed on or after the mailing date of the application no.18/962,771 filed on 11/27/2024. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner and an initialed and dated copy of Applicant’s IDS form 1449 filed on 02/20/2025 attached to the instant office action. Specification The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. The claimed invention is not directed to patent eligible subject matter. Based upon consideration of all of the relevant factors with respect to the claim as a whole, claims 18-20 are determined to be directed to an abstract idea. Claims 18-20 are rejected under 35 USC 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. Under the 2019 Revised Patent Subject Matter Eligibility Guidance (“2019 PEG”), effective January 7, 2019, claims 18-20 are directed to an abstract idea without being significantly more nor being integrated into a practical application. The claims are directed towards authenticating data using the associated hash values. Regarding claim 18, the claim is directed towards a method by a host system and recites “transmitting a request for data stored at a memory system; receiving, based at least in part on the request, the data and a first hash for authenticating the data; and authenticating the data using the first hash based at least in part on detecting an occurrence of a trigger event.”, as drafted, are directed to an abstract idea without being significantly more nor being integrated into a practical application. For instance, the claim limitation “transmitting a request for data stored at a memory system” as drafted, falls under mental processes grouping of abstract ideas. Such as, requesting data and receiving data in response to the request constitutes a mental process that can be practically performed in the human mind (or with pen and paper) and are conventional routine functions that do not become patent eligible just because they are performed on a host computer system. Therefore, the process of ‘requesting data and receiving data in response to the request’ are considered as a common, routine, and "well-understood" practice performed by any conventional computer, but for the recitation of the generic computer components, falls within the “mental processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. the claim limitation “receiving, based at least in part on the request, the data and a first hash for authenticating the data; and” as drafted, falls under mental processes grouping of abstract ideas. Such as, receiving data and associated hash in response to the request and verifying the requested data by using the hash constitutes a mental process that can be practically performed in the human mind (or with pen and paper) and are conventional routine functions that do not become patent eligible just because they are performed on a host computer system. Therefore, the process of ‘receiving data and associated hash in response to the request and verifying the requested data by using the hash’ are considered as a common, routine, and "well-understood" practice performed by any conventional computer, but for the recitation of the generic computer components, falls within the “mental processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. the claim limitation “authenticating the data using the first hash based at least in part on detecting an occurrence of a trigger event.” as drafted, falls under mental processes grouping of abstract ideas. Such as, authenticating data using a hash and based on the detected trigger event, constitutes a mental process that can be practically performed in the human mind (or with pen and paper) and are conventional routine functions that do not become patent eligible just because they are performed on a host computer system. Therefore, the process of ‘authenticating data using a hash and based on the detected trigger event’ are considered as a common, routine, and "well-understood" practice performed by any conventional computer, but for the recitation of the generic computer components, falls within the “mental processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. This judicial exception is not integrated into a practical application because the claim does not recite any additional element(s), except for ‘a host system’, that perform the claimed method steps. These element(s) in the claim are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Thus, the claim is directed to an abstract idea. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the claim does not recite any additional element(s) except for ‘a host system’ that perform the claimed method steps. Thus, the claim is an abstract idea and is not patent eligible. Further, the recited elements within dependent claims 19-20 taken individually do not amount to “significantly more” than just the abstract idea as previously identified above. Therefore, the claims do not amount to significantly more than the previously defined abstract idea. Some of the evidences of “significantly more” are a) improvement to another technology or field; b) applying judicial exception with or by a “particular machine’; c) transforming particular article/data into different state or thing; d) adding unconventional or non-routine steps, producing useful application; and e) other meaningful limitations beyond generic link to particular technological environment. As a result, the claims 18-20 are rejected under 35 U.S.C 101 as being directed to non-statutory subject matter as the claims do not contain any element or combination of elements that is sufficient to ensure that the patent in practice amounts to significantly more than a patent upon the ineligible concept itself. See Alice, 134 S. Ct. at 2360. Under Alice, that is not sufficient "to transform an abstract idea into a patent-eligible invention." Claim Rejections - 35 U.S.C. 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) The claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1-3, 7 and 18-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Nixon et al. (US 2020/0228342 A1; hereinafter “Nixon”): Regarding claim 1, Nixon teaches A host system, comprising: one or more interfaces comprising one or more signal paths operable for communications with one or more memory systems (Nixon, para. [0003, 0064 & 0083], Fig. 5 depicts exemplary components of a validating network device 500 on a distributed ledger network, the device 500 includes a communication module 506, which can be used to communicate information over a data highway to one or more other hardware devices, such as personal computers or computing devices, data historians, report generators, centralized databases, data sources, etc. The data highway utilized by the devices may include a wired communication path, a wireless communication path, or a combination of wired and wireless communication paths.); and processing circuitry coupled with the one or more interfaces and configured to cause the host system to (Nixon in para. [0083], the exemplary components of a validating network device 500 also includes at least one processor(s) 502 that is internally coupled with the memory 504, the communication module 506, external ports 510, etc.): transmit a request for data stored at a memory system of the one or more memory systems (Nixon in para. [0138] discloses to request event data from one of the distributed ledgers or data sources. Or see also para. [0247 or 0257] discloses that in response to a request to authenticate the event data, providing the cryptographic hash value corresponding to at least some of the event data from the distributed ledger along with the event data to verify authenticity of the event data.); receive, based at least in part on the request, the data and a first hash for authenticating the data (Nixon in para. [0138] discloses that the distributed ledger includes cryptographic hashes of the event data which are provided to the requesting device, in response to a request to authenticate the event data. Or see also para. [0247 or 0257] discloses that in response to a request to authenticate the event data, providing the cryptographic hash value corresponding to at least some of the event data from the distributed ledger along with the event data to verify authenticity of the event data); and authenticate the data using the first hash based at least in part on detecting an occurrence of a trigger event (Nixon in para. [0138] discloses that the requesting device then computes a cryptographic hash of the obtained event data and compares the cryptographic hash of the obtained event data to the cryptographic hash of the event data from the distributed ledger. If the cryptographic hashes are the same, the requesting device determines that the event data has not been tampered with. Otherwise, the requesting device determines that the event data from the database is unreliable. Or see also Fig. 14 and associated para. [0159-0164] discloses to authenticate the event data, the event data stored in the database is compared to the cryptographic hash included in the distributed ledger (block 1412). If there is a match, the event data has not been tampered with. For example, a regulatory agency reviewing an incident may request and obtain cryptographic hashes of event data from the distributed ledger that is included in transactions having the triggering event identifier, wherein the transaction(s) may include a cryptographic hash of the event data for the triggering event and/or a combination of the event data for the triggering event detected (at block 1402, Fig. 14). The event data is obtained from other data sources such as a database communicatively coupled to a server device 12 in the process plant 10. The regulatory agency's computing device then computes a cryptographic hash of the obtained event data and compares the cryptographic hash of the obtained event data to the cryptographic hash of the event data from the distributed ledger. If the cryptographic hashes are the same, the regulatory agency's computing device determines that the event data from the database has not been tampered with. Otherwise, the regulatory agency's computing device determines that the event data from the database is unreliable. In other embodiments, a computing device within the process plant 10 retrieves the event data stored in the database and the cryptographic hash of the event data from the distributed ledger and compares the event data to the cryptographic hash to authenticate the event data.). Regarding claim 2, Nixon teaches the host system of claim 1, wherein Nixon further teaches the processing circuitry is further configured to cause the host system to: store the data to a cache of the host system based at least in part on receiving the data (Nixon in para. [0157] discloses that the validating device may maintain a local distributed ledger (e.g., cache) that records the received transaction (at block 1306) including data related to events for a threshold time period or epoch). Regarding claim 3, Nixon teaches the host system of claim 2, wherein Nixon further teaches, to detect the occurrence of the trigger event, the processing circuitry is configured to cause the host system to (Fig. 14 and para. [0160] discloses that the device detects the triggering event): determine that the data has been stored to the cache for a threshold time (Nixon in para. [0157, 0163] discloses that, at block 1306, the validating device may maintain a local distributed ledger (e.g., cache) that records transaction(s) including data related to events for a threshold time period or epoch. At block 1308, the threshold time period for the transaction(s) stored at the local distributed ledger is determined (Yes, No). As described above, the transaction may include a cryptographic hash of the event data for the triggering event and/or a combination of the event data for the triggering event and other process plant data related to the triggering event detected). Regarding claim 7, Nixon teaches the host system of claim 1, wherein Nixon further teaches, to authenticate the data, the processing circuitry is configured to cause the host system to: compare the first hash with a second hash generated by the host system; and determine that the data is valid based at least in part on determining that the first hash matched the second hash (Nixon in para. [0138] discloses that the requesting device then computes a cryptographic hash of the obtained event data and compares the cryptographic hash of the obtained event data to the cryptographic hash of the event data from the distributed ledger. If the cryptographic hashes are the same, the requesting device determines that the event data has not been tampered with. Otherwise, the requesting device determines that the event data from the database is unreliable. Or see also Fig. 14 and associated para. [0159-0164] discloses to authenticate the event data, the event data stored in the database is compared to the cryptographic hash included in the distributed ledger (block 1412). If there is a match, the event data has not been tampered with. For example, a regulatory agency reviewing an incident may request and obtain cryptographic hashes of event data from the distributed ledger that is included in transactions having the triggering event identifier, wherein the transaction(s) may include a cryptographic hash of the event data for the triggering event and/or a combination of the event data for the triggering event detected (at block 1402, Fig. 14). The event data is obtained from other data sources such as a database communicatively coupled to a server device 12 in the process plant 10. The regulatory agency's computing device then computes a cryptographic hash of the obtained event data and compares the cryptographic hash of the obtained event data to the cryptographic hash of the event data from the distributed ledger. If the cryptographic hashes are the same, the regulatory agency's computing device determines that the event data from the database has not been tampered with. Otherwise, the regulatory agency's computing device determines that the event data from the database is unreliable. In other embodiments, a computing device within the process plant 10 retrieves the event data stored in the database and the cryptographic hash of the event data from the distributed ledger and compares the event data to the cryptographic hash to authenticate the event data). Regarding claims 18-20, the claims are drawn to the method and have limitations similar to the system claims 1-3, respectively. Therefore, the claims 18-20 are rejected for the same reasons of anticipation as used above for the system claims 1-3, respectively. Claim Rejections - 35 U.S.C. 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or non-obviousness. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 4-6 are rejected under 35 U.S.C. 103 as being unpatentable over Nixon et al. (US 2020/0228342 A1; hereinafter “Nixon”) in view of Durham (US 2016/0378687 A1; hereinafter “Durham”). Regarding claim 4, Nixon teaches the host system of claim 1, wherein Nixon fails to explicitly disclose but Durham teaches the processing circuitry is further configured to cause the host system to: execute one or more operations after receiving the data, wherein authenticating the data is based at least in part on the one or more operations (Durham in Fig. 4 and para. [0039-0040] discloses that, in block 412, the computing device 100 may decrypt the received encrypted data line using reduced round operations (i.e., a fewer number of rounds of operations than required by the typical cryptographic algorithm). Referring back to FIG. 4, in block 414, the computing device 100 generates a keyed hash of the decrypted data line [...]. In block 418, the computing device 100 compares the generated keyed hash to the retrieved keyed hash in order to verify the integrity of the data line. It should be appreciated that the two keyed hashes should match if the same data (e.g., data line, etc.) are used in generating the hashes. If the computing device 100 determines, in block 420, that the keyed hashes do not match, the computing device 100 performs one or more error handling operations in block 422). Or see also Figs. 3-4 and associated paragraphs, wherein the Fig. 3 process performs encryption operations on data lines, and the Fig. 4 process authenticates the data lines based on the operations performed). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified ‘Nixon’ by incorporating the above features, as taught by Durham, such modification would enable the computing device to verify the integrity of the received data line, and establish an environment for memory confidentiality, integrity, and replay protection; (Durham, Para. [0024, 0040]). Regarding claim 5, Nixon as modified by Durham teaches the host system of claim 4, wherein Nixon further teaches, to detect the occurrence of the trigger event, the processing circuitry is configured to cause the host system to (Nixon in Fig. 14 and para. [0160] discloses that the device detects the triggering event): However, Nixon fails to explicitly disclose but Durham teaches determine that a threshold quantity of operations has been executed by the host system (Durham in para. [0023] discloses that the statistical counter (of the computing device 100, see Fig. 2) may increment on average approximately once every thousand write operations (e.g., threshold quantity of operations). That is, in such embodiments, the probability of incrementing at a given write operation is one one-thousandth. Or see also para. [0033] discloses that, in block 324, the computing device 100 may encrypt the data line using reduced round operations (i.e., a fewer number of rounds of operations than required by the typical algorithm). For example, in some embodiments, the computing device 100 may encrypt the data line using only 2 or 2½ rounds of AES operations (e.g., threshold quantity of operations) rather than the 10 or so rounds that are typical. Or see also para. [0091] wherein decrypting the encrypted data line comprises decrypting the encrypted data line using fewer than ten rounds of symmetric-key encryption algorithm operations (e.g., threshold quantity of operations).). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified ‘Nixon’ by incorporating the above features, as taught by Durham, such modification would enable the computing device to verify the integrity of the received data line, and establish an environment for memory confidentiality, integrity, and replay protection; (Durham, Para. [0024, 0040]). Regarding claim 6, Nixon as modified by Durham teaches the host system of claim 4, wherein Nixon fails to explicitly disclose but Durham further teaches the one or more operations are associated with second data different than the data (Durham in Fig. 3 and Para. [0037], discloses that, in block 334, the computing device 100 determines whether to re-encrypt another data line (e.g., second data). For example, in the illustrative embodiment, the computing device 100 determines whether there any other data lines corresponding with the statistical counter to encrypt or re-encrypt based on the new statistical counter value. If so, the method 300 returns to block 326 in which the computing device 100 reads the next data line, and performs operations on the next data line as described in blocks 326-332. (herein, process 300 is performed prior to verifying the data line in process 400, as depicted in Figs. 3-4)). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified ‘Nixon’ by incorporating the above features, as taught by Durham, such modification would enable the computing device to verify the integrity of the received data line, and establish an environment for memory confidentiality, integrity, and replay protection; (Durham, Para. [0024, 0040]). Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Nixon et al. (US 2020/0228342 A1; hereinafter “Nixon”) in view of Yosuke Hiratsuka (JP 7251540 B2; hereinafter “Yosuke”; provided with IDS). Regarding claim 8, Nixon teaches the host system of claim 1, wherein Nixon further teaches the processing circuitry is further configured to cause the host system to: generate a second hash based at least in part on the data [and a key inaccessible to the memory system] (Nixon in para. [0138] discloses that the requesting device then computes a cryptographic hash of the obtained event data), wherein the processing circuitry is configured to cause the host system to authenticate the data using the first hash and the second hash (Nixon in para. [0138] discloses that the requesting device then computes a cryptographic hash of the obtained event data and compares the cryptographic hash of the obtained event data to the cryptographic hash of the event data from the distributed ledger. If the cryptographic hashes are the same, the requesting device determines that the event data has not been tampered with. Otherwise, the requesting device determines that the event data from the database is unreliable. Or see also Fig. 14 and associated para. [0159-0164] discloses to authenticate the event data, the event data stored in the database is compared to the cryptographic hash included in the distributed ledger (block 1412). If there is a match, the event data has not been tampered with. For example, a regulatory agency reviewing an incident may request and obtain cryptographic hashes of event data from the distributed ledger that is included in transactions having the triggering event identifier, wherein the transaction(s) may include a cryptographic hash of the event data for the triggering event and/or a combination of the event data for the triggering event detected (at block 1402, Fig. 14). The event data is obtained from other data sources such as a database communicatively coupled to a server device 12 in the process plant 10. The regulatory agency's computing device then computes a cryptographic hash of the obtained event data and compares the cryptographic hash of the obtained event data to the cryptographic hash of the event data from the distributed ledger. If the cryptographic hashes are the same, the regulatory agency's computing device determines that the event data from the database has not been tampered with. Otherwise, the regulatory agency's computing device determines that the event data from the database is unreliable. In other embodiments, a computing device within the process plant 10 retrieves the event data stored in the database and the cryptographic hash of the event data from the distributed ledger and compares the event data to the cryptographic hash to authenticate the event data). Although, as described above, the primary reference Nixon teaches to generate a second hash based at least in part on the data, wherein the processing circuitry is configured to cause the host system to authenticate the data using the first hash and the second hash. However, Nixon fails to explicitly disclose but Yosuke teaches to generate a second hash based at least in part on a key inaccessible to the memory system (Yosuke, Fig. 4, illustrates an user electronic device 23 includes a control unit 203 (e.g., a processor such as a CPU (Central Processing Unit)) that controls processing of each unit of the electronic device 23, a storage unit 207 as a non-volatile storage medium that stores various data and software necessary for processing of the electronic device 23 […], and a drive 208 (e.g., volatile memory) that is detachable from the external media 22 and drives the connected media 22, and as disclosed in Fig. 6 and pdf page 5 (3rd – 4th & 10th paragraph), In step S5, the key generator 252 of the control unit 203 (see Fig. 5) generates a device unique key which is a private key unique to each electronic device 23. Storage control unit 256 of the control unit 203 (see Fig. 5) causes storage unit 207 (which is a non-volatile memory) to store the device unique key. This eliminates the need to generate a device unique key and store it in the electronic device 23 at the time of shipment from the factory, thus reducing the risk of leakage of the device unique key […]. In step S9, the data generator 253 of the control unit 203 (see Fig. 5) uses the device unique key to calculate the hash value of the stored data. Note that the hash function used for calculating the hash value is not particularly limited. (herein, the device unique key which is used to calculate the hash value is stored in the storage unit 207 (non-volatile memory), and is only accessible to the data generator 253 of the control unit 203, and is inaccessible to the detachable external media 22 and the server 11), or see also pdf page 8 (6th – 7th paragraph), where the license management unit 251 of the control unit 203 (see Fig. 5) reads the license communication file (containing a hash value and stored data) from external media 22 via drive 208 (e.g., volatile memory) . License management unit 251 also reads the device unique key from storage unit 207 (e.g., non-volatile memory) which is a private key unique to each electronic device 23, and calculates a hash value of the data stored in the license communication file by using the device unique key), Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified ‘Nixon’ to incorporate the teaching of Yosuke to utilize the above feature, with the motivation to determine whether the data is valid by comparing and matching the calculated hash value with the received hash value, and further prevents the stored data from being tampered, as recognized by (Yosuke, pdf page 8). Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Nixon et al. (US 2020/0228342 A1; hereinafter “Nixon”) in view of and further in view of Yang et al. (US 20140337633 A1; hereinafter “Yang”). Regarding claim 9, Nixon teaches the host system of claim 1, wherein Nixon further teaches the processing circuitry is further configured to cause the host system to: generate a second hash based at least in part on the data (Nixon in para. [0138] discloses that the requesting device then computes a cryptographic hash of the obtained event data); and However, Nixon fails to explicitly disclose but Yang teaches to truncate the second hash to generate a third hash (Yang in para. [0045 or 0048], discloses a hashing unit 365 that may perform a hashing on a given input (as provided by adder 360) based on a cryptographic hash function, such as the SHA-256 hash function, and the like. A truncation unit 370 may truncate a hash output (as provided by hashing unit 365) to a specified length, providing a shorter and fixed length for lower overhead and simpler design of an information element (IE) that carries the hashed SSID. For example, as disclosed in claim 3, the process of generating a second hash output by applying the second hash function to the second modified SSID; and truncating the second hash output with a second truncation function to produce the third hashed SSID.), wherein the processing circuitry is configured to cause the host system to authenticate the data using the first hash and the third hash (Yang in para. [0104] discloses that the AP 1007 does not respond with a Probe Response frame unless the truncated hashed SSID (e.g., third hash) generated by the AP 1007 matches with the first hashed SSID included in the Probe Request frame (shown as events 1016 and 1018) sent by the STA 1005, and as disclosed in claim 3, generating a second hash output by applying the second hash function to the second modified SSID; and truncating the second hash output with a second truncation function to produce the third hashed SSID). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified ‘Nixon’ by incorporating the above features, as taught by Yang, such modification would prevent a variety of hack attacks on an AP and STAs served by the AP, and make it more costly and difficult for an attacker to impersonate a legitimate AP or STA; Yang, Para. [0011, 0114]. Claims 10-12 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Nixon et al. (US 2020/0228342 A1; hereinafter “Nixon”) in view of Liu et al. (US 8910031 B1; hereinafter “Liu”). Regarding claim 10, Nixon teaches A host system, comprising: one or more interfaces comprising one or more signal paths operable for communications with one or more memory systems (Nixon, para. [0003, 0064 & 0083], Fig. 5 depicts exemplary components of a validating network device 500 on a distributed ledger network, the device 500 includes a communication module 506, which can be used to communicate information over a data highway to one or more other hardware devices, such as personal computers or computing devices, data historians, report generators, centralized databases, data sources, etc. The data highway utilized by the devices may include a wired communication path, a wireless communication path, or a combination of wired and wireless communication paths.); and processing circuitry coupled with the one or more interfaces and configured to cause the host system to (Nixon in para. [0083], the exemplary components of a validating network device 500 also includes at least one processor(s) 502 that is internally coupled with the memory 504, the communication module 506, external ports 510, etc.): transmit a request for data stored at a memory system of the one or more memory systems (Nixon in para. [0138] discloses to request event data from one of the distributed ledgers or data sources. Or see also para. [0247 or 0257] discloses that in response to a request to authenticate the event data, providing the cryptographic hash value corresponding to at least some of the event data from the distributed ledger along with the event data to verify authenticity of the event data.); receive, based at least in part on the request, the data and a first hash associated with the data (Nixon in para. [0138] discloses that the distributed ledger includes cryptographic hashes of the event data which are provided to the requesting device, in response to a request to authenticate the event data. Or see also para. [0247 or 0257] discloses that in response to a request to authenticate the event data, providing the cryptographic hash value corresponding to at least some of the event data from the distributed ledger along with the event data to verify authenticity of the event data); determine that the data is invalid using the first hash (Nixon in para. [0138] discloses that the requesting device then computes a cryptographic hash of the obtained event data and compares the cryptographic hash of the obtained event data to the cryptographic hash of the event data from the distributed ledger. If the cryptographic hashes are the same, the requesting device determines that the event data has not been tampered with. Otherwise, the requesting device determines that the event data from the database is unreliable. Or see also Fig. 14 and associated para. [0159-0164] discloses to authenticate the event data, the event data stored in the database is compared to the cryptographic hash included in the distributed ledger (block 1412). If there is a match, the event data has not been tampered with. For example, a regulatory agency reviewing an incident may request and obtain cryptographic hashes of event data from the distributed ledger that is included in transactions having the triggering event identifier, wherein the transaction(s) may include a cryptographic hash of the event data for the triggering event and/or a combination of the event data for the triggering event detected (at block 1402, Fig. 14). The event data is obtained from other data sources such as a database communicatively coupled to a server device 12 in the process plant 10. The regulatory agency's computing device then computes a cryptographic hash of the obtained event data and compares the cryptographic hash of the obtained event data to the cryptographic hash of the event data from the distributed ledger. If the cryptographic hashes are the same, the regulatory agency's computing device determines that the event data from the database has not been tampered with. Otherwise, the regulatory agency's computing device determines that the event data from the database is unreliable); and However, Nixon fails to explicitly disclose but Liu teaches perform one or more operations based at least in part on determining that the data is invalid (Liu in Fig. 3 and col. 10 (lines 41-53) discloses that, after the step 310, processing proceeds to a test step 312 where it is determined whether data integrity of the subject data has been verified based on the comparison operation [...]. If, at the test step 312, it is determined that there is a data integrity error, then processing proceeds to a step 316 where data integrity error processing is performed. Data integrity error processing may include requesting re-transmission of data that is determined to be corrupted, or other type of error correction processing in connection with a data scrubbing process is performed. Or see also Fig. 9 and col. 12 (lines 53-65)). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified ‘Nixon’ by incorporating the above features, as taught by Liu, such modification would provide a faster and more efficient data verification for error detection and related verification operations; Liu. Regarding claim 11, Nixon as modified by Liu teaches the host system of claim 10, wherein Nixon fails to explicitly disclose but Liu further teaches, to perform the one or more operations, the processing circuitry is configured to cause the host system to: discard the data (Liu in Fig. 3 and col. 10 (lines 41-53) discloses that, after the step 310, processing proceeds to a test step 312 where it is determined whether data integrity of the subject data has been verified based on the comparison operation [...]. If, at the test step 312, it is determined that there is a data integrity error, then processing proceeds to a step 316 where data integrity error processing is performed. Data integrity error processing may include requesting re-transmission of data that is determined to be corrupted, or other type of error correction processing in connection with a data scrubbing process is performed. (Note: Data Scrubbing AKA data cleansing is a very well-known process of identifying and fixing or removing inaccurate, incomplete or duplicate data within a dataset or storage system (Google Definition))). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified ‘Nixon’ by incorporating the above features, as taught by Liu, such modification would provide a faster and more efficient data verification for error detection and related verification operations; Liu. Regarding claim 12, Nixon as modified by Liu teaches the host system of claim 10, wherein Nixon fails to explicitly disclose but Liu further teaches, to perform the one or more operations, the processing circuitry is configured to cause the host system to: transmit, to the memory system, a request to retransmit the data (Liu in Fig. 3 and col. 10 (lines 41-53) discloses that, after the step 310, processing proceeds to a test step 312 where it is determined whether data integrity of the subject data has been verified based on the comparison operation [...]. If, at the test step 312, it is determined that there is a data integrity error, then processing proceeds to a step 316 where data integrity error processing is performed. Data integrity error processing may include requesting re-transmission of data that is determined to be corrupted). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified ‘Nixon’ by incorporating the above features, as taught by Liu, such modification would provide a faster and more efficient data verification for error detection and related verification operations; Liu. Regarding claim 15, Nixon as modified by Liu teaches the host system of claim 10, wherein Nixon further teaches the processing circuitry is further configured to cause the host system to: compare the first hash with a second hash generated by the host system, wherein the processing circuitry is configured to cause the host system to determine that the data is invalid based at least in part on the first hash not matching the second hash (Nixon in para. [0138] discloses that the requesting device then computes a cryptographic hash of the obtained event data and compares the cryptographic hash of the obtained event data to the cryptographic hash of the event data from the distributed ledger. If the cryptographic hashes are the same, the requesting device determines that the event data has not been tampered with. Otherwise, the requesting device determines that the event data from the database is unreliable. Or see also Fig. 14 and associated para. [0159-0164] discloses to authenticate the event data, the event data stored in the database is compared to the cryptographic hash included in the distributed ledger (block 1412). If there is a match, the event data has not been tampered with. For example, a regulatory agency reviewing an incident may request and obtain cryptographic hashes of event data from the distributed ledger that is included in transactions having the triggering event identifier, wherein the transaction(s) may include a cryptographic hash of the event data for the triggering event and/or a combination of the event data for the triggering event detected (at block 1402, Fig. 14). The event data is obtained from other data sources such as a database communicatively coupled to a server device 12 in the process plant 10. The regulatory agency's computing device then computes a cryptographic hash of the obtained event data and compares the cryptographic hash of the obtained event data to the cryptographic hash of the event data from the distributed ledger. If the cryptographic hashes are the same, the regulatory agency's computing device determines that the event data from the database has not been tampered with. Otherwise, the regulatory agency's computing device determines that the event data from the database is unreliable. In other embodiments, a computing device within the process plant 10 retrieves the event data stored in the database and the cryptographic hash of the event data from the distributed ledger and compares the event data to the cryptographic hash to authenticate the event data). Claims 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Nixon et al. (US 2020/0228342 A1; hereinafter “Nixon”) in view of Liu et al. (US 8910031 B1; hereinafter “Liu”) and further in view of Fruin et al. (US 20100017559 A1; hereinafter “Fruin”). Regarding claim 13, Nixon as modified by Liu teaches the host system of claim 10, wherein Nixon as modified by Liu fails to explicitly disclose but Fruin teaches, to perform the one or more operations, the processing circuitry is configured to cause the host system to: transmit, to the memory system, a command for the memory system to update an operational mode of the memory system (Fruin in para. [0044] describes that the WORM card 60 preferably implements a new command for the host to mark write operations as either "open" or "closed." This information is used in conjunction with the write filters described below to ensure that data cannot be changed or deleted after being written [...]. In one embodiment, the host uses this command by specifying either an argument of 01h for "open" or 02h for "closed." Once set, the mode is "sticky" and is not changed until the command is issued again. When the card 60 is first switched into WORM mode, the write mode defaults to "open.", and/or as disclosed in claim 4, wherein the memory device powers up in the first mode of operation and switches to the second mode of operation in response to a command from a host in communication with the memory device.). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified combination ‘Nixon-Liu’ by incorporating the above features, as taught by Fruin, in order to prevent accidental or deliberate overwrites, changes, or deletions to existing data in a WORM memory device; Fruin (Abstract). Regarding claim 14, Nixon as modified by Liu in view of Fruin teaches the host system of claim 13, wherein Nixon as modified by Liu fails to explicitly disclose but Fruin further teaches the updated operational mode comprises a read-only mode (Fruin in para. [0044] describes that the WORM card 60 preferably implements a new command for the host to mark write operations as either "open" or "closed". This information is used in conjunction with the write filters described below to ensure that data cannot be changed or deleted after being written (e.g., read-only mode). In one embodiment, the host uses this command by specifying either an argument of 01h for "open" or 02h for "closed". Once set, the mode is "sticky" and is not changed until the command is issued again.). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified combination ‘Nixon-Liu’ by incorporating the above features, as taught by Fruin, in order to prevent accidental or deliberate overwrites, changes, or deletions to existing data in a WORM memory device; Fruin (Abstract). Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Nixon et al. (US 2020/0228342 A1; hereinafter “Nixon”) in view of Liu et al. (US 8910031 B1; hereinafter “Liu”) and further in view of Yosuke Hiratsuka (JP 7251540 B2; hereinafter “Yosuke”; provided with IDS). Regarding claim 16, Nixon as modified by Liu teaches the host system of claim 10, wherein Nixon further teaches the processing circuitry is further configured to cause the host system to: generate a second hash based at least in part on the data [[and a key inaccessible to the memory system]] (Nixon in para. [0138] discloses that the requesting device then computes a cryptographic hash of the obtained event data), wherein the processing circuitry is configured to cause the host system to determine that the data is invalid using the first hash and the second hash (Nixon in para. [0138] discloses that the requesting device then computes a cryptographic hash of the obtained event data and compares the cryptographic hash of the obtained event data to the cryptographic hash of the event data from the distributed ledger. If the cryptographic hashes are the same, the requesting device determines that the event data has not been tampered with. Otherwise, the requesting device determines that the event data from the database is unreliable. Or see also Fig. 14 and associated para. [0159-0164] discloses to authenticate the event data, the event data stored in the database is compared to the cryptographic hash included in the distributed ledger (block 1412). If there is a match, the event data has not been tampered with. For example, a regulatory agency reviewing an incident may request and obtain cryptographic hashes of event data from the distributed ledger that is included in transactions having the triggering event identifier, wherein the transaction(s) may include a cryptographic hash of the event data for the triggering event and/or a combination of the event data for the triggering event detected (at block 1402, Fig. 14). The event data is obtained from other data sources such as a database communicatively coupled to a server device 12 in the process plant 10. The regulatory agency's computing device then computes a cryptographic hash of the obtained event data and compares the cryptographic hash of the obtained event data to the cryptographic hash of the event data from the distributed ledger. If the cryptographic hashes are the same, the regulatory agency's computing device determines that the event data from the database has not been tampered with. Otherwise, the regulatory agency's computing device determines that the event data from the database is unreliable.). Although, as described above, Nixon teaches to generate a second hash based at least in part on the data, wherein the processing circuitry is configured to cause the host system to authenticate the data using the first hash and the second hash. However, Nixon as modified by Liu fails to explicitly disclose but Yosuke teaches to generate a second hash based at least in part on a key inaccessible to the memory system (Yosuke, Fig. 4, illustrates an user electronic device 23 includes a control unit 203 (e.g., a processor such as a CPU (Central Processing Unit)) that controls processing of each unit of the electronic device 23, a storage unit 207 as a non-volatile storage medium that stores various data and software necessary for processing of the electronic device 23 […], and a drive 208 (e.g., volatile memory) that is detachable from the external media 22 and drives the connected media 22, and as disclosed in Fig. 6 and pdf page 5 (3rd – 4th & 10th paragraph), In step S5, the key generator 252 of the control unit 203 (see Fig. 5) generates a device unique key which is a private key unique to each electronic device 23. Storage control unit 256 of the control unit 203 (see Fig. 5) causes storage unit 207 (which is a non-volatile memory) to store the device unique key. This eliminates the need to generate a device unique key and store it in the electronic device 23 at the time of shipment from the factory, thus reducing the risk of leakage of the device unique key […]. In step S9, the data generator 253 of the control unit 203 (see Fig. 5) uses the device unique key to calculate the hash value of the stored data. Note that the hash function used for calculating the hash value is not particularly limited. (herein, the device unique key which is used to calculate the hash value is stored in the storage unit 207 (non-volatile memory), and is only accessible to the data generator 253 of the control unit 203, and is inaccessible to the detached external media 22 or server 11), or see also pdf page 8 (6th – 7th paragraph), where the license management unit 251 of the control unit 203 (see Fig. 5) reads the license communication file (containing a hash value and stored data) from external media 22 via drive 208 (e.g., volatile memory) . License management unit 251 also reads the device unique key from storage unit 207 (e.g., non-volatile memory) which is a private key unique to each electronic device 23, and calculates a hash value of the data stored in the license communication file by using the device unique key), Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination ‘Nixon-Liu’ to incorporate the teaching of Yosuke to utilize the above feature, with the motivation to determine whether the data is valid by comparing and matching the calculated hash value with the received hash value, and therefore prevents the stored data from being tampered, as recognized by (Yosuke, pdf page 8). Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Nixon et al. (US 2020/0228342 A1; hereinafter “Nixon”) in view of Liu et al. (US 8910031 B1; hereinafter “Liu”) and further in view of Yang et al. (US 20140337633 A1; hereinafter “Yang”). Regarding claim 17, Nixon as modified by Liu teaches the host system of claim 10, wherein Nixon further teaches the processing circuitry is further configured to cause the host system to: generate a second hash based at least in part on the data (Nixon in para. [0138] discloses that the requesting device then computes a cryptographic hash of the obtained event data); and However, Nixon as modified by Liu fails to explicitly disclose but Yang teaches truncate the second hash to generate a third hash (Yang in para. [0045 or 0048], discloses a hashing unit 365 that may perform a hashing on a given input (as provided by adder 360) based on a cryptographic hash function, such as the SHA-256 hash function, and the like. A truncation unit 370 may truncate a hash output (as provided by hashing unit 365) to a specified length, providing a shorter and fixed length for lower overhead and simpler design of an information element (IE) that carries the hashed SSID. For example, as disclosed in claim 3, the process of generating a second hash output by applying the second hash function to the second modified SSID; and truncating the second hash output with a second truncation function to produce the third hashed SSID.), wherein the processing circuitry is configured to cause the host system to determine that the data is invalid using the first hash and the third hash (Yang in para. [0104] discloses that the AP 1007 does not respond with a Probe Response frame unless the truncated hashed SSID generated by the AP 1007 matches with the first hashed SSID included in the Probe Request frame (shown as events 1016 and 1018) sent by the STA 1005, and as disclosed in claim 3, generating a second hash output by applying the second hash function to the second modified SSID; and truncating the second hash output with a second truncation function to produce the third hashed SSID ). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified combination ‘Nixon-Liu’ by incorporating the above features, as taught by Yang, such modification would prevent a variety of hack attacks on an AP and STAs served by the AP, and make it more costly and difficult for an attacker to impersonate a legitimate AP or STA; Yang, Para. [0011, 0114]. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See form PTO-892. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose contact number is 571-272-1239 and email: ali.cheema@uspto.gov. The examiner can normally be reached on Monday-Friday: 8:00AM – 4:00PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on 571-272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ALI H. CHEEMA/ Primary Examiner, Art Unit 2497
Read full office action

Prosecution Timeline

Nov 27, 2024
Application Filed
Jun 03, 2026
Non-Final Rejection mailed — §101, §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682035
STORAGE METHODS AND DEVICES WITH SECURE CUSTOMER-UPDATABLE MACHINE LEARNING MODELS
2y 3m to grant Granted Jul 14, 2026
Patent 12676761
GENERATING AN IDENTITY FOR A COMPUTING DEVICE USING A PHYSICAL UNCLONABLE FUNCTION
4y 7m to grant Granted Jul 07, 2026
Patent 12657049
SYSTEM AND METHOD FOR NETWORK POLICY SIMULATION
1y 7m to grant Granted Jun 16, 2026
Patent 12634146
MONITORING USER SPACE PROCESSES USING HEARTBEAT MESSAGES AUTHENTICATED BASED ON INTEGRITY MEASUREMENTS
2y 5m to grant Granted May 19, 2026
Patent 12632605
INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM
2y 0m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
74%
Grant Probability
99%
With Interview (+53.7%)
2y 11m (~1y 3m remaining)
Median Time to Grant
Low
PTA Risk
Based on 208 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month