Prosecution Insights
Last updated: July 17, 2026
Application No. 19/248,439

System and Method for Security-Level Based Content Encoding

Non-Final OA §101§103
Filed
Jun 24, 2025
Priority
Nov 06, 2023 — CIP of 12/237,848 +2 more
Examiner
HOANG, HAU HAI
Art Unit
2161
Tech Center
2100 — Computer Architecture & Software
Assignee
AtomBeam Technologies Inc.
OA Round
1 (Non-Final)
78%
Grant Probability
Favorable
1-2
OA Rounds
1y 7m
Est. Remaining
92%
With Interview

Examiner Intelligence

Grants 78% — above average
78%
Career Allowance Rate
392 granted / 502 resolved
+23.1% vs TC avg
Moderate +14% lift
Without
With
+13.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
17 currently pending
Career history
527
Total Applications
across all art units

Statute-Specific Performance

§101
11.8%
-28.2% vs TC avg
§103
66.8%
+26.8% vs TC avg
§102
10.1%
-29.9% vs TC avg
§112
6.2%
-33.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 502 resolved cases

Office Action

§101 §103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .Claim Objections Claim 1, 11, 2, 12, 5, 15, 6, 16 are objected to because of the following informalities Claim 1 and 11: “selectively process each portion of the content by… present the processed content to the user…” it seems that “the processed content “ should be “the processed portion of the content” Claim 2 and 12: “… receiving a modification request for a specific portion; verifying authority for the request; retrieving and decoding the portion; selecting a new encoding scheme based on a new security level; re-encoding the portion using the new encoding scheme; updating the stored information; and replacing the previously encoded portion with the newly encoded portion…” the underlined may have antecedent basis issue. Claim 5 and 15: “… determining a highest security level in the requested content…” the underlined may have antecedent basis issue. Claim 6 and 16: “… wherein the software instructions further cause the computer system to: generate a unique identifier for each access session; embed the identifier in decoded content before displaying to the user…” It seems that the underlined term should be “the unique identifier” Appropriate correction is required. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001). Claim 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1-20 of U.S. Patent No. 12381575. Although the claims at issue are not identical, they are not patentably distinct from each other because Claim(s) 1-20 of patent # 12381575 contain(s) every element of claim(s) 1-20 of the instant application and as such anticipate(s) claim(s) 1-20 of the instant application. . Application: 19248439 Patent 12381575 Claim 1 A computer system for securing content using security-level based encoding, comprising: a hardware memory, wherein the computer system is configured to execute software instructions stored on nontransitory machine-readable storage media that: receive content comprising a plurality of portions; determine a security level for each portion; encode each portion using an encoding scheme associated with its determined security level; store information associating each encoded portion with its security level; receive an access request from a user; verify the user’s authorization level; selectively process each portion of the content by: comparing the user’s authorization level with the portion’s security level; decoding portions where the user’s authorization level is sufficient; and restricting access to portions where the user’s authorization level is insufficient; present the processed content to the user; and record access activities. Claims 1 A system for implementing multilayer security using multiple codebooks, comprising: a computing device comprising at least a memory and a processor; a plurality of programming instructions stored in the memory and operable on the processor, wherein the plurality of programming instructions, when operating on the processor, cause the computing device to: receive a document for encoding, the document comprising a plurality of sections; analyze the document to identify security levels required for each section; select, for each section, an appropriate codebook from a plurality of codebooks, each codebook associated with a specific security clearance level; encode each section using its selected codebook; generate metadata for each encoded section, including an associated codebook identifier and security level; combine the encoded sections and their metadata into a secure document structure; receive a request from a user to access the secure document; authenticate the user and determine their security clearance level; for each section of the secure document: compare the user's clearance level to the section's required security level; if the user's clearance level is sufficient, decode the section using the associated codebook; if the user's clearance level is insufficient, replace the section with a redaction marker; present the decoded document to the user, with authorized sections decoded and unauthorized sections redacted; and maintain an audit trail of all encoding, decoding, and access activities. Claim 2 The computer system of claim 1, wherein the software instructions further cause the computer system to: implement security level modification process, comprising: receiving a modification request for a specific portion; verifying authority for the request; retrieving and decoding the portion; selecting a new encoding scheme based on a new security level; re-encoding the portion using the new encoding scheme; updating the stored information; and replacing the previously encoded portion with the newly encoded portion. Claim 2 The system of claim 1, wherein the plurality of programming instructions further cause the computing device to: implement a dynamic reclassification process to change the security level of a section without re-encoding the entire document, comprising: receiving a reclassification request for a specific section; verifying the authority of the user making the request; retrieving and decoding the original content of the section; selecting a new codebook based on the new security level; re-encoding the section using the new codebook; updating the section's metadata with the new codebook identifier and security level; and replacing the old, encoded section with the newly encoded section in the secure document structure. Claim 3 The computer system of claim 1, wherein encoding schemes are arranged in a hierarchical structure corresponding to authorization levels, wherein higher authorization levels provide access to content encoded with schemes of corresponding levels and all lower levels. Claim 3 The system of claim 1, wherein the plurality of codebooks are arranged in a hierarchical structure mirroring security clearance levels, and wherein a user with a higher clearance level can access sections encoded with codebooks of their level and all lower levels. Claim 4 The computer system of claim 1, wherein the software instructions further cause the computer system to: associate time-based access parameters with encoding schemes; include time-based access information in the stored information; and prevent decoding of a portion if its associated time-based access parameter has expired, even if the user has sufficient authorization level. Claim 4 The system of claim 1, wherein the plurality of programming instructions further cause the computing device to: implement an expiring access feature by: associating an expiration parameter with each codebook; including expiration information in the metadata of each encoded section; and preventing decoding of a section if its associated codebook has expired, even if the user has sufficient clearance level. Claim 5 The computer system of claim 1, wherein verifying the user’s authorization level comprises: determining a highest security level in the requested content; identifying verification requirements based on this security level; and requesting additional verification if necessary before granting access. Claim 5 The system of claim 1, wherein authenticating the user comprises implementing a multi-factor authentication process that: determines the highest security level in the requested document; identifies required authentication factors based on this security level; and prompts the user for additional authentication factors if necessary before granting access. Claim 6 The computer system of claim 1, wherein the software instructions further cause the computer system to: generate a unique identifier for each access session; embed the identifier in decoded content before displaying to the user; and record the association between the identifier, user, content, and access time. Claim 6 The system of claim 1, wherein the plurality of programming instructions further cause the computing device to: implement a watermarking feature that: generates a unique, user-specific watermark for each document access session; inserts the watermark into decoded content before displaying it to the user; and logs the association between the watermark, user, document, and access time. Claim 7 The computer system of claim 1, wherein encoding each portion comprises: dividing the portion into segments; encoding each segment; and storing the encoded segments with positional information. Claim 7 The system of claim 1, wherein encoding each section comprises: dividing the section into blocks of a predetermined size; encoding each block using the selected codebook; and storing the encoded blocks along with their position information in the secure document structure. Claim 8 The computer system of claim 1, wherein the software instructions further cause the computer system to compress the encoded portions before storing. Claim 8 The system of claim 1, wherein the plurality of programming instructions further cause the computing device to compress the encoded sections using a lossless compression algorithm before combining them into the secure document structure. Claim 9 The computer system of claim 1, wherein the software instructions further cause the computer system to: maintain a history of modifications to the content, including security level changes; enable restoration of previous versions; and tracks modification activities. Claim 9 The system of claim 1, wherein the plurality of programming instructions further cause the computing device to: implement a version control system that: maintains a history of changes to the document, including security level changes; allows rollback to previous versions of the document or specific sections; and tracks which users made which changes and when. Claim 10 The computer system of claim 1, wherein the computer system records user identification, timestamp, content identifier, portions accessed, and actions performed for each interaction with the system. Claim 10 The system of claim 1, wherein the audit trail comprises user identification, timestamp, document identifier, sections accessed, and actions performed for each interaction with the system. Claim 11 A computer-implemented method for securing content using security-level based encoding comprising the steps of: receiving content comprising a plurality of portions; determining a security level for each portion; encoding each portion using an encoding scheme associated with its determined security level; storing information associating each encoded portion with its security level; receiving an access request from a user; verifying the user’s authorization level; selectively processing each portion of the content by: comparing the user’s authorization level with the portion’s security level; decoding portions where the user’s authorization level is sufficient; and restricting access to portions where the user’s authorization level is insufficient; presenting the processed content to the user; and recording access activities. Claim 11 A method for implementing multilayer security using multiple codebooks, comprising the steps of: receiving a document for encoding, the document comprising a plurality of sections; analyzing the document to identify security levels required for each section; selecting, for each section, an appropriate codebook from a plurality of codebooks, each codebook associated with a specific security clearance level; encoding each section using its selected codebook; generating metadata for each encoded section, including an associated codebook identifier and security level; combining the encoded sections and their metadata into a secure document structure; receiving a request from a user to access the secure document; authenticating the user and determine their security clearance level; for each section of the secure document: comparing the user's clearance level to the section's required security level; if the user's clearance level is sufficient, decoding the section using the associated codebook; if the user's clearance level is insufficient, replacing the section with a redaction marker; presenting the decoded document to the user, with authorized sections decoded and unauthorized sections redacted; and maintaining an audit trail of all encoding, decoding, and access activities. Claim 12 The computer-implemented method of claim 11, further comprising the steps of: implementing a security level modification process, comprising: receiving a modification request for a specific portion; verifying authority for the request; retrieving and decoding the portion; selecting a new encoding scheme based on the new security level; re-encoding the portion using the new encoding scheme; updating the stored information; and replacing the previously encoded portion with the newly encoded portion. Claim 12 The method of claim 11, further comprising the steps of: implementing a dynamic reclassification process to change the security level of a section without re-encoding the entire document, comprising: receiving a reclassification request for a specific section; verifying the authority of the user making the request; retrieving and decoding the original content of the section; selecting a new codebook based on the new security level; re-encoding the section using the new codebook; updating the section's metadata with the new codebook identifier and security level; and replacing the old, encoded section with the newly encoded section in the secure document structure. Claim 13 The computer-implemented method of claim 11, wherein encoding schemes are arranged in a hierarchical structure corresponding to authorization levels, wherein higher authorization levels provide access to content encoded with schemes of corresponding levels and all lower levels. Claim 13 The method of claim 11, wherein the plurality of codebooks are arranged in a hierarchical structure mirroring security clearance levels, and wherein a user with a higher clearance level can access sections encoded with codebooks of their level and all lower levels. Claim 14 The computer-implemented method of claim 11, further comprising the steps of: associating time-based access parameters with encoding schemes; including time-based access information in the stored information; and preventing decoding of a portion if its associated time-based access parameter has expired, even if the user has sufficient authorization level. Claim 14 The method of claim 11, further comprising the steps of: implementing an expiring access feature by: associating an expiration parameter with each codebook; including expiration information in the metadata of each encoded section; and preventing decoding of a section if its associated codebook has expired, even if the user has sufficient clearance level. Claim 15 The computer-implemented method of claim 11, wherein verifying the user’s authorization level comprises: determining the highest security level in the requested content; identifying verification requirements based on this security level; and requesting additional verification if necessary before granting access. Claim 15 The method of claim 11, wherein authenticating the user comprises implementing a multi-factor authentication process that: determines the highest security level in the requested document; identifies required authentication factors based on this security level; and prompts the user for additional authentication factors if necessary before granting access. Claim 16 The computer-implemented method of claim 11, further comprising the steps of: generating a unique identifier for each access session; embedding the identifier in decoded content before displaying to the user; and recording the association between the identifier, user, content, and access time. Claim 16 The method of claim 11, further comprising the steps of: implementing a watermarking feature that: generates a unique, user-specific watermark for each document access session; inserts the watermark into decoded content before displaying it to the user; and logs the association between the watermark, user, document, and access time. Claim 17 The computer-implemented method of claim 11, wherein encoding each portion comprises: dividing the portion into segments; encoding each segment; and storing the encoded segments with positional information. Claim 17 The method of claim 11, wherein encoding each section comprises: dividing the section into blocks of a predetermined size; encoding each block using the selected codebook; and storing the encoded blocks along with their position information in the secure document structure. Claim 18 The computer-implemented method of claim 11, further comprising compressing the encoded portions before storing. Claim 18 The method of claim 11, further comprising the step of compressing the encoded sections using a lossless compression algorithm before combining them into the secure document structure. Claim 19 The computer-implemented method of claim 11, further comprising the steps of: maintaining a history of modifications to the content, including security level changes; enabling restoration of previous versions; and tracking modification activities. Claim 19 The method of claim 11, further comprising the steps of: implementing a version control system that: maintains a history of changes to the document, including security level changes; allows rollback to previous versions of the document or specific sections; and tracks which users made which changes and when. Claim 20 The computer-implemented method of claim 11, wherein recording access activities comprises recording user identification, timestamp, content identifier, portions accessed, and actions performed for each interaction. Claim 20 The method of claim 11, wherein the audit trail comprises user identification, timestamp, document identifier, sections accessed, and actions performed for each interaction with the system. Claim Rejections - 35 USC § 101 Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. Claim 1 Step 1, This part of the eligibility analysis evaluates whether the claim falls within any statutory category. See MPEP 2106.03. The claim recites at least computer system comprising: a hardware memory, wherein the computer system is configured to execute software instructions to perform at least one or more step or act. Thus, the claim is to a system claim, which is one of the statutory categories of invention. (Step 1: YES). Step 2A – Prong One: This part of the eligibility analysis evaluates whether the claim recites a judicial exception. As explained in MPEP 2106.04, subsection II, a claim “recites” a judicial exception when the judicial exception is “set forth” or “described” in the claim. Step “determine a security level for each portion” A person looks at a section of a document and determine that portion is confidential, secret, or top secret. The step is nothing more than observations, evaluations, or judgments, i.e., a mental process [Wingdings font/0xF3] abstract idea. Step “encode each portion using an encoding scheme associated with its determined security level” For a “top secret” portion, an ordinary skill in the art can use paper and pencil to map a word “person” of that portion to number “01”. Clearly, the limitation is nothing more than observations, evaluations, or judgments, i.e., a mental process [Wingdings font/0xF3] abstract idea. Step “verify the user’s authorization level” This step is nothing more than comparing his identification with access rules to determine his authorization. The step is nothing more than observations, evaluations, or judgments, i.e., a mental process [Wingdings font/0xF3] abstract idea. Step “selectively process each portion of the content by: comparing the user’s authorization level with the portion’s security level; decoding portions where the user’s authorization level is sufficient; restricting access to portions where the user’s authorization level is insufficient” Basically, depending his authorization level to the portion’s security level to allow or deny his access to process the portion of the content. The step is nothing more than observations, evaluations, or judgments, i.e., a mental process [Wingdings font/0xF3] abstract idea. “Unless it is clear that a claim recites distinct exceptions, such as a law of nature and an abstract idea, care should be taken not to parse the claim into multiple exceptions, particularly in claims involving abstract ideas.” MPEP 2106.04, subsection II.B. However, if possible, the examiner should consider the limitations together as a single abstract idea rather than as a plurality of separate abstract ideas to be analyzed individually. “For example, in a claim that includes a series of steps that recite mental steps as well as a mathematical calculation, an examiner should identify the claim as reciting both a mental process and a mathematical concept for Step 2A, Prong One to make the analysis clear on the record.” MPEP 2106.04, subsection II.B. Under such circumstances, however, the Supreme Court has treated such claims in the same manner as claims reciting a single judicial exception. Id. (discussing Bilski v. Kappos, 561 U.S. 593 (2010)). Here, limitations mentioned above are considered together as a single abstract idea for further analysis. (Step 2A, Prong One: YES). The claim recites the additional elements/limitations receive content comprising a plurality of portions [Wingdings font/0xF3] data gathering; store information associating each encoded portion with its security level [Wingdings font/0xF3] data storing; receive an access request from a user [Wingdings font/0xF3] data gathering; present the processed content to the user [Wingdings font/0xF3] data outputting; record access activities [Wingdings font/0xF3] data storing; a) MPEP § 2106.05(a) "Improvements to the Functioning of a Computer or to Any Other Technology or Technical Field." There is no improvement to Functioning of a Computer or to Any Other Technology or Technical Field. Data gathering, storing, displaying or outing data do not make any improvements to the functionalities of a computer (such as a specific optimization of memory, bandwidth, or processor architecture), database technology, or any other technologies. b) MPEP § 2106.05(b) Particular Machine. The judicial exception does not apply to any particular machine. The claim is silent regarding specific limitations directed to an improved computer system, processor, memory, network, database, or Internet, nor do applicant direct examiner’s attention to such specific limitations. "[T]he mere recitation of a generic computer cannot transform a patent-ineligible abstract idea into a patent-eligible invention." Alice, 573 U.S. at 223; see also Bascom Glob. Internet Servs., Inc. v. AT&T Mobility LLC, 827 F.3d 1341, 1348 (Fed. Cir. 2016) ("An abstract idea on 'an Internet computer network' or on a generic computer is still an abstract idea."). Applying this reasoning here, the claim is not directed to a particular machine, but rather merely implement an abstract idea using generic computer components such as “a computer system”, “security-level based encoding”, “a hardware memory”, “nontransitory machine-readable storage media”. Thus, the claims fail to satisfy the "tied to a particular machine" prong of the Bilski machine-or-transformation test. c) MPEP § 2106.05(c) Particular Transformation. The claim operates to gathering data, encoding data, determining data, allowing or denying access data, outputting, and record data. The steps are not a "transformation or reduction of an article into a different state or thing constituting patent-eligible subject matter[.]" See In re Bilski, 545 F.3d 943, 962 (Fed. Cir. 2008) (en bane), aff'd sub nom, Bilski v. Kappas, 561 U.S. 593 (2010); see also CyberSource Corp. v. Retail Decisions, Inc., 654 F.3d 1366, 1375 (Fed. Cir. 2011) ("The mere manipulation or reorganization of data ... does not satisfy the transformation prong."). Applying this guidance here, the claims fail to satisfy the transformation prong of the Bilski machine-or-transformation test. d) MPEP § 2106.05(e) Other Meaningful Limitations. This section of the MPEP guides: Diamond v. Diehr provides an example of a claim that recited meaningful limitations beyond generally linking the use of the judicial exception to a particular technological environment. 450 U.S. 175, ... (1981). In Diehr, the claim was directed to the use of the Arrhenius equation ( an abstract idea or law of nature) in an automated process for operating a rubber-molding press. 450 U.S. at 177-78 .... The Court evaluated additional elements such as the steps of installing rubber in a press, closing the mold, constantly measuring the temperature in the mold, and automatically opening the press at the proper time, and found them to be meaningful because they sufficiently limited the use of the mathematical equation to the practical application of molding rubber products. 450 U.S. at 184... In contrast, the claims in Alice Corp. v. CLS Bank International did not meaningfully limit the abstract idea of mitigating settlement risk. 573 U.S._ .... In particular, the Court concluded that the additional elements such as the data processing system and communications controllers recited in the system claims did not meaningfully limit the abstract idea because they merely linked the use of the abstract idea to a particular technological environment (i.e., "implementation via computers") or were well-understood, routine, conventional activity. MPEP § 2106.05(e). The additional limitations data gathering, storing, displaying or outing data are not meaningful limitations because they are pre and post-solution activities. The limitations are not meaningful limitations. e) MPEP § 2106.05(g) Insignificant Extra-Solution Activity. The additional limitations data gathering, storing, displaying or outing data are not meaningful limitations because they are pre and post-solution activities. 6) MPEP § 2106.05(h) Field of Use and Technological Environment. [T]he Supreme Court has stated that, even if a claim does not wholly pre-empt an abstract idea, it still will not be limited meaningfully if it contains only insignificant or token pre- or post-solution activity-such as identifying a relevant audience, a category of use, field of use, or technological environment. Ultramercial, Inc. v. Hulu, LLC, 722 F.3d 1335, 1346 (Fed. Cir. 2013). Additional elements “a computer system”, “security-level based encoding”, “a hardware memory”, “nontransitory machine-readable storage media” are simply a field of use that attempts to limit the abstract idea to a particular technological environment. Accordingly, the additional limitations such as data gathering, storing, displaying or outing data do not integrate the mentioned abstract ideas into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. Step 2B, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The additional limitation data gathering, storing, displaying or outing data do not recite any non-convention or non-generic arrangement. Taking these limitations as an ordered combination adds nothing that is not already present when the elements are taken individually. Therefore, the claim does not amount to significantly more than the recited abstract idea. The claim is not patent eligible. Claim 2 recites “implement security level modification process, comprising: receiving a modification request for a specific portion [Wingdings font/0xF3] data gathering; verifying authority for the request [Wingdings font/0xF3] observations => mental process; retrieving and decoding the portion [Wingdings font/0xF3] data gathering; selecting a new encoding scheme based on a new security level [Wingdings font/0xF3] observations => mental process; re-encoding the portion using the new encoding scheme [Wingdings font/0xF3] observations => mental process; updating the stored information => storing data; and replacing the previously encoded portion with the newly encoded portion => storing data” The claim does not have any addition limitation that amount to significantly more than the abstract idea. Claim 3 recites “wherein encoding schemes are arranged in a hierarchical structure corresponding to authorization levels, wherein higher authorization levels provide access to content encoded with schemes of corresponding levels and all lower levels.” Arranging data is nothing more than observations, evaluations, judgments that can be performed in human mind (i.e., a mental process [Wingdings font/0xF3] abstract idea). The claim does not have any addition limitation that amount to significantly more than the abstract idea. Claim 4 recites “associate time-based access parameters with encoding schemes; include time-based access information in the stored information [Wingdings font/0xF3] observations => mental process; and prevent decoding of a portion if its associated time-based access parameter has expired, even if the user has sufficient authorization level [Wingdings font/0xF3] observations => mental process” The claim does not have any addition limitation that amount to significantly more than the abstract idea. Claim 5 recites “wherein verifying the user’s authorization level comprises: determining a highest security level in the requested content [Wingdings font/0xF3] observations => mental process; identifying verification requirements based on this security level [Wingdings font/0xF3] observations => mental process; and requesting additional verification if necessary before granting access [Wingdings font/0xF3] observations => mental process” The claim does not have any addition limitation that amount to significantly more than the abstract idea. Claim 6 recites “generate a unique identifier for each access session => mental process; embed the identifier in decoded content before displaying to the user => storing data; and record the association between the identifier, user, content, and access time => storing data. The claim does not have any addition limitation that amount to significantly more than the abstract idea. Claim 7 recites “dividing the portion into segments [Wingdings font/0xF3] observations => mental process; encoding each segment => observations => mental process; and storing the encoded segments with positional information => storing data”. The claim does not have any addition limitation that amount to significantly more than the abstract idea. Claim 8 recites “to compress the encoded portions before storing” The claim does not have any addition limitation that amount to significantly more than the abstract idea. Claim 9 recites “maintain a history of modifications to the content, including security level changes [Wingdings font/0xF3] storing data; enable restoration of previous versions [Wingdings font/0xF3] observations identifying data; and tracks modification activities [Wingdings font/0xF3] observation => mental process” The claim does not have any addition limitation that amount to significantly more than the abstract idea. Claim 10 recites “records user identification, timestamp, content identifier, portions accessed, and actions performed for each interaction with the system [Wingdings font/0xF3] storing data” The claim does not have any addition limitation that amount to significantly more than the abstract idea. Claims 11-20 are similar to claims 1-10. The claims are rejected based on the same reasons. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 6, 7, 9, 10, 11, 16, 17, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Taneja (U.S. Pub 2017/0262619 A1), in view of Redlich (U.S. Pub 2005/0138110 A1) Claim 1 Taneja discloses a computer system for securing content using security-level based encoding, comprising (fig. 7): a hardware memory, wherein the computer system is configured to execute software instructions stored on nontransitory machine-readable storage media that (fig. 7, memory storage, 712, computer-readable media 706): receive content comprising a plurality of portions (0029], line 12-16, “… The plugin module 114… intercept calls to a file system… to open a document…” [0035], line 1-2, “… the document 202(a) includes multiple sections of content…”); determine a security level for each portion ([0035], “… A policy 204 is assigned to a section 206 of the document 202(a)… with the policy 204… another policy, such as policy 208, is assigned to a different section of the same document… The document 202(a) can also include common content, such as text item 4, which is not assigned a policy and is thus accessible by any user who opens the document 202(a)…”); encode each portion using an encoding scheme associated with its determined security level ([0028], line 1-2, “… encrypt different portions of the digital content with different policies…”); store information associating each encoded portion with its security level ([0029], “… The plugin module… mark metadata to the selected portion to enable the DRM module 112 to perform portion-level encryption… the plugin module 114 can… mark the XML structure for the selected portion with a tag associated with a policy… The tag can be stored with the final XML format of the document…” <examiner note: a tag associated with a policy for with each portion>); receive an access request from a user ([0029], line 15-16, “… the plugin module 114 can intercept a call to open a document…”); verify the user’s authorization level ([0036], line 4-7, “… when the document 202(a) is opened, the user is authenticated based on a user identity to determine if the user is authorized to access any of the protected sections of the document 202(a)…”); selectively process each portion of the content by: comparing the user’s authorization level with the portion’s security level; decoding portions where the user’s authorization level is sufficient ([0036], line8-11, “… If the user is authenticated with the policy 204 and not the policy 208, then the document 202(a) can be opened as document 202(b), which includes the section 206 along with the common content 212); and restricting access to portions where the user’s authorization level is insufficient ([0036], line 11-15, “… Notice that the section 210 is not displayed in the document 202(b) for the user. This may be because the section 210 is encrypted with a restrictive policy (e.g., policy 208) that does not allow unauthorized users to view the section 210…”); present the processed content to the user ([0036], line8-11, “… If the user is authenticated with the policy 204 and not the policy 208, then the document 202(a) can be opened as document 202(b), which includes the section 206 along with the common content 212) However, Taneja does not explicitly disclose record access activities. Redlich discloses record access activities ([0212], “… step 434, monitors and logs the location of the user making the inquiry, the type of inquiry, the time, day, date, clearance level and access level and logs all modifications to the plain text source document…”) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate recording user access activities to sensitive content as disclosed by Redlich into Taneja to allow administrator to identify unauthorized access to sensitive documents. Claim 11 is similar to claim 1. The claim is rejected based on the same reason. Claim 6 Claim 1 is included, Taneja discloses wherein the software instructions further cause the computer system to: generate a unique identifier for each access session; embed the identifier in decoded content before displaying to the user; and record the association between the identifier, user, content, and access time. PNG media_image1.png 250 438 media_image1.png Greyscale Further Redlich disclose [0384], “…Metadata provides the necessary blueprint, format, and structure retention so documents can be revised in future editing sessions…” Claim 16 is similar to claim 6. The claim is rejected based on the same reason. Claim 7 Claim 1 is included, Redlich discloses wherein encoding each portion comprises: dividing the portion into segments; encoding each segment; and storing the encoded segments with positional information ([0260] FIG. 10 diagrammatically illustrates a chart showing the key components of the parsing, dispersion, multiple storage and reconstruction (under security clearance) of data. Document or data object 100, in function element 550, is created or obtained by the input computer device. The document is stored in a normal manner in customary data store 552. A parsing algorithm function 554 is utilized in parsing step 556. The parsing algorithm, as stated earlier, targets the plaintext document or data object 100 and splits, cuts and segments (that is, parses) the document by bit count, word, word count, page, line count, paragraph count, any identifiable document or icon characteris tic, or other identifiable feature such as capital letters, italics, underline, etc. Hence, the parsed document 100 constitutes at least remainder data and data which is extracted or parsed or segmented out. ) Claim 17 is similar to claim 7. The claim is rejected based on the same reason. Claim 9 Claim 1 is included, Taneja discloses wherein the software instructions further cause the computer system to: maintain a history of modifications to the content, including security level changes; enable restoration of previous versions; and tracks modification activities ([0038] As mentioned above, the degree of access provided to the user to the section of content is dependent on the access rights granted by the policy. For instance, the user may have authorization to view, but not to copy, print, or modify the section in any way. A different user, however, may have permission to copy or print that same section, but may not have permission to modify the section. Still another user may have permission to modify that same section. In embodiments, the policy may not allow unauthorized users to view the portion. Additional examples include authorization to sign or screen capture the section…”) Claim 19 is similar to claim 9. The claim is rejected based on the same reason. Claim 10 Claim 1 is included, Redlich discloses wherein the computer system records user identification, timestamp, content identifier, portions accessed, and actions performed for each interaction with the system ([0212]) PNG media_image1.png 250 438 media_image1.png Greyscale Claim 20 is similar to claim 10. The claim is rejected based on the same reason. Claim(s) 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Taneja (U.S. Pub 2017/0262619 A1), in view of Redlich (U.S. Pub 2005/0138110 A1), as applied to claim 1 and 10 respectively, and further in view of Rafanavicius (U.S. Patent 11489669 B1) Claim 2 Claim 1 is included, Redlich discloses wherein the software instructions further cause the computer system to: implement security level modification process ([0168], line 5-7, “… step 238 permits the user to engage or disengage encryption…”), comprising: receiving a modification request for a specific portion ([0166], line 6-9, “… step 232 enables the user to designate various levels of security… enables the user to define the levels of security parameters…”); verifying authority for the request ([0168], line 5, “… step 238 permits the users…”) However, Redlich does not explicitly disclose retrieving and decoding the portion; selecting a new encoding scheme based on a new security level; re-encoding the portion using the new encoding scheme; updating the stored information; and replacing the previously encoded portion with the newly encoded portion. Rafanavicius retrieving and decoding the portion (fig. 3, step 320, obtain chunk of encrypted file, step 330, decrypt chunk using old key); selecting a new encoding scheme based on a new security level (col 4, line 27-28, “… the rotation of the keys…” col 5, line 45-48, “… the present inventive concept change the file encryption key for all users who still retain access, so that even if the system is compromised, further changes to data after the key revocation cannot be seen by users whose access has been revoked…”); re-encoding the portion using the new encoding scheme (fig. 3, re-encrypt chunk using new key); updating the stored information (col 6, line 7-9, “… send the “new key” in an crypted form to the key store…”); and replacing the previously encoded portion with the newly encoded portion (fig. 3, upload re-encrypted chunk to the server 350, reassemble chunks into a file, store the file and update key store with the new key) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate steps the secure content during the rotation of the keys and encryption/re-encryption process as disclosed by Rafanavicius into Redlich because when a user's access to one or more files is revoked, embodiments of the present inventive concept remove the user's ability to retrieve encrypted files and retrieve encryption keys for those files. While this is safe access control wise, it may not be safe in a cryptographic sense, since file encryption keys can be cached, and encrypted files can be retrieved using other means. Thus, embodiments of the present inventive concept change the file encryption key for all users who still retain access, so that even if the system is compromised, further changes to data after the key revocation cannot be seen by users whose access has been revoked. Claim 12 is similar to claim 2. The claim is rejected based on the same reason. Claim(s) 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Taneja (U.S. Pub 2017/0262619 A1), in view of Redlich (U.S. Pub 2005/0138110 A1), as applied to claim 1 and 10 respectively, and further in view of Kluttz (U.S. Patent 6598161 B1) Claim 3 Claim 1 is included, however, Taneja does not explicitly disclose wherein encoding schemes are arranged in a hierarchical structure corresponding to authorization levels, wherein higher authorization levels provide access to content encoded with schemes of corresponding levels and all lower levels. Kluttz discloses wherein encoding schemes are arranged in a hierarchical structure corresponding to authorization levels, wherein higher authorization levels provide access to content encoded with schemes of corresponding levels and all lower levels (col 6, line 3-, “… each portion of the document 100 is sequentially encrypted with all lower levels of security keys. Thus, for example, the top-secret portion 116 of the document 100 would be encrypted with the top-secret key 104. The encrypted top-secret portion and the unencrypted secret portion of the document 100 are then encrypted with the secret key 106. The encrypted top-secret portion, the encrypted secret portion, and the unencrypted confidential portion 112 are then encrypted with the confidential key 108. Thus, the top-secret portion 116 may be sequentially encrypted with the top-secret key 104, the secret key 106, and the confidential key 108… Thus, a user with top secret clearance would receive all three keys in FIG. 3…” <examiner note: there are several encoding schemes top-secret, secret, and confidential. A person with top-secret clearance will have all encryption keys to all security levels>) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a set of encryption keys corresponding to the portions of the document to be decrypted by an intended recipient of the document is incorporated into the document as disclosed by Kluttz into Taneja because by incorporating the encryption keys into the document, the document may be selectively decrypted without requiring further information about the document. Furthermore, the intended recipients and their respective levels of access may be controlled by controlling the sets of encryption keys that are incorporated into the document. Thus, the document may provide a self-contained mechanism for providing controlled access to the contents of the document. Claim 13 is similar to claim 3. The claim is rejected based on the same reason. Claim(s) 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Taneja (U.S. Pub 2017/0262619 A1), in view of Redlich (U.S. Pub 2005/0138110 A1), as applied to claim 1 and 10 respectively, and further in view of Parthasarathy (U.S. Pub 2020/0099667 A1) Claim 4 Claim 1 is included, however, Taneja does not explicitly disclose wherein the software instructions further cause the computer system to: associate time-based access parameters with encoding schemes; include time-based access information in the stored information; and prevent decoding of a portion if its associated time-based access parameter has expired, even if the user has sufficient authorization level. Parthasarathy discloses associate time-based access parameters with encoding schemes ([0045], line 1-3, “… the sender user 104 can provide input that defines expiration data 118 associated with the encrypted content 112…”); include time-based access information in the stored information ([0045], “… the expiration data 118 can be communicated to the email service 102 and the encryption/decryption module 114 uses the expiration data 118 to manage access rights 120…” <examiner note: the expiration data is stored in the email service>); and prevent decoding of a portion if its associated time-based access parameter has expired, even if the user has sufficient authorization level ([0047], “… When the recipient user 122 provides input… to request decrypted access to the encrypted content 112, the encryption/decryption module 114 of the email service 102 is configured to compare a time at which decrypted access to the encrypted content 112 is requested to the time at which the decrypted access rights to the encrypted content are configured to expire, as pre-set by the sender user 104…” [0048], “… If decrypted access is requested after the time at which expiration occurs, the encryption/decryption module 114 of the email service 102 is configured to prevent access to the key useable to decrypt the encrypted content 112. Consequently, the recipient user 122 is unable to access and view the confidential and sensitive information encrypted and sent by the sender user 104…”) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include time period associated with encrypted content as disclosed by Parthasarathy into Taneja so that upon expiration of the time period, the decrypted access rights to the encrypted content are revoked for the recipient of the encrypted content, thereby providing a proactive element of protection and security for confidential and/or sensitive information (e.g., the content encrypted) in the content. Claim 14 is similar to claim 4. The claim is rejected based on the same reason Claim(s) 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Taneja (U.S. Pub 2017/0262619 A1), in view of Redlich (U.S. Pub 2005/0138110 A1), as applied to claim 1 and 10 respectively, and further in view of Badhwar (U.S. Pub 2021/0194883 A1) Claim 5 Claim 1 is included, however, Taneja does not explicitly disclose wherein verifying the user’s authorization level comprises: determining a highest security level in the requested content; identifying verification requirements based on this security level; and requesting additional verification if necessary before granting access. Badhwar discloses determining a highest security level in the requested content ([0049], “… user request to access the web application…” [0052], “… the server system then authenticates an identity of the user…” [0053], “… If the user is successfully authenticated, then after the user is authenticated and before the user is authorized to access the web application, the server system generates a user risk profile against the user (step 206). ..”); identifying verification requirements based on this security level; and requesting additional verification if necessary before granting access ([0055], “… After the user risk profile has already been generated for the current session, the server system authorizes the user to access the web application (step 210). As the user browses the web application, the server system monitors and detects each action of the user on the web application (step 212). Once an action is detected, the server system assesses the risk of the action of the user on the web application to determine whether a step-up authentication is required to re-authenticate and authorize the user to perform the action (step 214)…”) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate step-up authentication as disclosed by Badhwar into Taneja because by dynamically performing a step-up authentication in response to a detection of a risky user action or behavior on the web application. The strength level of the step-up authentication is adaptive to a user risk profile generated in real time for each user session and an action risk profile generated in real time for the user action on the web application. Claim(s) 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Taneja (U.S. Pub 2017/0262619 A1), in view of Redlich (U.S. Pub 2005/0138110 A1), as applied to claim 1 and 10 respectively, and further in view of Hazay (U.S. Pub 2015/0156178 A1) Claim 8 Claim 1 is included, however, Taneja does not explicitly disclose wherein the software instructions further cause the computer system to compress the encoded portions before storing. Hazay discloses compress the encoded portions before storing (fig. 2, encrypted data goes into compressor) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate compressing encrypted data as disclosed by Hazay into Taneja because compressed data will reduce amount of data transmitting over network thereby maximizing the utilization of its resources Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAU HAI HOANG whose telephone number is (571)270-5894. The examiner can normally be reached 1st biwk: Mon-Thurs 7:00 AM-5:00 PM; 2nd biwk: Mon-Thurs: 7:00 am-5:00pm, Fri: 7:00 am - 4:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Boris Gorney can be reached at 571-270-5626. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. HAU HAI. HOANG Primary Examiner Art Unit 2154 /HAU H HOANG/ Primary Examiner, Art Unit 2154
Read full office action

Prosecution Timeline

Jun 24, 2025
Application Filed
Apr 23, 2026
Non-Final Rejection mailed — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12675486
Indicator query method and system, electronic device and storage medium
1y 5m to grant Granted Jul 07, 2026
Patent 12670134
APPROXIMATE QUERY EQUIVALENCE FOR FEATURE STORES IN MACHINE LEARNING OPERATIONS PRODUCTS
2y 0m to grant Granted Jun 30, 2026
Patent 12657244
INTER-DOCUMENT ATTENTION MECHANISM
2y 1m to grant Granted Jun 16, 2026
Patent 12632429
CHARACTERIZING AND FORECASTING EVOLVING QUERY WORKLOADS
1y 5m to grant Granted May 19, 2026
Patent 12632457
CONTEXTUALIZED TOKEN RETRIEVER
1y 4m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
78%
Grant Probability
92%
With Interview (+13.7%)
2y 8m (~1y 7m remaining)
Median Time to Grant
Low
PTA Risk
Based on 502 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month