Prosecution Insights
Last updated: July 17, 2026
Application No. 17/348,750

DEVICE-TO-DEVICE AUTHENTICATION METHOD AND PROGRAM BASED ON VIRTUAL AUTHENTICATION CODE

Final Rejection §103§112
Filed
Jun 15, 2021
Priority
Feb 24, 2020 — RE 10-2020-0022023 +2 more
Examiner
DAVIS, ZACHARY A
Art Unit
2492
Tech Center
2400 — Computer Networks
Assignee
Ssenstone Inc.
OA Round
4 (Final)
54%
Grant Probability
Moderate
5-6
OA Rounds
0m
Est. Remaining
76%
With Interview

Examiner Intelligence

Grants 54% of resolved cases
54%
Career Allowance Rate
273 granted / 506 resolved
-4.0% vs TC avg
Strong +22% interview lift
Without
With
+22.0%
Interview Lift
resolved cases with interview
Typical timeline
4y 5m
Avg Prosecution
33 currently pending
Career history
568
Total Applications
across all art units

Statute-Specific Performance

§101
1.8%
-38.2% vs TC avg
§103
65.2%
+25.2% vs TC avg
§102
24.8%
-15.2% vs TC avg
§112
7.8%
-32.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 506 resolved cases

Office Action

§103 §112
DETAILED ACTION A response was received on 21 March 2026. By this response, Claims 1, 5, 10, and 12 have been amended. Claims 3, 6, and 13 have been canceled. No new claims have been added. Claims 1, 2, 5, and 7-12 are currently pending in the present application. Response to Arguments Applicant’s arguments with respect to the rejection of Claims 1-3 and 5-13 under 35 U.S.C. 103 (pages 10-11 of the present response) have been considered but are moot in view of the new grounds of rejection set forth below. Specification The objection to the disclosure for informalities is withdrawn in light of the amendments to the specification. Applicant’s cooperation is again requested in correcting any other errors of which applicant may become aware in the specification. Claim Objections The objection to Claim 12 for informalities is withdrawn in light of the amendments to the claims. Claim Rejections - 35 USC § 112 The rejection of Claims 3 and 13 under 35 U.S.C. 112(a) for failure to comply with the written description requirement and the rejection of Claims 3, 6, and 13 under 35 U.S.C. 112(b) as indefinite are moot in light of the cancellation of the claims. The rejection of Claims 1, 2, 5, and 7-12 under 35 U.S.C. 112(b) is NOT withdrawn because not all issues have been addressed and/or because the amendments have raised new issues, as detailed below. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1, 2, 5, and 7-12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 1 recites “the time stamp data included in the third code” and “the second code included in the third code” in lines 20-21. However, although the claim previously recited time stamp data and a second code, and that the third code is generated based on the first and second codes and the time stamp data, there was not previous description of the second code or time stamp data being actually included in the third code. The above ambiguities render the claim indefinite. Claim 5 recites “the approving the authority” in line 24. There is not clear antecedent basis for this limitation in the claim, although the claim now recites approving authorization of the client device. The claim further recites “the time stamp data included in the third code” and “the second code included in the third code” in lines 30-31. However, although the claim previously recited time stamp data and a second code, and that the third code is generated based on the first and second codes and the time stamp data, there was not previous description of the second code or time stamp data being actually included in the third code. The above ambiguities render the claim indefinite. Claim 8 recites “the approving the authority” in line 3 and “the authority” in line 4. There is not clear antecedent basis for these limitations in the claims as amended. Claim 9 recites “the approved authority” in line 2. There is insufficient antecedent basis for this limitation in the claims as amended. Claim 10 recites “rolling a k-gon algorithm along a track” in lines 11-12. It is not clear how an abstract concept such as an algorithm (which is a series of steps to be performed) would be rolled along a track. The claim further recites “the time stamp data included in the third code” and “the second code included in the third code” in lines 35-36. However, although the claim previously recited time stamp data and a second code, and that the third code is generated based on the first and second codes and the time stamp data, there was not previous description of the second code or time stamp data being actually included in the third code. The above ambiguities render the claim indefinite. Claim 12 recites “the time stamp data included in the third code” and “the second code included in the third code” in lines 22-23. However, although the claim previously recited time stamp data and a second code, and that the third code is generated based on the first and second codes and the time stamp data, there was not previous description of the second code or time stamp data being actually included in the third code. The above ambiguities render the claim indefinite. Claims not specifically referred to above are rejected due to their dependence on a rejected base claim. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 2, 5, and 7-12 are rejected under 35 U.S.C. 103 as being unpatentable over Yoo, US Patent Application Publication 2019/0050849, in view of Juitt et al, US Patent 7042988, and Healy et al, US Patent 7228182. In reference to Claim 1, Yoo discloses a method that includes receiving a first code from a client device for generating a virtual authentication code (paragraph 0064), transmitting the first code to a verification device and receiving a second code (paragraph 0063), generating and transmitting a third code that is the virtual authentication code based on first and second codes (see paragraph 0071, for example), and determining whether the second code is valid (paragraph 0063, verifying the virtual code). However, Yoo does not explicitly disclose that the first code grants access to service devices or that the second code includes a hash and role information. Juitt discloses a method that includes transmitting a code that grants access to service devices (see column 10, line 53-column 12, line 7); receiving a code that includes a hash and role information (column 11, lines 19-44); and determining whether the code is valid, granting authorization based when the code is determined to be valid, and accessing service devices based on the authorization (column 10, line 53-column 12, line 7, authentication and access to service devices). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Yoo to include the grant of access, hash, and role information of Juitt, in order to improve management of networks (see Juitt, column 11, lines 14-18). However, although Yoo generally discloses using time data in generating a virtual code (paragraphs 0082-0083), neither Yoo nor Juitt explicitly discloses using time stamp data to generate the third code or that the determination that the second code is valid is based on the time stamp data. Healy discloses a method that includes generating a code based on, inter alia, other code and time stamp data and determining, based on the time stamp data whether the code is valid (column 13, lines 10-46, time stamps used in code generation and validation). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the method of Yoo and Juitt to include the use of the time stamp in the code as taught by Healy, in order to provide freshness and prevent replay (see Healy, column 13, lines 21-29; see also column 5, lines 5-18). In reference to Claim 2, Yoo, Juitt, and Healy further disclose requesting update of the second code after it has expired and generating a new third code based on the updating second code and time (see Yoo, paragraphs 0078-0081). In reference to Claim 5, Yoo discloses a method that includes receiving a first code from a client device for generating a virtual authentication code (paragraph 0064), transmitting the first code to a verification device and receiving a second code (paragraph 0063), generating and transmitting and receiving a third code that is the virtual authentication code based on first and second codes (see paragraph 0071, for example), and determining whether the second code is valid (see paragraph 0063, verification of virtual code). However, Yoo does not explicitly disclose that the first code grants access to service devices or that the second code includes a hash and role information. Juitt discloses a method that includes transmitting a code that grants access to service devices (see column 10, line 53-column 12, line 7), receiving a code that includes a hash and role information (column 11, lines 19-44), and approving the access based on a code that includes generating a hash value and verifying the generated hash value by comparing it to the included hash value (column 11, lines 19-44) and determining whether the code is valid, granting authorization based when the code is determined to be valid, and accessing service devices based on the authorization (column 10, line 53-column 12, line 7, authentication and access to service devices). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Yoo to include the grant of access, hash, and role information of Juitt, in order to improve management of networks (see Juitt, column 11, lines 14-18). However, although Yoo generally discloses using time data in generating a virtual code (paragraphs 0082-0083), neither Yoo nor Juitt explicitly discloses using time stamp data to generate the third code or that the determination that the second code is valid is based on the time stamp data. Healy discloses a method that includes generating a code based on, inter alia, other code and time stamp data and determining, based on the time stamp data whether the code is valid (column 13, lines 10-46, time stamps used in code generation and validation). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the method of Yoo and Juitt to include the use of the time stamp in the code as taught by Healy, in order to provide freshness and prevent replay (see Healy, column 13, lines 21-29; see also column 5, lines 5-18). In reference to Claims 7-9, Yoo, Juitt, and Healy further disclose requesting update of the second code after it has expired and generating a new third code based on the updating second code and time (see Yoo, paragraphs 0078-0081). In reference to Claim 10, Yoo discloses a method that includes receiving a first code from a client device for generating a virtual authentication code (paragraph 0064), transmitting the first code to a verification device and using the first code to search for a storage location based on a rolling k-gon and generating a second code based on information in the storage location (see paragraphs 0116-0119), and generating and transmitting a third code that is the virtual authentication code based on first and second codes (see paragraph 0071, for example), and determining whether the second code is valid (paragraph 0063, verifying the virtual code). However, Yoo does not explicitly disclose that the first code grants access to service devices or that the second code includes a hash and role information. Juitt discloses a method that includes transmitting a code that grants access to service devices (see column 10, line 53-column 12, line 7); authenticating a client device based on identification information (column 11, lines 19-44); generating a code that includes a hash and role information (column 11, lines 19-44); and determining whether the code is valid, granting authorization based when the code is determined to be valid, and accessing service devices based on the authorization (column 10, line 53-column 12, line 7, authentication and access to service devices). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Yoo to include the grant of access, hash, and role information of Juitt, in order to improve management of networks (see Juitt, column 11, lines 14-18). However, although Yoo generally discloses using time data in generating a virtual code (paragraphs 0082-0083), neither Yoo nor Juitt explicitly discloses using time stamp data to generate the third code or that the determination that the second code is valid is based on the time stamp data. Healy discloses a method that includes generating a code based on, inter alia, other code and time stamp data and determining, based on the time stamp data whether the code is valid (column 13, lines 10-46, time stamps used in code generation and validation). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the method of Yoo and Juitt to include the use of the time stamp in the code as taught by Healy, in order to provide freshness and prevent replay (see Healy, column 13, lines 21-29; see also column 5, lines 5-18). In reference to Claim 11, Yoo, Juitt, and Healy further disclose requesting update of the second code after it has expired and generating a new third code based on the updating second code and time (see Yoo, paragraphs 0078-0081). In reference to Claim 12, Yoo discloses a method that includes generating a first code for generating a virtual authentication code (paragraph 0064), transmitting the first code to first device and a verification device and receiving a second code (paragraph 0063), generating and transmitting a third code that is the virtual authentication code based on first and second codes (see paragraph 0071, for example), and determining whether the second code is valid (paragraph 0063, verifying the virtual code). However, Yoo does not explicitly disclose that the first code grants access to service devices or that the second code includes a hash and role information. Juitt discloses a method that includes transmitting a code that grants access to service devices (see column 10, line 53-column 12, line 7); receiving a code that includes a hash and role information (column 11, lines 19-44); and determining whether the code is valid, granting authorization based when the code is determined to be valid, and accessing service devices based on the authorization (column 10, line 53-column 12, line 7, authentication and access to service devices). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Yoo to include the grant of access, hash, and role information of Juitt, in order to improve management of networks (see Juitt, column 11, lines 14-18). However, although Yoo generally discloses using time data in generating a virtual code (paragraphs 0082-0083), neither Yoo nor Juitt explicitly discloses using time stamp data to generate the third code or that the determination that the second code is valid is based on the time stamp data. Healy discloses a method that includes generating a code based on, inter alia, other code and time stamp data and determining, based on the time stamp data whether the code is valid (column 13, lines 10-46, time stamps used in code generation and validation). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the method of Yoo and Juitt to include the use of the time stamp in the code as taught by Healy, in order to provide freshness and prevent replay (see Healy, column 13, lines 21-29; see also column 5, lines 5-18). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Benson, US Patent 5935246, discloses a mechanism that uses timestamps to ensure freshness and prevent replay attacks. Haverty, US Patent 6189096, discloses a method in which a server uses a time stamp to avoid replay attacks. Sivalingham, US Patent 7116668, discloses a method for time stamp based replay protection. Ilac et al, US Patent 7571311, discloses a scheme in which a timestamp is used to prove that a message is not a replay. Dickinson et al, US Patent 8332922, disclose a system in which time stamps are used to verify security tickets. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:00am-5:30pm, Eastern Time. Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal D Dharia can be reached at (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Zachary A. Davis/Primary Examiner, Art Unit 2492
Read full office action

Prosecution Timeline

Show 19 earlier events
Jul 08, 2025
Applicant Interview (Telephonic)
Jul 26, 2025
Examiner Interview Summary
Jan 22, 2026
Interview Requested
Mar 21, 2026
Response Filed
Jun 03, 2026
Final Rejection mailed — §103, §112
Jun 26, 2026
Interview Requested
Jul 02, 2026
Examiner Interview Summary
Jul 02, 2026
Applicant Interview (Telephonic)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12676750
Methods, Systems, and Devices for Server Control of Client Authorization Proof of Possession
4y 5m to grant Granted Jul 07, 2026
Patent 12676751
Methods, Systems, and Devices for Server Control of Client Authorization Proof of Possession
4y 5m to grant Granted Jul 07, 2026
Patent 12659750
ULTRA-WIDEBAND UNLOCK DEVICE
3y 8m to grant Granted Jun 16, 2026
Patent 12592929
TECHNIQUE FOR COMPUTING A BLOCK IN A BLOCKCHAIN NETWORK
4y 9m to grant Granted Mar 31, 2026
Patent 12566840
Systems And Methods For Creating Trustworthy Orchestration Instructions Within A Containerized Computing Environment For Validation Within An Alternate Computing Environment
3y 7m to grant Granted Mar 03, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
54%
Grant Probability
76%
With Interview (+22.0%)
4y 5m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 506 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month