Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsSchlage Lock Company LLC › 17942785
Last updated: April 19, 2026
Application No. 17/942,785

WIRELESS ACCESS CREDENTIAL SYSTEM

Non-Final OA §103
Filed
Sep 12, 2022
Examiner
NOEL, LYDIA LOUIS-FILS
Art Unit
2437
Tech Center
2400 — Computer Networks
Assignee
Schlage Lock Company LLC
OA Round
4 (Non-Final)
70%
Grant Probability
Favorable
4-5
OA Rounds
3y 1m
To Grant
91%
With Interview

Interview Optional

+20.7% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 94 resolved cases, 2023–2026

Examiner Intelligence

NOEL, LYDIA LOUIS-FILS View full profile →
Grants 70% — above average
70%
Career Allow Rate
66 granted / 94 resolved
+12.2% vs TC avg
Strong +21% interview lift
Without
With
+20.7%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
36 currently pending
Career history
130
Total Applications
across all art units

Statute-Specific Performance

§101
5.8%
-34.2% vs TC avg
§103
60.8%
+20.8% vs TC avg
§102
10.0%
-30.0% vs TC avg
§112
18.8%
-21.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 94 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to Amendment filed on 10/27/2025. In the instant Amendment, claims 44-45 have been added, claims 21, 31, and 43 are independent claims. Claims 21, 24-31, 35-43 have been examined and are pending. Information Disclosure Statement The information disclosure statement (IDS) submitted on 1/16/2026, 02/11/2026, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Response to Arguments Applicants’ arguments filed on 10/27/2025 regarding the previous amended claim limitations of claims 26-27, 29, 41, and 43 have been considered and persuasive, therefore the non-final of the action dated 07/25/2025 is withdrawn and the current action replaces it. Applicants’ arguments filed on 10/27/2025 have been fully considered but are not persuasive. Applicant argues that independent claim 21 is patentable over the combination of Briskey in view of Powell, Conrad, and Dua because the cited references allegedly fail to teach or suggest “a credential management system to call the mobile access hub via a credential management application programming interface to generate a Short Message Service (SMS) message that includes a deep link for retrieval of the BLE access credential from the mobile access hub via a mobile application of a mobile device associated with the user,” and further argues that the Examiner has improperly treated the claim limitations as a “mere catalog of separate parts,” allegedly in violation of Lindemann Maschinenfabrik GMBH v. American Hoist and Derrick Company and KSR International Co. v. Teleflex Inc. The Examiner respectfully disagrees. The Examiner has not improperly treated the claim limitations as a mere catalog of parts. Briskey explicitly teaches a credential management system configured to issue a credential to a mobile device responsive to a request and to provide a link enabling retrieval of the credential. Specifically, Briskey teaches that a mobile device sends a request signal to the server, and the server applies a credentialing module to determine and assign a credential operable to open the releasable latch of the vehicle key box (Briskey, para [0044]). Further, Briskey teaches transmitting a verification message including a link that allows the mobile device to retrieve the credential, wherein “a verification message can be sent to the mobile device with a link to access the credential 96,” and “the credential 96 can be transferred to the mobile device responsive to activation of the link” (Briskey para [0050]). This disclosure teaches a credential management system issuing a credential and providing a link that enables retrieval of the credential by the mobile device, as recited in the claims. Powell further teaches transmitting credentials to a mobile device via SMS messaging, wherein “the credential server 210 sends (at 920) a MT-SMS to the mobile station 215,” and the SMS includes credential information used by the mobile station (Powell, para [55–56]). This disclosure teaches generating and transmitting SMS messages containing credential information to a mobile device. Conrad further teaches transmitting activation links via SMS or other messaging systems that enable retrieval and activation of access credentials via a mobile application. Specifically, Conrad teaches that “the server may send a notification email or text/SMS message,” wherein “the notification may include an activation link to be clicked,” and upon activation, “the server can then generate and transmit the encrypted guest profile and access key to a mobile device of the guest via the management application” (Conrad, para [47–48], [106–107]). This disclosure teaches transmitting an activation link via SMS that enables retrieval of access credentials via a mobile application, as claimed. Dua further teaches issuing credentials responsive to a request from an administrative system and updating a database to associate the credential with the mobile device. Specifically, Dua teaches that “the credential issuance process begins with receiving a request from the issuer’s card or user management system to issue electronic credentials to an individual user,” and further teaches maintaining a database in which credential information is associated with user accounts and updated accordingly (Dua, para [59], [86–89], [166]). This disclosure teaches issuing credentials responsive to an administrative request and updating a database to associate credentials with a mobile device. It would have been obvious to one of ordinary skill in the art at the time of the invention to modify Briskey to incorporate the SMS-based credential delivery mechanism taught by Powell, the activation link credential retrieval mechanism taught by Conrad, and the administrative credential issuance and database association mechanisms taught by Dua in order to improve credential delivery reliability, enable secure retrieval of credentials using mobile applications, and ensure proper administrative control and association of credentials with authorized mobile devices. SMS messaging and activation link delivery were well-known mechanisms for securely provisioning credentials to mobile devices, and incorporating these known techniques into Briskey’s credential management system would have represented the predictable use of prior art elements according to their established functions, yielding predictable results, consistent with KSR International Co. v. Teleflex Inc., 550 U.S. 398 (2007). The examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). The cited references collectively teach the claimed system architecture and functional relationships between the credential management system, administrative system, mobile device, and access control system. Therefore, the combination of Briskey in view of Powell, Conrad, and Dua renders obvious each limitation of independent claim 21. Accordingly, the rejection of claims 21, 24–31, and 35–43 under 35 U.S.C. § 103 is maintained. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 21, 24-26, 28, 30-31, and 35-37, 39, 41-42 are rejected under 35 U.S.C. 103 as being unpatentable over Briskey (U.S. PGPub. US 20190139337 A1; Hereinafter "Briskey") in view of Powell et al. (U.S. PGPub. No. US 20070197237 A1 ; Hereinafter “Powell”); Conrad et al. (U.S. PGPub. No. US 20160036788 A1; Hereinafter “Conrad”); and Dua (U.S. PGPub. No. 20150095175 A1; Hereinafter "Dua"). As per claims 21, 31, Briskey teaches an access control system, comprising (Briskey: fig. 1, The vehicle key access control system 20): an administrative system (fig.1 user system 10) ( Briskey: para[31], “A user system 10 may be operable to interface with the mobile credential management system 29 and can include a user interface 12, a processor 14 (e.g., microprocessor), and an electronic storage medium 16 that may be computer writeable and readable.”); an access control edge system (fig. 1, vehicle key box 28) comprising a lock mechanism and a Bluetooth Low Energy (BLE) communication circuitry (Briskey: para[30], “The vehicle key box 28 may include a casing 36, lockable key repository 38, a receiver 40, a transmitter 42, a key presence device 44, and a controller 46”, “the vehicle key box 28, or controller 46, may include a Bluetooth device capable of transmitting the vehicle key box identifier 54. The transceiver (i.e., receiver 40 and transmitter 42) may be of a type to support Bluetooth® communications.”); and a credential management system (fig. 1, credential management system 29) to (i) issue a BLE access credential to a user (Briskey: para [40-44], [50] “At block 502, the mobile credential management system 29 issues a credential 96 to a mobile device 24 operable to trigger opening of a releasable latch 57 of a vehicle key box 28 responsive to receiving the credential 96 within an assigned window of time. The credential 96 can be issued in response to a scheduling request identifying the vehicle 25 and the assigned window of time… A verification message can be sent to the mobile device 24 with a link to access the credential 96 responsive to the scheduling request. The link may be displayed as a hyperlink on the user interface 76 (e.g., as part of credential information 210).”) wherein the access control edge system is to (i) receive the BLE access credential from the mobile device (fig. 1, a mobile device 24) via the BLE communication circuitry (Briskey: para[45], “When the mobile device 24 is proximate to the vehicle key box 28, the mobile device 24 may output a retrieve key signal over a communication interface 98 to the vehicle key box 28. The retrieve key signal may contain the credential 96 with assigned validation information initially provided by the server 30”, para[35], “The vehicle key box 28 may further communicate with the mobile device 24 by way of Near-Field Communications (NFC) or two-way Bluetooth communications” ) and (ii) unlock the lock mechanism in response to successful authentication of the BLE access credential (Briskey: para [45], [51], “The validation application 52 of the vehicle key box 28 may validate the user, then unlatch the key repository 38”). Briskey does not explicitly teach a mobile access hub; (ii) call the mobile access hub via a credential management application programming interface to generate a Short Message Service (SMS) message that includes a deep link for retrieval of the BLE access credential from the mobile access hub via a mobile application of a mobile device associated with the user, and (iii)transmit the BLE access credential to the mobile access hub; wherein the mobile access hub is to (i) generate the SMS message that includes the deep link, (ii) transmit the SMS message that includes the deep link to the mobile device, and (iii) transmit the BLE access credential to the mobile device associated with the user based on the deep link. Also, although Briskey disclosed a user system (administrative system) that communicates with the credential management system and send data/notification request to the credential management system, Briskey does not disclose that the credentials are issued in response to a request for issuance of the BLE access credential by the administrative system; wherein the administrative system is to update an access control database to associate the BLE access credential with the mobile device. However, in the related art, Powell teaches a credential management system (credential server 210 ) (Powell: para[36-37], “The system 200 includes a provisioning server 205 and a credential server 210”); (ii) call the mobile access hub via a credential management application programming interface to generate a Short Message Service (SMS) message(Powell: para[54-55], “The access point 220 includes a configuration software that sends (at 910) a message to the credential server 210 that includes the identification, credentials, location name, and the VoIP line identification of the access point. In some embodiments, when the mobile station stores the VoIP line identification of an access point, the mobile station is considered a trusted device and does not require a PIN to connect to the access point… The credential server 210 receives (at 915) the message”); wherein the mobile access hub is to (i) generate the SMS message (ii) transmit the SMS message to the mobile device, and (iii) transmit the BLE access credential to the mobile device associated with the user (Powell: para[55-56], “The credential server 210 sends (at 920) a MT-SMS to the mobile station 215. The SMS includes the identification, credentials, location name, and the VoIP line identification of the access point. The mobile station receives (at 925) the SMS and stores the access point identification, credentials, location name, and VoIP line identification for the next connection attempt to the access point.”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify the access credential issued by the credential management system of Briskey to incorporate the SMS-based credential delivery mechanism taught by Powell, it will improve credential delivery reliability (Powell: para[41]). Briskey in view of Powell does not explicitly teach deep link for retrieval of the BLE access credential from the mobile access hub via a mobile application of a mobile device associated with the user, and transmit the SMS including the deep link; in response to a request for issuance of the BLE access credential by the administrative system; wherein the administrative system is to update an access control database to associate the BLE access credential with the mobile device. However, in the related art, Conrad teaches deep link for retrieval of the BLE access credential from the mobile access hub via a mobile application of a mobile device associated with the user, transmit the SMS including the deep link (Conrad: para[47-48], [106-107], “the server may send a notification email or text/SMS message/alert to the guest based on information that the user provided (e.g., an email address, phone number, etc.) when the user set up the guest profile. Upon reception of a notification, a guest may then activate his or her profile that was created by the user. For example, the notification may include an activation link to be clicked (e.g., within the email or message) or code that the guest is required to provide. The guest may also install the management application discussed herein and use the application to activate the guest profile using an activation code. Upon activation and installation of the management application, the server can then generate and transmit the encrypted guest profile and access key to a mobile device of the guest via the management application. After receiving the encrypted guest profile and access key, each may be stored in the guest's mobile device to associate the guest's device with the lock. The guest may then use his or her mobile device to interact with the lock”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify the access credential issued by the credential management system of Briskey as modified by Powell to incorporate the activation link credential retrieval mechanism taught by Conrad, in order to enable secure retrieval of credentials using mobile applications (Conrad: para[81]) Briskey in view of Powell and Conrad does not explicitly teach in response to a request for issuance of the BLE access credential by the administrative system; wherein the administrative system is to update an access control database to associate the BLE access credential with the mobile device. However, in the related art, Dua teaches in response to a request for issuance of the BLE access credential by the administrative system (Dua: fig. 1, para[59], “The credential issuance process begins with WCM 110 receiving a request from the issuer's card or user management system 120 to issue electronic credentials to an individual user (see step 310). The request is forwarded to WCM 110 along with the user's mobile (E.164) number, the credentials to be issued, encryption keys, and other information contained in the Personalization File for the specific request.” ); wherein the administrative system is to update an access control database to associate the BLE access credential with the mobile device (Dua: para[ 86-89], [166], claims 1 and 18 “at least one storage device to store a database including user accounts, wherein each user account contains at least one linked payment account number and at least one token account number that is used to authorize a payment transaction between the merchant POS system and the system.. wherein the credential issuance system issues the token account number to a mobile device via a wireless network and the Internet… wherein a token credential account number assigned to the user account within the database is updated by an issuer”, para[242], “The ENUM Provisioner application can be interfaced with a mobile operator's user management system or LDAP server to accept qualified updates to the ENUM database..”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify the access credential issued by the credential management system of Briskey as modified by Powell and Conrad to incorporate the administrative credential issuance and database association mechanisms taught by Dua in order to ensure proper administrative control and association of credentials with authorized mobile devices (Dua: para[41]). As per claims 24 and 35, Briskey in view of Powell, Conrad, and Dua teaches the independent claim 21. Dua teaches wherein the credential management system is further to receive the request for issuance of the BLE access credential via a web portal (Dua: para [57], [179], “The bank customer could request the new credential over the phone by first validating his or her identity with the issuer, by logging into the issuer's secure web site using a valid username and password, or in person at a branch.”). As per claims 25 and 36, Briskey in view of Powell, Conrad, and Dua teaches the independent claim 21. Briskey teaches wherein the credential management system is further to receive the request for issuance of the BLE access credential via an automated integrated application programming interface between the administrative system and the credential management system (Briskey: para[31], “The application 18 can enable a user, such as a salesperson or other person associated with controlling access to the vehicle 25, to interface with the mobile credential management system 29 through one or more communication interface 110, including sending requests 112 to and receiving data/notification messages 114 from the mobile credential management system 29”). As per claims 26 and 37, Briskey in view of Powell, Conrad, and Dua teaches the independent claim 21. Powell teaches wherein to issue the BLE access credential comprises to ensure that a credential value of the BLE access credential is unique to a site at which the access control edge system is physically located (Briskey: para[36- 39], “Each vehicle key box 28 may include a key box identifier 54 associated with the vehicle key box 28 and/or the vehicle 25….the server 30 may be configured to correlate the key box identifier 54 of the vehicle key box 28 to a specific site of the vehicle lock 26, which utilizes the vehicle key box 28.”). As per claim 28, Briskey in view of Powell, Conrad, and Dua teaches the independent claim 21. Briskey teaches wherein the access control edge system is further to perform authentication of the BLE access credential (Briskey: para [45], [51], “The validation application 52 of the vehicle key box 28 may validate the user, then unlatch the key repository 38”). As per claim 30, Briskey in view of Powell, Conrad, and Dua teaches the independent claim 21. Briskey teaches wherein the at least one of the credential management system or the mobile access hub is a cloud-based system (Briskey: [0030] “credential management system 29 including at least one server 30 that may be…cloud-based.). As per claim 39, Briskey in view of Powell, Conrad, and Dua teaches the independent claim 31. Briskey teaches performing, by the access control edge device, authentication of the BLE access credential (Briskey: para [45], [51], “The validation application 52 of the vehicle key box 28 may validate the user, then unlatch the key repository 38”); and wherein the access control edge device comprises the electronic lock (Briskey: para[30], “The vehicle key box 28 may include a casing 36, lockable key repository 38, a receiver 40, a transmitter 42, a key presence device 44, and a controller 46”, “the vehicle key box 28, or controller 46, may include a Bluetooth device capable of transmitting the vehicle key box identifier 54. The transceiver (i.e., receiver 40 and transmitter 42) may be of a type to support Bluetooth® communications.”). As per claim 41, Briskey in view of Powell, Conrad, and Dua teaches the independent claim 31.Conrad teaches transmitting, by the access control device, the BLE access credential to the mobile device via the BLE communication connection in response to a determination of a user intent to access a passageway secured by the electronic lock, wherein the user intent is conveyed without user interaction with the mobile device (Conrad: para [50], [80-82], “the lock may be woken up out of a low power standby or sleep state (302). For example, the lock may be touched by a user, or the proximity of the user may be automatically detected... upon waking out of the low power sleep state, the lock may broadcast or otherwise advertise a unique lock identifier associated with the lock (e.g., an identifier that is formed from its model and/or serial number).” para [32], [117], “After encryption, the encrypted profile is transmitted from a server to the mobile device (1310). The received encrypted profile and user key are then stored in a memory of the mobile device in order to complete the association of the mobile device with the lock. The user may then use his or her mobile device to interact with the lock (1312). In some embodiments, the user may use the application on the mobile device to customize the lock entry..”,). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify the access credential issued by the credential management system of Briskey as modified by Powell to incorporate the activation link credential retrieval mechanism taught by Conrad, in order to enable secure retrieval of credentials using mobile applications (Conrad: para[81]) As per claim 42, Briskey in view of Powell, Conrad, and Dua teaches the independent claim 31. Conrad teaches wherein unlocking the lock mechanism of the electronic lock comprises unlocking the lock mechanism in response to a determination of a user intent to access a passageway secured by the electronic lock (Conrad: para[32], [117], “ In some embodiments, the user may use the application on the mobile device to customize the lock entry.”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify the access credential issued by the credential management system of Briskey as modified by Powell to incorporate the activation link credential retrieval mechanism taught by Conrad, in order to enable secure retrieval of credentials using mobile applications (Conrad: para[81]) Claims 27, 38 are rejected under 35 U.S.C. 103 as being unpatentable over Briskey (U.S. PGPub. US 20190139337 A1; Hereinafter "Briskey") in view of Powell et al. (U.S. PGPub. No. US 20070197237 A1 ; Hereinafter “Powell”); Conrad et al. (U.S. PGPub. No. US 20160036788 A1; Hereinafter “Conrad”); Dua (U.S. PGPub. No. 20150095175 A1; Hereinafter "Dua"), and Robinton (U.S. PGPub. No. 20160080343 A1; Hereinafter " Robinton "). As per claims 27 and 38, Briskey in view of Powell, Conrad, and Dua teaches the independent claim 21. Robinton teaches wherein to issue the BLE access credential comprises to issue the BLE access credential in response to a determination that an entity associated with the administrative system has sufficient credential credits for issuance of a new BLE access credential, wherein a predefined number of credential credits is required for each issuance of a new BLE access credential (Robinton: para[57], “[0057] The method 400 continues with the credential issuer 128 receiving the request for a guest credential from the trusted mobile device 104 and analyzing the request to determine whether or not to issue a guest credential (step 416). This determination may be based solely on an analysis of the information contained in the received request. This determination may also consider other information. For instance, the credential issuer 128 may only be allowed to issue a predetermined number of guest credentials at a given time or have a predetermined number of guest credentials outstanding. If the predetermined number of guest credentials are already issued or still active, then the credential issuer 128 may determine not to issue the guest credential.”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify the credential management system of Briskey to incorporate the issuance control mechanism taught by Robinton it would allow the credential management system to limit credential issuance based on availability of credential capacity, thereby preventing excessive an unauthorized credential issuance and improving the system security (Robinton: para[04]) Claims 29, 40 are rejected under 35 U.S.C. 103 as being unpatentable over Briskey (U.S. PGPub. US 20190139337 A1; Hereinafter "Briskey") in view of Powell et al. (U.S. PGPub. No. US 20070197237 A1 ; Hereinafter “Powell”); Conrad et al. (U.S. PGPub. No. US 20160036788 A1; Hereinafter “Conrad”); Dua (U.S. PGPub. No. 20150095175 A1; Hereinafter "Dua"), and Mani et al. (U.S. PGPub. No. 20190312737 A1; Hereinafter " Mani "). As per claims 29 and 40, Briskey in view of Powell, Conrad, and Dua teaches the independent claim 21. Mani teaches wherein the access control edge system comprises an (i) electronic lock including the lock mechanism (Mani: fig. 1, para[30], “an access control point 104 may be a physical facility or a computer-based information system. In some embodiments, an access control point 104 may be a door, turnstile, parking gate, elevator, or other physical barrier, where granting access can be electronically controlled. The access control point 104 may include an electronic lock which is operated by the access control system”) and (ii) a peripheral controller that is not integrated with the electronic lock, wherein the peripheral controller is configured to authenticate the BLE access credential (Mani: fig 1, 4, para[57], [60] “the access control system may include a reader device 434 and an access control board 436. The reader device 434 may be an example of the access control reader 102 depicted in FIG. 1. Upon receiving an access credential from an access control mechanism, the reader device 434 may relay the access credential to the universal access control device 406 and subsequently to the access control board 436. The access control board 436 may compare the access credential to entries on a control list stored within access control data 438….Upon determining that the access credential is valid (e.g., matches an entry in the access control data 438), the access control board 436 may grant access to an access control point (e.g., cause an electronic lock to open).”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify Briskey to incorporate the separate peripheral controller authentication architecture taught by Mani in order to improve system modularity and allow centralized credential authentication (Mani: para [02-04]) Claim 43 is rejected under 35 U.S.C. 103 as being unpatentable over Briskey (U.S. PGPub. US 20190139337 A1; Hereinafter "Briskey") in view of Mani et al. (U.S. PGPub. No. 20190312737 A1; Hereinafter " Mani "); Conrad et al. (U.S. PGPub. No. US 20160036788 A1; Hereinafter “Conrad”); and Dua (U.S. PGPub. No. 20150095175 A1; Hereinafter "Dua"). Briskey teaches an access control system (fig. 1, vehicle key box 28) (Briskey: para[30], “The vehicle key box 28 may include a casing 36, lockable key repository 38, a receiver 40, a transmitter 42, a key presence device 44, and a controller 46” ), comprising: an administrative system (fig.1 user system 10) ( Briskey: para [30-31], [42] “A user system 10 may be operable to interface with the mobile credential management system 29 and can include a user interface 12, a processor 14 (e.g., microprocessor), and an electronic storage medium 16 that may be computer writeable and readable.”); a physical lock mechanism configured to control access (Briskey: para [32], [42], “The lockable key repository 38 includes… releasable latch 57… controlled by controller 46”); and a credential management system (fig. 1, credential management system 29) to (i) issue a BLE access credential to a user (Briskey: para [40-44], [50] “At block 502, the mobile credential management system 29 issues a credential 96 to a mobile device 24 operable to trigger opening of a releasable latch 57 of a vehicle key box 28 responsive to receiving the credential 96 within an assigned window of time. The credential 96 can be issued in response to a scheduling request identifying the vehicle 25 and the assigned window of time… A verification message can be sent to the mobile device 24 with a link to access the credential 96 responsive to the scheduling request. The link may be displayed as a hyperlink on the user interface 76 (e.g., as part of credential information 210).”); wherein the access control edge system is to (i) receive the BLE access credential from the mobile device via the BLE communication circuitry (Briskey: para[45], “When the mobile device 24 is proximate to the vehicle key box 28, the mobile device 24 may output a retrieve key signal over a communication interface 98 to the vehicle key box 28. The retrieve key signal may contain the credential 96 with assigned validation information initially provided by the server 30”, para[35], “The vehicle key box 28 may further communicate with the mobile device 24 by way of Near-Field Communications (NFC) or two-way Bluetooth communications” ) and (ii) unlock the physical lock mechanism in response to successful authentication of the BLE access credential (Briskey: para [45], [51], “The validation application 52 of the vehicle key box 28 may validate the user, then unlatch the key repository 38”). Briskey does not explicitly teach a mobile access hub; a peripheral controller comprising a Bluetooth Low Energy (BLE) communication circuitry, wherein the peripheral controller is peripheral to the physical lock mechanism, electrically coupled to the physical lock mechanism, and configured to control the physical lock mechanism to permit or deny access through the barrier; transmit the BLE access credential to the mobile access hub; wherein the mobile access hub is to transmit the BLE access credential to a mobile device associated with the user; wherein the administrative system is to update an access control database to associate the BLE access credential with the mobile device. However, in the related art Mani teaches a mobile access hub (Mani: para[44], [ 50], “The universal access control device 406 may transmit credentials or digital signature to the remote computing device for authentication”, “The remote server may generate a token and transmit the token to the access control application on the user device.”); a peripheral controller comprising a Bluetooth Low Energy (BLE) communication circuitry, wherein the peripheral controller is peripheral to the physical lock mechanism, electrically coupled to the physical lock mechanism, and configured to control the physical lock mechanism to permit or deny access through the barrier (Mani: para [49], [55],[63], “Communication connections may include a wireless receiver (e.g., Bluetooth receiver)”, “The universal access control device may be installed between a reader device and an access control board” “the universal access control device 406 may be a computing device configured to receive information from a user device, determine whether a user should be granted access to an access control point, and transmit a valid access credential to the access control system upon determining that the user is authorized to access the access control point”); transmit the BLE access credential to the mobile access hub (Mani: para [57], “the universal access control device 406 may be installed between a reader device 434 and an access control board 436 within an access control system. When the reader device 434 receives an access credential, it may relay the access credential to the access control board 436 via the universal access control device 406.”); Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify Briskey to incorporate the peripheral controller architecture and credential relay functionality taught by Mani in order to enable flexible credential validation using an intermediate controller with BLE communication capability, thereby improving system modularity and compatibility with existing lock systems (Mani: para [02-04]) Briskey in view of Mani does not explicitly teach wherein the mobile access hub is to transmit the BLE access credential to a mobile device associated with the user. However, in the related art, Conrad teaches wherein the mobile access hub is to transmit the BLE access credential to a mobile device associated with the user (Conrad: para[47], “the server can then generate and transmit the encrypted guest profile and access key to a mobile device of the guest via the management application. After receiving the encrypted guest profile and access key, each may be stored in the guest's mobile device to associate the guest's device with the lock. The guest may then use his or her mobile device to interact with the lock (212)”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify the credential management system of Briskey as modified by Mani to incorporate credential transmission features taught by Conrad in order to securely transmit credentials to mobile devices (Conrad: para[81]) Briskey in view of Mani and Conrad does not explicitly teach wherein the administrative system is to update an access control database to associate the BLE access credential with the mobile device. However, in the related art, Dua teaches wherein the administrative system is to update an access control database to associate the BLE access credential with the mobile device (Dua: para [86-89], [166], [242], claim 1, 18 “at least one storage device to store a database including user accounts, wherein each user account contains at least one linked payment account number and at least one token account number that is used to authorize a payment transaction between the merchant POS system and the system”, “wherein a token credential account number assigned to the user account within the database is updated by an issuer.”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify the credential management system of Briskey as modified by Mani and Conrad to incorporate credential database management features taught by Dua in order to maintain credential associations with user devices, thereby improving credential management, security, and administrative control (Dua: para[41]). Claims 44-45 are rejected under 35 U.S.C. 103 as being unpatentable over Briskey (U.S. PGPub. US 20190139337 A1; Hereinafter "Briskey") in view of Mani et al. (U.S. PGPub. No. 20190312737 A1; Hereinafter " Mani "); Conrad et al. (U.S. PGPub. No. US 20160036788 A1; Hereinafter “Conrad”); Dua (U.S. PGPub. No. 20150095175 A1; Hereinafter "Dua"), and GEHRMANN (W.O . No. 2017053048 A1; Hereinafter " GEHRMANN "). As per claims 44 and 45, Briskey in view of Mani, Conrad, and Dua teaches the independent claims 21 and 43. GEHRMANN teaches wherein the BLE access credential is in Concise Binary Object Representation (CBOR) format and includes at least a first data indicative of a credential value of the BLE access credential, a second data indicative of a credential bit format of the BLE access credential, a third data indicative of an activation time of the BLE access credential, and a fourth data indicative of an expiration time of the BLE access credential. (GEHRMANN: para [159-162], “The AS may use this information to issue a new client access ticket that may include the following information: an assertion in a suitable format such as SAML, JSON, and/or CBOR including at least the following signed with the key PTAS: client subj ect public key or certificate reference such as a secure one-way hash of the key or certificate, the access time period, tl.sub.c, t2.sub.c, the precise IoT resource rights expressed in a format compatible with the chosen assertion format; Cert( ^s; and/or Certo S.” para[73], “The AS may evaluate the ticket start time, th, and end time, t2c, for the request access period and may may calculate th- tc and t2c-tc t2.sub.c, to map the requested UTC period to DMS domain key periods. In an example, the requested time period may correspond to time slots l…k maintained by the AS”). Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to modify the credential of Briskey to use the CBOR credential format taught by Gehrmann because Gehrmann teaches that CBOR provides a compact, structured, and secure credential representation including credential value and validity time fields suitable for wireless and IoT access control environments, and applying such known credential encoding techniques would predictably improve credential transmission efficiency, and secure validation in Briskey’s Bluetooth-based access control system (Gehrmann: para[44]) Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to LYDIA L NOEL whose telephone number is (571)272-1628. The examiner can normally be reached Monday - Friday 9:00 - 5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571)-270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /L.L.N./Examiner, Art Unit 2437 /BENJAMIN E LANIER/ Primary Examiner, Art Unit 2437
Read full office action

Prosecution Timeline

Sep 12, 2022
Application Filed
Oct 23, 2024
Non-Final Rejection — §103
Jan 28, 2025
Response Filed
Feb 10, 2025
Final Rejection — §103
May 14, 2025
Request for Continued Examination
May 19, 2025
Response after Non-Final Action
Jul 18, 2025
Non-Final Rejection — §103
Oct 27, 2025
Response Filed
Feb 20, 2026
Non-Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/379,867
Patent 12587846
DEVICE, METHOD AND COMPUTER READABLE MEDIUM FOR RESISTING DOWNGRADE ATTACKS
2y 5m to grant Granted Mar 24, 2026
18/326,442
Patent 12563090
RESILIENT HIGH-BANDWIDTH STATE-TRANSITION COMPUTER
2y 5m to grant Granted Feb 24, 2026
17/146,384
Patent 12520133
THIRD PARTY CONTROL OF A USER EQUIPMENT
2y 5m to grant Granted Jan 06, 2026
18/438,623
Patent 12520140
CREDENTIALED WIRELESS FOB TO CONTROL POWER TOOL DEVICES
2y 5m to grant Granted Jan 06, 2026
17/461,878
Patent 12500748
FORWARDING DEVICE, KEY MANAGEMENT SERVER DEVICE, COMMUNICATION SYSTEM, FORWARDING METHOD, AND COMPUTER PROGRAM PRODUCT
2y 5m to grant Granted Dec 16, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

4-5
Expected OA Rounds
70%
Grant Probability
91%
With Interview (+20.7%)
3y 1m
Median Time to Grant
High
PTA Risk
Based on 94 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month