Prosecution Insights
Last updated: May 04, 2026
Application No. 17/997,177

PARTIAL SIGNATURES BASED ON ENVIRONMENTAL CHARACTERISTICS

Final Rejection §103§112
Filed
Oct 26, 2022
Priority
May 04, 2020 — nonprovisional of PCTUS2020031290
Examiner
AYALA, KEVIN ALEXIS
Art Unit
2496
Tech Center
2400 — Computer Networks
Assignee
Hewlett-Packard Development Company, L.P.
OA Round
4 (Final)
64%
Grant Probability
Moderate
5-6
OA Rounds
0m
Est. Remaining
95%
With Interview

Examiner Intelligence

Grants 64% of resolved cases
64%
Career Allowance Rate
106 granted / 165 resolved
+6.2% vs TC avg
Strong +31% interview lift
Without
With
+30.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
36 currently pending
Career history
201
Total Applications
across all art units

Statute-Specific Performance

§101
11.5%
-28.5% vs TC avg
§103
53.6%
+13.6% vs TC avg
§102
6.7%
-33.3% vs TC avg
§112
23.7%
-16.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 165 resolved cases

Office Action

§103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Examiner’s note: the engine refers to hardware and software and not solely software [0012]. Response to Arguments In response to applicant’s arguments, filed 02/10/2026, with respect to 35 USC 112 have been fully considered and are persuasive. The previous 35 USC 112 rejections has been withdrawn in light of claim amendment. However, there are new issues please see 35 USC 112 rejection below. In response to applicant’s arguments, filed 02/10/2026, for independent claims 1, 6 and 16 along with their respective dependent claims, applicant argues that Salajeheh fails to teach “determine that a security policy is satisfied based on the local environmental characteristic associated with the first computing device”, “in response to determining that the security policy is satisfied, generate a first partial signature using a first share of a shared secret that is stored on the first computing device” and “the second computing device comprises circuitry to... generate a second partial signature using a second share of the shared secret that is stored on the second computing device; and authenticate a user by using both the first partial signature and the second partial signature, wherein the user cannot be authenticated without both the first partial signature and the second partial signature”. The Examiner does not concede. Salajeheh discloses partial signatures. Salajeheh teaches “determine that a security policy is satisfied based on the local environmental characteristic associated with the first computing device”. Salajeheh recites “assurance level can depend on a variety of factors, including location of the initiator device [0042]. User input, for authentication, may be obtained by sensors that can capture audio, visual, or a biometric data of the user (i.e., environmental characteristic) [0035]. The IoT context the user may wish to keep the set of devices used during an authentication private, for example, device location, device state, etc [0057]”. The “assurance level” is synonymous to meeting certain policy requirements. The device location authenticates the user. Salajeheh teaches “in response to determining that the security policy is satisfied, generate a first partial signature using a first share of a shared secret that is stored on the first computing device”. Salajeheh recites “how user device can generate partial signatures using their share of a signing key. The Abstract discusses how the user device can receive the authentication token using a set of token shares. These shares are required prior to generating the partial signature, and can only be obtained once the assurance level is met (i.e., policy conditions are satisfied) [0091]”. Once the assurance level is met, generates the first partial signature. Generating the first partial signature by a shared secret. However, Salajeheh does not explicitly teach “the second computing device comprises circuitry to... generate a second partial signature using a second share of the shared secret that is stored on the second computing device; and authenticate a user by using both the first partial signature and the second partial signature, wherein the user cannot be authenticated without both the first partial signature and the second partial signature”. Applicant’s argument have been considered but are moot, because the newly recited amendment does not rely on the newly recited reference being applied to the prior rejection of record or any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 19 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 19 contains the trademark/trade name “Bluetooth low energy”. Where a trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not comply with the requirements of 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph. See Ex parte Simpson, 218 USPQ 1020 (Bd. App. 1982). The claim scope is uncertain since the trademark or trade name cannot be used properly to identify any particular material or product. A trademark or trade name is used to identify a source of goods, and not the goods themselves. Thus, a trademark or trade name does not identify or describe the goods associated with the trademark or trade name. In the present case, the trademark/trade name is used to identify/describe Bluetooth and, accordingly, the identification/description is indefinite. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 2, 4, 6, 8 – 10, 16, 18-20, 23-24 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Salajegheh et al (US 2021/0409405 A1), hereinafter Salajegheh, in view of Oberheide et al. (US 20160294562, hereinafter Oberheide). Regarding Claim 1, Salajegheh discloses “A system comprising: a first device and a second device, wherein the first device comprises a circuitry” (Figure 7 shows an example of devices that may be used, Para. 0031, A processor may comprise one or more microprocessors working together to accomplish a desired function. The processor may include a CPU that comprises at least one high-speed data processor adequate to execute program components for executing user and/or system-generated requests. Para. 0030, a non-transitory computer readable medium that stores instructions that can be executed by a processor to implement a desired method); “and wherein the first device is to: receive a challenge from the second computing device (Salajegheh discloses how the initiator device receives a challenge request [0132]); in response to receiving the challenge, measure a local environmental characteristic associated with the first computing device (Salajegheh discloses assurance level can depend on a variety of factors, including location of the initiator device [0042]. User input, for authentication, may be obtained by sensors that can capture audio, visual, or a biometric data of the user (i.e., environmental characteristic) [0035][0057]. “assurance level” is synonymous to meeting certain policy requirements); determine that a security policy is satisfied based on the local environmental characteristic associated with the first computing device (Salajegheh discloses assurance level can depend on a variety of factors, including location of the initiator device [0042]. User input, for authentication, may be obtained by sensors that can capture audio, visual, or a biometric data of the user (i.e., environmental characteristic) [0035]. The IoT context the user may wish to keep the set of devices used during an authentication private, for example, device location, device state, etc [0057]. “assurance level” is synonymous to meeting certain policy requirements); in response to determining that the security policy is satisfied, generate a first partial signature using a first share of a shared secret that is stored on the first computing device (Salajegheh discloses how user device can generate partial signatures using their share of a signing key. The Abstract discusses how the user device can receive the authentication token using a set of token shares. These shares are required prior to generating the partial signature, and can only be obtained once the assurance level is met (i.e., policy conditions are satisfied) [0091]); Salajegheh does not explicitly teach but Oberheide teaches send, to the second computing device, the first partial signature (Oberheide teaches generates and transmits a first partial digital signature [0020]); and wherein the second computing device comprises circuitry to: in response to receiving the first partial signature from the first computing device, generate a second partial signature using a second share of the shared secret that is stored on the second computing device (Oberheide teaches the private key comprises a first and a second private key share, where the first private key share is stored at the primary authentication system (e.g., to be used in generating a first partial digital signature). The second private key share can be stored at the secondary authentication system (e.g., to be used in generating a second partial digital signature) [0032][0044]); and authenticate a user by using both the first partial signature and the second partial signature, wherein the user cannot be authenticated without both the first partial signature and the second partial signature (Oberheide teaches first and second partial digital signatures are combined to form a composite digital signature. Validates the composite digital signature and then allows access to the user. for an attacker to compromise security, the attacker must compromise both the security of the identity provider and the two-factor authentication service. Neither the identity provider nor the two-factor authentication service retain full trust, rather, trust is distributed between the two [0020]). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Salajegheh to include send, to the second computing device, the first partial signature; and wherein the second computing device comprises circuitry to: in response to receiving the first partial signature from the first computing device, generate a second partial signature using a second share of the shared secret that is stored on the second computing device; and authenticate a user by using both the first partial signature and the second partial signature, wherein the user cannot be authenticated without both the first partial signature and the second partial signature as disclosed by Oberheide. One of ordinary skill in the art would have been motivated for the purpose of enables the distribution of trust and two-factor authentication service (Oberheide [0025]). Regarding Claim 2, Salajegheh-Oberheide further teach “The system of claim 1, wherein the circuitry of the first computing device is to: apply the local environmental characteristic as input to a machine learning model stored on the first computing device; and determine that the security policy is satisfied based on an output of the machine learning model” (Para. 0162 describes a trust score module, located within an authentication device, that can determine a trust score based on features observed locally or data received from other devices, such as biometric data. This module can also determine a trust score via a machine learning algorithm such as a decision tree or neural network. Para. 0007 describes how the assurance level is determined based on a trust score of the device). Regarding Claim 4¸ Salajegheh-Oberheide further teach “The system of claim 1, wherein the shared secret comprises a private key” (Oberheide, Para. 0024 private key shares). Regarding Claim 5, the combination of Salajegheh-Oberheide teach “The system of claim 1, wherein the first computing device is mechanically coupled to a motherboard of the second computing device or the first computing device is communicatively coupled to the second computing device via a Bluetooth low energy (BLE) communication protocol or a near field communication (NFC) protocol” (Salajeheh Para. 0194 the initiator device 806 can be in communication range (e.g., Bluetooth range) of the user device 802. [0223] A device may determine that another device is present using any suitable method (e.g., Bluetooth, sound, etc.) [0196] and [0234]). Re. claim 6, claim 6 is rejected as stated in claim 1 above. Regarding Claim 9, Salajegheh-Oberheide further teach “The method of claim 6, wherein measuring the local environmental characteristic comprises detecting a location of the first computing device” (Para. 0054 describes authentication between devices after successful established of proximity of the devices (i.e., environmental characteristic). [0057][0082][[0151]). Regarding Claim 10, Salajegheh-Oberheide further teach “The method of claim 9, wherein detecting the location of the first computing device comprises detecting, by the first computing device, wireless signals near the first computing device” (Para. 0156 describes how devices can communicate with a network interface, which allows said devices to communicate via wireless signal). Re. claim 16, claim 16 is rejected as stated in claim 1 above. Re. claim 18, rejection of claim 16 is included and claim 18 is rejected with the same rationale as applied in claim 4 above. Re. claim 19, rejection of claim 16 is included and claim 19 is rejected with the same rationale as applied in claim 5 above. Re. claim 20, rejection of claim 16 is included and claim 20 is rejected with the same rationale as applied in claim 9 above. Re. claim 23, Salajegheh-Oberheide teach the system of claim 1, wherein, to measure the local environmental characteristic associated with the first computing device, the circuitry of the first computing device is to: detect a wireless signal (Salajegheh discloses the trust score module 612A can determine the trust score (of the authentication device 600) based on features observed locally by the authentication device 600, data received from other devices, and/or trust scores received by other devices. For example, the authentication device 600 can receive data from other devices, such as, network data which can include data transmission rates (e.g., kb/s over a window of time such as 1 second, 2 seconds, 5 seconds, etc.), data reception rates, average size of data packets, source addresses, domain name system (DNS) information, IP addresses, hostnames, signal strength data, Wi-Fi connection data, etc. [0162][0166]); determine a signal strength, a service set identifier (SSID), a media access control (MAC) address, or a Bluetooth device address associated with the wireless signal (Salajegheh discloses the trust score module 612A can determine the trust score (of the authentication device 600) based on features observed locally by the authentication device 600, data received from other devices, and/or trust scores received by other devices. For example, the authentication device 600 can receive data from other devices, such as, network data which can include data transmission rates (e.g., kb/s over a window of time such as 1 second, 2 seconds, 5 seconds, etc.), data reception rates, average size of data packets, source addresses, domain name system (DNS) information, IP addresses, hostnames, signal strength data, Wi-Fi connection data, etc. [0162][0166]); and determine a location of the first computing device based on the signal strength, the SSID, the MAC address, or the Bluetooth device address associated with the wireless signal (Salajegheh discloses a trust score can show a level of trust a device puts into its neighboring devices (i.e., devices in direct communication range). A trust score can be based on observed behavior of the other device and/or its perceived location [0041][0057][0162][0166]. The assurance level can be decided based on the trust score of the initiator as well as based on the proximity of (i.e., distance from) the initiator device from the perspective of authentication device 600. The proximity can be include in proximity data. For example, if the authentication device 600 determines that the IP address (or other suitable data item, such as a GPS location) indicates that the initiator device is located far from the authentication device 600 (e.g., in a different country), then the assurance level can be lower than if the authentication device 600 determines that the initiator device is nearby (e.g., in the same zip code, city, building, etc.) [0171]). Re. claim 24, rejection of claim 6 is included and claim 24 is rejected with the same rationale as applied in claim 2 and 3 above. Re. claim 26, Salajegheh-Oberheide teach the method of claim 6, wherein measuring the local environmental characteristic comprises measuring a temperature, a sound, a pressure, or a concentration of a chemical (Salajegheh discloses A device may determine that another device is present using any suitable method (e.g., Bluetooth, sound, etc.) [0223]. To prove proximity, different channels have been used: Bluetooth (radio in general), sounds, temperature, and light [0268]. Temperature measurements [0269]). Claim(s) 3 is rejected under 35 U.S.C. 103 as being unpatentable over Salajegheh et al (US 2021/0409405 A1), hereinafter Salajegheh, in view of Oberheide et al. (US 20160294562, hereinafter Oberheide) and in further view of Budman et al (US 2020/0066071 A1), hereinafter Budman. Regarding Claim 3, Salajegheh-Oberheide teach the above subject matter content, but fails to expressly disclose “The system of claim 2, wherein the machine learning model is trained to determine whether the local environmental characteristic is indicative of presence of the user”. However, analogous art from the same field of endeavor, Budman, teaches this: Para. 0040 describes how machine learning techniques are used to determine an identity of a user. Para. 0051 describes how an identity verification system converts data segments into a feature vector, which is then input into a machine learned model, to, for example, classify motion of a particular subject. Therefore, based on Salajegheh-Oberheide in view of Budman, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Budman to the system of Salajegheh. As appreciated by one of ordinary skill in the art, machine learning models and techniques are ever prevalent and continue to surge in popularity and use. Combining the techniques and use of machine learning models to the system of Salajegheh thus produces this predictable, obvious result. Claim(s) 17 is rejected under 35 U.S.C. 103 as being unpatentable over Salajegheh et al (US 2021/0409405 A1), hereinafter Salajegheh, in view Oberheide et al. (US 20160294562, hereinafter Oberheide), in further view of Peddada IV et al (US 2020/0252382 A1), hereinafter Peddada IV. Regarding Claim 17, Salajegheh-Oberheide discloses the non-transitory computer-readable medium of claim 16, wherein the instructions when executed by the processor of the second computing device, cause the processor to: “receive the challenge that is based on the local environmental characteristic associated with the first computing device from the server”. (Salajegheh para. 54, challenge of MFA by having the various devices communicate with each other to exchange the needed information (the evidence of identity), after the successful establishment of proximity among the devices. Thus instead of the user transferring challenge codes from one device to another, devices in close proximity with each other automate the process. [0058]. the challenge request can request additional authentication for the user beyond the credentials [0130-0132][0139]). Salajegheh-Oberheide fails to expressly disclose “send a request to authenticate the user to a service”. (Peddada IV, teaches Claim 1 describes how a server system receives a request to authenticate the user to a service. Also see Para. 21-22). Therefore, based on Salajegheh in view of Oberheide, and in further view of Peddada IV, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Peddada IV to the system of Salajegheh and Oberheide. Challenge-response is a common method of authentication, as appreciated by one of ordinary skill in the art, and includes encryption/decryption mechanisms used. Therefore, combining this technique to the system of Salajegheh and Oberheide thus produces this predictable, obvious result. Claim(s) 27 is rejected under 35 U.S.C. 103 as being unpatentable over Salajegheh et al (US 2021/0409405 A1), hereinafter Salajegheh, in view of Oberheide et al. (US 20160294562, hereinafter Oberheide) and in further view of Lindemann (US 2018/0191501 A1). Regarding Claim 27, the combination of Salajegheh and Oberheide discloses the above subject matter content, but fails to expressly disclose “The method of claim 6, wherein the measurement of the local environmental characteristic includes a measurement of an involuntary user behavior”. However, analogous art from the same field of endeavor, Lindemann, teaches this: Para. 0291 describes how responses to the challenge may be voluntary or involuntary, where the context of the challenge is biometrics. Therefore, based on Salajegheh in view of Oberheide, and in further view of Lindemann, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Lindemann to the system of Salajegheh and Oberheide. Challenge-response is a common method of authentication, as appreciated by one of ordinary skill in the art, and includes encryption/decryption mechanisms used. Additionally, biometric authentication is yet another very common and widely-used technique in the art. Therefore, combining these techniques to the system of Salajegheh and Oberheide thus produces this predictable, obvious result. Claim(s) 21, 22 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Salajegheh et al (US 2021/0409405 A1), hereinafter Salajegheh, in view of Oberheide et al. (US 20160294562, hereinafter Oberheide) and in further view of Amm et al. (US 20100066669, hereinafter Amm). Re. claim 21, Salajegheh-Oberheide teach the non-transitory computer-readable medium of claim 16, Salajegheh-Oberheide does not explicitly teach but “wherein the local environmental characteristic comprises motion imparted to the first computing device by the user”. (Amm para. [0050], process 600 for initiating an event based upon measured lateral forces and motion imparted on the input device). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Salajegheh-Oberheide to include wherein the local environmental characteristic comprises motion imparted to the first computing device by the user as disclosed by Amm. One of ordinary skill in the art would have been motivated for the purpose of sensors capable of detecting forces acting upon the input device and generating data representative of the detected forces (Amm [0016]). Re. claim 22, rejection of claim 1 is included and claim 22 is rejected with the same rationale as applied in claim 21 above. Re. claim 25, rejection of claim 6 is included and claim 25 is rejected with the same rationale as applied in claim 21 above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The references present in PTO-892 are cited to further demonstrate the state of the art with respect to partial digital signature authentication. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached at 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KEVIN AYALA/ Primary Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Show 6 earlier events
May 29, 2025
Response after Non-Final Action
Jun 30, 2025
Request for Continued Examination
Jul 06, 2025
Response after Non-Final Action
Sep 06, 2025
Non-Final Rejection — §103, §112
Feb 05, 2026
Applicant Interview (Telephonic)
Feb 06, 2026
Examiner Interview Summary
Feb 10, 2026
Response Filed
Apr 22, 2026
Final Rejection — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12549375
DEFINING AND MANAGING FORMS IN A DISTRIBUTED LEDGER TRUST NETWORK
4y 9m to grant Granted Feb 10, 2026
Patent 12542684
SOCIAL MEDIA CONTENT MANAGEMENT SYSTEMS
4y 8m to grant Granted Feb 03, 2026
Patent 12542675
SYSTEMS AND METHODS FOR ENCRYPTED MULTIFACTOR AUTHENTICATION USING IMAGING DEVICES AND IMAGE ENHANCEMENT
2y 2m to grant Granted Feb 03, 2026
Patent 12531746
ENABLING CONSENSUS IN DISTRIBUTED TRANSACTION PROCESSING SYSTEMS
5y 10m to grant Granted Jan 20, 2026
Patent 12530454
Behavior analysis based on finite-state machine for malware detection
4y 3m to grant Granted Jan 20, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
64%
Grant Probability
95%
With Interview (+30.8%)
3y 5m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 165 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month