Prosecution Insights
Last updated: July 17, 2026
Application No. 18/193,264

SYSTEMS AND METHODS FOR ELECTRONIC DATA SECURITY CREATION, REVIEW, AND ACCESS APPROVAL

Non-Final OA §101
Filed
Mar 30, 2023
Examiner
PRATT, EHRIN LARMONT
Art Unit
3629
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Honeywell International Inc.
OA Round
3 (Non-Final)
15%
Grant Probability
At Risk
3-4
OA Rounds
1y 4m
Est. Remaining
28%
With Interview

Examiner Intelligence

Grants only 15% of cases
15%
Career Allowance Rate
53 granted / 344 resolved
-36.6% vs TC avg
Moderate +13% lift
Without
With
+13.1%
Interview Lift
resolved cases with interview
Typical timeline
4y 7m
Avg Prosecution
30 currently pending
Career history
381
Total Applications
across all art units

Statute-Specific Performance

§101
14.1%
-25.9% vs TC avg
§103
68.9%
+28.9% vs TC avg
§102
15.7%
-24.3% vs TC avg
§112
0.4%
-39.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 344 resolved cases

Office Action

§101
DETAILED ACTION This communication is a Non-Final Office Action on the merits in response to communications received on 02/27/2026. Claims 1, 11, and 17 have been amended. Therefore, claims 1-20 are pending and have been addressed below. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 02/27/2026 has been entered. Claim Interpretation 2. The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 3. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitations use a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitations are: “a secrets-store module” in claims 1, 11, 17. Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitations to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections – 35 USC §101 4. 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 5. Claims 1-20 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to an abstract idea without significantly more. 6. Regarding Step 1, claims 1 and 17 recite a process (i.e., an act or step, or a series of acts or steps) and claim 11 recites a machine (i.e., a concrete thing, consisting of parts, or of certain devices and combination of devices). Thus, each of the claims fall within one of the four statutory categories. 7. Regarding Step 2A – [Prong One]: Independent claims 1, 11, and 17 recite: “receiving a request from a user to…access data within a file, the user being associated with a user profile stored…for storing the file;”, “receiving a request from the user to indicate the data within the has been reviewed, the review indication serving as authentication that the user has reviewed the data within the file;”, “determining whether the file is configured to indicate having been reviewed by the user;”, “determining a file review threshold security score, wherein the file review threshold security score is a minimum security score to permit…any particular user to indicate review of the data;”, “wherein the file review threshold security score is dynamic based at least on a type of document, and a type of reviewers;”, “verifying…that the review indication is valid by decrypting digital signature of the review and comparing the decrypted value…the file”, “determining whether the user can indicate review of the data…based on whether the file is configured to indicate having been reviewed by the user and whether the user has a user security score that is greater than the file review threshold security score; upon determining that the user is authorized to indicate review…and the digital signature verification succeeds, storing the review indication in association with the file”, and “upon determining that the user is not authorized or the digital signature verification fails, publishing an event and preventing download of the electronic file until validation is completed” The limitations demonstrate the independent claims recite an abstract idea of managing document access/approval which encompasses commercial/legal interactions (i.e., legal obligations, business relations), managing personal behavior or interactions between people (i.e., social activities, teaching, and following rules or instructions) and mental processes (i.e., observations, evaluations, judgments, and opinions) which is subject matter that falls within the certain methods of organizing human activity and mental processes groupings of abstract ideas. See MPEP 2106.04 II The Applicant’s Specification emphasizes in at least [0002] Drafting, approval, and publishing of reports can require input from many departments within an organization. Each department may be responsible for one or more aspects, portions, or data within a report and the report could contain volumes of information. This is especially true in the pharmaceutical industry, where periodic product quality reviews and reports are required to meet product quality standards and regulatory requirements. One report required is the Annual Product Quality Review (APQR). APQRs require the collection, input, review, and approval of vast amounts of data related to all aspects of a pharmaceutical product or process’s production, sale, and marketing. The collection, input, review, and approval of such vast amounts of data requires the time and effort from many subject matter experts (SMEs) who may review and approve the data prior to a report being published.[0003] Meanwhile, information and network security requirements ensure that sensitive and/or proprietary data is properly safeguarded from unwanted publication or other dissemination, whether intentional or accidental. In some instances, there may be a friction between security requirements protecting information and the intentional publication of report data. An amount of data to be reviewed may be too large for a reviewer or team of reviewers to complete their review and approval before a deadline for internal or external publication. Accordingly, improvements to systems and methods of review of data, especially with respect to the review and approval of data may be required. The present application describes improved systems and methods for data creation, review, and approval. The limitations cover data management and approval tasks for authenticating a person who signs a file as “reviewed” or “approved” which encompasses concepts such as legal interactions/obligations, business relations, and managing personal behavior or interactions. Also, the limitations of “determining” and “verifying” in the context of the claim cover one or more data management rules that control how a person is able access or download certain files or resources, which amount only to a multistep mental process such that the steps can be practically performed in the human mind. Lastly, the limitations that recite “determining a file review threshold security score” and “decrypting digital signature” in the claim in the context of the claim cover mathematical relationships/formulas and/or mathematical calculations. As such, the claims recite an abstract idea. 8. Regarding Step 2A [Prong Two], independent claims include the following additional elements which do not amount to a practical application: “a database”, “a generic certificate”, “using the generic certificate”, “a secrets-store module”, “by a certificate authority”, “by a document-signing microservice”, “a cryptographic digest”, “an induvial user certificate”, “a system”, “an input/output device”, “a processor”, “a memory” – see claims 1, 11, and 17, are recited at a high-level of generality in light of the specification. The applicant’s specification describes the additional elements in general terms, without describing any of the particulars, such that the additional elements may be broadly but reasonably construed as generic computers components being used to perform the abstract idea. The recited additional elements are merely adding the words “apply it” with the judicial exception, or mere instructions to implement the abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, as discussed in MPEP 2106.05 (f) The other additional elements of: “retrieving…from…that retains a private key and provides a corresponding public key validated” adds insignificant extra-solution activity, i.e., data gathering/data transmission, to the judicial exception, as discussed in MPEP 2106.05(g) The other additional elements of: “electronically” and “electronic” is/are an attempt to limit the claimed invention to a particular field of use and/or technological environment, as discussed in MPEP 2106.05 (h). Thus, the additional claim elements are not indicative of integration into a practical application, because the claims do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply or use the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (Vanda Memo), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea and the claims are directed to an abstract idea. 9. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, as discussed above with respect to integration of the abstract idea into a practical application, the additional element(s) of: “a database”, “a generic certificate”, “using the generic certificate”, “a secrets-store module”, “by a certificate authority”, “by a document-signing microservice”, “a cryptographic digest”, “an induvial user certificate”, “a system”, “an input/output device”, “a processor”, “a memory” – see claims 1, 11, and 17 are at best the equivalent of merely adding the words “apply it” to the judicial exception. Mere instructions to apply an exception cannot provide an inventive concept. The other additional elements of: “retrieving…from…that retains a private key and provides a corresponding public key validated” were considered to be insignificant extra solution activity under Prong Two and must be re-evaluated at Step 2B to determine whether the additional elements are well-understood, routine, and/or conventional. MPEP 2106.05(d)(II) cites the Symantec, TLI Communications, Versata and Content Extraction and Transmission, LLC v. Wells Fargo Bank, OIP Techs court decisions which indicated that “receiving or transmitting data over a network” is/are well-understood, routine, conventional functions when claimed in a generic manner. Therefore, when viewed individually and in combination the additional elements recited in the claim do not provide an inventive concept. 10. Dependent claims 2-10, 12-16, 18-20 are dependent from claims 1, 11, and 17. Dependent claims 2, 14, 18 recite “wherein the threshold security score for the data is a portion of an annual product quality review report.” which further narrows the data or information recited in the abstract idea does not make the claim any less abstract, claims 3, 15, 19 recite wherein “wherein the user security score is based on one or more certifications held by the user.” which further narrows the data or information recited in the abstract idea does not make the claim any less abstract, claims 4, 16, and 20 recite “wherein the generic certificate comprises a private and public key pair.” which is recited at a high-level of generality and amounts to generic computing components or a tool being used to perform the abstract idea, claim 5 recite “wherein the user security score is based on a length of time the user security score has been established.” which further narrows the data or information recited in the abstract idea does not make the claim any less abstract, claim 6 recite “wherein the user security score is based on a role of the user within the system” which further narrows the data or information recited in the abstract idea does not make the claim any less abstract, claim 7 recites “wherein a capability to use the generic security certificate is based on an internal security trust score for a given user.” which further narrows how the abstract idea may be performed but does not make the claim any less abstract, claim 8 recites “wherein the file is assigned a certification requirement at a time of file creation” which further narrows how the abstract idea may be performed but does not make the claim any less abstract, claim 9 recites “further comprising: receiving a request from a user to indicate the data within the electronic file has been approved, the approval indication serving as authentication that the user has approved the data within the file; determining whether the file is configured to indicate having been approved by the user based on a generic certificate; determining a file approval threshold security score, wherein the file threshold security score is a minimum security score to permit the use of a generic certificate by any particular user to indicate approval of the data; and determining whether the user can indicate approval of the data using the generic certificate based on whether the electronic file is configured to indicate having been approved by the user based on the generic certificate and whether the user has a user security score that is greater than the file approval threshold security score.” which further narrows how the abstract idea may be performed but does not make the claim any less abstract, claim 10 recites “wherein the file review threshold security score and the file approval threshold security score are different scores” which further narrows the data or information recited in the abstract idea, but does not make the claim any less abstract, claim 12 recites “wherein the association between the user and the user profile is verified with a two-step authentication requiring at least two factors of authentication to authenticate a user.” which further narrows how the abstract idea may be performed, but does not make the claim any less abstract, claim 13 recites “wherein one or more of the factors of the two-step authentication include knowledge, possession, and inherence” which further narrows the information or data necessary to perform the abstract idea, but does not make the claim any less abstract. The dependent claims do not add any meaningful limits for integrating the abstract idea into a practical application. Thus, after considering all claim elements, both individually and as a whole, it has been determined that the claims do not integrate the judicial exception into a practical application or provide an inventive concept. Response to Arguments Applicant's arguments filed 02/27/2026 have been fully considered but they are not persuasive. With Respect to Rejections Under 35 USC 101 Applicant argues “Applicant respectfully submits that the amended independent claims 1, 11, and 17 recite steps that cannot be performed in the human mind and do not fall within the enumerated sub-groupings of fundamental economic principles or practices, commercial or legal interactions, managing personal behavior, and relationships or interactions between people. For example, the amended independent claim 1 recites: (1) "retrieving the generic certificate from a secrets- store module that retains a private key and provides a corresponding public key validated by a certificate authority," and (2) "verifying, by a document-signing microservice, that the review indication is valid by decrypting the digital signature of the review indication using the public key from the generic certificate and comparing the decrypted value to a cryptographic digest of the electronic file," (3) determining whether the user can indicate review of the data using the generic certificate based on whether the electronic file is configured to indicate having been reviewed by the user based on the generic certificate and whether the user has a user security score that is greater than the file review threshold security score," (4) "upon determining that the user is authorized to indicate review using the generic certificate and the digital signature verification succeeds, storing the review indication in association with the electronic file together with the generic certificate," and (5) "upon determining that the user is not authorized or the verification fails, publishing an event requiring use of an individual user certificate and preventing download of the electronic file until validation with the individual user certificate is completed, "that are steps that the human mind is not equipped to perform, do not fall within the enumerated sub-groupings of fundamental economic principles or practices, commercial or legal interactions, managing personal behavior, and relationships or interactions between people, and inextricably tied to a machine (interaction with the application).” The Examiner respectfully disagrees. The Applicant’s arguments are not persuasive. Here the remarks merely restate the claims as amended but do not change the previous analysis. It is important for applicant to note that claims can recite a mental process even if they are claimed as being performed on a computer. See also PersonalWeb Techs. LLC v. Google LLC, 8 F.4th 1310, 1316-18 (Fed. Cir. 2021) As previously explained above, the limitations of “determining” and “verifying” in the context of the claim cover one or more data management rules that control how a person is able access or download certain files or resources, which amount only to a multistep mental process such that the steps can be practically performed in the human mind. For these reasons, the rejections under 101 are being maintained. Applicant further argues “In particular, the amended independent claim 1 recites specific cryptographic operations that are inherently technical and cannot be performed in the human mind. For example, amended claim 1 recites "retrieving the generic certificate from a secrets-store module that retains a private key and provides a corresponding public key validated by a certificate authority" and "verifying, by a document-signing microservice, that the review indication is valid by decrypting digital signature of the review indication using the public key from the generic certificate and comparing the decrypted value to a cryptographic digest of the electronic file." These cryptographic operations-decrypting digital signatures using public keys and comparing decrypted values to cryptographic digests-are operations that cannot be performed mentally. In particular, the claimed cryptographic verification steps inherently require computer implementation and cannot be performed mentally or with pen and paper.” “Applicant respectfully submits that independent claim 1 recites steps are rooted in computer security technology, including cryptographic operations, that require specific technical components and computer implementation that cannot be performed in the human mind. Accordingly, independent claim 1 is not directed to any alleged abstract idea under Prong One of Step 2A.” The Examiner respectfully disagrees. The Applicant’s arguments are not persuasive. The specificity of the presently recited techniques or components, i.e., cryptographic operations, does not remove the limitations from being in the mental processes grouping. The Applicant’s response is merely relying upon a particular technological environment or field of use. See MPEP 2106.05(h) Combining one abstract idea, i.e., cryptographic operations, with another, i.e., data management tasks a person may carry out, merely narrows how the judicial exception is implemented, but does not make the claimed invention any less abstract. For these reasons, the rejections under 101 are being maintained. Applicant further argues “Applicant respectfully submits that the claims recite specific technological improvements to computer security, including with respect to data storage and management systems, that contribute to the subject matter eligibility of the claims. MPEP 2106.05(a) ("In determining patent eligibility, examiners should consider whether the claim purport(s) to improve the functioning of the computer itself or any other technology or technical field.") (internal quotation marks removed).” “In this regard, the Specification states: Meanwhile, information and network security requirements ensure that sensitive and/or proprietary data is properly safeguarded from unwanted publication or other dissemination, whether intentional or accidental. In some instances, there may be a friction between security requirements protecting information and the intentional publication of report data. An amount of data to be reviewed may be too large for a reviewer or team of reviewers to complete their review and approval before a deadline for internal or external publication.” “Accordingly, improvements to systems and methods of review of data, especially with respect to the review and approval of data may be required. The present application describes improved systems and methods for data creation, review, and approval. “Specification, para. [0003]. Document review, signature, and verification of signature are critical to ensuring that documents with accurate information are created. Verification of signatures can be difficult, especially in large organizations, because user accounts may be routinely created, updated with new information (e.g., user credentials, etc.), and/or deleted. Persistent turnover of personnel and, especially in some highly-regulated industries, ever evolving regulatory requirements make keeping account details and user profiles up to speed with deadlines difficult but crucial. Some organizations may give a credential to one or more users responsible for reviewing and verifying data accuracy.” “The reviewing users may thus all use the same credential, making it difficult to determine or verify which user reviewed/approved data after a review has occurred. Such an approach may make review more efficient, but also make illicit access easier for bad actors. Other organizations may require individual credentials be associated with data creation, review, and approval through each step in a data or document production and approval process. This may similarly prove unwieldy as it may require overwhelmingly resource levels of account creation and curation. Specification, para. [0017].” Independent Claims 1, 11, and 17 include recitations relevant to addressing such technical problems noted in the Specification, and which contribute to improvements in computer security functionality, thereby improving the functioning of a computer and technology/technical field. The claims improve computer security through private key custody in a secrets store, reducing exposure and attack surface; enhancing system functionality by enforcing cryptographic validation before storing review indications or allowing downloads; automating fallback enforcement when authorization fails, ensuring compliance without manual intervention; and dynamic thresholding based on document type and reviewer type, enabling context-aware access control. These features improve the functioning of the computer system itself and solve a technical problem in electronic document workflows-secure, scalable review authorization-not a business or administrative problem.” The Examiner respectfully disagrees. The Applicant’s arguments are not persuasive. The reply provides conclusory statements from the Specification [¶ 0003,0007] to indicate improvements to computer security, however, these benefits highlighted from the Specification and discussed in the remarks are not considered technical improvements to computer security or functionality. At best, the improvements recited in claim 1 are within the judicial exception as there are no improvements to the computing equipment being used to carry out the judicial exception. As previously explained under Prong Two, the presently recited claims merely add use a combination of generic computer components to implement the abstract idea. Turning, to the original Specification [Figs. 1 and 4, ¶ 0029] describe and confirms the generic nature of the claimed computer components. Thus, the benefits discussed by Applicant - flow from performing an abstract idea in conjunction with a generic computer environment. Thus, Applicant is relying upon "the improved speed or efficiency inherent with applying the abstract idea on a computer" which does not integrate a judicial exception into a practical application or provide an inventive concept. Intellectual Ventures I LLC v. Capital One Bank (USA), 792 F.3d 1363, 1367, 115 USPQ2d 1636, 1639 (Fed. Cir. 2015). For these reasons, the rejections under 101 are being maintained. Applicant further argues “This is analogous to the reasoning in DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245 (Fed. Cir. 2014), where claims were found eligible because they addressed a technical problem rooted in computer technology. The amended claims recite a specific technical architecture for secure document review authorization. In this regard, the specification describes that "[t]he fabric admin 206 may provide the private/public key pair to a secrets store module 208, which may retain the private key and send the public key to the CA 202, which may validate the public key and provide the secrets store module 208 a digital certificate 204 including the public key." See Specification, para. [0030]. This is not merely a generic computer component but a specific security architecture for key management. The claims recite a document-signing microservice performing digest-based verification. In this regard, the specification describes that "[t]he document may be signed and combined with the user's certificate, which may contain his or her public key, as a digitally signed document verifying review by the signer" and "[t]he RPM 228 may decrypt the digest of the hashed document using the public key of the signer (as included with the signer's digital certificate). The decrypted digest (i.e., decrypted signed data) may be compared with the hashed original data." See Specification, paragraphs [0033]-[0034]. Further, the claims recite event-driven fallback enforcement. For example amended claim 1 recites "upon determining that the user is not authorized or the digital signature verification fails, publishing an event requiring use of an individual user certificate and preventing download of the electronic file until validation with the individual user certificate is completed." This automated enforcement mechanism ensures security compliance without manual intervention. In this regard, the present claims improve computer security by providing secure private key custody through a secrets-store module, implementing cryptographic verification of review indications through digest-based signature validation, enforcing automated fallback to individual certificates when authorization fails, and dynamically adjusting security thresholds based on document type and reviewer type.” The Examiner respectfully disagrees. The Applicant’s arguments are not persuasive. The remarks point to several features from the Specification to support eligibility, however, merely reciting the features in a results-oriented manner does not automatically make the claims eligible. The claims in DDR were found eligible because they recited a specific improvement to computer networks. Conversely, the present claims recite techniques authenticating a user and controlling user’s access to a file which do not recite a comparable technological improvement. Accordingly, the citations from the previous court decision does not support applicant’s position. For these reasons, the rejections under 101 are being maintained. Applicant further argues “Furthermore, in line with the USPTO Subject Matter Eligibility Example 41 (Cryptographic Communications), the present claims recite cryptographic operations that contribute to the subject matter eligibility of the claims. In the Example 41, the combination of additional elements in the claim integrated the exception into a practical application because the combination of additional elements used the mathematical formulas and calculations in a specific manner that sufficiently limited the use of the mathematical concepts to the practical application of transmitting the ciphertext word signal to a computer terminal over a communication channel. Similarly, the present claims use cryptographic operations (decrypting digital signatures, comparing to cryptographic digests) in a specific manner that sufficiently limits their use to the practical application of secure document review authorization.” The Examiner respectfully disagrees. The Applicant’s arguments are not persuasive. Merely reciting or the use cryptographic operations in a claim as argued does not confer eligibility. The cited Training Example 41 is directed to a combination of additional elements use the mathematical formulas and calculations in a specific manner that sufficiently limits the use of the mathematical concepts to the practical application of transmitting the ciphertext word signal to a computer terminal over a communication channel, whereas the present claims are directed to applying an abstract idea of document review authorization with generic computing components. For these reasons, the rejections under 101 are being maintained. Applicant further argues “Applicant submits that the claims do not merely rely upon or involve a field of use or technological environment, i.e., computer security technology. Rather, the claims recite specific technical steps for implementing cryptographic verification, including retrieving certificates from a secrets-store module, decrypting digital signatures using public keys, comparing decrypted values to cryptographic digests, publishing events requiring fallback to individual certificates, and preventing downloads until validation completes. These are not abstract concepts applied in a security context-they are concrete technical operations that define how the security is implemented. Accordingly, Applicant submits that the claims present patent eligible subject matter under at least under prong Two of Step 2A of the Alice/Mayo test.” The Examiner respectfully disagrees. The Applicant’s arguments are not persuasive. The response restates the some of the features of the claim in a results-oriented manner without discussing how the combination of features are being used to provide technical improvements to the functioning of a computer or any other technology. See Synopsys, Inc. v. Mentor Graphics Corp., 839 F.3d 1138, 1151 (Fed. Cir. 2016) ("[A] claim for a new abstract idea is still an abstract idea."). See also TLI Communications LLC v. AV Automotive LLC, 823 F.3d 607, 613, 118 USPQ2d 1744, 1748 (Fed. Cir. 2016) (mere recitation of concrete or tangible components is not an inventive concept). The field of use and generic computer environment being relied upon are insufficient to integrate the judicial exception into a practical application. For these reasons, the rejections under 101 are being maintained. Applicant further argues “Regarding Step 2B, the Applicant submits that elements of amended independent claims 1, 11, and 17 provide an inventive concept that contributes to the subject matter eligibility of the present claims. MPEP 2106.04(a)(3) ("At Step 2B, if the claim as a whole provides an inventive concept (Step 2B: YES), the claim is eligible at Pathway C. This concludes the eligibility analysis."). Thus, for purposes of argument, "even in the situation where the individually-viewed elements do not add significantly more or integrate the exception, those additional elements when viewed in combination may render the claim eligible." MPEP 2106.05(e). "[T]he search for an inventive concept should not be confused with a novelty or non-obviousness determination." MPEP 2106.05(I). "Specifically, lack of novelty under 35 U.S.C. 102 or obviousness under 35 U.S.C. 103 of a claimed invention does not necessarily indicate that additional elements are well- understood, routine, conventional elements." Id. "[A]n inventive concept can be found in the non- conventional and non-generic arrangement of known, conventional pieces." BASCOM Glob. Internet Servs. v. AT&T Mobility LLC, 827 F.3d 1341, 1350 (Fed. Cir. 2016). The Applicant submits that the claim recites specific, non-conventional technical elements and their ordered combination: a secrets-store module for private key retention and Certificate Authority validation; a document-signing microservice performing digest-based signature verification; event-driven fallback logic that prevents download until individual certificate validation; and dynamic threshold computation tied to document and reviewer context. These are not generic computer components performing routine functions; the amended independent claim 1 represents a specialized architecture that provides improved security and integrity, and this is not a well-understood, routine, or conventional practice. The amended independent claim 1 is consistent with Enfish, LLC v. Microsoft Corp., 822 F.3d 1327 (Fed. Cir. 2016), where claims improving computer functionality were held patent-eligible.” The Examiner respectfully disagrees. The Applicant’s argument are not persuasive. Here, even accepting Applicant’s view that these particular uses are not well-known, routine, or conventional, "a claim for a new abstract idea is still an abstract idea." SAP, 898 F.3d at 1163 The Specification [Figs. 1 and 4, ¶ 0029] also makes clear and confirms that the asserted claims are directed to an abstract idea of document access/approval that merely seeks to use computers as a tool, not on an improvement in computer security capabilities. The Enfish court decision is distinguishable because the Applicant has not explained how the present claims parallel the factual patterns discussed in the decision. Thus, claim 1 does not recite a comparable technological improvement. For these reasons, the rejections under 101 are being maintained. Applicant further argues “Accordingly, the subject matter of independent claim 1 provides the following technical advantages. Amended claim 1 introduces technical advantages not taught or suggested by the prior art, including: improved security through private key retention within a secrets store; verification integrity using digest-based signature validation of review indications; automated fallback enforcement to require individual certificates when authorization fails; and dynamic, context-aware thresholding for certificate usage based on document type and reviewer type. Collectively, these features go beyond conventional use of certificates or static thresholds and provide a non-obvious solution to a specific technical challenge.” For example, the specification describes this as an improvement over prior approaches where "[s]ome organizations may give a credential to one or more users responsible for reviewing and verifying data accuracy. The reviewing users may thus all use the same credential, making it difficult to determine or verify which user reviewed/approved data after a review has occurred. Such an approach may make review more efficient, but also make illicit access easier for bad actors." See Specification, paragraph [0017]. The claims addresses this technical problem by providing a hybrid approach with cryptographic enforcement and automated fallback, as described in the specification: "[t]his process of requiring individual security certificate validation provides some accountability while also allowing for efficient review of documents and data needed for reports." See Specification, para. [0050].” “Applicant submits that present claims provide a specific technical solution to a technical problem-secure authorization for document review using cryptographic enforcement and automated fallback-not to an abstract idea. The claims improves computer functionality and integrates the alleged abstract idea into a practical application.” The Examiner respectfully disagrees. The Applicant’s arguments are not persuasive. These advantages provided in the response here are insufficient to show improvements to computer functionality or any other computer technology. For example, mere automation of manual processes, such as using a generic computer to perform data management tasks which control access to a file Also, the response makes conclusory allegations that the prior art lacks elements of the asserted claims which is insufficient to demonstrate an inventive concept. At best, the Applicant’s solution solves a business challenge rather than providing technical improvements to computers or any other technology. The response is silent with regards to the technical details being used to implement the business challenge. For these reasons, the rejections under 101 are being maintained. Applicant further argues “Accordingly, based at least one the above, the Applicant submits that the claim elements of amended independent claim 1 individually, and in combination as a whole amounts to significantly more than the abstract idea. Therefore, the Applicant respectfully submits that amended independent claim 1 (and dependents therefrom) recites patent eligible subject matter. Further, amended independent claims 11 and 17 (and their respective dependents therefrom) also recite patent eligible subject matter based at least on the reasons stated above with regard to amended independent claim 1. Therefore, the Applicant respectfully requests that the rejection of claims 1-20 under 35 U.S.C. § 101 be withdrawn.” The Examiner respectfully disagrees. Applicant's arguments with respect to claims 2-20 fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patent eligible invention without specifically pointing out how the language of the claims and additional elements integrate the judicial exception into a practical application or provides an inventive concept. For these reasons, the rejections under 101 are being maintained. With Respect to Rejections Under 103 Applicant’s arguments, see pgs. 9-12, filed 02/27/2026, with respect to claims 1-20 have been fully considered and are persuasive. The prior art rejection in view of Chen (US 8,650,649 B1), Alomair (US 2022/0166778 A1), Graham (WO 2007/149551 A2) Benkreira (US 2021/0067499 A1) has been withdrawn. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to EHRIN PRATT whose telephone number is (571)270-3184. The examiner can normally be reached 8-5 EST Monday-Friday. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynda Jasmin can be reached at 571-272-6782. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /EHRIN L PRATT/Examiner, Art Unit 3629 /LYNDA JASMIN/Supervisory Patent Examiner, Art Unit 3629
Read full office action

Prosecution Timeline

Mar 30, 2023
Application Filed
May 28, 2025
Non-Final Rejection mailed — §101
Aug 14, 2025
Response Filed
Oct 27, 2025
Final Rejection mailed — §101
Dec 26, 2025
Response after Non-Final Action
Feb 27, 2026
Request for Continued Examination
Mar 02, 2026
Response after Non-Final Action
Jun 03, 2026
Non-Final Rejection mailed — §101 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670475
SYSTEM AND METHOD FOR MANAGING A TALENT PLATFORM
2y 11m to grant Granted Jun 30, 2026
Patent 12646082
WEB PRESENCE BASED LEGITIMACY ANALYSIS
4y 6m to grant Granted Jun 02, 2026
Patent 12614191
QUEUE MANAGEMENT SYSTEM UTILIZING VIRTUAL SERVICE PROVIDERS
2y 2m to grant Granted Apr 28, 2026
Patent 12524786
METHODS AND SYSTEMS FOR DETERMINING GUEST SATISFACTION INCLUDING GUEST SLEEP QUALITY IN HOTELS
5y 5m to grant Granted Jan 13, 2026
Patent 12175549
RECOMMENDATION ENGINE FOR TESTING CONDITIONS BASED ON EVALUATION OF TEST ENTITY SCORES
4y 5m to grant Granted Dec 24, 2024
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
15%
Grant Probability
28%
With Interview (+13.1%)
4y 7m (~1y 4m remaining)
Median Time to Grant
High
PTA Risk
Based on 344 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month