Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsBIOCONNECT INC. › 18218352
Last updated: April 19, 2026
Application No. 18/218,352

ACCESS CONTROL SYSTEM

Final Rejection §103
Filed
Jul 05, 2023
Examiner
WILCOX, JAMES J
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
BIOCONNECT INC.
OA Round
4 (Final)
70%
Grant Probability
Favorable
5-6
OA Rounds
3y 5m
To Grant
99%
With Interview

Interview Optional

+60.3% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 609 resolved cases, 2023–2026

Examiner Intelligence

WILCOX, JAMES J View full profile →
Grants 70% — above average
70%
Career Allow Rate
428 granted / 609 resolved
+12.3% vs TC avg
Strong +60% interview lift
Without
With
+60.3%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
37 currently pending
Career history
646
Total Applications
across all art units

Statute-Specific Performance

§101
15.1%
-24.9% vs TC avg
§103
55.5%
+15.5% vs TC avg
§102
14.0%
-26.0% vs TC avg
§112
7.0%
-33.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 609 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This Office Action is in response to the amendment filed on 12/04/2025. In the instant amendment, claims 1, 11 and 20 were amended; claims 2 and 12 were cancelled; claims 21-22 are new; claims 1, 11 and 20 are independent claims. Claims 1, 3-11 and 13-22 are pending in this application. THIS ACTION IS MADE FINAL. Response to Arguments Applicant’s arguments with respect to claim(s) 1, 11 and 20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 11 and 20 are under 35 U.S.C. 103 as being unpatentable over Lupovici et al ("Lupovici," WO2016019474), Stohr et al ("Stohr," US 20210110027), Davis et al (“Davis,” US 20100034375) in view of Walmsley et al (“Walmsley,” US 20050210179) further in view of Perretta et al (“Perretta,” US 20170195118). Regarding claim 1, Lupovici discloses a device for controlling access to one or more protected resources, the device comprising: a secondary microprocessor coupled to a physical access control device, the secondary microprocessor configured for receiving and decoding authentication electrical pulses from a user credential reader as when a user credential interacts with the user credential reader to generate corresponding user identifier data values, (Lupovici, FIG 68, Pages 2-6 Under Summary of the Invention describes the overall process; Page 12, first paragraph describes a microcontroller is CPU [processor which a secondary processor] which uses a Wiegand connection; Last paragraph describes the reader [token reader] may provide very short duration pulses by first receiving and decoding; Page 18, First Paragraph, describes authentication and a hardware credential as a FOB or token [physical token]; Page 91, first paragraph, last sentence, describes user identifier data values as card number or user ID; also see FIG 78) and the secondary microprocessor configured for transmitting electrical pulse signals to an access control management device that provisions access to the one or more protected resources; (Lupovici, FIG 68, Pages 2-6 Under Summary of the Invention describes the overall process; Page 12, first paragraph describes a microcontroller is CPU [processor which a secondary processor]; Page 21, second paragraph describes using multiple controllers [microprocessors] and describes using a Wiegand connection and providing very short duration pulses to a credential device that provisions access to one or more access points [protected resources]) a master microprocessor coupled to an external authentication server and the secondary microprocessor, the master microprocessor configured to: (Lupovici, Page 21, second paragraph describes using multiple controllers [master microprocessors]; FIG 68, Pages 2-6 Under Summary of the Invention describes the overall process; Page 18, receive the corresponding user identifier data values; First paragraph describes authentication; Page 21 Under Computing Entity First Paragraph under Header describes a server) transmit an instruction signal to the secondary microprocessor to control the secondary microprocessor to provision access to the one or more protected resources; (Lupovici, Page 12, first paragraph describes a microcontroller is CPU [processor which a secondary processor]; Page 21, second paragraph describes using multiple controllers [microprocessors] FIG 68, Pages 2-6 Under Summary of the Invention describes the overall process; Pages 27 & 52-54 describe receiving an access provisioning signal from the external authentication server) Lupovici fails to explicitly disclose transform the user identifier data values using a cryptographic function to generate a transformed representation for communication to the transformed representation to the external authentication server; However, in an analogous art, Stohr discloses transform the user identifier data values using a cryptographic function to generate a transformed representation for communication to the transformed representation to the external authentication server; (Stohr, [0027], [0049], [0054], describes transforming the user identifier data values using a one-way function to generate a transformed representation for communication to the transformed representation to the external authentication server) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Stohr with the method and system of Lupovici to include transform the user identifier data values using a cryptographic function to generate a transformed representation for communication to the transformed representation to the external authentication server. One would have been motivated to provide an improved method for making available a security key while employing a smart card and a token server which allows the security key to be made available both securely and easily (Stohr, [0011]). Lupovici and Stohr fail to explicitly disclose receive an encrypted access provisioning signal from the external authentication server; and wherein the secondary microprocessor is dedicated to emulating received signals from said credential reader, and to decoding said encrypted access control provisioning signal received from said master microprocessor and transmitting said decoded access control provision signal to said access control management device in a format and timing that is compatible with said access control management. However, in an analogous art, Davis discloses receive an encrypted access provisioning signal from the external authentication server; and wherein the secondary microprocessor is dedicated to emulating received signals from said credential reader, and to decoding said encrypted access control provisioning signal received from said master microprocessor and transmitting said decoded access control provision signal to said access control management device in a format and timing that is compatible with said access control management, (Davis discloses receive an encrypted access provisioning signal [0022], [0030] from the external authentication server [0032]; and wherein the secondary microprocessor [0027] is dedicated to emulating received signals [0082]-[0083] from said credential reader [0048], [0040] and to decoding [0030] said encrypted access control provisioning signal [0022], [0030] received from said master microprocessor [0003], and transmitting [0088], [0137] said decoded access control provision signal [0022] to said access control management device [0003] in a format [0040] and timing FIG 2, [0063] that is compatible with said access control management [0039], [0003]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Davis with the method and system of Lupovici and Stohr to include receive an encrypted access provisioning signal from the external authentication server; and wherein the secondary microprocessor is dedicated to emulating received signals from said credential reader, and to decoding said encrypted access control provisioning signal received from said master microprocessor and transmitting said decoded access control provision signal to said access control management device in a format and timing that is compatible with said access control management. One would have been motivated to authentication of a reader and the security, privacy and efficiency of messaging in a secure access control system (Davis, [0002]). Lupovici, Stohr and Davis fail to explicitly disclose wherein the secondary microprocessor and the master microprocessor are coupled to one another across a message bus connection and a separate signal path, the signal path enabling communication from the secondary microprocessor to the master microprocessor for indicating when the user credential interacts with the user credential reader; However, in an analogous art, Walmsley discloses wherein the secondary microprocessor and the master microprocessor are coupled to one another across a message bus connection and a separate signal path, the signal path enabling communication from the secondary microprocessor to the master microprocessor for indicating when the user credential interacts with the user credential reader; (Walmsley, [1199] & [1402] describes a separate interrupt connection; [1399], unidirectional communication; [0532] describes two or more chips which are integrated circuits [microprocessors]; [0550] describes one chip is a master; [1264], describes another chip is a slave; [1446] Table 54 describes a token; [2709] describes a reader) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Walmsley with the method and system of Lupovici, Stohr and Davis to include wherein the secondary microprocessor and the master microprocessor are coupled to one another across a message bus connection and a separate signal path, the signal path enabling communication from the secondary microprocessor to the master microprocessor for indicating when the user credential interacts with the user credential reader. One would have been motivated to provide an integrated circuit to prevent information from being determined through various attacks (Walmsley, [0003]). Lupovici, Stohr, Davis and Walmsley fail to explicitly disclose and wherein the user credential is a local credential that is segregated from the external authentication server. However, in an analogous art, Perretta discloses and wherein the user credential is a local credential that is segregated from the external authentication server, (Perretta discloses abstract & [0026]-[0027] and wherein the user credential is a local credential that is segregated from the external authentication server) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Perretta with the method and system of Lupovici, Stohr, Davis and Walmsley to include and wherein the user credential is a local credential that is segregated from the external authentication server. One would have been motivated to secure authenticated log-on of computing devices during a boot sequence, in which a passcode to complete either boot-up or log-on does not exist anywhere in the system or network and must be dynamically reconstructed from secret shares obtained from one or more servers which are listening on the network (Perretta, [0002]). Regarding claim 11, claim 11 is a directed to a method. Claim 11 is similar in scope to claim 1 and is therefore rejected under the same rationale. Regarding claim 20, claim 20 is a directed to a non-transitory computer readable medium. Claim 20 is similar in scope to claim 1 and is therefore rejected under the same rationale. Claims 3 and 13 are under 35 U.S.C. 103 as being unpatentable over Lupovici et al ("Lupovici," WO2016019474), Stohr et al ("Stohr," US 20210110027), Davis et al (“Davis,” US 20100034375), Walmsley et al (“Walmsley,” US 20050210179) in view of Perretta et al (“Perretta,” US 20170195118) and further in view of D’Agostino et al (“D’Agostino,” US 20190238517) Regarding claim 3, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the device of claim 1. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the cryptographic function used to transform the local credential is a private symmetric key. However, in an analogous art, D’Agostino discloses wherein the cryptographic function used to transform the local credential is a private symmetric key, (D’Agostino, [0058], [0097], [0040] describes wherein the cryptographic function is used to transform the local authentication credential is a private symmetric key) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of D’Agostino with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the cryptographic function used to transform the local credential is a private symmetric key. One would have been motivated to provide real-time authentication and authorization based on dynamically generated cryptographic data, (D’Agostino, [0001]). Regarding claim 4, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the device of claim 1. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the cryptographic function used to transform the local credential is an asymmetric key, However, in an analogous art, D’Agostino discloses wherein the cryptographic function used to transform the local credential is an asymmetric key, (D’Agostino, [0058], [0097], [0040] describes wherein the cryptographic function is used to transform the local authentication credential is a public key [asymmetric key]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of D’Agostino with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the cryptographic function used to transform the local credential is a private symmetric key. One would have been motivated to provide real-time authentication and authorization based on dynamically generated cryptographic data, (D’Agostino, [0001]). Regarding claim 13, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the method of claim 11. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the cryptographic function used to transform the local credential is a private symmetric key. However, in an analogous art, D’Agostino discloses (D’Agostino, [0058], [0097], [0040] describes wherein the cryptographic function is used to transform the local authentication credential is a symmetric key) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of D’Agostino with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the cryptographic function used to transform the local credential is a private symmetric key. One would have been motivated to provide real-time authentication and authorization based on dynamically generated cryptographic data, (D’Agostino, [0001]). Regarding claim 14, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the method of claim 11. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the cryptographic function used to transform the local credential is an asymmetric key. However, in an analogous art, D’Agostino discloses wherein the cryptographic function used to transform the local credential is an asymmetric key (D’Agostino, [0058], [0097], [0040] describes wherein the cryptographic function is used to transform the local authentication credential is a public key [asymmetric key]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of D’Agostino with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the cryptographic function used to transform the local credential is a private symmetric key. One would have been motivated to provide real-time authentication and authorization based on dynamically generated cryptographic data, (D’Agostino, [0001]). Claims 5 and 15 are under 35 U.S.C. 103 as being unpatentable over Lupovici et al ("Lupovici," WO2016019474), Stohr et al ("Stohr," US 20210110027), Davis et al (“Davis,” US 20100034375), Walmsley et al (“Walmsley,” US 20050210179) in view of Perretta et al (“Perretta,” US 20170195118) and further in view of Sandhu et al (“Sandhu,” US 20070067618). Regarding claim 5, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the device of claim 1. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the user credential is locally authenticated using a cryptographic function that uses one or more private pre-shared keys and one or more rolling secrets. However, in an analogous art, Sandhu discloses wherein the user credential is locally authenticated using a cryptographic function that uses one or more private pre-shared keys and one or more rolling secrets (Sandhu, [0054], [0015], [0017] describes wherein the user credential is locally authenticated using a cryptographic function that uses a secret key that is shared between two or more parties to authenticate access to a resource and a rolling secret key) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sandhu with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the user credential is locally authenticated using a cryptographic function that uses one or more private pre-shared keys and one or more rolling secrets. One would have been motivated to provide rolling key security (Sandhu, [0004]). Regarding claim 15, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the method of claim 13. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the user credential is locally authenticated using a cryptographic function that uses one or more private pre-shared keys and one or more rolling secrets. However, in an analogous art, Sandhu discloses wherein the user credential is locally authenticated using a cryptographic function that uses one or more private pre-shared keys and one or more rolling secrets (Sandhu, [0054], [0015], [0017] describes wherein the user credential is locally authenticated using a cryptographic function that uses a secret key that is shared between two or more parties to authenticate access to a resource and a rolling secret key) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sandhu with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the user credential is locally authenticated using a cryptographic function that uses one or more private pre-shared keys and one or more rolling secrets. One would have been motivated to provide rolling key security (Sandhu, [0004]). Claims 6 and 16 are under 35 U.S.C. 103 as being unpatentable over Lupovici et al ("Lupovici," WO2016019474), Stohr et al ("Stohr," US 20210110027), Davis et al (“Davis,” US 20100034375), Walmsley et al (“Walmsley,” US 20050210179) in view of Perretta et al (“Perretta,” US 20170195118) and further in view of Neuman et al (“Neuman,” US 20160294821). Regarding claim 6, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the device of claim 1. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the user credential is combined with an additional authentication element that is combined with the user credential for generating the transformed representation. However, in an analogous art, Neuman discloses wherein the user credential is combined with an additional authentication element that is combined with the user credential for generating the transformed representation, (Neuman, [0006], [0024] & [0059] describes using a password [user credential] that is combined with additional authentication factors such as biometric data, token based authentication data, additional knowledge based factors; [0111], describes generating a transformed representation as a hash) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Neuman with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the user credential is combined with an additional authentication element that is combined with the user credential for generating the transformed representation. One would have been motivated to securing and simplifying multi-level authentication in a multi-party system, (Neuman, [0002]) Regarding claim 16, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the method of claim 11. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the user credential is combined with an additional authentication element that is combined with the user credential for generating the transformed representation. However, in an analogous art, Neuman discloses wherein the user credential is combined with an additional authentication element that is combined with the user credential for generating the transformed representation, (Neuman, [0006], [0024] & [0059] describes using a password [user credential] that is combined with additional authentication factors such as biometric data, token based authentication data, additional knowledge based factors; [0111], describes generating a transformed representation as a hash) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Neuman with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the user credential is combined with an additional authentication element that is combined with the user credential for generating the transformed representation. One would have been motivated to securing and simplifying multi-level authentication in a multi-party system, (Neuman, [0002]) Claims 7 and 17 are under 35 U.S.C. 103 as being unpatentable Lupovici et al ("Lupovici," WO2016019474), Stohr et al ("Stohr," US 20210110027), Davis et al (“Davis,” US 20100034375), Walmsley et al (“Walmsley,” US 20050210179) in view of Perretta et al (“Perretta,” US 20170195118) and further in view of Toth et al (“Toth,” US 20190268329). Regarding claim 7, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the device of claim 6. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the additional authentication element is requested only for access attempts occurring during a designated duration of time. However, in an analogous art, Toth discloses wherein the additional authentication element is requested only for access attempts occurring during a designated duration of time (Toth, [0058]-[0061] & [0118], describes wherein the additional data for authentication is requested only for access attempts occurring within a predefined time period such as within the last 1 minute, 5 minutes, 10 minutes) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Toth with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the additional authentication element is requested only for access attempts occurring during a designated duration of time. One would have been motivated to provide advanced biometric and/or multi-factor, hardware-based techniques to authenticate a user, provide access to functionality, or the like (Toth, [0001]). Regarding claim 17, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the method of claim 16. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the additional authentication element is requested only for access attempts occurring during a designated duration of time. However, in an analogous art, Toth discloses wherein the additional authentication element is requested only for access attempts occurring during a designated duration of time, (Toth, [0058]-[0061] & [0118], describes wherein the additional data for authentication is requested only for access attempts occurring within a predefined time period such as within the last 1 minute, 5 minutes, 10 minutes) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Toth with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the additional authentication element is requested only for access attempts occurring during a designated duration of time. One would have been motivated to provide advanced biometric and/or multi-factor, hardware-based techniques to authenticate a user, provide access to functionality, or the like (Toth, [0001]). Claims 8 and 18 are under 35 U.S.C. 103 as being unpatentable over Lupovici et al ("Lupovici," WO2016019474), Stohr et al ("Stohr," US 20210110027), Davis et al (“Davis,” US 20100034375), Walmsley et al (“Walmsley,” US 20050210179) in view of Perretta et al (“Perretta,” US 20170195118) and further in view of Monaghan et al (“Monaghan,” US 20170186003). Regarding claim 8, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the device of claim 6. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the additional authentication element includes at least one of a declaration in respect of recent travel, wellness checks, temperature readings, or recent location information. However, in an analogous art, Monaghan discloses wherein the additional authentication element includes at least one of a declaration in respect of recent travel, wellness checks, temperature readings, or recent location information (Monaghan, [0014], [0081] describes additional authentication with recent customer location) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Monaghan with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the additional authentication element includes at least one of a declaration in respect of recent travel, wellness checks, temperature readings, or recent location information. One would have been motivated to provide a method and system for secondary authentication (Monaghan, [0003]). Regarding claim 18, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the method of claim 16. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the additional authentication element includes at least one of a declaration in respect of recent travel, wellness checks, temperature readings, or recent location information. However, in an analogous art, Monaghan discloses wherein the additional authentication element includes at least one of a declaration in respect of recent travel, wellness checks, temperature readings, or recent location information (Monaghan, [0014], [0081] describes additional authentication with recent customer location) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Monaghan with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the additional authentication element includes at least one of a declaration in respect of recent travel, wellness checks, temperature readings, or recent location information. One would have been motivated to provide a method and system for secondary authentication (Monaghan, [0003]). Claims 9 and 19 are under 35 U.S.C. 103 as being unpatentable Lupovici et al ("Lupovici," WO2016019474), Stohr et al ("Stohr," US 20210110027), Davis et al (“Davis,” US 20100034375), Walmsley et al (“Walmsley,” US 20050210179) in view of Perretta et al (“Perretta,” US 20170195118) and further in view of Fultz et al (“Fultz,” US 7,853,786). Regarding claim 9, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the device of claim 6. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the additional authentication element is requested during a security level increase or a detected first usage of the user credential. However, in an analogous art, Fultz discloses wherein the additional authentication element is requested during a security level increase (Fultz, Col. 13, Lines 19-23 & 50-52, describes additional authentication that is requested during a security level increase) or a detected first usage of the user credential Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fultz with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the additional authentication element is requested during a security level increase or a detected first usage of the user credential. One would have been motivated to manage privacy rules that restrict access to customer data (Fultz, Col. 1, Lines 25-27). Regarding claim 19, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the method of claim 16. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the additional authentication element is requested during a security level increase or a detected first usage of the user credential. However, in an analogous art, Fultz discloses wherein the additional authentication element is requested during a security level increase or a detected first usage of the user credential (Fultz, Col. 13, Lines 19-23 & 50-52, describes additional authentication that is requested during a security level increase) or a detected first usage of the user credential Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fultz with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the additional authentication element is requested during a security level increase or a detected first usage of the user credential. One would have been motivated to manage privacy rules that restrict access to customer data (Fultz, Col. 1, Lines 25-27). Claim 10 is under 35 U.S.C. 103 as being unpatentable over Lupovici et al ("Lupovici," WO2016019474), Stohr et al ("Stohr," US 20210110027), Davis et al (“Davis,” US 20100034375), Walmsley et al (“Walmsley,” US 20050210179) in view of Perretta et al (“Perretta,” US 20170195118) and further in view of Denison et al (“Denison,” US 20050212656). Regarding claim 10, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the device of claim 1. Lupovici further discloses the master microprocessor and the secondary microprocessor (Lupovici, Page 12, first paragraph describes a microcontroller is CPU [processor which a secondary processor]; Page 21, second paragraph describes using multiple controllers [microprocessors] and describes using a Wiegand connection) Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly wherein the one or more protected resources include one or more access-controlled cabinets that are connected to at least one of the master microprocessor and the secondary microprocessor. However, in an analogous art, Denison discloses wherein the one or more protected resources include one or more access-controlled cabinets that are connected to at least one of the master microprocessor and the secondary microprocessor, (Denison, [0128], [0190], [0030] describes an remote access control system for a file cabinet that is connected to a first and second microprocessor where one microprocessor provides control [master microprocessor]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Denison with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein the one or more protected resources include one or more access-controlled cabinets that are connected to at least one of the master microprocessor and the secondary microprocessor. One would have been motivated to provide an electronic access control device for a vending machine, or the like, wherein the device is controlled by one or more microprocessors and can be operated by a wireless electronic key, (Denison, [0003]). Claims 21 and 22 are under 35 U.S.C. 103 as being unpatentable Lupovici et al ("Lupovici," WO2016019474), Stohr et al ("Stohr," US 20210110027), Davis et al (“Davis,” US 20100034375), Walmsley et al (“Walmsley,” US 20050210179) in view of Perretta et al (“Perretta,” US 20170195118) and further in view of Queru et al (“Queru,” US 10,212,591). Regarding claim 21, Lupovici, Stohr, Davis, Walmsley and Perretta disclose the device of claim 1. Lupovici, Stohr, Davis, Walmsley and Perretta fail to explicitly disclose wherein said user credential is associated with an entity, and wherein receiving said access provisioning signal from said external authentication server is based on whether a mobile communication device associated with said entity is within a threshold distance of said user credential reader when said user credential interacts with said user credential reader. However, in an analogous art, Queru discloses wherein said user credential is associated with an entity and wherein receiving said access provisioning signal from said external authentication server is based on whether a mobile communication device associated with said entity is within a threshold distance of said user credential reader when said user credential interacts with said user credential reader, (Queru discloses wherein said user credential (Col. 3, Lines 5-7, FIG 1A) is associated with an entity (Col. 2, Line 4; Col. 3, Line 57), and wherein receiving said access provisioning signal (Col. 4, Lines 11-13; Col. 2, Lines 7-16) from said external authentication server (Col. 9, Line 56-65) is based on whether a mobile communication device (Col. 9, Lines 7-17) associated with said entity (Col. 2, Line 4; Col. 3, Line 57) is within a threshold distance (Col. 4, Lines 34-43) of said user credential reader (Col. 9, Line 57) when said user credential (Col. 3, Lines 5-7, FIG 1A) interacts with said user credential reader (Col. 9, Line 57)) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Queru with the method and system of Lupovici, Stohr, Davis, Walmsley and Perretta to include wherein said user credential is associated with an entity, and wherein receiving said access provisioning signal from said external authentication server is based on whether a mobile communication device associated with said entity is within a threshold distance of said user credential reader when said user credential interacts with said user credential reader. One would have been motivated to provide multi-factor authentication (Queru, Col. 1, Lines 17-18). Regarding claim 22, claim 22 is a directed to the method of claim 11. Claim 22 is similar in scope to claim 21 and is therefore rejected under the same rationale. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M.. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JAMES J WILCOX/ Examiner, Art Unit 2439 /LUU T PHAM/ Supervisory Patent Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Jul 05, 2023
Application Filed
Nov 13, 2024
Non-Final Rejection — §103
Feb 20, 2025
Response Filed
Mar 06, 2025
Final Rejection — §103
May 06, 2025
Interview Requested
May 16, 2025
Examiner Interview Summary
Jun 16, 2025
Response after Non-Final Action
Aug 20, 2025
Request for Continued Examination
Aug 21, 2025
Response after Non-Final Action
Aug 23, 2025
Non-Final Rejection — §103
Dec 04, 2025
Response Filed
Feb 12, 2026
Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

17/950,493
Patent 12562884
OBFUSCATING DATA AT-TRANSIT
2y 5m to grant Granted Feb 24, 2026
17/403,470
Patent 12495042
SYSTEMS AND METHODS FOR RESETTING AN AUTHENTICATION COUNTER
2y 5m to grant Granted Dec 09, 2025
17/837,293
Patent 12450359
METHOD AND APPARATUS FOR SECURING EMBEDDED DEVICE FIRMWARE
2y 5m to grant Granted Oct 21, 2025
17/702,858
Patent 12432244
Home Gateway Monitoring for Vulnerable Home Internet of Things Devices
2y 5m to grant Granted Sep 30, 2025
17/932,754
Patent 12425371
SYSTEM AND METHOD FOR PROVIDING SCHC-BASED EDGE FIREWALLING
2y 5m to grant Granted Sep 23, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

5-6
Expected OA Rounds
70%
Grant Probability
99%
With Interview (+60.3%)
3y 5m
Median Time to Grant
High
PTA Risk
Based on 609 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month