Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsNagravision Sàrl › 18259617
Last updated: May 29, 2026
Application No. 18/259,617

METHOD AND DEVICE FOR PROVIDING AN AUTHORIZATION TO ACCESS AN INTERACTIVE GOOD

Non-Final OA §103
Filed
Jun 28, 2023
Priority
Dec 29, 2020 — EU 20217525.3 +1 more
Examiner
FIELDS, COURTNEY D
Art Unit
2436
Tech Center
2400 — Computer Networks
Assignee
Nagravision Sàrl
OA Round
4 (Non-Final)
84%
Grant Probability
Favorable
4-5
OA Rounds
5m
Est. Remaining
80%
With Interview

Interview Optional

-4.6% interview lift. Interview lift (-4.6%) is below the 15.0% threshold. A written response is recommended.
Based on 660 resolved cases, 2023–2026

Examiner Intelligence

FIELDS, COURTNEY D View full profile →
Grants 84% — above average
84%
Career Allowance Rate
556 granted / 660 resolved
+26.2% vs TC avg
Minimal -5% lift
Without
With
+-4.6%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
15 currently pending
Career history
685
Total Applications
across all art units

Statute-Specific Performance

§101
3.0%
-37.0% vs TC avg
§103
63.7%
+23.7% vs TC avg
§102
28.4%
-11.6% vs TC avg
§112
2.7%
-37.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 660 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . EXAMINER’S NOTE: The claims have been reviewed and considered under the new guidance pursuant to the 2019 Revised Patent Subject Matter Eligibility Guidance (PEG 2019) issued January 7, 2019. This communication is in response to Applicant’s Amendment filed on 12 January 2026. Claims 3, 11-14, and 17 were previously canceled. Claims 1 and 15 have been amended. Claims 1-2, 4-10, 15-16, and 18-24 remain pending. Response to Arguments Applicant's arguments, see pages 8-12, filed on 12 January 2026, with respect to the 103 rejection in view of Lambert et al., Rodriguez et al. and further view of Roozbehani et al. have been fully considered, but they are not persuasive. In light of the newly added claim amendments – “wherein the first bearer device is a device of a first user and the second bearer device is a device of a second user”, the teachings of Lambert et al. in view of Rodriguez et al. still applies and will be shown below in the 103 rejection. In light of the Applicant’s arguments for claims 1 and 15, the Applicant traverses that the prior art, Lambert et al. in view of Rodriguez fail to disclose, suggest, or teach the claimed limitation “wherein the second information is provided from the first bearer device to the interactive good prior to the second bearer device attempting to perform the wireless communication with the interactive good” because Rodriguez et al. lacks the use of multiple users with multiple devices performing wireless communication with an interactive good (i.e., vehicle, automobile, car). The Examiner respectfully disagrees and asserts that Rodriguez et al. discloses a method of a digital identity system generating a sharing token for authenticating a bearer to a validator, wherein a data store of the digital identity system holds a plurality of attributes of the bearer. Rodriguez et al. discloses each user, item 20 is associated with one or more smart devices (i.e., smartphone or tablet) disclosed as first and second bearer devices, items 12a and 12b used to access an autonomous vehicle as shown in paragraphs 317 and 1426. Rodriguez et al. discloses the validation process for authenticating the first and second bearer devices disclosed as the bearer, item 12 and the validator, item 52 wherein the uPass device, item 12 of the bearer sends the credential, item 30b to the profile of the uPass validator, item 52, e.g. a QR code. The uPass validator reads the QR code, selects a profile to use and supplies the bearer credential, item 30b and its own credential, item 30v to the uPass validation service. The uPass validation confirms that the credential, item 30v is valid, and process the credential, item 30b. If the credential, item 30b is valid, it returns a link to the profile bound to the credential, item 30b to the validator, item 52 and issues a new (fresh) bearer credential, item 30b″ to the bearer device, item 12 and a new validator credential, item 30v″ to the validator, item 52. Each fresh credential is returned with a receipt which is denoted, item 32v for the validator and item 32b for the bearer as shown in paragraphs 595-598. Rodriguez et al. discloses the uPass validator presents the credential in visual form (such as the QR code) via the client application and the uPass user seeking access scans this into their own uPass-enrolled device. A check is performed to a URI verification service to check that the FQDN of the URI is registered, a confirmation is returned to the smartphone. The uPass bearer is using their mobile device to gain access to a web site via a browser session running on a desktop or laptop device scanning the QR code displayed in the client application wherein the QR code will be transferred from the browser application to the uPass application and thence transmitted to the validation service. Once acquired, this credential (which is annotated with the URI indicating the system to which the client application is attempting to connect) is passed to the uPass validation service, which then determines if the URI is valid and known, by looking up the credential in the database) as shown in paragraphs 645-649. In light of the Applicant’s arguments for claims 1 and 15, the Applicant traverses that the prior art, Lambert et al. fail to disclose, suggest, or teach the claimed limitation “providing from the first bearer device a second information to the interactive good, said second information including at least the access right, directly via wireless communication between the first bearer device and the interactive good” because Lambert et al. lacks the use of digital permission being sent from the first bearer device either directly or indirectly via the second device to the interactive good. The Examiner respectfully disagrees and asserts that Lambert et al. discloses a system and method for digital key sharing for access control wherein the use of digital permission enables a third-party device to access an access point on a vehicle based on a permission granted by the owner device as shown in paragraph 0013. Lambert et al. discloses a first bearer device, item 10a and a second bearer device, 10b wherein the second information comprises an access control interface, item 56 for communicating with the access control mechanism, item 14 to enable entry to the interactive good disclosed as vehicle, item 12 when digital permission can be verified as shown in paragraph 37. Lambert et al. discloses a digital permission comprising the identity of the other party and the restrictions set by the owner directly from a first bearer device, item 10a. This digital permission is cryptographically signed using the owner's cryptographic private key. The first bearer device, item 10a sends the digital permission to the key sharing server. The key sharing server receives the digital permission and forwards the digital permission to the electronic device of the other party disclosed as the second bearer device, item 10b. Once the digital permission is received, the other party, disclosed as the second bearer device, item 10b can execute the following process to access the interactive good disclosed as vehicle, item 12. The second bearer device disclosed as the other party will initiate communication between their electronic device and the vehicle, item 12 using a secure channel and provide the digital permission to the vehicle, item 12 for verification. The vehicle, item 12 cryptographically verifies the signature on the digital permission as belonging to the owner (and to the signing server) using stored identity certificates. The vehicle, item 12 verifies that the identity certificate presented by the owner device matches the identity supplied in the digital permission and if the signature and certificate supplied are valid, the vehicle, item 12 presents a cryptographic challenge to the second bearer device (other party's device). The other party's device uses the other party's cryptographic private key to complete the challenge, and the device sends the response to the vehicle. The vehicle verifies that the response is correct, and also that the restrictions in the digital permission are satisfied, if so, the vehicle will allow access. Lambert et al. further discloses the key sharing server is required to sign the digital permissions periodically and the second bearer device (other party’s device, item 10b) is required to connect to the key sharing server to obtain a freshly signed version of the permission. This will give the owner a guarantee that a revoked permission would be enforced within a time period, even if the other party disconnected their phone from the key sharing server and the owner did not have access to the vehicle. Should the owner at any time with to withdraw a previously granted digital permission for another party to access the vehicle, the owner uses their electronic device to generate a signed permission revocation request sent to the key sharing server, the key sharing server forwards a revocation notification to the electronic device of the other party, which is received by the other party. The device of the other party is then instructed to delete the revoked digital permission and enforce deletion of the permissions. The next time the owner unlocks the vehicle using their electronic device, the vehicle verifies the signature on the permission revocation request and if successful, the list of revoked digital permissions stored in the vehicle is updated to prevent revoked third parties from accessing the vehicle using the revoked digital permission in a subsequent attempt as disclosed in paragraphs 48-54. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 4-9, 15-16, and 18-23 are rejected under 35 U.S.C. 103 as being unpatentable over Lambert et al. (Pub No. 2017/0104589) in view of Rodriguez et al. (Pub No. 2024/0020493). Referring to the rejection of claim 1, Lambert et al. discloses a method for providing an authorization to access an interactive good by means of an access right issued by a first bearer device to or for a second bearer device by using a wireless communication means, the method including: (See Lambert et al., Fig. 11, i.e., an interactive good is disclosed as a vehicle, item 12 configured to check an access request for accessing permission issued by a first bearer device, disclosed as owner electronic device, item 10a to a second bearer device, disclosed as other party electronic device, item 10b via a NFC tap (short-range wireless communication) - by the first bearer device, which includes at least one processor, (See Lambert et al., para. 37 and 49-50, i.e., a cryptographic processor, item 34 for performing device key sharing and a cryptographic processor, item 54 for performing vehicle key sharing wherein the vehicle, item 12 cryptographically verifies the signature on the digital permission as belonging to the owner (and to the signing server, item 18) using stored identity certificates. The vehicle will also verify that the identity certificate presented by the owner device matches the identity supplied in the digital permission. The vehicle verifies that the response is correct, and also that the restrictions in the digital permission are satisfied. If so, the vehicle will allow access) and a memory (See Lambert et al., para. 62 and 73, i.e., a memory for storing the hash of the registration code for verifying future owner registration requests and the device key sharing module can be configured to enable the signed digital permission to be stored in memory on the other electronic device in a way that enables the short-range interface on the other electronic device to access the permission in order to present that permission to the vehicle) - obtaining a first information including at least a second bearer device identifier, via wireless communication between the first bearer device and the second bearer device, (See Lambert et al., para. 47, i.e., the owner uses their electronic device to generate a sharing invitation for the other party by authenticating this invitation with a private key. The device sends the sharing invitation to the key sharing server. The key sharing server responds with the identity certificate of the other party to enable it to be provided to the vehicle.) - by the first bearer device, generating the access right, said access right including at least the second bearer device identifier and an identifier of the interactive good, (See Lambert et al., para. 47-48, i.e., after receiving the identity certificate of the other party, the owner can use their device to restrictions on the use of the vehicle by the other party. Restrictions can include, for example, time of day, specific calendar days or date ranges, and geographic locations or regions. The device creates a digital permission containing the identity of the other party (as defined by his or her identity certificate), and the restrictions set by the owner) - providing from the first bearer device a second information to the interactive good, said second information including at least the access right, directly via wireless communication between the first bearer device and the interactive good (See Lambert et al., para. 48, i.e., this digital permission is cryptographically signed using the owner's cryptographic private key. The device sends the digital permission to the key sharing server. The key sharing server receives the digital permission and forwards the digital permission to the electronic device of the other party, which is received by the other party) - by the second bearer device, which includes at least one processor and a memory, presenting an access request to the interactive good, via wireless communication between the second bearer device and the interactive good, (See Lambert et al., para. 49, i.e., once the digital permission is received, the other party will initiate communication between their electronic device and the vehicle using a secure channel and provide the digital permission to the vehicle for verification. The vehicle cryptographically verifies the signature on the digital permission as belonging to the owner using stored identity certificates) - by the interactive good, which includes at least one processor and a memory, performing an identity check based on the access request and on the second information in order to at least verify the second bearer device identifier, and (See Lambert et al., para. 49-50, i.e., the vehicle verifies that the identity certificate presented by the owner device matches the identity supplied in the digital permission, and if the signature and certificate supplied are valid, the vehicle presents a cryptographic challenge to the other party's device. The other party's device uses the other party's cryptographic private key to complete the challenge and the device sends the response to the vehicle) - in case of successful identity check, by the interactive good, providing the requested access to the interactive good, (See Lambert et al., para. 50, i.e., the vehicle verifies that the response is correct, the restrictions in the digital permissions are satisfied and allow access) wherein the first bearer device is a device of a first user and the second bearer device is a device of a second user. (See Lambert et al., para. 70-74, wherein the first bearer device of the first user is disclosed as the owner’s electronic device, item 10a and the second bearer device of the second user is disclosed as the other party’s electronic device, item 10b. The electronic devices, 10a and 10b such as a smartphone, tablet, smartwatch used to gain access to the vehicle, item 12) Lambert et al. fail to explicitly disclose wherein the second information is provided from the first bearer device to the interactive good prior to the second bearer device attempting to perform the wireless communication with the interactive good. Rodriguez et al. discloses a method of a digital identity system generating a sharing token for authenticating a bearer to a validator, wherein a data store of the digital identity system holds a plurality of attributes of the bearer. Rodriguez et al. discloses wherein the second information is provided from the first bearer device to the interactive good prior to the second bearer device attempting to perform the wireless communication with the interactive good. (See Rodriguez et al., para. 645-649, i.e., the uPass validator presents the credential in visual form (such as the QR code) via the client application and the uPass user seeking access scans this into their own uPass-enrolled device. A check is performed to a URI verification service to check that the FQDN of the URI is registered, a confirmation is returned to the smartphone. The uPass bearer is using their mobile device to gain access to a web site via a browser session running on a desktop or laptop device scanning the QR code displayed in the client application wherein the QR code will be transferred from the browser application to the uPass application and thence transmitted to the validation service. Once acquired, this credential (which is annotated with the URI indicating the system to which the client application is attempting to connect) is passed to the uPass validation service, which then determines if the URI is valid and known, by looking up the credential in the database) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date the claimed invention was made to combine Lambert et al.’s system and method for digital key sharing for access control modified with Rodriguez et al.’s method of a digital identity system generating a sharing token for authenticating a bearer to a validator, wherein a data store of the digital identity system holds a plurality of attributes of the bearer. Motivation for such an implementation would enable encryption performed by the first bearer device for generating the second information before the wireless communication to the interactive good via a second bearer device. (See Rodriguez et al., para. 538) Referring to the rejection of claims 2 and 16, (Lambert et al. modified by Rodriguez et al.) discloses further including: - by the first bearer device, generating a first signature by signing at least one data of the second information, and adding said first signature to the second information for the interactive good, and (See Lambert et al., para. 49, i.e., once the digital permission is received, the other party can execute the following process to access the vehicle. The other party will initiate communication between their electronic device and the vehicle using a secure channel and provide the digital permission to the vehicle for verification. The vehicle cryptographically verifies the signature on the digital permission as belonging to the owner using stored identity certificates. The vehicle will also verify that the identity certificate presented by the owner device matches the identity supplied in the digital permission) - by the interactive good, verifying said first signature during the identity check. (See Lambert et al., para. 50, i.e., if the signature and certificate supplied are valid, the vehicle presents a cryptographic challenge to the other party's device. The other party's device uses the other party's cryptographic private key to complete the challenge, and the device sends the response to the vehicle wherein another signature or key-agreement is used. The vehicle verifies that the response is correct, and also that the restrictions in the digital permission are satisfied. If so, the vehicle will allow access) Referring to the rejection of claims 4 and 18, (Lambert et al. modified by Rodriguez et al.) discloses wherein the first information including at least a second bearer device public key in addition or as the second bearer device identifier, and said method further including: (See Lambert et al., para. 59 and 61, i.e., the current owner uses their electronic device to generate a registration code replacement request which includes the identity of the new owner and the new owner’s cryptographic public key) - encrypting the access right, or any data included therein, by the first bearer device using the second bearer device public key before providing the second information to the interactive good via the second bearer device, (See Lambert et al., para. 61, i.e., the key sharing server encrypts the new registration code using the new owner's cryptographic public key) - decrypting the encrypted access right, or the encrypted data included therein, by the second bearer device using a related second bearer device private key, and (See Lambert et al., para. 61, i.e., the new owner's device receives the encrypted code, verifies the signature of the hash, and decrypts the new registration code) - by the second bearer device, adding the decrypted access right, or the decrypted data included therein, to the access request before presenting said request to the interactive good. (See Lambert et al., para. 61, i.e., displays the code to the new owner for the access request before presenting to the vehicle. The new code is displayed only once and never stored on the device to ensure it cannot be reused) Referring to the rejection of claims 5 and 19, (Lambert et al. modified by Rodriguez et al.) discloses further including: - encrypting the access right, or any data included therein, by the first bearer device using an interactive good public key before providing the second information to the interactive good, and (See Lambert et al., para. 39 and 61, i.e., the current owner initiates communication between the electronic device, item 10 and the vehicle, item 12 by encrypting the data with the cryptographic public key of the vehicle and sending the encrypted hash, signed version of the hash, and the counter-signed version of the hash to the vehicle) - decrypting the encrypted access right, or the encrypted data included therein, by the interactive good using a related interactive good private key. (See Lambert et al., para. 40 and 62, i.e., the vehicle receives the encrypted data and verifies the counter-signature on the encrypted hash as belonging to the current owner and decrypts the hash using the vehicle’s cryptographic private key) Referring to the rejection of claims 6 and 20, (Lambert et al. modified by Rodriguez et al.) discloses wherein the access right further including an access permission including at least one of a limited using time, a limited moving range and a limited application scope of the interactive good, and in case of successful identity check, the requested access to the interactive good is provided in accordance with the access permission. (See Lambert et al., para. 71 and 73, i.e., the owner can use their electronic device, item 10a to set restrictions for digital permission to access the vehicle by giving a one-time access to a valet or parking attendant for a specific time of day/time period, calendar day, date range, and geographic location) Referring to the rejection of claims 7 and 21, (Lambert et al. modified by Rodriguez et al.) discloses wherein any exchange between at least two entities among the first bearer device, the second bearer device and the interactive good is encrypted. (See Lambert et al., para. 54 and 56-69, i.e., the exchange between the owner electronic device, item 10a, the other party electronic device, item 10b, and the vehicle, item 12 is encrypted) Referring to the rejection of claims 8 and 22, (Lambert et al. modified by Rodriguez et al.) discloses further including: - performing a prevailing check by the interactive good for checking if the second bearer device identifier is on a revocation list and, if so, preventing the access to the interactive good when the access request is presented by the second bearer device. (See Lambert et al., para. 51-54, i.e., if the other party device, item 10b digital permission to the vehicle, item 12 is located on the revocation list, the owner wish will withdraw the previously granted digital permission to the other party device to access the vehicle by using their electronic device, item 10a to generate a signed permission revocation request and sends it to the other party device, item 10b and instructs the other party device to delete the revoked digital permission. The revocation list is updated to prevent revoked third parties from accessing the vehicle and the revocation list of revoked permissions is encrypted to the vehicle) Referring to the rejection of claims 9 and 23, (Lambert et al. modified by Rodriguez et al.) discloses wherein the wireless communication means is a short-range wireless communication means preferably based on data scanning, Near Field Communication protocol or Ultra Wide Band protocol. (See Lambert et al., para. 70, i.e., digital permissions are sent from the owner’s electronic device to the other party’s device using a short-range communication channel between the devices via NFC) Referring to the rejection of claim 15, (Lambert et al. modified by Rodriguez et al.) discloses a for providing an authorization to access an interactive good by means of an access right issued by a first bearer device to or for a second bearer device by using a wireless communication means, comprising: (See Lambert et al., Fig. 11, i.e., an interactive good is disclosed as a vehicle, item 12 configured to check an access request for accessing permission issued by a first bearer device, disclosed as owner electronic device, item 10a to a second bearer device, disclosed as other party electronic device, item 10b via a NFC tap (short-range wireless communication) the first bearer device, which includes at least one processor, configured to (See Lambert et al., para. 37 and 49-50, i.e., a cryptographic processor, item 34 for performing device key sharing and a cryptographic processor, item 54 for performing vehicle key sharing wherein the vehicle, item 12 cryptographically verifies the signature on the digital permission as belonging to the owner (and to the signing server, item 18) using stored identity certificates. The vehicle will also verify that the identity certificate presented by the owner device matches the identity supplied in the digital permission. The vehicle verifies that the response is correct, and also that the restrictions in the digital permission are satisfied. If so, the vehicle will allow access) and a memory (See Lambert et al., para. 62 and 73, i.e., a memory for storing the hash of the registration code for verifying future owner registration requests and the device key sharing module can be configured to enable the signed digital permission to be stored in memory on the other electronic device in a way that enables the short-range interface on the other electronic device to access the permission in order to present that permission to the vehicle) obtain a first information including at least a second bearer device identifier, via wireless communication between the first bearer device and the second bearer device, (See Lambert et al., para. 47, i.e., the owner uses their electronic device to generate a sharing invitation for the other party by authenticating this invitation with a private key. The device sends the sharing invitation to the key sharing server. The key sharing server responds with the identity certificate of the other party to enable it to be provided to the vehicle.) generate the access right, said access right including at least the second bearer device identifier and an identifier of the interactive good, (See Lambert et al., para. 47-48, i.e., after receiving the identity certificate of the other party, the owner can use their device to restrictions on the use of the vehicle by the other party. Restrictions can include, for example, time of day, specific calendar days or date ranges, and geographic locations or regions. The device creates a digital permission containing the identity of the other party (as defined by his or her identity certificate), and the restrictions set by the owner) provide from the first bearer device a second information to the interactive good, said second information including at least the access right, directly via wireless communication between the first bearer device and the interactive good; (See Lambert et al., para. 48, i.e., this digital permission is cryptographically signed using the owner's cryptographic private key. The device sends the digital permission to the key sharing server. The key sharing server receives the digital permission and forwards the digital permission to the electronic device of the other party, which is received by the other party) the second bearer device, which includes at least one processor and a memory, configured to present an access request to the interactive good, via wireless communication between the second bearer device and the interactive good, (See Lambert et al., para. 49, i.e., once the digital permission is received, the other party will initiate communication between their electronic device and the vehicle using a secure channel and provide the digital permission to the vehicle for verification. The vehicle cryptographically verifies the signature on the digital permission as belonging to the owner using stored identity certificates) the interactive good, which includes at least one processor and a memory, configured to perform an identity check based on the access request and on the second information in order to at least verify the second bearer device identifier, and (See Lambert et al., para. 49-50, i.e., the vehicle verifies that the identity certificate presented by the owner device matches the identity supplied in the digital permission, and if the signature and certificate supplied are valid, the vehicle presents a cryptographic challenge to the other party's device. The other party's device uses the other party's cryptographic private key to complete the challenge and the device sends the response to the vehicle) and in case of successful identity check, by the interactive good, providing the requested access to the interactive good. (See Lambert et al., para. 50, i.e., the vehicle verifies that the response is correct, the restrictions in the digital permission are satisfied and allow access) wherein the first bearer device is a device of a first user and the second bearer device is a device of a second user. (See Lambert et al., para. 70-74, wherein the first bearer device of the first user is disclosed as the owner’s electronic device, item 10a and the second bearer device of the second user is disclosed as the other party’s electronic device, item 10b. The electronic devices, 10a and 10b such as a smartphone, tablet, smartwatch used to gain access to the vehicle, item 12) Lambert et al. fail to explicitly disclose wherein the second information is provided from the first bearer device to the interactive good prior to the second bearer device attempting to perform the wireless communication with the interactive good. Rodriguez et al. discloses a method of a digital identity system generating a sharing token for authenticating a bearer to a validator, wherein a data store of the digital identity system holds a plurality of attributes of the bearer. Rodriguez et al. discloses wherein the second information is provided from the first bearer device to the interactive good prior to the second bearer device attempting to perform the wireless communication with the interactive good, (See Rodriguez et al., para. 645-649, i.e., the uPass validator presents the credential in visual form (such as the QR code) via the client application and the uPass user seeking access scans this into their own uPass-enrolled device. A check is performed to a URI verification service to check that the FQDN of the URI is registered, a confirmation is returned to the smartphone. The uPass bearer is using their mobile device to gain access to a web site via a browser session running on a desktop or laptop device scanning the QR code displayed in the client application wherein the QR code will be transferred from the browser application to the uPass application and thence transmitted to the validation service. Once acquired, this credential (which is annotated with the URI indicating the system to which the client application is attempting to connect) is passed to the uPass validation service, which then determines if the URI is valid and known, by looking up the credential in the database) The rationale for combining Lambert et al. in view of Rodriguez et al. is the same as claim 1. Claims 10 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Lambert et al. (Pub No. 2017/0104589) and Rodriguez et al. (Pub No. 2024/0020493) in further view of Roozbehani et al. (Pub No. 2019/0215342). The combination of Lambert et al. and Rodriguez et al. discloses the invention as described above, however, neither reference explicitly disclose wherein at least one of the first information and the second information is a QR code. Roozbehani et al. discloses a method and system for managing shared use of an asset. Referring to the rejection of claims 10 and 24, (Lambert et al. and Rodriguez et al. modified by Roozbehani et al.) discloses wherein at least one of the first information and the second information is a QR code. (See Roozbehani et al., para. 61 and 63, i.e., the owner scans the QR code on the body of the vehicle as the first information, transfers the policy to the new user and the new user relays the transferred policy to the vehicle. The user passes the public key to the owner through a QR code as the second information) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date the claimed invention was made to combine Lambert et al.’s system and method for digital key sharing for access control and Rodriguez et al.’s method of a digital identity system generating a sharing token for authenticating a bearer to a validator, wherein a data store of the digital identity system holds a plurality of attributes of the bearer modified with Roozbehani et al.’s method and system for managing shared use of an asset. Motivation for such an implementation would enable a secure communication between the owner, the vehicle, and the new user using QR codes for protecting the public key. (See Roozbehani et al., para. 61 and 63) Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY D FIELDS whose telephone number is (571)272-3871. The examiner can normally be reached IFP M-F 8am-4:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /COURTNEY D FIELDS/Examiner, Art Unit 2436 January 28, 2026 /FATOUMATA TRAORE/Primary Examiner, Art Unit 2436
Read full office action

Prosecution Timeline

Show 2 earlier events
Jun 18, 2025
Response Filed
Jul 11, 2025
Final Rejection mailed — §103
Sep 11, 2025
Request for Continued Examination
Sep 29, 2025
Response after Non-Final Action
Oct 31, 2025
Non-Final Rejection mailed — §103
Jan 12, 2026
Response Filed
Feb 02, 2026
Final Rejection mailed — §103
Mar 19, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

18/476,749
Patent 12634696
DOUBLE BLIND PRIVATE WIRELESS LOCAL AREA NETWORKING
2y 7m to grant Granted May 19, 2026
17/988,184
Patent 12627696
Identity power scoring system for cloud environments
3y 5m to grant Granted May 12, 2026
18/381,975
Patent 12587838
ENCRYPTED END-TO-END MESSAGING USING NEAR-FIELD COMMUNICATION (NFC) TAGS
2y 5m to grant Granted Mar 24, 2026
18/225,199
Patent 12581311
METHOD AND DEVICE TO ESTABLISH A WIRELESS SECURE LINK WHILE MAINTAINING PRIVACY AGAINST TRACKING
2y 7m to grant Granted Mar 17, 2026
18/448,235
Patent 12581290
Security Negotiation Method and Apparatus
2y 7m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

4-5
Expected OA Rounds
84%
Grant Probability
80%
With Interview (-4.6%)
3y 4m (~5m remaining)
Median Time to Grant
High
PTA Risk
Based on 660 resolved cases by this examiner. Grant probability derived from career allowance rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month