Prosecution Insights
Last updated: July 17, 2026
Application No. 18/267,429

LICENSE AUTHENTICATION METHOD AND APPARATUS, ELECTRONIC DEVICE, SYSTEM, AND STORAGE MEDIUM

Non-Final OA §103
Filed
Jun 14, 2023
Priority
Dec 24, 2020 — nonprovisional of PCTCN2020139087
Examiner
KHADKA, AMIT
Art Unit
2432
Tech Center
2400 — Computer Networks
Assignee
BOE Technology Group Co., Ltd.
OA Round
1 (Non-Final)
17%
Grant Probability
At Risk
1-2
OA Rounds
0m
Est. Remaining
17%
With Interview

Examiner Intelligence

Grants only 17% of cases
17%
Career Allowance Rate
1 granted / 6 resolved
-41.3% vs TC avg
Minimal +0% lift
Without
With
+0.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 4m
Avg Prosecution
14 currently pending
Career history
29
Total Applications
across all art units

Statute-Specific Performance

§103
92.9%
+52.9% vs TC avg
§102
7.1%
-32.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 6 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Specification Applicant is reminded of the proper language and format for an abstract of the disclosure. The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details. The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc. In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 7-8, 10-11, 13, 15 and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim (US 12301977 B2) in view of Li (US 20200004973 A1) in view of Bae (US 20230350988 A1). Regarding Claim 1, Kim teaches: obtaining registration information provided by a licensed terminal, wherein the registration information comprises a public key and first environment ciphertext that are provided by the licensed terminal, the first environment ciphertext is obtained after the licensed terminal encrypts a currently obtained first environment fingerprint with a private key, and the first environment fingerprint comprises software and hardware feature information of an environment where the licensed terminal is located (Kim, Col 6, lines 34-64, discloses that the mediation device (120) acquires an application request message (registration information) which is ultimately sent to the server (130) (Fig. 3, step 231; Fig. 5) from a camera device (110). The application request message includes the encrypted device identification information (first environment fingerprint) with the camera's private key which represents the first environment ciphertext. The public key of the camera device (cryptographically related with the private key) is included in the same application request message. The device identification information may include at least a MAC address, information from a camera unit, a controller, a storage and information arbitrarily allocated per camera device. Col 13, lines 26-30, Kim exemplifies software attributes (AXIS example) like unique identification information included in the device, a validity term and software version.); generating license information comprising the first environment ciphertext, wherein the license information is configured to indicate a license range of a service to be licensed that requests license authentication in the licensed terminal (Kim, Col 7, lines 11-15, discloses that the server 130 (licensing terminal) generates license data on the basis of the encrypted device identification information included in the application request message. The license data includes signed information generated on the basis of the device identification information; Col 11, lines 23-25 and Col 13, lines 26-29, Kim discloses the license data can include validity term and software version tied to the unique identification information.); Wherein the specific information is license information (Kim, Col 7, lines 11-15, discloses that the server 130 (licensing terminal) generates license data on the basis of the encrypted device identification information included in the application request message.); Wherein the unique data is the first environment ciphertext (Kim, Col 6, lines 36-51, discloses that the application request message may include device identification information of the camera device 110. The device identification information may include hardware information determined in a process of manufacturing or assembling the camera device. The device identification information may include, for example, at least a medium access control (MAC) address of a communication interface included in the camera device 110); Kim, Col 7, lines 35-54, Fig. 3 Steps 245, 251 discloses sending license data to licensed terminal. Kim discloses that the server transmits license data and application data to the mediation device, the mediation device forwards the license data and application data to the camera device. Kim does not explicitly teach; However, Li teaches, and performing homomorphic encryption on the specific information using the public key to obtain license ciphertext (Li, para 80, discloses that the second server encrypts the specific data by using the public key of the demonstrator (first server, individual, enterprise) for homomorphic encryption provided by the demonstrator in advance to generate homomorphically encrypted ciphertext); and sending the license ciphertext to the licensed terminal, causing the licensed terminal to verify the unique data in the license ciphertext through a verification terminal to determine authenticity of the license ciphertext (Li, para 80, discloses that the second server sends the ciphertext and the verification data to the first server (licensed terminal); Para 81, Li discloses the first server 11 sends the received ciphertext and verification data to the third server 13 (verification terminal). The third server 13 verifies the ciphertext using the verification data, i.e., it verifies whether the ciphertext corresponds to the original data. If valid, the ciphertext is accepted as the input to the secure protocol; if not, the process terminates.); It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim’s license management system to incorporate Li’s homomorphic encryption and ciphertext verification technique. Kim recognizes the need to securely issue and validate license data that is bound to device identification information of the device, and Li teaches a technique for protecting trusted data by encrypting it with a public key through homomorphic encryption and allowing a verification server to verify whether the ciphertext matches. One would be motivated to make such modification on Kim’s system so that Kim’s device bound license information could remain protected in encrypted form while still being verifiable for authenticity. Such modification would improve Kim’s system by reducing the risk that license information or device identifying information could be exposed, modified, or falsely asserted during validation and improve overall security. Li does not explicitly teach; However, Bae teaches, and causing the licensed terminal to determine whether to perform license authentication on the service to be licensed in the licensed terminal according to received verification result ciphertext (Bae, para 93, discloses the terminal decrypts the encrypted verification result using the private key of the service user, para 53, Bae discloses that the terminal receiving the verification result, checking it and permitting the use of service based on it.) It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim’s license management system to incorporate Bae’s encrypted verification-result transmission technique. Kim, teaches a licensed device validates license data before allowing application installation or execution, and Bae teaches, after verification apparatus verifies submitted information, an encrypted verification result may be transmitted to the terminal to decide for permission. One would be motivated to perform such modification on Kim’s system so that the result of ciphertext verification could be securely returned to the terminal without being intercepted or tampered with. This modification would protect integrity and confidentiality of the verification result and overall security of the system. Regarding Claim 7, Li teaches: receiving a verification request sent by a licensed terminal, wherein the verification request is generated by the licensed terminal based on license ciphertext, and second environment ciphertext (Li, para 81, 121-124, discloses the third server (verification terminal) receives the verification data and second ciphertext from first server); the license ciphertext is obtained after a licensing terminal performs homomorphic encryption on license information comprising first environment ciphertext with the public key (Li, para 80, discloses that the second server encrypts the specific data by using the public key of the demonstrator (first server, individual, enterprise) for homomorphic encryption provided by the demonstrator in advance to generate homomorphically encrypted ciphertext); the second data ciphertext is obtained after a currently obtained second identifying data is encrypted with the public key (Li, para 81, 121-124, discloses the third server (verification terminal) receives the verification data and second ciphertext from first server, and determine if the first ciphertext and the second ciphertext are same.); performing homomorphic operation on the license ciphertext, and verifying the first ciphertext with the second ciphertext (Li, para 81, 121-124, discloses the third server (verification terminal) receives the verification data and second ciphertext from first server, and determine if the first ciphertext and the second ciphertext are same. Para 80, Li discloses performing homomorphic encryption which implies that the third server perform homomorphic operation for verification (para 81)); Li does not explicitly teach; However, Kim teaches: the first ciphertext is obtained after the licensed terminal encrypts a currently obtained first environment fingerprint with a private key (Kim, Col 6, lines 34-64, discloses that the mediation device (120) acquires an application request message (registration information) which is ultimately sent to the server (130) (Fig. 3, step 231; Fig. 5) from a camera device (110). The application request message includes the device identification information (first environment fingerprint) encrypted with the camera's private key which represents the first environment ciphertext.); and the first environment fingerprint comprises software and hardware feature information of an environment where the licensed terminal is located (Kim, Col 6, lines 34-64, discloses that the application request message includes the device identification information (first environment fingerprint) encrypted with the camera's private key which represents the first environment ciphertext. The public key of the camera device (cryptographically related with the private key) is included in the same application request message. The device identification information may include at least a MAC address, information from a camera unit, a controller, a storage and information arbitrarily allocated per camera device. Col 13, lines 26-30, Kim exemplifies software attributes (AXIS example) like unique identification information included in the device, a validity term and software version.); Wherein the first ciphertext is the first environment ciphertext (Kim, Col 6, lines 34-64, discloses that the mediation device (120) acquires an application request message (registration information) which is ultimately sent to the server (130) (Fig. 3, step 231; Fig. 5) from a camera device (110). The application request message includes the device identification information (first environment fingerprint) encrypted with the camera's private key which represents the first environment ciphertext.); Wherein the second data is the second environment data (Kim, Col 11, lines 25-43, discloses during license validation, the device determines whether the device identification information included in the signed/license data is the same as the device identification information acquired in the device; Kim, Col 6, lines 34-64 Chenxirther discloses the device identification information may include at least a MAC address, information from a camera unit, a controller, a storage and information arbitrarily allocated per camera device.); Wherein the second identifying data is the second environment fingerprint (Kim, Col 11, lines 25-43, discloses acquiring device identification information in the camera device during license validation and comparing it with device identification information included in the licensed/signed data; This current device identification information represents the current software/hardware information of the device.) It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim’s license management system to incorporate Li’s homomorphic encryption and ciphertext verification technique. Kim recognizes the need to securely issue and validate license data that is bound to device identification information of the device, and Li teaches a technique for protecting trusted data by encrypting it with a public key through homomorphic encryption and allowing a verification server to verify whether the ciphertext matches. One would be motivated to make such modification on Kim’s system so that Kim’s device bound license information could remain protected in encrypted form while still being verifiable for authenticity. Such modification would improve Kim’s system by reducing the risk that license information or device identifying information could be exposed, modified, or falsely asserted during validation and improve overall security. Kim/Li does not explicitly teach; However, Bae teaches: to obtain verification result ciphertext; and sending the verification result ciphertext to the licensed terminal (Bae, para 92-93, discloses the encrypting the verification result by identity information verification unit using public key and transmitting encrypted verification result to the terminal); and causing the licensed terminal to decrypt the verification result ciphertext with the private key to obtain a verification result, to determine whether to perform license authentication on a service to be licensed in the licensed terminal according to the verification result (Bae, para 93, discloses the terminal decrypts the encrypted verification result using the private key of the service user, para 53, Bae discloses that the terminal receiving the verification result, checking it and permitting the use of service based on it.) It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim’s license management system to incorporate Bae’s encrypted verification-result transmission technique. Kim, teaches a licensed device validates license data before allowing application installation or execution, and Bae teaches, after verification apparatus verifies submitted information, an encrypted verification result may be transmitted to the terminal to decide for permission. One would be motivated to perform such modification on Kim’s system so that the result of ciphertext verification could be securely returned to the terminal without being intercepted or tampered with. This modification would protect integrity and confidentiality of the verification result and overall security of the system. Regarding Claim 8, Kim/Li/Bae teaches the apparatus for license authentication; See the rejection for claim 1. Regarding Claim 10, Kim/Li/Bae teaches the apparatus for license authentication; See the rejection for claim 7. Regarding Claim 11, Kim/Li/Bae teaches the server applied to a licensing terminal; See the rejection for claim 8. Regarding Claim 13, Kim/Li/Bae teaches a system for license authentication; See the rejection for claim 8. Regarding Claim 15, Kim/Li/Bae teaches a non-readable storage medium; See the rejection for claim 1. Regarding Claim 21, Kim/Li/Bae teaches a non-readable storage medium; See the rejection for claim 7. Claim(s) 2 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim (US12301977B2) in view of Li (US 20200004973 A1) in view of Bae (US 20230350988 A1) in view of Chenxi (CN 109284586 A). Regarding Claim 2, Kim/Li/Bae teaches the method of claim1, Li teaches: Wherein sending the information is sending the license ciphertext to the licensed terminal (Li, para 80, discloses the second server sends the ciphertext and the verification data to the first server); It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim’s license management system to incorporate Li’s homomorphic encryption and ciphertext verification technique. Kim recognizes the need to securely issue and validate license data that is bound to device identification information of the device, and Li teaches a technique for protecting trusted data by encrypting it with a public key through homomorphic encryption and allowing a verification server to verify whether the ciphertext matches. One would be motivated to make such modification on Kim’s system so that Kim’s device bound license information could remain protected in encrypted form while still being verifiable for authenticity. Such modification would improve Kim’s system by reducing the risk that license information or device identifying information could be exposed, modified, or falsely asserted during validation and improve overall security. Kim/Li/Bae does not explicitly teach; However, Chenxi teaches: receiving a license request sent by the licensed terminal, wherein the license request carries activation ciphertext of the service to be licensed, and the activation ciphertext is configured to identify activation of the service to be licensed (Chenxi, para 74, 55 discloses a terminal starting up, connecting to a remote server, and sending an "activation request". This request carries an encrypted license file, which functions as the "activation cipher text" as it is the information used to identify and authorize the activation attempt); verifying whether the activation ciphertext is correct (Chenxi, para 75 teaches that the remote server performs "authority verification" on the information received in the request. The server verifies if the terminal has purchased a license by comparing the information in the request with its own records.); and sending the information to the licensed terminal in response to that the activation ciphertext is determined to be correct (Chenxi, para 75 teaches that only after the purchase is confirmed (i.e., the verification is successful) does the remote server send back a "decryption instruction" or a final matching result, which allows the terminal to proceed.) It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim/Li/Bae’s license management system to incorporate Chenxi’s activation-request verification procedure. Kim, teaches a licensed device validates license data before allowing application installation or execution, and Li teaches encrypting trusted information as ciphertext. Chenxi teaches a practice of requiring the terminal to first send an activation request carrying encrypted activation information to a remote server and have the remote server verify it. One would be motivated to perform such modification on Kim/Li/Bae’s system so that the server sends ciphertext only after confirming that the device has submitted correct activation information. This modification would improve security by preventing unauthorized terminals from receiving ciphertexts unless the activation information is verified as correct. Regarding Claim 16, Kim/Li/Bae teaches the apparatus of claim 8, Li teaches: Wherein sending the information is sending the license ciphertext to the licensed terminal (Li, para 80, discloses the second server sends the ciphertext and the verification data to the first server); It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim’s license management system to incorporate Li’s homomorphic encryption and ciphertext verification technique. Kim recognizes the need to securely issue and validate license data that is bound to device identification information of the device, and Li teaches a technique for protecting trusted data by encrypting it with a public key through homomorphic encryption and allowing a verification server to verify whether the ciphertext matches. One would be motivated to make such modification on Kim’s system so that Kim’s device bound license information could remain protected in encrypted form while still being verifiable for authenticity. Such modification would improve Kim’s system by reducing the risk that license information or device identifying information could be exposed, modified, or falsely asserted during validation and improve overall security. Kim/Li/Bae does not explicitly teach; However, Chenxi teaches: receiving a license request sent by the licensed terminal, wherein the license request carries activation ciphertext of the service to be licensed, and the activation ciphertext is configured to identify activation of the service to be licensed (Chenxi, para 74, 55 discloses a terminal starting up, connecting to a remote server, and sending an "activation request". This request carries an encrypted license file, which functions as the "activation cipher text" as it is the information used to identify and authorize the activation attempt); verifying whether the activation ciphertext is correct (Chenxi, para 75 teaches that the remote server performs "authority verification" on the information received in the request. The server verifies if the terminal has purchased a license by comparing the information in the request with its own records.); and sending the information to the licensed terminal in response to that the activation ciphertext is determined to be correct (Chenxi, para 75 teaches that only after the purchase is confirmed (i.e., the verification is successful) does the remote server send back a "decryption instruction" or a final matching result, which allows the terminal to proceed.) It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim/Li/Bae’s license management system to incorporate Chenxi’s activation-request verification procedure. Kim, teaches a licensed device validates license data before allowing application installation or execution, and Li teaches encrypting trusted information as ciphertext. Chenxi teaches a practice of requiring the terminal to first send an activation request carrying encrypted activation information to a remote server and have the remote server verify it. One would be motivated to perform such modification on Kim/Li/Bae’s system so that the server sends ciphertext only after confirming that the device has submitted correct activation information. This modification would improve security by preventing unauthorized terminals from receiving ciphertexts unless the activation information is verified as correct. Claim(s) 3 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim (US12301977B2) in view of Li (US 20200004973 A1) in view of Bae (US 20230350988 A1) in in view of Bent (US 20190140818 A1). Regarding Claim 2, Kim/Li/Bae teaches the method of claim 1 wherein an algorithm for the homomorphic encryption, Kim/Li/Bae does not explicitly teach; However, Bent teaches: wherein an algorithm for the homomorphic encryption comprises Paillier encryption or fully homomorphic encryption (Bent, para 3, discloses the fully homomorphic encryption (FEH) being used to ensure vector operations can be performed efficiently) It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim/Li/Bae’s license management system to incorporate Bent’s technique of using fully homomorphic encryption. Kim, teaches a licensed device validates license data before allowing application installation or execution, and Li teaches encrypting trusted information as ciphertext and Bae teaches securely returning an encrypted verification result to a terminal. Bent teaches using fully homomorphic encryption so that operations can be performed on encrypted data. One would be motivated to perform such modification on Kim/Li/Bae’s system so that the verification terminal performs the required encrypted-data operations without exposing the underlying information, thereby improving privacy and resistance to tampering. Regarding Claim 17, Kim/Li/Bae teaches the apparatus of claim 8, wherein an algorithm for the homomorphic encryption, Kim/Li/Bae does not explicitly teach; However, Bent teaches: wherein an algorithm for the homomorphic encryption comprises Paillier encryption or fully homomorphic encryption (Bent, para 3, discloses the fully homomorphic encryption (FEH) being used to ensure vector operations can be performed efficiently) It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim/Li/Bae’s license management system to incorporate Bent’s technique of using fully homomorphic encryption. Kim, teaches a licensed device validates license data before allowing application installation or execution, and Li teaches encrypting trusted information as ciphertext and Bae teaches securely returning an encrypted verification result to a terminal. Bent teaches using fully homomorphic encryption so that operations can be performed on encrypted data. One would be motivated to perform such modification on Kim/Li/Bae’s system so that the verification terminal performs the required encrypted-data operations without exposing the underlying information, thereby improving privacy and resistance to tampering. Claim(s) 4, 9, 12 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim (US12301977B2) in view of Li (US 20200004973 A1) in view of Bae (US 20230350988 A1) in in view of Liu (US 20170366558 A1). Regarding Claim 4, Kim teaches: sending registration information carrying a public key and first environment ciphertext to a licensing terminal, wherein the first environment ciphertext is obtained after a currently obtained first environment fingerprint is encrypted with a private key, and the first environment fingerprint comprises software and hardware feature information of an environment where the licensed terminal is located (Kim, Col 6, lines 34-64, discloses that the mediation device (120) acquires an application request message (registration information) which is ultimately sent to the server (130)(Fig. 3, step 231; Fig. 5) from a camera device (110). The application request message includes the device identification information (first environment fingerprint) encrypted with the camera's private key which represents the first environment ciphertext. The public key of the camera device (cryptographically related with the private key) is included in the same application request message. The device identification information may include at least a MAC address, information from a camera unit, a controller, a storage and information arbitrarily allocated per camera device. Col 13, lines 26-30, Kim exemplifies software attributes (AXIS example) like unique identification information included in the device, a validity term and software version.); Wherein the specific data comprises registration information (Kim, Col 6, lines 34-64, discloses that the mediation device (120) acquires an application request message which is ultimately sent to the server (130) (Fig. 3, Fig. 5) from a camera device (110).) Wherein the first unique data is the first environment ciphertext (Kim, Col 6, lines 36-51, discloses that the application request message may include device identification information of the camera device 110. The device identification information may include hardware information determined in a process of manufacturing or assembling the camera device. The device identification information may include, for example, at least a medium access control (MAC) address of a communication interface included in the camera device 110.) wherein the encrypted data comprises environment ciphertext (Kim, Col 6, lines 36-51, discloses that the application request message may include device identification information of the camera device 110. The device identification information may include hardware information determined in a process of manufacturing or assembling the camera device. The device identification information may include, for example, at least a medium access control (MAC) address of a communication interface included in the camera device 110.) Wherein the specific authentication is license authentication (Kim, Col 7 lines 35-40 discloses authenticating the license data) Kim does not explicitly teach; However, Li teaches: receiving license ciphertext provided by the licensing terminal and generated based on the specific data, wherein the license ciphertext is obtained after the licensing terminal performs homomorphic encryption on license information comprising the first encrypted data with the public key (Li, para 80, discloses that the second server encrypts the specific data by using the public key of the demonstrator (first server, individual, enterprise) for homomorphic encryption provided by the demonstrator in advance to generate homomorphically encrypted ciphertext and then, the second server sends the ciphertext and the verification data to the first server); sending the verification request to a verification terminal, causing the verification terminal to verify the first encrypted data in the license ciphertext through the second encrypted data to determine authenticity of the license ciphertext (Li, para 81, 121-124, discloses the third server (verification terminal) receives the verification data and second ciphertext from first server, and determine if the first ciphertext and the second ciphertext are same.); It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim’s license management system to incorporate Li’s homomorphic encryption and ciphertext verification technique. Kim recognizes the need to securely issue and validate license data that is bound to device identification information of the device, and Li teaches a technique for protecting trusted data by encrypting it with a public key through homomorphic encryption and allowing a verification server to verify whether the ciphertext matches. One would be motivated to make such modification on Kim’s system so that Kim’s device bound license information could remain protected in encrypted form while still being verifiable for authenticity. Such modification would improve Kim’s system by reducing the risk that license information or device identifying information could be exposed, modified, or falsely asserted during validation and improve overall security. Li does not explicitly teach; However, Liu teaches: generating a verification request comprising the license ciphertext, and second encrypted data, wherein the second encrypted data is obtained after a currently obtained second environment fingerprint is encrypted with the public key, and the second environment fingerprint comprises software and hardware feature information of an environment where the licensed terminal is located (Liu, para 127 discloses at step S201, the forwarding device receives a content access request sent by a terminal, where the content access request includes an encrypted token, the encrypted token includes first location information, and the first location information is used to identify a network location at which the terminal is located when sending the user verification request.); It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim’s license management system to incorporate Liu’s technique of generating a verification request that carries encrypted terminal related information. One would be motivated to make such modification on Kim’s system so that Kim’s licensed terminal could provide currently obtained environment information in encrypted form as a part of the verification request. Such modification would reduce the risk that the current terminal information could be intercepted, modified or falsely asserted during authentication thereby improving security and reliability of Kim’s system. Liu does not explicitly teach; However, Bae teaches: and receiving verification result ciphertext sent by the verification terminal (Bae, para 92-93, discloses the encrypting the verification result by identity information verification unit using public key and transmitting encrypted verification result to the terminal); and decrypting the verification result ciphertext with the private key to obtain a verification result, to determine whether to perform specific authentication on a locally stored service to be permitted according to the verification result (Bae, para 93, discloses the terminal decrypts the encrypted verification result using the private key of the service user, para 53, Bae discloses that the terminal receiving the verification result, checking it and permitting the use of service based on it.) It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim’s license management system to incorporate Bae’s encrypted verification-result transmission technique. Kim, teaches a licensed device validates license data before allowing application installation or execution, and Bae teaches, after verification apparatus verifies submitted information, an encrypted verification result may be transmitted to the terminal to decide for permission. One would be motivated to perform such modification on Kim’s system so that the result of ciphertext verification could be securely returned to the terminal without being intercepted or tampered with. This modification would protect integrity and confidentiality of the verification result and overall security of the system. Regarding Claim 9, Kim/Li/Bae/Liu teaches the apparatus for license authentication; See the rejection for claim 4. Regarding Claim 12, Kim/Li/Bae/Liu teaches the electronic device; See the rejection for claim 9. Regarding Claim 20, Kim/Li/Bae/Liu teaches a non-readable storage medium; See the rejection for claim 4. Claim(s) 5 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim (US12301977B2) in view of Li (US 20200004973 A1) in view of Bae (US 20230350988 A1) in in view of Liu (US 20170366558 A1) in view of Xin (CN 101431415 A). Regarding Claim 5, Kim/Li/Bae/Liu teaches the method of claim 4, Kim teaches: wherein the sending the registration information carrying the public key and the first environment ciphertext to the licensing terminal comprises (Kim, Col 6, lines 34-64, discloses that the mediation device (120) acquires an application request message (registration information) which is ultimately sent to the server (130) (Fig. 3, step 231; Fig. 5) from a camera device (110). The application request message includes the device identification information (first environment fingerprint) encrypted with the camera's private key which represents the first environment ciphertext. The public key of the camera device (cryptographically related with the private key) is included in the same application request message.) obtaining the first environment fingerprint, and encrypting the first environment fingerprint with the private key to obtain the first environment ciphertext (Kim, Col 6, lines 34-64, discloses that the application request message includes the device identification information (first environment fingerprint) encrypted with the camera's private key which represents the first environment ciphertext. The public key of the camera device (cryptographically related with the private key) is included in the same application request message. The device identification information may include at least a MAC address, information from a camera unit, a controller, a storage and information arbitrarily allocated per camera device. Col 13, lines 26-30, Kim exemplifies software attributes (AXIS example) like unique identification information included in the device, a validity term and software version.); and sending the registration information carrying the public key and the first environment ciphertext to the licensing terminal (Kim, Col 6, lines 34-64, discloses that the mediation device (120) acquires an application request message (registration information) which is ultimately sent to the server (130) (Fig. 3, step 231; Fig. 5) from a camera device (110). The application request message includes the device identification information (first environment fingerprint) encrypted with the camera's private key which represents the first environment ciphertext.) Kim does not explicitly teach; However, Xin teaches: generating a key pair comprising the public key and the private key with a specified key algorithm in a case that an authentication request of the service to be licensed is received (Xin, para 49 discloses using elliptic curve cryptography and generates private key and public key; para 48, Xin discloses instantiating a license authentication request IPTV DRM_Hello message); wherein the authentication request is generated based on an activation operation of a user on the service to be licensed (Xin, para 48-50 discloses that the user action causes the terminal to initiate license authentication); It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim/Li/Bae/Liu’s license management system to incorporate Xin’s key-pair generation and authentication request initiation technique. One would be motivated to perform such modification on Kim/Li/Bae/Liu’s system so that public key and private key used in Kim’s registration and verification process are generated at the time the user activates or request license service. This would reduce the risk of key reuses or compromise, and tying the registration information and encrypted information to the activation of service to be licensed. Regarding Claim 18, Kim/Li/Bae/Liu teaches the apparatus according to claim 9, Kim teaches: obtaining the first environment fingerprint, and encrypting the first environment fingerprint with the private key to obtain the first environment ciphertext (Kim, Col 6, lines 34-64, discloses that the application request message includes the device identification information (first environment fingerprint) encrypted with the camera's private key which represents the first environment ciphertext. The public key of the camera device (cryptographically related with the private key) is included in the same application request message. The device identification information may include at least a MAC address, information from a camera unit, a controller, a storage and information arbitrarily allocated per camera device. Col 13, lines 26-30, Kim exemplifies software attributes (AXIS example) like unique identification information included in the device, a validity term and software version.); and sending the registration information carrying the public key and the first environment ciphertext to the licensing terminal (Kim, Col 6, lines 34-64, discloses that the mediation device (120) acquires an application request message (registration information) which is ultimately sent to the server (130) (Fig. 3, step 231; Fig. 5) from a camera device (110). The application request message includes the device identification information (first environment fingerprint) encrypted with the camera's private key which represents the first environment ciphertext.) Kim does not explicitly teach; However, Xin teaches: generating a key pair comprising the public key and the private key with a specified key algorithm in a case that an authentication request of the service to be licensed is received (Xin, para 49 discloses using elliptic curve cryptography and generates private key and public key; para 48, Xin discloses instantiating a license authentication request IPTV DRM_Hello message); wherein the authentication request is generated based on an activation operation of a user on the service to be licensed (Xin, para 48-50 discloses that the user action causes the terminal to initiate license authentication); It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim/Li/Bae/Liu’s license management system to incorporate Xin’s key-pair generation and authentication request initiation technique. One would be motivated to perform such modification on Kim/Li/Bae/Liu’s system so that public key and private key used in Kim’s registration and verification process are generated at the time the user activates or request license service. This would reduce the risk of key reuses or compromise, and tying the registration information and encrypted information to the activation of service to be licensed. Claim(s) 6 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim (US12301977B2) in view of Li (US 20200004973 A1) in view of Bae (US 20230350988 A1) in in view of Liu (US 20170366558 A1) in view of Chenxi (CN 109284586 A). Regarding Claim 6, Kim/Li/Bae/Liu teaches the method of claim 4, Kim/Li/Bae/Liu does not explicitly teach; However, Chenxi teaches: wherein before the receiving the license ciphertext provided by the licensing terminal and generated based on the registration information, the method further comprises: sending a license request carrying activation ciphertext to the licensing terminal, and causing the licensing terminal to verify authenticity of the activation ciphertext (Chenxi, para 54-55 discloses when a terminal user purchases a license, he or she will submit information to the remote server. The submitted information carries the terminal-related information including product version, operating system, product type, expiration date, physical network card address, which can be used to bind the license.) wherein the activation ciphertext is configured to identify activation of the service to be licensed (Chenxi, para 54-55 discloses when a terminal user purchases a license, he or she will submit information to the remote server. The submitted information carries the terminal-related information including product version, operating system, product type, expiration date, physical network card address, which can be used to bind the license.); and receiving the license ciphertext sent by the licensing terminal after the licensing terminal passes verification (Chenxi, para 75 teaches that the remote server performs "authority verification" on the information received in the request. The server verifies if the terminal has purchased a license by comparing the information in the request with its own records. Chenxi teaches that only after the purchase is confirmed (i.e., the verification is successful) does the remote server send back a "decryption instruction" or a final matching result, which allows the terminal to proceed.) It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim/Li/Bae/Liu’s license management system to incorporate Chenxi’s activation request verification technique. One would be motivated to perform such modification on Kim/Li/Bae/Liu’s system so that the licensing terminal first confirms the authenticity of the activation ciphertext before providing it to the licensed terminal. This would improve security by preventing unauthorized or inactivated terminals from receiving ciphertext. Regarding Claim 19, Kim/Li/Bae/Liu teaches the apparatus according to claim 9, Kim/Li/Bae/Liu does not explicitly teach; However, Chenxi teaches: sending a license request carrying activation ciphertext to the licensing terminal, and causing the licensing terminal to verify authenticity of the activation ciphertext (Chenxi, para 54-55 discloses when a terminal user purchases a license, he or she will submit information to the remote server. The submitted information carries the terminal-related information including product version, operating system, product type, expiration date, physical network card address, which can be used to bind the license.) wherein the activation ciphertext is configured to identify activation of the service to be licensed (Chenxi, para 54-55 discloses when a terminal user purchases a license, he or she will submit information to the remote server. The submitted information carries the terminal-related information including product version, operating system, product type, expiration date, physical network card address, which can be used to bind the license.); and receiving the license ciphertext sent by the licensing terminal after the licensing terminal passes verification (Chenxi, para 75 teaches that the remote server performs "authority verification" on the information received in the request. The server verifies if the terminal has purchased a license by comparing the information in the request with its own records. Chenxi teaches that only after the purchase is confirmed (i.e., the verification is successful) does the remote server send back a "decryption instruction" or a final matching result, which allows the terminal to proceed.) It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify Kim/Li/Bae/Liu’s license management system to incorporate Chenxi’s activation request verification technique. One would be motivated to perform such modification on Kim/Li/Bae/Liu’s system so that the licensing terminal first confirms the authenticity of the activation ciphertext before providing it to the licensed terminal. This would improve security by preventing unauthorized or inactivated terminals from receiving ciphertext. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMIT KHADKA whose telephone number is (703)756-1440. The examiner can normally be reached Monday - Friday, 8:00 am - 5:00 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L. Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /AMIT KHADKA/Examiner, Art Unit 2432 /Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432
Read full office action

Prosecution Timeline

Jun 14, 2023
Application Filed
Jul 01, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12567042
NONFUNGIBLE TOKEN PATH SYNTHESIS WITH SOCIAL SHARING
3y 6m to grant Granted Mar 03, 2026
Study what changed to get past this examiner. Based on 1 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
17%
Grant Probability
17%
With Interview (+0.0%)
2y 4m (~0m remaining)
Median Time to Grant
Low
PTA Risk
Based on 6 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month