Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsGenetec Inc. › 18383838
Last updated: April 19, 2026
Application No. 18/383,838

SYSTEM AND METHOD FOR PROVISIONING A PHYSICAL SECURITY TOKEN

Non-Final OA §102§103
Filed
Oct 25, 2023
Examiner
HENNING, MATTHEW T
Art Unit
2491
Tech Center
2400 — Computer Networks
Assignee
Genetec Inc.
OA Round
1 (Non-Final)
71%
Grant Probability
Favorable
1-2
OA Rounds
3y 5m
To Grant
90%
With Interview

Interview Optional

+19.2% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 577 resolved cases, 2023–2026

Examiner Intelligence

HENNING, MATTHEW T View full profile →
Grants 71% — above average
71%
Career Allow Rate
410 granted / 577 resolved
+13.1% vs TC avg
Strong +19% interview lift
Without
With
+19.2%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
17 currently pending
Career history
594
Total Applications
across all art units

Statute-Specific Performance

§101
8.8%
-31.2% vs TC avg
§103
44.9%
+4.9% vs TC avg
§102
17.3%
-22.7% vs TC avg
§112
18.0%
-22.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 577 resolved cases

Office Action

§102 §103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This office action is in response to the communication filed on 10/25/2023. Claims 1-30 have been examined. Information Disclosure Statement The information disclosure statement (IDS) submitted on 10/25/2023 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. The information disclosure statements (IDS) submitted on [ 1 ] are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner. Specification Applicant is reminded of the proper language and format for an abstract of the disclosure. The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words. The form and legal phraseology often used in patent claims, such as "means" and "said," should be avoided. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details. The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, "The disclosure concerns," "The disclosure defined by this invention," "The disclosure describes," etc. The abstract of the disclosure is objected to because it contains phrases which can be implied (e.g. “are provided”). Correction is required. See MPEP § 608.01(b). Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claims 1-5, 8-13, 15, 16, 18-24, and 27-30 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Drechsler et al. (US Patent Application Publication Number 2021/0344672) hereinafter referred to as Drechsler. Regarding claim 1, Drechsler disclosed a computer-implemented method of securely provisioning a physical security token, comprising: receiving, at a secure appliance (108) and from a remote server (e.g. 110), a command to encode a set of access information into the physical security token (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example); generating, at the secure appliance, encrypted access information, comprising: providing the set of access information to a secure cryptoprocessor (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example); and instructing the secure cryptoprocessor to use a cryptographic key stored in the secure cryptoprocessor to encrypt the set of access information (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example); obtaining, from a security token reader (e.g. 104), an indication of a presence of the physical security token being inserted into or presented to the security token reader (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example); and provisioning the physical security token (e.g. 104 and emulated card) by transmitting, via a secured channel, the encrypted access information from the secure appliance to the security token reader for encoding the physical security token with the encrypted access information (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example). Regarding claim 2, Drechsler disclosed that receiving the command to encode the set of access information comprises receiving the set of access information from the remote server, and the set of access information comprises a set of credential information and an access policy (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example). Regarding claim 3, Drechsler disclosed that the command to encode the set of access information comprises the set of access information arranged in a predetermined structure for encoding (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example). Regarding claim 4, Drechsler disclosed that providing the set of access information to the secure cryptoprocessor comprises placing the set of access information on a bus of the secure appliance via which the secure cryptoprocessor is coupled to secure appliance (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 and 0305 for example). Regarding claim 5, Drechsler disclosed that providing the set of access information to the secure cryptoprocessor comprises transmitting the set of access information to the secure cryptoprocessor over a network (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 and 0305 for example). Regarding claim 8, Drechsler disclosed that generating the encrypted access information comprises selecting the secure cryptoprocessor from a plurality of secure cryptoprocessors available to the secure appliance based on the command received from the remote server (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example – and Paragraph 0088). Regarding claim 9, Drechsler disclosed that selecting the secure cryptoprocessor from the plurality of secure cryptoprocessors is further based on at least one of: a credential information received from the remote server, an access policy received from the remote server, a privilege level associated with one or more cryptographic keys stored in the secure cryptoprocessor, a load balancing factor, and a predetermined schedule (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example – and Paragraph 0088). Regarding claim 10, Drechsler disclosed generating the encrypted access information comprises selecting the cryptographic key from a plurality of cryptographic keys stored in the secure cryptoprocessor based on the command received from the remote server (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example). Regarding claim 11, Drechsler disclosed that selecting the cryptographic key from the plurality of cryptographic keys is further based on at least one of: a credential information received from the remote server, an access policy received from the remote server, a privilege level associated the cryptographic key, and a predetermined schedule (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example). Regarding claim 12, Drechsler disclosed that prior to transmitting the encrypted access information to the security token reader for provisioning the physical security token: determining a requested token identifier from the set of access information; obtaining a presented token identifier of the physical security token inserted into or presented to the security token reader; and transmitting the encrypted access information to the security token reader for provisioning the physical security token only when the requested token identifier matches the presented token identifier (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example). Regarding claim 13, Drechsler disclosed a computer-implemented method for securely provisioning a physical security token, comprising: providing a remote server executing security software (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example); providing a secure appliance coupled to a security token reader and to the remote server, the secure appliance having access to a secure cryptoprocessor for encrypting information (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example); obtaining, at the remote server, a request to encode a physical security token to be assigned to a user (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example); sending, from the remote server to the secure appliance, a command to encode a set of access information into the physical security token (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example); generating, at the secure appliance, encrypted access information based on the set of access information using a cryptographic key stored in the secure cryptoprocessor (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example); obtaining, at the secure appliance, an indication from the security token reader of a presence of the physical security token being inserted into or presented to the security token reader (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example); and transmitting, via a secured channel, the encrypted access information from the secure appliance to the security token reader for encoding the physical security token with the encrypted access information (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example). Regarding claim 15, Drechsler disclosed that the set of access information is arranged in a predetermined structure for encoding, and comprises a set of credential information and an access policy (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example). Regarding claim 16, Drechsler disclosed that generating the encrypted access information comprises: providing the set of access information to the secure cryptoprocessor; and instructing the secure cryptoprocessor to use the cryptographic key stored in the secure cryptoprocessor to encrypt the set of access information (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example). Regarding claim 18, Drechsler disclosed that generating the encrypted access information comprises selecting the secure cryptoprocessor from a plurality of secure cryptoprocessors available to the secure appliance based on the command received from the remote server (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example – and Paragraph 0088). Regarding claim 19, Drechsler disclosed that generating the encrypted access information comprises selecting the cryptographic key from a plurality of cryptographic keys stored in the secure cryptoprocessor based on the command received from the remote server (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example). Regarding claim 20, Drechsler disclosed that selecting the cryptographic key from the plurality of cryptographic keys is further based on at least one of: a credential information received from the remote server, an access policy received from the remote server, a privilege level associated the cryptographic key, and a predetermined schedule (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example). Regarding claim 21, Drechsler disclosed a computer-implemented system for provisioning a physical security token, comprising: a communication interface; at least one processor; memory in communication with said at least one processor; and instructions stored in said memory, which when executed at said at least one processor causes said system to: receive, at a secure appliance and from a remote server, a command to encode a set of access information into the physical security token (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example); generate, at the secure appliance, encrypted access information, comprising: providing the set of access information to a secure cryptoprocessor; and instructing the secure cryptoprocessor to use a cryptographic key stored in the secure cryptoprocessor to encrypt the set of access information (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example); obtain, from a security token reader, an indication of a presence of the physical security token being inserted into or presented to the security token reader (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example); and provision the physical security token by transmitting, via a secured channel, the encrypted access information from the secure appliance to the security token reader for encoding the physical security token with the encrypted access information (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example). Regarding claim 22, Drechsler disclosed that [the] command to encode the set of access information comprises the set of access information arranged in a predetermined structure for encoding (Drechsler Fig 15 and Paragraphs 0064, 0109, 0163-0172 and 250-276 for example). Regarding claim 23, Drechsler disclosed that providing the set of access information to the secure cryptoprocessor comprises placing the set of access information on a bus of the secure appliance via which the secure cryptoprocessor is coupled to secure appliance (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 and 0305 for example). Regarding claim 24, Drechsler disclosed that providing the set of access information to the secure cryptoprocessor comprises transmitting the set of access information to the secure cryptoprocessor over a network (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 and 0305 for example). Regarding claim 27, Drechsler disclosed that generating the encrypted access information comprises selecting the secure cryptoprocessor from a plurality of secure cryptoprocessors available to the secure appliance based on the command received from the remote server (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example – and Paragraph 0088). Regarding claim 28, Drechsler disclosed that selecting the secure cryptoprocessor from the plurality of secure cryptoprocessors is further based on at least one of: a credential information received from the remote server, an access policy received from the remote server, a privilege level associated with one or more cryptographic keys stored in the secure cryptoprocessor, a load balancing factor, and a predetermined schedule (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example – and Paragraph 0088). Regarding claim 29, Drechsler disclosed that generating the encrypted access information comprises selecting the cryptographic key from a plurality of cryptographic keys stored in the secure cryptoprocessor based on the command received from the remote server (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example). Regarding claim 30, Drechsler disclosed that selecting the cryptographic key from the plurality of cryptographic keys is further based on at least one of: a credential information received from the remote server, an access policy received from the remote server, a privilege level associated the cryptographic key, and a predetermined schedule (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 7, 14, and 26 rejected under 35 U.S.C. 103 as being unpatentable over Drechsler. Regarding claims 7 and 26, Drechsler did not explicitly disclose that provisioning the physical security token comprises instructing the security token reader to transmit the encrypted access information to the physical security token without storing any of the encrypted access information. Official Notice: It was well known before the effective filing date of the invention for devices to communicate over a network, and that this involved sending data through access points and routers. As such, it would have been obvious to the person having ordinary skill in the art for device 104 and 108 to communicate over a network involving transmission through access points and routers. This would have been obvious because the person having ordinary skill in the art would have been motivated to employ common communication network practices to enable the generically taught communications in Drechsler. In this case, the combination meets that provisioning the physical security token comprises instructing the security token reader to transmit the encrypted access information to the physical security token without storing any of the encrypted access information (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example – in this case, the access point or router through which device 104 receives the access information reads on the “security token reader”). Regarding claims 14, Drechsler did not explicitly disclosed transmitting the encrypted access information from the secure appliance to the security token reader to cause the security token reader to transparently transmit the encrypted access information to the physical security token for encoding the physical security token. Official Notice: It was well known before the effective filing date of the invention for devices to communicate over a network, and that this involved sending data through access points and routers. As such, it would have been obvious to the person having ordinary skill in the art for device 104 and 108 to communicate over a network involving transmission through access points and routers. This would have been obvious because the person having ordinary skill in the art would have been motivated to employ common communication network practices to enable the generically taught communications in Drechsler. In this case, the combination meets transmitting the encrypted access information from the secure appliance to the security token reader to cause the security token reader to transparently transmit the encrypted access information to the physical security token for encoding the physical security token. (Drechsler Fig 15 and Paragraphs 0064, 0109 and 250-276 for example – in this case, the access point or router through which device 104 receives the access information reads on the “security token reader”). Allowable Subject Matter Claims 6, 17, and 25 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion Claims 1-5, 7-16, 18-24, and 26-30 have been rejected. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 11,922,384 disclosed a system for obtaining a security token by a mobile terminal. US 2009/0198618 disclosed a method for loading and managing and using smartcard authentication tokens and digital certificates. US 7,121,456 disclosed a system for managing and updating card images of a smartcard in a smartcard access system. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW T HENNING whose telephone number is (571)272-3790. The examiner can normally be reached Monday-Friday 9AM-3PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Korzuch can be reached at (571)272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MATTHEW T HENNING/Primary Examiner, Art Unit 2491
Read full office action

Prosecution Timeline

Oct 25, 2023
Application Filed
Mar 19, 2026
Non-Final Rejection — §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/423,905
Patent 12602507
Data Center Monitoring And Management Operation Including Configuration For Customer Sensitive Data
2y 5m to grant Granted Apr 14, 2026
18/533,592
Patent 12596817
SECURE REMOTE CONTROLS PACKAGE FOR SEMI-AUTONOMOUS SYSTEMS
2y 5m to grant Granted Apr 07, 2026
18/362,122
Patent 12566868
APPARATUS AND METHODS FOR BINDING A SYSTEM ON CHIP AND A MEMORY DEVICE WITH A KEY
2y 5m to grant Granted Mar 03, 2026
17/591,440
Patent 12562911
Fork Processing Method And Blockchain Node
2y 5m to grant Granted Feb 24, 2026
17/684,798
Patent 12554895
ENCRYPTED ANALYTICAL VAULT FOR TRUSTED ACCESS
2y 5m to grant Granted Feb 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
71%
Grant Probability
90%
With Interview (+19.2%)
3y 5m
Median Time to Grant
Low
PTA Risk
Based on 577 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month