Prosecution Insights
Last updated: April 17, 2026
Application No. 18/424,578

Systems, Methods, and Computer-Readable Media for Reprogrammable Authorization Key Generation Using NFC

Non-Final OA §103§112
Filed
Jan 26, 2024
Examiner
WALIULLAH, MOHAMMED
Art Unit
2498
Tech Center
2400 — Computer Networks
Assignee
unknown
OA Round
1 (Non-Final)
86%
Grant Probability
Favorable
1-2
OA Rounds
2y 7m
To Grant
97%
With Interview

Examiner Intelligence

Grants 86% — above average
86%
Career Allow Rate
623 granted / 721 resolved
+28.4% vs TC avg
Moderate +11% lift
Without
With
+10.6%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
15 currently pending
Career history
736
Total Applications
across all art units

Statute-Specific Performance

§101
9.3%
-30.7% vs TC avg
§103
55.4%
+15.4% vs TC avg
§102
4.9%
-35.1% vs TC avg
§112
14.3%
-25.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 721 resolved cases

Office Action

§103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 11 recites the limitation " an order of and a number of entries" in 15. Examiner not sure it is a new order or it is referring the order in line 15. There is insufficient antecedent basis for this limitation in the claim. Appropriate correction required. Dependent claims 12-19 do not cure deficiencies also, rejected accordingly. Similarly claim 20 needs correction. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-9, 12, 14-18, 20 are rejected under 35 U.S.C. 103 as being unpatentable over LAW et al(US 20220147974 A1) in view of Vogel et al(US 20200193420 A1). With regards to claim 1, LAW discloses, A key generation device (FIG 1 110 and associated text; ) comprising: a near field communication (NFC) tag configured to store a first key ([0057-60]; In various embodiments, the smart card 110 may include an integrated system-on-a-chip (SoC) within the housing. The SoC may be configured to perform one or more, a combination, or all of the above identified features (as will be described in more detail below in connection to FIG. 3)…. The SoC may also be configured to perform wireless communication functions via the communication circuitry; all digital processing functions for management and operation of the wireless communication; NFC RF interfaces and functions to interface with an NFC antenna and coil: and all digital processing function for NFC functions; [0187] Referring to FIG. 8, at block 805, the smart card may generate or be issued a private key (c). In some embodiments, c may be generated by a random key generation algorithm executed either by the smart card or by an external device and issued to the smart card during manufacture. The private key c is then saved in the memory of the smart card in a location that cannot be observed without great effort and expense by users (e.g., registered and unregistered users).); and a user device (FIG 3A and 3B and associated text, [0260] digital wallet) comprising: an input device configured to receive a first passcode from a user ([0060] In some embodiments, indications may be derived from user input via pins, pass phrases, and/or unique keystrokes and biometric verification which may be used for multi-factor authentication. Thus, the smart card 110 may be configured to individually activate (e.g., supply power thereto) and deactivate the various components (e.g., biometric sensor, authentication, EMV, BLE, RFID, etc.) to provide additional verification of the presence of the smart card 110 based on completion of the verification. In some embodiments, alone or in combination, an image of the authorized user may be stored in a memory, and access to the image may be granted only if the card is activated through the multi-factor authentication); a display screen configured to display information (FIG 3A and 3B 310 and associated text); a processor (FIG 3A and 3B 365 and associated text); and a memory including instructions stored thereon that, when executed by the processor (FIG 3A and 3B 307 and associated text), cause the user device to: read the first key from the NFC tag (179] In various embodiments, smart cards disclosed herein may be configured to provide for trusted off network transactions using PAN and/or LAN. That is, as shown in FIG. 7, in certain situations, a smart card 712E may be used to perform a transaction with external devices 712A-D (e.g., other smart cards 712, mobile devices, etc.) where there is no wide area or internet connectivity over network 720 (e.g., off-network transactions)…. For example, using the protocols described herein a PAN or p2p trusted mesh network 710 may be used. In some embodiments, network 710 may be utilize BLE, NFC, or other PAN communication protocols for off network communications, for example, based on a close proximity of the devices. In some embodiments, identification and authentication protocols may depend on the tamper resistant secure element design of the smart card according to the various embodiments herein, which can store local data immutably including encryption parameters (e.g., private keys), certificates, data and or smart contracts. Accordingly, embodiments described herein may provide for a distributed off network trust mesh network whereby trusted devices and/or members are able to provide trusted data transactions to other members (smart cards/clients) ); and perform a first key derivation function or a first hashing algorithm based on the first key to generate a private key ([0091] In various embodiments, the chip may be a secure and tamper resistant chip based on (i) use of physical unclonable functions or other random number generator methods to create private keys that are not known externally, and using the private keys to encrypt the data therein; (ii) capacitive and inductive filtering of power and clock signals so that noise from processing on the chip would not be easily detected by external sources ); wherein the private key is used to complete an operation that the user has intended to perform (183] In some embodiments, a solution can involve creating a public-private key pair (for example, a public key “C” and a private key “c”) (e.g., by the cryptographic block 370) and store the private key on each smart card, in a secure location of the memory (e.g., memory 307) that is not visible to users. The smart card can then sign messages with the private key(c) (e.g., at the cryptographic block 370), and any receiving party that knows the public key (C) can verify the signature was produced by an authentic card (e.g., using the device authentication block 390).). LAW does not exclusively but Vogel teaches, perform a first key derivation function or a first hashing algorithm based on the first key and the first passcode from the user to generate a private key ([0157] FIG. 13 illustrates an example workflow 1300 for generating a master key and an encrypted seed phrase. A random number generator creates a random number and a user generates a passphrase that is used as a salt to a derivation function. The user-generated passphrase increases the randomness of generating seed phrases, which are used to generate the master key. A seed phrase is generated using both the random number and the passphrase. A derivation function then generates a master private key.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify LAW’s system with teaching of Vogel in order to provide secure storage and retrieval of various types of data (Vogel [0002]). With regards to claim 2, LAW further discloses, wherein the operation includes a transaction and the first private key is financial information to complete the transaction(183] In some embodiments, a solution can involve creating a public-private key pair (for example, a public key “C” and a private key “c”) (e.g., by the cryptographic block 370) and store the private key on each smart card, in a secure location of the memory (e.g., memory 307) that is not visible to users. The smart card can then sign messages with the private key(c) (e.g., at the cryptographic block 370), and any receiving party that knows the public key (C) can verify the signature was produced by an authentic card (e.g., using the device authentication block 390).[0037];[0179]). With regards to claim 3, LAW further discloses, wherein the operation includes a log in to a user’s blockchain account and the first private key is paired with a public key for the user to access the user’s blockchain account, or approve a blockchain based token or data transaction([0059] In some embodiments, cryptographic functionality may include utilizing one or more crypto-keys (e.g., sometimes referred to herein as private/public keys and encryption parameters) to secure data contained in the smart card. For example, smart cards disclosed herein may use physical unclonable functions (PUFs), unclonable certificates, and/or unclonable signatures on, for example, the SoC as keys to encrypt memory and/or data where private keys or other sensitive information may be stored. Such private keys may include, for example, private keys for system level encryption of communications over wireless communication protocols. Public keys for such encryption or crypto functions may then be generated (e.g., on the smart card or SoC) and used to establish encrypted and authenticated communications with external terminals or systems. Exemplary external terminals and systems may include, but are not limited to nodes on a distributed ledger technology (DLT) system (e.g., such block chain based systems) as described below, AES encrypted systems that required private/public key management etc. If the chip is tampered with the PUFs may be altered such that the intruder is unable to decrypt the private keys and unable to access sensitive data. Further details regarding the cryptographic functionality are provided below.). With regards to claim 4, LAW further discloses, wherein the private key is a part of a plurality of private keys used for a shamir secret sharing algorithm, multi-signature transaction, or multi-party computation ([0207] In some embodiments, multiple signatures at one or more smart cards within the card certificate chain may be used to provide further security. For example, a plurality of smart cards at the same level of the certificate chain may digitally sign certificates for including in each smart card at the next level in the security chain. That is, in some embodiments, a plurality of CAA smart cards may each digitally sign a corresponding certificate stored with a single CA. Similarly, a plurality of Root CAs may digitally sign corresponding certificates stored with a single CAA. Each upper level smart card may provide its signed certificate to the lower level smart card at different or at approximately the same time.). With regards to claim 5, LAW further discloses, wherein the first key is stored in the NFC tag with a password protection([0027] The combination of various forms of identity verification provides a multi-factor authentication resulting in high security and reduction of fraud for applications above. For example, biometric verification may be combined with one or more pass-phrases (e.g., a pin, pass word and/or phrases, or unique keystroke) and physical presence of the card may provide three-factor authentication (3FA). Other multi-factor verifications are possible, for example, 2FA where biometric verification can be combined with one of the pass-phrases or the presence of the card. Additionally, such cards may be used with a mobile device or other external device (e.g., PC, tablet, smart watch, another smart card in accordance with the present disclosure, etc.) to provide additional authentication by sending verification messages through email, MMS, RCS, etc. to the devices or accounts that only a user of the device and card can access.[0179],[0187],[0309]). With regards to claim 6, LAW further discloses, wherein the private key is removed from the user device after a predetermined period ([0305] Second, while the above described transaction protocol can prevent duplicate payments from other secure elements, an alternative method may be implemented to recognize duplicate payments from parties not hosted by a secure element. For example, in some embodiments, the secure element can generate a new random public/private key pair for conducting each transaction (e.g., receiving a new payment), add the transaction to a pending list, and then remove it from the pending list when the transaction is completed (e.g., received).[0202];). With regards to claim 7, 16, LAW in view of Vogel teaches, wherein the user device transmits the first private key to an external NFC tag (Vogel FIG 13 Encrypt seed with Master key(private key) sent to store in Secure element ) and removes the first private key (Vogel FIG 13 SOC destroy master key ). Motivation would be same as stated in claim 11. With regards to claim 8, 17, LAW in view of Vogel and Yasmin Teaches, wherein the first private key is encrypted before the first private key is transmitted to the external NFC tag (Vogel FIG 13 Encrypt seed with Master key(private key) sent to store in Secure element). Motivation would be same as stated in claim 11. With regards to claim 9, 18 LAW further discloses, wherein the external NFC tag is used to complete the operation ([0241]; For example, the smart cards can input and output such data, transactions, ledgers and/or smart contracts (sometimes referred to herein as transaction record information) to a central database system 740, 745 and/or a DLT system 730 when wide area connectivity via network 720 is available. The smart cards and/or external devices configured in accordance with the present disclosure may settle the local transactions that were stored on the devices 712 in response to the connectivity. Once data, transactions, etc. are input to the smart cards that can support connecting to other smart cards 712D or clients on phones 712A or other devices via PAN/WAN 710 for a meshed off internet transaction which are later settled with the DLT 730 and/or central database 745 backend system 740 providing input/output data/transactions to our card/client based off network mesh services. ). With regards to claim 11, 20 LAW discloses, A key generation system comprising: a near field communication (NFC) tag configured to store a first key ([0057-60]; In various embodiments, the smart card 110 may include an integrated system-on-a-chip (SoC) within the housing. The SoC may be configured to perform one or more, a combination, or all of the above identified features (as will be described in more detail below in connection to FIG. 3)…. The SoC may also be configured to perform wireless communication functions via the communication circuitry; all digital processing functions for management and operation of the wireless communication; NFC RF interfaces and functions to interface with an NFC antenna and coil: and all digital processing function for NFC functions; [0187] Referring to FIG. 8, at block 805, the smart card may generate or be issued a private key (c). In some embodiments, c may be generated by a random key generation algorithm executed either by the smart card or by an external device and issued to the smart card during manufacture. The private key c is then saved in the memory of the smart card in a location that cannot be observed without great effort and expense by users (e.g., registered and unregistered users).); and a user device (FIG 3A and 3B and associated text; )comprising: an input device configured to receive a first passcode from a user ([0060] In some embodiments, indications may be derived from user input via pins, pass phrases, and/or unique keystrokes and biometric verification which may be used for multi-factor authentication. Thus, the smart card 110 may be configured to individually activate (e.g., supply power thereto) and deactivate the various components (e.g., biometric sensor, authentication, EMV, BLE, RFID, etc.) to provide additional verification of the presence of the smart card 110 based on completion of the verification. In some embodiments, alone or in combination, an image of the authorized user may be stored in a memory, and access to the image may be granted only if the card is activated through the multi-factor authentication)); a display screen configured to display information (FIG 3A/3B 310 and associated text; ); a processor (FIG 3A/3B 365 and associated text;); and a memory including instructions stored thereon that, when executed by the processor, cause the user device (FIG 3A/3B 307 and associated text;) to: read a first key from a near field communication (NFC) tag([0179] In various embodiments, smart cards disclosed herein may be configured to provide for trusted off network transactions using PAN and/or LAN. That is, as shown in FIG. 7, in certain situations, a smart card 712E may be used to perform a transaction with external devices 712A-D (e.g., other smart cards 712, mobile devices, etc.) where there is no wide area or internet connectivity over network 720 (e.g., off-network transactions)…. For example, using the protocols described herein a PAN or p2p trusted mesh network 710 may be used. In some embodiments, network 710 may be utilize BLE, NFC, or other PAN communication protocols for off network communications, for example, based on a close proximity of the devices. In some embodiments, identification and authentication protocols may depend on the tamper resistant secure element design of the smart card according to the various embodiments herein, which can store local data immutably including encryption parameters (e.g., private keys), certificates, data and or smart contracts. Accordingly, embodiments described herein may provide for a distributed off network trust mesh network whereby trusted devices and/or members are able to provide trusted data transactions to other members (smart cards/clients)); perform a first key derivation function or a first hashing algorithm based on the first key to generate a first private key([0091] In various embodiments, the chip may be a secure and tamper resistant chip based on (i) use of physical unclonable functions or other random number generator methods to create private keys that are not known externally, and using the private keys to encrypt the data therein; (ii) capacitive and inductive filtering of power and clock signals so that noise from processing on the chip would not be easily detected by external sources ); receive a combination of an order of and a number of entries of one or more user-selected passcodes and a motion of bringing the NFC tag in proximity to the user device ([0051] In some embodiments, the smart card 110 may also include one or more accelerometers or inertial sensors (not shown) embedded in the housing of the smart card 110. Such sensors may be configured to detect and determine movement of the smart card 110. For example, the sensors may be able to detect a rate of change in acceleration and/or direction. In some embodiments, the sensors may be one or more (or a combination thereof) of a single axis, two-axis, and/or three-axis inertial sensor. In some embodiments, these sensors may be configured to detect motion; such smart card 110 may be used for performing transactions based on motion, for example, through tapping or waiving of the smart card 110.) generate a private key based on combinations of an order of and a number of entries of the one or more user-selected passcodes and the motion ([0052-60]; [0060] In some embodiments, indications may be derived from user input via pins, pass phrases, and/or unique keystrokes and biometric verification which may be used for multi-factor authentication. Thus, the smart card 110 may be configured to individually activate (e.g., supply power thereto) and deactivate the various components (e.g., biometric sensor, authentication, EMV, BLE, RFID, etc.) to provide additional verification of the presence of the smart card 110 based on completion of the verification. In some embodiments, alone or in combination, an image of the authorized user may be stored in a memory, and access to the image may be granted only if the card is activated through the multi-factor authentication.) wherein each of the plurality of second private keys is to complete a respective operation that the user has intended to perform (183] In some embodiments, a solution can involve creating a public-private key pair (for example, a public key “C” and a private key “c”) (e.g., by the cryptographic block 370) and store the private key on each smart card, in a secure location of the memory (e.g., memory 307) that is not visible to users. The smart card can then sign messages with the private key(c) (e.g., at the cryptographic block 370), and any receiving party that knows the public key (C) can verify the signature was produced by an authentic card (e.g., using the device authentication block 390).). LAW does not exclusively but Vogel teaches, perform a first key derivation function or a first hashing algorithm based on the first key and the first passcode from the user to generate a private key ([0157] FIG. 13 illustrates an example workflow 1300 for generating a master key and an encrypted seed phrase. A random number generator creates a random number and a user generates a passphrase that is used as a salt to a derivation function. The user-generated passphrase increases the randomness of generating seed phrases, which are used to generate the master key. A seed phrase is generated using both the random number and the passphrase. A derivation function then generates a master private key.) receive a combination of an order of and a number of entries of one or more user-selected passcodes and a motion of bringing the NFC tag in proximity to the user device (Vogel [0031]; In some implementations, display and touch panel 202 is a touchscreen display that allows a user to enter data, interact with a graphical user interface, set up their digital identity and enter passwords, create private keys, register with a digital identity and asset management service, manage their virtual assets, sign transactions, and the like. [0028] In some embodiments, hardware wallet 102 communicates with computing system 104 via a wired connection and/or a Bluetooth Low Energy (“BLE”), Near Field Communication (“NFC”) or other wireless connection. In some embodiments, hardware wallet 102 communicates with carbon key 106 via a physical connection between electrical contacts on each component and/or a Bluetooth low energy, NFC or other wireless connection); and generate a plurality of second private keys based on combinations of an order of and a number of entries of the one or more user-selected passcodes and the motion (Vogel [0157] FIG. 13 illustrates an example workflow 1300 for generating a master key and an encrypted seed phrase. A random number generator creates a random number and a user generates a passphrase that is used as a salt to a derivation function. The user-generated passphrase increases the randomness of generating seed phrases, which are used to generate the master key. A seed phrase is generated using both the random number and the passphrase. A derivation function then generates a master private key. That master private key is broken into four sub-keys using Shamir's algorithm (discussed herein). In some embodiments, one or more of the sub-keys may be stored on secure element 210 and/or carbon key 106. For example, the device, fingerprint, and PIN private keys may be stored on secure element 210. And, the carbon key, fingerprint, and PIN private keys may be stored on carbon key 106.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify LAW’s system with teaching of Vogel in order to provide secure storage and retrieval of various types of data (Vogel [0002]). With regards to claim 12, LAW further discloses, wherein the motion is a tapping of the NFC tag to the user device or scanning of the NFC tag by the user device ([0051] In some embodiments, the smart card 110 may also include one or more accelerometers or inertial sensors (not shown) embedded in the housing of the smart card 110. Such sensors may be configured to detect and determine movement of the smart card 110. For example, the sensors may be able to detect a rate of change in acceleration and/or direction. In some embodiments, the sensors may be one or more (or a combination thereof) of a single axis, two-axis, and/or three-axis inertial sensor. In some embodiments, these sensors may be configured to detect motion; such smart card 110 may be used for performing transactions based on motion, for example, through tapping or waiving of the smart card 110). With regards to claim 14, LAW further discloses, wherein, when one user-selected passcode or the motion is needed for consecutive entries, the display displays information to request an entry of a numeral input from the user via the input device, thereby not requiring multiple entries of the one user-selected passcode or the motion(this should also include the motion of the user device/NFC) ([0051]; For example, the accelerometers can be used to detect how a user is holding the smart card. As such the whole card can act as a joystick allowing the user to move a selection indicator on the display and then use the button to make a selection. Such movement can be detected by the accelerometer as changes to the gravity and used to indicate which direction on the visual menu the users is choosing to move a selection indicator. In some embodiments, once the desired selection is reached the user may level the card and press a selection button. Thus, for example, accelerometers and/or inertial sensors may be another input method. Other functions are possible. ). With regards to claim 15, LAW further discloses, wherein, when a completion button, actual or displayed, in the user device is pushed, the combination is complete and a second private key corresponding to the combination is generated ([0059] In some embodiments, cryptographic functionality may include utilizing one or more crypto-keys (e.g., sometimes referred to herein as private/public keys and encryption parameters) to secure data contained in the smart card. For example, smart cards disclosed herein may use physical unclonable functions (PUFs), unclonable certificates, and/or unclonable signatures on, for example, the SoC as keys to encrypt memory and/or data where private keys or other sensitive information may be stored. Such private keys may include, for example, private keys for system level encryption of communications over wireless communication protocols.). Allowable Subject Matter Claim 10, 13, 19 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987. The examiner can normally be reached 8.30 to 430 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 1-571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498
Read full office action

Prosecution Timeline

Jan 26, 2024
Application Filed
Aug 07, 2025
Non-Final Rejection — §103, §112
Oct 24, 2025
Interview Requested
Nov 06, 2025
Examiner Interview Summary
Nov 26, 2025
Response Filed
Nov 26, 2025
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12602517
SYSTEMS AND METHODS FOR AUTOMATIC REDACTION OF SENSITIVE INFORMATION FROM VIDEO STREAMS
2y 5m to grant Granted Apr 14, 2026
Patent 12602491
METHOD AND SYSTEM FOR USING SECURE REMOTE DIRECT MEMORY ACCESS (RDMA) SYSTEM
2y 5m to grant Granted Apr 14, 2026
Patent 12598063
IMPROVED CLOCK SECURITY FOR STATISTICAL OBJECT GENERATION
2y 5m to grant Granted Apr 07, 2026
Patent 12592835
METHOD AND APPARATUS FOR GENERATING, PROVIDING AND DISTRIBUTING A TRUSTED ELECTRONIC RECORD OR CERTIFICATE BASED ON AN ELECTRONIC DOCUMENT RELATING TO A USER
2y 5m to grant Granted Mar 31, 2026
Patent 12587538
TECHNIQUES FOR ACCESS CERTIFICATION REVIEWER SELECTION
2y 5m to grant Granted Mar 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
86%
Grant Probability
97%
With Interview (+10.6%)
2y 7m
Median Time to Grant
Low
PTA Risk
Based on 721 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month