Prosecution Insights
Last updated: July 17, 2026
Application No. 18/449,277

TECHNIQUES FOR SECRET SYNCHRONIZATION AND MANAGEMENT ACROSS MULTIPLE CLUSTERS

Final Rejection §102§103§112
Filed
Aug 14, 2023
Examiner
CATTUNGAL, DEREENA T
Art Unit
2431
Tech Center
2400 — Computer Networks
Assignee
Ally Financial Inc.
OA Round
2 (Final)
80%
Grant Probability
Favorable
3-4
OA Rounds
0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 80% — above average
80%
Career Allowance Rate
224 granted / 279 resolved
+22.3% vs TC avg
Strong +30% interview lift
Without
With
+29.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
23 currently pending
Career history
303
Total Applications
across all art units

Statute-Specific Performance

§101
1.8%
-38.2% vs TC avg
§103
85.4%
+45.4% vs TC avg
§102
6.3%
-33.7% vs TC avg
§112
4.3%
-35.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 279 resolved cases

Office Action

§102 §103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status 1.The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments 2. Applicant's arguments filed 02/04/2026 with respect to claim 1 have been fully considered but they are not persuasive. 3. Applicant states that Rodriguez discloses key sharing between worker nodes within one cluster, but do not disclose the transmission of a key to a plurality of clusters. 4. Examiner would like to point out that Rodriguez in Fig. 1 and Para:0026 teaches server 104 and server 106 may be, for example, worker nodes within cluster 110 of open source container orchestration framework 112. Also, it should be noted that server 104 and server 106 may each represent clusters of computing nodes in one or more cloud environments. Alternatively, server 104 and server 106 may each represent clusters of servers in one or more data centers. Furthermore, 112 is a container with multiple clusters, and 110 is shown as teaching one of the many cluster. As such, Figs 1,7 and Para:0036 teaches the set of processors, using the key orchestration agent of the worker nodes, generates a data encryption key and sharing the data encryption key between worker nodes in one or more clusters. Claim Rejections - 35 USC § 112 5. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 6. Claims 2-4, 10-12 and 18-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. 7. Claims 2,10 and 18 recites the limitation: “receiving, via a second user input, an indication of a selection of the first environment from a plurality of environments, wherein encrypting the user input is based at least in part on the selection of the first environment”. It’s not clear what is meant by the term “environment” herein. Examiner suggested amending the limitation to recite “software environment”, for better clarity. Also, it is not clear what is meant by, “receiving, via a second user input”. Especially it is not clear, whether “a second user input” is the input received from the same user as mentioned in claim 1 or from a different user. Appropriate clarification is required. 8. Claims 3, 11 and 19 recites the limitation: “receiving, from the device associated with the operations cluster, the second user input comprising of the first environment based at least in part on the list of environments included in the plurality of environments”. It’s not clear what is meant by the term “environment” herein. Examiner suggested amending the limitation to recite “software environment”, for better clarity. Also, it is not clear what is meant by, “the second user input”. Especially it is not clear, whether “a second user input” is the input received from the same user as mentioned in claim 1 or from a different user. . Appropriate clarification is required. 9. Claim 20 recites the limitation: “determine that the encryption key is associated with the first environment based at least in part on the receiving the indication of the selection of the first environment; and retrieve the encryption key based at least in part on the encryption key being associated with the first environment, wherein encrypting the user input is further based at least in part on retrieving the encryption key”. It’s not clear what is meant by the term “environment” herein. Examiner suggested amending the limitation to recite “software environment”, for better clarity. Claim Rejections - 35 USC § 102 10. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. 11.Claim(s) 1,5-6, 8-9, 13-14 and 16-17 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Rodriguez (US Pub.No.2020/0403784). 12. Regarding claims 1, 9 and 17 Rodriguez teaches a method, a non-transitory computer-readable medium and an apparatus comprising: detecting, by a first application executed on a plurality of clusters associated with a first environment, a generation of an encryption key on a primary cluster of the plurality of clusters; transmitting the encryption key to each cluster of the plurality of clusters in response to detecting the generation of the encryption key on the primary cluster; and encrypting, by a second application executed on an operations cluster of the plurality of clusters, a user input based at least in part on the encryption key and the first environment (Figs.1, 7 shows a process for sharing a data encryption key between worker nodes in a clustes.Para:0026, Para:0036 teaches a key orchestration agent 218 further controls the process of coordinating distribution of data encryption key 220 with a set of one or more other data processing systems (i.e., set of other worker nodes within the cluster). Key orchestration agent 218 performs a remote attestation process to ensure that each worker node in the set of other worker nodes is an authenticated, trusted worker node before sharing data encryption key 220 with a respective worker node in the cluster. Para:0007 teaches a set of processors generates a worker node with a key orchestration agent in a cluster of an open source container orchestration framework. The set of processors, using the key orchestration agent of the worker node, generates a data encryption key. The set of processors, using the key orchestration agent, retrieves a sealing key of the first key orchestration agent from a secure enclave of the worker node. The set of processors, using the sealing key of the first key orchestration agent, seals the data encryption key. Further, the set of processors determines whether a container has been created in the worker node. In response to the set of processors determining that a container has been created in the worker node, the set of processors, using the first key orchestration agent, performs local attestation with the container to establish authenticity of the container. Then, the set of processors determines whether the container is trusted based on the local attestation. In response to the set of processors determining that the container is untrusted based on the local attestation, the set of processors denies access to the data encryption key by the container. In response to the set of processors determining that the container is trusted based on the local attestation, the set of processors, using the key orchestration agent, shares the data encryption key with the container, encrypts, using the data encryption key shared with the container, data corresponding to a workload of the container, and stores an identifier of the worker node and the data encryption key sealed with a unique sealing key of the container in a shared database. Para:0008 and Para:0053 teaches enable different containers running a distributed application on different worker nodes within the cluster to share sensitive application data between the different containers by using the data encryption key that is sealed with a unique sealing key. Para:0049 teaches when having a cluster with “n” number of worker nodes in an open source container orchestration framework, enable every worker node in the cluster to access sensitive application data inside a secure enclave by encrypting and decrypting the sensitive application data using a data encryption key. Illustrative embodiments share the data encryption key among trusted (i.e., attested) worker nodes. Each worker node protects its data encryption key by encrypting the data encryption key with a sealing key, which is unique to a secure enclave on a given worker node). 13. Regarding claims 5 and 13 Rodriguez teaches the method and the non-transitory computer-readable medium, further comprising: receiving, from a device associated with the operations cluster, the user input, wherein encrypting the user input is further based at least in part on receiving the user input; and providing the encrypted user input to the device (Para:0007 teaches a set of processors generates a worker node with a key orchestration agent in a cluster of an open source container orchestration framework. The set of processors, using the key orchestration agent of the worker node, generates a data encryption key. The set of processors, using the key orchestration agent, retrieves a sealing key of the first key orchestration agent from a secure enclave of the worker node. The set of processors, using the sealing key of the first key orchestration agent, seals the data encryption key. Further, the set of processors determines whether a container has been created in the worker node. In response to the set of processors determining that a container has been created in the worker node, the set of processors, using the first key orchestration agent, performs local attestation with the container to establish authenticity of the container. Then, the set of processors determines whether the container is trusted based on the local attestation. In response to the set of processors determining that the container is untrusted based on the local attestation, the set of processors denies access to the data encryption key by the container. In response to the set of processors determining that the container is trusted based on the local attestation, the set of processors, using the key orchestration agent, shares the data encryption key with the container, encrypts, using the data encryption key shared with the container, data corresponding to a workload of the container, and stores an identifier of the worker node and the data encryption key sealed with a unique sealing key of the container in a shared database. Para:0008 and Para:0053 teaches enable different containers running a distributed application on different worker nodes within the cluster to share sensitive application data between the different containers by using the data encryption key that is sealed with a unique sealing key. Para:0049 teaches when having a cluster with “n” number of worker nodes in an open source container orchestration framework, enable every worker node in the cluster to access sensitive application data inside a secure enclave by encrypting and decrypting the sensitive application data using a data encryption key. Illustrative embodiments share the data encryption key among trusted (i.e., attested) worker nodes. Each worker node protects its data encryption key by encrypting the data encryption key with a sealing key, which is unique to a secure enclave on a given worker node). 14. Regarding claims 6 and 14 Rodriguez teaches the method and the non-transitory computer-readable medium, further comprising: executing a third application on a cluster of the plurality of clusters using the encrypted user input, wherein the encrypted user input comprises a key-value pair associated with the third application (Para:0034-0037 teaches user input/user data comprises a key-value pair associated with the application). 15. Regarding claims 8 and 16 Rodriguez teaches the method and the non-transitory computer-readable medium, further comprising: detecting, by a third application executed on a plurality of second clusters associated with a second environment, a generation of a second encryption key on a primary second cluster of the plurality of second clusters; transmitting the second encryption key to each second cluster of the plurality of second clusters in response to detecting the generation of the second encryption key on the primary second cluster; and encrypting, by the second application executed on the operations cluster, a second user input based at least in part on the second encryption key and the second environment (Fig.7 shows a process for sharing a data encryption key between worker nodes in a cluster.Para:0036 teaches a key orchestration agent 218 further controls the process of coordinating distribution of data encryption key 220 with a set of one or more other data processing systems (i.e., set of other worker nodes within the cluster). Key orchestration agent 218 performs a remote attestation process to ensure that each worker node in the set of other worker nodes is an authenticated, trusted worker node before sharing data encryption key 220 with a respective worker node in the cluster. Para:0007 teaches a set of processors generates a worker node with a key orchestration agent in a cluster of an open source container orchestration framework. The set of processors, using the key orchestration agent of the worker node, generates a data encryption key. The set of processors, using the key orchestration agent, retrieves a sealing key of the first key orchestration agent from a secure enclave of the worker node. The set of processors, using the sealing key of the first key orchestration agent, seals the data encryption key. Further, the set of processors determines whether a container has been created in the worker node. In response to the set of processors determining that a container has been created in the worker node, the set of processors, using the first key orchestration agent, performs local attestation with the container to establish authenticity of the container. Then, the set of processors determines whether the container is trusted based on the local attestation. In response to the set of processors determining that the container is untrusted based on the local attestation, the set of processors denies access to the data encryption key by the container. In response to the set of processors determining that the container is trusted based on the local attestation, the set of processors, using the key orchestration agent, shares the data encryption key with the container, encrypts, using the data encryption key shared with the container, data corresponding to a workload of the container, and stores an identifier of the worker node and the data encryption key sealed with a unique sealing key of the container in a shared database. Para:0008 and Para:0053 teaches enable different containers running a distributed application on different worker nodes within the cluster to share sensitive application data between the different containers by using the data encryption key that is sealed with a unique sealing key. Para:0049 teaches when having a cluster with “n” number of worker nodes in an open source container orchestration framework, enable every worker node in the cluster to access sensitive application data inside a secure enclave by encrypting and decrypting the sensitive application data using a data encryption key. Illustrative embodiments share the data encryption key among trusted (i.e., attested) worker nodes. Each worker node protects its data encryption key by encrypting the data encryption key with a sealing key, which is unique to a secure enclave on a given worker node). Claim Rejections - 35 USC § 103 16.The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 17. Claim(s) 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Rodriguez (US Pub.No.2020/0403784) in view of Schwarz (US Pub.No.2018/0367528) 18. Regarding claims 7 and 15 Rodriguez teaches the method and the non-transitory computer-readable medium, further comprising: detecting, by the first application, a generation of one or more authentication credentials, wherein the generation is detected on at least one cluster of the plurality of clusters; generating, by the first application, one or more access credentials based at least in part on the one or more authentication credentials; and transmitting the one or more access credentials to the operations cluster based at least in part on generating the one or more access credentials (Para:0027-0028 and Fig.4 and Para:0064-0068); but fails to teach a generation of one or more authentication credentials for a namespace. Schwarz teaches generation of one or more authentication credentials for a namespace (Para:0088-0089). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Rodriguez to include generation of one or more authentication credentials for a namespace as taught by Schwarz such a setup would give a predictable result of creating authentication credential with namespace and grant access to specific resources. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506. The examiner can normally be reached Mon-Fri : 7:30 AM-5 PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached at 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /DEREENA T CATTUNGAL/Primary Examiner, Art Unit 2431
Read full office action

Prosecution Timeline

Aug 14, 2023
Application Filed
Nov 05, 2025
Non-Final Rejection mailed — §102, §103, §112
Feb 04, 2026
Response Filed
Jun 03, 2026
Final Rejection mailed — §102, §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683804
Hardened Encoded Message Check for RSA Signature Verification
2y 9m to grant Granted Jul 14, 2026
Patent 12664251
STATEMENT PROOF AND VERIFICATION
1y 8m to grant Granted Jun 23, 2026
Patent 12652180
METHOD, APPARATUS, DEVICE, AND STORAGE MEDIUM FOR DATA PROCESSING
1y 7m to grant Granted Jun 09, 2026
Patent 12645819
MANAGEMENT OF MULTIPLE DIGITAL IDENTITIES USING A CENTRALIZED DISTRIBUTED LEDGER
2y 5m to grant Granted Jun 02, 2026
Patent 12632608
INTEGRATED CIRCUIT DEVICE WITH PROTECTION AGAINST MALICIOUS ATTACKS
3y 4m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
80%
Grant Probability
99%
With Interview (+29.7%)
2y 9m (~0m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 279 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month