Prosecution Insights
Last updated: May 04, 2026
Application No. 18/489,585

Reusing Resumption Secrets Obtained from Post-Quantum Ciphers

Final Rejection §103
Filed
Oct 18, 2023
Examiner
ULLAH, SHARIF E
Art Unit
2495
Tech Center
2400 — Computer Networks
Assignee
Google LLC
OA Round
2 (Final)
84%
Grant Probability
Favorable
3-4
OA Rounds
0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 84% — above average
84%
Career Allowance Rate
382 granted / 453 resolved
+26.3% vs TC avg
Strong +22% interview lift
Without
With
+22.3%
Interview Lift
resolved cases with interview
Typical timeline
2y 6m
Avg Prosecution
21 currently pending
Career history
474
Total Applications
across all art units

Statute-Specific Performance

§101
14.6%
-25.4% vs TC avg
§103
57.6%
+17.6% vs TC avg
§102
5.9%
-34.1% vs TC avg
§112
13.2%
-26.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 453 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed have been fully considered but they are not persuasive. The applicant argues that the prior art on record does not teach/suggest all of the limitations of the independent claim(s). Specifically, the applicant argues that nix does not decrypt a resumption message to obtain a resumption secret. The applicant understands Nix to as a database lookup approach, which is fundamentally different from decrypting a message to obtain a secret. Additionally, the applicant argues that the prior art does not disclose wherein the resumption secret is based on at least a portion of a shared secret that was obtained using a post-quantum cipher. The applicant mentions that Nix’s inclusion of a PSK-ID is an identifier that corresponds to or identifies the PSK, but is not based on at least portion of the shared secret. The applicant also argues that a hash corresponds to the PSK in Nix, but does not contain a portion of it; the PSK-ID is generated by a hashing mechanism, not by the post-quantum cipher itself, therefore the resumption secret is not based on a portion of a shared secret obtained using post quantum cipher. However, the Examiner respectfully disagrees. As currently presented, the claim language mentions “decrypting, by the first computing system, the resumption message to obtain a resumption secret”. The claim does not definitively mention that the resumption secret must be directly embedded within the encrypted payload of the message; the decryption alone mush produce the resumption secret; there cannot be any intermediary steps (lookup) between decryption and obtaining the secret; and that the secret must be the plaintext output of the decryption. Nix does perform decryption in the session resumption process. The applicant’s fails to mention that in Nix, the PSK-ID is encrypted with the symmetric ciphering key. A sent resumption message includes the PSK-ID and a MAC value. Server must process, and decrypt this message to extract the PSK-ID, which enables obtaining the PSK (resumption secret). Additionally, the hash function uses the PSK input and provides PSK-ID as output. This output is based on the PSK (including a portion of it ). As currently presented, the claim language does not explicitly or definitively mention contains a portion of or includes a copy of a portion of the shared secret. Rather, it mentions “based on” a portion of the shared secret, which as mentioned above is disclosed in Nix. Additionally, as currently mentioned, the claim language does not explicitly mention that the resumption secret must be generated by the post quantum cipher. The claim language mentions that the resumption secret is based on at least a portion of a shared secret that was obtained using a post quantum cipher. The shared secret disclosed in Nix was obtained using post quantum cipher (KEM), and the resumption secret (PSK-ID) is based on that shared secret. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 11, & 17-18 are rejected under 35 U.S.C 103 as being unpatentable over Nix (US 2023/0308424), hereon referred to as Nix. In regards to claims 1, 11 & 17, Nix discloses receiving, by a first computing system, a resumption message from a second computing system (To securely resume a first session between device and a network. Device can generate a message for server, where the message could comprise a second "Client Hello 2" message..... the message from device to server can comprise the identity of the PSK, which is PSK-IO 231-1 stored, the device extensions selected, the second random number random, and the tag value. The message can also include the fifth symmetric ciphertext symm. The inclusion of the tag value increases security compared to conventional technology, since server can verify the tag value before deciding how to respond to the message... Server can receive the message as second "Client Hello" in order to conduct a resumed session; Paragraphs 0206; 0215-0220; Figs.1-3); decrypting, by the first computing system, the resumption message to obtain a resumption secret, wherein the resumption secret is based on at least a portion of a shared secret that was obtained using a post-quantum cipher during a prior handshake sequence between the first computing system and the second computing system (where device and server support zero round trip time resumption (0-RTT), server can decrypt the fifth symmetric ciphertext symm-C5 . For these embodiments, server can use the third symmetric ciphering key S3 252b generated by server to decrypt the fifth symmetric ciphertext symm-C5 from message into a plaintext value for device application data.... server can use the received PSK-IO 231-1 from the message to securely query the network database for the corresponding PSK... the fifth symmetric ciphertext symm-C5 can include a second device ephemeral public key ePK-2.device and associated KEM parameters for the second device ephemeral public key. An updated or new device ephemeral public key ePK-2.device in a system may be preferred for forward secrecy, such that a third shared secret key could be generated using the second device ephemeral public key ePK-2.device; The PSK would be considered "pre-shared" before a second "Client Hello 2" message in (i) a secure session resumption or (ii) a secure session resumption; Paragraphs 0187; 0215-0225; Figs.1-3); encrypting, by the first computing system, one or more messages using a session key based on the resumption secret (Server could process the "Client Finished" message and then both device and server could transmit and receive in messages encrypted and authenticated application data. The encrypted and authenticated application data can be generated using at least the PSK; Paragraphs 0235; 0275; Figs.1-3); and sending, by the first computing system, the encrypted one or more messages to the second computing system (Server could process the "Client Finished" message and then both device and server could transmit and receive in messages encrypted and authenticated application data. The encrypted and authenticated application data can be generated using at least the PSK; Paragraphs 0235; 0275 Figs. 1-3). Any interpretations of differences between the claim(s) and the prior art are only minor in nature, design elements and could not establish novelty or an inventive step. It would be obvious to an ordinary skill in the art, that before the filing date of the invention, any minor differences of the claim are still functionally addressed in the prior art, which discloses the same object matter and same type of solution as the instant application, as currently presented. In regards to claims 2 & 18, Nix discloses wherein encrypting, by the first computing system, the one or more messages based on the resumption secret comprises: obtaining, by the first computing system, a primary secret from the resumption secret; and encrypting, by the first computing system, the one or more messages using a session key obtained using the primary secret ( a first secure session established using the messages “Client Hello 1” 202 through “Server Finished 1” 233 could be used to establish a PSK shared between device 101 and server 111, where the PSK can be used to secure resumption or continuation of the first secure session; exemplary steps for the nodes and exemplary message flows between the nodes after a first session; device 101 could read the identity of a “pre-shared” secret key PSK-ID 231-1 stored in memory 101m of device 101 during the first session; Paragraphs 0187; 0204-2012). Claims 3-5, 9-10, 12-13 & 19-20 are rejected under 35 U.S.C 103 as being unpatentable over Nix, in view of MIROSLAV MITEV ET AL: "Multi-factor Physical Layer Security Authentication in Short Blocklength Communication", ARXIV.ORG, CORNELL UNIVERSITY LIBRARY, 201 OLIN LIBRARY CORNELL UNIVERSITY ITHACA, NY 14853, 24 February 2021 (2021-02-24), and hereon referred to as Mitev [Provided by Examiner]. In regards to claims 3 & 19, Nix does not disclose wherein obtaining, by the first computing system, the primary secret comprises: hashing, by the first computing system, the resumption secret; and extracting, by the first computing system, a portion of the hashed output as the primary secret. However, in an analogous art Mitev discloses wherein obtaining, by the first computing system, the primary secret comprises: hashing, by the first computing system, the resumption secret; and extracting, by the first computing system, a portion of the hashed output as the primary secret (During the process of connecting the node with the server, the resumption protocol includes hashing, extracting elements as part of the primary secret; Pg.7-11 Fig.9-11). At the time before the effective filing date of the invention, it would have been obvious to the one with ordinary skill in the art to combine the teachings disclosed by Nix, with the teachings disclosed by Mitev regarding hashing, by the first computing system, the resumption secret; and extracting, by the first computing system, a portion of the hashed output as the primary secret. The suggestion/motivation of the combination would have been to provide lightweight, security primitives and protocols for device authentication; (Mitev; Pg.1). In regards to claims 4 & 12, Mitev discloses wherein the shared secret was obtained by hashing a first value together with a second value, wherein the first value was obtained using the post-quantum cipher (During the process of connecting the node with the server, the shared secret includes hashing post-quantum values; Pg.7-11 Fig.9-11). In regards to claims 5 & 13, Mitev discloses wherein the second value was not obtained using the post-quantum cipher (During the process of connecting the node with the server, the shared secret includes hashing post-quantum values; Pg.7-11 Fig.9-11). In regards to claims 9 & 20, the combination of Nix and Mitev discloses wherein the prior handshake sequence comprises: receiving, by the first computing system and from the second computing system, a public key obtained using a post-quantum cipher; generating, by the first computing system and based on the public key, the shared secret and a keyshare; sending, by the first computing system, the keyshare to the second computing system; and receiving, by the first computing system and from the second computing system, one or more messages encrypted by the second computing system using the shared secret, wherein the second computing system obtained the shared secret using the keyshare and a private key corresponding to the public key (The elements presented in the claim(s) do not contain any additional features, do not present any inventive step or novelty not addressed/presented in the combination of Nix and Mitev discloses. Examiner takes official notice, that these elements are commonly known, minor design details that are derivable from the prior art and are well known, and obvious to an ordinary skill in the art. The additional features of these claims represent normal design options, which the skilled person would implement the combination of Nix and Mitev discloses, depending on the circumstances, without exercising any inventive activity). In regards to claim 10, the combination of Nix and Mitev discloses wherein the first computing system does not receive the public key from the second computing system again when resuming the communication session (The elements presented in the claim(s) do not contain any additional features, do not present any inventive step or novelty not addressed/presented in the combination of Nix and Mitev discloses. Examiner takes official notice, that these elements are commonly known, minor design details that are derivable from the prior art and are well known, and obvious to an ordinary skill in the art. The additional features of these claims represent normal design options, which the skilled person would implement the combination of Nix and Mitev discloses, depending on the circumstances, without exercising any inventive activity). Allowable Subject Matter Claims 6-8 and 14-16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARIF E ULLAH whose telephone number is (571)272-5453. The examiner can normally be reached Mon-Fri 7:00-5:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SHARIF E ULLAH/Primary Examiner, Art Unit 2495
Read full office action

Prosecution Timeline

Oct 18, 2023
Application Filed
May 31, 2025
Non-Final Rejection — §103
Oct 06, 2025
Interview Requested
Oct 27, 2025
Examiner Interview Summary
Oct 27, 2025
Applicant Interview (Telephonic)
Nov 12, 2025
Response Filed
Apr 01, 2026
Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12602518
INTEGRATING A DOCUMENT SIGNATURE SYSTEM WITH AN ACCOUNT MANAGEMENT SYSTEM
3y 3m to grant Granted Apr 14, 2026
Patent 12603863
Hybrid Cryptography Virtual Private Networks
1y 11m to grant Granted Apr 14, 2026
Patent 12598062
METHODS AND SYSTEMS FOR A 2-QUBIT MULTI-USER QUANTUM KEY DISTRIBUTION PROTOCOL
2y 4m to grant Granted Apr 07, 2026
Patent 12592827
PAIRING METHODS IN ZERO-TRUST NETWORKS
2y 4m to grant Granted Mar 31, 2026
Patent 12574226
NATIVE CONTINUOUS-VARIABLE QUANTUM REPEATER
2y 3m to grant Granted Mar 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
84%
Grant Probability
99%
With Interview (+22.3%)
2y 6m (~0m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 453 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month