Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsWells Fargo Bank N A › 18535063
Last updated: May 29, 2026
Application No. 18/535,063

EXTENSIBLE KEY MANAGEMENT (XKM)

Non-Final OA §103
Filed
Dec 11, 2023
Examiner
KHAN, MOEEN
Art Unit
2436
Tech Center
2400 — Computer Networks
Assignee
Wells Fargo Bank N A
OA Round
2 (Non-Final)
69%
Grant Probability
Favorable
2-3
OA Rounds
5m
Est. Remaining
99%
With Interview

Interview Optional

+60.3% interview lift. Interview already conducted in this application's prosecution history. This examiner has a 69% grant rate with +60.3% interview lift. Since an interview has already been tried, recommend written response with narrowed claims based on precedent claim evolution patterns.
Based on 231 resolved cases, 2023–2026

Examiner Intelligence

KHAN, MOEEN View full profile →
Grants 69% — above average
69%
Career Allowance Rate
160 granted / 231 resolved
+11.3% vs TC avg
Strong +60% interview lift
Without
With
+60.3%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
28 currently pending
Career history
262
Total Applications
across all art units

Statute-Specific Performance

§101
0.3%
-39.7% vs TC avg
§103
98.7%
+58.7% vs TC avg
§102
0.5%
-39.5% vs TC avg
§112
0.1%
-39.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 231 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Specification The specification filed on December 11, 2023 is accepted. The title of the invention is not descriptive. A new title is required that is clearly indicative of the invention to which the claims are directed. Response to 103 Applicants’ arguments filed on 12/12/2025 have been fully considered and are not persuasive. In response to applicant’s arguments on 8 of remarks, the applicant argues that the cited prior arts fail to teach the amended limitation “generate, at an extensible key management (XKM) device remote from the first device and the second device, a composite seed by combining the first seed and the second seed” the examiner acknowledges applicant’s prospective but respectfully disagrees because the above limitation is explicitly taught by both Griffin and Hart. Griffin (i.e., primary reference) teaches the device that generates the seed is remote from the devices that use the seed to generate the key. In instant case, Griffin teaches data base server 116a and 116b i.e., first and second device remotely connected with HSM key manager device. See Griffin Fig 1 and text on [col 6 line 30-40 and col 22 line 65-67] teaches the database server 116 is communicatively coupled to the key manager circuit 114 via a secure connection 150. In some embodiments, the secure connection 150 is a Transport Layer Security (TLS) protocol-based electronic connection. i.e., indicates that the database server 116a and 116b (first and second device) remote from HSM key manager and connected via internet. Applicant on page 9 acknowledges that Hart (i.e., cited prior art) teaches client device generates composite seed C based on seed A and seed B but agues that Hart fails to teach that first and second device are remote from the XKM device. The examiner notes that the first and second device remote from XKM device is disclosed by Griffin as already explained above. Therefore, Hart does not have to show the same teaching. Next, the applicant argues that the cited prior art Hart fails to teach “distribute, from the XKM device, the composite seed to each of the first device or the second device” the applicant argues that client 2 uses the seed C does not indicate that the seed C was distributed to client 2. The examiner respectfully disagrees because Hart Fig 2 block 246 and text on [0029] client 1 combines Seeds A and B using the formula to create Seed C, the Data Seed. at process node 248, Client 2 uses Seed C to generate a second key known as AES Key 2 i.e., client 2 using composite seed generated by client 1 is clear indication that client 1 distributes or provides access to the composite seed C to client 2. Lastly, the applicant on page 9 of remarks argues that the cited prior arts fail to teach key derivation function of first or second device is inaccessible to the XKM device. The examiner respectfully disagrees because Griffin explicitly teaches on [claim 1 and claim 4] teaches HSM key manager generating the seeds (i.e., XKM) and sends the seed to entity computing device (i.e., first or second device), wherein the entity computing device drives the key using the seed as input to the KDF, wherein the KDF is known only to the entity computing system and not to the HSM. Claim Objections Claim 1 objected to because of the following informalities: Claim 1 recites “a system, comprising at least one memory and at least one player”, “XKM device”, “a first device” and “second device” it seems like the system and the XKM device is a same device in view of spec. However, claim 1 describes the “XKM” as separate entity which is responsible for generating composite seed and distributing it and the system with processor is responsible for determining first and second seed. Appropriate correction is required. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Griffin et al (hereinafter Griffin) (US 10615970) in view of Hart et al (hereinafter Hart) (US 20210029096). Regarding claim 1 Griffin teaches a system, comprising: (Griffin on [col 4 line 34-45] teaches system); at least one memory; and at least one processor configured to: (Griffin on [col 22 line 32-55] teaches one or more processor and memory); recover a first key by decrypting encrypted key using a master key (Griffin on [col 8 line 61-67, col 9 line 62-65 and col 18 line 14-16] teaches the HMAC key cryptogram 126 is decrypted by the key manager circuit 114 using the master key encryption key 122 to obtain the HMAC key 124 i.e., recovering first key); determine a first seed using the first key and a first Identifier (ID) identifying a first device (Griffin on [col 8 line 61-67] teaches a seed 132 is generated by the key manager circuit using the HMAC key and unique identifier 128. See on [col 9 line 63-67] teaches At 332, a new seed 132b is generated by the key manager circuit 114 using the HMAC key 124 and the unique identifier 128b. i.e., generating fist seed using first key and first ID and generating second seed using first key and second ID. See on [col 14 line 20-35] teaches each of database servers 116a and 116b (first and second device) generates a unique identifier, such as the first unique identifier 128a and the second unique identifier 128b. Further teaches generates seed 132a (i.e., first seed) using the HMAC algorithm with the first HMAC key 124a and the first unique identifier 128a, and sends the seed 132a to the database server 116a over the secured connection 150. See on [col 10 line 59-67] teaches generates the seed 132a (i.e., first seed) using the HMAC algorithm with the HMAC key 124 (i.e., first key) and the first unique identifier 128a (i.e., first identifier), and sends the seed 132a to the database server 116 over the secured connection 150); determine a second seed using the first key and a second ID identifying a second device (Griffin on [col 9 line 62-67] teaches the HMAC key cryptogram 126 is decrypted by the key manager circuit 114 using the master key encryption key 122 to obtain the HMAC key 124. At 332, a new seed 132b (i.e., second seed) is generated by the key manager circuit 114 using the HMAC key 124 (i.e., first key) and the unique identifier 128b (i.e., second ID). See on [col 11 line 6-15] teaches generates the second seed 132b (i.e., second seed) using the HMAC algorithm with the HMAC key 124 (i.e., first key) and the second unique identifier 128b. See on [col 14 line 15-45] teaches each of database servers 116a and 116b generates a unique identifier, such as the first unique identifier 128a and the second unique identifier 128b. Further teaches generates the second seed 132b using the HMAC algorithm with the second HMAC key 124b and the second unique identifier 128b, and sends the second seed 132b to the database server 116b over the secured connection 150); generate, at an extensible key management (XKM) device remote from the first device and the second device, (Griffin Fig 1 and text on [col 6 line 30-40 and col 22 line 65-67] teaches the database server 116 is communicatively coupled to the key manager circuit 114 via a secure connection 150. In some embodiments, the secure connection 150 is a Transport Layer Security (TLS) protocol-based electronic connection. In some embodiments, the secure connection 150 is a Transport Layer Security (TLS) protocol-based electronic connection. In other embodiments, the secure connection 150 is an Internet Protocol Security (IPsec)-based connection. Additionally, or alternatively, the secure connection 150 may be established using a mutual authentication algorithm comprising digital certificates. After the secure connection 150 is established, the key manager circuit 114 transmits at least the HMAC cryptogram 126 to the database server 116. The database server 116 may reside at least in part on a mobile device, such that a public encryption key is securely distributed to the mobile device, and/or on an internet-of-things (IoT) device, such that that a public encryption key is securely distributed to the IoT device. i.e., indicates that the database server 116a and 116b (first and second device) remote from HSM key manager and connected via internet); and distribute from the XKM device the (Griffin on [col 9 line 1-5] teaches the seed 132 is transmitted to the database server 116 through the secure connection 150. See on [col 14 line 15-45] teaches each of database servers 116a and 116b generates a unique identifier, such as the first unique identifier 128a and the second unique identifier 128b. Further teaches send the first seed to the database server 116b and sends the second seed 132b to the database server 116b over the secured connection 150 i.e., distributing the first and second seed to devices. See on [col 21 line 55-57] teaches and sends the encrypted seed (e.g., Ax(S) and/or Bx(S)) to the corresponding entity. i.e., first entity and/or second entity); wherein each of the first device or the second device generates a data key using a key derivation function based on the Griffin on [col 14 line 15-45] teaches the database server 116a generates the first DEK 130a using a suitable KDF function with the seed 132a and installs the DEK 130a into memory for data encryption and decryption. Meanwhile, the HSM 118 destroys the first HMAC key 124a and the seed 132a. The database server 116b generates the second DEK 130b using a suitable KDF function with the second seed 132b and installs the DEK 130b into memory for data encryption and decryption. Meanwhile, the HSM 118 destroys the second HMAC key 124b and the second seed 132b); and wherein each of the first device or the second device encrypts or decrypts data using the data key (Griffin on [col 9 line 10-15, col 9 line 50-55 and col 18 line 60-65] teaches the DEK 130 is installed on the database server 116. At 234 and 236, respectively, the data processed on the database server 116 is encrypted and decrypted using the DEK 130); wherein the key derivation function used by the first device or the second device to generate the data key is inaccessible to the XKM device (Griffin on [claim 1 and claim 4] teaches HSM key manager generating the seeds and sends the seed to entity computing device, wherein the entity computing device drives the key using the seed as input to the KDF, wherein the KDF is known only to the entity computing system and not to the HSM. See also on [col 9 line1-5, col 11 line 1-20 and col 14 line 30-45] teaches only database server have access to KDF to generate the key based on the seed). Although Griffin teaches first device generating key using first seed and second device generating key using second seed but fails to explicitly teach generating a key using first and second seed, however Hart from analogous art teaches generate, at an extensible key management (XKM) device (Hart Fig 2 block 246 and text on [0029] teaches client 1 combines Seeds A and B using the formula to create Seed C, the Data Seed. At process node 248, Client 2 uses Seed C (i.e., distributing composited seed) to generate a second key known as AES Key 2); distribute, from the XKM device, the composite seed to each of the first device or the second device (Hart Fig 2 block 246 and text on [0029] at process node 248, Client 2 uses Seed C (i.e., indicate distribution of composited seed C from client 1 since client 1 generates the seed C) to generate a second key known as AES Key 2); wherein each of the first device or the second device generates a data key using a key derivation function based on the composite seed (Hart Fig 2 block 248 and text on [0029] at process node 248, Client 2 uses Seed C (i.e., indicate distribution of composited seed C from client 1 since client 1 generates the seed C) to generate a second key known as AES Key 2); and wherein each of the first device or the second device encrypts or decrypts data using the data key (Hart Fig 2 block 250 and text on [0029] at process node 248, Client 2 uses AES key 2 to decrypt payload). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Hart into the teaching of Griffin by generating data key using composite seed. One would be motivated to do so in order to protect and exchange information with high level of security using data key generated based on combination of first seed and second seed (Hart [abstract and 0001-0004]). Regarding claim 14 Griffin teaches a method, comprising: (Griffin on [col 1 line 55-60] teaches a method performed by a processor of a secure key exchange for electronic transactions); recovering a first key by decrypting encrypted key using a master key (Griffin on [col 8 line 61-67, col 9 line 62-65 and col 18 line 14-16] teaches the HMAC key cryptogram 126 is decrypted by the key manager circuit 114 using the master key encryption key 122 to obtain the HMAC key 124 i.e., recovering first key); determining a first seed using the first key and a first Identifier (ID) identifying a first device (Griffin on [col 8 line 61-67] teaches a seed 132 is generated by the key manager circuit using the HMAC key and unique identifier 128. See on [col 9 line 63-67] teaches At 332, a new seed 132b is generated by the key manager circuit 114 using the HMAC key 124 and the unique identifier 128b. i.e., generating fist seed using first key and first ID and generating second seed using first key and second ID. See on [col 14 line 20-35] teaches each of database servers 116a and 116b (first and second device) generates a unique identifier, such as the first unique identifier 128a and the second unique identifier 128b. Further teaches generates seed 132a (i.e., first seed) using the HMAC algorithm with the first HMAC key 124a and the first unique identifier 128a, and sends the seed 132a to the database server 116a over the secured connection 150. See on [col 10 line 59-67] teaches generates the seed 132a (i.e., first seed) using the HMAC algorithm with the HMAC key 124 (i.e., first key) and the first unique identifier 128a (i.e., first identifier), and sends the seed 132a to the database server 116 over the secured connection 150); determining a second seed using the first key and a second ID identifying a second device (Griffin on [col 9 line 62-67] teaches the HMAC key cryptogram 126 is decrypted by the key manager circuit 114 using the master key encryption key 122 to obtain the HMAC key 124. At 332, a new seed 132b (i.e., second seed) is generated by the key manager circuit 114 using the HMAC key 124 (i.e., first key) and the unique identifier 128b (i.e., second ID). See on [col 11 line 6-15] teaches generates the second seed 132b (i.e., second seed) using the HMAC algorithm with the HMAC key 124 (i.e., first key) and the second unique identifier 128b. See on [col 14 line 15-45] teaches each of database servers 116a and 116b generates a unique identifier, such as the first unique identifier 128a and the second unique identifier 128b. Further teaches generates the second seed 132b using the HMAC algorithm with the second HMAC key 124b and the second unique identifier 128b, and sends the second seed 132b to the database server 116b over the secured connection 150); generate, at an extensible key management (XKM) device remote from the first device and the second device, (Griffin Fig 1 and text on [col 6 line 30-40 and col 22 line 65-67] teaches the database server 116 is communicatively coupled to the key manager circuit 114 via a secure connection 150. In some embodiments, the secure connection 150 is a Transport Layer Security (TLS) protocol-based electronic connection. In some embodiments, the secure connection 150 is a Transport Layer Security (TLS) protocol-based electronic connection. In other embodiments, the secure connection 150 is an Internet Protocol Security (IPsec)-based connection. Additionally, or alternatively, the secure connection 150 may be established using a mutual authentication algorithm comprising digital certificates. After the secure connection 150 is established, the key manager circuit 114 transmits at least the HMAC cryptogram 126 to the database server 116. The database server 116 may reside at least in part on a mobile device, such that a public encryption key is securely distributed to the mobile device, and/or on an internet-of-things (IoT) device, such that that a public encryption key is securely distributed to the IoT device. i.e., indicates that the database server 116a and 116b (first and second device) remote from HSM key manager and connected via internet); and distribute from the XKM device the (Griffin on [col 9 line 1-5] teaches the seed 132 is transmitted to the database server 116 through the secure connection 150. See on [col 14 line 15-45] teaches each of database servers 116a and 116b generates a unique identifier, such as the first unique identifier 128a and the second unique identifier 128b. Further teaches send the first seed to the database server 116b and sends the second seed 132b to the database server 116b over the secured connection 150 i.e., distributing the first and second seed to devices. See on [col 21 line 55-57] teaches and sends the encrypted seed (e.g., Ax(S) and/or Bx(S)) to the corresponding entity. i.e., first entity and/or second entity); wherein each of the first device or the second device generates a data key using a key derivation function based on the Griffin on [col 14 line 15-45] teaches the database server 116a generates the first DEK 130a using a suitable KDF function with the seed 132a and installs the DEK 130a into memory for data encryption and decryption. Meanwhile, the HSM 118 destroys the first HMAC key 124a and the seed 132a. The database server 116b generates the second DEK 130b using a suitable KDF function with the second seed 132b and installs the DEK 130b into memory for data encryption and decryption. Meanwhile, the HSM 118 destroys the second HMAC key 124b and the second seed 132b); and wherein each of the first device or the second device encrypts or decrypts data using the data key (Griffin on [col 9 line 10-15, col 9 line 50-55 and col 18 line 60-65] teaches the DEK 130 is installed on the database server 116. At 234 and 236, respectively, the data processed on the database server 116 is encrypted and decrypted using the DEK 130); wherein the key derivation function used by the first device or the second device to generate the data key is inaccessible to the XKM device (Griffin on [claim 1 and claim 4] teaches HSM key manager generating the seeds and sends the seed to entity computing device, wherein the entity computing device drives the key using the seed as input to the KDF, wherein the KDF is known only to the entity computing system and not to the HSM. See also on [col 9 line1-5, col 11 line 1-20 and col 14 line 30-45] teaches only database server have access to KDF to generate the key based on the seed). Although Griffin teaches first device generating key using first seed and second device generating key using second seed but fails to explicitly teach generating a key using first and second seed, however Hart from analogous art teaches generate, at an extensible key management (XKM) device (Hart Fig 2 block 246 and text on [0029] teaches client 1 combines Seeds A and B using the formula to create Seed C, the Data Seed. At process node 248, Client 2 uses Seed C (i.e., distributing composited seed) to generate a second key known as AES Key 2); distribute, from the XKM device, the composite seed to each of the first device or the second device (Hart Fig 2 block 246 and text on [0029] at process node 248, Client 2 uses Seed C (i.e., indicate distribution of composited seed C from client 1 since client 1 generates the seed C) to generate a second key known as AES Key 2); wherein each of the first device or the second device generates a data key using a key derivation function based on the composite seed (Hart Fig 2 block 248 and text on [0029] at process node 248, Client 2 uses Seed C (i.e., indicate distribution of composited seed C from client 1 since client 1 generates the seed C) to generate a second key known as AES Key 2); and wherein each of the first device or the second device encrypts or decrypts data using the data key (Hart Fig 2 block 250 and text on [0029] at process node 248, Client 2 uses AES key 2 to decrypt payload). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Hart into the teaching of Griffin by generating data key using composite seed. One would be motivated to do so in order to protect and exchange information with high level of security using data key generated based on combination of first seed and second seed (Hart [abstract and 0001-0004]). Regarding claim 2 and 15 the combination of Griffin and Hart teaches all the limitations of claims 1 and 14 respectively, Griffin further teaches wherein the at least one processor is configured to: receive the first ID and the encrypted key from the first device (Griffin on [col 10 line 60-65] teaches the database server 116 sends a request to the HSM 118 over the secure connection 150. The request contains the HMAC key cryptogram 126 and the first unique identifier 128a); and receive the second ID and the encrypted key from the second device (Griffin on [col 11 line 5-10] teaches the database server 116 sends a request to the HSM 118 over the secure connection 150. The request contains the HMAC key cryptogram 126 and the second unique identifier 128b); wherein distribute the first seed and the second seed comprises sending the first seed and the second seed to each of the first device or the second device via at least one network (Griffin on [col 9 line 1-5] teaches the seed 132 is transmitted to the database server 116 through the secure connection 150. See on [col 14 line 15-45] teaches each of database servers 116a and 116b generates a unique identifier, such as the first unique identifier 128a and the second unique identifier 128b. Further teaches send the first seed to the database server 116b and sends the second seed 132b to the database server 116b over the secured connection 150 i.e., distributing the first and second seed to devices. See on [col 21 line 55-57] teaches and sends the encrypted seed (e.g., Ax(S) and/or Bx(S)) to the corresponding entity. i.e., first entity and/or second entity. See [col 5 line 30-45] teaches communication between entities via a network). Regarding claim 3 the combination of Griffin and Hart teaches all the limitations of claim a above, Griffin further teaches wherein the first key comprises a Hash-Based Message Authentication Code (HMAC) key (Griffin on [col 8 line 61-67, col 9 line 62-65 and col 18 line 14-16] teaches the HMAC key cryptogram 126 is decrypted by the key manager circuit 114 using the master key encryption key 122 to obtain the HMAC key 124 i.e., first key). Regarding claim 4 the combination of Griffin and Hart teaches all the limitations of claim 3 above, Griffin further teaches wherein the HMAC key is encrypted using the master key, the master key is a Key Encryption Key (KEK) (Griffin on [col 5 line 4-6 and col 6 line 20-25] teaches master key encryption key used to encrypt HMAC key). Regarding claim 5 the combination of Griffin and Hart teaches all the limitations of claim 1 above, Griffin further teaches wherein the at least one processor is configured to: destroy the first key in response to at least one of determining the first seed and the second seed or distributing the first seed and the second seed (Griffin on [col 11 line 1-5 and col 14 line 30-50] teaches the HSM 118 destroys the HMAC key after generating seed) and destroy the first seed and the second seed in response to distributing the first seed and the second seed (Griffin on [col 11 line 1-19 and col 14 line 30-50] teaches destroying the first seed 132a and the second 132b). Hart teaches destroy the encrypted key in response to at least one of decrypting the encrypted key, determining the first seed, determining the second seed, or distributing the first seed and the second seed (Hart on [0026 and 0040] teaches destroys all AES keys and seeds and the formula after use, including all encrypted forms). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Hart into the teaching of Griffin by destroying the encrypted after generating seed. One would be motivated to do so in order to protect information with high level of security from unauthorized access by deleting the key after generating the seed from the key (Hart [abstract and 0001-0004]). Regarding claim 6 and 16 the combination of Griffin and Hart teaches all the limitations of claims 1 and 14 respectively, Griffin further teaches wherein determining the first seed comprises generating the first seed by inputting the first key and the first ID into a Hash-Based Message Authentication Code (HMAC) function; and determining the second seed comprises generating the second seed by inputting the first key and the second ID into the HMAC function (Griffin on [col 9 line 1-5 and col 10 line 60-65] teaches generating seed by calling HMAC function). Regarding claim 7 the combination of Griffin and Hart teaches all the limitations of claim 1 above, Hart further teaches wherein each of the first device or the second device generates the data key based on both the first seed and the second seed (Hart on [0023-0025] teaches client device uses seed A and seed B to make seed C and then use seed C to generate AES key 2 for encrypting data). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Hart into the teaching of Griffin by generating data key using first and second seed. One would be motivated to do so in order to protect and exchange information with high level of security using data key generated based on combination of first seed and second seed (Hart [abstract and 0001-0004]). Regarding claim 8 the combination of Griffin and Hart teaches all the limitations of claim 1 above, Griffin further teaches wherein the at least one processor is configured to: generate the encrypted key by encrypting the first key using the master key; and distribute the encrypted key to the first device and the second device (Griffin on [col 8 line 20-25, col 10 line 45-50 and col 14 line 5-15] teaches encrypting the HMAC key 124 with the master key encryption key 122 and provide the HMAC key to server. See on [col 20 line 37-45] teaches the HSM 1001 generates an HMAC key (HK). The HSM 1001 encrypts the HMAC key (HK) using the master key encryption key (MK) and sends the signed cryptogram MK(HK) to the first entity 1002 and the second entity 1004). Regarding claim 9 the combination of Griffin and Hart teaches all the limitations of claim 8 above, Griffin further teaches wherein the at least one processor is configured to: destroy the first key in response to encrypting the first key using the master key or in response to distributing the encrypted key; and destroy the encrypted key in response to distributing the encrypted key (Griffin on [col 8 line 20-25 and col 16 line 42-48] teaches a HMAC key cryptogram 126 is generated by the key manager circuit 114 by encrypting the HMAC key 124 with the master key encryption key 122. At 214, the HMAC key 124 is deleted to avoid security vulnerabilities associated with permanently storing the HMAC key 124). Regarding claim 10 and 17 the combination of Griffin and Hart teaches all the limitations of claim 1 and 14 respectively, Hart further teaches wherein each of the first device or the second device generates the data key using the key derivation function by applying both the first seed and the second seed as inputs into the key derivation function (Hart on [0023-0025 and 0029] teaches client device uses seed A and seed B according to formula to make seed C and then use seed C to generate AES key 2 for encrypting data). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Hart into the teaching of Griffin by generating data key using first and second seed. One would be motivated to do so in order to protect and exchange information with high level of security using data key generated based on combination of first seed and second seed (Hart [abstract and 0001-0004]). Regarding claim 11 and 18 the combination of Griffin and Hart teaches all the limitations of claim 1 and 14 respectively, Hart further teaches each of the first device or the second device generates the data key using the key derivation function by applying the composite seed as input into the key derivation function (Hart on [0029] teaches client 1 combines Seeds A and B using the formula to create Seed C, the Data Seed. At process node 248, Client 2 uses Seed C (i.e., distributing composited seed) to generate a second key known as AES Key 2). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Hart into the teaching of Griffin by generating data key using first and second seed. One would be motivated to do so in order to protect and exchange information with high level of security using data key generated based on combination of first seed and second seed (Hart [abstract and 0001-0004]). Regarding claim 12 the combination of Griffin and Hart teaches all the limitations of claim 1 above, Hart further teaches wherein generating the composite seed comprises combining the first seed and the second seed (Hart on [0029] teaches client 1 combines Seeds A and B using the formula to create Seed C, the Data Seed. At process node 248, Client 2 uses Seed C (i.e., distributing composited seed) to generate a second key known as AES Key 2). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Hart into the teaching of Griffin by generating data key using first and second seed. One would be motivated to do so in order to protect and exchange information with high level of security using data key generated based on combination of first seed and second seed (Hart [abstract and 0001-0004]). Regarding claim 13 the combination of Griffin and Hart teaches all the limitations of claim 1 above, Griffin further teaches wherein the at least one processor is configured to generate a composite seed by applying the first key and a value determined using the first ID and the second ID as inputs into a function (Griffin on [col 9 line 62-67] teaches the HMAC key cryptogram 126 is decrypted by the key manager circuit 114 using the master key encryption key 122 to obtain the HMAC key 124. At 332, a new seed 132b (i.e., second seed) is generated by the key manager circuit 114 using the HMAC key 124 (i.e., first key) and the unique identifier 128b (i.e., second ID). See on [col 11 line 6-15] teaches generates the second seed 132b (i.e., second seed) using the HMAC algorithm with the HMAC key 124 (i.e., first key) and the second unique identifier 128b. See on [col 14 line 15-45] teaches each of database servers 116a and 116b generates a unique identifier, such as the first unique identifier 128a and the second unique identifier 128b. Further teaches generates the second seed 132b using the HMAC algorithm with the second HMAC key 124b and the second unique identifier 128b, and sends the second seed 132b to the database server 116b over the secured connection 150). Regarding claim 19 Griffin teaches a first device, comprising: (Griffin Fig 1 block 116 and text on [col 4 line 35-40] teaches data base server); at least one memory; and at least one processor configured to (Griffin on [col 22 line 32-55] teaches one or more processor and memory); send a first Identifier (ID) identifying the first device and an encrypted key to an Extensible Key Management (XKM) device remote from the first device (Griffin on [col 8 line 55-67] teaches the database server 116 (i.e., first device) retrieves the HMAC key (i.e., encrypted key since it will be decrypted using master key) cryptogram 126 from the local storage 142. At 220, the database server 116 retrieves the unique identifier 128 from the local storage 142. These retrieved values are sent to the HSM 118 (i.e., XKM device since HSM is located within database encryption key management system 110 as shown in fig 1) through the secure connection 150. See Fig 1 and text on [col 6 line 30-40 and col 22 line 65-67] teaches database server remote from HSM key manager); receive a first seed and a second seed, wherein the first seed is generated using a first key and the first ID, and the second seed is generated using the first key and a second ID identifying a second device, wherein the XKM device is remote from the second device, (Griffin on [col 8 line 61-67] teaches a seed 132 is generated by the key manager circuit using the HMAC key and unique identifier 128. See on [col 9 line 63-67] teaches At 332, a new seed 132b is generated by the key manager circuit 114 using the HMAC key 124 and the unique identifier 128b. i.e., generating fist seed using first key and first ID and generating second seed using first key and second ID. See on [col 14 line 20-35] teaches each of database servers 116a and 116b (first and second device) generates a unique identifier, such as the first unique identifier 128a and the second unique identifier 128b. Further teaches generates seed 132a (i.e., first seed) using the HMAC algorithm with the first HMAC key 124a and the first unique identifier 128a, and sends the seed 132a to the database server 116a over the secured connection 150. See on [col 10 line 59-67] teaches generates the seed 132a (i.e., first seed) using the HMAC algorithm with the HMAC key 124 (i.e., first key) and the first unique identifier 128a (i.e., first identifier), and sends the seed 132a to the database server 116 over the secured connection 150. See on [col 21 line 55-57] teaches and sends the encrypted seed (e.g., Ax(S) and/or Bx(S)) to the corresponding entity. i.e., first entity and/or second entity. See Fig 1 and text on [col 6 line 30-40 and col 22 line 65-67] teaches database server 116a and 116b remote from HSM key manager); (Griffin on [claim 1 and claim 4] teaches HSM key manager generating the seeds and sends the seed to entity computing device, wherein the entity computing device drives the key using the seed as input to the KDF, wherein the KDF is known only to the entity computing system and not to the HSM. See also on [col 9 line1-5, col 11 line 1-20 and col 14 line 30-45] teaches only database server have access to KDF to generate the key based on the seed); and encrypt or decrypt data using the data key (Griffin on [col 9 line 10-15, col 9 line 50-55 and col 18 line 60-65] teaches the DEK 130 is installed on the database server 116. At 234 and 236, respectively, the data processed on the database server 116 is encrypted and decrypted using the DEK 130). Although Griffin teaches first device generating key using first seed and second device generating key using second seed but fails to explicitly teach generating a key using first and second seed, however Hart from analogous art teaches wherein the XKM device generates a composite seed by combining the first seed and the second seed (Hart Fig 2 block 246 and text on [0029] teaches client 1 combines Seeds A and B using the formula to create Seed C, the Data Seed. At process node 248, Client 2 uses Seed C (i.e., distributing composited seed) to generate a second key known as AES Key 2); and wherein the composite seed is distributed from the XKM device to the first device (Hart Fig 2 block 246 and text on [0029] at process node 248, Client 2 uses Seed C (i.e., indicate distribution of composited seed C from client 1 since client 1 generates the seed C) to generate a second key known as AES Key 2); generate a data key using a key derivation function based on the composite seed (Hart on [0023-0025] teaches client device uses seed A and seed B to make seed C and then use seed C to generate AES key 2 for encrypting data). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Hart into the teaching of Griffin by generating data key using first and second seed. One would be motivated to do so in order to protect and exchange information with high level of security using data key generated based on combination of first seed and second seed (Hart [abstract and 0001-0004]). Regarding claim 20 the combination of Griffin and Hart teaches all the limitations of claim 19 above, Griffin further teaches wherein the at least one processor is configured to receive the encrypted key from the XKM device prior to sending the first ID and the encrypted key to the XKM device (Griffin on [col 8 line 20-25 and col 8 line 55-67] teaches a HMAC key cryptogram 126 is generated by the key manager circuit 114 by encrypting the HMAC key 124 with the master key encryption key 122. At 208, the interface circuit 112 provides the HMAC key cryptogram 126 to the database server 116 via the secure connection 150. At 220, the database server 116 retrieves the unique identifier 128 from the local storage 142. These retrieved values are sent to the HSM 118). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached at (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MOEEN KHAN/ Primary Examiner, Art Unit 2436
Read full office action

Prosecution Timeline

Show 3 earlier events
Dec 10, 2025
Examiner Interview Summary
Dec 12, 2025
Response Filed
Jan 30, 2026
Final Rejection mailed — §103
Mar 17, 2026
Applicant Interview (Telephonic)
Mar 17, 2026
Examiner Interview Summary
Mar 20, 2026
Response after Non-Final Action
Apr 24, 2026
Request for Continued Examination
May 03, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

18/138,423
Patent 12627698
A CYBER THREAT INFORMATION METHOD AND APPARATUS FOR IDENTIFYING MALWARE AND PREDICTING CYBER THREAT ATTACK USING MACHINE LEARNING TECHNIQUES
3y 0m to grant Granted May 12, 2026
18/545,432
Patent 12627512
MUTUAL AUTHENTICATION WITH PSEUDO RANDOM NUMBERS
2y 4m to grant Granted May 12, 2026
18/518,064
Patent 12621171
SECURE COMMUNICATIONS AND AUTHENTICITY VALIDATION OF A THIRD-PARTY DEVICE
2y 5m to grant Granted May 05, 2026
18/056,557
Patent 12587531
BROWSER PROFILE SEPARATION FOR A MANAGED USER ACCOUNT
3y 4m to grant Granted Mar 24, 2026
19/002,162
Patent 12580730
METHOD AND SYSTEM FOR IMPROVING HOMOMORPHIC ENCRYPTION PERFORMANCE BASED ON TRUSTED EXECUTION ENVIRONMENT
1y 2m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

2-3
Expected OA Rounds
69%
Grant Probability
99%
With Interview (+60.3%)
2y 11m (~5m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 231 resolved cases by this examiner. Grant probability derived from career allowance rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month