Office Action Predictor
Last updated: April 15, 2026
Application No. 18/537,666

AUTHORITY MANAGEMENT METHOD

Final Rejection §103
Filed
Dec 12, 2023
Examiner
NOAMAN, BASSAM A
Art Unit
2497
Tech Center
2400 — Computer Networks
Assignee
Zhuhai Pantum Electronics Co., LTD.
OA Round
2 (Final)
78%
Grant Probability
Favorable
3-4
OA Rounds
2y 10m
To Grant
99%
With Interview

Examiner Intelligence

Grants 78% — above average
78%
Career Allow Rate
208 granted / 265 resolved
+20.5% vs TC avg
Strong +25% interview lift
Without
With
+24.6%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
24 currently pending
Career history
289
Total Applications
across all art units

Statute-Specific Performance

§101
7.0%
-33.0% vs TC avg
§103
57.0%
+17.0% vs TC avg
§102
9.8%
-30.2% vs TC avg
§112
17.3%
-22.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 265 resolved cases

Office Action

§103
DETAILED ACTION This Non Final Office Action is in response to Application filed on 12/12/2023. Claims 1-19 filed on 12/12/2023 are being considered on the merits. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Drawings The drawings filed on 12/12/2023 are accepted. Information Disclosure Statement The information disclosure statements (IDS) submitted on 07/01/2024 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 07/01/2024 are attached to the instant Office action. Claim Objections Claim 1, 8, 11 and 17 objected to because of the following informalities: Claim 1 objected to because of the following informalities: Claim 1 should be recited as follows: “…a first terminal device sending a first authority application request to an authority management device, receiving a first authorization information block sent by the authority management device, wherein the first authorization information block comprises first authorization information encrypted by a first private key; [[an]] the authority management device receiving [[a]] the first authority application request sent by [[a]] the first terminal device, generating the first authorization information based on the first authority application request, encrypting the first authorization information using a first private key to generate [[a]] the first authorization information block, sending the first authorization information block to the first terminal device; wherein the first authority application request is used to apply for a first authority, the first authority is an authority that is desired to be obtained by the first terminal device, and the first authority is a task authority for an execution device; the first authorization information comprises description information for the first authority, the first private key is a key matching a first public key, and the first public key is stored in the execution device.” Claims 8 and 11 recite “…second terminal device…second authority application request…third authority…fifth authority…third authorization information…”, where jumping in numbers that distinguish and label entities create inconsistency and confusion. Claim 17 should be recited as follows: “and an authorization information of each authorization information block of the authorization information chain” Appropriate correction is required. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-2, 6-7, 14-16, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Keum (WO 2021080316 A1) in view of Tachibana (US 20210282011 A1). Regarding claim 1, Keum teaches an authority management method (Keum Abstract “a method and a device for performing access control by authenticating an electronic device and performing security ranging”), comprising: a first terminal device sending a first authority application request to an authority management device (Keum Page 4 “…the electronic device transmits a certificate signing request (CSR) of the electronic device and a public key of the electronic device to the server”, electronic device corresponds to first terminal device, CSR corresponds to first authority application request and authority management device corresponds to server), receiving a first authorization information block sent by the authority management device, wherein the first authorization information block comprises first authorization information encrypted by a first [[private]] key (Keum Page 6 “A method of operating a server according to an embodiment of the present disclosure includes: receiving a certificate signing request (CSR) including authorization information of an electronic device for a target device from the electronic device; Checking the certificate signing request and policy information related to the authority of the electronic device; Generating a device certificate including a first STS code encrypted by the public key of the electronic device and a second STS code encrypted by the STS key based on the verification result; And transmitting the device certificate (i.e. first authorization information block) to the electronic device.”); an authority management device receiving a first authority application request sent by a first terminal device, generating first authorization information based on the first authority application request, encrypting the first authorization information using a first [[private]] key to generate a first authorization information block, sending the first authorization information block to the first terminal device (Keum Page 6 “A method of operating a server according to an embodiment of the present disclosure includes: receiving a certificate signing request (CSR) including authorization information of an electronic device for a target device from the electronic device; Checking the certificate signing request and policy information related to the authority of the electronic device; Generating a device certificate including a first STS code encrypted by the public key of the electronic device and a second STS code encrypted by the STS key based on the verification result; And transmitting the device certificate (i.e. first authorization information block) to the electronic device.”); wherein the first authority application request is used to apply for a first authority, the first authority is an authority that is desired to be obtained by the first terminal device, and the first authority is a task authority for an execution device (Keum Page 6 “A method of operating a server according to an embodiment of the present disclosure includes: receiving a certificate signing request (CSR) including authorization information (i.e. first authority) of an electronic device for a target device (i.e. execution device) from the electronic device; Checking the certificate signing request and policy information related to the authority of the electronic device; Generating a device certificate including a first STS code encrypted by the public key of the electronic device and a second STS code encrypted by the STS key based on the verification result; And transmitting the device certificate (i.e. first authorization information block) to the electronic device.”); the first authorization information comprises description information for the first authority (Keum Page 6 “The device certificate according to an embodiment may further include at least one of authorization information related to a device authorization authenticated through the device certificate and period information for a period in which the device certificate is valid.”), the first [[private]] key is a key matching a first public key, and the [[first public]] key is stored in the execution device (Keum Page 6 “A target device according to an embodiment of the present disclosure includes: a communication unit communicating with an electronic device; A memory for storing at least one or more instructions; And at least one processor controlling the target device by executing the at least one instruction. The at least one processor receives from the electronic device a device certificate including a second STS code encrypted by an STS key and a first STS code encrypted by a public key of the electronic device, and uses the STS key. , The encrypted second STS code may be decrypted to obtain a second STS code, and security ranging with the electronic device may be performed using the second STS code.”). Keum discloses the use of symmetric cryptography by using a STS key to encrypt and decrypt the second code of the certificate, implying another case of using asymmetric cryptography, which is not explicitly disclosed. Furthermore, it would have been obvious to a person of ordinary skill in the art (POSITA), prior to the filing date of the claimed invention to employ asymmetric cryptography instead of symmetric cryptograph, because both were well-known and interchangeable alternative for achieving secure communication and/or authentication. The selection between symmetric and asymmetric cryptography would have constituted a design choice since POSITA would have recognized that either could be used to perform the desired outcome depending on desired trade-off between complexity and efficiency, e.g. whether pre-shared key is required, faster computation, POSITA would have found it obvious to try either scheme with predictable results when implementing a cryptographic function. Therefore, the substitution of the asymmetric cryptographic for symmetric cryptography would have been a routine design variation within the field. Furthermore, Tachibana discloses encrypting…using a first private key and the first private key is a key matching a first public key, and the first public key is stored (Tachibana [0091] “…after receiving the setting request, the communication apparatus 101 transmits a setting response containing the communication parameter encrypted with the dedicated secret key (i.e. first private key) of the communication apparatus 101 for the configurator and containing the dedicated public key (i.e. first public key) for the configurator. After receiving the setting response, the communication apparatus 102 decrypts the communication parameter with the public key of the communication apparatus 101 for the configurator. ”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Keum to incorporate the teaching of Tachibana because the selection between symmetric and asymmetric cryptography would have constituted a design choice since POSITA would have recognized that either could be used to perform the desired outcome depending on desired trade-off between complexity and efficiency, e.g. whether pre-shared key is required, faster computation, POSITA would have found it obvious to try either scheme with predictable results when implementing a cryptographic function. Therefore, the substitution of the asymmetric cryptographic for symmetric cryptography would have been a routine design variation within the field and would have been obvious to try. Regarding claim 2, Keum in view of Tachibana teaches the method according to claim 1, further comprising: sending the first authorization information block to the execution device when a task needs to be sent to the execution device (Keum Page 6 “A target device according to an embodiment of the present disclosure includes: a communication unit communicating with an electronic device; A memory for storing at least one or more instructions; And at least one processor controlling the target device by executing the at least one instruction. The at least one processor receives from the electronic device a device certificate including a second STS code encrypted by an STS key and a first STS code encrypted by a public key of the electronic device, and uses the STS key. , The encrypted second STS code may be decrypted to obtain a second STS code, and security ranging with the electronic device may be performed using the second STS code.”, Page 8 “…target device 100 may be provided on a door 10 such as a gate in a lift gate of a ski resort to control whether the door 10 is opened or closed. For example, the target device 100 may be a digital door lock that controls whether or not the door 10 is opened or closed. The type of the target device 100 that can control whether to open or close using a digital key is not limited to the example shown in FIG. 1.”). Regarding claim 6, Keum in view of Tachibana teaches the method according to claim 1, wherein the first authorization information comprises one or a combination of an authorizer identity, an authorized-object identity, an authorization moment, an authorization period, an authority range, and a consumable share (Keum Page 6 “The device certificate according to an embodiment may further include at least one of authorization information related to a device authorization authenticated through the device certificate and period information for a period in which the device certificate is valid.”). Regarding claim 7, Keum in view of Tachibana teaches the method according to claim 1, wherein the first authorization information comprises a subsidiary token information summary of a subsidiary token bound with the first authorization information; and the method further comprises: receiving the subsidiary token sent by the authority management device; generating the subsidiary token; and sending the subsidiary token to the first terminal device (Keum Page 6 “The device certificate according to an embodiment may further include at least one of authorization information related to a device authorization authenticated through the device certificate and period information for a period in which the device certificate is valid (i.e. subsidiary token generated and received by the electronic device i.e. first terminal device).”). Regarding claim 14, Keum in view of Tachibana teaches an authority management method, applied to an execution device (Page 5 “A method of operating a target device”) and comprising: receiving a first authorization information block sent by a terminal device, wherein the first authorization information block comprises first authorization information encrypted by a key is a key matching a key, and the first public key is stored in the execution device; and decrypting the first authorization information block using the first public key to obtain the first authorization information (Keum Page 5 “A method of operating a target device (i.e. execution device) according to an embodiment of the present disclosure includes a device certificate including a second STS (Scrambled Timestamp Sequence) code encrypted by an STS key and a first STS code encrypted by a public key of the electronic device. Receiving from the electronic device (i.e. terminal device); Decrypting the encrypted second STS code using the STS key to obtain a second STS code; And performing security ranging with the electronic device by using the second STS code.”, Tachibana discloses the asymmetric cryptography, rationale and motivation in claim 1 apply). Regarding claim 15, Keum teaches the method according to claim 14, wherein the first authorization information block is generated by an authority management device based on an authority application request of the terminal device (Keum Page 4 “…the electronic device transmits a certificate signing request (CSR) of the electronic device and a public key of the electronic device to the server”, electronic device corresponds to first terminal device, CSR corresponds to first authority application request and authority management device corresponds to server). Regarding claim 16, Keum teaches the method according to claim 14, further comprising: verifying legality of the first authorization information; obtaining authority information of the terminal device based on the first authorization information in response to verification success of the first authorization information; and determining whether to execute a task issued by the terminal device based on the authority information of the terminal device (Page 5 “The target device according to an embodiment is a device that controls an entrance door, and the performing of the security ranging may include determining a distance using UWB; And determining whether to open or close the door based on the determined distance. Determining whether to open or close the door according to an embodiment, when the determined distance is less than a preset distance and the first STS code and the second STS code match, opening the door It may include determining that it is.”, Page 6 “The device certificate according to an embodiment may further include at least one of authorization information related to a device authorization authenticated through the device certificate and period information for a period in which the device certificate is valid.”). Regarding claim 18, Keum teaches the method according to claim 14, wherein the first authorization information comprises one or a combination of an authorizer identity, an authorized-object identity, an authorization moment, an authorization period, an authority range, and a consumable share (Keum Page 6 “The device certificate according to an embodiment may further include at least one of authorization information related to a device authorization authenticated through the device certificate and period information for a period in which the device certificate is valid.”). Regarding claim 19, Keum teaches the method according to claim 14, wherein the first authorization information comprises a subsidiary token information summary of a subsidiary token bound with the first authorization information; and the method further comprises: receiving the subsidiary token sent by the terminal device, and verifying whether the subsidiary token matches the first authorization information (Keum Page 21 “…the electronic device 200 transmits the first STS code to the target device 100 may be used in this step so that the target device 100 can match the second STS code with the first STS code.”). Allowable Subject Matter Claim 3-5 and 17 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and overcoming any pending objections/rejections. Claims 8-13 would be allowable if the above pending objection pertaining to claim 8 is addressed. The following is a statement of reasons for the indication of allowable subject matter: With respect to claim 3, none of the prior arts of record discloses “wherein the first authority application request is further configured to apply for a second authority, the second authority is an authority that allows the first terminal device to authorize another terminal device, and the second authority is a task authority for the execution device; and wherein the first authorization information further comprises description information for the second authority, and the second public key”, in conjunction with the remaining limitations in claim 3 and the base claim 1. With respect to claim 8, none of the prior arts of record discloses “…each authorization information block of the first authorization information chain comprises authorization information encrypted by a private key; the authorization information of each authorization information block of the first authorization information chain comprises a public key matching the private key configured to encrypt the authorization information in a next one authorization information block; and the authorization information of a last one authorization information block of the authorization information blocks of the first authorization information chain comprises description information for the third authority”, in conjunction with the remaining limitations of claim 8. With respect to claim 17, none of the prior arts of record discloses “…wherein said receiving a first authorization information block sent by a terminal device comprises: receiving an authorization information chain sent by the terminal device, wherein the authorization information chain comprises authorization information blocks encrypted by different private keys, a first one authorization information block of the authorization information blocks of the authorization information chain is the first authorization information block, and the authorization information of each authorization information block of the authorization information chain comprises a public key matching a private key configured to encrypt the authorization information in a next one authorization information block”, in conjunction with the remaining limitations in claim 14. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Edwards (US 20190197533 A1) discloses a web service server performing tasks in order to act as a secure gateway to receive encrypted transaction data and other associated data, to observe and record certain details regarding test transactions, to forward test transaction requests to a payment network 21, to encrypt and forward responses from the payment network 21 to mobile electronic devices 20 and/or local control computing devices 17, and to perform other functions in response to, for example, data elements included within transaction data. Pham (US 20210367756 A1) discloses decrypting a second message using a first private key; and after transmitting an encrypted message and a second public key to a second application and decrypting the second message using the first private key: generating, by the first application, a third public key and a second private key in response to a next encrypted message being about to be transmitted, wherein the next encrypted message was encrypted using the first private key; transmitting the next encrypted message and the third public key to the second application. Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BASSAM A NOAMAN/Primary Examiner, Art Unit 2497
Read full office action

Prosecution Timeline

Dec 12, 2023
Application Filed
Oct 14, 2025
Non-Final Rejection — §103
Jan 15, 2026
Response Filed
Feb 05, 2026
Final Rejection — §103
Apr 08, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12587364
METHOD OF DATA TRANSMISSION, AND ELECTRONIC DEVICE
2y 5m to grant Granted Mar 24, 2026
Patent 12574392
METHODS AND APPARATUS TO IDENTIFY ABNORMAL BEHAVIOR WITHIN A SET OF INTERNET-OF-THINGS DEVICES
2y 5m to grant Granted Mar 10, 2026
Patent 12568376
METHOD AND SYSTEM FOR AUTHENTICATING USERS
2y 5m to grant Granted Mar 03, 2026
Patent 12562888
SYSTEMS AND METHODS FOR ENCRYPTING AND TRANSMITTING DATA BETWEEN DEVICES
2y 5m to grant Granted Feb 24, 2026
Patent 12554889
FRAMEWORK FOR EXPOSING CONTEXT-DRIVEN SERVICES WITHIN A WEB BROWSER
2y 5m to grant Granted Feb 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
78%
Grant Probability
99%
With Interview (+24.6%)
2y 10m
Median Time to Grant
Moderate
PTA Risk
Based on 265 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month