Prosecution Insights
Last updated: May 04, 2026
Application No. 18/598,070

INFORMATION MANAGEMENT SYSTEM, AUTHENTICATION DEVICE, AND PERSONAL INFORMATION SERVER

Non-Final OA §102§103
Filed
Mar 07, 2024
Priority
Sep 17, 2021 — JP 2021-151866 +1 more
Examiner
LANIER, BENJAMIN E
Art Unit
2437
Tech Center
2400 — Computer Networks
Assignee
Kabushiki Kaisha Toshiba
OA Round
3 (Non-Final)
69%
Grant Probability
Favorable
3-4
OA Rounds
1y 6m
Est. Remaining
87%
With Interview

Examiner Intelligence

Grants 69% — above average
69%
Career Allowance Rate
635 granted / 916 resolved
+11.3% vs TC avg
Strong +17% interview lift
Without
With
+17.3%
Interview Lift
resolved cases with interview
Typical timeline
3y 8m
Avg Prosecution
29 currently pending
Career history
945
Total Applications
across all art units

Statute-Specific Performance

§101
7.4%
-32.6% vs TC avg
§103
48.2%
+8.2% vs TC avg
§102
17.7%
-22.3% vs TC avg
§112
17.1%
-22.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 916 resolved cases

Office Action

§102 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 13 March 2026 has been entered. Response to Amendment Applicant’s amendment filed 13 March 2026 amends claims 1, 6-8, and 13. Applicant’s amendment has been fully considered and entered. Response to Arguments Applicant argues on page 12 of the response, “In response, Applicant has amended claim 8 to address the objection.” This argument has been fully considered and is persuasive. Therefore, the previous objection to claim 8 has been withdrawn. Applicant argues on page 12 of the response, “…Applicant has amended the claims to ensure compliance with 35 U.S.C. § 112(a) and (b).” This argument has been fully considered and is persuasive. Therefore, the previous §112 rejections have been withdrawn. Applicant argues on pages 14-15 of the response, “Thus, Lecocq discloses that the encrypted connection is established between the device 3.4…and the server 3.6…while the terminal 3.1…merely ‘functions as a simple network router’. In such an architecture, packet routing does not require the terminal 3.1 to issue any read command to the device 3.4, or [sic] does it require the terminal 3.1 to receive a distinct response that contains location information.” This argument is not persuasive because that the terminal 3.1 is utilized by the user to select a service such that the selected service information is transmitted to the device 3.4 (Page 7, last paragraph). This selected service information can be considered a “read command” as claimed. In response to the received service selection, the device retrieves the service address that corresponds with the selected service and establishes an encrypted connection with the server 3.6 hosting the selected service such that the terminal 3.1 relays the encrypted connection information to the server and would therefore have received the service address (Page 7, last paragraph). Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim 6 is rejected under 35 U.S.C. 102(a)(1) as being anticipated by Lecocq, WO 2010/142740. Referring to claim 6, Lecocq discloses secure access to a remote server (Figure 3, element 3.6: remote/service server reads on the claimed personal information server) that utilizes a device (Figure 3, element 3.4: device reads on the claimed authentication device), which meets the limitation of an authentication device. The device includes a sensor to capture biometric information (Page 7, last paragraph), which meets the limitation of a sensor configured to acquire biological information of a person. The device performs biometric recognition on the device using MOC (“Match on Card”) technology (Page 7, last paragraph: Match on Card/MOC implements biometric comparison on the same device where the biometric capture occurs, which requires storage of biometric on the device for the comparison), which meets the limitation of a memory configured to store biological information of a holder, perform a biometric verification between the biological information acquired by the sensor and the biological information stored in the memory. The device stores the service address for the services implemented by the server (Page 7, last paragraph), which meets the limitation of a memory configured to store a location of the personal information server. The device is connected to a terminal (Figure 3, element 3.1) using a network interface (Page 5, second full paragraph), which meets the limitation of an interface configured to connect to a terminal device. The device includes a processor (Figure 6, last full paragraph: discusses use of coprocessor for cryptographic operations shows that the device also includes a processor) such that an encrypted connection is established with a service implemented on the server that was selected by the user using the terminal, using an address stored by the device (Page 7, last paragraph: authentication is performed before connection is established; device has the address of the server; user selection of the service using the terminal shows that the selected service information is transmitted from the terminal to the device in order to retrieve the service address. This selected service information reads on the claimed read command), between the device and the server with the terminal relaying data between the device and server (Page 5, second full paragraph & Figure 3, arrow 3.7: device has the address of the server and terminal relays data to the server, which requires the device to provide the address of the server to the terminal in order to perform the relay operation), which meets the limitation of a processor configured to if the biometric verification is successful, and in response to a read command from the terminal device, output, to the terminal device, information indicating the location of the personal information server. The server provides services such as providing access to bank/medical data (Page 2, second full paragraph & Page 7, second full paragraph), which meets the limitation of the personal information server that stores personal information of the holder. The terminal connects with the server that hosts users bank account data/medical information such that the server exchanges information with the terminal (Page 2, second full paragraph & Page 7, second fully paragraph – Page 8, first paragraph: at the point in time prior to receiving the information from the server, the terminal did not store the personal information from the server). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 5, 7, 8, 12, 13 are rejected under 35 U.S.C. 103 as being unpatentable over Lecocq, WO 2010/142740, in view of Aunger, U.S. Patent No. 11,328,088. Referring to claim 1, Lecocq discloses secure access to a remote server (Figure 3, element 3.6: remote/service server reads on the claimed personal information server) that utilizes a device (Figure 3, element 3.4: device reads on the claimed authentication device), which meets the limitation of an information management system comprising an authentication device and a personal information server. The device includes a sensor to capture biometric information (Page 7, last paragraph), which meets the limitation of the authentication device including a sensor configured to acquire biological information of a person. The device perform biometric recognition on the device using MOC (“Match on Card”) technology (Page 7, last paragraph: Match on Card/MOC implements biometric comparison on the same device where the biometric capture occurs, which requires storage of biometric on the device for the comparison), which meets the limitation of a memory configured to store biological information of a holder, perform a biometric verification between the biological information acquired by the sensor and the biological information stored in the memory. The device stores the service address for the services implemented by the server (Page 7, last paragraph), which meets the limitation of a memory configured to store a location of the personal information server. The device is connected to a terminal (Figure 3, element 3.1) using a network interface (Page 5, second full paragraph), which meets the limitation of an interface configured to connect to a terminal device. The device includes a processor (Figure 6, last full paragraph: discusses use of coprocessor for cryptographic operations shows that the device also includes a processor) such that an encrypted connection is established with a service implemented on the server that was selected by the user using the terminal, using an address stored by the device (Page 7, last paragraph: authentication is performed before connection is established; device has the address of the server; user selection of the service using the terminal shows that the selected service information is transmitted from the terminal to the device in order to retrieve the service address. This selected service information reads on the claimed read command), between the device and the server with the terminal relaying data between the device and server (Page 5, second full paragraph & Figure 3, arrow 3.7: device has the address of the server and terminal relays data to the server, which requires the device to provide the address of the server to the terminal in order to perform the relay operation), which meets the limitation of a first processor configured to if the biometric verification is successful, and in response to a read command from the terminal device, output information indicating the location of the personal information server to the terminal device. The server connects to the terminal over network 3.5 (Page 5, second full paragraph: server connection over network 3.5 requires a network interface), which meets the limitation of the personal information server includes a communication unit configured to communicate with the terminal device. The server provides services such as providing access to bank/medical data (Page 2, second full paragraph & Page 7, second full paragraph), which meets the limitation of the personal information server being a repository in which personal information of the holder of the authentication device is stored, a data memory configured to store the personal information of the holder of the authentication device. The server includes a processor (Figure 6, last full paragraph: discusses use of coprocessor for cryptographic operations shows that the server also includes a processor), which meets the limitation of a second processor. Lecocq discloses that the server can provide services such as providing access to bank/medical data, however, Lococq does not explicitly disclose that user bank account data is transmitted to the terminal. Aunger discloses a remote system that stores user medical information such that access to the medical information can be requested by the user and once the user has been successfully authenticated and authorized, the remote system transmits the requested medical information to the user device over established connections (Col. 12, lines 3-36), which meets the limitation of a second processor configured to supply the personal information of the holder of the authentication device stored in the data memory to the terminal device in response to a request from the terminal device to which the authentication device is connected. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Lecocq to have provided requested user data to the terminal in order to provide the user with secure access to their health records as suggested by Aunger (Col. 1, line 53 – Col. 2, line 14). Referring to claim 5, Lecocq discloses that the device is a smart card (Page 3, third full paragraph), which meets the limitation of the authentication device has a card-shaped main body. The device includes a sensor to capture fingerprint biometric information (Page 7, last paragraph), which meets the limitation of the sensor of the authentication device is a fingerprint sensor configured to read a fingerprint as biological information. The device includes a processor (Figure 6, last full paragraph: discusses use of coprocessor for cryptographic operations shows that the device also includes a processor) such that an encrypted connection is established, using an address stored by the device (Page 7, last paragraph: authentication is performed before connection is established; device has the address of the server), between the device and the server with the terminal relaying data between the device and server (Page 5, second full paragraph & Figure 3, arrow 3.7: device has the address of the server and terminal relays data to the server, which requires the device to provide the address of the server to the terminal in order to perform the relay operation), which meets the limitation of the first processor of the authentication device outputs the information indicating the location of the personal information server to the terminal device if a fingerprint verification between the fingerprint information acquired by the sensor and the fingerprint information stored in the memory is successful. Referring to claim 7, Lecocq discloses secure access to a remote server (Figure 3, element 3.6: remote/service server reads on the claimed personal information server) that utilizes a device (Figure 3, element 3.4: device reads on the claimed authentication device), which meets the limitation of a personal information server. The server connects to the terminal over network 3.5 wherein the terminal is connected with the device (Page 5, second full paragraph: server connection over network 3.5 requires a network interface), which meets the limitation of a communication unit configured to communicate with the terminal device to which an authentication device is connected. The device performs biometric recognition on the device using MOC (“Match on Card”) technology (Page 7, last paragraph: Match on Card/MOC implements biometric comparison on the same device where the biometric capture occurs, which requires storage of biometric on the device for the comparison), which meets the limitation of the authentication device performing a biometric verification on biological information acquired by a sensor and registered biological information of a holder. The device includes a processor (Figure 6, last full paragraph: discusses use of coprocessor for cryptographic operations shows that the device also includes a processor) such that an encrypted connection is established with a service implemented on the server that was selected by the user using the terminal, using an address stored by the device (Page 7, last paragraph: authentication is performed before connection is established; device has the address of the server; user selection of the service using the terminal shows that the selected service information is transmitted from the terminal to the device in order to retrieve the service address. This selected service information reads on the claimed read command), between the device and the server with the terminal relaying data between the device and server (Page 5, second full paragraph & Figure 3, arrow 3.7: device has the address of the server and terminal relays data to the server, which requires the device to provide the address of the server to the terminal in order to perform the relay operation), which meets the limitation of in response to a read command from the terminal device, outputting information indicating a location of the personal information server to the terminal device. The server provides services such as providing access to bank/medical data (Page 2, second full paragraph & Page 7, second full paragraph), which meets the limitation of a data memory configured to store personal information of a holder of the authentication device. The terminal connects with the server that hosts users bank account data/medical information such that the server exchanges information with the terminal (Page 2, second full paragraph & Page 7, second fully paragraph – Page 8, first paragraph). The server includes a processor (Figure 6, last full paragraph: discusses use of coprocessor for cryptographic operations shows that the server also includes a processor), which meets the limitation of a processor. Lecocq discloses that the server can provide services such as providing access to bank/medical data, however, Lococq does not explicitly disclose that user bank account data is transmitted to the terminal. Aunger discloses a remote system that stores user medical information such that access to the medical information can be requested by the user and once the user has been successfully authenticated and authorized, the remote system transmits the requested medical information to the user device over established connections (Col. 12, lines 3-36), which meets the limitation of a processor configured to supply the personal information of the holder of the authentication device stored in the data memory to the terminal device in response to a request from the terminal device if the biometric verification of the holder performed in the authentication device connected to the terminal is successful. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Lecocq to have provided requested user data to the terminal in order to provide the user with secure access to their health records as suggested by Aunger (Col. 1, line 53 – Col. 2, line 14). Referring to claim 8, Lecocq discloses secure access to a remote server (Figure 3, element 3.6: remote/service server reads on the claimed personal information server) that utilizes a device (Figure 3, element 3.4: device reads on the claimed authentication device), which meets the limitation of an information management system comprising an authentication device and a personal information server. The device includes a sensor to capture biometric information (Page 7, last paragraph), which meets the limitation of the authentication device including a sensor configured to acquire biological information of a person. The device perform biometric recognition on the device using MOC (“Match on Card”) technology (Page 7, last paragraph: Match on Card/MOC implements biometric comparison on the same device where the biometric capture occurs, which requires storage of biometric on the device for the comparison), which meets the limitation of a memory configured to store biological information of a holder, perform a biometric verification between the biological information acquired by the sensor and the biological information stored in the memory. The device stores the service address for the services implemented by the server (Page 7, last paragraph), which meets the limitation of a memory configured to store a location of the personal information server. The device is connected to a terminal (Figure 3, element 3.1) using a network interface (Page 5, second full paragraph), which meets the limitation of an interface configured to connect to a terminal device. The device includes a processor (Figure 6, last full paragraph: discusses use of coprocessor for cryptographic operations shows that the device also includes a processor) such that an encrypted connection is established with a service implemented on the server that was selected by the user using the terminal, using an address stored by the device (Page 7, last paragraph: authentication is performed before connection is established; device has the address of the server; user selection of the service using the terminal shows that the selected service information is transmitted from the terminal to the device in order to retrieve the service address. This selected service information reads on the claimed read command), between the device and the server with the terminal relaying data between the device and server (Page 5, second full paragraph & Figure 3, arrow 3.7: device has the address of the server and terminal relays data to the server, which requires the device to provide the address of the server to the terminal in order to perform the relay operation), which meets the limitation of a first processor configured to if the biometric verification is successful, and in response to a read command from the terminal device, output information indicating the location of the personal information server to the terminal device. The server connects to the terminal over network 3.5 (Page 5, second full paragraph: server connection over network 3.5 requires a network interface), which meets the limitation of the personal information server includes a communication unit configured to communicate with the terminal device. The server provides services such as providing access to bank/medical data (Page 2, second full paragraph & Page 7, second full paragraph), which meets the limitation of the personal information server being a repository in which personal information of the holder of the authentication device is stored, a data memory configured to store the personal information of the holder of the authentication device. The terminal connects with the server that hosts users bank account data/medical information such that the server exchanges information with the terminal (Page 2, second full paragraph & Page 7, second fully paragraph – Page 8, first paragraph). The server includes a processor (Figure 6, last full paragraph: discusses use of coprocessor for cryptographic operations shows that the server also includes a processor), which meets the limitation of a second processor. Lecocq discloses that the server can provide services such as providing access to bank/medical data, however, Lococq does not explicitly disclose that user bank account data is transmitted to the terminal. Aunger discloses a remote system that stores user medical information such that access to the medical information can be requested by the user and once the user has been successfully authenticated and authorized, and the requested access can include reading the medical information, modifying the received medical information, and writing the medical information (Col. 5, line 63 – Col. 6, line 2), which meets the limitation of a second processor configured to write information supplied from the terminal device in the data memory as the personal information of the holder of the authentication device in response to a write request from the terminal device to which the authentication device is connected. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Lecocq to have provided requested user data to the terminal in order to provide the user with secure access to their health records as suggested by Aunger (Col. 1, line 53 – Col. 2, line 14). Referring to claim 12, Lecocq discloses that the device is a smart card (Page 3, third full paragraph), which meets the limitation of the authentication device has a card-shaped main body. The device includes a sensor to capture fingerprint biometric information (Page 7, last paragraph), which meets the limitation of the sensor of the authentication device is a fingerprint sensor configured to read a fingerprint as biological information. The device includes a processor (Figure 6, last full paragraph: discusses use of coprocessor for cryptographic operations shows that the device also includes a processor) such that an encrypted connection is established, using an address stored by the device (Page 7, last paragraph: authentication is performed before connection is established; device has the address of the server), between the device and the server with the terminal relaying data between the device and server (Page 5, second full paragraph & Figure 3, arrow 3.7: device has the address of the server and terminal relays data to the server, which requires the device to provide the address of the server to the terminal in order to perform the relay operation), which meets the limitation of the first processor of the authentication device outputs the information indicating the location of the personal information server to the terminal device if a fingerprint verification between the fingerprint information acquired by the sensor and the fingerprint information stored in the memory is successful. Referring to claim 13, Lecocq discloses secure access to a remote server (Figure 3, element 3.6: remote/service server reads on the claimed personal information server) that utilizes a device (Figure 3, element 3.4: device reads on the claimed authentication device), which meets the limitation of a personal information server. The server connects to the terminal over network 3.5 wherein the terminal is connected with the device (Page 5, second full paragraph: server connection over network 3.5 requires a network interface), which meets the limitation of a communication unit configured to communicate with a terminal device to which an authentication device is connected. The device performs biometric recognition on the device using MOC (“Match on Card”) technology (Page 7, last paragraph: Match on Card/MOC implements biometric comparison on the same device where the biometric capture occurs, which requires storage of biometric on the device for the comparison), which meets the limitation of the authentication device performing a biometric verification on biological information acquired by a sensor and registered biological information of a holder. The device includes a processor (Figure 6, last full paragraph: discusses use of coprocessor for cryptographic operations shows that the device also includes a processor) such that an encrypted connection is established with a service implemented on the server that was selected by the user using the terminal, using an address stored by the device (Page 7, last paragraph: authentication is performed before connection is established; device has the address of the server; user selection of the service using the terminal shows that the selected service information is transmitted from the terminal to the device in order to retrieve the service address. This selected service information reads on the claimed read command), between the device and the server with the terminal relaying data between the device and server (Page 5, second full paragraph & Figure 3, arrow 3.7: device has the address of the server and terminal relays data to the server, which requires the device to provide the address of the server to the terminal in order to perform the relay operation), which meets the limitation of in response to a read command from the terminal device, outputting information indicating a location of the personal information server to the terminal device. The server provides services such as providing access to bank/medical data (Page 2, second full paragraph & Page 7, second full paragraph), which meets the limitation of a data memory configured to store personal information of a holder of the authentication device. The terminal connects with the server that hosts users bank account data/medical information such that the server exchanges information with the terminal (Page 2, second full paragraph & Page 7, second fully paragraph – Page 8, first paragraph). The server includes a processor (Figure 6, last full paragraph: discusses use of coprocessor for cryptographic operations shows that the server also includes a processor), which meets the limitation of a processor. Lecocq discloses that the server can provide services such as providing access to bank/medical data, however, Lococq does not explicitly disclose that user bank account data is transmitted to the terminal. Aunger discloses a remote system that stores user medical information such that access to the medical information can be requested by the user and once the user has been successfully authenticated and authorized, the remote system writes the requested medical information (Col. 12, lines 3-36 & Col. 5, line 63 – Col. 6, line 2), which meets the limitation of a processor configured to write, if the biometric verification of the holder performed in the authentication device connected to the terminal device is successful, write information supplied from the terminal device in the data memory as the personal information of the holder of the authentication device in response to a write request from the terminal device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Lecocq to have provided requested user data to the terminal in order to provide the user with secure access to their health records as suggested by Aunger (Col. 1, line 53 – Col. 2, line 14). Claims 2, 9 are rejected under 35 U.S.C. 103 as being unpatentable over Lecocq, WO 2010/142740, in view of Aunger, U.S. Patent No. 11,328,088, and further in view of Pan, U.S. Publication No. 2018/0145987. Referring to claim 2, Lecocq discloses that the encrypted connection between the device and the server allows for decryption of received information by the device and the server (Page 6, last full paragraph), which meets the limitation of obtained by decrypting the data received through the secure messaging from the personal information server. Lecocq discloses that the server can provide services such as providing access to bank/medical data, however, Lococq does not explicitly disclose that user bank account data is transmitted to the terminal. Aunger discloses a remote system that stores user medical information such that access to the medical information can be requested by the user and once the user has been successfully authenticated and authorized, the remote system transmits the requested medical information to the user device over established connections (Col. 12, lines 3-36). The remote system authenticates the user, generates an access token, and transmits the access token to the user device (Col. 11, lines 43-46), which meets the limitation of the second processor of the personal information server issues a [one-time] token, transmits the [one-time] token to the authentication device through secure messaging. The access token is provided to the remote system in a subsequent request for access to user medical information such that the received token indicates that the requester is authorized to receive the requested medical information (Col. 11, lines 46-57: as applied to the Lococq reference which includes an encrypted connection between the server and the device with the terminal acting as a relay in between, the token generated by the server and transmitted to the device would be received by the terminal as part of the relay and the subsequent request from the device to the server would also be received by the terminal as part of the relay) and the remote system transmits the requested medical information to the user device over established connections (Col. 12, lines 3-36), which meets the limitation of and then, if the data received from the terminal device matches the issued [one-time] token, transmits the personal information to the terminal device, and the first processor of the authentication device transmits, to the terminal device, the [one-time] token issued by the personal information server. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Lecocq to have provided requested user data to the terminal in order to provide the user with secure access to their health records as suggested by Aunger (Col. 1, line 53 – Col. 2, line 14). Aunger discloses that the access token has an expiration (Col. 11, lines 16-18). Aunger does not disclose that the access token is a one-time token. Pan discloses implementing access tokens to have either an expiration or a limited number of uses that includes “one-time” usage ([0036]), which meets the limitation of a one-time token. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the access token of Aunger to have been a one-time token because Pan discloses that one-time tokens are one of a finite number of possible tokens that could have been have been implemented by one of ordinary skill in the art with a reasonable expectation of success. Referring to claim 9, Lecocq discloses that the encrypted connection between the device and the server allows for decryption of received information by the device and the server (Page 6, last full paragraph), which meets the limitation of obtained by decrypting the data received through the secure messaging from the personal information server. Lecocq discloses that the server can provide services such as providing access to bank/medical data, however, Lococq does not explicitly disclose that user bank account data is transmitted to the terminal. Aunger discloses a remote system that stores user medical information such that access to the medical information can be requested by the user and once the user has been successfully authenticated and authorized, the remote system transmits the requested medical information to the user device over established connections (Col. 12, lines 3-36). The remote system authenticates the user, generates an access token, and transmits the access token to the user device (Col. 11, lines 43-46), which meets the limitation of the second processor of the personal information server issues a [one-time] token, transmits the [one-time] token to the authentication device through secure messaging. The access token is provided to the remote system in a subsequent request for access to user medical information such that the received token indicates that the requester is authorized to write the requested medical information (Col. 11, lines 46-5 & Col. 5, line 63 – Col. 6, line 2: as applied to the Lococq reference which includes an encrypted connection between the server and the device with the terminal acting as a relay in between, the token generated by the server and transmitted to the device would be received by the terminal as part of the relay and the subsequent request from the device to the server would also be received by the terminal as part of the relay), which meets the limitation of and then, if challenge data of a [one-time] token received from the terminal device matches the issued [one-time] token, write the write information received from the terminal device in the data memory, the first processor of the authentication device transmits, to the terminal device, a [one-time] token issued by the personal information server. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Lecocq to have provided requested user data to the terminal in order to provide the user with secure access to their health records as suggested by Aunger (Col. 1, line 53 – Col. 2, line 14). Aunger discloses that the access token has an expiration (Col. 11, lines 16-18). Aunger does not disclose that the access token is a one-time token. Pan discloses implementing access tokens to have either an expiration or a limited number of uses that includes “one-time” usage ([0036]), which meets the limitation of a one-time token. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the access token of Aunger to have been a one-time token because Pan discloses that one-time tokens are one of a finite number of possible tokens that could have been have been implemented by one of ordinary skill in the art with a reasonable expectation of success. Claims 3, 10 are rejected under 35 U.S.C. 103 as being unpatentable over Lecocq, WO 2010/142740, in view of Aunger, U.S. Patent No. 11,328,088, and further in view of Wheeler, U.S. Publication No. 2004/0128508. Referring to claim 3, Lecocq discloses that the server can provide services such as providing access to bank/medical data, however, Lococq does not explicitly disclose that user bank account data is transmitted to the terminal. Aunger discloses a remote system that stores user medical information such that access to the medical information can be requested by the user and once the user has been successfully authenticated and authorized, the remote system transmits the requested medical information to the user device over established connections (Col. 12, lines 3-36), which meets the limitation of the second processor of the personal information, in response to a request from the terminal device, transmits the personal information of the holder of the authentication device stored in the data memory, and then supplies the terminal device with the [signed] personal information. The requested access can include reading the medical information, modifying the received medical information, and writing the medical information (Col. 5, line 63 – Col. 6, line 2), which meets the limitation of the first processor of the authentication device transmits, to the personal information server, [signed] personal information obtained [by digitally signing] the personal information of the holder received from the personal information server. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Lecocq to have provided requested user data to the terminal in order to provide the user with secure access to their health records as suggested by Aunger (Col. 1, line 53 – Col. 2, line 14). Lecocq, as modified in view of Aunger, does not disclose that the communications between the device and server are digitally signed. Wheeler discloses that a requesting entity transmits a digitally signed request to an access authentication component such that the access authentication component additionally receives the public key associated with the requesting entity, which the access authentication component utilizes to verify the digital signature ([0018]), which meets the limitation of signed personal information obtained by digitally signing the personal information of the holder, the second processor of the personal information server discloses a public key of the authentication device acquired from the authentication device to the terminal, the signed personal information being personal information digitally signed by the authentication device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the communications between the device and server of Lecocq to have been digitally signed in order to authenticate the sender of the communications as suggested by Wheeler ([0011]). Referring to claim 10, Lecocq discloses that the server can provide services such as providing access to bank/medical data, however, Lococq does not explicitly disclose that user bank account data is transmitted to the terminal. Aunger discloses a remote system that stores user medical information such that access to the medical information can be requested by the user and once the user has been successfully authenticated and authorized, the remote system transmits the requested medical information to the user device over established connections (Col. 12, lines 3-36). The requested access can include reading the medical information, modifying the received medical information, and writing the medical information (Col. 5, line 63 – Col. 6, line 2), which meets the limitation of the second processor of the personal information server acquires [signed] write information from the terminal device, [verifies the signed write information using a public key of the terminal device], and then writes the write information in the data memory. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Lecocq to have provided requested user data to the terminal in order to provide the user with secure access to their health records as suggested by Aunger (Col. 1, line 53 – Col. 2, line 14). Lecocq, as modified in view of Aunger, does not disclose that the communications between the device and server are digitally signed. Wheeler discloses that a requesting entity transmits a digitally signed request to an access authentication component such that the access authentication component additionally receives the public key associated with the requesting entity, which the access authentication component utilizes to verify the digital signature ([0018]), which meets the limitation of signed write information, verifies the signed write information using the public key of the terminal device, the signed write information being write information digitally signed by the terminal device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the communications between the device and server of Lecocq to have been digitally signed in order to authenticate the sender of the communications as suggested by Wheeler ([0011]). Claims 4, 11 are rejected under 35 U.S.C. 103 as being unpatentable over Lecocq, WO 2010/142740, in view of Aunger, U.S. Patent No. 11,328,088, in view of Wheeler, U.S. Publication No. 2004/0128508, and further in view of Pan, U.S. Publication No. 2018/0145987. Referring to claim 4, Lecocq discloses that the encrypted connection between the device and the server allows for decryption of received information by the device and the server (Page 6, last full paragraph), which meets the limitation of obtained by decrypting the data received through the secure messaging from the personal information server. Lecocq discloses that the server can provide services such as providing access to bank/medical data, however, Lococq does not explicitly disclose that user bank account data is transmitted to the terminal. Aunger discloses a remote system that stores user medical information such that access to the medical information can be requested by the user and once the user has been successfully authenticated and authorized, the remote system transmits the requested medical information to the user device over established connections (Col. 12, lines 3-36). The remote system authenticates the user, generates an access token, and transmits the access token to the user device (Col. 11, lines 43-46), which meets the limitation of the second processor of the personal information server issues a [one-time] token, transmits the [one-time] token to the authentication device through secure messaging. The access token is provided to the remote system in a subsequent request for access to user medical information such that the received token indicates that the requester is authorized to receive the requested medical information (Col. 11, lines 46-57: as applied to the Lococq reference which includes an encrypted connection between the server and the device with the terminal acting as a relay in between, the token generated by the server and transmitted to the device would be received by the terminal as part of the relay and the subsequent request from the device to the server would also be received by the terminal as part of the relay) and the remote system transmits the requested medical information to the user device over established connections (Col. 12, lines 3-36), which meets the limitation of and then, if challenge data of a [one-time] token received from the terminal device matches the issued [one-time] token, transmits the [signed] personal information to the terminal device, and the first processor of the authentication device transmits, to the terminal device, the [one-time] token issued by the personal information server. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Lecocq to have provided requested user data to the terminal in order to provide the user with secure access to their health records as suggested by Aunger (Col. 1, line 53 – Col. 2, line 14). Lecocq, as modified in view of Aunger, does not disclose that the communications between the device and server are digitally signed. Wheeler discloses that a requesting entity transmits a digitally signed request to an access authentication component such that the access authentication component additionally receives the public key associated with the requesting entity, which the access authentication component utilizes to verify the digital signature ([0018]), which meets the limitation of signed personal information. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the communications between the device and server of Lecocq to have been digitally signed in order to authenticate the sender of the communications as suggested by Wheeler ([0011]). Aunger discloses that the access token has an expiration (Col. 11, lines 16-18). Aunger does not disclose that the access token is a one-time token. Pan discloses implementing access tokens to have either an expiration or a limited number of uses that includes “one-time” usage ([0036]), which meets the limitation of a one-time token. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the access token of Aunger to have been a one-time token because Pan discloses that one-time tokens are one of a finite number of possible tokens that could have been have been implemented by one of ordinary skill in the art with a reasonable expectation of success. Referring to claim 11, Lecocq discloses that the encrypted connection between the device and the server allows for decryption of received information by the device and the server (Page 6, last full paragraph), which meets the limitation of obtained by decrypting the data received through the secure messaging from the personal information server. Lecocq discloses that the server can provide services such as providing access to bank/medical data, however, Lococq does not explicitly disclose that user bank account data is transmitted to the terminal. Aunger discloses a remote system that stores user medical information such that access to the medical information can be requested by the user and once the user has been successfully authenticated and authorized, the remote system transmits the requested medical information to the user device over established connections (Col. 12, lines 3-36). The remote system authenticates the user, generates an access token, and transmits the access token to the user device (Col. 11, lines 43-46), which meets the limitation of the second processor of the personal information server issues a [one-time] token, transmits the [one-time] token to the authentication device through secure messaging. The access token is provided to the remote system in a subsequent request for access to user medical information such that the received token indicates that the requester is authorized to write the requested medical information (Col. 11, lines 46-57 & Col. 5, line 63 – Col. 6, line 2: as applied to the Lococq reference which includes an encrypted connection between the server and the device with the terminal acting as a relay in between, the token generated by the server and transmitted to the device would be received by the terminal as part of the relay and the subsequent request from the device to the server would also be received by the terminal as part of the relay), which meets the limitation of and then, if challenge data of a [one-time] token received from the terminal device matches the issued [one-time] token, [verifies the signed write information received from the terminal device using a public key of the terminal device] and then write the write information the data memory, and the first processor of the authentication device transmits, to the terminal device, the [one-time] token issued by the personal information server. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the server of Lecocq to have provided requested user data to the terminal in order to provide the user with secure access to their health records as suggested by Aunger (Col. 1, line 53 – Col. 2, line 14). Lecocq, as modified in view of Aunger, does not disclose that the communications between the device and server are digitally signed. Wheeler discloses that a requesting entity transmits a digitally signed request to an access authentication component such that the access authentication component additionally receives the public key associated with the requesting entity, which the access authentication component utilizes to verify the digital signature ([0018]), which meets the limitation of signed write information, verifies the signed write information received form the terminal device using a public key of the terminal device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the communications between the device and server of Lecocq to have been digitally signed in order to authenticate the sender of the communications as suggested by Wheeler ([0011]). Aunger discloses that the access token has an expiration (Col. 11, lines 16-18). Aunger does not disclose that the access token is a one-time token. Pan discloses implementing access tokens to have either an expiration or a limited number of uses that includes “one-time” usage ([0036]), which meets the limitation of a one-time token. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the access token of Aunger to have been a one-time token because Pan discloses that one-time tokens are one of a finite number of possible tokens that could have been have been implemented by one of ordinary skill in the art with a reasonable expectation of success. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 5:30-4:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at 5712705143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BENJAMIN E LANIER/ Primary Examiner, Art Unit 2437
Read full office action

Prosecution Timeline

Mar 07, 2024
Application Filed
Sep 30, 2025
Non-Final Rejection — §102, §103
Dec 01, 2025
Response Filed
Dec 15, 2025
Examiner Interview (Telephonic)
Dec 15, 2025
Final Rejection — §102, §103
Mar 13, 2026
Request for Continued Examination
Mar 25, 2026
Response after Non-Final Action
Apr 13, 2026
Non-Final Rejection — §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12615134
IDENTITY AUTHENTICATION METHOD AND APPARATUS, STORAGE MEDIUM, PROGRAM, AND PROGRAM PRODUCT
2y 10m to grant Granted Apr 28, 2026
Patent 12602474
USE OF AN APPLICATION CONTROLLER TO MONITOR AND CONTROL SOFTWARE FILE AND APPLICATION ENVIRONMENTS
1y 6m to grant Granted Apr 14, 2026
Patent 12598079
DIGITAL SIGNATURES WITH KEY-DERIVATION
2y 0m to grant Granted Apr 07, 2026
Patent 12587541
SECURE CONNECTION BROKER FOR SWARM COMMUNICATIONS
2y 4m to grant Granted Mar 24, 2026
Patent 12566846
TURING MACHINE AGENT FOR BEHAVIORAL THREAT DETECTION
1y 11m to grant Granted Mar 03, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
69%
Grant Probability
87%
With Interview (+17.3%)
3y 8m (~1y 6m remaining)
Median Time to Grant
High
PTA Risk
Based on 916 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month