Office Action Predictor
Last updated: April 16, 2026
Application No. 18/642,251

SECURE NODE EXCHANGE ATTRIBUTE-BASED KEYS (SNEAK)

Non-Final OA §103
Filed
Apr 22, 2024
Examiner
AMBAYE, SAMUEL
Art Unit
2433
Tech Center
2400 — Computer Networks
Assignee
Wells Fargo Bank, N.A.
OA Round
1 (Non-Final)
82%
Grant Probability
Favorable
1-2
OA Rounds
2y 10m
To Grant
99%
With Interview

Examiner Intelligence

Grants 82% — above average
82%
Career Allow Rate
550 granted / 670 resolved
+24.1% vs TC avg
Strong +25% interview lift
Without
With
+25.1%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
28 currently pending
Career history
698
Total Applications
across all art units

Statute-Specific Performance

§101
7.2%
-32.8% vs TC avg
§103
71.7%
+31.7% vs TC avg
§102
6.4%
-33.6% vs TC avg
§112
4.6%
-35.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 670 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status 1. The present application, filed on or after March 16, 2013, is being examined under the First inventor to file provisions of the AIA . Status of Claim 2. Claims 1-20 are pending. Claims 1, 18 and 20 are in independent forms. Information Disclosure Statement 3. No information disclosure statement has been filed on this Application. Drawings 4. The drawings filed on 04/22/2024 are accepted. Claim Rejections - 35 USC § 103 5. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 7. Claims 1-2, 4, 6-11, 13, 15-16, and 18-20 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Datye et al. US Patent Application Publication No. 2019/0319784 (hereinafter Datye) in view of Duchon et al. US Patent Application Publication No. 2020/0084027 (hereinafter Duchon). Regarding claim 1, Datye discloses a method, comprising: “receiving, by a key management node from one of a first node or a second node, a first message comprising a plurality of encrypted message components and a plurality of established Content Encryption Keys (CEKs), (see Datye par. 0016, the broadcasting computing system 104 (first node) may generate the content encryption key, and may provide the content encryption key to the processing server 102 (key management node) using a suitable communication network and method. In other embodiments, the processing server 102 may generate the content encryption key, which may be provided to the broadcasting computing system 104 thereby. In some cases, transmissions between the broadcasting computing system 104 and processing server 102, such as of the content encryption key, may be encrypted or otherwise protected from intercept of transmitted data using suitable methods. In some instances, the processing server 102 and broadcast computing system 104 may independently generate identical content encryption keys using methods previously agreed upon by each system); wherein each of the plurality of encrypted message components of the first message is one of a plurality of message components encrypted using a respective one of a plurality of CEKs, and wherein each of the plurality of established CEKs is one of the plurality of CEKs established using a public key of the key management node” (see datye par. 0028, the receiving device 202 may receive registration messages from broadcasting computing systems 104 and/or recipient computing devices 108, which may include broadcast public keys, recipient public keys, recipient device identifiers, or other data for use in performing the functions of the processing server 102 as discussed herein. In some cases, communications received from the broadcasting computing system 104 and/or recipient computing devices 108 may be encrypted with a server public key for which the processing server 102 possess the corresponding server private key); “determining, by the key management node, a first established CEK of the plurality of established CEKs using a private key of the key management node to obtain a first CEK, wherein the private key and the public key of the key management node form a public and private key pair, a first encrypted message component of the plurality of encrypted message components is a first message component of the plurality of message components encrypted using the first CEK” (see Datye par. 0005, identifying, by a data identification module of the processing server, a unique identifier; electronically transmit, by a transmitting device of the processing server, a data message including at least the encrypted broadcast message and the unique identifier; receiving, by the receiving device of the processing server, a key request from the recipient computing device, wherein the key request includes at least the unique identifier; verifying, by a verification module of the processing server, that the unique identifier included in the key request is equivalent to the unique identifier identified by the processing server; encrypting, by an encryption module of the processing server, the content encryption key using the recipient public key; and electronically transmitting, by the transmitting device of the processing server, the encrypted content encryption key to the recipient computing device); “establishing, by the key management node, the first CEK using a public key of the second node to obtain a second established CEK” (see Datye par. 0035, The processing server 102 may also include an encryption module 220. The encryption module 220 may be configured to encrypt or decrypt data and generate encryption keys for use in performing the functions of the processing server 102 discussed herein. The encryption module 220 may receive data to encrypt, encrypted data to decrypt, or a request to generate a cryptographic key pair as an instruction, may perform the requested function, and output the respective data to another module or engine of the processing server 102. The encryption module 220 may, for example, be configured to encrypt content encryption keys using recipient public keys, decrypt broadcast requests and key requests using a server private key, generate a cryptographic key pair to use as a server public key and server private key, generate a cryptographic key pair to use as a content encryption keys, etc.); Datye does not explicitly discloses sending, by the key management node, a second message comprising the plurality of encrypted message components, the second established CEK, and a third established CEK, wherein the third established CEK is one of the plurality of established CEKs in the first message, and wherein the second node determines the second established CEK to obtain the first CEK and decrypts the first encrypted message component using the first CEK to obtain the first message component. However, in analogues art, Duchon discloses sending, by the key management node, a second message comprising the plurality of encrypted message components, the second established CEK, and a third established CEK, wherein the third established CEK is one of the plurality of established CEKs in the first message, and wherein the second node determines the second established CEK to obtain the first CEK and decrypts the first encrypted message component using the first CEK to obtain the first message component (see Duchon pars. 0143-0145, blockchain is configured to store data transmitted among multiple computers. The ledger is publicly accessible; however, the blockchain must be stored, such that the actual data transmitted can only be accessed by the participants of the data transmittal. For instance, if a first node transmits a message to a second node, the blockchain will reveal that a message was transmitted from the first node to the second node. However, the blockchain must be maintained, such that only the first node and the second node may view the content of the message. when the first node transmits a message to the second node, a processor of the second node (or any other node associated with the blockchain) first generates an encryption key by executing an algorithm that generates encryption keys that include randomly selected alphanumerical values. The processor then executes a symmetrical encryption algorithm to encrypt the content of the message, the processor generates a first encrypted encryption key using the first node's public key and a second encrypted encryption key using the second node's public key. The processor then generates two new blocks: a first block that includes the first encrypted encryption key and the encrypted message and a second block that includes the second encrypted encryption key and the encrypted message. The processor then appends both blocks to the blockchain. When a processor of the first node is instructed to display the content of the message, the processor first retrieves a public key for the first node and executes an asymmetrical decryption method to decrypt the encrypted encryption key within the first block. The processor then uses the decrypted encryption key and executes a symmetrical decryption protocol to decrypt the encrypted message. Upon decrypting the message, the processor can have access to the message and display the message). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Duchon in to the system of Datye in order to include a processor may then asymmetrically encrypt the content of the encryption key using public keys for one or more authorized nodes. The processor may then place the encrypted encryption key and the encrypted data elements within a block and append the block to the blockchain (see Duchon par. 0036). Regarding claim 2, Datye in view of Duchon discloses the method of claim 1, Datye further discloses wherein the key management node receives the first message from the first node (see Datye par. 0016, the broadcasting computing system 104 may generate the content encryption key, and may provide the content encryption key to the processing server 102 using a suitable communication network and method); the key management node returns the second message to the first node (see Datye par. 0016, the processing server 102 may generate the content encryption key, which may be provided to the broadcasting computing system 104 thereby); and the first node sends the second message to the second node in response to receiving the second message from the key management node (see Datye par. 0017, the broadcasting computing system 104 may broadcast the encrypted broadcast message to a plurality of different recipient computing devices 108 using any suitable type of communication network 110, such as the internet, a cellular communication network, local area network, wide area network). Regarding claim 4, Datye in view of Duchon discloses the method of claim 1, Datye further discloses wherein the second node receives the first message from the first node (see Datye par. 0017, the broadcasting computing system 104 may broadcast the encrypted broadcast message to a plurality of different recipient computing devices 108 using any suitable type of communication network 110); the second node sends the first message to the key management node in response to receiving the first message from the first node (see Datye par. 0021, Each recipient computing device 108 may generate its own cryptographic key pair, comprised of a recipient private key and a recipient public key. During the registration of a recipient 106, the recipient public key of the associated recipient computing device 108 may be distributed to the processing server 102 and the broadcasting computing system 104); and the key management node sends the second message to the second node (see Datye par. 0022, The processing server 102 may respond to the key request submitted by the recipient computing device 108 with the encrypted content encryption key). Regarding claim 6, Datye in view of Duchon discloses the method of claim 1, Datye further discloses wherein the second node identifies, based on the first message component, a third node. in response to identifying the third node, the second node sends the first message to the key management node or to the third node (see Datye par. 0019, the broadcasting computing system 104 may generate a cryptographic key pair used for the distribution of data to recipient computing devices 108, which may be comprised of a broadcast private key and a broadcast public key. The broadcast public key may be distributed to each recipient computing device 108 upon registration of a recipient 106 for receipt of broadcasted messages. The broadcast computing system 104 may encrypt the unique identifier using the broadcast private key prior to transmission to the recipient computing device 108, where the recipient computing device 108 may decrypt the unique identifier using the previously received broadcast public key). Regarding claims 7 and 19, Datye in view of Duchon discloses the method of claim 1, the system of claim 18, Datye further discloses receiving, by the key management node from one of the second node or a third node, the first message (see Datye par. 0028, The receiving device 202 may also be configured to receive data signals electronically transmitted by recipient computing devices 108, which may be superimposed or otherwise encoded with key requests, which may include at least a unique identifier and may include additional data, such as a recipient device identifier, authentication data, etc.); determining, by the key management node, the third established CEK of the plurality of established CEKs using the private key of the key management node to obtain a second CEK, a second encrypted message component of the plurality of encrypted message components is a second message component of the plurality of message components encrypted using the second CEK (see Datye par. 0005, identifying, by a data identification module of the processing server, a unique identifier; electronically transmit, by a transmitting device of the processing server, a data message including at least the encrypted broadcast message and the unique identifier; receiving, by the receiving device of the processing server, a key request from the recipient computing device, wherein the key request includes at least the unique identifier; verifying, by a verification module of the processing server, that the unique identifier included in the key request is equivalent to the unique identifier identified by the processing server; encrypting, by an encryption module of the processing server, the content encryption key using the recipient public key; and electronically transmitting, by the transmitting device of the processing server, the encrypted content encryption key to the recipient computing device); establishing, by the key management node, the second CEK using a public key of the third node to obtain a fourth established CEK (see Datye par. 0021, Each recipient computing device 108 may generate its own cryptographic key pair, comprised of a recipient private key and a recipient public key. During the registration of a recipient 106, the recipient public key of the associated recipient computing device 108 may be distributed to the processing server 102 and the broadcasting computing system 104. The processing server 102 may encrypt the identified content encryption key using the recipient computing device's recipient public key); but Datye does not explicitly discloses sending, by the key management node, a third message comprising the plurality of encrypted message components, the fourth established CEK, and wherein the third node determines the fourth established CEK to obtain the second CEK and decrypts the second encrypted message component using the second CEK to obtain the second message component. However, in analogues art Duchon discloses sending, by the key management node, a third message comprising the plurality of encrypted message components, the fourth established CEK, and wherein the third node determines the fourth established CEK to obtain the second CEK and decrypts the second encrypted message component using the second CEK to obtain the second message component (see Datye pars. 0143-0145, if a first node transmits a message to a second node, the blockchain will reveal that a message was transmitted from the first node to the second node. However, the blockchain must be maintained, such that only the first node and the second node may view the content of the message, the processor generates a first encrypted encryption key using the first node's public key and a second encrypted encryption key using the second node's public key. The processor then generates two new blocks: a first block that includes the first encrypted encryption key and the encrypted message and a second block that includes the second encrypted encryption key and the encrypted message. The processor then appends both blocks to the blockchain. When a processor of the first node is instructed to display the content of the message, the processor first retrieves a public key for the first node and executes an asymmetrical decryption method to decrypt the encrypted encryption key within the first block. The processor then uses the decrypted encryption key and executes a symmetrical decryption protocol to decrypt the encrypted message. Upon decrypting the message, the processor can have access to the message and display the message). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Duchon in to the system of Datye in order to include a processor may then asymmetrically encrypt the content of the encryption key using public keys for one or more authorized nodes. The processor may then place the encrypted encryption key and the encrypted data elements within a block and append the block to the blockchain (see Duchon par. 0036). Regarding claim 8, Datye in view of Duchon discloses the method of claim 7, Datye further discloses wherein the third message further comprises a fifth established CEK, and wherein the fifth established CEK is one of the plurality of established CEKs in the first message (see Datye par. 0018, The unique identifier may be generated by the processing server 102 or the broadcasting computing system 104 and exchanged between both systems. In some instances, a broadcast message may be encrypted by several different content encryption keys, for which each may have a corresponding unique identifier. For example, each time the broadcasting computing system 104 broadcasts the message, a different content encryption key may be used for the encryption thereof. In some cases, a separate content encryption key may be used for every authorized recipient 106, where a different unique identifier may be generated for each recipient 106 corresponding to the respective content encryption key). Regarding claim 9, Datye in view of Duchon discloses the method of claim 8, Datye further discloses wherein the fifth established CEK is in at least one of the first message or the second message (see Datye par. 0017, The broadcast message may be encrypted using the content encryption key and then broadcast for receipt by the recipients 106. In some embodiments, the broadcasting computing system 104 may broadcast the encrypted broadcast message to a plurality of different recipient computing devices 108 using any suitable type of communication network 110). Regarding claim 10, Datye in view of Duchon discloses the method of claim 7, Datye further discloses wherein the third established CEK is established using the public key of the key management node (see Datye par. 0028, the receiving device 202 may receive registration messages from broadcasting computing systems 104 and/or recipient computing devices 108, which may include broadcast public keys, recipient public keys, recipient device identifiers, or other data for use in performing the functions of the processing server 1020). Regarding claim 11, Datye in view of Duchon discloses the method of claim 7, Datye further discloses wherein the key management node receives the first message from the second node (see Datye par. 0016, the broadcasting computing system 104 may generate the content encryption key, and may provide the content encryption key to the processing server 102 using a suitable communication network and method); the key management node sends the third message to the second node (see Datye par. 0016, the processing server 102 may generate the content encryption key, which may be provided to the broadcasting computing system 104 thereby); and the second node sends the third message to the third node in response to receiving the third message from the key management node (see Datye par. 0017, the broadcasting computing system 104 may broadcast the encrypted broadcast message to a plurality of different recipient computing devices 108 using any suitable type of communication network 110, such as the internet, a cellular communication network, local area network, wide area network). Regarding claim 13, Datye in view of Duchon discloses the method of claim 7, Datye further discloses wherein the third node receives the first message from the second node (see Datye par. 0017, the broadcasting computing system 104 may broadcast the encrypted broadcast message to a plurality of different recipient computing devices 108 using any suitable type of communication network 110); the third node sends the first message to the key management node in response to receiving the first message from the second node (see Datye par. 0021, Each recipient computing device 108 may generate its own cryptographic key pair, comprised of a recipient private key and a recipient public key. During the registration of a recipient 106, the recipient public key of the associated recipient computing device 108 may be distributed to the processing server 102 and the broadcasting computing system 104); and the key management node sends the third message to the third node (see Datye par. 0022, The processing server 102 may respond to the key request submitted by the recipient computing device 108 with the encrypted content encryption key). Regarding claim 15, Datye in view of Duchon discloses the method of claim 1, Duchon further discloses further comprising generating, by the key management node using another private key of the key management node, a cryptographic signature on the second message, wherein the signed second message is sent to the first node or the second node, and the second node verifies the signature using another public key of the key management node in response to receiving the signed second message from the first node or from the key management node, the private key of the key management node is different from the another private key of the key management node, and the public key of the key management node is different from the another public key of the key management node (see Duchon par. 0089, The blockchain client 1304, peer 1310, and smart contract 1302 can connect using HTTPs connections. For example, the blockchain client 1304 requests server (e.g. peer 1310) public key. The blockchain client 1304 validates public key with certificate signing authority. The blockchain client 1304 and server (peer 1310) handshake a cipher process. The blockchain client 1304 generates a symmetric encryption key and encrypts with the server's (peer 1310) public key. This can be repeated with the public key of every node/peer 1310. Server (peer 1310) decrypts symmetric key with private key. This can be repeated by every node/peer 1310 that wants to read the data. The blockchain client 1304 and server (peer 1310) communicate by encrypting/decrypting data with symmetric key). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Duchon in to the system of Datye in order to include a processor may then asymmetrically encrypt the content of the encryption key using public keys for one or more authorized nodes. The processor may then place the encrypted encryption key and the encrypted data elements within a block and append the block to the blockchain (see Duchon par. 0036). Regarding claim 16, Datye in view of Duchon discloses the method of claim 1, Duchon further discloses signcrypting, by the key management node, the second message, wherein the signcrypted second message is sent to the first node or the second node, and the second node verifies and decrypts the signcrypted second message in response to receiving the signed second message from the first node or from the key management node (see Duchon par. 0099, The blockchain client 1304 is responsible for collecting endorsements and/or signature data from all peers or organizations 1310a and 1310b required for the transaction (e.g., Org1, Org2) based on an endorsement policy. The endorsement policy can be logic that requires consensus from both Org 1 organization 1310a and Org2 organization 1310b, for example. That is, a consensus in terms of the endorsement policy means that the corresponding endorsements have been collected. Each endorsement produces a read/write set, which can be signed by the corresponding participant (organization), and hence the endorsements can be trusted and the policy can be enforced. The consensus on the next block can be found through an ordering process. The blockchain client 1304 can send the requests for endorsements out in parallel to the smart contracts 1302a and 1302b). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Duchon in to the system of Datye in order to include a processor may then asymmetrically encrypt the content of the encryption key using public keys for one or more authorized nodes. The processor may then place the encrypted encryption key and the encrypted data elements within a block and append the block to the blockchain (see Duchon par. 0036). Regarding claim 18, Datye discloses a system, comprising at least one processor ( Fig. 5 Processor 504) configured to: “receive from one of a first node or a second node, a first message comprising a plurality of encrypted message components and a plurality of established Content Encryption Keys (CEKs) (see Datye par. 0016, the broadcasting computing system 104 (first node) may generate the content encryption key, and may provide the content encryption key to the processing server 102 (key management node) using a suitable communication network and method. In other embodiments, the processing server 102 may generate the content encryption key, which may be provided to the broadcasting computing system 104 thereby. In some cases, transmissions between the broadcasting computing system 104 and processing server 102, such as of the content encryption key, may be encrypted or otherwise protected from intercept of transmitted data using suitable methods. In some instances, the processing server 102 and broadcast computing system 104 may independently generate identical content encryption keys using methods previously agreed upon by each system), wherein each of the plurality of encrypted message components of the first message is one of a plurality of message components encrypted using a respective one of a plurality of CEKs, and wherein each of the plurality of established CEKs is one of the plurality of CEKs encrypted using a public key of the key management node” (see datye par. 0028, the receiving device 202 may receive registration messages from broadcasting computing systems 104 and/or recipient computing devices 108, which may include broadcast public keys, recipient public keys, recipient device identifiers, or other data for use in performing the functions of the processing server 102 as discussed herein. In some cases, communications received from the broadcasting computing system 104 and/or recipient computing devices 108 may be encrypted with a server public key for which the processing server 102 possess the corresponding server private key); “determining a first established CEK of the plurality of established CEKs using a private key of a key management node to obtain a first CEK , wherein the private key and the public key of the key management node form a public and private key pair, a first encrypted message component of the plurality of encrypted message components is a first message component of the plurality of message components encrypted using the first CEK” (see Datye par. 0005, identifying, by a data identification module of the processing server, a unique identifier; electronically transmit, by a transmitting device of the processing server, a data message including at least the encrypted broadcast message and the unique identifier; receiving, by the receiving device of the processing server, a key request from the recipient computing device, wherein the key request includes at least the unique identifier; verifying, by a verification module of the processing server, that the unique identifier included in the key request is equivalent to the unique identifier identified by the processing server; encrypting, by an encryption module of the processing server, the content encryption key using the recipient public key; and electronically transmitting, by the transmitting device of the processing server, the encrypted content encryption key to the recipient computing device); “encrypt the first CEK using a public key of the second node to obtain a second established CEK” (see Datye par. 0035, The processing server 102 may also include an encryption module 220. The encryption module 220 may be configured to encrypt or decrypt data and generate encryption keys for use in performing the functions of the processing server 102 discussed herein. The encryption module 220 may receive data to encrypt, encrypted data to decrypt, or a request to generate a cryptographic key pair as an instruction, may perform the requested function, and output the respective data to another module or engine of the processing server 102. The encryption module 220 may, for example, be configured to encrypt content encryption keys using recipient public keys, decrypt broadcast requests and key requests using a server private key, generate a cryptographic key pair to use as a server public key and server private key, generate a cryptographic key pair to use as a content encryption keys, etc.); Datye does not explicitly discloses send a second message comprising the plurality of encrypted message components, the second established CEK, and a third established CEK, wherein the third established CEK is one of the plurality of established CEKs in the first message, and wherein the second node decrypts the second established CEK to obtain the first CEK and decrypts the first encrypted message component using the first CEK to obtain the first message component. However, in analogues art, Duchon discloses send a second message comprising the plurality of encrypted message components, the second established CEK, and a third established CEK, wherein the third established CEK is one of the plurality of established CEKs in the first message, and wherein the second node decrypts the second established CEK to obtain the first CEK and decrypts the first encrypted message component using the first CEK to obtain the first message component (see Duchon pars. 0143-0145, blockchain is configured to store data transmitted among multiple computers. The ledger is publicly accessible; however, the blockchain must be stored, such that the actual data transmitted can only be accessed by the participants of the data transmittal. For instance, if a first node transmits a message to a second node, the blockchain will reveal that a message was transmitted from the first node to the second node. However, the blockchain must be maintained, such that only the first node and the second node may view the content of the message. when the first node transmits a message to the second node, a processor of the second node (or any other node associated with the blockchain) first generates an encryption key by executing an algorithm that generates encryption keys that include randomly selected alphanumerical values. The processor then executes a symmetrical encryption algorithm to encrypt the content of the message, the processor generates a first encrypted encryption key using the first node's public key and a second encrypted encryption key using the second node's public key. The processor then generates two new blocks: a first block that includes the first encrypted encryption key and the encrypted message and a second block that includes the second encrypted encryption key and the encrypted message. The processor then appends both blocks to the blockchain. When a processor of the first node is instructed to display the content of the message, the processor first retrieves a public key for the first node and executes an asymmetrical decryption method to decrypt the encrypted encryption key within the first block. The processor then uses the decrypted encryption key and executes a symmetrical decryption protocol to decrypt the encrypted message. Upon decrypting the message, the processor can have access to the message and display the message). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Duchon in to the system of Datye in order to include a processor may then asymmetrically encrypt the content of the encryption key using public keys for one or more authorized nodes. The processor may then place the encrypted encryption key and the encrypted data elements within a block and append the block to the blockchain (see Duchon par. 0036). Regarding claim 20, Datye discloses a non-transitory processor-readable media comprising processor-readable instructions, such that, when executed, causes at least one processor to: “receive from one of a first node or a second node, a first message comprising a plurality of encrypted message components and a plurality of encrypted Content Encryption Keys (CEKs) (see Datye par. 0016, the broadcasting computing system 104 (first node) may generate the content encryption key, and may provide the content encryption key to the processing server 102 (key management node) using a suitable communication network and method. In other embodiments, the processing server 102 may generate the content encryption key, which may be provided to the broadcasting computing system 104 thereby. In some cases, transmissions between the broadcasting computing system 104 and processing server 102, such as of the content encryption key, may be encrypted or otherwise protected from intercept of transmitted data using suitable methods. In some instances, the processing server 102 and broadcast computing system 104 may independently generate identical content encryption keys using methods previously agreed upon by each system), wherein each of the plurality of encrypted message components of the first message is one of a plurality of message components encrypted using a respective one of a plurality of CEKs, and wherein each of the plurality of established CEKs is one of the plurality of CEKs established using a public key of the key management node” (see datye par. 0028, the receiving device 202 may receive registration messages from broadcasting computing systems 104 and/or recipient computing devices 108, which may include broadcast public keys, recipient public keys, recipient device identifiers, or other data for use in performing the functions of the processing server 102 as discussed herein. In some cases, communications received from the broadcasting computing system 104 and/or recipient computing devices 108 may be encrypted with a server public key for which the processing server 102 possess the corresponding server private key); “determine a first established CEK of the plurality of established CEKs using a private key of a key management node to obtain a first CEK , wherein the private key and the public key of the key management node form a public and private key pair, a first encrypted message component of the plurality of encrypted message components is a first message component of the plurality of message components encrypted using the first CEK” (see Datye par. 0005, identifying, by a data identification module of the processing server, a unique identifier; electronically transmit, by a transmitting device of the processing server, a data message including at least the encrypted broadcast message and the unique identifier; receiving, by the receiving device of the processing server, a key request from the recipient computing device, wherein the key request includes at least the unique identifier; verifying, by a verification module of the processing server, that the unique identifier included in the key request is equivalent to the unique identifier identified by the processing server; encrypting, by an encryption module of the processing server, the content encryption key using the recipient public key; and electronically transmitting, by the transmitting device of the processing server, the encrypted content encryption key to the recipient computing device); “establish the first CEK using a public key of the second node to obtain a second established CEK” (see Datye par. 0035, The processing server 102 may also include an encryption module 220. The encryption module 220 may be configured to encrypt or decrypt data and generate encryption keys for use in performing the functions of the processing server 102 discussed herein. The encryption module 220 may receive data to encrypt, encrypted data to decrypt, or a request to generate a cryptographic key pair as an instruction, may perform the requested function, and output the respective data to another module or engine of the processing server 102. The encryption module 220 may, for example, be configured to encrypt content encryption keys using recipient public keys, decrypt broadcast requests and key requests using a server private key, generate a cryptographic key pair to use as a server public key and server private key, generate a cryptographic key pair to use as a content encryption keys, etc.); Datye does not explicitly discloses send a second message comprising the plurality of encrypted message components, the second established CEK, and a third established CEK, wherein the third established CEK is one of the plurality of established CEKs in the first message, and wherein the second node determines the second established CEK to obtain the first CEK and decrypts the first encrypted message component using the first CEK to obtain the first message component. However, in analogues art, Duchon discloses send a second message comprising the plurality of encrypted message components, the second established CEK, and a third established CEK, wherein the third established CEK is one of the plurality of established CEKs in the first message, and wherein the second node determines the second established CEK to obtain the first CEK and decrypts the first encrypted message component using the first CEK to obtain the first message component (see Duchon pars. 0143-0145, blockchain is configured to store data transmitted among multiple computers. The ledger is publicly accessible; however, the blockchain must be stored, such that the actual data transmitted can only be accessed by the participants of the data transmittal. For instance, if a first node transmits a message to a second node, the blockchain will reveal that a message was transmitted from the first node to the second node. However, the blockchain must be maintained, such that only the first node and the second node may view the content of the message. when the first node transmits a message to the second node, a processor of the second node (or any other node associated with the blockchain) first generates an encryption key by executing an algorithm that generates encryption keys that include randomly selected alphanumerical values. The processor then executes a symmetrical encryption algorithm to encrypt the content of the message, the processor generates a first encrypted encryption key using the first node's public key and a second encrypted encryption key using the second node's public key. The processor then generates two new blocks: a first block that includes the first encrypted encryption key and the encrypted message and a second block that includes the second encrypted encryption key and the encrypted message. The processor then appends both blocks to the blockchain. When a processor of the first node is instructed to display the content of the message, the processor first retrieves a public key for the first node and executes an asymmetrical decryption method to decrypt the encrypted encryption key within the first block. The processor then uses the decrypted encryption key and executes a symmetrical decryption protocol to decrypt the encrypted message. Upon decrypting the message, the processor can have access to the message and display the message). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Duchon in to the system of Datye in order to include a processor may then asymmetrically encrypt the content of the encryption key using public keys for one or more authorized nodes. The processor may then place the encrypted encryption key and the encrypted data elements within a block and append the block to the blockchain (see Duchon par. 0036). 6. Claims 3, 5, 12, and 14 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Datye et al. US Patent Application Publication No. 2019/0319784 (hereinafter Datye) in view of Duchon et al. US Patent Application Publication No. 2020/0084027 (hereinafter Duchon) in further view of D’ Alessandro et al. US Patent Application Publication No. 2021/0243173 (hereinafter D’ Alessandro). Regarding claim 3, Datye in view of Duchon discloses the method of claim 1, Datye in view of Duchon does not explicitly discloses in response to receiving the first message from the first node, determining, by the key management node, that the first node is authorized to send the second message to the second node or that the second node is authorized to receive the second message from the first node based on one or more of: at least one attribute of the first node; at least one attribute of the second node; or at least one attribute of the first message component or the first encrypted message component. However, in analogues art, D’Alessandrro discloses in response to receiving the first message from the first node, determining, by the key management node, that the first node is authorized to send the second message to the second node or that the second node is authorized to receive the second message from the first node based on one or more of: at least one attribute of the first node; at least one attribute of the second node; or at least one attribute of the first message component or the first encrypted message component (see D’Alessandro par. 0085, the source node private digital signature key may have embedded therein a source node attribute set including at least one source node attribute of the source node, particularly an identifier of the source node or an expiry time/date of said private digital signature key, and the source node digital signature may have embedded therein an access policy satisfied by the attribute set embedded in the source node private digital signature key, particularly an access policy including said identifier of the source node or said expiry time/date of said private digital signature key). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of D’Alessandro in to the system of Datye and Suehr in order to include an Attribute-based access control relates to access to assets or resources including various data and various network functions and elements (see D’Alessandro par. 0153). Regarding claim 5, Datye in view of Suehr discloses the method of claim 4, Datye in view of Suehr does not explicitly discloses in response to receiving the first message from the second node, determining, by the key management node, that the first node is authorized to send the second message to the second node or that the second node is authorized to receive the second message from the first node based on one or more of: at least one attribute of the first node; at least one attribute of the second node; or at least one attribute of the first message component or the first encrypted message component. However, in analogues art, D’Alessandro discloses in response to receiving the first message from the second node, determining, by the key management node, that the first node is authorized to send the second message to the second node or that the second node is authorized to receive the second message from the first node based on one or more of: at least one attribute of the first node; at least one attribute of the second node; or at least one attribute of the first message component or the first encrypted message component (see D’Alessandro par. 0086, the intermediate node private digital signature key may have embedded therein an intermediate node attribute set including at least one intermediate node attribute of the intermediate node, particularly an identifier of the intermediate node or an expiry time/date of said private digital signature key, and the intermediate node digital signature may have embedded therein an access policy satisfied by the attribute set embedded in the intermediate node private digital signature key, particularly an access policy including said identifier of the intermediate node or said expiry time/date of said private digital signature key). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of D’Alessandro in to the system of Datye and Suehr in order to include an Attribute-based access control relates to access to assets or resources including various data and various network functions and elements (see D’Alessandro par. 0153). Regarding claim 12, Datye in view of Suehr discloses the method of claim 11, Datye in view of Suehr does not explicitly discloses in response to receiving the first message from the second node, determining, by the key management node, that the second node is authorized to send the third message to the third node or that the third node is authorized to receive the third message from the second node based on one or more of: at least one attribute of the second node; at least one attribute of the third node; or at least one attribute of the second message component or the second encrypted message component. However, in analogues art, D’Alessandrro discloses in response to receiving the first message from the second node, determining, by the key management node, that the second node is authorized to send the third message to the third node or that the third node is authorized to receive the third message from the second node based on one or more of: at least one attribute of the second node; at least one attribute of the third node; or at least one attribute of the second message component or the second encrypted message component (see D’Alessandro par. 0085, the source node private digital signature key may have embedded therein a source node attribute set including at least one source node attribute of the source node, particularly an identifier of the source node or an expiry time/date of said private digital signature key, and the source node digital signature may have embedded therein an access policy satisfied by the attribute set embedded in the source node private digital signature key, particularly an access policy including said identifier of the source node or said expiry time/date of said private digital signature key). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of D’Alessandro in to the system of Datye and Suehr in order to include an Attribute-based access control relates to access to assets or resources including various data and various network functions and elements (see D’Alessandro par. 0153). Regarding claim 14, Datye in view of Duchon discloses the method of claim 13, Datye further discloses in response to receiving the first message from the third node, determining, by the key management node, that the second node is authorized to send the third message to the third node or that the third node is authorized to receive the third message from the second node based on one or more of: at least one attribute of the second node; at least one attribute of the third node; or at least one attribute of the second message component or the second encrypted message component. However, in analogues art, D’Alessandro discloses in response to receiving the first message from the third node, determining, by the key management node, that the second node is authorized to send the third message to the third node or that the third node is authorized to receive the third message from the second node based on one or more of: at least one attribute of the second node; at least one attribute of the third node; or at least one attribute of the second message component or the second encrypted message component (see D’Alessandro par. 0086, the intermediate node private digital signature key may have embedded therein an intermediate node attribute set including at least one intermediate node attribute of the intermediate node, particularly an identifier of the intermediate node or an expiry time/date of said private digital signature key, and the intermediate node digital signature may have embedded therein an access policy satisfied by the attribute set embedded in the intermediate node private digital signature key, particularly an access policy including said identifier of the intermediate node or said expiry time/date of said private digital signature key). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of D’Alessandro in to the system of Datye and Suehr in order to include an Attribute-based access control relates to access to assets or resources including various data and various network functions and elements (see D’Alessandro par. 0153). Allowable Subject Matter 7. Claim 17 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion 8. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Nair et al. (US 2015/0229471 A1): discloses A method and a user device are disclosed for securing streaming content decryption. The method includes receiving at the user device a manifest for requested content, the manifest providing a Content Encryption Key (CEK) that is encrypted using a first public Key Encryption Key (KEK), a corresponding first private KEK being stored in secure storage on the user device; decrypting, inside a secure processing zone on the user device, the CEK using the first private KEK to create a decrypted content key; decrypting, inside the secure processing zone, requested content using the decrypted content key to form decrypted content; and providing the decrypted content to a decoder on the mobile user device. Suchr et al. (US 2023/0388280 A1): discloses systems for generating secure messages for secure chat messaging that include a processor to receive an API request for a shared chat secret, determine whether a user is authorized for a chat messaging application based on the API request, transmit a request for an encrypted chat secret based on the API request, receive the encrypted chat secret, transmit the encrypted chat secret to a key management system (KMS), receive a chat secret from the KMS, wrap the chat secret according to an encryption algorithm using the user encryption key to provide a wrapped chat secret, generate an access token based on a session identifier, transmit the access token to the KMS, receive a signed access token from the KMS, and transmit the wrapped chat secret and the signed access token. Methods and computer program products are also disclosed. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMUEL AMBAYE whose telephone number is (571)270-7635. The examiner can normally be reached M-F 9:00 AM - 6:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SAMUEL AMBAYE/Examiner, Art Unit 2433 /JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433
Read full office action

Prosecution Timeline

Apr 22, 2024
Application Filed
Feb 16, 2026
Non-Final Rejection — §103
Mar 31, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12596834
METHOD OF PROCESSING DATA FOR PERSONAL INFORMATION PROTECTION AND APPARATUS USING THE SAME
2y 5m to grant Granted Apr 07, 2026
Patent 12598057
SIMILARITY CALCULATION SYSTEM, SIMILARITY CALCULATION APPARATUS, SIMILARITY CALCULATION METHOD, AND SIMILARITY CALCULATION PROGRAM
2y 5m to grant Granted Apr 07, 2026
Patent 12593203
Remote identity verification and dynamic storage of identity data
2y 5m to grant Granted Mar 31, 2026
Patent 12574363
SYSTEM FOR USER-INITIATED AUTHENTICATION OF AN ELECTRONIC COMMUNICATION CHANNEL USING A SECURE COMPUTING APPLICATION TOKEN
2y 5m to grant Granted Mar 10, 2026
Patent 12556923
ACCESS CONTROL DEVICE COMMUNICATION SYSTEM
2y 5m to grant Granted Feb 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
82%
Grant Probability
99%
With Interview (+25.1%)
2y 10m
Median Time to Grant
Low
PTA Risk
Based on 670 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month