Office Action Predictor
Last updated: April 15, 2026
Application No. 18/648,461

Method and System for Securely Exchanging Cryptographic Challenge/Response Messages

Non-Final OA §102§112
Filed
Apr 28, 2024
Examiner
WASEL, MOHAMED A
Art Unit
2454
Tech Center
2400 — Computer Networks
Assignee
6Harmonics INC.
OA Round
1 (Non-Final)
90%
Grant Probability
Favorable
1-2
OA Rounds
2y 7m
To Grant
96%
With Interview

Examiner Intelligence

Grants 90% — above average
90%
Career Allow Rate
743 granted / 826 resolved
+32.0% vs TC avg
Moderate +6% lift
Without
With
+5.6%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
16 currently pending
Career history
842
Total Applications
across all art units

Statute-Specific Performance

§101
12.4%
-27.6% vs TC avg
§103
24.3%
-15.7% vs TC avg
§102
33.0%
-7.0% vs TC avg
§112
11.4%
-28.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 826 resolved cases

Office Action

§102 §112
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This action is responsive to claims filed on April 28, 2024. Claims 1-22 are pending and presented for examination. Authorization for Internet Communication To expedite prosecution, filing a written authorization for internet communication is recommended. Doing so permits the USPTO to communicate using email to schedule interviews and/or discuss other aspects of the application. Without a written authorization in place, the USPTO cannot respond to email communications. The preferred method of providing authorization is by filing form PTO/SB/439, available at: https://www.uspto.gov/patent/forms/forms. See MPEP § 502.03. Claim Objections Claims 2-13 and 15-21 objected to because of the following informalities: It is recommended to amend the preamble of said claims “A method according to claim…” to read “The method according to claim…”. Appropriate corrections are required where applicable. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 1 recites the limitation “verifying the cryptographically secured secret by at least one of a trusted system and the first radio to determine one of a verified trusted response from an authorised origin and a verified untrusted response” on lines 7-9 which renders the claim indefinite because it is unclear what said limitation pertains to. Appropriate corrections/clarifications are required. Independent claims 14 and 22 recite similar limitation, thus said claims are rejected under the same rationale as claim 1. Dependent claims 2-13 and 15-21 are rejected under the same rationale as their base claims due to their dependency. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of pre-AIA 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-22 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Melo et al “Melo”, US-PGPub. No. 20200274721. As per claims 1, 14 and 22, Melo teaches methods comprising: providing a cryptographically secured secret to a first user (Paragraph(s) [0038]; when signing up for a service for the first time, a client creates and presents to the service a self-signed public key certificate, which is created from a private key that is kept secret. The service verifies all information it needs from the connection to establish the identity of the specific individual, then creates a new-user database record that contains the public-key certificate along with that individual's identifying information); providing a first radio associated with the first user and having stored therein data for use in verifying an origin of a response received to a challenge (Paragraph(s) [0076]; user credentials are the presentation of a cryptographically-signed payload, who's signing origins can be traced to possession of the user's Personal Root Certificate private key via a chain-of-trust validation mechanism. In addition, Melo discloses the private key can be stored internally in a consumer device's hardware security module (HSM) or in a special, separate key-storage device (Paragraph(s) [0011], [0018]). In further details. Melo discloses, in a subsequent Log-in Example. Step 1) a client presents the same certificate and the service validates the certificate chain-of-trust and performs a challenge/response to ensure certificate ownership (with TLS, this is done automatically). Step 2) the service compares the presented certificate with certificates in the service's database. If both steps are successful, the certificate belongs to and is a credential identifying the existing user and specific individual in the database (Paragraph(s) [0039])); transmitting to the first radio a response to the challenge with data derived from information for responding to the challenge and the cryptographically secured secret (Paragraph(s) [0016]; the self-signed certificate is transmitted to a verifying party computer over a network. In further details, Melo discloses using cryptographic credential service to separately and independently determining the connecting individual's actual identity, and creating a database record for that individual containing the certificate. Then, when a self-signed certificate is subsequently presented in a connection and is affirmatively compared against the certificate database entry of the individual, it securely identifies the specific user (Paragraph(s) [0035-0036];); verifying the cryptographically secured secret by at least one of a trusted system and the first radio to determine one of a verified trusted response from an authorised origin and a verified untrusted response (Paragraph(s) [0064-0067], [0076], [0081-0082], [0155-0156]; since the verifying party uses the user's Personal Root Certificate to authenticate the user, the user can easily migrate and recover lost credentials by signing new certificates on their Personal Certificate Chain, without direct involvement of the verifying party); in response, to a verified trusted response, resetting access credentials to the first radio (Paragraph(s) [0074], [0082]; recovering lost credentials); and in response to an untrusted response other than resetting access credentials to the first radio (Paragraph(s) [0075], [0122]). As per claims 2 and 15, Melo teaches wherein, the verified trusted response includes new access credentials (Paragraph(s) [0055]). As per claims 3 and 16, Melo teaches wherein, resetting access credentials comprises resetting access credentials to a default value (Fig. 4, Paragraph(s) [0020], [0045], [0170]). As per claims 4 and 17, Melo teaches wherein, resetting access credentials comprises resetting access credentials through a further secure data exchange (Paragraph(s) [0055], [0057], [0062]). As per claim 5, Melo teaches providing from the first radio the challenge (Paragraph(s) [0035]). As per claims 6 and 18, Melo teaches wherein providing from the first radio the challenge comprises broadcasting from the first radio a challenge packet at intervals, the challenge packet comprising challenge data (Paragraph(s) [0036], [0156], [0190]). As per claims 7 and 19, Melo teaches wherein the challenge data is verifiably provided by the first radio (Paragraph(s) [0018], [0073], [0199]). As per claims 8 and 20, Melo teaches wherein the challenge data is cryptographically verifiable as being provided by the first radio (Paragraph(s) [0011], [0196]). As per claims 9 and 21, Melo teaches wherein the challenge data comprises a radio identifier for identifying the first radio (Paragraph(s) [0011]). As per claims 10, Melo teaches wherein verifying the cryptographically secured secret by at least one of a trusted system and the first radio to determine one of a verified trusted response from an authorised origin and a verified untrusted response comprises verifying the first user in reliance upon a trusted authority (Paragraph(s) [0036], [0038]). As per claims 11, Melo teaches wherein verifying the cryptographically secured secret by at least one of a trusted system and the first radio to determine one of a verified trusted response from an authorised origin and a verified untrusted response comprises receiving a certificate of a response from the first user, the certificate provided by the trusted authority (Paragraph(s) [0038-0039]). As per claims 12, Melo teaches wherein verifying the cryptographically secured secret by at least one of a trusted system and the first radio to determine one of a verified trusted response from an authorised origin and a verified untrusted response comprises receiving a certificate of a trusted authority, the trusted authority having verified a response by the first user (Paragraph(s) [0039]). As per claims 13, Melo teaches wherein verifying the cryptographically secured secret by at least one of a trusted system and the first radio to determine one of a verified trusted response from an authorised origin and a verified untrusted response comprises verifying a cryptographic signature of the first user by the first radio (Paragraph(s) [0081], [0085-0086]). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please refer to form PTO-892 (Notice of Reference Cited) for a list of relevant prior art. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMED A WASEL whose telephone number is (571) 272-2669. The examiner can normally be reached Mon-Fri (8:00 am – 4:30 pm). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton Burgess can be reached on (571)272-3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free)? If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MOHAMED A. WASEL/Primary Examiner, Art Unit 2454
Read full office action

Prosecution Timeline

Apr 28, 2024
Application Filed
Sep 04, 2025
Non-Final Rejection — §102, §112
Apr 03, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12591648
BIOMETRIC AUTHENTICATION SYSTEM, TEMPLATE UPDATING METHOD THEREFOR, STORAGE MEDIUM, BIOMETRIC AUTHENTICATION CLIENT DEVICE, AND BIOMETRIC AUTHENTICATION SERVER DEVICE
2y 5m to grant Granted Mar 31, 2026
Patent 12580906
INTERFACE FOR CREATING A CERTIFICATE-ENFORCED NETWORK FOR DEVICES IN A LOGICAL GROUP
2y 5m to grant Granted Mar 17, 2026
Patent 12580889
SPECIFIC USE OF A GATEWAY IN OPERATIONAL TECHNOLOGY NETWORKS
2y 5m to grant Granted Mar 17, 2026
Patent 12581051
DISPLAY DEVICE AND METHOD FOR PROVIDING STEREOSCOPIC IMAGE THE SAME
2y 5m to grant Granted Mar 17, 2026
Patent 12574262
CONFIDENTIAL VIRTUAL MACHINE USING STATE-SEPERATED STORAGE ARCHITECTURE
2y 5m to grant Granted Mar 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
90%
Grant Probability
96%
With Interview (+5.6%)
2y 7m
Median Time to Grant
Low
PTA Risk
Based on 826 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month