Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsBOE TECHNOLOGY GROUP CO., LTD. › 18701220
Last updated: April 19, 2026
Application No. 18/701,220

PROCESSOR, SYSTEM AND METHOD FOR INFORMATION AUTHENTICATION

Final Rejection §103
Filed
Apr 13, 2024
Examiner
KHAN, MOEEN
Art Unit
2436
Tech Center
2400 — Computer Networks
Assignee
BOE TECHNOLOGY GROUP CO., LTD.
OA Round
2 (Final)
69%
Grant Probability
Favorable
3-4
OA Rounds
2y 11m
To Grant
99%
With Interview

Interview Optional

+59.7% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 228 resolved cases, 2023–2026

Examiner Intelligence

KHAN, MOEEN View full profile →
Grants 69% — above average
69%
Career Allow Rate
158 granted / 228 resolved
+11.3% vs TC avg
Strong +60% interview lift
Without
With
+59.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
33 currently pending
Career history
261
Total Applications
across all art units

Statute-Specific Performance

§101
8.7%
-31.3% vs TC avg
§103
62.1%
+22.1% vs TC avg
§102
6.9%
-33.1% vs TC avg
§112
12.7%
-27.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 228 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Detail action Claims 1-15 and 18-20 are pending being considered. Claims 1-3, 5-7, 9-15 and 19-20 have been amended. Claims 16 and 17 have been cancelled. Response to 103 Applicant’s arguments filed on 01/23/2026 have been fully considered and are not persuasive. The applicant argues that the cited prior art fails to teach authenticating the encrypted data in first digital certificate (i.e., first authentication), authentication the key device using the digital certificate (i.e., second authentication) and authenticate the identity information of the protected object (i.e., third authentication) and then calling the protected object subject to validating the identity information of the protected object. The examiner acknowledges applicants’ point of view but respectfully disagrees because Brandin teaches the above limitations on Fig 9 block 202-206 and text on [col 13 line 39-44] the ownership certificate 31 is decrypted using the distribution public key 48 associated with the distributor 57 of the unauthenticated object 13 to reveal the object identifier 23, the ownership information 33 and the random data 35, a determination is made as to whether the decrypting performed at step 204 provided intelligible information equivalent to authenticating decryption result (i.e., first authentication). Further teaches at step 208, an inspection is carried out to obtain the actual owner information. For example, this may involve inspecting identification associated with the purported owner (e.g. the first user 50) who is selling the unknown 13. The ownership information 33 obtained by decrypting the ownership certificate 31 at step 204 is compared to the actual ownership information obtained at step 208. If there is no match, then this suggests that the purported owner is not the actual owner, and the method 200 proceeds to step 214 where the purported owner is not authenticated. However, if there is a match at step 210 then this suggests that the purported owner is in fact the actual owner (i.e., second authentication). See on [col 14 line 10-15] teaches it may be desirable to provide a further level of authentication. At step 220 , the decrypted information may be compared against information stored in the database 61. For example, one or more of the object identifier 23, the ownership information 33 and the random data 35 from the decrypted ownership certificate may be compared with the information about the owners of a particular object as recorded in the database 61. Further teaches the matching at step 220 may include comparing the object identifiers…. once the object identifier 23 has been obtained, the distributor 57 may conduct authentication of the actual object itself 13 (i.e., third authentication) by performing method 100 as shown in Fig 5. See on [col 9 line 50-60] teaches the actual object information retrieved at step 108 is compared with the object information obtained by decrypting the encrypted object identifier 23 (performed at step 106). Then a determination is made as to whether the data matches (i.e., authenticate the identity information of protected object). For example, the identification data obtained from the string information 25 may be compared to the identification data obtained by inspecting the components 15, 17, 19 and 21. After successful verification is the object is made available to the user who purchased the object. In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). In this case, Brandin teaches multilayer authentication using digital certificate, authenticating identity of user using digital certificate. Brandin fails to teach authenticating key device using the digital certificate. PEI overcome the deficiency authenticating key device using the digital certificate to provide identity authentication of terminal device under condition of verifying certificate of target object (PEI [page 1]). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 6, 7, 9. 10 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Brandin (US 8421593) in view of PEI et al (hereinafter PEI) (CN 114710362) (attached English translation is used for examination). Regarding claim 1 Brandin teaches a processor, communicatively connected to a key device hold by a user, comprising (Brandin on [col 4 line 15-20] teaches at least one processor coupled to the database); wherein the device (Brandin on [col 3 line 37-40] teaches receiving an ownership certificate associated with the unknown object. See Fig 1 block 102 and text on [col 9 line 8-15] teaches at step 102, the unknown encrypted object identifier 23 associated with the unknown object 13 is received. Further teaches obtain the unknown object identifier 23 from the unknown object 13 by scanning the unknown object 13 using an RFID reader, a barcode reader, by visual inspection of the unknown object 13. Note that the received encrypted object is digital certificate in view of [col 11 line 43-45]. See also Fig 9 and 10 and [col 14 line 20-25] teaches storing digital certificate); the first digital certificate comprises first encrypted data and identity information of a protected object called by the user (Brandlin on [col 11 line 45-50] teaches the ownership certificate 30 contains the object identifier 22 (in its encrypted form) as well as ownership information 32 about the current owner of that particular object 12. The ownership certificate 30 may also include random data 34 to further enhance the robustness of the ownership certificate 30. See on [col 11 line 40-50] teaches the ownership certificate includes object identifier and random number in encrypted form); the first encrypted data in the first digital certificate is encrypted by using a second private key (Brandin on [col 3 line 40-50] teaches the ownership certificate was encrypted using a second private key of the second public/private key pair). See on [col 11 line 40-50] teaches the ownership certificate includes object identifier and random number in encrypted form); the first result, and authenticate the first decryption result (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 3 line 35-50] teaches receiving an ownership certificate associated with the unknown object, decrypting the ownership certificate using a second public key of a second public/private key pair to obtain actual ownership information for the unknown object, inspecting purported ownership information about a purported owner of the unknown object, and comparing the actual ownership information obtained by decrypting the ownership certificate with the purported ownership information about the purported owner to determine whether the purported owner is the actual owner. See Fig 5 block 104, 106 and text on [col 9 line 15-45] teaches the unknown encrypted object identifier 23 is decrypted using the manufacturing public key, determination is made as to whether information decrypted at step 104 is intelligible. i.e., authenticate the first decryption result); the second public key in the (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 3 line 40-50] teaches the ownership certificate was encrypted using a second private key of the second public/private key pair); Brandin Fig 10 block 218 and text on [col 14 line 20-30] teaches determine whether the ownership certificate 31 matches a record stored in the distribution database 61. If the ownership certificate 31 does not match a record in the database 61, then this suggests that the ownership certificate 31 is not authentic and the method 200 proceeds to step 214 where the purported owner is not authenticated. However, if the ownership certificate 31 matches a record in the database 61, then the method 100 proceeds to step 220 i.e., second authentication based on certificate); and information is authenticated successfully (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 9 line 50-60] teaches the actual object information retrieved at step 108 is compared with the object information obtained by decrypting the unknown encrypted object identifier 23 (performed at step 106). Then a determination is made as to whether the data matches (i.e., authenticate the identity information of protected object). For example, the identification data obtained from the string information 25 may be compared to the identification data obtained by inspecting the components 15, 17, 19 and 21. After successful verification is the object is made available to the user who purchased the object. See on [col 11 line 40-50] teaches the ownership certificate 30 contains the object identifier 22 (in its encrypted form) as well as ownership information 32 about the current owner of that particular object 12. The ownership certificate 30 may also include random data 34. See Fig 10 block 220 and text on [col 14 line 50-60] teaches the matching at step 220 comparing the object identifiers, the ownership information and/or the random data between of the decrypted ownership certificate 31 and data recorded in a corresponding data entry in the database 61). Brandin fails to explicitly teach a device driving module, a first authentication module, a second authentication module and a third authentication module, a second public key preset in a second digital certificate and the second authentication module is configured to authenticate the key device by using the first digital certificate in response to that the first decryption result is authenticated successfully, however PEI from analogous art teaches a device driving module, a first authentication module, a second authentication module and a third authentication module, (PEI on [page 16 last line and page 17 para 1-6] teaches obtaining module for obtaining credential such as certificate, a first verification module for performing integrity verification, a second verification module for performing authenticity verification on the credential, a third verification sub module for verifying the identity of node); a second public key preset in a second digital certificate (PEI on [page 3 para 1] teaches obtaining a certificate of an object to be verified corresponding to a target object, obtaining a node certificate corresponding to a link point of a current block; on [page 9 step S203] the on-chain information in the block chain may further include an object digital identity and a public key corresponding to the target object, and a node digital identity and a public key corresponding to the target node, where the target node is a block chain link point corresponding to a mechanism recorded in the object credential to be verified. Under the condition that the content of the object certificate to be verified is determined to be complete, the current block link point can verify the authenticity of the object certificate to be verified based on the object digital identity and the public key corresponding to the target object and the node digital identity and the public key. See also [page 10 2nd last para] Then, the digital identity management node distributes a node digital identity DID and a node public and private key pair for the corresponding block chain link point according to the initialization configuration information, and performs uplink processing on the node digital identity DID and the node public key pair to generate chain information. And then, a node certificate of the corresponding authority of the issuing node is applied to the digital identity service node through a certificate application module, and the digital identity service node issues a corresponding node certificate according to the role information of the corresponding block link point in the alliance network, wherein the certificate information comprises attribute information corresponding to the block link point and signature information of the alliance organization on the node attribute information corresponding to the target node, namely, verify whether the content recorded in the object certificate to be verified is real content or not i.e., node certificate comprising node public-private key pair and object certificate comprising object public-private key pair); the second authentication module is configured to authenticate the key device by using the first digital certificate in response to that the first decryption result is authenticated successfully (PEI on [page 17 para 6] teaches the third sub-verification module is used for verifying the authenticity of the digital identity of the node to be verified based on the on-chain information under the condition that the signature of the object is determined to be authentic). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of PEI into the teaching of Brandin by having second public key in second certificate for performing authentication of key device in plurality of authentication module. One would be motivated to do so in order to provide identity authentication of terminal device under condition of verifying certificate of target object based on chain information corresponding to plurality of authentication modules (PEI [page 1]). Regarding claim 6 Brandin teaches an information authentication system comprising (Brandin on [col 1 line 5-10 and col 4 line 15-20] teaches apparatus, systems and methods for authentication, and in particular to apparatus, systems and methods for authentication of objects and ownership of objects using asymmetric cryptography.at least one processor coupled to the database); a key device hold by a user and a processor (Brandin on [col 4 line 15-20] teaches at least one processor coupled to the database); wherein the key device is communicatively connected to the processor (Brandin on [col 4 line 15-20] teaches at least one processor coupled to the database); the key device is configured to acquire and store a first digital certificate (Brandin on [col 3 line 55-61] teaches the ownership certificate with actual random data stored in at least one database); the first digital certificate comprises first encrypted data and identity information of a protected object called by the user (Brandlin on [col 11 line 45-50] teaches the ownership certificate 30 contains the object identifier 22 (in its encrypted form) as well as ownership information 32 about the current owner of that particular object 12. The ownership certificate 30 may also include random data 34 to further enhance the robustness of the ownership certificate 30. See on [col 11 line 40-50] teaches the ownership certificate includes object identifier and random number in encrypted form); first encrypted data in the first digital certificate is encrypted by using a second private key (Brandin on [col 3 line 40-50] teaches the ownership certificate was encrypted using a second private key of the second public/private key pair); the device (Brandin on [col 3 line 37-40] teaches receiving an ownership certificate associated with the unknown object. See Fig 1 block 102 and text on [col 9 liine 8-15] teaches at step 102, the unknown encrypted object identifier 23 associated with the unknown object 13 is received. Further teaches obtain the unknown object identifier 23 from the unknown object 13 by scanning the unknown object 13 using an RFID reader, a barcode reader, by visual inspection of the unknown object 13. Note that the received encrypted object is digital certificate in view of [col 11 line 43-45]. See also Fig 9 and 10); (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 3 line 35-50] teaches receiving an ownership certificate associated with the unknown object, decrypting the ownership certificate using a second public key of a second public/private key pair to obtain actual ownership information for the unknown object, inspecting purported ownership information about a purported owner of the unknown object, and comparing the actual ownership information obtained by decrypting the ownership certificate with the purported ownership information about the purported owner to determine whether the purported owner is the actual owner. See Fig 5 block 104, 106 and text on [col 9 line 15-45] teaches the unknown encrypted object identifier 23 is decrypted using the manufacturing public key, determination is made as to whether information decrypted at step 104 is intelligible. i.e., authenticate the first decryption result); the second public key in the second digital certificate is paired with the second private key (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 3 line 40-50] teaches the ownership certificate was encrypted using a second private key of the second public/private key pair); Brandin Fig 10 block 218 and text on [col 14 line 20-30] teaches determine whether the ownership certificate 31 matches a record stored in the distribution database 61. If the ownership certificate 31 does not match a record in the database 61, then this suggests that the ownership certificate 31 is not authentic and the method 200 proceeds to step 214 where the purported owner is not authenticated. However, if the ownership certificate 31 matches a record in the database 61, then the method 100 proceeds to step 220); (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 9 line 50-60] teaches the actual object information retrieved at step 108 is compared with the object information obtained by decrypting the unknown encrypted object identifier 23 (performed at step 106). Then a determination is made as to whether the data matches (i.e., authenticate the identity information of protected object). For example, the identification data obtained from the string information 25 may be compared to the identification data obtained by inspecting the components 15, 17, 19 and 21. After successful verification is the object is made available to the user who purchased the object. See on [col 11 line 40-50] teaches the ownership certificate 30 contains the object identifier 22 (in its encrypted form) as well as ownership information 32 about the current owner of that particular object 12. The ownership certificate 30 may also include random data 34. See Fig 10 block 220 and text on [col 14 line 50-60] teaches the matching at step 220 comparing the object identifiers, the ownership information and/or the random data between of the decrypted ownership certificate 31 and data recorded in a corresponding data entry in the database 61). Brandin fails to explicitly teach a device driving module, a first authentication module, a second authentication module and a third authentication module, a second public key preset in a second digital certificate and the second authentication module is configured to authenticate the key device by using the first digital certificate in response to that the first decryption result is authenticated successfully, however PEI from analogous art teaches the processor comprises a device driving module, a first authentication module, a second authentication module and a third authentication module (PEI on [page 16 last line and page 17 para 1-6] teaches obtaining module for obtaining credential such as certificate, a first verification module for performing integrity verification, a second verification module for performing authenticity verification on the credential, a third verification sub module for verifying the identity of node); a second public key preset in a second digital certificate (PEI on [page 3 para 1] teaches obtaining a certificate of an object to be verified corresponding to a target object, obtaining a node certificate corresponding to a link point of a current block; on [page 9 step S203] the on-chain information in the block chain may further include an object digital identity and a public key corresponding to the target object, and a node digital identity and a public key corresponding to the target node, where the target node is a block chain link point corresponding to a mechanism recorded in the object credential to be verified. Under the condition that the content of the object certificate to be verified is determined to be complete, the current block link point can verify the authenticity of the object certificate to be verified based on the object digital identity and the public key corresponding to the target object and the node digital identity and the public key. See also [page 10 2nd last para] Then, the digital identity management node distributes a node digital identity DID and a node public and private key pair for the corresponding block chain link point according to the initialization configuration information, and performs uplink processing on the node digital identity DID and the node public key pair to generate chain information. And then, a node certificate of the corresponding authority of the issuing node is applied to the digital identity service node through a certificate application module, and the digital identity service node issues a corresponding node certificate according to the role information of the corresponding block link point in the alliance network, wherein the certificate information comprises attribute information corresponding to the block link point and signature information of the alliance organization on the node attribute information corresponding to the target node, namely, verify whether the content recorded in the object certificate to be verified is real content or not i.e., node certificate comprising node public-private key pair and object certificate comprising object public-private key pair); the second authentication module is configured to authenticate the key device by using the first digital certificate in response to that the first decryption result is authenticated successfully (PEI on [page 17 para 6] teaches the third sub-verification module is used for verifying the authenticity of the digital identity of the node to be verified based on the on-chain information under the condition that the signature of the object is determined to be authentic). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of PEI into the teaching of Brandin by having second public key in second certificate for performing authentication of key device in plurality of authentication module. One would be motivated to do so in order to provide identity authentication of terminal device under condition of verifying certificate of target object based on chain information corresponding to plurality of authentication modules (PEI [page 1]). Regarding claim 7 combination of Brandin and PEI teaches all the limitations of claim 6 above, Brandin further teaches wherein the second authentication module is configured to generate random data and send the random data to the key device in response to that the first decryption result is authenticated successfully; and read second encrypted data, and decrypt the second encrypted data by using the first public key in the first digital certificate to obtain a second decryption result; compare the second decryption result with the random data, to judge whether the second decryption result is authenticated successfully; and the key device is further configured to encrypt the random data by using a first private key generated in advance to obtain the second encrypted data (Brandin on [col 3 line 15-20 and line 55-60] teaches the actual object information includes actual random data recorded in at least one database, the unknown object information includes unknown random data, and the comparing step includes comparing the unknown random data with the actual random data to determine whether the unknown object is an authentic object. Further teaches the comparing of the purported ownership information obtained with the ownership information recorded in at least one database includes comparing random data decrypted from the ownership certificate with actual random data stored in at least one database. See also on [col 12 line 29-35] teaches the ownership certificate 30 may be generated by encrypting the object identifier 22, the ownership information 32, and the random data 34 using the distribution private key 46). Regarding claim 9 combination of Brandin and PEI teaches all the limitations of claim 6 above, Brandin further teaches an authentication device, wherein the key device, the processor and the authentication device are communicatively connected to each other (Brandin Fig 1 block 58-60 and text on [col 5 line 15-25 and col 6 line 5-15] teaches the system 10 may include manufacturers 56 (i.e., having processor 58 [col 8 line 9-10]), distributors 57 (i.e., authentication device), data base 61 (i.e., key device). Further teaches each distributor 57 may have a distributor processor 59. The distributor processor 59 may be operable to: record information about the objects being distributed (e.g. by storing data records associated with the objects and/or the owners of the objects in a distributor database 61)); the authentication device is configured to generate the first digital certificate (Brandin on [col 12 line 42-45] teaches once the ownership certificate 30 has been generated, the distributor 57 may then record a copy of the encrypted ownership certificate 30 in the distribution database 61); PEI teaches the authentication device is configured to generate the first digital certificate and the second digital certificate (PEI on [page 3 para 1] teaches obtaining a certificate of an object to be verified corresponding to a target object, obtaining a node certificate corresponding to a link point of a current block; on [page 9 step S203] the on-chain information in the block chain may further include an object digital identity and a public key corresponding to the target object, and a node digital identity and a public key corresponding to the target node, where the target node is a block chain link point corresponding to a mechanism recorded in the object credential to be verified. Under the condition that the content of the object certificate to be verified is determined to be complete, the current block link point can verify the authenticity of the object certificate to be verified based on the object digital identity and the public key corresponding to the target object and the node digital identity and the public key. See also [page 10 2nd last para] Then, the digital identity management node distributes a node digital identity DID and a node public and private key pair for the corresponding block chain link point according to the initialization configuration information, and performs uplink processing on the node digital identity DID and the node public key pair to generate chain information. And then, a node certificate of the corresponding authority of the issuing node is applied to the digital identity service node through a certificate application module, and the digital identity service node issues a corresponding node certificate according to the role information of the corresponding block link point in the alliance network); Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of PEI into the teaching of Brandin by having second public key in second certificate for performing authentication of key device in plurality of authentication module. One would be motivated to do so in order to provide identity authentication of terminal device under condition of verifying certificate of target object based on chain information corresponding to plurality of authentication modules (PEI [page 1]). Regarding claim 10 the combination of Brandin and PEI teaches all the limitations of claim 9 above, Brandin further teaches wherein the authentication device comprises a generation module and an encryption module; the key device is configured to generate a first private key and a first public key (Brandin on [claim 1] generating first public-private key pair); and acquire and store the first digital certificate (Brandin on [col 3 line 55-61] teaches the ownership certificate with actual random data stored in at least one database); and the encryption module is configured to read the first public key, generate the first digital certificate according to the second private key and the first public key, and write the first digital certificate into the key device (Brandin on [col 12 line 30-45] teaches once the ownership certificate 30 has been generated, the distributor 57 may then record a copy of the encrypted ownership certificate 30 in the distribution database 61, the ownership certificate 30 may be generated by encrypting the object identifier 22, the ownership information 32, and the random data 34 using the distribution private key 46). PEI teaches the generation module is configured to generate the second private key and the second digital certificate corresponding to the second private key (PEI on [page 9 step S203] the on-chain information in the block chain may further include an object digital identity and a public key corresponding to the target object, and a node digital identity and a public key corresponding to the target node, where the target node is a block chain link point corresponding to a mechanism recorded in the object credential to be verified. Under the condition that the content of the object certificate to be verified is determined to be complete, the current block link point can verify the authenticity of the object certificate to be verified based on the object digital identity and the public key corresponding to the target object and the node digital identity and the public key. See also [page 10 2nd last para] Then, the digital identity management node distributes a node digital identity DID and a node public and private key pair for the corresponding block chain link point according to the initialization configuration information, and performs uplink processing on the node digital identity DID and the node public key pair to generate chain information. And then, a node certificate of the corresponding authority of the issuing node is applied to the digital identity service node through a certificate application module, and the digital identity service node issues a corresponding node certificate according to the role information of the corresponding block link point in the alliance network). The motivation for combining as same as set forth above in claim 9. Regarding claim 15 Brandin teaches an information authentication method, performed by a processor comprising: (Brandin on [col 1 line 5-10 and col 4 line 15-20] teaches apparatus, systems and methods for authentication, and in particular to apparatus, systems and methods for authentication of objects and ownership of objects using asymmetric cryptography.at least one processor coupled to the database); reading a first digital certificate stored in a key device hold by a user (Brandin on [col 3 line 37-40] teaches receiving an ownership certificate associated with the unknown object. See Fig 1 block 102 and text on [col 9 liine 8-15] teaches at step 102, the unknown encrypted object identifier 23 associated with the unknown object 13 is received. Further teaches obtain the unknown object identifier 23 from the unknown object 13 by scanning the unknown object 13 using an RFID reader, a barcode reader, by visual inspection of the unknown object 13. Note that the received encrypted object is digital certificate in view of [col 11 line 43-45]. See also Fig 9 and 10); wherein the first digital certificate comprises first encrypted data and identity information of a protected object called by the user (Brandlin on [col 11 line 45-50] teaches the ownership certificate 30 contains the object identifier 22 (in its encrypted form) as well as ownership information 32 about the current owner of that particular object 12. The ownership certificate 30 may also include random data 34 to further enhance the robustness of the ownership certificate 30. See on [col 11 line 40-50] teaches the ownership certificate includes object identifier and random number in encrypted form); first encrypted data in the first digital certificate is encrypted by a second private key (Brandin on [col 3 line 40-50] teaches the ownership certificate was encrypted using a second private key of the second public/private key pair). See on [col 11 line 40-50] teaches the ownership certificate includes object identifier and random number in encrypted form); decrypting the first encrypted data in the first digital certificate by using a second public key in a (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 3 line 35-50] teaches receiving an ownership certificate associated with the unknown object, decrypting the ownership certificate using a second public key of a second public/private key pair to obtain actual ownership information for the unknown object, inspecting purported ownership information about a purported owner of the unknown object, and comparing the actual ownership information obtained by decrypting the ownership certificate with the purported ownership information about the purported owner to determine whether the purported owner is the actual owner. See Fig 5 block 104, 106 and text on [col 9 line 15-45] teaches the unknown encrypted object identifier 23 is decrypted using the manufacturing public key, determination is made as to whether information decrypted at step 104 is intelligible. i.e., authenticate the first decryption result); wherein the second public key in the (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 3 line 40-50] teaches the ownership certificate was encrypted using a second private key of the second public/private key pair); authenticating Brandin Fig 10 block 218 and text on [col 14 line 20-30] teaches determine whether the ownership certificate 31 matches a record stored in the distribution database 61. If the ownership certificate 31 does not match a record in the database 61, then this suggests that the ownership certificate 31 is not authentic and the method 200 proceeds to step 214 where the purported owner is not authenticated. However, if the ownership certificate 31 matches a record in the database 61, then the method 100 proceeds to step 220 i.e., second authentication based on certificate); and parsing and authenticating identity information of a protected object in the first digital certificate in response to that the key device is authenticated successfully, and calling the protected object stored in the processor, in response to that the identity information is authenticated successfully (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 9 line 50-60] teaches the actual object information retrieved at step 108 is compared with the object information obtained by decrypting the unknown encrypted object identifier 23 (performed at step 106). Then a determination is made as to whether the data matches (i.e., authenticate the identity information of protected object). For example, the identification data obtained from the string information 25 may be compared to the identification data obtained by inspecting the components 15, 17, 19 and 21. After successful verification is the object is made available to the user who purchased the object. See on [col 11 line 40-50] teaches the ownership certificate 30 contains the object identifier 22 (in its encrypted form) as well as ownership information 32 about the current owner of that particular object 12. The ownership certificate 30 may also include random data 34. See Fig 10 block 220 and text on [col 14 line 50-60] teaches the matching at step 220 comparing the object identifiers, the ownership information and/or the random data between of the decrypted ownership certificate 31 and data recorded in a corresponding data entry in the database 61). Brandin fails to explicitly teach a second public key preset in a second digital certificate and the second authentication module is configured to authenticate the key device by using the first digital certificate in response to that the first decryption result is authenticated successfully, however PEI from analogous art teaches a second public key preset in a second digital certificate (PEI on [page 3 para 1] teaches obtaining a certificate of an object to be verified corresponding to a target object, obtaining a node certificate corresponding to a link point of a current block; on [page 9 step S203] the on-chain information in the block chain may further include an object digital identity and a public key corresponding to the target object, and a node digital identity and a public key corresponding to the target node, where the target node is a block chain link point corresponding to a mechanism recorded in the object credential to be verified. Under the condition that the content of the object certificate to be verified is determined to be complete, the current block link point can verify the authenticity of the object certificate to be verified based on the object digital identity and the public key corresponding to the target object and the node digital identity and the public key. See also [page 10 2nd last para] Then, the digital identity management node distributes a node digital identity DID and a node public and private key pair for the corresponding block chain link point according to the initialization configuration information, and performs uplink processing on the node digital identity DID and the node public key pair to generate chain information. And then, a node certificate of the corresponding authority of the issuing node is applied to the digital identity service node through a certificate application module, and the digital identity service node issues a corresponding node certificate according to the role information of the corresponding block link point in the alliance network, wherein the certificate information comprises attribute information corresponding to the block link point and signature information of the alliance organization on the node attribute information corresponding to the target node, namely, verify whether the content recorded in the object certificate to be verified is real content or not i.e., node certificate comprising node public-private key pair and object certificate comprising object public-private key pair); authenticate the key device by using the first digital certificate in response to that the first decryption result is authenticated successfully (PEI on [page 17 para 6] teaches the third sub-verification module is used for verifying the authenticity of the digital identity of the node to be verified based on the on-chain information under the condition that the signature of the object is determined to be authentic). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of PEI into the teaching of Brandin by having second public key in second certificate for performing authentication of key device in plurality of authentication module. One would be motivated to do so in order to provide identity authentication of terminal device under condition of verifying certificate of target object based on chain information corresponding to plurality of authentication modules (PEI [page 1]). Claims 2-5, 8, 11-14 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Brandin (US 8421593) in view of PEI et al (hereinafter PEI) (CN 114710362) (attached English translation is used for examination) and further in view of DIETRICH et al (hereinafter DIETRICH) (WO 2022175397) (attached English translation is used for examination). Regarding claim 2 the combination of Brandin and PEI teaches all the limitations of claim1 above, Brandin further teaches the first public key and the first private key are paired with each other (Brandin on [col 2 line 55-60] teaches a first private key of the first public/private key pair to encrypt the actual object information); and the second digital certificate comprises the second public key corresponding to the second private key (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 3 line 35-50] teaches receiving an ownership certificate associated with the unknown object, decrypting the ownership certificate using a second public key of a second public/private key pair to obtain actual ownership information for the unknown object, inspecting purported ownership information about a purported owner of the unknown object, and comparing the actual ownership information obtained by decrypting the ownership certificate with the purported ownership information about the purported owner to determine whether the purported owner is the actual owner. See Fig 5 block 104, 106 and text on [col 9 line 15-45] teaches the unknown encrypted object identifier 23 is decrypted using the manufacturing public key, determination is made as to whether information decrypted at step 104 is intelligible. i.e., authenticate the first decryption result); the first authentication module is configured to decrypt the first encrypted data by using the second public key to obtain the first decryption result (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 3 line 35-50] teaches receiving an ownership certificate associated with the unknown object, decrypting the ownership certificate using a second public key of a second public/private key pair to obtain actual ownership information for the unknown object, inspecting purported ownership information about a purported owner of the unknown object, and comparing the actual ownership information obtained by decrypting the ownership certificate with the purported ownership information about the purported owner to determine whether the purported owner is the actual owner. See Fig 5 block 104, 106 and text on [col 9 line 15-45] teaches the unknown encrypted object identifier 23 is decrypted using the manufacturing public key, determination is made as to whether information decrypted at step 104 is intelligible. i.e., authenticate the first decryption result). PEI teaches wherein the first digital certificate comprises a hash algorithm, and a first public key (PEI on [page 11 3rd last para] wherein the world state data corresponding to a request initiated by the digital identity service node comprises node digital identities of block chain nodes, a node public key, a certificate template and Hash information of the certificate template). The motivation for combining is same as set forth above in claim 1. The combination of Brandin and PEI fails to explicitly teach the first encrypted data is obtained by encrypting a first hash value based on the second private key, and the first hash value is obtained by processing the first public key generated by the key device by using the hash algorithm, process the first public key by using the hash algorithm in the first digital certificate to obtain a second hash value; and compare the second hash value with the first decryption result to judge whether the first decryption result is authenticated successfully, however DIETRICH from analogous art teaches the first encrypted data is obtained by encrypting a first hash value based on the second private key, and the first hash value is obtained by processing the first public key generated by the key device by using the hash algorithm (DIETRICH on [page 15 para 3-4 and page 18 para 3] teaches the challenge or a hash of the challenge is encrypted using the private cryptographic key using secure hash algorithm); process the first public key by using the hash algorithm in the first digital certificate to obtain a second hash value; and compare the second hash value with the first decryption result to judge whether the first decryption result is authenticated successfully (DIETRICH on [page 9 last para] The recipient of the signature can therefore check the signature, but cannot calculate it himself. For a signature verification, the signature recipient calculates the verification value of the signed data, for example, and compares this with the result of a decryption of the signature using the signature verification key. If the calculated hash value matches the result of the decryption, the signature is correct. If the authenticity of the signature verification key is also confirmed, for example by a certificate, in particular a PKI certificate, the signature is valid). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of DIETRICH into combined teaching of Brandin and PEI by comparing hash value with decryption result. One would be motivated to do so in order to determine whether the decryption result is authentic to validate that the signature associated with object is correct (DIETRICH [page 9 last para]). Regarding claim 3 the combination of Brandin and PEI teaches all the limitations of claim 1 above, Brandin further teaches wherein the first digital certificate comprises a first public key (Brandin on [col 3 line 40-50] teaches the ownership certificate was encrypted using a second private key of the second public/private key pair); and the second digital certificate comprises the second public key corresponding to the second private key (Brandin on [col 3 line 40-50] teaches the ownership certificate was encrypted using a second private key of the second public/private key pair); the first authentication module is configured to decrypt the first encrypted data by using the second public key to obtain the first decryption result (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 3 line 35-50] teaches receiving an ownership certificate associated with the unknown object, decrypting the ownership certificate using a second public key of a second public/private key pair to obtain actual ownership information for the unknown object, inspecting purported ownership information about a purported owner of the unknown object, and comparing the actual ownership information obtained by decrypting the ownership certificate with the purported ownership information about the purported owner to determine whether the purported owner is the actual owner. See Fig 5 block 104, 106 and text on [col 9 line 15-45] teaches the unknown encrypted object identifier 23 is decrypted using the manufacturing public key, determination is made as to whether information decrypted at step 104 is intelligible. i.e., authenticate the first decryption result); The combination of Brandin and PEI fails to explicitly teach the first encrypted data is obtained by encrypting the first public key generated by the key device based on the second private key and compare the first public key in the first digital certificate with the first decryption result to judge whether the first decryption result is authenticated successfully, however DIETRICH from analogous art teaches the first encrypted data is obtained by encrypting the first public key generated by the key device based on the second private key (DIETRICH on [page 13 4th last para] teaches the first set of identity attributes further comprises the mobile device's public cryptographic key, which is encrypted using the first cryptographic key. The mobile terminal's public cryptographic key encrypted using the first cryptographic key is added to the second set of identity attributes to prove access of the mobile terminal to the first set of identity attributes); and compare the first public key in the first digital certificate with the first decryption result to judge whether the first decryption result is authenticated successfully (DIETRICH on [page 14 line 20-25 and page 25 para 2nd last para] teaches upon forwarding the public cryptographic key of the security element from the reading computer system, the application receives a second copy of the ephemeral public cryptographic key of the reading computer system, which the application uses to compare it with the first copy of the ephemeral public cryptographic key of the reading computer system forwarded to the server). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of DIETRICH into combined teaching of Brandin and PEI by comparing hash value with decryption result. One would be motivated to do so in order to determine whether the decryption result is authentic to validate that the signature associated with object is correct (DIETRICH [page 9 last para]). Regarding claim 4 the combination of Brandin, PEI and DIETRICH teaches all the limitations of claim 2 above, Brandin further teaches wherein the second authentication module is configured to generate random data and send the random data to the key device in response to that the first decryption result is authenticated successfully; read second encrypted data in the key device, and decrypt the second encrypted data by using the first public key in the first digital certificate to obtain a second decryption result; compare the second decryption result with the random data, to judge whether the second decryption result is authenticated successfully; the second encrypted data is obtained by encrypting the random data by the key device by using the first private key generated in advance (Brandin on [col 3 line 15-20 and line 55-60] teaches the actual object information includes actual random data recorded in at least one database, the unknown object information includes unknown random data, and the comparing step includes comparing the unknown random data with the actual random data to determine whether the unknown object is an authentic object. Further teaches the comparing of the purported ownership information obtained with the ownership information recorded in at least one database includes comparing random data decrypted from the ownership certificate with actual random data stored in at least one database. See also on [col 12 line 29-35] teaches the ownership certificate 30 may be generated by encrypting the object identifier 22, the ownership information 32, and the random data 34 using the distribution private key 46). Regarding claim 5 the combination of Brandin, PEI and DIETRICH teaches all the limitations of claim 4 above, Brandin further teaches the third authentication module is configured to parse the identity information of the protected object in the first digital certificate, and acquire the identity information of the protected object stored in advance in response to that the key device is authenticated successfully; and compare the identity information obtained by parsing with the identity information stored in advance, to judge whether the identity information of the protected object is authenticated successfully (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 9 line 50-60] teaches the actual object information retrieved at step 108 is compared with the object information obtained by decrypting the unknown encrypted object identifier 23 (performed at step 106). Then a determination is made as to whether the data matches (i.e., authenticate the identity information of protected object). For example, the identification data obtained from the string information 25 may be compared to the identification data obtained by inspecting the components 15, 17, 19 and 21. After successful verification is the object is made available to the user who purchased the object. See on [col 11 line 40-50] teaches the ownership certificate 30 contains the object identifier 22 (in its encrypted form) as well as ownership information 32 about the current owner of that particular object 12. The ownership certificate 30 may also include random data 34. See Fig 10 block 220 and text on [col 14 line 50-60] teaches the matching at step 220 may include comparing the object identifiers, the ownership information and/or the random data between of the decrypted ownership certificate 31 and data recorded in a corresponding data entry in the database 61). Regarding claim 8 the combination of Brandin and PEI teaches all the limitations of claim 6 above, the combination fails to teach wherein the key device comprises a hardware security module, however DIETRICH from analogous art teaches wherein the key device comprises a hardware security module (HSM) (DIETRICH on [page 7 2nd para] teaches the security module is implemented in form of HSM). Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of DIETRICH into combined teaching of Brandin and PEI by having key device comprising HSM. One would be motivated to do so in order to obtain the certificate securely stored in HSM (DIETRICH [page 7 2nd para]). Claim 11 is rejected for similar reason as claim 2 above. Claim 12 is rejected for similar reason as claim 3 above. Claim 13 is rejected for similar reason as claim 4 above. Claim 14 is rejected for similar reason as claim 5 above. Regarding claim 18 the combination of Brandin, PEI and DIETRICH teaches all the limitations of claim 3 above, Brandin further teaches wherein the second authentication module is configured to generate random data and send the random data to the key device in response to that the first decryption result is authenticated successfully; read second encrypted data in the key device, and decrypt the second encrypted data by using the first public key in the first digital certificate to obtain a second decryption result; compare the second decryption result with the random data, to judge whether the second decryption result is authenticated successfully; the second encrypted data is obtained by encrypting the random data by the key device by using a first private key generated in advance (Brandin on [col 3 line 15-20 and line 55-60] teaches the actual object information includes actual random data recorded in at least one database, the unknown object information includes unknown random data, and the comparing step includes comparing the unknown random data with the actual random data to determine whether the unknown object is an authentic object. Further teaches the comparing of the purported ownership information obtained with the ownership information recorded in at least one database includes comparing random data decrypted from the ownership certificate with actual random data stored in at least one database. See also on [col 12 line 29-35] teaches the ownership certificate 30 may be generated by encrypting the object identifier 22, the ownership information 32, and the random data 34 using the distribution private key 46). Regarding claim 19 the combination of Brandin, PEI and DIETRICH teaches all the limitations of claim 18 above, Brandin further teaches wherein the third authentication module is configured to parse the identity information of the protected object in the first digital certificate, and acquire the identity information of the protected object stored in advance in response to that the key device is authenticated successfully; and compare the identity information obtained by parsing with the identity information stored in advance, to judge whether the identity information of the protected object is authenticated successfully (Brandin Fig 5, Fig 6, Fig 9 and Fig 10 on [col 9 line 50-60] teaches the actual object information retrieved at step 108 is compared with the object information obtained by decrypting the unknown encrypted object identifier 23 (performed at step 106). Then a determination is made as to whether the data matches (i.e., authenticate the identity information of protected object). For example, the identification data obtained from the string information 25 may be compared to the identification data obtained by inspecting the components 15, 17, 19 and 21. After successful verification is the object is made available to the user who purchased the object. See on [col 11 line 40-50] teaches the ownership certificate 30 contains the object identifier 22 (in its encrypted form) as well as ownership information 32 about the current owner of that particular object 12. The ownership certificate 30 may also include random data 34. See Fig 10 block 220 and text on [col 14 line 50-60] teaches the matching at step 220 may include comparing the object identifiers, the ownership information and/or the random data between of the decrypted ownership certificate 31 and data recorded in a corresponding data entry in the database 61). Regarding claim 20 the combination of Brandin, PEI and DIETRICH teaches all the limitations of claim 12 above, Brandin further teaches wherein the second authentication module is configured to generate random data and send the random data to the key device in response to that the first decryption result is authenticated successfully; and read second encrypted data, and decrypt the second encrypted data by using the first public key in the first digital certificate to obtain a second decryption result; compare the second decryption result with the random data, to judge whether the second decryption result is authenticated successfully; and the key device is further configured to encrypt the random data by using a first private key generated in advance to obtain the second encrypted data (Brandin on [col 3 line 15-20 and line 55-60] teaches the actual object information includes actual random data recorded in at least one database, the unknown object information includes unknown random data, and the comparing step includes comparing the unknown random data with the actual random data to determine whether the unknown object is an authentic object. Further teaches the comparing of the purported ownership information obtained with the ownership information recorded in at least one database includes comparing random data decrypted from the ownership certificate with actual random data stored in at least one database. See also on [col 12 line 29-35] teaches the ownership certificate 30 may be generated by encrypting the object identifier 22, the ownership information 32, and the random data 34 using the distribution private key 46). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached at (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MOEEN KHAN/ Primary Examiner, Art Unit 2436
Read full office action

Prosecution Timeline

Apr 13, 2024
Application Filed
Oct 20, 2025
Non-Final Rejection — §103
Jan 23, 2026
Response Filed
Feb 27, 2026
Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/056,557
Patent 12587531
BROWSER PROFILE SEPARATION FOR A MANAGED USER ACCOUNT
2y 5m to grant Granted Mar 24, 2026
19/002,162
Patent 12580730
METHOD AND SYSTEM FOR IMPROVING HOMOMORPHIC ENCRYPTION PERFORMANCE BASED ON TRUSTED EXECUTION ENVIRONMENT
2y 5m to grant Granted Mar 17, 2026
18/506,259
Patent 12574244
DC-SCM AUTHENTICATION SYSTEM
2y 5m to grant Granted Mar 10, 2026
18/196,390
Patent 12562896
SYSTEM AND METHOD FOR PROVIDING SECURE COMMUNICATION USING EPHEMERAL KEYS WITH A LIFETIME ASSOCIATED WITH A TYPE OF DATA BEING SECURED
2y 5m to grant Granted Feb 24, 2026
18/581,988
Patent 12556364
OPTIMIZED AUTHENTICATION SYSTEM FOR A MULTIUSER DEVICE
2y 5m to grant Granted Feb 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
69%
Grant Probability
99%
With Interview (+59.7%)
2y 11m
Median Time to Grant
Moderate
PTA Risk
Based on 228 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month