Office Action Predictor
Last updated: April 16, 2026
Application No. 18/756,138

Executing Digital Signature Operations In A Secure Element Platform Runtime Environment

Non-Final OA §103
Filed
Jun 27, 2024
Examiner
CRIBBS, MALCOLM
Art Unit
2497
Tech Center
2400 — Computer Networks
Assignee
Oracle International Corporation
OA Round
1 (Non-Final)
89%
Grant Probability
Favorable
1-2
OA Rounds
2y 4m
To Grant
98%
With Interview

Examiner Intelligence

Grants 89% — above average
89%
Career Allow Rate
679 granted / 765 resolved
+30.8% vs TC avg
Moderate +9% lift
Without
With
+9.2%
Interview Lift
resolved cases with interview
Typical timeline
2y 4m
Avg Prosecution
17 currently pending
Career history
782
Total Applications
across all art units

Statute-Specific Performance

§101
12.6%
-27.4% vs TC avg
§103
42.1%
+2.1% vs TC avg
§102
10.9%
-29.1% vs TC avg
§112
21.5%
-18.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 765 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This action is in response to the correspondence filed 08/19/2025. Claims 1, 4, 5 and 7-23 are presented for examination. Information Disclosure Statement The information disclosure statements (IDSs) submitted on 07/31/2024, 06/30/2025 and 09/02/2025 have been considered by the examiner. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 5, 7, 12-20 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Ando, M., et al., "Hash-based TPM signatures for the quantum world.", International Conference on Applied Cryptography and Network Security, 9 June 2016, pp. 77-94 (Applicant’s IDS) (hereinafter Ando) in view of US 12,388,653 to Lozi et al. (hereinafter Lozi) in further view of US 2023/0333858 to Govindarajan et al. (hereinafter Govindarajan). As to claims 1, 19 and 20, Ando teaches One or more non-transitory computer-readable media comprising instructions that, when executed by one or more hardware processors, cause performance of operations comprising: initializing a signature generation object in a secure element (SE) platform runtime environment, wherein the SE platform runtime environment is executing on at least one SE processor of a SE hardware device (Page 81, section 2.1, the trusted platform module [TPM] can create a Merkle signature scheme key; Page 83 Signing section, generated MSS signature); determining, via the signature generation object, a private key corresponding to a hash-based signature protocol (page 83, Setup section, concatenation of a leaf seed and a private-value index is inputted into the pseudorandom number generator r(·) to create an OTS private key value); generating, via the signature generation object, a digital signature of a message digest by utilizing the private key to execute the hash-based signature protocol on the message digest (Page 83, Signing section, generating the MSS signature using the leaf index number which stores a hash). Ando does not explicitly teach wherein generating the digital signature of the message digest comprises: generating a first signature segment at least by executing the hash-based signature protocol on a first digest segment representing a first portion of the message digest; and generating a second signature segment at least by executing the hash-based signature protocol on a second digest segment representing a second portion of the message digest; combining the first signature segment and the second signature segment; wherein the digital signature comprises the first signature segment and the second signature segment; and outputting the digital signature to a hardware device. However, Lozi teaches generating the digital signature of the message digest comprises: generating a first signature segment at least by executing the hash-based signature protocol on a first digest segment representing a first portion of the message digest (Col 6, lines 32-41, calculating a signature part [Si] for each part of the message hash [HM] HM1 to HMd, wherein HM1 read as a first digest segment); and generating a second signature segment at least by executing the hash-based signature protocol on a second digest segment representing a second portion of the message digest (Col 6, lines 32-41, calculating a signature part [Si] for each part of the message hash [HM] HM1 to HMd, wherein d is 2 or more, HM2 would be read as a second digest segment); combining the first signature segment and the second signature segment; wherein the digital signature comprises the first signature segment and the second signature segment; and outputting the digital signature to a hardware device (Col 6, lines 42-45, concatenating the signature portions Si for each i from 1 to d, outputting signature S). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Ando with the signature generation method taught by Lozi in order to increase resistance against cryptanalytic attacks as leakage of a single segment would not result in generation of the complete signature, thus optimizing the security of the signature generation scheme (col 2, lines 3-11). Ando and Lozi do not explicitly teach prior to generating the second signature segment: storing the first signature segment in a first transient memory element of the SE hardware device; initializing a temporary entry point object comprising a pointer to the first transient memory element; subsequent to generating the second signature segment: and accessing the first signature segment via the temporary entry point object. However, Govindarajan teaches prior to generating the second signature segment: storing the first signature segment in a first transient memory element of the SE hardware device (paragraph 38, stored slice digest data from the completion of preprocessing of the signature table); initializing a temporary entry point object comprising a pointer to the first transient memory element (paragraph 38, pointers associated with the slices of digest data); subsequent to generating the second signature segment: and accessing the first signature segment via the temporary entry point object (paragraphs 38, 39, 53 and 61, use of the pointers to access the slices of the slice digest table when needed). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Ando and Lozi with the slice digest data table as taught by Govindarajan in order to reduce the time required to generate the signature from the signature segments (paragraph 38). As to claim 5, Lozi teaches wherein outputting the digital signature to a hardware device comprises: outputting the first signature segment to the hardware device (Col 6, lines 32-41, calculating a signature part [Si] for each part of the message hash [HM] HM1 to HMd, wherein HM1 read as a first digest segment); and outputting the second signature segment to the hardware device (Col 6, lines 32-41, calculating a signature part [Si] for each part of the message hash [HM] HM1 to HMd, wherein d is 2 or more, HM2 would be read as a second digest segment); wherein the hardware device obtains the digital signature at least by combining the first signature segment and the second signature segment (Col 6, lines 42-45, concatenating the signature portions Si [Si includes each signature segment up to i] for each i from 1 to d, outputting signature S). As to claims 7 and 22, Lozi teaches wherein generating the digital signature of the message digest comprises: prior to generating the first signature segment and the second signature segment: determining, based at least in part on the private key, a signature length corresponding to the digital signature (Col 4, lines 24-35, number of divisions to be used and the size of each division are also selected); determining, based at least in part on the signature length, a signature segment length representing a portion of the signature length (Col 4, lines 24-35, number of divisions to be used and the size of each division are also selected, as the segment length is correlated with the signature length); determining at least one of:(a) the first digest segment based at least in part on the signature segment length, wherein the first digest segment comprises a first digest segment length corresponding to the signature segment length (Col 4, lines 42-55, hash of the message split into d parts of m length), or (b) the second digest segment based at least in part on the signature segment length, wherein the second digest segment comprises a second digest segment length corresponding to the signature segment length. As to claim 12, Ando teaches wherein the operations further comprise: generate an authentication path corresponding to the digital signature, wherein the private key utilized to generate the digital signature corresponds to a public key associated with a first leaf node of a tree structure defined in accordance with the hash-based signature protocol, wherein the authentication path comprises:(a) the public key,(b) a first hash value associated with a second leaf node of the tree structure, wherein the second leaf node is a sibling node of the first leaf node, and(c) at least a second hash value associated with an intermediate node of the tree structure, wherein a root hash value corresponding to a root node of the tree structure is computable based on the authentication path; outputting the authentication path to the hardware device (page 83, Setup section initialized tree of constant branching factor D and height H used to generate key pairs which are derived from a hash, the tree indicating the authentication path, authentication path is the sequence of sibling nodes along the path from it to the root; page 83, Setup and Signing section, OTP private key, which corresponds to the OTS public key, is used to generate the signature in combination with a leaf of the tree and a traversal algorithm is implemented to compute the next authentication path. As to claim 13, Lozi teaches wherein the hash-based signature protocol comprises at least one of: a stateful hash-based signature protocol, a stateless hash-based signature protocol, or a one-time hash-based signature protocol (Col 1, lines 64-66, stateful hashed-based signatures). As to claim 14, Lozi teaches wherein the operations further comprise: determining a protocol selection parameter corresponding to the signature generation object; and determining the hash-based signature protocol based on the protocol selection parameter corresponding to the signature generation object (Col 4, lines 24-35, number of divisions to be used and the size of each division are also selected, wherein the division and size are read as parameters; Col 4, lines 6-11, selection of the cryptographic hash function). As to claim 15, Lozi teaches wherein the operations further comprise: receiving the message digest, wherein the message digest is generated by the hardware device by applying a hash function to a first message; or receiving a second message and generating the message digest by applying the hash function to the second message (Col 3, lines 1-7, messages 16; Col 4, lines 42 and 43, hash of the message, therefore hashing the each of the messages). As to claim 16, Ando teaches wherein the operations further comprise: receiving, by a first SE application from a second SE application via a shareable interface object, a digital signature request for the first SE application to digitally sign the message digest; wherein the first SE application initializes the signature generation object at least in part responsive to receiving the digital signature request (page 88, Signing section, sent sign-message request to the TPM and the TPM signs the message M using the MSS signing method). As to claim 17, Ando teaches herein outputting the digital signature to the hardware device comprises: directing the digital signature from a first SE application to a second SE application via a shareable interface object, directing the digital signature from the second SE application to the hardware device (page 88, Signing section, TPM returns the signature and the updated key state). As to claim 18, Lozi teaches wherein the hardware device utilizes a public key corresponding to the private key to verify the digital signature (Col 3, lines 14-20, signature to be verified using the respective public key). Relevant Prior Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: EP 1 235 135 A2 to Horita et al. teaches a method for generating distributed digital signatures including generating partial signature keys by distributed processes, generating partial digital signatures by using the partial signature keys for the hash value of an input digital document to which additional information such as time is added, combining a predetermined threshold number of partial digital signatures, performing a transformation process on the partial digital signatures according to the combination, and generating an integrated digital signature from the result of the transformation process, in which a least common multiple of predetermined values is used as a transformation number, and it is judged whether an incorrect partial digital signature exists and the number is one, and the incorrect partial digital signature is identified when the number is one. US 20190319802 A1 to Misoczki et al. (Applicant’s IDS) teaches a computer readable memory to store a public key associated with a signing device, communication logic to receive, from the signing device, a signature chunk which is a component of a signature generated by a hash-based signature algorithm, and at least a first intermediate node value associated with the signature chunk, verification logic to execute a first hash chain beginning with the signature chunk to produce at least a first computed intermediate node value, execute a second hash chain beginning with the at least one intermediate node value associated with the signature chunk to produce a first computed final node value, and use the first computed intermediate node value and the first computed final computed node value to validate the signature generated by the hash-based signature algorithm. US 20130291082 A1 to Giladi et al. teaches a method for segment integrity and authenticity for adaptive streaming. In an embodiment, the method includes receiving at a data processing system a segment of a media stream, determining, with the data processing system, a digest or a digital signature for the segment, and comparing, with the data processing system, the digest/digital signature to a correct digest or a correct digital signature to determine whether the segment has been modified. Allowable Subject Matter Claims 4, 8-11, 21 and 23 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The following is a statement of reasons for the indication of allowable subject matter: Dependent claims 4 and 21 are allowable over the prior art of record, including Ando, Lozi, Govindarajan, Horita and the remaining references cited by the Examiner and the Applicant’s IDS, taken individually or in combination, because the prior art of record fails to particularly disclose, fairly suggest or render obvious the combination of directing, via a shareable interface object, the first signature segment from a first SE application, corresponding to the signature generation object to a second SE application corresponding to the signature segment combination object; directing, via the shareable interface object, the second signature segment from the first SE application to the second SE application; and generating, via the signature segment combination object, a combined digital signature at least by combining the first signature segment and the second signature segment; wherein outputting the digital signature to the hardware device comprises outputting the combined digital signature to the hardware device, in view of the other limitations of their respective independent claims 1 and 19, as to claims 4 and 21; Dependent claim 8 is allowable over the prior art of record, including Ando, Lozi, Govindarajan, Horita and the remaining references cited by the Examiner and the Applicant’s IDS, taken individually or in combination, because the prior art of record fails to particularly disclose, fairly suggest or render obvious determining that the signed length matches the signature length and determining that the message digest is digitally signed based at least in part on the signed length matching the signature length, in view of the other limitations of claims 1 and 7; Dependent claims 9 and 23 are allowable over the prior art of record, including Ando, Lozi, Govindarajan, Horita and the remaining references cited by the Examiner and the Applicant’s IDS, taken individually or in combination, because the prior art of record fails to particularly disclose, fairly suggest or render obvious incrementing the index value of the key pair index to indicate that the next available key pair is being utilized and executing a key generation algorithm, corresponding to the hash-based signature protocol, to generate a key pair based at least in part on the index value, wherein the key pair comprises the private key and a public key, in view of the other limitations of claims 1 and 19. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to MALCOLM CRIBBS whose telephone number is (571)270-1566. The examiner can normally be reached Monday-Friday 930a-330p; 430p-630p. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached at (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. MALCOLM . CRIBBS Examiner Art Unit 2497 /MALCOLM CRIBBS/Primary Examiner, Art Unit 2497
Read full office action

Prosecution Timeline

Jun 27, 2024
Application Filed
Aug 19, 2025
Response after Non-Final Action
Jan 24, 2026
Non-Final Rejection — §103
Mar 17, 2026
Applicant Interview (Telephonic)
Mar 17, 2026
Examiner Interview Summary
Mar 25, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12593215
MOBILE DEVICE MANAGEMENT AND CONTROL METHOD AND APPARATUS
2y 5m to grant Granted Mar 31, 2026
Patent 12585813
COMBINING ALLOWLIST AND BLOCKLIST SUPPORT IN DATA QUERIES
2y 5m to grant Granted Mar 24, 2026
Patent 12580781
DEVICE MANAGEMENT METHOD, SYSTEM, AND APPARATUS
2y 5m to grant Granted Mar 17, 2026
Patent 12579306
TECHNIQUES FOR MANAGING ACTIVITY LOGS IN A MANNER THAT PROMOTES USER PRIVACY
2y 5m to grant Granted Mar 17, 2026
Patent 12579321
METHODS TO DIGITALLY SIGN DYNAMIC CONTENT
2y 5m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
89%
Grant Probability
98%
With Interview (+9.2%)
2y 4m
Median Time to Grant
Low
PTA Risk
Based on 765 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month