Prosecution Insights
Last updated: July 17, 2026
Application No. 18/895,241

CRYPTOGRAPHIC MECHANISMS INCLUDING MEANS FOR VERIFYING THE IDENTITY OF A USER OF A SYSTEM UTILISING KEY DISTRIBUTION INVOLVING ADDITIONAL DEVICES

Final Rejection §103§112
Filed
Sep 24, 2024
Priority
Nov 01, 2016 — SO 2016/07517 +2 more
Examiner
IMMANUEL, ILSE I
Art Unit
3699
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Entersekt International Limited
OA Round
2 (Final)
26%
Grant Probability
At Risk
3-4
OA Rounds
2y 5m
Est. Remaining
52%
With Interview

Examiner Intelligence

Grants only 26% of cases
26%
Career Allowance Rate
81 granted / 309 resolved
-25.8% vs TC avg
Strong +26% interview lift
Without
With
+26.0%
Interview Lift
resolved cases with interview
Typical timeline
4y 3m
Avg Prosecution
31 currently pending
Career history
352
Total Applications
across all art units

Statute-Specific Performance

§101
0.3%
-39.7% vs TC avg
§103
93.3%
+53.3% vs TC avg
§102
2.7%
-37.3% vs TC avg
§112
3.3%
-36.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 309 resolved cases

Office Action

§103 §112
DETAILED ACTION Acknowledgements This office action is in response to the claims filed 01/29/2026. Claims 8, 14 and 17-19 are cancelled. Claims 1, 3-7, 9-11 and 16 are amended. Claims 20-24 are new. Claims 1-7, 9-13, 15, 16 and 20-24 are pending. Claims 1-7, 9-13, 15, 16 and 20-24 have been examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Objections Claim 16 is objected to because of the following informalities: claim 16 recites “transmitting the device identifier and the user identifier to the remote server for association with each other thereat”. Appropriate correction is required. Response to Arguments Applicant's arguments filed 01/29/2026 have been fully considered but they are not persuasive. 101 Due to the combination of functions of the remote server and “proximity communication enabled smart card”, the subject matter rejection is withdrawn. 112 Due to Applicant’s amendments, prior 112 rejections are withdrawn. 103 Ghosh teaches wherein the proximity communication enabled smart card stores a cryptographic key having been securely generated for the entity and which is unique to the proximity communication enabled smart card (¶ 30, 31, 41, 42): generating, by the proximity communication enabled smart card, a token by: signing a set of data elements using the cryptographic key stored within the proximity communication enabled smart card, and transmitting the token to the communication device via a proximity communication interface for onward transmission to the remote server, wherein the token comprises a cryptogram, the token having been obtained by the communication device from the proximity communication enabled smart card of the user via the proximity communication interface (Abstract; ¶ 41, 44-57). Ghosh - for mobile-EMV, the EMV-ticket 200 may also contain the EMV signed static data 202 mentioned above. The signed static data 202 may also contain the EMV issuer's public key (contained in the certificate) corresponding to the EMV issuer's private key that was used to generate the signature on the static data 202… The card determines whether to decline the transaction offline or to request an online authorization. At step 316, the integrated chip card/personal trusted device performs a card action analysis… the EMV-proxy module presents the cardholder verification results to the EMV card-reader terminal module. Thus far, only an offline verification has been performed. At step 460, the EMV card-reader terminal module performs a terminal risk management and, at step 462, performs a terminal action analysis. A new Application Cryptogram (AC) is generated by the EMV card-reader terminal module at step 464 and sent to the EMV-proxy module. At step 466, the EMV-proxy module performs a card action analysis and generates a new AC, which is forwarded to the personal trusted device at step 468. At step 470, the personal trusted device computes its own AC using the symmetric key and, at step 472, sends this AC to the EMV-proxy module…. the EMV issuer back office processes the online transaction and issues an authorization for the transaction. At step 480, the EMV issuer back office may generate a command script for the personal trusted device. (¶ 30, 31, 41, 44-57) Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 6, 16 and 20-24 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. Claim 1 recites functions performed by the remote server and the “ proximity communication enabled smart card” and a description that states “the user to enroll an application executing on the communication device”. Claims 6 recites “receiving, by the application, the set of data elements from the remote server; transmitting, by the application, the set of data elements to the proximity communication enabled smart card via the proximity communication interface; and, receiving, by the application,”. The claims are unclear and indefinite. Independent claim 1 recited a method performed by the “remote server” and “the proximity communication enabled smart card”. The limitations of claim 6 are outside the scope of the independent claims. The claims are unclear and indefinite. Claim 16 recites “the system further comprising the application, executing on the communication device comprising: a device non-transitory computer-readable storage medium;”. The claims are unclear and indefinite. First, the claims are unclear and indefinite as the system is claiming to comprise the “application”, a non-structural element, not the structural communication device the program executes on. Secondly, the claim language is unclear as to whether the limitation is attempting to claim the “application”, “communication device” or the “system” comprises “a device non-transitory computer-readable storage…” The claims are unclear and indefinite. Dependent claims 20-24 are also rejected. Claim 16 recites functions performed by the remote server and recites “the system comprising a remote server…. the system further comprising the application, executing on the communication device comprising: a device… the system further comprising the proximity communication enabled smart card”…. Claims 21 recites “wherein the device non-transitory computer-readable storage medium comprises program instructions provided by the application that, when executed on the device processor, cause the communication device to perform operations comprising….” The claims are unclear and indefinite. Independent claim 16 recited a system comprising the “remote server”, “application” and “proximity communication enabled smart card”. The limitations of claim 21 are outside the scope of the independent claims. The claims are unclear and indefinite. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-7, 9-13, 15, 16 and 20-24 are rejected under 35 U.S.C. 103 as being unpatentable over Wu (US 10270587) (“Wu”), and further in view of Ghosh et al. (US 20050156026) (“Ghosh”). Regarding claim 1, Wu discloses establishing a secure communication channel between a remote server maintained on behalf of an entity and a communication device, wherein the communication device is uniquely identifiable by the remote server over the secure communication channel, (Abstract; Figure 7, 13; column 3, line 8-13, column 17, line 14-34, column 18, line 5-21, column 20, line 56-64; claim 16); wherein a system utilizes a key distribution, wherein the key distribution comprises verifying an association between the communication device and the user to enroll an application executing on the communication device through which the user intends to interact against a user account maintained by the entity, wherein the user account is associated with a user identifier, wherein the user has a proximity communication enabled smart card issued to the user by the entity and which is associated with the user in the user account, and (Abstract; Figure 7, 8; column 13, line 24-56, column 14, line 34-57); receiving, at the remote server from the communication device, a device identifier and the user identifier for association with each other; using the user identifier to identify the user account associated therewith (column 3, line 4-13, column 8, line 37-42, column 18, line 5-21; claim 16); receiving the token at the remote server from the communication device via the secure communication channel for validation by an authorisation system associated with the entity (Figure 7; column 5, line 65-67, column 6, line 1-6, column 8, line 10-42, column 13, line 65-67, column 14, line 1-8, column 15, line 13-16); validating the received token at the remote server, comprising verifying a legitimacy of the cryptogram based on information known to the remote server; and (Figure 7; column 14, line 15-21) storing, at the remote server once determined that the token is valid, the device identifier as a verified device identifier in association with at least one of the user identifier or the user account, wherein, once enrolled, the communication device and the application executing thereon are usable to interact with the entity remotely, via a communication network (Figure 7; column 8, line 33-54, column 13, line 24-56, column 14, line 15-57). Wu does not disclose wherein the proximity communication enabled smart card stores a cryptographic key having been securely generated for the entity and which is unique to the proximity communication enabled smart card: generating, by the proximity communication enabled smart card, a token by: signing a set of data elements using the cryptographic key stored within the proximity communication enabled smart card, and transmitting the token to the communication device via a proximity communication interface for onward transmission to the remote server, wherein the token comprises a cryptogram; the token having been obtained by the communication device from the proximity communication enabled smart card of the user via the proximity communication interface. Ghosh teaches wherein the proximity communication enabled smart card stores a cryptographic key having been securely generated for the entity and which is unique to the proximity communication enabled smart card (¶ 30, 31, 41, 42): generating, by the proximity communication enabled smart card, a token by: signing a set of data elements using the cryptographic key stored within the proximity communication enabled smart card, and transmitting the token to the communication device via a proximity communication interface for onward transmission to the remote server, wherein the token comprises a cryptogram, the token having been obtained by the communication device from the proximity communication enabled smart card of the user via the proximity communication interface (Abstract; ¶ 41, 47, 50-57). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Wu and Ghosh in order to provide for secure credit transaction with a mobile terminal (Ghosh; ¶ 2-4). Regarding claim 2, Ghosh teaches wherein the device identifier is a device certificate having an associated public-private key pair (¶ 25, 26, 31, 39). Regarding claim 3, Wu discloses wherein the proximity communication enabled smart card is issued to the user by the entity for personal use such that the user is associated with the proximity communication enabled smart card (Figure 7; column 5, line 65-67, column 6, line 1-6, column 8, line 10-42, column 13, line 65-67, column 14, line 1-8, column 15, line 13-16). Regarding claim 4, Ghosh teaches wherein an account database stores a master key that was used to generate the cryptographic key, and wherein legitimacy of the cryptogram is verifiable by the entity (¶ 19, 41-47, 50-57). Regarding claim 5, Wu discloses including transmitting, by the remote server, the set of data elements to the communication device (column 8, line 10-42, column 13, line 65-67, column 14, line 1-8, column 15, line 13-16). Regarding claim 6, Wu discloses comprising: receiving, by the application, the set of data elements from the remote server; transmitting, by the application, the set of data elements to the proximity communication enabled smart card via the proximity communication interface; and, receiving, by the application, the token from the proximity communication enabled smart card via the proximity communication interface (Figure 7; column 5, line 65-67, column 6, line 1-6, column 8, line 10-42, column 13, line 65-67, column 14, line 1-8, column 15, line 13-16). Regarding claim 7, Ghosh teaches wherein the set of data elements are included in a command requesting the proximity communication enabled smart card to generate the token for a transaction, wherein the command is a Card Action Analysis command (¶ 45, 50). Regarding claim 9, Ghosh teaches wherein the token is in the form of cipher text produced by the proximity communication enabled smart card signing the of set data elements using the cryptographic key (Abstract; ¶ 41, 47, 50-57). Regarding claim 10, Wu discloses wherein establishing the secure communication channel between the remote server and the communication device includes encrypting messages or payloads transmitted to the communication device with a public key corresponding to a private-public key pair of the communication device (column 9, line 1-15, column 10, line 53-61, column 11, line 17-39, column 14, line 11-30). Regarding claim 11, Wu discloses wherein encrypting messages or payloads transmitted to the communication device includes encrypting messages or payloads with a private key corresponding to a unique private-public key pair of the remote server (column 9, line 1-15, column 10, line 53-61, column 11, line 17-39, column 14, line 11-30, column 16, line 8-28). Regarding claim 12, Wu discloses wherein storing the device identifier includes combining the device identifier with the token (column 13, line 32-42). Regarding claim 13, Wu discloses including creating, by the remote server in an enrolment database, a user record associated with the user account and storing the device identifier in the user record (column 9, line 1-15, column 11, line 17-39, column 14, line 11-30). Regarding claim 15, Wu discloses wherein the proximity communication interface is a radio frequency proximity communication interface (column 6, line 2-6, column 14, line 62-66, column 15, line 4-16). Regarding claim 16, Wu discloses a remote server comprising a non-transitory computer-readable storage medium; and a processor coupled to the non-transitory computer-readable storage medium, wherein the non-transitory computer-readable storage medium comprises program instructions that, when executed on the processor, cause the remote server to perform operations comprising: establishing a secure communication channel between the remote server maintained on behalf of an entity and a communication device, wherein the communication device is uniquely identifiable by the remote server over the secure communication channel (Abstract; Figure 7, 13; column 3, line 8-13, column 17, line 14-34, column 18, line 5-21, column 20, line 56-64; claim 16); wherein the system utilizes a key distribution, wherein the key distribution comprises verifying an association between the communication device and the user to enroll an application executing on the communication device through which the user intends to interact against a user account maintained by the entity, wherein the user account is associated with a user identifier, wherein the user has a proximity communication enabled smart card issued to the user by the entity and which is associated with the user in the user account, and (Abstract; Figure 7, 8; column 13, line 24-56, column 14, line 34-57); receiving, at the remote server from the communication device, a device identifier and the user identifier for association with each other; using the user identifier to identify the user account associated therewith (column 3, line 4-13, column 8, line 37-42, column 18, line 5-21; claim 16); receiving a token at the remote server from the communication device via the secure communication channel for validation by an authorisation system associated with the entity, (Figure 7; column 5, line 65-67, column 6, line 1-6, column 8, line 10-42, column 13, line 65-67, column 14, line 1-8, column 15, line 13-16); validating the received token at the remote server, including comprising verifying a legitimacy of the cryptogram based on information known to the remote server (Figure 7; column 14, line 15-21) storing, at the remote server once determined that the token is valid, the device identifier as a verified device identifier in association with at least one of the user identifier or the user account, wherein, once enrolled, the communication device and the application executing thereon are usable to interact with the entity remotely, via a communication network (Figure 7; column 8, line 33-54, column 13, line 24-56, column 14, line 15-57); the system further comprising the application, executing on the communication device comprising: a device non-transitory computer-readable storage medium; and a device processor coupled to the device non-transitory computer-readable storage medium, wherein the device non-transitory computer-readable storage medium comprises program instructions provided by the application that, when executed on the device processor, cause the communication device to perform operations comprising: obtaining the device identifier capable of uniquely identifying the communication device; receiving the user identifier input into the communication device via a user interface, the user identifier having previously been associated with the user account; transmitting the device identifier and the user identifier to the remote server for association with each other thereat (Abstract; Figure 7, 13; column 1, line 52-64, column 3, line 8-13, column 13, line 24-56, column 14, line 15-57, column 17, line 14-34, column 18, line 5-21, column 20, line 56-64; claim 16). Wu does not disclose wherein the proximity communication enabled smart card stores a cryptographic key having been securely generated for the entity and which is unique to the proximity communication enabled smart card; the token having been obtained by the communication device from the proximity communication enabled smart card of the user via a proximity communication interface, wherein the token comprises a cryptogram; obtaining, via the proximity communication interface, the token transmitted from the proximity communication enabled smart card of the user; and transmitting the token to the remote server via the secure communication channel; the system further comprising the proximity communication enabled smart card configured to: generate the token by signing a set of data elements using the cryptographic key; and transmit the token to the communication device via the proximity communication interface. Ghosh teaches wherein the proximity communication enabled smart card stores a cryptographic key having been securely generated for the entity and which is unique to the proximity communication enabled smart card; the token having been obtained by the communication device from the proximity communication enabled smart card of the user via a proximity communication interface, wherein the token comprises a cryptogram (¶ 30, 31, 41, 42); obtaining, via the proximity communication interface, the token transmitted from the proximity communication enabled smart card of the user; and transmitting the token to the remote server via the secure communication channel; the system further comprising the proximity communication enabled smart card configured to: generate the token by signing a set of data elements using the cryptographic key; and transmit the token to the communication device via the proximity communication interface (Abstract; ¶ 41, 47, 50-57). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Wu and Ghosh in order to provide for secure credit transaction with a mobile terminal (Ghosh; ¶ 2-4). Regarding claim 20, Wu discloses wherein the non-transitory computer-readable storage medium comprises program instructions that, when executed on the processor, cause the remote server to perform operations comprising: transmitting the set of data elements to the communication device (Figure 7; column 5, line 65-67, column 6, line 1-6, column 8, line 10-42, column 13, line 65-67, column 14, line 1-8, column 15, line 13-16). Regarding claim 21, Ghosh teaches wherein the device non-transitory computer-readable storage medium comprises program instructions provided by the application that, when executed on the device processor, cause the communication device to perform operations comprising: receiving the set of data elements from the remote server, and wherein obtaining the token includes: transmitting the set of data elements to the proximity communication enabled smart card via the proximity communication interface; and, receiving the token from the proximity communication enabled smart card via the proximity communication interface (Abstract; ¶ 30, 31, 41, 47, 50-57). Regarding claim 22, Wu discloses wherein transmitting the set of data elements to and receiving the token from the proximity communication enabled smart card includes interacting with the proximity communication enabled smart card via the proximity communication interface (Abstract; Figure 7, 8; column 13, line 24-56, column 14, line 34-57). Regarding claim 23, Ghosh teaches wherein the set of data elements are included in a command requesting the proximity communication enabled smart card to generate the token for a transaction, wherein the command is a Card Action Analysis command (¶ 45-50). Regarding claim 24, Ghosh teaches wherein the token is in the form of cipher text produced by the proximity communication enabled smart card signing the of set data elements using the cryptographic key (Abstract; ¶ 41, 47, 50-57). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Ngo et al., (US 20220019995) teaches the generated cryptogram with a key. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ILSE I IMMANUEL whose telephone number is (469)295-9094. The examiner can normally be reached Monday-Friday 9:00 am to 5:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NEHA H PATEL can be reached on (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ILSE I IMMANUEL/Primary Examiner, Art Unit 3699
Read full office action

Prosecution Timeline

Sep 24, 2024
Application Filed
Oct 02, 2025
Non-Final Rejection mailed — §103, §112
Jan 14, 2026
Interview Requested
Jan 23, 2026
Applicant Interview (Telephonic)
Jan 23, 2026
Examiner Interview Summary
Jan 29, 2026
Response Filed
Jun 03, 2026
Final Rejection mailed — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670237
DYNAMIC REALLOCATION OF COMPUTING RESOURCES BASED ON MONITORED USAGE ACTIVITIES OF CLIENT SYSTEMS
8y 2m to grant Granted Jun 30, 2026
Patent 12670493
PRIVACY PRESERVING ASSET TRANSFER BETWEEN NETWORKS
4y 4m to grant Granted Jun 30, 2026
Patent 12651254
MULTI-TOKEN PROVISIONING, ONLINE PURCHASE TRANSACTION PROCESSING, AND CARD LIFE CYCLE MANAGEMENT SYSTEMS AND METHODS
2y 0m to grant Granted Jun 09, 2026
Patent 12646057
Communications Device, Point Of Sale Device, Payment Device and Methods
2y 5m to grant Granted Jun 02, 2026
Patent 12639713
UTILIZING A CONTINGENT ASSET SECURE TOKEN
1y 5m to grant Granted May 26, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
26%
Grant Probability
52%
With Interview (+26.0%)
4y 3m (~2y 5m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 309 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month