Prosecution Insights
Last updated: July 17, 2026
Application No. 18/899,432

END-TO-END ENCRYPTION FOR SESSIONLESS COMMUNICATIONS

Non-Final OA §103
Filed
Sep 27, 2024
Priority
May 11, 2021 — continuation of 11/502,839 +2 more
Examiner
TSANG, HENRY
Art Unit
2495
Tech Center
2400 — Computer Networks
Assignee
Citicorp Credit Services Inc. (Usa)
OA Round
1 (Non-Final)
80%
Grant Probability
Favorable
1-2
OA Rounds
8m
Est. Remaining
97%
With Interview

Examiner Intelligence

Grants 80% — above average
80%
Career Allowance Rate
370 granted / 465 resolved
+21.6% vs TC avg
Strong +17% interview lift
Without
With
+17.2%
Interview Lift
resolved cases with interview
Typical timeline
2y 5m
Avg Prosecution
15 currently pending
Career history
483
Total Applications
across all art units

Statute-Specific Performance

§101
4.4%
-35.6% vs TC avg
§103
81.5%
+41.5% vs TC avg
§102
1.8%
-38.2% vs TC avg
§112
8.4%
-31.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 465 resolved cases

Office Action

§103
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted by applicant dated 09/27/2024 has been considered by the examiner. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 5-8, 10-13, 15-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Davis et al. US 2017/0111336 (hereinafter Davis), in view of Mandyam et al. US 2017/0289197 (hereinafter Mandyam). As per claim 1, Davis teaches a method, comprising: receiving, by a first server, a request for a customer device to access a second server, the request including input data and a token, the token generated by the first server to permit the customer device access to the second server (Davis paragraph [0044]-[0045], [0052], [0083], [0086], gateway receives a request from a client to access resource. The request includes data and a token that was generated by the gateway); validating, by the first server, the token in the request (Davis paragraph [0092], verify the token); sending, by the first server, the input data of the request to the second server, responsive to validating the token (Davis paragraph [0096]-[0097], gateway send the request to resource server); receiving, by the first server, a response including output data generated by the second server based on the input data (Davis paragraph [0050], [0065], [0098], gateway receives response from the resource server); and transmitting, by the first server, the response including the output data with the token to the customer device (Davis paragraph [0050], [0065], [0098], gateway sends response to client). Davis does not explicitly disclose token comprising an encryption key; validating using the encryption key used to generate at least a portion of the token. Mandyam teaches token comprising an encryption key (Mandyam paragraph [0075], access token includes key); validating using the encryption key used to generate at least a portion of the token (Mandyam paragraph [0075], [0081], validating using the key included in the access token). Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Davis of issuing an access token and authenticating the access token to gain access to resources with the teachings of Mandyam to include an access token comprising a key and validating using the key in order to provide multiple factors for authenticating the access token. As per claim 2, Davis in view of Mandyam teaches the method of claim 1, further comprising: receiving, by the first server, a second request for a second customer device to access the second server, the request including a second token comprising a second encryption key generated by the first server to grant the second customer device access to the second server (Davis paragraph [0044]-[0045], [0052], [0083], [0086], gateway receives a request from a client to access resource. The request includes data and a token that was generated by the gateway; Mandyam paragraph [0075], access token includes key); determining, by the first server, that the second token in the request is not validated using the second encryption key used to generate at least a portion of the second token (Davis paragraph [0092], verify the token and determine token is not valid; Mandyam paragraph [0075], [0081], validating using the key included in the access token); and restricting, by the first server, the customer device from accessing the second server, responsive to determining that the second token is not validated (Davis paragraph [0092], gateway rejects the request). As per claim 3, Davis in view of Mandyam teaches the method of claim 1, wherein receiving the request further comprises receiving the request at least partially encrypted using a second encryption key for communications between the first server and the customer device, decrypting, by the first server, the request using a third encryption key associated with the second encryption key; and wherein validating the token further comprises validating the token in the decrypted request using the encryption key used to generate at least a portion of the token (Davis paragraph [0044]-[0045], [0052], [0083], [0086], gateway receives a request from a client to access resource. Davis paragraph [0092], verify the token; Mandyam paragraph [0075], [0081], validating using the key included in the access token. Mandyam paragraph [0075], [0076], communications between client and server is encrypted and decrypted using corresponding public and private keys). As per claim 5, Davis in view of Mandyam teaches the method of claim 1, wherein receiving the request further comprises receiving the request including the token comprising a policy, the policy defining a lifetime period in which the token is valid relative to the generation of the token; and wherein validating the token further comprises determining that the token is valid based on a current time being within the lifetime period defined by the policy (Davis paragraph [0092], token includes an expiration time, verify if the token is expired or not). As per claim 6, Davis in view of Mandyam teaches the method of claim 1, wherein sending the input data further comprises sending the request to invoke a function of the second server, and wherein receiving the response further comprises receiving the response including the output data in accordance with the function (Davis paragraph [0044]-[0045], [0050], [0065], [0096]-[0098], gateway send the request to resource server. Resource server performs the requested operation and provides output data). As per claim 7, Davis in view of Mandyam teaches the method of claim 1, wherein sending the input data further comprises sending the request to store the input data on the second server, and wherein receiving the response further comprises receiving the response indicating storage of the input data by the second server (Davis paragraph [0044]-[0045], [0050], [0065], [0096]-[0098], perform requested operation such as writing data to storage and output a result of the operation). As per claim 8, Davis in view of Mandyam teaches the method of claim 1, wherein sending the input data further comprises removing the token from the request prior to sending the input data to the second server, and wherein transmitting the response further comprises adding the token to the response prior to forwarding the response with the output data to the customer device (Davis paragraph [0050], [0065], [0092], [0096]-[0098], gateway send the request to resource server and sends response to client). As per claim 10, Davis in view of Mandyam teaches the method of claim 1, further comprising: generating, by the first server, the token to be used to encrypt and decrypt data communicated between the customer device and the first server, and transmitting, by the first server, to the customer device, a second response including the token to be used for accessing the second server via the first server (Davis paragraph [0083]-[0084], gateway generates token and sends it to the client). As per claims 11-13, 15-18 and 20, the claims claim a system essentially corresponding to the method claims 1-3, 5-8 and 10 above, and they are rejected, at least for the same reasons. Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Davis in view of Mandyam, and further in view of Laurie et al. US 2010/0325441 (hereinafter Laurie). As per claim 4, Davis in view of Mandyam teaches the method of claim 1. Davis in view of Mandyam does not explicitly disclose wherein receiving request further comprises receiving the request including token comprising a signature previously generated by first server to authenticate customer device; and wherein validating the token further comprises determining that the token is valid based on the portion of the token corresponding to the signature. Laurie teaches wherein receiving request further comprises receiving the request including token comprising a signature previously generated by first server to authenticate customer device; and wherein validating the token further comprises determining that the token is valid based on the portion of the token corresponding to the signature (Laurie paragraph [0087], [0090], sign and issue token. Receive request with token and verify signature of the token). Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Davis in view of Mandyam of issuing an access token and authenticating the access token to gain access to resources with the teachings of Laurie to include signing a token and verifying the signature of the token in order to provide integrity protection and verification of the access token. As per claim 14, the claim claims a system essentially corresponding to the method claim 4 above, and is rejected, at least for the same reasons. Claims 9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Davis in view of Mandyam, and further in view of Choi USPN 11,070,532. As per claim 9, Davis in view of Mandyam teaches the method of claim 1, wherein transmitting the response further comprises transmitting the response including the output data (Davis paragraph [0050], [0065], [0098], gateway sends response to client). Davis in view of Mandyam does not explicitly disclose transmitting over session-less communications between a client device and a server. Choi teaches transmitting over session-less communications between a client device and a server (Choi col 3 lines 45-50, sessionless communication between server and client). Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Davis in view of Mandyam of communications between a client device and a server with the teachings of Choi to include a sessionless communication between server and client because the results would have been predictable and resulted in a sessionless communication between the client device and server. As per claim 19, the claim claims a system essentially corresponding to the method claim 9 above, and is rejected, at least for the same reasons. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959. The examiner can normally be reached M-F 9am - 5pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HENRY TSANG/Primary Examiner, Art Unit 2495
Read full office action

Prosecution Timeline

Sep 27, 2024
Application Filed
Apr 22, 2026
Non-Final Rejection mailed — §103
Jun 10, 2026
Interview Requested
Jun 16, 2026
Applicant Interview (Telephonic)
Jun 16, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12671583
SECURE FILE SHARING METHOD AND SYSTEM
4y 5m to grant Granted Jun 30, 2026
Patent 12671584
GENERATING DEEP-LINKED STOCHASTIC IMAGES
2y 7m to grant Granted Jun 30, 2026
Patent 12652527
Protection of Non-Access Stratum Communication in a Wireless Communication Network
2y 3m to grant Granted Jun 09, 2026
Patent 12652165
MULTI-PARTY COMPUTATION SYSTEM
2y 3m to grant Granted Jun 09, 2026
Patent 12647404
Coordination and management of keys and instructions for multiple encryption
2y 8m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
80%
Grant Probability
97%
With Interview (+17.2%)
2y 5m (~8m remaining)
Median Time to Grant
Low
PTA Risk
Based on 465 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month