Prosecution Insights
Last updated: July 17, 2026
Application No. 18/906,749

SYSTEMS AND METHODS TO TRANSFER HIGH ENTROPY KEYS

Final Rejection §103§112
Filed
Oct 04, 2024
Priority
Nov 03, 2023 — provisional 63/595,876
Examiner
MAI, KEVIN S
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
Dashlane SAS
OA Round
2 (Final)
30%
Grant Probability
At Risk
3-4
OA Rounds
2y 11m
Est. Remaining
55%
With Interview

Examiner Intelligence

Grants only 30% of cases
30%
Career Allowance Rate
128 granted / 432 resolved
-28.4% vs TC avg
Strong +26% interview lift
Without
With
+25.7%
Interview Lift
resolved cases with interview
Typical timeline
4y 8m
Avg Prosecution
36 currently pending
Career history
474
Total Applications
across all art units

Statute-Specific Performance

§101
0.5%
-39.5% vs TC avg
§103
95.8%
+55.8% vs TC avg
§102
3.1%
-36.9% vs TC avg
§112
0.5%
-39.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 432 resolved cases

Office Action

§103 §112
DETAILED ACTION This Office Action has been issued in response to Applicant's Amendment filed March 16, 2026. Claims 1 and 8 have been amended. Claims 1-20 have been examined and are pending. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed March 16, 2026 have been fully considered but they are not persuasive. Applicant argues Lambert does not disclose encrypting a high entropy key comprising a device secret or sending a bundle with the encrypted key and ephemeral public key. Paragraph [0086] of Lambert discloses a public key of the device is encrypted with the first encryption key. Paragraph [0087] of Lambert discloses a hash of the public ephemeral key of the remote device, a public ephemeral key of the device, and the encrypted public key of the device are transmitted to the remote device. Applicant argues the encrypted public key is not analogous to the high entropy key that comprises a stored device secret. As understood by the examiner in the context of the claims it is reasonably analogous since it is a secret that is stored on the device. Although it is called a public key, it is being encrypted and not otherwise exposed and thus is reasonably secret. Applicant argues the references do not disclose a code that comprises an encoding of the ephemeral public key. Paragraph [0099] of Lambert discloses the printer 128 then exposes a public ephemeral key 230 by presenting, via a display of the printer, a QR code 702 that includes the public ephemeral key. Applicant argues the references do not disclose a request for key exchange. Paragraph [0007] of Lambert discloses a first message is transmitted to the remote device that includes a hash of the first public ephemeral key, a second public ephemeral key of the device, the encrypted first public key of the device, and the first encrypted hash value. Paragraph [0084] of Lambert discloses the user initiates a network connection application of the printer 128, which then displays a quick response code (QR code) that includes the public ephemeral key 230 of the printer. Paragraph [0085] of Lambert discloses the first encryption key may also include a self-declared key name or other information useful to identify the authentication session. Paragraph [0051] of Lambert discloses the peer keys 138 of the responder 204 also include an ephemeral key pair of a private ephemeral key 228 and a public ephemeral key 230 Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claim 8 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The claim recites “receiving, by the trusted device and through a user interface, a user input including a first code, the first code comprising an encoding of the second ephemeral public key.” Examiner was unable to find support for this in the specification. Paragraph [0041] of applicant’s specification discloses generating the graphic code includes encoding the second public key 218 into the graphic code. In examples, the graphic code may include one of a linear barcode or a quick response (“QR”) code. However, this is in reference to the QR code or barcode not a code entered in by a user. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-5, 8, 9, 11-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. 2019/0089532 to Lambert et al. (hereinafter “Lambert”) and further in view of US Pub. No. 2024/0283657 to Jose et al. (hereinafter “Jose”). As to Claim 1, Lambert discloses a method for transferring a high entropy key, comprising: generating, by a trusted device, a first key pair including a first ephemeral public key and a first ephemeral private key (Paragraph [0043] of Lambert discloses the keys 112 of the initiator 202 also include an ephemeral key pair of a private ephemeral key 212 and a public ephemeral key 214); capturing, by a camera of the trusted device, a graphic code that is based on a second ephemeral public key and that is displayed by an untrusted device (Paragraph [0099] of Lambert discloses the printer 128 then exposes a public ephemeral key 230 by presenting, via a display of the printer, a QR code 702 that includes the public ephemeral key); extracting, by the trusted device, the second ephemeral public key from the graphic code (Paragraph [0084] of Lambert discloses the user then scans, with an optical sensor of the smart-phone, the QR code such that the authenticator 116 receives the public ephemeral key 230 of the responder 204); generating, by the trusted device, a first instance of a symmetric key based on the first ephemeral private key and the second ephemeral public key (Paragraph [0062] of Lambert discloses the authenticator 116 uses an HKDF to provide a shared key 216 based on a private ephemeral key 212 of the initiator 202 and the public ephemeral key 230 of the responder 204); encrypting, by the trusted device, a high entropy key with the first instance of the symmetric key, wherein the high entropy key comprises a device secret stored in a memory of the trusted device (Paragraph [0086] of Lambert discloses a public key of the device is encrypted with the first encryption key. Paragraph [0087] of Lambert discloses a hash of the public ephemeral key of the remote device, a public ephemeral key of the device, and the encrypted public key of the device are transmitted to the remote device); and sending, by the trusted device, a bundle comprising the encrypted high entropy key and the first ephemeral public key [to a server] for transfer to the untrusted device (Paragraph [0087] of Lambert discloses a hash of the public ephemeral key of the remote device, a public ephemeral key of the device, and the encrypted public key of the device are transmitted to the remote device). Lambert does not explicitly disclose sending to a server. However, Jose discloses this. Paragraph [0105] of Jose discloses the authentication client may send the entered dynamic validator to the authentication server. The authentication server may send an authentication response to the requesting digital service along with the authenticated user's information. It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the authentication system as disclosed by Lambert, with using a server as disclosed by Jose. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Lambert and Jose are directed toward authentication systems and as such it would be obvious to use the techniques of one in the other. Paragraph [0045] of Lambert discloses In some cases, a third party, such as an authentication server provides the unique identifier 114 based on a device key (e.g., public key 210) provided to the server. In such cases, the server may associate and store the unique identifier 114 with the device key to enable strong authentication. Lambert discloses implementations including a server. As to Claim 2, Lambert-Jose discloses the method of claim 1, wherein the graphic code includes one of a linear barcode or a quick response (“QR”) code (Paragraph [0099] of Lambert discloses the printer 128 then exposes a public ephemeral key 230 by presenting, via a display of the printer, a QR code 702 that includes the public ephemeral key). As to Claim 3, Lambert-Jose discloses the method of claim 1, wherein the graphic code is displayed on a display screen, wherein the display screen is either integrated with the untrusted device or external, yet communicatively coupled, to the untrusted device (Paragraph [0099] of Lambert discloses the printer 128 then exposes a public ephemeral key 230 by presenting, via a display of the printer, a QR code 702 that includes the public ephemeral key). As to Claim 4, Lambert-Jose discloses the method of claim 1, wherein the encrypted high entropy key is decryptable to obtain the high entropy key by using a second instance of the symmetric key (Paragraph [0079] of Lambert discloses the encrypted public key of the remote device is decrypted with the encryption key) that is generated by the untrusted device using the first ephemeral public key and a second ephemeral private key (Paragraph [0073] of Lambert discloses peer authenticator 142 uses an HKDF to provide a shared key 232 based on a private ephemeral key 228 of the responder 204 and the public ephemeral key 214 of the initiator 202), wherein the second ephemeral private key and the second ephemeral public key were generated by the untrusted device as a second key pair (Paragraph [0051] of Lambert discloses the peer keys 138 of the responder 204 also include an ephemeral key pair of a private ephemeral key 228 and a public ephemeral key 230). As to Claim 5, Lambert-Jose discloses the method of claim 4, wherein each of the first instance of the symmetric key and the second instance of the symmetric key is generated using one of a Diffie-Hellman key exchange algorithm, an elliptic-curve Diffie-Hellman (“ECDH”) key agreement algorithm, an authenticated key exchange (“AKE”) algorithm, or another key-agreement algorithm (Paragraph [0041] of Lambert discloses each of the initiator 202 and responder 204 are capable of cryptographic operations and may support any suitable type of cryptosystem, such as elliptic-curve cryptography (ECC), elliptic-curve Diffie-Hellman (ECDH) cryptography). As to Claim 8, Lambert discloses a method, comprising: generating, by a trusted device, a first key pair including a first ephemeral public key and a first ephemeral private key (Paragraph [0043] of Lambert discloses the keys 112 of the initiator 202 also include an ephemeral key pair of a private ephemeral key 212 and a public ephemeral key 214); sending, by the trusted device and [to a server], a request for a second ephemeral public key that is generated by the untrusted device (Paragraph [0058]of Lambert discloses the public ephemeral key is exposed via near-field communication (NFC), radio frequency identification (RFID), a personal area network (e.g., low-power BlueTooth™), or a display of the device); receiving, by the trusted device and [from the server], the second ephemeral public key (Paragraph [0058]of Lambert discloses the public ephemeral key is exposed via near-field communication (NFC), radio frequency identification (RFID), a personal area network (e.g., low-power BlueTooth™), or a display of the device); [receiving, by the trusted device and through a user interface, a user input including a first code], the first code comprising an encoding of the second ephemeral public key (Paragraph [0099] of Lambert discloses the printer 128 then exposes a public ephemeral key 230 by presenting, via a display of the printer, a QR code 702 that includes the public ephemeral key); decoding, by the trusted device, the first code to obtain the second ephemeral public key; performing one of: a first comparison, by the trusted device, of the second ephemeral public key received from the server with the second ephemeral public key that is decoded from the first code; or a second comparison, by the trusted device, of the first code with a second code derived from a user identifier and the second ephemeral public key that is received from the server]; after obtaining a match for the one of the first comparison or the second comparison, generating, by the trusted device, a first instance of a symmetric key based on the first ephemeral private key and the second ephemeral public key (Paragraph [0062] of Lambert discloses the authenticator 116 uses an HKDF to provide a shared key 216 based on a private ephemeral key 212 of the initiator 202 and the public ephemeral key 230 of the responder 204); encrypting, by the trusted device, a high entropy key with the first instance of the symmetric key (Paragraph [0086] of Lambert discloses a public key of the device is encrypted with the first encryption key. Paragraph [0087] of Lambert discloses a hash of the public ephemeral key of the remote device, a public ephemeral key of the device, and the encrypted public key of the device are transmitted to the remote device); and sending, by the trusted device, the encrypted high entropy key [to the server] for transfer to the untrusted device (Paragraph [0087] of Lambert discloses a hash of the public ephemeral key of the remote device, a public ephemeral key of the device, and the encrypted public key of the device are transmitted to the remote device). Lambert does not explicitly disclose sending and receiving to a server and receiving, by the trusted device and through a user interface, a user input including a first code and decoding, by the trusted device, the first code to obtain the second ephemeral public key and performing one of: a first comparison, by the trusted device, of the second ephemeral public key received from the server with the second ephemeral public key that is decoded from the first code; or a second comparison, by the trusted device, of the first code with a second code derived from a user identifier and the second ephemeral public key that is received from the server. However, Jose discloses this. Paragraph [0105] of Jose discloses the authentication client may send the entered dynamic validator to the authentication server. The authentication server may send an authentication response to the requesting digital service along with the authenticated user's information. Paragraph [0269] of Jose discloses the user software can display an input for the user to input the validation code. Paragraph [0329] of Jose discloses the authentication application 1906 may be used to scan and decode the QR code (authentication ID 2104) and use the thumbprint to determine if a server public key matching the thumbprint is available in the local device storage 1932 of the mobile device 1904. Examiner recites the same rationale to combine used for claim 1. As to Claim 9, Lambert-Jose discloses the method of claim 8, further comprising: generating, by the trusted device, a graphic code that is based on the first ephemeral public key and the user identifier; displaying, by the trusted device, the graphic code for capture by a camera of an untrusted device; wherein the user identifier includes a user email or user identification information, wherein the graphic code includes one of a linear barcode or a quick response (“QR”) code (Paragraph [0099] of Lambert discloses the printer 128 then exposes a public ephemeral key 230 by presenting, via a display of the printer, a QR code 702 that includes the public ephemeral key. Paragraph [0071] of Lambert discloses a public ephemeral key of a remote device is received at a device. The public ephemeral key may be received via any suitable interface of the device, such as a wireless network interface, camera, NFC module, RFID module, WPAN radio, or user-input interface). As to Claim 11, Lambert-Jose discloses the method of claim 8, wherein the first code corresponds to a second code that is generated by the untrusted device based on the user identifier and the second ephemeral public key and that is displayed by the untrusted device, wherein the second code is one of a word, an alphanumeric code, or a random code (Paragraph [0331] of Jose discloses generating an alphanumeric code for manual entry). Examiner recites the same rationale to combine used for claim 1. As to Claim 12, Lambert-Jose discloses the method of claim 11, wherein the alphanumeric code includes a multiple-digit code (Paragraph [0331] of Jose discloses generating an alphanumeric code for manual entry). Examiner recites the same rationale to combine used for claim 1. As to Claim 13, Lambert-Jose discloses the method of claim 8, wherein the encrypted high entropy key is decryptable to obtain the high entropy key by using a second instance of the symmetric key (Paragraph [0079] of Lambert discloses the encrypted public key of the remote device is decrypted with the encryption key) that is generated by the untrusted device using the first ephemeral public key and a second ephemeral private key (Paragraph [0073] of Lambert discloses peer authenticator 142 uses an HKDF to provide a shared key 232 based on a private ephemeral key 228 of the responder 204 and the public ephemeral key 214 of the initiator 202), wherein the second ephemeral private key and the second ephemeral public key were generated by the untrusted device as a second key pair (Paragraph [0051] of Lambert discloses the peer keys 138 of the responder 204 also include an ephemeral key pair of a private ephemeral key 228 and a public ephemeral key 230). As to Claim 14, Lambert-Jose discloses the method of claim 13, wherein each of the first instance of the symmetric key and the second instance of the symmetric key is generated using one of a Diffie-Hellman key exchange algorithm, an elliptic-curve Diffie-Hellman (“ECDH”) key agreement algorithm, an authenticated key exchange (“AKE”) algorithm, or another key-agreement algorithm (Paragraph [0041] of Lambert discloses each of the initiator 202 and responder 204 are capable of cryptographic operations and may support any suitable type of cryptosystem, such as elliptic-curve cryptography (ECC), elliptic-curve Diffie-Hellman (ECDH) cryptography). As to Claim 15, Lambert discloses a server, comprising: a processing system; and memory coupled to the processing system, the memory comprising computer executable instructions that, when executed by the processing system, causes the server to perform operations comprising: receiving, from an untrusted device, a first request for a key exchange with a trusted device, the first request including a transfer identifier (“ID”) and a cryptographic hash of a second ephemeral public key, the second ephemeral public key being generated by the untrusted device as a second key pair with a second ephemeral private key (Paragraph [0007] of Lambert discloses a first message is transmitted to the remote device that includes a hash of the first public ephemeral key, a second public ephemeral key of the device, the encrypted first public key of the device, and the first encrypted hash value. Paragraph [0084] of Lambert discloses the user initiates a network connection application of the printer 128, which then displays a quick response code (QR code) that includes the public ephemeral key 230 of the printer. Paragraph [0085] of Lambert discloses the first encryption key may also include a self-declared key name or other information useful to identify the authentication session. Paragraph [0051] of Lambert discloses the peer keys 138 of the responder 204 also include an ephemeral key pair of a private ephemeral key 228 and a public ephemeral key 230); receiving, from the trusted device, a second request for a key exchange with the untrusted device (Paragraph [0084] of Lambert discloses the user initiates a network connection application of the printer 128); in response to receiving the second request, sending, to the trusted device, the transfer ID and the cryptographic hash of the second ephemeral public key (Paragraph [0084] of Lambert discloses the user initiates a network connection application of the printer 128, which then displays a quick response code (QR code) that includes the public ephemeral key 230 of the printer. Paragraph [0085] of Lambert discloses the first encryption key may also include a self-declared key name or other information useful to identify the authentication session); receiving, from the trusted device, a third request to send a first ephemeral public key to the untrusted device, the third request including the first ephemeral public key and the transfer ID (Paragraph [0060] of Lambert discloses a first message is received from a remote device that includes a hash of the public ephemeral key of the device and an encrypted public key of the remote device. Paragraph [0085] of Lambert discloses the first encryption key may also include a self-declared key name or other information useful to identify the authentication session); in response to receiving the third request, sending, to the untrusted device, the first ephemeral public key (Paragraph [0060] of Lambert discloses a first message is received from a remote device that includes a hash of the public ephemeral key of the device and an encrypted public key of the remote device); receiving, from the untrusted device, a fourth request to send a second ephemeral public key to the trusted device, the fourth request including the second ephemeral public key and the transfer ID (Paragraph [0084] of Lambert discloses the user initiates a network connection application of the printer 128, which then displays a quick response code (QR code) that includes the public ephemeral key 230 of the printer. Paragraph [0085] of Lambert discloses the first encryption key may also include a self-declared key name or other information useful to identify the authentication session); in response to receiving the fourth request, sending, to the trusted device, the second ephemeral public key (Paragraph [0084] of Lambert discloses the user initiates a network connection application of the printer 128, which then displays a quick response code (QR code) that includes the public ephemeral key 230 of the printer); receiving, from the trusted device, an encrypted high entropy key that is encrypted by the trusted device using a first instance of a symmetric key (Paragraph [0060] of Lambert discloses a first message is received from a remote device that includes a hash of the public ephemeral key of the device and an encrypted public key of the remote device. Paragraph [0086] of Lambert discloses a public key of the device is encrypted with the first encryption key. Paragraph [0087] of Lambert discloses a hash of the public ephemeral key of the remote device, a public ephemeral key of the device, and the encrypted public key of the device are transmitted to the remote device); and sending, to the untrusted device, the encrypted high entropy key (Paragraph [0060] of Lambert discloses a first message is received from a remote device that includes a hash of the public ephemeral key of the device and an encrypted public key of the remote device. Paragraph [0086] of Lambert discloses a public key of the device is encrypted with the first encryption key. Paragraph [0087] of Lambert discloses a hash of the public ephemeral key of the remote device, a public ephemeral key of the device, and the encrypted public key of the device are transmitted to the remote device). Lambert does not explicitly disclose a server transferring the messages. However, Jose discloses this. Paragraph [0105] of Jose discloses the authentication client may send the entered dynamic validator to the authentication server. The authentication server may send an authentication response to the requesting digital service along with the authenticated user's information. Examiner recites the same rationale to combine used for claim 1. As to Claim 16, Lambert-Jose discloses the server of claim 15, wherein the first instance of the symmetric key is generated by using a first ephemeral private key and the second ephemeral public key after verification of the untrusted device (Paragraph [0062] of Lambert discloses the authenticator 116 uses an HKDF to provide a shared key 216 based on a private ephemeral key 212 of the initiator 202 and the public ephemeral key 230 of the responder 204), wherein the encrypted high entropy key is decryptable to obtain a high entropy key by using a second instance of the symmetric key (Paragraph [0079] of Lambert discloses the encrypted public key of the remote device is decrypted with the encryption key) that is generated by the untrusted device using the first ephemeral public key and the second ephemeral private key (Paragraph [0073] of Lambert discloses peer authenticator 142 uses an HKDF to provide a shared key 232 based on a private ephemeral key 228 of the responder 204 and the public ephemeral key 214 of the initiator 202). As to Claim 17, Lambert-Jose discloses the server of claim 15, wherein a comparison, by the trusted device, of the cryptographic hash of the second ephemeral public key and a hash of the second ephemeral public key that is performed by the trusted device is used to verify the untrusted device (Paragraph [0091] of Lambert discloses the first authentication tag may be decrypted to expose or provide a hash value useful to determine ownership of the public key received from the other device. Continuing the ongoing example, the authenticator 116 decrypts the first encrypted authentication tag to provide a hash value useful to determine if the responder 204 owns the previously decrypted public key 226). As to Claim 18, Lambert-Jose discloses the server of claim 17, wherein the cryptographic hash of the second ephemeral public key is generated by the untrusted device based on a cryptographic hash function, wherein the cryptographic hash function includes a secure hash algorithm (“SHA”), wherein the hash of the second ephemeral public key that is performed by the trusted device is based on the cryptographic hash function including the SHA (Paragraph [0048] of Lambert discloses hashing module of the cryptography engine 220 may implement any set of cryptographic hash functions or comply with a particular standard, such as SHA256). As to Claim 19, Lambert-Jose discloses the server of claim 15, wherein the operations further comprise, prior to receiving the first request: receiving, from the untrusted device, an initial request for a high entropy key, the initial request including a device name of the untrusted device (Paragraph [0085] of Lambert discloses the first encryption key may also include a self-declared key name or other information useful to identify the authentication session); and in response to receiving the initial request, sending, to the untrusted device, the transfer ID (Paragraph [0085] of Lambert discloses the first encryption key may also include a self-declared key name or other information useful to identify the authentication session); wherein the second request includes an account email address, and wherein the device name of the untrusted device is sent to the trusted device in response to the second request (Paragraph [0191] of Jose discloses the server can request the user to input an email associated with the user profile. Paragraph [0085] of Lambert discloses the first encryption key may also include a self-declared key name or other information useful to identify the authentication session). Examiner recites the same rationale to combine used for claim 1. As to Claim 20, Lambert-Jose discloses the server of claim 15, wherein the operations further comprise: sending, to each of the untrusted device and the trusted device, a blind shared secret (Paragraph [0058]of Lambert discloses the public ephemeral key is exposed via near-field communication (NFC), radio frequency identification (RFID), a personal area network (e.g., low-power BlueTooth™), or a display of the device. Paragraph [0060] of Lambert discloses a first message is received from a remote device that includes a hash of the public ephemeral key of the device and an encrypted public key of the remote device), one or more common codes among a plurality of common codes being derived from the blind shared secret, wherein one of the untrusted device or the trusted device displays a prompt to a user to input at least one common code that is displayed on the other of the untrusted device or the trusted device, wherein the plurality of common codes includes at least one of words, alphanumeric codes, or random codes (Paragraph [0269] of Jose discloses the user software can display an input for the user to input the validation code. Paragraph [0252] of Jose discloses use signature validation with a public key corresponding to the application and/or a user device). Examiner recites the same rationale to combine used for claim 1. Claims 6 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Lambert-Jose and further in view of US Pub. No. 2013/0173915 to Hauland (hereinafter “Hauland”). As to Claim 6, Lambert-Jose discloses the method of claim 1. Lambert-Jose does not explicitly disclose wherein the second ephemeral public key is displayed together with a user identifier. However, Hauland discloses this. Figure 2 of Hauland discloses presenting the QR code along with the name “Jens” of the user. It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the QR code system as disclosed by Lambert, with displaying the user name as disclosed by Hauland. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Lambert and Hauland are directed toward QR code systems and as such it would be obvious to use the techniques of one in the other. Figure 1B of Hauland discloses presenting just the QR code. Figure 2 of Hauland discloses presenting the QR code along with the name “Jens” of the user. Accordingly the two techniques are known alternatives of each other. As to Claim 7, Lambert-Jose discloses the method of claim 6, wherein the user identifier includes a user email or user identification information (Figure 2 of Hauland discloses presenting the QR code along with the name “Jens” of the user). Examiner recites the same rationale to combine used for claim 6. Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Lambert-Jose and further in view of US Pub. No. 2023/0388286 to Zeng (hereinafter “Zeng”). As to Claim 10, Lambert-Jose discloses the method of claim 8. Lambert-Jose does not explicitly disclose wherein sending the request for the second ephemeral public key includes requesting the second ephemeral public key using a long polling-based real-time communication between the trusted device and the server. However, Zeng discloses this. Paragraph [0051] of Zeng discloses refreshing the secrets by long polling. Paragraph [0028] of Zeng discloses support any type of secret, including but not limited to tokens, key pairs, binary and blob text. It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the authentication system as disclosed by Lambert, with using long polling as disclosed by Zeng. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Lambert and Zeng are directed toward authentication systems and as such it would be obvious to use the techniques of one in the other. Paragraph [0051] of Zeng discloses Long polling may be a better scale solution to handle different kinds of requirements. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin S Mai whose telephone number is (571)270-5001. The examiner can normally be reached Monday to Friday 9AM to 5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KEVIN S MAI/Primary Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

Oct 04, 2024
Application Filed
Dec 29, 2025
Non-Final Rejection mailed — §103, §112
Mar 16, 2026
Response Filed
Jun 03, 2026
Final Rejection mailed — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12657306
BMC BASED HROT IMPLEMENTATION ESTABLISHING CHAIN OF TRUST IN A SECURED SERVER SYSTEM
3y 5m to grant Granted Jun 16, 2026
Patent 12506731
Conference Data Sharing Method and Conference Data Sharing System Capable of Communicating with Remote Conference Members
4y 8m to grant Granted Dec 23, 2025
Patent 12413610
ASSESSING SECURITY OF SERVICE PROVIDER COMPUTING SYSTEMS
3y 9m to grant Granted Sep 09, 2025
Patent 12406064
PRE-BOOT CONTEXT-BASED SECURITY MITIGATION
3y 3m to grant Granted Sep 02, 2025
Patent 12363200
PROVIDING EVENT STREAMS AND ANALYTICS FOR ACTIVITY ON WEB SITES
3y 2m to grant Granted Jul 15, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
30%
Grant Probability
55%
With Interview (+25.7%)
4y 8m (~2y 11m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 432 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month