Prosecution Insights
Last updated: July 17, 2026
Application No. 18/915,790

SYSTEMS AND METHODS OF MANAGING ORIGIN KEYS FOR CRYPTOGRAPHIC AUTHENTICATION

Non-Final OA §103
Filed
Oct 15, 2024
Priority
Oct 16, 2023 — provisional 63/544,314
Examiner
ZHAO, DON GORDON
Art Unit
2493
Tech Center
2400 — Computer Networks
Assignee
Capital One Services LLC
OA Round
1 (Non-Final)
87%
Grant Probability
Favorable
1-2
OA Rounds
5m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 87% — above average
87%
Career Allowance Rate
691 granted / 791 resolved
+29.4% vs TC avg
Strong +16% interview lift
Without
With
+16.3%
Interview Lift
resolved cases with interview
Typical timeline
2y 2m
Avg Prosecution
19 currently pending
Career history
803
Total Applications
across all art units

Statute-Specific Performance

§101
1.2%
-38.8% vs TC avg
§103
82.5%
+42.5% vs TC avg
§102
1.9%
-38.1% vs TC avg
§112
8.2%
-31.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 791 resolved cases

Office Action

§103
DETAILED ACTION Claims 1-20 are presented on 10/15/2024 for examination on merits. Claims 1, 8, and 16 are independent base claims. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Examiner's Instructions for filing Response to this Office Action When the Applicant submits amendments regarding to the claims in response the Office Action, the Examiner would appreciate Applicant if a clean copy of the claims is provided to facilitate the prosecution which otherwise requires extra time for editing the marked-up claims from OCR. Please submit two sets of claims: Set #1 as in a typical filing which includes indicators for the status of claim and all marked amendments to the claims; and Set #2 as an appendix to the Arguments/Remarks for a clean version of the claims which has all the markups removed for entry by the Examiner. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Rule (US 20200184462 A1) in view of Kurn (US 20020141593 A1), and further in view of MARUYAMA (US 20210234684 A1; hereinafter “Maru”). As per claim 1, Rule teaches a method for managing origin keys for cryptographic authentication, comprising: creating, by a server, at least one super origin key (Rule FIG. 5, Step 510: issue master keys, which is mapped to at least one super origin key. See also par. 0102-0105); diversifying, by the server, the at least one super origin key into at least one origin key (Rule FIG. 5, Step 520: diversify master keys based on unique ID number and PAN PSN. See also par. 0077-0079 and 0102-0105 for the diversified keys); generating, by the server, a plurality of secret sharing portions of the at least one origin key (Rule par. 0059, 0069-0073, and 0111: the shared secret 232; generating and transmitting … shared secret for verification of the cryptogram); While Rule discloses using the diversification algorithm 248 for key diversification; par. 0077-0080, Rule does not explicitly disclose dividing secret sharing portions into multiple parts and encrypting the multiple parts. This aspect of the claim is identified as a further difference. In a related art, Kurn teaches: dividing, [by the server], the plurality of secret sharing portions into multiple parts (Kurn, par. 0184: the secret is divided among a plurality of people. As each owner's secret portion is generated, it is encrypted with that owner's public key and stored in the database 30. Note that Kurn discloses master keys and shares; par. 0076-0078); encrypting, [by the server], the multiple parts of the plurality of secret sharing portions (Kurn, par. 0184-0188: owner's secret portions are generated, and each encrypted with that owner's public key and stored in the database 30 … for later reconstruction); and transmitting, [by the server], the encrypted multiple parts of the plurality of secret sharing portions to multiple entities (Kurn, par. 0107-0109: a share of the Protection Key 24 or parts of secret sharing are stored on the database 30 [of] each owner and encrypted therein. This implies that secret sharing portions are sent to multiple owners or entities for storage. see par. 0091: the Bloom-Shamir sharing algorithm is used for the division. The number of shares is dictated by the count of Owners). Rule and Kurn are analogous art to the claimed invention in the same field of endeavor as the claimed invention in improving key management, or reasonably pertinent to the problem faced by the inventor, which may be in a different field. Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Rule’s system with Kurn’s teachings of dividing the secret among a plurality of people ow owners for later reconstruction of the key. For this combination, the motivation would have been to improve the level of security with secret portions stored at a number of different places. However, Rule and Kurn appear to be silent about the aspect that the shares after being encrypted are transmitted to each owner. This aspect of the claim is identified as a further difference. In a related art, Maru teaches: encrypting, by the server, the multiple parts of the plurality of secret sharing portions; transmitting, by the server, the encrypted multiple parts of the plurality of secret sharing portions to multiple entities (Maru par. 0072-0073: the information processing server 20 includes a distribution key manager 210 as shown in FIG. 5, which divides a user key of a share-source user through a secret distribution process to generate a plurality of distribution keys, which are sent to each user; 0044-0048. For example, a distribution key S1 and a distribution key S2 are transmitted to users through a secret distribution process; par. 0049-0051) Maru is analogous art to the claimed invention in the same field of endeavor as the claimed invention in improving key management. Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the Rule-Kurn system with Maru’s teachings of dividing and encrypting a secret for users and sending them to user terminals. For this combination, the motivation would have been to improve the level of security with centralized management of secret portions for different user terminals. As per claim 2, the references as combined above teach the method of claim 1, wherein the at least one super origin key comprises an encryption super origin key (Rule, par. 0106: For example, a first master key may comprise the data encryption master key). As per claim 3, the references as combined above teach the method of claim 1, wherein the at least one super origin key comprises an authentication super origin key (Rule, par. 0087: For example, the first master key 405 may comprise an Issuer Cryptogram Generation/Authentication Key (Iss-Key-Auth)). As per claim 4, the references as combined above teach the method of claim 1, wherein the at least one origin key comprises an encryption origin key or an authentication origin key (Rule, par. 0083: The first key may include an authentication master key (Card Cryptogram Generation/Authentication Key-Card-Key-Auth), and may be further diversified to create a MAC session key used when generating and verifying a MAC cryptogram. The second key may comprise an encryption master key (Card Data Encryption Key-Card-Key-DEK)). As per claim 5, the references as combined above teach the method of claim 1, wherein the at least one origin key comprises an authentication origin key (Rule, par. 0083: The first key may include an authentication master key. Note that Rule discloses these diversified keys may comprise a first key and a second key). As per claim 6, the references as combined above teach the method of claim 1, wherein the diversifying, by the server, the at least one super origin key into at least one origin key is performed using an asymmetric encryption algorithm (Rule, par. 0066: public key asymmetric algorithms). As per claim 7, the references as combined above teach the method of claim 6, wherein the asymmetric encryption algorithm is a triple Data Encryption Standard (DES) algorithm (Rule, par. 0086: Triple DES (3DES) algorithm may be used). Regarding claim 8, the claim is similar to claim 1 and is therefore rejected using a similar rationale. As per claim 9, the references as combined above teach the system of claim 8, wherein the diversifying the at least one super origin key into at least one origin key is performed using a symmetric encryption algorithm (Rule, par. 0086, 0098, and 0110-0113: using a symmetric encryption algorithm). As per claim 10, the references as combined above teach the system of claim 9, wherein the symmetric encryption algorithm is an Advanced Encryption Standard (AES) algorithm (Rule, par. 100: Advanced Encryption Standard (AES), may be used). As per claim 11, the references as combined above teach the system of claim 8, wherein the server is further configured to assign an identification (ID) number to one of the multiple entities (Rule, par. 0043: a unique alphanumeric identifier assigned to a user of the contactless card 130). As per claim 12, the references as combined above teach the system of claim 11, wherein the diversifying the at least one super origin key into at least one origin key is performed based on the ID number of the one of the multiple entities (Rule, par. 0086: By using a key diversification process, one or more keys may be derived from a master key based upon uniquely identifiable information for each entity that requires a key.). As per claim 13, the references as combined above teach the system of claim 8, wherein the generating a plurality of secret sharing portions of the at least one origin key, is performed using a secret sharing algorithm (Rule, par. 0069: the process of setting up the communication session may involve sharing a random number between the sender and recipient, and the random number may be used as the shared secret 232). As per claim 14, the references as combined above teach the system of claim 8, wherein the transmitting the encrypted multiple parts of the plurality of secret sharing portions to multiple entities, comprises transmitting one encrypted part to one of the multiple entities (Rule, par. 0077-0078: The encrypted MAC 232 may be transmitted along with the message plaintext 234, which is consulted by one of the multiple entities - recipient). As per claim 15, the references as combined above teach the system of claim 8, wherein the transmitting the encrypted multiple parts of the plurality of secret sharing portions to multiple entities, comprises transmitting more than one encrypted part to one of the multiple entities (Kurn, par. 0107-0109: a share of the Protection Key 24 or parts of secret sharing for each owner implies that secret sharing portions are sent to multiple owners or entities for storage. see par. 0091: the Bloom-Shamir sharing algorithm is used for the division. The number of shares is dictated by the count of Owners). Regarding claim 16, the claim is similar to claim 1 and is therefore rejected using a similar rationale. As per claim 17, the references as combined above teach the non-transitory, computer-readable medium of claim 16, wherein transmitting the encrypted multiple parts of the plurality of secret sharing portions to multiple entities is performed through multiple secure channels (Rule, par. 0126-0127: the communication/authentication applet sets up a secure communication channel or secure form of data transmission between the communication/authentication applet and payment/transaction applet at 626 (block 656 of FIG. 6C) …over the secure communication channel). As per claim 18, the references as combined above teach the non-transitory, computer-readable medium of claim 16, wherein the actions further comprise diversifying the at least one super origin key into a secret share key (Rule, par. 0096: the shared secret of the contactless card … may be processed through the cryptographic MAC using the re-created Aut-Session-Key. See also par. 0074: Using the first diversified key 250 and the combined shared secret/plaintext, the MAC algorithm 236 may generate MAC output 23). As per claim 19, the references as combined above teach the non-transitory, computer-readable medium of claim 18, wherein generating a plurality of secret sharing portions of the at least one origin key is performed based on the secret share key (Rule, par. 0107-0112: produce the data encryption derived session key; may be processed through the cryptographic MAC using the re-created Aut-Session-Key. The secret sharing from the sender to the recipient requires sufficient information to identify additional secret information (such as shared secret, master keys, etc.), for verification of the cryptogram.). As per claim 20, the references as combined above teach the non-transitory, computer-readable medium of claim 16, wherein the at least one super origin key is created in a hardware security module (HSM) (Rule, par. 0082-0088: HSM, verification and processing of the MAC is simplified because 2-byte diversification is directly supported in the MAC authentication functions of payment HSMs; using the master key, the unique card-derived keys and the counter). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”). Any inquiry concerning this communication or earlier communications from the examiner should be directed to DON ZHAO whose telephone number is (571)272.9953. The examiner can normally be reached on Monday to Friday, 7:30 A.M to 5:00 P.M EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571.272.3862. The fax phone number for the organization where this application or proceeding is assigned is 571.273.8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800.786.9199 (IN USA OR CANADA) or 571.272.1000. /Don G Zhao/Primary Examiner, Art Unit 2493 04/08/2026
Read full office action

Prosecution Timeline

Oct 15, 2024
Application Filed
Apr 10, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12676871
Computer Security and Methods of Use Thereof
1y 9m to grant Granted Jul 07, 2026
Patent 12665919
METHOD AND SYSTEM FOR IMPLEMENTING A SERVICE THAT SIMPLIFIES NETWORK CYBER DEFENSE CAPABILITIES
3y 4m to grant Granted Jun 23, 2026
Patent 12665901
INFORMATION PROCESSING APPARATUS AND SERVICE PROVIDING SYSTEM
3y 2m to grant Granted Jun 23, 2026
Patent 12665921
RISK SCORING OF CLOUD PERMISSION ASSIGNMENTS USING SUPERVISED MACHINE LEARNING
2y 6m to grant Granted Jun 23, 2026
Patent 12665904
SECURE ASSET MANAGEMENT INFRASTRUCTURE FOR ENFORCING ACCESS CONTROL POLICIES
2y 2m to grant Granted Jun 23, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
87%
Grant Probability
99%
With Interview (+16.3%)
2y 2m (~5m remaining)
Median Time to Grant
Low
PTA Risk
Based on 791 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month