Prosecution Insights
Last updated: July 17, 2026
Application No. 18/965,272

ACCESS POINT OR ROUTER-BASED ROTATION AND EXCHANGE OF DATA ENCRYPTION/DECRYPTION KEYS

Non-Final OA §103
Filed
Dec 02, 2024
Priority
Dec 07, 2023 — provisional 63/607,443
Examiner
WALIULLAH, MOHAMMED
Art Unit
2498
Tech Center
2400 — Computer Networks
Assignee
CenturyLink Intellectual Property LLC
OA Round
1 (Non-Final)
87%
Grant Probability
Favorable
1-2
OA Rounds
9m
Est. Remaining
98%
With Interview

Examiner Intelligence

Grants 87% — above average
87%
Career Allowance Rate
632 granted / 729 resolved
+28.7% vs TC avg
Moderate +11% lift
Without
With
+11.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 4m
Avg Prosecution
23 currently pending
Career history
749
Total Applications
across all art units

Statute-Specific Performance

§101
3.8%
-36.2% vs TC avg
§103
81.5%
+41.5% vs TC avg
§102
1.2%
-38.8% vs TC avg
§112
6.8%
-33.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 729 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Election/Restrictions Applicant's election without traverse of 1-9,16-20 in the reply filed on 06/16/26 is acknowledged. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-5, 7, are rejected under 35 U.S.C. 103 as being unpatentable over HAO (CN 101459505 A:IDS supplied) in view of TANJI(US 20200220724 A1:IDS supplied). With regards to claim 1, 16 HAO discloses, A method, comprising: receiving, by a computing system and from a client device, a request for a key (page 2 para 10; the user equipment sending the private key generation request message to the key generation center, ); after confirming authentication of the client device, generating, by the computing system, a first key based at least in part on an identifier of the client [[device]] (Page 10 para 2; private key generation request unit 530, for sending authentication request to the bootstrapping server function unit sends the private key generation request message to the key generation center, so that the key generation centre after receiving said private key generation request message. and returning the shared key after the authentication is passed, the key generating centre generates user private key according to said private key generation request message, returning the user equipment by using the shared key encryption, a decryption unit 560 for receiving the encrypted user private key and decrypts to obtain the private key of the user. page 11 para 5; the private key generation request message is carried with the user ID, private key requirement parameter. ), wherein the first key is a temporary key (page 17 para 3; receiving valid period of said private key returned by said KGC); encrypting, by the computing system, the first key using a shared key, the shared key including a key or key-pair that is shared between the computing system and the client device(Page 10 para 2; the key generating centre generates user private key according to said private key generation request message, returning the user equipment by using the shared key encryption, a decryption unit 560 for receiving the encrypted user private key and decrypts to obtain the private key of the user.); and sending, by the computing system, the encrypted first key via a connection that is established between the client device and the computing system, wherein the encrypted first key, after being decrypted by the shared key (Page 10 para 2; the key generating centre generates user private key according to said private key generation request message, returning the user equipment by using the shared key encryption, a decryption unit 560 for receiving the encrypted user private key and decrypts to obtain the private key of the user.), is usable by the client device either to encrypt first data for sending over an external network via the computing system or to decrypt second data that is received over the external network via the computing system (page 11 para 8; private key application type comprises: encryption, signature, etc. different types, for example, if the user specified key application type is encrypted, the KGC can be selected which can generate private key generated by encrypting with a private key for the user algorithm. Note: by reciting “usable” applicant is not using private key, this is for intended use, therefor no rejection is rendered now ). after receiving, from the client device, first data that has been encrypted using the first key, sending, by the computing system, the encrypted first data to one of the external network or a first network device over the external network () HAO does not exclusively but TANJI teaches, generating, a first key based at least in part on an identifier of the client device (0033] an apparatus key generation unit to generate a communication apparatus key corresponding to the communication apparatus identifier using the communication apparatus identifier included in the key request, and to generate a terminal apparatus key corresponding to the terminal apparatus identifier using the terminal apparatus identifier included in the key request;). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO’s method with teaching of TANJI in order to a technique for sharing a key(TANJI [0001]) With regards to claim 2, HAO further discloses, wherein the computing system includes one of a wireless access point device, a router, a server, a gateway device, or other network node (Page 10 para 2; private key generation request unit 530, for sending authentication request to the bootstrapping server function unit sends the private key generation request message to the key generation center,). With regards to claim 3, HAO in view of TANJI teaches, wherein the identifier of the client device includes one of a media access control ("MAC") address, a serial number, a combination of model number and device number, or an Internet protocol ("IP") address (TANJI [0033] an apparatus key generation unit to generate a communication apparatus key corresponding to the communication apparatus identifier using the communication apparatus identifier includedinthe key request,into generate a terminal apparatus key correspondingtothe terminal apparatus identifier usingthe terminal apparatus identifier included in the key request; ). With regards to claim 4, HAO in view of TANJI teaches, wherein the first data and the second data each includes at least one of textual data, numerical data, alphanumerical data, image data, video data, game data, business data, health data, or personal data (TANJI [0154] The storage unit 220 stores data such as a first manufacturer key 221, a first manufacturer identifier 222, a gateway identifier 223, and a third in-vehicle apparatus identifier 224. A content of each data will be described later. [0155] These pieces of data are major data stored in the storage unit 220. The data stored in the storage unit 220 is managed securely so as not to leak to the outside.). With regards to claim 5, HAO further discloses, wherein confirming authentication of the client device comprises: authenticating, by the computing system, the client device; and after authenticating the client device, establishing, by the computing system, the connection between the client device and the computing system (Page 10 para 2; private key generation request unit 530, for sending authentication request to the bootstrapping server function unit sends the private key generation request message to the key generation center, so that the key generation centre after receiving said private key generation request message. and returning the shared key after the authentication is passed, the key generating centre generates user private key according to said private key generation request message,). With regards to claim 7, HAO in view of TANJI discloses, storing, by the computing system, one of the first key or the encrypted first key in a secure key storage system of a data storage device, in association with or in relation to the client device (TANJI [0175] The second manufacturer key 321, the second manufacturer identifier 322, and the first in-vehicle apparatus identifier 323 are stored in the auxiliary storage device 203 at the time they are received or generated.) and/or the identifier of the client device, wherein the data storage device is one of a local data storage device, a remote data storage device, or a cloud storage device. Claim(s) 6 is rejected under 35 U.S.C. 103 as being unpatentable over HAO (CN 101459505 A:IDS supplied) in view of TANJI(US 20200220724 A1:IDS supplied) and further in view of Bryska et al(US 20160019475 A1) With regards to claim 6, HAO in view of TANJI do not but Bryska teaches, wherein the computing system includes a wireless access point device (FIG 1 132 and associated text; ), wherein the method further comprises, after authenticating the client device and prior to establishing the connection (FIG 6 606 with “Yes” and associated text; ): generating and associating, by the wireless access point device, a first credential for and with the client device (FIG 2 208 and associated text; ); setting, by the wireless access point device, a first time-to-live ("TTL") value for the first credential, wherein the first TTL value corresponds to a first time period, during which the first credential is valid, the first time period corresponding to a duration of a first session between the client device and the wireless access point device (FIG 2 210 to 214 and associated text;); setting, by the wireless access point device, a second TTL value for the first credential, wherein the second TTL value corresponds to a second time period, during which the first credential is valid, a start of the second time period following termination of the first time period (FIG 6 608 with “NO”); and sending, by the wireless access point device, the first credential to the client device (FIG 2, 210 and associated text; ); wherein establishing the connection is performed after receiving the first credential from the client device, while one of the first TTL value or the second TTL value is valid (FIG 6, 608 with “Yes” and associated text;). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO in view of TANJI’s method with teaching of Bryska in order to authorizing a wireless client device for secured wireless access (Bryska [0003]). Claim(s) 8, is rejected under 35 U.S.C. 103 as being unpatentable over HAO (CN 101459505 A:IDS supplied) in view of TANJI(US 20200220724 A1:IDS supplied) and further in view of Khatri et al(US 20230239280 A1) With regards to claim 8, HAO in view of TANJI do not but Khatri teaches, in response to a determination or an indication that the client device has either lost connection to the computing system or lost power, causing, by the computing system, the first key to be invalidated or to expire (0012] In general, embodiments of the invention relate to a method and system for managing a storage system. Currently there are a few methods to manage drives by hardware resource manager. In one or more embodiments, the hardware resource manager stores key storage policies that specify whether a security key is to be stored. The security key may be obtained from a key management service (KMS), which may be an external entity that manages the security keys used to either secure (e.g., prevent access to) data in the storage devices of the storage system or to access (e.g., unlock) the data. The hardware resource manager may be, for example, a baseboard management controller (BMC), which in turn use the key(s) to protect the SEDs connected to it. The protection may be performed using encryption algorithms applied to the data in the SEDs. The key storage policy may specify policies for obtaining the security key and determining whether to store the security key for future use and/or when to delete the security key. The key storage policy may be determined by an administrator of the storage system. [0013] Embodiments of the invention include a method for initiating a boot-up of the hardware resource manager to determine whether communication with the KMS is intact. The hardware resource manager may further utilize key purge policies to determine a period of time, after a lost connection to the KMS, for storing the security key before deleting it (or purging it). The key purge policies may specify the time period as a combination of a synchronized real-time timer and a count-down timer. The synchronized real-time timer may utilize a point in time (e.g., a date and time) to determine when to purge the security key. Further, a count-down timer may initiate a specified period of time that counts down in response to detecting the lost connection.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO in view of TANJI’s method with teaching of Khatri in order to provide insurance in such a way that an adversary cannot steal the data even if they get access to the drives (Khatri [0001]). Claim(s) 9, 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over HAO (CN 101459505 A:IDS supplied) in view of TANJI(US 20200220724 A1:IDS supplied) and further in view of Zhang et al(CN 113747431 A). With regards to claim 9 HAO in view of TANJI do not but ZHANG teaches, further comprising one of: after receiving, from the client device, the first data that has been encrypted using the first key, sending, by the computing system, the encrypted first data to one of the external network or a first network device over the external network, wherein the first key includes one of an encryption key or a symmetric key (Page 9 para3/claim 8; wherein the user authentication is passed, the mobile device encrypts the device data, and the encrypted device data is transmitted to the cloud protection centre, comprising the following steps: the user authentication, the authentication server using international data encryption algorithm to generate the first key, and the first key broadcast to the current mobile device through the broadcast server; the current mobile device using the first key to encrypt the device data to obtain the encrypted device data, the first key as the attachment of the device data after encryption; the current mobile device passes through the firewall to the encrypted device data is transmitted to the broadcast server of the cloud protection centre.); or after receiving, from one of the external network or a second network device over the external network, the second data, encrypting, by the computing system, the second data using a second key, and sending, by the computing system, the encrypted second data to the client device, wherein the first key is used to decrypt the encrypted second data, wherein the first key includes one of a decryption key or the symmetric key. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO in view of TANJI’s method with teaching of ZHANG in order to provide data protection in cloud (ZHANG abstract). With regards to claim 16 HAO discloses, A method, comprising: receiving, by a computing system and from a client device, a request for a key (page 2 para 10; the user equipment sending the private key generation request message to the key generation center, ); after confirming authentication of the client device, generating, by the computing system, a first key based at least in part on an identifier of the client [[device]] (Page 10 para 2; private key generation request unit 530, for sending authentication request to the bootstrapping server function unit sends the private key generation request message to the key generation center, so that the key generation centre after receiving said private key generation request message. and returning the shared key after the authentication is passed, the key generating centre generates user private key according to said private key generation request message, returning the user equipment by using the shared key encryption, a decryption unit 560 for receiving the encrypted user private key and decrypts to obtain the private key of the user. page 11 para 5; the private key generation request message is carried with the user ID, private key requirement parameter. ), wherein the first key is a temporary key (page 17 para 3; receiving valid period of said private key returned by said KGC); encrypting, by the computing system, the first key using a shared key, the shared key including a key or key-pair that is shared between the computing system and the client device(Page 10 para 2; the key generating centre generates user private key according to said private key generation request message, returning the user equipment by using the shared key encryption, a decryption unit 560 for receiving the encrypted user private key and decrypts to obtain the private key of the user.); sending, by the computing system, the encrypted first key via a connection that is established between the client device and the computing system; and (Page 10 para 2; the key generating centre generates user private key according to said private key generation request message, returning the user equipment by using the shared key encryption, a decryption unit 560 for receiving the encrypted user private key and decrypts to obtain the private key of the user.), HAO does not exclusively but TANJI teaches, generating, a first key based at least in part on an identifier of the client device (0033] an apparatus key generation unit to generate a communication apparatus key corresponding to the communication apparatus identifier using the communication apparatus identifier included in the key request, and to generate a terminal apparatus key corresponding to the terminal apparatus identifier using the terminal apparatus identifier included in the key request;). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO’s method with teaching of TANJI in order to a technique for sharing a key(TANJI [0001]) HAO in view of TANJI do not but ZHANG teaches after receiving, from the client device, first data that has been encrypted using the first key, sending, by the computing system, the encrypted first data to one of the external network or a first network device over the external network (Page 9 para3/claim 8; wherein the user authentication is passed, the mobile device encrypts the device data, and the encrypted device data is transmitted to the cloud protection centre, comprising the following steps: the user authentication, the authentication server using international data encryption algorithm to generate the first key, and the first key broadcast to the current mobile device through the broadcast server; the current mobile device using the first key to encrypt the device data to obtain the encrypted device data, the first key as the attachment of the device data after encryption; the current mobile device passes through the firewall to the encrypted device data is transmitted to the broadcast server of the cloud protection centre). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO in view of TANJI’s method with teaching of ZHANG in order to provide data protection in cloud (ZHANG abstract). With regards to claim 17, HAO in view of TANJI teaches, wherein the identifier of the client device includes one of a media access control ("MAC") address, a serial number, a combination of model number and device number, or an Internet protocol ("IP") address (TANJI [0033] an apparatus key generation unit to generate a communication apparatus key corresponding to the communication apparatus identifier using the communication apparatus identifier includedinthe key request,into generate a terminal apparatus key correspondingtothe terminal apparatus identifier usingthe terminal apparatus identifier included in the key request; ). With regards to claim 18, HAO in view of TANJI teaches, wherein the first data and the second data each includes at least one of textual data, numerical data, alphanumerical data, image data, video data, game data, business data, health data, or personal data (TANJI [0154] The storage unit 220 stores data such as a first manufacturer key 221, a first manufacturer identifier 222, a gateway identifier 223, and a third in-vehicle apparatus identifier 224. A content of each data will be described later. [0155] These pieces of data are major data stored in the storage unit 220. The data stored in the storage unit 220 is managed securely so as not to leak to the outside.). With regards to claim 19, HAO in view of TANJI discloses, storing, by the computing system, one of the first key or the encrypted first key in a secure key storage system of a data storage device, in association with or in relation to the client device (TANJI [0175] The second manufacturer key 321, the second manufacturer identifier 322, and the first in-vehicle apparatus identifier 323 are stored in the auxiliary storage device 203 at the time they are received or generated.) and/or the identifier of the client device, wherein the data storage device is one of a local data storage device, a remote data storage device, or a cloud storage device. Claim(s) 20 is rejected under 35 U.S.C. 103 as being unpatentable over HAO (CN 101459505 A:IDS supplied) in view of TANJI(US 20200220724 A1:IDS supplied) and further in view of Zhang et al(CN 113747431 A) and further in view of Khatri et al(US 20230239280 A1) With regards to claim 20, HAO in view of TANJI and ZHANG do not but Khatri teaches, in response to a determination or an indication that the client device has either lost connection to the computing system or lost power, causing, by the computing system, the first key to be invalidated or to expire (0012] In general, embodiments of the invention relate to a method and system for managing a storage system. Currently there are a few methods to manage drives by hardware resource manager. In one or more embodiments, the hardware resource manager stores key storage policies that specify whether a security key is to be stored. The security key may be obtained from a key management service (KMS), which may be an external entity that manages the security keys used to either secure (e.g., prevent access to) data in the storage devices of the storage system or to access (e.g., unlock) the data. The hardware resource manager may be, for example, a baseboard management controller (BMC), which in turn use the key(s) to protect the SEDs connected to it. The protection may be performed using encryption algorithms applied to the data in the SEDs. The key storage policy may specify policies for obtaining the security key and determining whether to store the security key for future use and/or when to delete the security key. The key storage policy may be determined by an administrator of the storage system. [0013] Embodiments of the invention include a method for initiating a boot-up of the hardware resource manager to determine whether communication with the KMS is intact. The hardware resource manager may further utilize key purge policies to determine a period of time, after a lost connection to the KMS, for storing the security key before deleting it (or purging it). The key purge policies may specify the time period as a combination of a synchronized real-time timer and a count-down timer. The synchronized real-time timer may utilize a point in time (e.g., a date and time) to determine when to purge the security key. Further, a count-down timer may initiate a specified period of time that counts down in response to detecting the lost connection.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO in view of TANJI and ZHANG’s method with teaching of Khatri in order to provide insurance in such a way that an adversary cannot steal the data even if they get access to the drives (Khatri [0001]). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 12244695 B2, US 20250030672 A1 Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987. The examiner can normally be reached 8.30 to 430 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 1-571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498
Read full office action

Prosecution Timeline

Dec 02, 2024
Application Filed
Jul 10, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683763
COMPUTER-BASED SYSTEMS CONFIGURED TO SELECT A MONITORED DATA SEGMENTATION AND METHODS OF USE THEREOF
2y 6m to grant Granted Jul 14, 2026
Patent 12682081
KEY DEPRECATION WITHOUT CERTIFICATE REVOCATION
2y 6m to grant Granted Jul 14, 2026
Patent 12682061
MALWARE ANALYSIS CONTINUATION SYSTEM AND MALWARE ANALYSIS CONTINUATION METHOD
1y 10m to grant Granted Jul 14, 2026
Patent 12671683
FINGERPRINTING PKI CERTIFICATES BI-DIRECTIONALLY
2y 8m to grant Granted Jun 30, 2026
Patent 12665763
HUB-BASED TOKEN GENERATION AND ENDPOINT SELECTION FOR SECURE CHANNEL ESTABLISHMENT
2y 8m to grant Granted Jun 23, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
87%
Grant Probability
98%
With Interview (+11.0%)
2y 4m (~9m remaining)
Median Time to Grant
Low
PTA Risk
Based on 729 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month