Prosecution Insights
Last updated: July 17, 2026
Application No. 19/001,241

SECURITY IMPLEMENTATION METHOD AND APPARATUS, AND SYSTEM, COMMUNICATION DEVICE, CHIP AND STORAGE MEDIUM

Non-Final OA §101§102§103§112
Filed
Dec 24, 2024
Priority
Jun 30, 2022 — continuation of PCTCN2022102893
Examiner
WADE-WRIGHT, SHAQUEAL D
Art Unit
2407
Tech Center
2400 — Computer Networks
Assignee
Guangdong OPPO Mobile Telecommunications Corp., Ltd.
OA Round
1 (Non-Final)
85%
Grant Probability
Favorable
1-2
OA Rounds
9m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 85% — above average
85%
Career Allowance Rate
386 granted / 454 resolved
+27.0% vs TC avg
Strong +18% interview lift
Without
With
+18.2%
Interview Lift
resolved cases with interview
Typical timeline
2y 4m
Avg Prosecution
18 currently pending
Career history
466
Total Applications
across all art units

Statute-Specific Performance

§101
6.5%
-33.5% vs TC avg
§103
76.7%
+36.7% vs TC avg
§102
1.2%
-38.8% vs TC avg
§112
9.4%
-30.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 454 resolved cases

Office Action

§101 §102 §103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statements (IDS) submitted on 12/24/2024 and 05/22/2026 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner. Claim Objections Claims 8 and 9 are objected to because of the following informalities: The suggest amending the misspelled word “wherin” to recite “wherein”. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 2, 9, 13-14 and 16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 2 recites the limitation “a second digital signature”, however the claim or claim set does not recite a “first digital signature” and therefore the claim limitation is unclear. Claim 9 use the term “and/or”. This term renders the scope of the claim language unclear because it is not clear whether all of the limitations are required or not, in order to fall within the scope of the claim. The use of "and" in the language would require all the limitations to be present in order to fall within the scope of the claim language. The use of "or" in the language would only require one of the limitations to be present in order to fall within the scope of the claim language. The use of "and/or" makes the applicants intended scope unclear because one of ordinary skill in the art would be unable to determine whether or not all of the listed limitations are required or not. Therefore, the claims are rejected for failing to specifically point out and distinctly claim the subject matter which the inventors regard as the invention. Claims 11 and 13 recites the limitation “a fourth digital signature”, however the claim or claim set does not recite a “third digital signature” and therefore the claim limitation is unclear. Claim 16 recites the limitation “a fourth verification information”, however the claim or claim set does not recite a first through third verification information and therefore the claim limitation is unclear. Claims 9 and 14 recites the limitation "the blockchain system" in line 5. There is insufficient antecedent basis for this limitation in the claim. For examination purposed the limitation is considered as a blockchain system. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. Claim 1 recites receiving first request information…, and generating the first credential. Claim 7 recites the sending first request information. Claim 13 recites receiving fourth digital signature…, acquiring a first credential…, and verifying an identity. The limitation of receiving first request information as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “an issuing node” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “issuing node” language, “receiving” in the context of this claim encompasses the user manually receiving data. Similarly, the limitations of generating the first credential, sending first request information, receiving fourth digital signature, acquiring a first credential and verifying an identity, as drafted, are processes that, under its broadest reasonable interpretation, covers performance of the limitations in the mind but for the recitation of generic computer components. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. This judicial exception is not integrated into a practical application. In particular, the claims only recites additional element – using an issuing node, a first node and a second node to perform the steps. The nodes are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function), such that they amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, these additional elements does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible. Independent claims 18-20 includes limitations similar to the limitations of independent claims 1, 7 & 13 and rejected under 3 USC 101 for being directed to abstract idea for similar reasons as discussed above with respect to independent claim 1, 7 & 13. Dependent claims 2-6, 8-11 and 14-17 do not cure the deficiency of the independent claims and are rejected under 35 USC 101 for being directed to abstract idea. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 7-11 and 19 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Nossier et al. (US Pub No. 2021/0152365). Regarding independent claim 7, Nossier teaches a security implementation method, comprising: sending, by a first user node, first request information to an issuing node, the first request information being used to request a first credential, wherein the first credential is used to verify an identity of the first user node (Nossier, page 1, paragraph 0004, page 7, paragraph 0066 and page 10, paragraph 0088; communication device send request to issuer node to issue credential). Regarding claim 8, Nossier teaches the method wherein the first request information comprises at least one of: identification information of the first user node; a public key of the first user node; first service identification information, wherin the first service identification information is used to indicate a service type supported by the first user node; first data identification information, wherein the first data identification information is used to indicate a data type supported by the first user node; or a first digital signature, wherein the first digital signature is obtained by signing other information in the first request information according to a private key of the first user node (Nossier, page 1, paragraph 0004, page 7, paragraph 0066 and page 10, paragraph 0088; communication device public key). Regarding claim 9, Nossier teaches the method further comprising: receiving, by the first user node, the first credential and/or storage location information sent by the issuing node, wherin the storage location information is used to indicate a storage location of the first credential in a block of the blockchain system (Nossier, page 8, paragraphs 0071-0072 and page 10, paragraph 0088; block identifier). Regarding claim 10, Nossier teaches the method further comprising: sending, by the first user node, second request information to a blockchain node, wherein the second request information is used for requesting to store the first credential; wherein the first credential comprises at least one of following information: identification information of the first user node; a public key of the first user node; first service identification information, wherein the first service identification information is used to indicate a service type supported by the first user node; first data identification information, wherein the first data identification information is used to indicate a data type supported by the first user node; a revocation factor, wherein the revocation factor is used to prove whether the first credential is revoked; identification information of the issuing node; a public key of the issuing node; or a second digital signature, wherein the second digital signature is obtained by signing other information in the first credential based on a private key of the issuing node (Nossier, page 7, paragraph 0066 and page 8, paragraph 0072). Regarding claim 11, Nossier teaches the method further comprising: sending, by the first user node, a fourth digital signature to a third user node, wherein the fourth digital signature is used by the third user node to verify an identity of the first user node (Nossier, page 8, paragraphs 0073-0077 and page 10, paragraph 0090; verification node verifies credential from communication node). Regarding independent claim 19, Nossier teaches communication device, comprising a processor and a memory, wherein the memory is configured to store a computer program, and the processor is configured to call and run the computer program stored in the memory, so as to perform the method according to claim 7 (Nossier, page 11, paragraph 0092; see above for claim 7 rejection). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-5, 13-16, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Nossier et al. (US Pub No. 2021/0152365) in view of GUO et al. (US Pub No. 2020/0382326). Regarding independent claim 1, Nossier teaches a security implementation method, comprising: receiving, by an issuing node, first request information sent by a first user node, the first request information being used to request a first credential, wherein the first credential is used to verify an identity of the first user node (Nossier, page 1, paragraph 0004, page 7, paragraphs 0066-0068 and page 10, paragraph 0088; communication device send request to issuer node to issue credential); and generating, by the issuing node, the first credential in response to the first request information (Nossier, page 1, paragraph 0004, page 7, paragraphs 0066-0068 and page 10, paragraph 0088; issuer node generates credential). Nossier does not explicitly teach in a case where the issuing node has a first authority, wherein the first authority refers to an authority capable of generating a credential, and the first authority is jointly granted to the issuing node by a plurality of committee node. GUO teaches in a case where the issuing node has a first authority, wherein the first authority refers to an authority capable of generating a credential, and the first authority is jointly granted to the issuing node by a plurality of committee node (GUO, page 5, paragraphs 0056-0058 & 0062; authentication center, authoritative and impartial computer; consensus authentication centers). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Nossier with the teachings of GUO for consensus within the blockchain network to provide the advantage of improving digital certificate verification (GUO, page 1, paragraphs 0003-0004). Regarding claim 2, Nossier in view of GUO teaches the method wherein the first credential comprises at least one of following information: identification information of the first user node; a public key of the first user node; first service identification information, wherein the first service identification information is used to indicate a service type supported by the first user node; first data identification information, wherein the first data identification information is used to indicate a data type supported by the first user node; a revocation factor, wherein the revocation factor is used to prove whether the first credential is revoked; identification information of the issuing node; a public key of the issuing node; or a second digital signature; wherein the second digital signature is obtained by signing other information in the first credential based on a private key of the issuing node (Nossier, page 1, paragraph 0004, page 7, paragraph 0066 and page 10, paragraph 0088). Regarding claim 3, Nossier in view of GUO teaches the method wherein the issuing node is a node in a blockchain system (Nossier, page 4, paragraph 0041), and the method further comprises: sending, by the issuing node, second request information to other blockchain nodes in the blockchain system, wherein the second request information comprises the first credential, and the second request information is used to request that the first credential be stored in a block of the blockchain system (Nossier, page 8, paragraph 0070; issuer node send notification to verification node including a record with the data payload of the credentials and any signatures). Regarding claim 4, Nossier in view of GUO teaches the method wherein the second request information further comprises a second credential, and the second credential is used to verify whether the issuing node has the first authority (Nossier, page 8, paragraph 0070; any signatures). Regarding claim 5, Nossier in view of GUO teaches the method wherein the second credential comprises at least one of following information: identification information of the issuing node; a public key of the issuing node; second data identification information, wherein the second data identification information is used to indicate a data type supported by the issuing node; second service identification information, wherein the second service identification information is used to indicate a service type supported by the issuing node; a joint public key, wherein the joint public key is jointly generated by the plurality of committee nodes based on private key sharding of the plurality of committee nodes; identification information of each committee node of the plurality of committee nodes; or a third digital signature, wherein the third digital signature is obtained through a joint signature of the multiple committee nodes (Nossier, page 8, paragraph 0070; any signatures). Regarding independent claim 13, Nossier teaches a security implementation method, comprising: receiving, by a third user node, fourth digital signature sent by a first user node (Nossier, page 8, paragraphs 0073-0077 and page 10, paragraph 0090; verification node receives communication device signature and credential); acquiring, by the third user node, a first credential of the first user node, wherein the first credential is generated by an issuing node (Nossier, page 8, paragraphs 0073-0077 and page 10, paragraph 0090; verification node receives communication device signature and credential); and verifying, by the third user node, an identity of the first user node based on the first credential and the fourth digital signature (Nossier, page 8, paragraphs 0073-0077 and page 10, paragraph 0090; verification node verifies credential from communication). Nossier does not explicitly teach an issuing node with a first authority, wherein the first authority refers to an authority capable of generating a credential, and the first authority is jointly granted to the issuing node by a plurality of committee node. GUO teaches an issuing node with a first authority, wherein the first authority refers to an authority capable of generating a credential, and the first authority is jointly granted to the issuing node by a plurality of committee node (GUO, page 5, paragraphs 0056-0058 & 0062; authentication center, authoritative and impartial computer; consensus authentication centers). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Nossier with the teachings of GUO for consensus within the blockchain network to provide the advantage of improving digital certificate verification (GUO, page 1, paragraphs 0003-0004). Regarding claim 14, Nossier in view of GUO teaches the method wherein the acquiring, by the third user node, the first credential of the first user node comprises: receiving, by the third user node, storage location information sent by the first user node, wherein the storage location information is used to indicate a storage location of the first credential of the first user node in a block of the blockchain system; and acquiring, by the third user node, the first credential from the block based on the storage location information (Nossier, page 8, paragraphs 0071-0072 and page 10, paragraph 0090; block identifier). Regarding claim 15, Nossier in view of GUO teaches the method wherein the fourth digital signature is obtained by performing, based on a private key of the first user node, a signature operation on at least one of: identification information of the first user node; a public key of the first user node; first service identification information, wherein the first service identification information is used to indicate a service type supported by the first user node; first data identification information, wherein the first data identification information is used to indicate a data type supported by the first user node; or the first credential (Nossier, page 8, paragraphs 073-0074; communication device signature based on private key). Regarding claim 16, Nossier in view of GUO teaches the method wherein the verifying, by the third user node, the identity of the first user node based on the first credential and the fourth digital signature comprises: acquiring, by the third user node, a public key of the first user node in the first credential; verifying, by the third user node, the fourth digital signature based on the public key of the first user node to obtain a fourth verification information; and verifying, by the third user node, the identity of the first user node based on the fourth verification information (Nossier, page 8, paragraphs 0075-0077; verifying communication device signature and credentials by verification node). Regarding independent claim 18, Nossier teaches communication device, comprising a processor and a memory, wherein the memory is configured to store a computer program, and the processor is configured to call and run the computer program stored in the memory, so as to perform the method according to claim 1 (Nossier, page 11, paragraph 0092; see above for claim 1 rejection). Regarding independent claim 20, Nossier teaches communication device, comprising a processor and a memory, wherein the memory is configured to store a computer program, and the processor is configured to call and run the computer program stored in the memory, so as to perform the method according to claim 13 (Nossier, page 11, paragraph 0092; see above for claim 13 rejection). Allowable Subject Matter Claims 6, 12 and 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Examiner’s Statement for Indicating Allowable Subject Matter The following is a statement of reasons for the indication of allowable subject matter: The prior art Sheikh et al. (US Patent No. 12,462,295) discloses the bloom tree structure is like the known Merkle tree used for bandwidth-efficient and secure verification of the presence of a given transaction in a decentralized system. In an example, Merkle tree is a binary tree in which all leaf nodes (that are transactions such as T.sub.1, T.sub.2, T.sub.3 to T.sub.8) are associated with a hash (such as H.sub.1, H.sub.2, H.sub.3 to H.sub.8), and all none-leaf nodes are associated with a hash (such as H.sub.1,2, H.sub.3,4, H.sub.5,6, H.sub.6,7, H.sub.1,2,3,4 and H.sub.5,6,7,8), that is formed from the hashes of its child nodes. Moreover, a root hash of the Merkle tree is obtained by hashing the non-leaf nodes (such as H.sub.1,2,3,4, and H.sub.5,6,7,8). To verify that a single transaction is present in the Merkle tree, a series of hashes are provided, which when are hashed with the transaction hash (e.g., a hash of transaction ID), a root hash of the Merkle tree is recreated. Moreover, this series of hashes is also known as a Merkle proof (Sheikh, column 9, lines 28-51 and claim 1), however, the prior art taken alone or in combination does not teach or suggest “constructing, by the issuing node, a Merkle tree based on a credential corresponding to at least one second user node, wherein a value of each leaf node in the Merkle tree is determined based on a credential corresponding to each second user node in the at least one second user node, the at least one second user node is a user node whose credential is not revoked among the plurality of user nodes, and the at least one second user node comprises the first user node; and sending, by the issuing node, reference information to the first user node, wherein the reference information comprises a first value and a second value, the first value is a value of a leaf node adjacent to a leaf node corresponding to the first user node in the Merkle tree, and the second value is a value of a remaining non-leaf node in the Merkle tree except non-leaf nodes to which the leaf node corresponding to the first user node belongs” (as recited in claim 6 and similarly in claims 12 & 17), in combination with the remaining claim limitations. Prior Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Wang et al. (US Patent No. 12,580,781). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357. The examiner can normally be reached M-F 8:00-5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SHAQUEAL D WADE-WRIGHT/Primary Examiner, Art Unit 2407
Read full office action

Prosecution Timeline

Dec 24, 2024
Application Filed
Jun 03, 2026
Non-Final Rejection mailed — §101, §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12675587
SYMMETRIC AND ASYMMETRIC ENCRYPTION OF RECORDED DATA
2y 7m to grant Granted Jul 07, 2026
Patent 12665743
SYSTEMS AND METHODS FOR SECURE MULTI-PARTY COMPUTATION PROTOCOL EXECUTION USING CHECK POINTS
2y 9m to grant Granted Jun 23, 2026
Patent 12665756
JUST-IN-TIME POST-QUANTUM CRYPTOGRAPHY (PQC) KEY EXPANSION
3y 1m to grant Granted Jun 23, 2026
Patent 12664259
SCALAR MASKING COUNTERMEASURE
2y 4m to grant Granted Jun 23, 2026
Patent 12664282
CERTIFICATE UPDATE METHOD AND CERTIFICATE UPDATE SYSTEM OF DEVICE DRIVING THE SAME
2y 9m to grant Granted Jun 23, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
85%
Grant Probability
99%
With Interview (+18.2%)
2y 4m (~9m remaining)
Median Time to Grant
Low
PTA Risk
Based on 454 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month