Prosecution Insights
Last updated: July 17, 2026
Application No. 19/038,336

SYSTEM FOR AUTHORIZING A SECURE ACCESS FROM A LOCAL DEVICE TO A REMOTE SERVER COMPUTER

Non-Final OA §DP
Filed
Jan 27, 2025
Priority
Feb 03, 2009 — provisional 61/149,501 +21 more
Examiner
MEHEDI, MORSHED
Art Unit
Tech Center
Assignee
Inbay Technologies Inc.
OA Round
1 (Non-Final)
86%
Grant Probability
Favorable
1-2
OA Rounds
1y 2m
Est. Remaining
85%
With Interview

Examiner Intelligence

Grants 86% — above average
86%
Career Allowance Rate
729 granted / 849 resolved
+25.9% vs TC avg
Minimal -1% lift
Without
With
+-0.8%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
24 currently pending
Career history
864
Total Applications
across all art units

Statute-Specific Performance

§101
2.5%
-37.5% vs TC avg
§103
72.1%
+32.1% vs TC avg
§102
4.0%
-36.0% vs TC avg
§112
11.4%
-28.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 849 resolved cases

Office Action

§DP
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. DETAILED ACTION Claims 1-20 are presented for examination. Information Disclosure Statement The information disclosure statement (IDS) submitted on 05/06/2025 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto. Drawings The drawings filed on 01/27/2025 are accepted by the examiner. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). Claims of Patent # 12,212,560, 11716321, 11032269, 10313328, 9736149 contains every element of claims of the instant application. Claims of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting. A later patent claim is not patentably distinct from an earlier claim if the later claim is anticipated by the earlier claim. See the claim comparison below. “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001). Furthermore, if allowed, would improperly extend the "right to exclude" already granted in the patent. A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. Claim Comparison Instant Application # 19/038336 US Patent # 12,212,560 1. A system for authorizing a secure access from a local device to a remote server computer, comprising: a remote server computer at the remote network location; and the local device, having a unique identifier (UID), a memory, and a processor: causing a security software to obtain a personal identification number (PIN) of a user, and the UID of the local device; verifying an authenticity of the PIN and the UID, without communicating over a network, and using a credential code generated using the PIN, the UID and the security software; retrieving access credentials to the remote server computer upon verifying the authenticity of the PIN and the UID; and authorizing the secure access to the remote server computer using the retrieved access credentials, the remote server computer having a copy of the security software, the PIN, the UID and the credential code. 2. The system of claim 1, wherein the processor is caused to: obtain a Quick Response, QR, code, from the remote server computer; and scan the QR code into the local device. 3. The system of claim 1, wherein the remote server computer is an email server. 4. The server of claim 1, wherein the local device is one of the following: a computing device, comprising a processor; or a portable device having a memory, the portable device being different from the computing device, and being operably coupled to the computing device. 5. The system of claim 1, wherein the local device is a mobile wireless device. 6. The system of claim 1, wherein the processor is further caused to forward the retrieved access credentials to the remote server computer. 7. The system of claim 1, wherein the processor is further caused to perform a transaction authorization. 8. The system of claim 1 further comprising: an authorization server configured to: send a transaction authorization request including the credential code from the authorization server to the local device; wherein the local device is configured to: generate a transaction authorization response using the credential code; and send the transaction authorization response from the local device to a transaction server. 9. The system of claim 8 wherein the local device is configured to send the transaction authorization response to the transaction server over a transaction authorization channel. 10. The system of claim 8 wherein: the local device is configured to send the transaction authorization response to the authorization server; and the authorization server is configured to send the transaction authorization response to the transaction server. 11. The system of claim 8 wherein the local device is configured to send the transaction authorization response to the authorization server over a transaction authorization channel. 12. The system of claim 8 wherein the authorization server is configured to send the transaction authorization response to the transaction server over a service channel. 13. The system of claim 8, further comprising a user terminal configured to send a transaction request to the transaction server; and wherein the transaction server is configured to send the transaction authorization response to the user terminal. 14. The system of claim 13 wherein the user terminal is configured to send the transaction request to the transaction server over a transaction channel. 15. The system of claim 13 wherein the transaction server is configured to send the transaction authorization response to the user terminal over a transaction channel. 16. The system of claim 8 wherein the local device is configured to send a pre-authorization condition to the authorization server. 17. The system of claim 1, wherein the processor is further caused to: establish a connection to an authorization server including: establishing a transaction channel, and establishing a transaction notification channel; authorize a user to access a service on a transaction server, using a client program executing on the local device and a server program executing on the authorization server. 18. The system of claim 17, wherein the processor is further caused to: authorize a transaction using the local device; perform the transaction; and close the connection to the authorization server. 19. The system of claim 1, wherein the remote server computer is a third party server computer. 20. The system of claim 1, further comprising a database stored in a memory device at the remote server computer for storing the UID of the local device. 1. A method for authorizing a secure access from a local device to a remote server computer, the method comprising: at the local device, having a unique identifier (UID), a processor, and a memory: causing a security software to obtain a personal identification number (PIN) of a user, and the UID of the local device; verifying an authenticity of the PIN and the UID, without communicating over a network, using a credential code generated using the PIN, the UID and the security software; retrieving access credentials to the remote server computer upon verifying the authenticity of the PIN and the UID; and authorizing the secure access to the remote server computer using the retrieved access credentials, the remote server computer having a copy of the security software, the PIN, the UID and the credential code. 2. The method of claim 1 further comprising: obtaining a Quick Response, QR, code from the remote server computer; and scanning the QR code into the local device. 3. The method of claim 1 wherein the authorizing secure access comprises authorizing access to an email server. 4. The method of claim 1, comprising choosing the local device as one of the following: a computing device, comprising a processor; or a portable device having a memory, the portable device being different from the computing device, and being operably coupled to the computing device. 5. The method of claim 1, comprising choosing a mobile wireless device as the local device. 6. The method of claim 1, wherein the retrieving further comprises forwarding the retrieved access credentials to the remote server computer. 7. The method of claim 1, wherein the authorizing the secure access further comprises performing a transaction authorization. 8. The method of claim 7, wherein the performing a transaction authorization further comprises: sending a transaction authorization request including the credential code from an authorization server to the local device; at the local device, generating a transaction authorization response using the credential code; and sending the transaction authorization response from the local device to a transaction server. 9. The method of claim 8, wherein the sending comprises sending the transaction authorization response from the local device to the transaction server over a transaction authorization channel. 10. The method of claim 8, wherein the sending further comprises: sending the transaction authorization response from the local device to the authorization server; and sending the transaction authorization response from the authorization server to the transaction server. 11. The method of claim 8, wherein the sending further comprises sending the transaction authorization response from the local device to the authorization server over a transaction authorization channel. 12. The method of claim 8 wherein the sending further comprises sending the transaction authorization response from the authorization server to the transaction server over a service channel. 13. The method of claim 8, further comprising sending a transaction request from a user terminal to the transaction server; and sending the transaction authorization response from the transaction server to the user terminal. 14. The method of claim 13, wherein the sending the transaction request comprises sending the transaction request over a transaction channel. 15. The method of claim 13, wherein the sending the transaction authorization response comprises sending the transaction authorization response over a transaction channel. 16. The method of claim 8, further comprising sending a pre-authorization condition from the local device to the authorization server. 17. The method of claim 1, further comprising: establishing a connection to an authorization server comprising: establishing a transaction channel, and establishing a transaction notification channel; and authorizing a user to access a service on a transaction server, using a client program executing on the local device and a server program executing on the authorization server. 18. The method of claim 17, further comprising: authorizing a transaction using the local device; performing the transaction; and closing the connection to the authorization server. 19. The method of claim 1, wherein the remote server computer is a third party server computer. 20. The method of claim 1, further comprising storing the UID of the local device in a database. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US Pub. No. 2009/0313691 (Chien), “a system includes the steps of adding a virtual local network label to the access request via the virtual private network gateway, authorizing the access request to access a corresponding virtual private network if the access request passes the identity verification, and identifying the virtual private network in response to the access request according to the virtual local network label, thereby enabling the access request to log on the virtual private network for performing access. Further, the system is applicable to a virtual private network architecture according to the present invention are characterized by adopting OTP dynamic password technique integrated with virtual private network gateway technique to verify subscriber identity of an access request for accessing a virtual private network. Since the most important advantage of the dynamic password is using a randomly generated password which is randomly generated for each instance, and also the password is used once only. Therefore, even an unauthorized person intercepts a one-time password, the one-time password cannot be applied to the next instance of logging on. Accordingly, the aforesaid identity verification system and method applicable to a virtual private network architecture according to the present invention are capable of enhancing access security of remote network and providing subscriber connection convenience”. US Publication No. 2008/0212771 (Hauser), “a system for authenticating a user using a communication terminal to access the server via a telecommunications network. Further, the system includes a personal identification code is received from the user; a data set is generated from secure session establishment protocol messages exchanged between the communication terminal and the server; a transaction authentication number is generated based on the data set, using the personal identification code; the transaction authentication number is transmitted from the communication terminal to the server; and, in the server, the transaction authentication number (and thus the user) is verified based on the secure session establishment protocol messages exchanged with the communication terminal. For example, the data set is generated in the communication terminal as a hash value from the secure session establishment protocol messages exchanged. It must be emphasized, that the transaction authentication number described herein is used as a session authentication number or session authentication code in the context of this invention; in some embodiments, the transaction authentication number is represented by a digital data set, i.e. a digital transaction authentication number. Generating the transaction authentication number based on the personal identification code and the secure session establishment protocol messages exchanged between the communication terminal and the server enables session aware user authentication that protects efficiently online users against real-time man-in-the-middle attacks”. US Publication No. 2008/0059804 (Shah et al.), “a system for password management and SSO access based on trusted computing technology. Further, the system implements the TCG's TPM, which interacts with both proxy SSO unit and web-accessing applications to provide a secure, trusted mechanism to generate, store, and retrieve passwords and SSO credentials. The various embodiments allow a user to hop securely and transparently from one site to another that belong to a pre-identified group of sites, after signing on just once to a secured proxy residing on the user's device. After the user signs on to a mobile device, the proxy SSO unit residing on the device intercepts the applications that attempt to access secure sites belonging to an enrolled group, and uses the per-site secure password that is generated and held protected by the TPM to sign-on to individual sites within the group. The proxy SSO unit, which may be implemented in hardware or software, is also protected for its integrity by the TPM. This provides a high level of trust for the process of using a SSO to different sites via the TPM-generated randomized passwords that the user does not have to remember or store separately”. US Publication No. 2006/0041933 (Yakov), “a system for providing SSO authentication when accessing non-SSO-compliant applications, the system includes forwarding a user name and a password received from a non-SSO-compliant application to an SSO proxy, encapsulating the user name and password in a request to access a protected application, authenticating the user name and password responsive to the request using SSO authentication, and generating an SSO token if the authentication step is successful”. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MORSHED MEHEDI whose telephone number is (571) 270-7640. The examiner can normally be reached on M - F, 8:00 am to 4:00 pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Linglan Edwards can be reach on (571) 270-5440. The fax number for the organization where this application or proceeding is assigned is (571) 273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from their Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (In USA or Canada) or 571-272-1000. /MORSHED MEHEDI/Primary Examiner, Art Unit 2408
Read full office action

Prosecution Timeline

Jan 27, 2025
Application Filed
Jun 11, 2026
Non-Final Rejection mailed — §DP (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670295
DATA DE-IDENTIFICATION
2y 3m to grant Granted Jun 30, 2026
Patent 12659048
Operating a Layered Quantum Networking Environment with Fidelity Estimates
2y 6m to grant Granted Jun 16, 2026
Patent 12659738
GENERATING AN AUTHENTICATION TOKEN
2y 5m to grant Granted Jun 16, 2026
Patent 12659147
DATA OWNER DEVICE AND ITS DATA MANAGEMENT METHOD FOR USER-CENTRIC DATA MANAGEMENT THROUGH AUTHENTICATION AND KEY AGREEMENT BASED ON SINGLE AGGREGATE KEY
2y 2m to grant Granted Jun 16, 2026
Patent 12652159
SERVICE PROVISION METHODS, DEVICES, ELECTRONIC EQUIPMENT AND MEDIA FOR LARGE MODEL SCENES
1y 11m to grant Granted Jun 09, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
86%
Grant Probability
85%
With Interview (-0.8%)
2y 7m (~1y 2m remaining)
Median Time to Grant
Low
PTA Risk
Based on 849 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month