Prosecution Insights
Last updated: July 17, 2026
Application No. 19/283,767

STORING ENCRYPTED DATA FOR ACCESS BY A TRUSTED DEVICE

Final Rejection §103§DOUBLEPATENT
Filed
Jul 29, 2025
Priority
Feb 22, 2022 — provisional 63/312,598 +1 more
Examiner
SIMITOSKI, MICHAEL J
Art Unit
2493
Tech Center
2400 — Computer Networks
Assignee
Journey AI
OA Round
2 (Final)
80%
Grant Probability
Favorable
3-4
OA Rounds
2y 2m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 80% — above average
80%
Career Allowance Rate
624 granted / 778 resolved
+22.2% vs TC avg
Strong +28% interview lift
Without
With
+28.4%
Interview Lift
resolved cases with interview
Typical timeline
3y 2m
Avg Prosecution
21 currently pending
Career history
800
Total Applications
across all art units

Statute-Specific Performance

§101
1.5%
-38.5% vs TC avg
§103
75.6%
+35.6% vs TC avg
§102
3.0%
-37.0% vs TC avg
§112
4.8%
-35.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 778 resolved cases

Office Action

§103 §DOUBLEPATENT
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Claims 1-20 are pending. Response to Arguments Applicant's arguments filed 3/30/2026 have been fully considered but they are not fully persuasive. Applicant’s amendment to the specification is acknowledged. The objection is withdrawn. The Examiner acknowledges Applicant’s request that the double patenting rejection be held in abeyance. Applicant’s remarks (p. 9, regarding rejections under 35 U.S.C. §112) are persuasive. The rejection is withdrawn. Applicant’s remarks (pp. 10-13) argues that the combination of Mehta, Darcy and Subramaniam fails to teach encrypting the modified data into a single encrypted data instance and storing the single encrypted data instance. Mehta, as modified by Subramaniam, lacks encrypting the modified data into a single encrypted data instance and storing the single encrypted data instance. However, Daza teaches that it was known to utilize public key encryption to encrypt data using the public keys of multiple receivers such that the data can be decrypted if at least t receivers cooperate (abstract), including inputting the set of public keys to encrypt the data and a threshold designating the number of cooperating recipients (pp. 5-6, §3) and outputting a single encrypted data instance (ciphertext C) and storing the single encrypted data instance (p. 6, §3). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further modify Mehta to include encrypting the modified data into a single encrypted data instance using both i) the public key of the first device and ii) the public key of the second device; and storing the single encrypted data instance corresponding to the modified data on the storage server to enable a threshold number of users to access the data, as taught by Daza. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 6-10, 14-15 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 2016/0080149 A1 to Mehta et al. (Mehta), in view of US 2013/0138955 A1 to Darcy , US 2020/014527 A1 to Subramaniam and “CCA2-Secure Threshold Broadcast Encryption with Shorter Ciphertexts” by Daza et al. (Daza). Regarding claim 1, Mehta discloses receiving, at a first device (target device receives encrypted key, ¶38), an encrypted private key of a second device encrypted using a public key of the first device (data protection private key is encrypted using target device public key, ¶37), wherein the second device encrypts data into encrypted data using a public key of the second device (content is encrypted with the data protection public key, ¶34) and stored the encrypted data on a storage server (protected content is copied to cloud storage, ¶35); decrypting, by the first device (target device), a private key of the second device (data protection private key) from the encrypted private key of the second device using a private key of the first device (target device retrieves data protection private key using the target device private key, ¶39); accessing, by the first device, the encrypted data on the storage server by utilizing the decrypted private key of the second device (use the data protection private key to retrieve the plaintext content from the protected content by decrypting the encrypted content using the data protection private key, ¶39). Mehta lacks modifying, by the first device, the data accessed from the storage server into modified data; encrypting the modified data and storing the modified data on the storage server. However, Darcy, in an analogous art (document encryption), teaches that it was known to enable leasing of encrypted data in network storage, including a client fetching encrypted data from a remote store, decrypting the encrypted data, modifying the data, re-encrypting the data and re-uploading the encrypted data (¶60). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mehta to include modifying, by the first device, the data accessed from the storage server into modified data and encrypting the modified data and storing the modified data on the storage server. One of ordinary skill in the art would have been motivated to perform such a modification to enable editing of remote data, as taught by Darcy. As modified, Mehta lacks encrypting the modified data with the public key of the first device and the public key of the second device. However, Subramaniam teaches that it was known to share encrypted data with multiple members of a group by encrypting multiple copies of the data using respective public keys of other members (¶174), enabling each member to utilize a private key to access/view the data (¶174). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further modify Mehta such that the modified data is encrypted with the with the public key of the first device and the public key of the second device. One of ordinary skill in the art would have been motivated to perform such a modification to enable access to at least the first (target device) and second devices (originator), as taught by Subramaniam. Mehta, as modified by Subramaniam, lacks encrypting the modified data into a single encrypted data instance and storing the single encrypted data instance. However, Daza teaches that it was known to utilize public key encryption to encrypt data using the public keys of multiple receivers such that the data can be decrypted if at least t receivers cooperate (abstract), including inputting the set of public keys to encrypt the data and a threshold designating the number of cooperating recipients (pp. 5-6, §3) and outputting a single encrypted data instance (ciphertext C) and storing the single encrypted data instance (p. 6, §3). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further modify Mehta to include encrypting the modified data into a single encrypted data instance using both i) the public key of the first device and ii) the public key of the second device; and storing the single encrypted data instance corresponding to the modified data on the storage server. One of ordinary skill in the art would have been motivated to perform such a modification to enable a threshold number of users to access the data, as taught by Daza.1 Regarding claim 14, the claim is similar in scope to claim 1 and is therefore rejected using a similar rationale (Mehta discloses a tangible, non-transitory, computer-readable medium having computer-executable instructions stored thereon that, when executed by a processor on a computer, cause the computer to perform a method, ¶69, ¶¶72-74, ¶76). Regarding claim 20, the claim is similar in scope to claim 1 and is therefore rejected using a similar rationale (Mehta discloses an apparatus, comprising: one or more network interfaces (I/O interfaces, ¶67, ¶70); a processor (¶68) coupled to the one or more network interfaces and configured to execute one or more processes (¶¶67-70); and a memory configured to store a process that is executable by the processor, ¶¶72-74, ¶76). Regarding claims 2 and 15, Mehta discloses encrypting the private key of the first device (data protection private key) with the public key of the second device (data protection private key is encrypted using the target device public key, ¶37); and sending the private key of the first device encrypted with the public key of the second device to the second device (encrypted data protection private key is provided to the target device, ¶38) to enable the second device to use the private key of the second device (target device private key) to decipher the private key of the first device (content protection system of the target device uses the target device private key to retrieve the data protection private key, ¶39). Regarding claims 6 and 17, Mehta discloses wherein each device that needs access to the data on the storage server has a joint private key and a joint public key (each of the computing devices 102, 104 has keys for decryption and encryption, ¶¶25-26, which includes a public/private key pair, ¶29, including data protection public/private key pair, ¶44, ¶51) to use for deciphering and encrypting the data on the storage server (data protection public/private key pair is used for encryption and decryption, ¶36, ¶39). Regarding claim 7, Mehta discloses receiving the joint private key and the joint public key from the second device (data protection public/private key pair is shared between user devices, ¶44, ¶51). Regarding claims 8 and 18, Mehta discloses wherein the first device and the second device belong to a same user (protected content can be transferred to other ones of the user’s devices, ¶10). Regarding claims 9 and 19, Mehta discloses wherein the first device and the second device belong to different owners with established trust (computing devices are other computing devices of the user, or another computing devices that the user has logged into, ¶25; data can be shared among different user identities, ¶42; the techniques discussed herein allow a user to share protected content with other users, ¶¶50-51). Regarding claim 10, Mehta discloses sending the public key of the first device to the second device (data protection public/private key pair is provided to other user devices, ¶51); and receiving the public key of the second device from the second device (public key of the target device is obtained, for example through direct exchange, ¶36). Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Mehta, Darcy, Subramaniam and Daza, as applied to claim 1, in view of US 2017/0337226 A1 to Bliss et al. (Bliss). Regarding claim 4, Mehta, as modified, lacks wherein a notification is sent to the second device when the data is modified by the first device so that the second device may retrieve the modified data from the storage server before the second device remodifies the data. However, Bliss teaches sharing data (data logs) between devices (historian system storing copies of logs and an industrial controller producing data logs, ¶62), where the historian system receives a notification from the controller indicating a new record, ¶¶62-63). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further modify Mehta such that a notification is sent to the second device when the data is modified by the first device so that the second device may retrieve the modified data from the storage server before the second device remodifies the data. One of ordinary skill in the art would have been motivated to perform such a modification to notify the second device that data of interest has been accessed and changed, as taught by Bliss. Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Mehta, Darcy, Subramaniam and Daza, as applied to claim 1, in view of US 2014/0337278 A1 to Barton et al. (Barton). Regarding claim 5, Mehta, as modified, lacks retrieving the data from the storage server before remodifying the data every time the data is remodified. However, Barton, in an analogous art (remote network storage), teaches that it was known for a client-side application (associated with the remote storage system), upon the client attempting to open the content item, to sync with the remote system to retrieve the most recent version of content items (¶39) to reduce the chance of modifying an out-of-date version of a content item (¶37). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further modify Mehta to include retrieving the data from the storage server before remodifying the data every time the data is remodified. One of ordinary skill in the art would have been motivated to perform such a modification to reduce the chance of modifying an out-of-date version of a content item, as taught by Barton. Claims 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Mehta, Darcy, Subramaniam and Daza, as applied to claim 1, in view of US 2016/0342774 A1 to Henkel-Wallace et al. (Henkel-Wallace). Regarding claims 11-12, Mehta discloses communicating the encrypted private key over a wireless communication channel and transferring a key from backup using a QR code (Mehta ¶¶57), but lacks receiving the encrypted private key to the second device using an optical transfer exchange and utilizing a QR code to facilitate the optical transfer exchange. However, Henkel-Wallace teaches that it was known to utilize a QR code to transfer encrypted key information between devices to improve security (¶32). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to further modify Mehta to include receiving the encrypted private key to the second device using an optical transfer exchange and utilizing a QR code to facilitate the optical transfer exchange. One of ordinary skill in the art would have been motivated to perform such a modification to utilize short-range communication to improve security, as taught by Henkel-Wallace. Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Mehta, Darcy, Subramaniam and Daza, as applied to claim 1, in view of US 2012/0331529 A1 to Ibel et al. (Ibel). Regarding claim 13, Mehta lacks receiving a hash of the data from the second device; and providing the hash to the storage server to prove the first device is authorized to modify the data. However, Ibel, in an analogous art (sharing data with a user, ¶59) teaches that it was known to provide a content hash to a storage server to prove access to content (¶59), including generating a hash (generating authorization token, ¶59) and sending the authorization token/hash to a second user (¶60) for inclusion in a request for the content (¶62). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mehta to include receiving a hash of the data from the second device; and providing the hash to the storage server to prove the first device is authorized to modify the data. One of ordinary skill in the art would have been motivated to perform such a modification to restrict downloading of the content to authorized users, as taught by Ibel. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims of U.S. Patent No. 12,375,265, per the correspondence table provided. Claims 1-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims of co-pending Application No. 18/112,946 (reference application), per the correspondence table provided. Although the claims at issue are not identical, they are not patentably distinct from each other because the patent/co-pending claims anticipate the instant claims, where minor changes in wording would have been found to be obvious by a skilled artisan before the effective filing date of the claimed invention. Further, removal of limitations from the patent/co-pending claims would have been considered obvious for reasons of breadth. Additional discussion is provided in the correspondence table. This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented. 19/283,767 12,375,265 18/112,946 1 1 – Note that the claimed “first device” corresponds to the patent’s claimed “second device” and the claimed “second device” corresponds to the patent’s claimed “first device”. The patent claims lack the language “single encrypted data instance”. However, as the claims specify “encrypts the modified data” and “stores the modified data”, a skilled artisan would interpret the claim as referring to a single encrypted data instance. 1 – The co-pending application comprises additional limitations as compared to the patent claim. However, removal of those limitations would have been considered obvious for reasons of breadth. 2 2 3 3 3 4 4 4 5 5 5 6 6 6 7 7 7 8 8 8 9 9 9 10 10 10 11 11 11 12 12 12 13 13 13 14 14 14 - The patent claims lack the language “single encrypted data instance”. However, as the claims specify “encrypts the modified data” and “stores the modified data”, a skilled artisan would interpret the claim as referring to a single encrypted data instance. 15 – The co-pending application comprises additional limitations as compared to the patent claim. However, removal of those limitations would have been considered obvious for reasons of breadth. 15 15 17 16 16 18 17 17 19 18 8 – The instant claim is directed to a non-transitory medium, where the patent claim is directed to a method. However, a skilled artisan would have understood that modifying a method step for performance by a computer using a non-transitory medium storing instructions would have been an obvious variation of the patent claim. 8 – The instant claim is directed to a non-transitory medium, where the co-pending claim is directed to a method. However, a skilled artisan would have understood that modifying a method step for performance by a computer using a non-transitory medium storing instructions would have been an obvious variation of the patent claim. 19 9 – The instant claim is directed to a non-transitory medium, where the patent claim is directed to a method. However, a skilled artisan would have understood that modifying a method step for performance by a computer using a non-transitory medium storing instructions would have been an obvious variation of the patent claim. 9 – The instant claim is directed to a non-transitory medium, where the co-pending claim is directed to a method. However, a skilled artisan would have understood that modifying a method step for performance by a computer using a non-transitory medium storing instructions would have been an obvious variation of the patent claim. 20 18 - The patent claims lack the language “single encrypted data instance”. However, as the claims specify “encrypts the modified data” and “stores the modified data”, a skilled artisan would interpret the claim as referring to a single encrypted data instance. 20 – The co-pending application comprises additional limitations as compared to the patent claim. However, removal of those limitations would have been considered obvious for reasons of breadth. Allowable Subject Matter Claims 3 and 16, assuming any rejections under non-statutory double patenting are overcome, are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The prior art – individually, or in a reasonable combination – fails to teach wherein the second device uses the private key of the second device and the private key of the first device to access the modified data stored on the storage server by the first device, in combination with claims 1 and 2 (claim 3) or in combination with claims 14 and 15 (claim 16). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J SIMITOSKI whose telephone number is (571)272-3841. The examiner can normally be reached Monday - Friday, 7:00-3:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Michael Simitoski/ Primary Examiner, Art Unit 2493 April 10, 2026 1 US 20230308263 A1 (Eldefrawy; Karim) teaches encrypting a message with a first public key and further encrypting the message with a second public key (¶243); US 20090077060 A1 (Sermersheim; James Gerald et al.) teaches doubly encrypting data with both a first and second public key (¶71); US 20190028444 A1 (McClendon; Brian) teaches dual encryption of data based on a first public key and a second public key, necessitating both private keys for decryption (¶15); US 7003667 B1 (Slick; Royce E. et al.) teaches wrapping a symmetric key in multiple public keys (Fig. 5A, 512); US 5790668 A (Tomko; George J.) teaches doubly encrypting a key with multiple public keys (col. 5, lines 54-62); EP 1091285 A2 (IWAMOTO N Y et al.) teaches doubly encrypting data with multiple public keys (claim 1); US 8775800 B2 (Doerner; Robert et al.) teaches encrypting a file with multiple public keys (Fig. 2)
Read full office action

Prosecution Timeline

Jul 29, 2025
Application Filed
Dec 03, 2025
Non-Final Rejection mailed — §103, §DOUBLEPATENT
Mar 30, 2026
Response Filed
Apr 15, 2026
Final Rejection mailed — §103, §DOUBLEPATENT (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12684093
SURVEILLANCE CAMERA SYSTEM
2y 7m to grant Granted Jul 14, 2026
Patent 12682127
DEBUG-PORT CONTROL CIRCUITRY
2y 4m to grant Granted Jul 14, 2026
Patent 12664248
Automatic authentication for user-dependent functionality
3y 0m to grant Granted Jun 23, 2026
Patent 12657279
FIRMWARE AUTHENTICATION
1y 11m to grant Granted Jun 16, 2026
Patent 12647267
ATTRIBUTE-BASED CREDENTIALS FOR RESOURCE ACCESS
2y 0m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
80%
Grant Probability
99%
With Interview (+28.4%)
3y 2m (~2y 2m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 778 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month