Prosecution Insights
Last updated: July 17, 2026
Application No. 17/413,441

PROVISIONING INITIATED FROM A CONTACTLESS DEVICE

Non-Final OA §102§103§112
Filed
Jun 11, 2021
Priority
Dec 12, 2018 — nonprovisional of PCTUS2018065239
Examiner
LOPEZ, MIGUEL ALEXANDER
Art Unit
2496
Tech Center
2400 — Computer Networks
Assignee
Visa International Service Association
OA Round
6 (Non-Final)
8%
Grant Probability
At Risk
6-7
OA Rounds
0m
Est. Remaining
20%
With Interview

Examiner Intelligence

Grants only 8% of cases
8%
Career Allowance Rate
2 granted / 26 resolved
-50.3% vs TC avg
Moderate +12% lift
Without
With
+12.5%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
26 currently pending
Career history
60
Total Applications
across all art units

Statute-Specific Performance

§101
0.4%
-39.6% vs TC avg
§103
73.1%
+33.1% vs TC avg
§102
18.9%
-21.1% vs TC avg
§112
4.9%
-35.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 26 resolved cases

Office Action

§102 §103 §112
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496 DETAILED ACTION The Non-Final Rejection mailed on 03/04/2026 has been vacated and replaced with this Non-Final Rejection. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/08/2025 has been entered. Response to Arguments Applicant's arguments, see page 9, filed 12/08/2025, with respect to the rejection of claims 1, 4-5, 7-10, 12-13, 16-18, 20, and 22-26 under 35 U.S.C. § 112(a) have been fully considered but they are not persuasive. Applicant attests that the amended claims obviates the previously presented issues. The Examiner respectfully disagrees. The claims, as currently amended, still contain the limitation “wherein the dynamic data element is configured to change for each initialization request message”. The originally filed disclosure is not commensurate with the claimed dynamic data element itself being “configured to change” as still claimed as described in the Final Rejection mailed 10/08/2025. Applicant's arguments, see page 9, filed 12/08/2025, with respect to the rejection of claims 1, 4-5, 7-10, 12-13, 16-18, 20, and 22-26 under 35 U.S.C. § 112(b) have been fully considered but they are not persuasive. Applicant attests that the amended claims obviates the previously presented issues. The Examiner respectfully disagrees. The claims, as currently amended, still contain the limitation “wherein the dynamic data element is configured to change for each initialization request message”. The limitation is indefinite because it is currently unclear what the still claimed “for each initialization request” is referring to, since the claims previously recite “an initialization request message”, not “requests” plural. Therefore, there is insufficient antecedent basis for this limitation in the claim. Applicant's arguments, see pages 9-12, filed 12/08/2025, with respect to the rejection of claims 1, 4-5, 7-10, 12-13, 16-18, and 22-26 under 35 U.S.C. § 102(a)(2) have been fully considered but they are not persuasive. Applicant first attests that Oosthuizen does not teach a communication device receiving a dynamic data element from the server computer. The Examiner respectfully disagrees. Oosthuizen explicitly discloses the claim limitation “receiving, by the communication device in response to the initialization request message to provision access data to the digital wallet application, a dynamic data element from the server computer” in Figure 3 and paragraphs [0090] and [0109-0112] as mapped in the Final Rejection mailed 10/08/2025. Oosthuizen Fig. 1 and paragraphs [0109-0112] describe a user conducting a transaction such as a financial transaction utilizing a communication device and a portable credential device, and further explicitly discloses, “The remote server (102) may transmit (306) an association verification request message to the communication device (104). The association verification request message may request that the user verify an association between the application and the user. The association verification request message may include a set of data elements usable for generating a token and/or a cryptograph included in the token”. Furthermore, the disclosed token is dynamic as it may include a cryptograph that “may serve to prevent replay of the token and may for example include a set of data elements (e.g. a nonce) which have been signed by the portable credential device. The set of data elements may include a random number received from the server or the like. In some cases, the data elements may include the device identifier and a time stamp” as in paragraph [0090] of Oosthuizen, therefore anticipating the broadest reasonable interpretation (BRI) of the claim limitation at issue. Applicant next argues that Oosthuizen does not teach the communication device receiving access data wherein in response to receiving the access data the communication device is configured to conduct transactions. The Examiner respectfully disagrees. In the Final Rejection mailed 10/08/2025, this claim limitation was explicitly mapped to Oosthuizen paragraphs [0122], [0067-0069], and [0075]. Paragraph [0122] explicitly discloses that the remote server transmits to the communication device verification/authorization; paragraphs [0067-0069] and [0075] then explicitly disclose that a user may use the communication device “to transact against or otherwise interact with the user account (114) using the communication device (104)”, therefore anticipating the broadest reasonable interpretation (BRI) of the claim limitation at issue. Applicant finally attests that Oosthuizen does not teach newly amended claim limitations. Since applicant does not give any further explanation as to how the previously cited art differentiates from the claimed invention other than repeating the amendments made to the claim and making the conclusory statement that the prior art does not allegedly teach the claim limitations, the examiner defers to the rejection below as a response to this argument. Applicant's arguments, see pages 12-13, filed 12/08/2025, with respect to the rejection of claim 20 under 35 U.S.C. § 103 have been fully considered but they are not persuasive. Since applicant does not give any further explanation as to how the previously cited art differentiates from the claimed invention other than asserting dependence upon an allegedly allowable claim, the examiner defers to the rejection below as a response to this argument. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1, 4-5, 7-10, 12-13, 16-18, 20, and 22-26 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Regarding Claims 1, 10, and 18: Amended independent claims 1, 10, and 18 recite “wherein the dynamic data element is configured to change for each initialization request message”. The originally filed disclosure is silent with regard to how the inventor intended to achieve the claimed function of having data elements, which comprise plain data (e.g. random number, time, date, etc.), being configured to change. Paragraph [0063] of the originally filed disclosure recites “The dynamic data element generation module 105D-4 may comprise code that causes the processor 105A to generate a dynamic data element such as a random number, time and/or date, etc. In some embodiments, one or more dynamic data elements may be used as input data for a cryptogram” (emphasis added). The “dynamic data element generation module” disclosed is responsible to generate a “dynamic data element” as claimed, but the originally filed disclosure is not commensurate with the claimed dynamic data element itself being “configured to change” as now claimed. The dependent claims fall together accordingly. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1, 4-5, 7-10, 12-13, 16-18, 20, and 22-26 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Regarding Claims 1, 10, and 18: Amended independent claims 1, 10, and 18 recite “wherein the dynamic data element is configured to change for each initialization request message”. The limitation is indefinite because it is currently unclear what the newly claimed “for each request” is referring to, since the claims previously recite “an initialization request message”, not “requests” plural. Therefore, there is insufficient antecedent basis for this limitation in the claim. The dependent claims fall together accordingly. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1, 4-5, 7-10, 12-13, 16-18, and 22-26 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Oosthuizen; Gerhard Gysbert (US Publication No. Us 2019/0251561 A1) hereinafter Oosthuizen. Regarding Claims 1 and 10: Claim 1. Oosthuizen discloses a method comprising: generating, by a communication device, an initialization request message to provision access data to a digital wallet application on the communication device (Oosthuizen Fig. 3, [0109-0110]), wherein the communication device comprises a mobile phone (Oosthuizen Fig. 1 communication device is a mobile phone, [0075]), wherein the access data comprises account information (Oosthuizen [0067-0069] account information and database); transmitting, by the communication device, the initialization request message to a server computer (Oosthuizen Fig. 3, [0109-0110]); receiving, by the communication device in response to the initialization request message to provision access data to the digital wallet application, a dynamic data element from the server computer (Oosthuizen Fig. 3, [0109-0112], [0090-0091]), wherein the dynamic data element is configured to change for each initialization request message (Oosthuizen [0089-0093] “The token may include additional information, such as a cryptograph which is configured to validate that the token is relevant to the current session and not a replay attack. Obtaining the token may include generating the cryptograph. The cryptograph may serve to prevent replay of the token and may for example include a set of data elements (e.g. a nonce) which have been signed by the portable credential device. The set of data elements may include a random number received from the server or the like.”); performing, by the communication device, a message exchange process with a user device via near field communications (NFC) (Oosthuizen [0089-0092] NFC contemplated), wherein the user device comprises a payment card (Oosthuizen Fig. 1 portable credential device is a card, [0069]), wherein in the message exchange process that is performed via NFC, the dynamic data element is transmitted from the communication device to the user device (Oosthuizen [0089-0094] NFC contemplated), and a cryptogram is received by the communication device from the user device (Oosthuizen [0109-0116]), wherein the cryptogram is generated by the user device by: performing encryption on static data elements, including a user device identifier, using an encryption key on the user device to generate a second encryption key, wherein the user device identifier is an account number, and encrypting the dynamic data element using the second encryption key (Oosthuizen [0109-0116]; [0069-0071] the credential may comprise a cryptogram or encryption key and/or one or more of a primary account number; [0091-0094] an encryption key can be used to create the credential for example; claim 6 “wherein at least a portion of the token has been derived by performing an operation on the data elements and the credential, and wherein the operation is one of a hash of the data elements and the credential or a signing or encryption of the data elements using the credential”); transmitting, by the communication device, a provisioning request message including the user device identifier and the cryptogram to the server computer (Oosthuizen [0117-0119]); and receiving, by the communication device from the server computer, the access data (Oosthuizen [0120-0122]), wherein in response to receiving the access data, the communication device is configured to conduct transactions (Oosthuizen [0067-0069] and [0075] may conduct financial transactions), wherein the mobile phone and the user device are associated with a same user (Oosthuizen Fig. 1 user clearly controls both the portable credential device and communication device, [0075]). Claim 10 discloses substantially the same content and is therefore rejected under the same rationales. Oosthuizen discloses a communication device comprising: a processor; and a computer readable medium, coupled to the processor, the computer readable medium comprising code, executable by the processor (Oosthuizen [0158-160]). Regarding Claims 4 and 12: Claim 4. Oosthuizen further discloses the method of claim 1 (Oosthuizen Fig. 3, [0109-0110]), wherein the server computer is in communication with an access data vault, and wherein the server computer retrieves the access data from the access data vault (Oosthuizen [0067-0074]). Regarding Claims 5 and 13: Claim 5. Oosthuizen further discloses the method of claim 1 (Oosthuizen Fig. 3, [0109-0110]), wherein the message exchange process utilizes get processing option and application identifier request and response messages (Oosthuizen [0069-0072] EMV communications contemplated). Claim 13 discloses substantially the same content and is therefore rejected under the same rationales. Regarding Claims 7 and 16: Claim 7. Oosthuizen further discloses the method of claim 1 (Oosthuizen Fig. 3, [0109-0110]), wherein the access data provisioned to the communication device is used to conduct a transaction by interfacing with an access device (Oosthuizen [0068-0069] may conduct financial transactions). Claim 16 discloses substantially the same content and is therefore rejected under the same rationales. Regarding Claims 8 and 17: Claim 8. Oosthuizen further discloses the method of claim 1 (Oosthuizen Fig. 3, [0109-0110]), wherein the encryption key is derived from data existing on the user device (Oosthuizen [0089-0093] payment credentials can be on the portable credential device). Claim 17 discloses substantially the same content and is therefore rejected under the same rationales. Regarding Claim 9: Claim 9. Oosthuizen further discloses the method of claim 1 (Oosthuizen Fig. 3, [0109-0110]), wherein a numerical value of zero is transmitted from the communication device to the user device in the message exchange process (Oosthuizen [0089-0094] NFC and nonces contemplated). Regarding Claim 18: Claim 18. Oosthuizen discloses a method comprising: receiving, by a server computer from a communication device, an initialization request message to provision access data to a digital wallet application on the communication device (Oosthuizen Fig. 3, [0109-0110]), wherein the communication device comprises a mobile phone (Oosthuizen Fig. 1 communication device is a mobile phone, [0075]), wherein the access data comprises account information (Oosthuizen [0067-0069] account information and database); providing, by the server computer to the communication device, a dynamic data element (Oosthuizen Fig. 3, [0109-0110]), the communication device thereafter performing a message exchange process with a user device via near field communications (NFC) (Oosthuizen [0089-0092] NFC contemplated), wherein the dynamic data element is configured to change for each initialization request message (Oosthuizen [0090] “The token may include additional information, such as a cryptograph which is configured to validate that the token is relevant to the current session and not a replay attack. Obtaining the token may include generating the cryptograph. The cryptograph may serve to prevent replay of the token and may for example include a set of data elements (e.g. a nonce) which have been signed by the portable credential device. The set of data elements may include a random number received from the server or the like.”), wherein the user device comprises a payment card (Oosthuizen Fig. 1 portable credential device is a card, [0069]), wherein in the message exchange process that is performed via NFC, the dynamic data element is transmitted from the communication device to the user device, and a cryptogram is received by the communication device from the user device (Oosthuizen [0089-0094] NFC contemplated, [0109-0116]), wherein the cryptogram is generated by the user device by: performing encryption on static data elements, including a user device identifier, using an encryption key on the user device to generate a second encryption key, wherein the user device identifier is an account number, and encrypting the dynamic data element using the second encryption key (Oosthuizen [0109-0116]; [0069-0071] the credential may comprise a cryptogram or encryption key and/or one or more of a primary account number; [0091-0094] an encryption key can be used to create the credential for example; claim 6 “wherein at least a portion of the token has been derived by performing an operation on the data elements and the credential, and wherein the operation is one of a hash of the data elements and the credential or a signing or encryption of the data elements using the credential”); receiving, by the server computer, a provisioning request message including the user device identifier and the cryptogram (Oosthuizen [0117-0119]); and providing, by the server computer, the access data (Oosthuizen [0119-0122]), wherein in response to receiving the access data, the communication device is configured to conduct transactions (Oosthuizen [0067-0069] and [0075] may conduct financial transactions), wherein the mobile phone and the user device are associated with a same user (Oosthuizen Fig. 1 user clearly controls both the portable credential device and communication device; [0075-0076]). Regarding Claim 22: Claim 22. Oosthuizen further discloses the method of claim 1 (Oosthuizen Fig. 3, [0109-0110]), wherein a session ID is received by the communication device from the server computer in a same message as the dynamic data element (Oosthuizen [0090-0091] session tokens contemplated). Regarding Claim 23: Claim 23. Oosthuizen further discloses the method of claim 22 (Oosthuizen Fig. 3, [0109-0110]), wherein the provisioning request message further comprises the session ID (Oosthuizen [0090-0091] session tokens contemplated). Regarding Claim 24: Claim 24. Oosthuizen further discloses the method of claim 22 (Oosthuizen Fig. 3, [0109-0110]), wherein the account information comprises a primary account number (Oosthuizen [0076], [0067-0069] account information and database). Regarding Claim 25: Claim 25. Oosthuizen further discloses the method of claim 22 (Oosthuizen Fig. 3, [0109-0110]), wherein the account information comprises a payment token (Oosthuizen [0076], [0067-0069] payment credentials). Regarding Claim 26: Claim 26. Oosthuizen further discloses the method of claim 22 (Oosthuizen Fig. 3, [0109-0110]), wherein the method is for provisioning the account information to the mobile phone (Oosthuizen Fig. 1 communication device is a mobile phone, [0075]). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 20 is rejected under 35 U.S.C. 103 as being unpatentable over Oosthuizen as applied to claims 1, 4-5, 7-10, 12-13, 16-18, and 22-26 above, and further in view of Venot et. al. (US Publication No. US 2016/0232523 A1) hereinafter Venot. Regarding Claim 20: Claim 20. Oosthuizen discloses the method of claim 18 (Oosthuizen Fig. 3, [0109-0110]). Oosthuizen does not explicitly disclose wherein the cryptogram is formed using a DES or triple DES encryption process (Venot [0078] communications may use DES or triple data encryption standards to establish a secure session). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the method of provisioning access data disclosed by Oosthuizen with the encryption algorithms taught by Venot. The motivation for this combination would be to ensure that eavesdroppers, observers, and attackers may not snoop on communications and learn the account information being transmitted. Although Oosthuizen discloses generic encryption, the teachings of Venot clearly render obvious the use of DES or triple DES standards to establish secure cryptographic communications. Conclusion The prior art made of record in the submitted PTO-892 Notice of References Cited and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MIGUEL A LOPEZ whose telephone number is (703)756-1241. The examiner can normally be reached 8:00AM-5:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /M.A.L./ Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Show 17 earlier events
Nov 04, 2025
Examiner Interview Summary
Nov 04, 2025
Applicant Interview (Telephonic)
Dec 08, 2025
Request for Continued Examination
Dec 19, 2025
Response after Non-Final Action
Mar 04, 2026
Non-Final Rejection mailed — §102, §103, §112
Apr 17, 2026
Non-Final Rejection mailed — §102, §103, §112
Apr 21, 2026
Examiner Interview Summary
Apr 21, 2026
Examiner Interview (Telephonic)

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

6-7
Expected OA Rounds
8%
Grant Probability
20%
With Interview (+12.5%)
3y 1m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 26 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month