Prosecution Insights
Last updated: July 17, 2026
Application No. 18/124,182

SECURE VIRTUAL MALLS

Final Rejection §101
Filed
Mar 21, 2023
Priority
Sep 14, 2022 — provisional 63/406,628 +1 more
Examiner
POLLOCK, GREGORY A
Art Unit
3691
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
State Farm Mutual Automobile Insurance Company
OA Round
4 (Final)
11%
Grant Probability
At Risk
5-6
OA Rounds
1y 9m
Est. Remaining
24%
With Interview

Examiner Intelligence

Grants only 11% of cases
11%
Career Allowance Rate
72 granted / 644 resolved
-40.8% vs TC avg
Moderate +13% lift
Without
With
+12.6%
Interview Lift
resolved cases with interview
Typical timeline
5y 1m
Avg Prosecution
27 currently pending
Career history
679
Total Applications
across all art units

Statute-Specific Performance

§101
23.7%
-16.3% vs TC avg
§103
58.8%
+18.8% vs TC avg
§102
3.5%
-36.5% vs TC avg
§112
12.1%
-27.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 644 resolved cases

Office Action

§101
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This action is responsive to claims filed 04/21/2026 and Applicant’s communication regarding application 18/124182 filed 04/21/2026. Claims 1, 3-8, and 10-21 have been examined with this office action. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1, 3-8, and 10-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea of transaction/insurance transactions without significantly more. Subject Matter Eligibility Standard When considering subject matter eligibility under 35 U.S.C. 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. If the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so, it must additionally be determined whether the claim is a patent-eligible application of the exception. If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself. Examples of abstract ideas include fundamental economic practices; certain methods of organizing human activities; an idea itself; and mathematical relationships/formulas. Alice Corporation Pty. Ltd. v.CLS Bank International, et al., 573 U.S. _ (2014) as provided by the interim guidelines FR 12/16/2014 Vol. 79 No. 241. Analysis Step 1, the claimed invention must be to one of the four statutory categories. 35 U.S.C. 101 defines the four categories of invention that Congress deemed to be the appropriate subject matter of a patent: processes, machines, manufactures and compositions of matter. In this case independent claim 1 and all claims which depend from it are directed toward a system, and independent claim 10 and all claims which depend from it are directed toward a method and independent claim 20 all claims which depend from it are directed toward a computer readable medium storing instruction to perform functions/steps. As such, all claims fall within one of the four categories of invention deemed to be the appropriate subject matter. Step 2A Prong 1, Under Step 2 A, Prong 1 of the 2019 Revised § 101 Guidance, it is determined whether the claims are directed to a judicial exception such as a law of nature, a natural phenomenon, or an abstract idea (See Alice, 134 S. Ct. at 2355) by identify the specific limitation(s) in the claim that recites abstract idea(s); and then determine whether the identified limitation(s) falls within at least one of the groupings of abstract ideas enumerated in the 2019 PEG. Specifically, claim 1 comprises inter alia the functions or steps of “A computer-implemented method for providing a secure virtual mall within a virtual environment, comprising: receiving, via one or more processors of a mall server, directly from the user device user authentication credentials associated with a user that is attempting to interact with the secure virtual mall within the virtual environment; authenticating, via the one or more processors of the mall server, the user based upon the user authentication credentials, wherein authenticating the user comprises: sending, via the one or more processors of the mall server, a security key to the user device to use as the authentication credentials; in response to the user interacting with the secure virtual mall, receiving, via the one or more processors of the mall server, from the user device, the security key; and verifying, via the one or more processors of the mall server, the received security key matches the sent security key; in response to the authentication of the user device, establishing, via the one or more processors, a secure connection between the user device and the one or more processors, wherein the establishing the secure connection includes providing a layer of security within the secure connection between the user device and the secure virtual mall, wherein the secure connection comprises a communication path that does not traverse a virtual environment server; and processing, via the one or more processors, a transaction of the user device occurring in the secure virtual mall, wherein the transaction is between the user device and a vender and is facilitated via the secure connection; processing, via the one or more processors of the mall server, a transaction of the user device occurring in the secure virtual mall, wherein the transaction is between the user device and a vender server and is facilitated via the secure connection, and wherein processing the transaction comprises: receiving, via the one or more processors of the mall server, vender authentication credentials from the vender server; and authenticating, via the one or more processors of the mall server, the vender server based upon the vender authentication credentials”. Claim 15 comprises inter alia the functions or steps of “A computer system configured to provide a secure virtual mall within a virtual environment, the computer system comprising one or more processors of the mall server configured to: receive, directly from a user device, user authentication credentials associated with a user that is attempting to interact with the secure virtual mall within the virtual environment; authenticate the user based upon the user authentication credentials by; sending a security key to the user device to use as the authentication credentials; in response to the user interacting with the secure virtual mall, receiving from the user device, the security key; and verifying the received security key matches the sent security key; in response to the authentication of the user device, establish a secure connection between the user device and the one or more processors, wherein the establishing the secure connection includes providing a layer of security within the secure connection between the user device and the secure virtual mall, wherein the secure connection comprises a communication path that does not traverse a virtual environment server; and processes a transaction of the user device occurring in the secure virtual mall, wherein the transaction is between the user device and a vender and is facilitated via the secure connection; processes a transaction of the user device occurring in the secure virtual mall, wherein the transaction is between the user device and the vender server and is facilitated via the secure connection, and wherein the one or more processors of the mall server are configured to process the transaction by: receiving vender authentication credentials from the vender server; and authenticating the vender server based upon the vender authentication credentials”. Claim 18 comprises inter alia the functions or steps of “A computer device configured to provide a secure virtual mall within a virtual environment, the computer device comprising:one or more processors; andone or more memories coupled to the one or more processors; the one or more memories including computer executable instructions stored therein that, when executed by the one or more processors, cause the one or more processors to: receive user authentication credentials associated with a user that is attempting to interact with the secure virtual mall within the virtual environment; authenticate the user based upon the user authentication credentials by; sending a security key to the user device to use as the authentication credentials; in response to the user interacting with the secure virtual mall, receiving from the user device, the security key; and verifying the received security key matches the sent security key; in response to the authentication of the user device, establish a secure connection between the user device and the one or more processors, wherein the establishing the secure connection includes providing a layer of security within the secure connection between the user device and the secure virtual mall; and processes a transaction of the user device occurring in the secure virtual mall, wherein the transaction is between the user device and a vender and is facilitated via the secure connection; processes a transaction of the user device occurring in the secure virtual mall, wherein the transaction is between the user device and a vender and is facilitated via the secure connection, and the one or more memories including computer-executable instructions stored therein that, when executed by the one or more processors, further cause the one or more processors of the mall server to process the transaction by: receiving vender authentication credentials from the vender server; and authenticating the vender server based upon the vender authentication credentials”. Those claim limits in bold are identified as claim limitations which recite the abstract idea, while those that are un-bolded are identified as additional elements. The cited limitations as drafted are systems and methods that, under their broadest reasonable interpretation, covers performance of a method of organizing human activity, but for the recitation of the generic computer components. Further, none of the limitations recite technological implementations details for any of the steps but, instead, only recite broad functional language being performed by the generic use of at least one processor. Transaction/insurance transactions are fundamental economic practices long prevalent in commerce systems. If a claim limitation, under its broadest reasonable interpretation, covers a fundamental economic principle or practice but for the general linking to a technological environment, then it falls within the organizing human activity grouping of abstract ideas. Accordingly, the claim recites an abstract idea. Step 2A Prong 2, Next, it is determined whether the claim is directed to the abstract concept itself or whether it is instead directed to some technological implementation or application of, or improvement to, this concept, i.e., integrated into a practical application. See, e.g., Alice, 573 U.S. at 223, discussing Diamond v. Diehr, 450 U.S. 175 (1981). The mere introduction of a computer or generic computer technology into the claims need not alter the analysis. See Alice, 573 U.S. at 223—24. “[T]he relevant question is whether the claims here do more than simply instruct the practitioner to implement the abstract idea on a generic computer.” Alice, 573 U.S. at 225. In the present case, the judicial exception is not integrated into a practical application. The claim limitations are not indicative of integration into a practical application by claiming an improvement to the functioning of the computer or to any other technology or technical field. Further, the claim limitations are not indicative of integration into a practical application by applying or using the judicial exception in some other meaningful way. In particular, the claims contain the following additional elements: a computer; a virtual environment; one or more processors; user device; establishing a secure connection between the user device and the one or more processors; a layer of security; one or more memories; wherein the secure connection comprises a communication path that does not traverse a virtual environment server. However, the specification description of the additional elements a computer ([0028]); a virtual environment ([0028] “…term virtual environment should be understood to refer to a virtual world, such as a metaverse, a virtual game world, an augmented-reality based virtual world, etc); one or more processors ([0037]); user device ([0033] “For instance, a user 170 may wish to participate in the virtual environment. To do so, the user 170 may use a user device 175 ( e.g., a virtual reality (VR) headset, a computer, a tablet, a smartphone, an augmented reality (AR) headset, etc.)”); establishing a secure connection between the user device and the one or more processors ([0056-0059]); a layer of security ([0056-0059]); one or more memories ([0218]); wherein the secure connection comprises a communication path that does not traverse a virtual environment server ([0056] [0103] [0111] [0116] [0152] [0161]) are at a high level of generality using exemplary language or as part of a generic technological environment and are functions any general purpose computer performs such that it amount no more than mere instruction to apply the exception to a particular technological environment. Further, none of the limitations recite technological implementations details for any of the steps but, instead, only recite broad functional language being performed by the generic use of at least one processor. Accordingly, these additional elements do not integrate the abstract idea into a practical application because it does not impose any meaning limits on practicing the abstract idea. Thus, the claim is directed toward an abstract idea. Step 2B, the claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more that the abstract idea(s). As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform the abstract idea(s) amounts to no more than mere instructions to apply the exaction using a generic computer component. Mere instruction to apply an exertion using a generic computer component cannot provide an inventive concept. These generic computer components are claimed at a high level of generality to perform their basic functions which amount to no more than generally linking the use of the judicial exception to the particular technological environment of field of use (Specification as cited above for additional elements) and further see insignificant extra-solution activity MPEP § 2106.05 I. A. iii, 2106.05(b), 2106.05(b) III, 2106.05(g). Thus, the claims are not patent eligible. As for dependent claims 3, 6, 11-14, and 19 these claims recite limitations that further define the same abstract idea using previously identified additional elements noted from the respective independent claims from which they depend. Therefore, the cited dependent claims are considered patent ineligible for the reasons given above. As for dependent claims 4, 5, 7, 8, 10, 16, 17, and 20, these claims recite limitations that further define the same abstract idea using previously identified additional elements noted from the respective independent claims from which they depend. In addition, the cited dependent claims recite the additional elements: a virtual reality (VR) headset (claim 4, 16, and 20); biometric data automatically gathered by the VR headset (claim 5); a firewall (claim 7, 8, 17); a security key (claim 9); decrypting a digital signature applied using a public key of a public/private key pair (claim 10). However, the specification description of the additional elements a virtual reality (VR) headset ([0028] [0032]); biometric data automatically gathered by the VR headset ([0035] [0049] “…In some examples, where the authentication credentials comprise biometric data, the user device 175 (e.g., a smartphone, tablet, AR headset or glasses, VR headset, smart glasses, etc.) automatically gathers the biometric data ( e.g., through a camera or a fingerprint reader of the user device 175), and sends the biometric data to the virtual environment server…”); a firewall ([0057]); a security key ([0049] The user device 175 also sends (315) authentication credentials to the virtual environment server 160 (e.g., to allow the user 170 to log into the virtual environment). The authentication credentials may comprise any authentication information. For example, the authentication credentials may comprise a user name, password, biometric data (e.g., fingerprint data, facial recognition data, etc.), twofactor authentication information (as will be further described below), a security key that was previously sent to the user device 175, etc. In some examples, where the authentication credentials comprise biometric data, the user device 175 (e.g., a smartphone, tablet, AR headset or glasses, VR headset, smart glasses, etc.) automatically gathers the biometric data ( e.g., through a camera or a fingerprint reader of the user device 175), and sends the biometric data to the virtual environment server 160 at 315” [0089]); decrypting a digital signature applied using a public key of a public/private key pair ([0199]) are at a high level of generality using exemplary language or as part of a generic technological environment and are functions any general purpose computer performs such that it amount no more than mere instruction to apply the exception to a particular technological environment. Even in combination, these additional elements do not integrate the abstract idea into a practical application and do not amount to significantly more than the abstract idea itself. Therefore, the cited dependent claims are ineligible. Prior Art The claims overcome the prior art of record such that none of the cited prior art reference’s disclosures can be applied to form the basis of a 35 USC § 102 rejection nor can they be combined to fairly suggest in combination, the basis of a 35 USC § 103 rejection when the limitations are read in the particular environment of the claims. The closest prior art Anand (PGPub Document No. 20170364920) teaches retrieving credentials from a remote server and using key pairs for signing-not the claimed process where the mall server sends a security key to the user device and then verifies that the same security key is returned as amended. Note, however, that the examiner disagrees with applicant’s argument that Anand’s resource server cannot be properly mapped to the functionality of the virtual environment server and mall server since the functionality of each separate server are performed in separate modules of the resource server. In Anand, the contactless element interface (Figure 3, element 300F) provides the virtual reality hardware and is shown as being separate from the authentication modules (Figure 3, element 300L). The present application makes it clear that [0217] “… the methods or routines described herein may be at least partially processor-implemented…at least some of the operations of a method may be performed by one or more processors or processor-implemented hardware modules. The performance of certain of the operations may be distributed among the one or more processors, not only residing within a single machine, but deployed across a number of machines. In some example embodiments, the processor or processors may be located in a single location ( e.g., within a home environment, an office environment or as a server farm)…”. Thus, the examiner argues that functionality of the a “servers” as presented in the present specification can be separated in functionality of separate modules which can be houses in one or multiple physical computing devices. Therefore, the claims may be allowable if amended to overcome the rejection(s) under 35 U.S.C. 35 U.S.C. 101, set forth in this Office action. Response to Arguments Applicant's arguments with regards to patent eligibility have been fully considered but they are not persuasive. EXAMINER’S RESPONSE TO APPLICANT REMARKS CONCERNING Claim Rejections - 35 USC § 101: Applicant's arguments with regards to 35 USC § 101 have been fully considered but are not persuasive. As an initial note, the examiner conferred with SPE Abhishek Vyas regarding patent eligibility of the amended claims on 05/13/26. The examiner maintains that there is no improvement to a technology or to the computer itself. Regarding the applicant’s argument that “this amendment reciting the use of a security key improves security of the system, thereby improving technical functioning. Specifically, the mall server sends a security key to the user device, and then verifies that the received security key matches the sent security key when the user interacts with the secure virtual mall. This security key mechanism provides a technical improvement over conventional authentication approaches because it ensures that only the specific user device that received the security key from the mall server may subsequently authenticate-preventing unauthorized devices from intercepting or spoofing authentication credentials”, the examiner disagrees. The use of private/public keys in establishing a secure connection is widely used in the art. For example, the prior art of record Anand use a private-public key to ensure security between a server and a user device. The only difference between the prior art and the present set of claims is the specific steps involving initiation of the process which the examiner argues is not a technical improvement but a design choice. Regarding applicant’s argument that “this security key verification operates in conjunction with the secure connection that does not traverse the virtual environment server, creating a layered security architecture. By having the mall server both issue and verify the security key directly with the user device, the system reduces attack vectors that would otherwise exist if authentication were routed through intermediate servers. This represents a concrete technical improvement to computer security rather than merely applying an abstract concept to a generic computer environment“, the specification [0056 0095 0103 0111 0116 0152 0161] makes clear that only in certain embodiments “In some examples, the secure connection comprises a communication path that does not traverse the virtual environment server”. Thus, using the mall server for authentication is described at a high level of generality in the specification and appears to be a design choice and not an improvement to a technology even when considered at as a whole. The claim limit “the secure connection that does not traverse the virtual environment server”, this claim limit merely requires that the software which controls the virtual environment and the software that controls the authentication not be within the same software module. As stated above, Anand’s resource server can be properly mapped to the functionality of the virtual environment server and mall server since the functionality of each separate server are performed in separate modules of the resource server. In Anand, the contactless element interface (Figure 3, element 300F) provides the virtual reality hardware and is shown as being separate from the authentication modules (Figure 3, element 300L). The present application makes it clear that [0217] “… the methods or routines described herein may be at least partially processor-implemented…at least some of the operations of a method may be performed by one or more processors or processor-implemented hardware modules. The performance of certain of the operations may be distributed among the one or more processors, not only residing within a single machine, but deployed across a number of machines. In some example embodiments, the processor or processors may be located in a single location ( e.g., within a home environment, an office environment or as a server farm)…”. Thus, the examiner argues that functionality of the a “servers” as presented in the present specification can be separated in functionality of separate modules which can be houses in one or multiple physical computing devices. As such, the examiner maintains the rejection. Conclusion For prior art made of record and not relied upon is considered pertinent to applicant's disclosure see Notice of References Cited items A-B submitted 06/04/2025 used as prior art and in the conclusion section in the office action submitted 06/04/2025. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Gregory A Pollock whose telephone number is (571) 270-1465. The examiner can normally be reached M-F 8 AM - 4 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Abhishek Vyas can be reached on 571 270-1836. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Gregory A Pollock/Primary Examiner, Art Unit 3691 06/25/2026
Read full office action

Prosecution Timeline

Show 8 earlier events
Dec 29, 2025
Request for Continued Examination
Jan 07, 2026
Response after Non-Final Action
Jan 20, 2026
Non-Final Rejection mailed — §101
Apr 06, 2026
Interview Requested
Apr 13, 2026
Examiner Interview Summary
Apr 13, 2026
Applicant Interview (Telephonic)
Apr 21, 2026
Response Filed
Jun 29, 2026
Final Rejection mailed — §101 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12094003
Apparatus, method and system for providing an electronic marketplace for trading credit default swaps and other financial instruments, including a trade management service system
1y 1m to grant Granted Sep 17, 2024
Patent 12045786
SYSTEMS AND METHODS FOR GLOBAL TRANSFERS
3y 9m to grant Granted Jul 23, 2024
Patent 12033216
SYSTEM AND METHOD FOR A MACHINE LEARNING SERVICE
1y 1m to grant Granted Jul 09, 2024
Patent 11922381
DISTRIBUTED TRANSACTION SYSTEM
5y 12m to grant Granted Mar 05, 2024
Patent 11900455
METHOD AND APPARATUS FOR DECENTRALIZED VC FUNDS
2y 7m to grant Granted Feb 13, 2024
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
11%
Grant Probability
24%
With Interview (+12.6%)
5y 1m (~1y 9m remaining)
Median Time to Grant
High
PTA Risk
Based on 644 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month