Prosecution Insights
Last updated: July 17, 2026
Application No. 18/403,999

DEVICES, METHODS, COMPUTER-READABLE MEDIA, AND SYSTEMS FOR AUTHENTICATING USERS

Non-Final OA §101
Filed
Jan 04, 2024
Priority
Jan 05, 2023 — provisional 63/478,594
Examiner
ROSEN, ELIZABETH H
Art Unit
3693
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Mastercard Technologies Canada Ulc
OA Round
3 (Non-Final)
46%
Grant Probability
Moderate
3-4
OA Rounds
11m
Est. Remaining
98%
With Interview

Examiner Intelligence

Grants 46% of resolved cases
46%
Career Allowance Rate
105 granted / 227 resolved
-5.7% vs TC avg
Strong +52% interview lift
Without
With
+51.7%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
49 currently pending
Career history
282
Total Applications
across all art units

Statute-Specific Performance

§101
22.3%
-17.7% vs TC avg
§103
60.6%
+20.6% vs TC avg
§102
6.3%
-33.7% vs TC avg
§112
2.4%
-37.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 227 resolved cases

Office Action

§101
DETAILED ACTION Status of Application This action is a Non-Final Rejection. This action is in response to the request for continued examination filed on January 29, 2026. Claims 1-4, 7-11, 14-18, and 20 are amended. Claim 19 has been canceled. Claim 21 has been added. Claims 1-18, 20, and 21 are pending and rejected. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Response to Arguments Regarding the rejections under 35 U.S.C. 103, Applicant’s arguments are moot because the rejection has been withdrawn in light of Applicant’s amendments. Although individual claim limitations are known in the art, the independent claims as a whole are not obvious. Regarding the rejection under 35 U.S.C. 101, the rejection is maintained for the reasons given in the rejection. Claim Rejections - 35 USC § 101 35 U.S.C. § 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-18, 20, and 21 are rejected under 35 U.S.C. § 101 as being directed to non-statutory subject matter because the claimed invention is directed to an abstract idea without significantly more. Step 1: Does the Claim Fall within a Statutory Category? (see MPEP 2106.03) Yes, with respect to claims 1-7 and 21, which recite a computing device and, therefore, are directed to the statutory class of machine or manufacture. Yes, with respect to claims 8-14, which recite a method and, therefore, are directed to the statutory class of process. Yes, with respect to claims 15-18 and 20, which recite a non-transitory computer readable medium and, therefore, are directed to the statutory class of manufacture. Step 2A, Prong One: Is a Judicial Exception Recited? (see MPEP 2106.04(a)) The following claims (Claims 1-7 and 21 are representative) identify the limitations that recite the abstract idea in regular text and that recite additional elements in bold: 1. A computing device comprising: a communication interface configured to communicate with an authentication device associated with a user via a first communication network, and communicate with a plurality of local devices that are separate and distinct from the authentication device; an electronic processor; and a memory, wherein the electronic processor is configured to: receive a registration of the authentication device connected to and communicating with the first communications network, store the registration of the authentication device in the memory, iteratively receive local device information regarding the plurality of local devices, generate a plurality of environmental fingerprints based on the local device information that is iteratively received, store the plurality of environmental fingerprints in the memory, receive a transaction request by the user, responsive to receiving the transaction request, perform a passive authentication operation by analyzing the plurality of environmental fingerprints, responsive to the passive authentication operation indicating that a strong consumer authentication of the user is required, request an active authentication operation to be performed only by the authentication device that is registered, receive a result of the active authentication operation performed only by the authentication device, determine whether the result validates the transaction request by the user, and permit the transaction request by the user in response to determining that the result validates the transaction request by the user. 2. The computing device of claim 1, wherein the passive authentication operation and the active authentication operation are authentication challenges according to a 3DS 2.0 protocol. 3. The computing device of claim 1, wherein the electronic processor is further configured to: receive a registration of a second authentication device associated with the user, the second authentication device being separate and distinct from the authentication device, and the second authentication device being connected to and communicating with a second communications network, store the registration of the second authentication device in the memory, receive a second transaction request by the user, responsive to receiving the second transaction request, perform a second passive authentication operation by analyzing the plurality of environmental fingerprints, responsive to the second passive authentication operation indicating that a second strong consumer authentication is required, request a second active authentication operation to be performed only by the authentication device, the second authentication device, or a combination thereof, receive one or more results of the second authentication operation performed only by the authentication device, the second authentication device, or the combination thereof, determine whether the one or more results validate the second transaction request by the user, and permit the second transaction request by the user in response to determining that the result validates the second transaction request by the user. 4. The computing device of claim 3, wherein the electronic processor is configured to: receive a registration of a third authentication device associated with the user, the third authentication device being separate and distinct from the authentication device and the second authentication device, and the second authentication device being connected to and communicating with a third communications network, store the registration of the third authentication device in the memory, receive a third transaction request by the user, responsive to receiving the third transaction request, perform a third passive authentication operation by analyzing the plurality of environmental fingerprints, responsive to the third passive authentication operation indicating that a third strong consumer authentication is required, request a third active authentication operation to be performed only by the authentication device, the second authentication device, or the third authentication device, or a combination thereof, receive one or more results of the third authentication operation performed only by the authentication device, the second authentication device, the third authentication device, or the combination thereof, determine whether the one or more results validate the third transaction request by the user, and permit the third transaction request by the user in response to determining that the result validates the third transaction request by the user. 5. The computing device of claim 4, wherein the authentication device, the second authentication device, and the third authentication device are individually one of a smartphone, a tablet, laptop computer, a desktop computer, a smart watch, a smart refrigerator, a smart thermostat, a smart garage door opener, a smart light device, a smart washing machine, a drone, a smart sound system, a smart television, a smart set-top box, an automobile, or smart clothing.1 6. The computing device of claim 4, wherein the first communications network, the second communications network, and the third communications network are individually one of a local area network (LAN), a personal area network (PAN), a wireless local area network (WLAN), a wide area network (WAN), an enterprise private network (EPN), or a system-area network (SAN). 7. The computing device of claim 1, wherein, to perform the passive authentication operation by analyzing the plurality of environmental fingerprints, the electronic processor is further configured to determine whether a change has occurred with respect to a portion of the plurality of environmental fingerprints, responsive to determining that the change has not occurred with respect to the portion of the plurality of environmental fingerprint, permit the transaction request by the user, and responsive to determining that the change has occurred with respect to the portion of the plurality of environmental fingerprints indicate that the strong consumer authentication of the user is required. 21. The computing device of claim 1, wherein the active authentication operation is a challenge to compute a hash of available Wi-Fi access point names. Yes. But for the recited additional elements as shown above in bold, the remaining limitations of the claims recite certain methods of organizing human activity. The claims are directed to authenticating a user for a transaction. This type of method of organizing human activity is a commercial interaction such as sales activities or behaviors and business relations. Thus, the claims recite an abstract idea. Step 2A, Prong Two: Is the Abstract Idea Integrated into a Practical Application? (see MPEP 2106.04(d)) No. The claims as a whole merely use a computer as a tool to perform the abstract idea. The computing components (i.e., additional elements that are in bold above) are recited at a high level of generality and are merely invoked as a tool to implement the steps. For example, only a programmed general purpose computing device is needed to implement the claimed steps (i.e., receive data, store data, generate data, analyze environmental fingerprints, send data, determine, and permit). Simply implementing the abstract idea on a generic computer is not a practical application of the abstract idea. Additionally, there is no improvement to the functioning of a computer or technology. Therefore, the abstract idea is not integrated into a practical application. Step 2B: Does the Claim Provide an Inventive Concept? (see MPEP 2106.05) No. As discussed with respect to Step 2A, Prong 2, the additional elements in the claims, both individually and in combination, amount to no more than tools to perform the abstract idea. Merely performing the abstract idea using a computer cannot provide an inventive concept. Therefore, the claims do not provide an inventive concept. As such, the claims are not patent eligible. Relevant Prior Art The following references are relevant to Applicant’s invention (in addition to those previously used for the obviousness rejection): Todasco et al., U.S. Patent Application Publication Number 2019/0311365 A1. This reference teaches shared authentication for limited use of an associated account based on user location and connected devices. Kamal et al., U.S. Patent Application Publication Number 2021/0241266 A1. This reference teaches 3D Secure 2.0 protocol. Grewal et al., U.S. Patent Application Publication Number 2021/0185526 A1. This reference teaches location based authentication. Specifically, paragraph 0008 recites “According to an example, there is provided a method and system that removes an authentication burden from users by automatically authenticating devices if they are present in a particular environment. For example, many internet of things (IoT) devices are equipped with sensors that can be used to collect an environmental fingerprint that can be used to provide a device location. Such location fingerprints can be used to match devices in the same general area and establish “co-presence.” In an example, a central hub based approach is described, in which the hub acts as a location fingerprint matching service among managed devices in an ad-hoc fashion. Unlike location based authentication, users do not need to pre-select a location where the authentication is not needed. Although the system works with a cloud service it can also work directly with local devices.” Email Communications Per MPEP 502.03, Applicant may authorize email communications by filing Form PTO/SB/439, available at https://www.uspto.gov/sites/default/files/documents/sb0439.pdf, via the USPTO patent electronic filing system. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELIZABETH H ROSEN whose telephone number is (571) 270-1850 and email address is elizabeth.rosen@uspto.gov. The examiner can normally be reached Monday - Friday, 10 AM ET - 7 PM ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael Anderson, can be reached at 571-270-0508. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ELIZABETH H ROSEN/Primary Examiner, 3693 1 According to the broadest reasonable interpretation of this claim, only one of these devices is required. For example, all three authentication devices may be smartphones.
Read full office action

Prosecution Timeline

Show 6 earlier events
Dec 17, 2025
Interview Requested
Jan 14, 2026
Applicant Interview (Telephonic)
Jan 14, 2026
Examiner Interview Summary
Jan 29, 2026
Request for Continued Examination
Feb 11, 2026
Response after Non-Final Action
Apr 20, 2026
Non-Final Rejection mailed — §101
Jul 13, 2026
Examiner Interview Summary
Jul 13, 2026
Applicant Interview (Telephonic)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12608713
PREDICTIVE RESPONSE FROM CONVERSATIONAL FLOW
3y 2m to grant Granted Apr 21, 2026
Patent 12561655
Active Meta Data Based Transaction Amalgamation Offset in Blocks to Increase Carbon Efficiency
1y 11m to grant Granted Feb 24, 2026
Patent 12448272
SYSTEM AND METHOD FOR MANAGING A FUEL DISPENSING ACCOUNT
3y 11m to grant Granted Oct 21, 2025
Patent 12430634
CONNECTED VEHICLE FOR PROVIDING NAVIGATION DIRECTIONS TO MERCHANT TERMINALS THAT PROCESS VEHICLE PAYMENTS
2y 4m to grant Granted Sep 30, 2025
Patent 12430628
CONNECTED CAR AS A PAYMENT DEVICE
2y 1m to grant Granted Sep 30, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
46%
Grant Probability
98%
With Interview (+51.7%)
3y 5m (~11m remaining)
Median Time to Grant
High
PTA Risk
Based on 227 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month