SYSTEM AND METHOD FOR GENERATING MASKED VIRTUAL RESOURCE CREDENTIALS FOR PROCESSING RESOURCE INTERACTIONS

§103 §112

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This Office Action is in response to the communication and claim amendment filed on 09/25/2025; Claims 1, 4, 8, and 15 have been amended; Claims 1, 8, and 15 are independent claims. Claims 1-20 have been examined and are pending. This Action is made FINAL. Response to Arguments The objection to the claim 4 is withdrawn as the abstract has been amended. Applicant argues that the elements "processing device" when read in light of the specification, connotes sufficient, definite structure to one of skill in the art so as to preclude application of 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, paragraph 6; Applicant asserts that the claims do not meet the 3-prong analysis set forth in MPEP 2181 and recited in the Office Action (Applicant Remarks/Arguments Remark, pages 8-10). The Examiner respectfully disagrees with the Applicants. As the claims recite means-plus function, 35 U.S.C. 112(f) is invoked. Following is the three-prong test. The claims recite generic place holder: “device.” (see §MPEP 2181(I)(A) for details). Said generic place holder is coupled with functional languages: generate / display / process / complete / generate / link /display / identify / cause / receive / validate / receive / link / determine / receive / determine /transmit / prompt. The claimed generic place holder (i.e., “device”) is not modified by any sufficient structures/material. It' s noted that the term “device” is preceded by the term “processing.” However, processing is not a structural modifier. As three-prong test is met, the claimed “means-plus functions” are interpreted under 35 U.S.C. 112(f); (see §MPEP 2181 for details.) It’s noted that as the specification provides sufficient corresponding structures for the claimed means-plus functions (e.g., pars. 0034 and 0053-0056), the claims are NOT rejected under 35 U.S.C. 112(a) and/or 35 U.C.C. 112(b); otherwise. Applicants’ arguments with respect to claims 1, 8, and 15 have been fully considered but are moot in view of the new ground(s) of rejection. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term "means" or "step" or a term used as a substitute for "means" that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term "means" or "step" or the generic placeholder is modified by functional language, typically, but not always linked by the transition word "for" (e.g., "means for") or another linking word or phrase, such as "configured to" or "so that"; and (C) the term "means" or "step" or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word "means" (or "step") in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Absence of the word "means" (or "step") in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word "means" (or "step") are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word "means" (or "step") are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word "means," but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “processing device is configured to: generate / display / process / complete / generate / link /display / identify / cause / receive / validate / receive / link / determine / receive / determine /transmit / prompt;” recited in claims 1-7. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1, 8, and 15 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Regarding claims 1, 8, and 15, The claims recite “wherein the masked virtual resource credential is generated such that it is non-derivable from and non-correlatable with any resource pool information associated with the resource pool of the user.” (emphasis added); however, the limitations “non-derivable” and/or “non-correlatable” are not discussed in the specification. The Applicants point out the amended limitations which are supported by the paragraphs 0021 and 0043 of the original specification. However, the aforementioned paragraphs do not provide any discussion with respect to “non-derivable” and/or “non-correlatable.” At most, paragraph [0043] of the specification states that: “the masked virtual resource credential automatically generated by the system may have no relation and/or resemblance to the resource pool information of the user.” Nowhere does the specification disclose “non-derivable” and/or “non-correlatable.” The Examiner respectfully requests the Applicant point out where in the specification support can be found for "non-derivable" limitation. Applicant is required to cancel the new matter in the reply to this Office Action. Regarding claims 2-7, 9-14, and 16-20; claims 2-7, 9-14, and 16-20 are dependent on claim 1, 8, and 15, respectively, and therefore inherit 35 U.S.C. 12(a) first paragraph, as failing to comply with the written description requirement Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 5-6, 8-9, 12-13, 15, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Sobol et al. (“Sobol,” US 2015/0186872) in view of McGuire et al. (“McGuire,” US 2011/0307710) Regarding claim 1, Sobol teaches a system for generating masked virtual resource credentials for processing resource interactions, the system comprising: at least one network communication interface (Sobol: Fig. 2, par. 0061, "It will be understood that the server 230 may include a communication interface, a processor, and a memory, which may include one or more applications and/or datastores"; par. 0043, "the financial institution server 230 and the mobile device 240 are each operatively and selectively connected to the network 210"). at least one non-transitory storage device (Sobol: Fig. 2, par. 0061, "the server 230 may include a communication interface, a processor, and a memory, which may include one or more applications and/or datastores"; par. 0043, "the system 200 includes... an account datastore 203"; "the account datastore 203 includes a deposit account 204 and an electronic banking account 205"); and at least one processing device coupled to the at least one non-transitory storage device and the at least one network communication interface, wherein the at least one processing device (Sobol: Fig. 2, par. 0061, "the server 230 may include a communication interface, a processor, and a memory, which may include one or more applications and/or datastores"; par. 0062, "the server 230 is configured (and/or an application thereof is executable) to receive a request for a temporary virtual transaction card"; "the server 230 is configured to: 1) generate a new account number for the virtual transaction card, 2) link the new account number to an existing account number of the user"; par. 0043, teaches the server 230 is operatively and selectively connected to the network 210 to communicate with mobile devices) is configured to: generate a masked virtual resource credential for a resource pool associated with a user, wherein the user is associated with an entity that is associated with the resource pool ((Sobol: par. 0039, "the system may simply generate a card number for the VTC and operatively link the card number to the existing bank/credit account number of the user"; par. 0062, "the server 230 is configured to: 1) generate a new account number for the virtual transaction card, 2) link the new account number to an existing account number of the user, 3) render a virtual transaction card comprising the new account number, and 4) transmit the rendering of the virtual transaction card to the authenticated mobile device of the user"; par. 0042 , "the account datastore 203 includes a deposit account 204 and an electronic banking account 205. In this example embodiment, the deposit account 204 (e.g., checking account, savings account, investment account, etc.); par. 0042, "FIG. 2 also shows the account holder 202, who holds the deposit account 204"; par. 0042 "the system 200 includes a network 210, financial institution servers 230"; "In accordance with some embodiments, a single bank maintains the account datastore 203 and the financial institution server 230", par. 0042, "the holder 202 is a customer of the bank"; par. 0042, "a single bank maintains the account datastore 203" which contains the deposit account 204), display the masked virtual resource credential, via a user interface of an entity application associated with the entity (Sobol: par. 0024, "the system may issue the temporary virtual transaction card directly to a mobile device of the user. In that way, the user may easily display the temporary virtual transaction card"; par. 0041, "the indicia [is] a display of an electronic version of the physical transaction card... the electronic version will have an appearance of a physical credit or debit card... the name of the customer appearing on a front side of the card together with the card number, expiration date, card branding, and the like"; par. 0054, "user output devices 249A include a display 280 (e.g., a liquid crystal display, a touchscreen display)"; par. 0035, "mobile banking application may be an application provided by the financial institution to allow customers to manage a number of financial accounts"; par. 0041, "the user is allowed to access the VTC via the mobile banking application on the mobile device"). receive a resource interaction from a third party entity system initiated by the user using the masked virtual resource credential at a third party entity location, wherein the resource interaction comprises the masked virtual resource credential wherein the third party entity system and the third party entity location are associated with a merchant (Sobol: par. 0024, "an electronic or digital transaction vehicle that can be used to transfer money, make a payment (for a service or a good)"; par. 0041, "the VTC may be used in online and/or non-online transactions or transactions"; par. 0041, "the system allows the user to access the VTC on the mobile device of the user for performing one or more transactions"; par. 0041, "indicia... that can be scanned for performing a transaction using the account associated with the VTC";); process the resource interaction based on the masked virtual resource credential received from the third party entity system associated with the merchant (Sobol: par. 0063, "server 230 is configured to: (a) receive a request, from the mobile device 240, for a virtual transaction vehicle... (b) identify an existing account of the user to be linked with the virtual transaction vehicle... (c) generate the virtual transaction vehicle based at least partially on information associated with the request and identifying the account; and (d) transmit the newly generated virtual transaction vehicle to the mobile device of the user so that the user can perform transactions using the virtual transaction card"; par. 0039,"the system may also associated the newly generated card number for the VTC to the account or account number"); and complete the resource interaction by transferring of resources from the resource pool of a user to a third party resource pool associated with the merchant (Sobol: par. 0024, "an electronic or digital transaction vehicle that can be used to transfer money, make a payment (for a service or a good)"; par. 0039, "so that the user may use the funds and/or the available credit associated with account associated with the physical transaction card") . Sobol does not explicitly disclose wherein the masked virtual resource credential is generated such that it is non-derivable from and non-correlatable with any resource pool information associated with the resource pool of the user. However, in an analogous art, McGuire discloses wherein the masked virtual resource credential is generated such that it is non-derivable from and non-correlatable with any resource pool information associated with the resource pool of the user (McGuire: par. 0012, "The token preferably has no algorithmic relationship with the original payment-card number, so that the payment-card number cannot be derived based on the token itself (such as by merely applying a decryption algorithm to the token)"; par. 0059, , "This alphanumeric string is not generated, in any way, based on the payment-card number and does not have any algorithmic relationship to the payment-card number. Accordingly, the token cannot later be used to generate the payment-card number without the use of tokenizer 120"; par. 0012, "this token is not considered cardholder data, because it is a random string from which it is not possible to extrapolate any original cardholder data"); Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of McGuire with the method and system of Sobol to include wherein the masked virtual resource credential is generated such that it is non-derivable from and non-correlatable with any resource pool information associated with the resource pool of the user. One would have been motivated to provide enhanced security for Sobol's virtual transaction cards by ensuring that the virtual credential cannot be used to derive or correlate to the user's real account information, even if the virtual credential is intercepted or compromised (McGuire: par. 0012), thereby protecting users from unauthorized access to their underlying bank accounts. Furthermore, Sobol teaches that virtual transaction cards are provided when a user's physical card is "lost," "misplaced," or "misappropriated" (Sobol: and applying McGuire's non-derivable, non-correlatable token generation would ensure that even if the virtual credential is also compromised, the attacker cannot obtain the user's real account information. Regarding claim 2, the combination of Sobol and McGuire teaches the system of claim 1. The combination of Sobol and McGuire further teaches wherein the at least one processing device is configured to generate the masked virtual resource credential based on an input received from the user (Sobol: par. 0016, a user may request a temporary virtual transaction vehicle when the customer has misplaced or does not have available a physical transaction vehicle.; par. 0039, The system may determine that the physical transaction card is lost based on user input indicating that the physical transaction card is lost or has been misappropriated.). Regarding claim 5, the combination of Sobol and McGuire teaches the system of claim 1. The combination of Sobol and McGuire further teaches wherein the at least one processing device is configured to: receive one or more limits associated with usage of resources via the masked virtual resource credential (Sobol: par. 0039, In such an embodiment, the system may assign a new credit limit or available funds to the VTC that is less than the credit limit or available fund of the misplaced or lost physical transaction card. The new credit limit or available funds amount that is assigned to the VTC may be set by either the financial institution that maintains the account associated with the VTC or by the user who is the holder of the accounts associated with the VTC.); and link the one or more limits with the masked virtual resource credential (Sobol: par. 0039, In such an embodiment, the system may assign a new credit limit or available funds to the VTC that is less than the credit limit or available fund of the misplaced or lost physical transaction card. The new credit limit or available funds amount that is assigned to the VTC may be set by either the financial institution that maintains the account associated with the VTC or by the user who is the holder of the accounts associated with the VTC []the new credit limit or funds available for the VTC is flexible and may fluctuate based on a transaction type or merchant codes involved in a transaction involving the VTC. For example, if the VTC is used in a transaction involving a grocer, the system may increase the new credit limit or funds available for these types of transactions involving a grocer. As such, the system may use a merchant codes to determine credit available or funds available for the VTC for conducting a transaction with a merchant associated certain merchant codes.). Regarding claim 6, the combination of Sobol and McGuire teaches the system of claim 5. The combination of Sobol and McGuire further discloses, wherein the at least one processing device is configured to determine that the resources associated with the resource interaction meet the one or more limits linked with the masked virtual resource credential while processing the resource interaction (Sobol: par. 0039, the system may use a merchant codes to determine credit available or funds available for the VTC for conducting a transaction with a merchant associated certain merchant codes.). Regarding claim 8, claim 8 is directed to a computer program product for generating masked virtual resource credentials for processing resource interactions, the computer program product comprising a non-transitory computer-readable storage medium having computer executable instructions for causing a computer processor to perform the steps of associated with the system claimed in claim 1; claim 8 is similar in scope to claim 1, and is therefore rejected under similar rationale. Regarding claim 9, claim 9 is similar in scope to claim 2, and is therefore rejected under similar rationale. Regarding claim 12, claim 12 is similar in scope to claim 5, and is therefore rejected under similar rationale. Regarding claim 13, claim 13 is similar in scope to claim 6, and is therefore rejected under similar rationale. Regarding claim 15, claim 15 is directed to a computer implemented method for generating masked virtual resource credentials for processing resource interactions associated with the system claimed in claim 1; claim 15 is similar in scope to claim 1, and is therefore rejected under similar rationale Regarding claim 18, claim 18 is similar in scope to claim 5, and is therefore rejected under similar rationale. Regarding claim 19, claim 19 is similar in scope to claim 6, and is therefore rejected under similar rationale. Claims 3, 10, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Sobol et al. (“Sobol,” US 2015/0186872) in view of McGuire et al. (“McGuire,” US 2011/0307710), further in view of Ball et al. (“Ball,” US 2018/0365682). Regarding claim 3, the combination of Sobol and McGuire teaches the system of claim 1. The combination of Sobol and McGuire teaches displaying a virtual transaction card including card number, expiration date, and branding (Sobol: par. 0041) but does not explicitly wherein the at least one processing device is configured to: generate a passcode to be used with the masked virtual resource credential; link the passcode with the masked virtual resource credential; and display the passcode to the user via the user interface of the entity application. However, in an analogous art, Ball discloses generate a passcode to be used with the masked virtual resource credential (Ball: par. 0131security number 780 is generated from a number of inputs, including the PIN, a random seed pre-stored in the digital/logical payment card 110, the current time, and the preset number pressed (in this case, preset '4'); pars. 0123, 0126). link the passcode with the masked virtual resource credential (Ball: par. 0131,"the user 120 is presented with a screen 840 (FIG. 8) displaying a card extension number 770 and a security number 780... The card extension number 770 is a static, unchanging number assigned to preset '4' of the digital/logical payment card 110 and is mathematically correlated with the card number 208.”; par. 0126); and display the passcode to the user via the user interface of the entity application (Ball: par. 0131, "the user 120 is presented with a screen 840 (FIG. 8) displaying a card extension number 770 and a security number 780 such as a card code verification number (CCV2) "; par. 0127). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ball with the method and system of Sobol and McGuire to include generate a passcode to be used with the masked virtual resource credential; link the passcode with the masked virtual resource credential; and display the passcode to the user via the user interface of the entity application. One would have been motivated to this combination because Ball teaches that displaying a generated security number (CCV2) enables users to complete remote transactions where the physical card is not presented to the vendor (Ball: par. 0123, "A remote transaction... is one where the digital/logical payment card 110 is not physically presented to the vendor 155, such as when making an online purchase or a purchase over the telephone"). Sobol's system provides temporary virtual transaction cards when a user's physical card is "lost," "misplaced," or "misappropriated" (Sobol: par. 0039). In such situations, the user would need to make purchases without a physical card - including remote/online transactions. By incorporating Ball's teaching of generating and displaying a security number (passcode) with the virtual card, Sobol's system would provide users with complete card credentials (card number + security code) necessary to complete both in-person and remote transactions. Regarding claim 10, claim 10 is similar in scope to claim 3, and is therefore rejected under similar rationale. Regarding claim 16, claim 16 is similar in scope to claim 3, and is therefore rejected under similar rationale. Claims 4, 11, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Sobol et al. (“Sobol,” US 2015/0186872) in view of McGuire et al. (“McGuire,” US 2011/0307710), and Ball et al. (“Ball,” US 2018/0365682), and Brown (“Brown,” US 2009/0248581), and further in view of Jabouri et al. (“Jabbour,” US 2014/0156535). Regarding claim 4, the combination of Sobol, McGuire, and Ball teaches the system of claim 3. Sobol, McGuire, and Ball do not explicitly disclose, wherein the at least one processing device is configured to identify initiation of the resource interaction at the third party entity location, based on a prompt from the third party entity system, using the masked virtual resource credential; cause the third party entity system to prompt the user to provide the passcode associated with the masked virtual resource credential; receive the passcode from the third party entity system; and validate the passcode received from the third party entity system while processing the resource interaction. However, in an analogous art, Brown discloses wherein the at least one processing device is configured to identify initiation of the resource interaction at the third party entity location, based on a prompt from the third party entity system, using the masked virtual resource credential (Brown: abstract; par. 0012, A server for the issuing bank logs the merchant locations associated with each use or attempted use; par. 0094); Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Brown with the method and system of Sobol, McGuire, and Ball to include wherein the at least one processing device is configured to identify initiation of the resource interaction at the third party entity location, based on a prompt from the third party entity system, using the masked virtual resource credential. One would have been motivated to provide the decision is made whether to authorize the merchant transaction based on the previous data logged into the database related to the previous merchant transactions for the particular payment card, thus preventing payment card fraud without causing delay and inconvenience to the consumer (Brown: pars. 0015, 0073). Brown does not explicitly disclose “cause the third party entity system to prompt the user to provide the passcode associated with the masked virtual resource credential;” receive the passcode from the third party entity system; and validate the passcode received from the third party entity system while processing the resource interaction. However, in an analogous art, Jabbour discloses cause the third party entity system to prompt the user to provide the passcode (Jabbour: par. 0022, the transaction information (e.g. PIN) required from the cardholder of the payment card 20 is provided to the merchant system 13 using the user interface 104 of the card reader terminal 12 (see FIG. 2)); receive the passcode from the third party entity system (Jabbour: par. 0022, the transaction information (e.g. PIN) required from the cardholder of the payment card 20 is provided to the merchant system 13 using the user interface 104 of the card reader terminal 12 (see FIG. 2)); validate the passcode received from the third party entity system (Jabbour: abstract/Claim 1, receiving an authentication response including response data; and presenting a response to the cardholder based on the response data, the response including information representative of whether the PIN was successfully authenticated or not using the digit subset; pars. 0049, 0066, 0073). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Jabbour with the method and system of Sobol, McGuire, Ball, and Brown to include “cause the third party entity system to prompt the user to provide the passcode associated with the masked virtual resource credential;” receive the passcode from the third party entity system (d) validate the passcode received from the third party entity system while processing the resource interaction. One would have been motivated to provide the system can facilitate card holder present transactions between entities using the PIN request in efficient manner (Jabbour: par. 0009). Regarding claim 11, claim 11 is similar in scope to claim 4, and is therefore rejected under similar rationale. Regarding claim 17, claim 17 is similar in scope to claim 4, and is therefore rejected under similar rationale. Claims 7, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Sobol et al. (“Sobol,” US 2015/0186872) in view of McGuire et al. (“McGuire,” US 2011/0307710), and Carlson (“Carlson,” US 2014/0250009), and further in view of Streete et al. (“Streete,” US 2020/0382500). Regarding claim 7, the combination of Sobol and Streete teaches the system of claim 1. The combination of Sobol and Streete teaches, wherein the at least one processing device is configured to: generate a masked virtual resource credential for a resource pool associated with a user, wherein the user is associated with an entity that is associated with the resource pool; receive a resource interaction from a third party entity system initiated by the user using the masked virtual resource credential at a third party entity location as recited above but does not explicitly disclose “receive a second resource interaction from another third party entity system;” “determine that the another third party entity system meets an exposure criteria;” “transmit a notification associated with the second resource interaction to a user device of the user, via the entity application; “ and “prompt the user to reset the masked virtual resource credential associated with the resource pool of the user.” However, in an analogous art, Carlson discloses receive a second resource interaction from another third party entity system; determine that the another third party entity system meets an exposure criteria (Carlson: par. 0040, It is 4:00 AM and Jack is asleep at his house in Dallas, Tex. The waiter who Jack provided his credit card to earlier in the day has sold the credit card information to a third party, who is now using it in Los Angeles to purchase $354.00 worth of items from a local retailer. Jack's credit card is entered at the Los Angeles retailers location and the pending $354.00 transaction is en route to Jack's financial institution. Before the pending transaction gets to Jack's account, the present invention fraud prevention software located within the financial institution sends an alert to Jack's previously downloaded present invention's smart phone application. The present invention's smart phone application recognizes that Jack is not within the geographical location of the pending $354.00 credit card transaction. The present invention's application will immediately alert Jack's smart phone of the pending transaction. Jack awakens at the alert tone on the present invention's application and discovers that there is a pending transaction for $354.00 in Los Angeles, Calif); determine that the another third party entity system meets an exposure criteria (Carlson: par. 0040, The present invention's smart phone application recognizes that Jack is not within the geographical location of the pending $354.00 credit card transaction. The present invention's application will immediately alert Jack's smart phone of the pending transaction); transmit a notification associated with the second resource interaction to a user device of the user, via the entity application (Carlson: par. 0040, The present invention's smart phone application recognizes that Jack is not within the geographical location of the pending $354.00 credit card transaction, The present invention's application will immediately alert Jack's smart phone of the pending transaction). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Carlson with the method and system of Sobol and McGuire to include “receive a second resource interaction from another third party entity system;” “determine that the another third party entity system meets an exposure criteria;” “transmit a notification associated with the second resource interaction to a user device of the user, via the entity application.” One would have been motivated to provide the server conditionally authorizes a bank card transaction based on the real time distance between the location data and position data, the system is enabled to immediately alert the subscriber about the pending transactions anytime. Hence the subscriber is enabled to immediately approve or decline the pending transaction and block all the bank card transactions. Thus the fraudulent activities and likelihood of unauthorized credit card, debit card or ATM card usage outside the subscriber geographical location are reduced (Carlson: abstract; pars. 0006, 0019). The combination of Sobol, McGuire, and Carlson discloses “generate a masked virtual resource credential for a resource pool associated with a user, declining the transaction and block ALL transactions (Carlson: par. 0040) but does not explicitly disclose “prompt the user to reset the masked virtual resource credential associated with the resource pool of the user.” However, in an analogous art, Streete discloses prompt the user to reset the credential (Streete: par. 0034, Upon receiving notification message 320, provisioning service client 120 may be configured to reset or generate new credential set data (or alternatively, immediately prompt a user to reset the credentials) in accordance to a predefined customer credential security policy) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Streete with the method and system of Sobol, McGuire, and Carlson to include “prompt the user to reset the masked virtual resource credential associated with the resource pool of the user.” One would have been motivated to ensure that the original credential set data values are reset or replaced with credential set data that complies with security policy requirements established by the customer user entity (Streete: pars. 0003, 0024). Regarding claim 14, claim 14 is similar in scope to claim 7, and is therefore rejected under similar rationale. Regarding claim 20, claim 20 is similar in scope to claim 7, and is therefore rejected under similar rationale. Conclusion Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CANH LE whose telephone number is (571)270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham, can be reached at telephone number 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form. /Canh Le/ Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439