Prosecution Insights
Last updated: July 17, 2026
Application No. 18/605,529

VIRTUAL POINT-OF-SALE SYSTEM FOR THE METAVERSE

Non-Final OA §101§103
Filed
Mar 14, 2024
Examiner
ROSEN, NICHOLAS D
Art Unit
3689
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Capital One Services LLC
OA Round
2 (Non-Final)
70%
Grant Probability
Favorable
2-3
OA Rounds
9m
Est. Remaining
93%
With Interview

Examiner Intelligence

Grants 70% — above average
70%
Career Allowance Rate
478 granted / 678 resolved
+18.5% vs TC avg
Strong +22% interview lift
Without
With
+22.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
19 currently pending
Career history
697
Total Applications
across all art units

Statute-Specific Performance

§101
33.9%
-6.1% vs TC avg
§103
48.6%
+8.6% vs TC avg
§102
1.5%
-38.5% vs TC avg
§112
9.6%
-30.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 678 resolved cases

Office Action

§101 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-13 and 15-20 have been examined. Claim Language Issues These do not rise to actual objections, but Examiner has noted possible issues with the claim language, which Applicant may wish to amend. “Data” is a plural form, at least in Latin, so, in the tenth line of claim 1, “a user virtual authentication data” sounds clumsy, and might be changed to “user virtual authentication data”, or to “a set [or item] of user virtual authentication data”. Likewise, in the thirteenth and fourteenth lines of claim 1, “at least one stored user authentication data” might be changed to “at least one set [or item] of stored user authentication data”, or simply to “stored user authentication data”. Similarly, claim 9 recites “a user virtual authentication data” in the sixth line, and “at least one stored user authentication data” in the twelfth and thirteenth lines. Claim 15, in turn, recites “a user virtual authentication data” in the fifth line, and “at least one stored user authentication data” in the twelfth line. Similar issues arise with regard to “at least one personal identification data” in claims 4 and 5, claims 11 and 12, and claims 19 and 20. Claim Objections Claims 19 and 20 are objected to because of the following informalities: In the third line of claim 19, “the at least one personal identification data includes” should be “and wherein the at least one personal identification data includes” or “the at least one personal identification data including”. Appropriate correction is required Claim Interpretation Claim 1 recites, “a request to execute a virtual transaction with a virtual computing device communicating in a virtual computing system”, and similar language is found in independent claims 9 and 15. There is some ambiguity in this language, because a virtual computing device could mean a device used for virtual reality, or a computer interacting with such a device used for virtual reality; it could also mean a computing device that is not actually present in the form it appears to be, with computing operations actually performed in the cloud, for example. Based on the instant specification, which makes numerous references to virtual reality, the virtual computing device appears most likely to be intended as a device used for virtual reality, or a computer interacting with such a device used for virtual reality, and similarly with the virtual computing system. However, in accordance with the principle of giving claims being examined their broadest reasonable interpretation, the claims are taken for examination purposes as potentially reading both on this more likely kind of virtual computing device/system, and also on computing devices/systems which are themselves “virtual”, even if not used for virtual reality. This also applies to other elements described as “virtual”, such as, without limitation, the “virtual point-of-sale terminal” and “virtual gaming terminal” of claim 2. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, 3ay obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-13 and 15-20 are rejected under 35 U.S.C. 101 because they are directed to an abstract idea (judicial exception), without significantly more. First, it is determined that the claims are directed to a statutory category of invention. See MPEP 2106.03 (II). In the instant case, claims 1-8 are directed to a method, and therefore fall within the statutory category of process. Claims 9-14 are directed to a system comprising at least one processor, and therefore fall within the statutory category of machine. Claims 15-20 are directed to a computer program product comprising a non-transitory machine readable medium storing instructions, and therefore fall within the statutory category of article of manufacture. Therefore, claims 1-20 are directed to statutory subject matter under Step 1 of the Alice/Mayo test (Step 1: YES). The claims are then analyzed to determine whether the claims are directed to a judicial exception. See MPEP 2106.04. The claims are analyzed to evaluate whether they recite a judicial exception (Step 2A, Prong One) as well as analyzed to evaluate whether the claims recite additional elements that integrate the judicial exception into a practical application of the judicial exception (Step 2A, Prong Two). See MPEP 2106.04. First applying Step 2A, Prong One: Claim 1 is directed to commercial interactions, a form of abstract idea in the field of certain methods of organizing human activity, and in particular recites, “executing the virtual transaction using the virtual computing device”. Claim 9 is largely parallel to claim 1, likewise directed to commercial interactions, and recites storing instructions that, when executed by the at least one processor, cause the at least one processor to perform operations including: “executing the virtual transaction using the virtual computing device”. Claim 15 is largely parallel to claim 1, likewise directed to commercial interactions, and recites a non-transitory machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations comprising: “executing, based on the execution of the authentication, the virtual transaction using the virtual computing device”. (There is additional language regarding a virtual object, that does not remove claim 15 from commercial interactions.) (Step 2A, Prong One: YES) Proceeding to Step 2A, Prong Two, the instant claims (claims 1-20) do not recite any of the specific limitations that are indicative of integration into a practical application, and do not otherwise apply or use the judicial exception in some meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claims as a whole are more than a drafting effort designed to monopolize the exception. (Step 2A, Prong Two: NO) Next, under Step 2B of the Alice/Mayo test, the claims are analyzed to determine whether there are additional claim limitations that individually, or as an ordered combination, ensure that the claim amounts to significantly more than the abstract idea. See MPEP 2106.05. The instant claims do not include additional elements that are sufficient to amount to significantly more than the abstract idea for at least the following reasons: The instant claims do not recite any of the specific limitations that are indicative of integration into a practical application, and do not otherwise apply or use the judicial exception in some meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claims as a whole are more than a drafting effort designed to monopolize the exception. Furthermore, the instant claims do not add a specific limitation other than what is well-understood, routine, and conventional in the art. Specifically, claim 1 refers to using at least one processor. Avidan et al (U.S. Patent Application Publication 2017/0193592) discloses (paragraph 25, emphasis added), “Although not illustrated, it should be appreciated that the ecommerce server 110, the merchant computer 120, and the customer computer 130 each include conventional components, such as a processor and a memory medium storing computer-readable instructions that are executable by the processor to perform various operations including those described herein.” Hence, the recited processor requires only well-understood, routine, and conventional technology. The courts have recognized the following computer functions as well-understood, routine and conventional functions when they are claimed in a merely generic manner (e.g., at a high level of generality) or as insignificant extra-solution activity: Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090,1093 (Fed. Cir. 2015) sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network). Hence, the two “receiving” steps of claim 1 need involve only the use of well-understood, routine, and conventional functions and technology, and similarly with the new language, “transmitting the request to a server that stores data associated with the at least one virtual object”. The authenticating and comparing steps, and the operations of determining a match, executing the virtual transaction, and preventing execution of the virtual transaction, are not in themselves technological. The courts have recognized storing and retrieving information in memory as well-understood, routine, and conventional functions, in Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d at 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1363, 115 USPQ2d at 1092-93 (Fed. Cir. 2015). Therefore, the operation of “comparing the received user virtual authentication data with at least one stored received user authentication data, the at least one stored received user authentication data being stored in a storage location communicatively coupled to the virtual computing system” requires only well-understood, routine, and conventional functions and technology. The same applies to the new language, “transmitting the request to a server that stores data associated with the at least one virtual object” and “update the data to indicate”. The limitations of claim 1, whether considered separately or in combination, do not raise the claimed method to significantly more than an abstract idea. Furthermore, the limitations of dependent claims 2 through 8, whether considered separately or in combination with each other and with the limitations of claim 1, do not raise the claimed method to significantly more than an abstract idea. Specifically with regard to claim 5, Maes et al. (U.S. Patent 6,016,476) discloses (column 5, lines 54-63, emphasis added), “A biometric sensor 40 of any conventional type may also be provided for collecting biometric data (other than voice data, which is received by microphone 18) such as a finger, thumb or palm print, a handwriting sample, a retinal vascular pattern, or a combination thereof, to provide biometric verification as an alternative to, or in addition to, voice biometric verification. The data is then processed by the biometric processor module 22 to provide user verification (i.e., biometric security) prior to accessing the financial and personal information stored in memory 14.” The limitations of claim 4, from which claim 5 depends, need not be significantly technological. Hence, biometric data for personal identification was well-understood, routine and conventional more than twenty years before inventors’ filing date, and only well-understood, routine and conventional technology would be needed to implement the limitation of claim 5. The limitation of claim 5, whether considered separately or in combination with the limitations of claim 1 and claim 4, does not raise the claimed method to significantly more than an abstract idea. Specifically with regard to claim 8, the receiving operation of claim 8 need involve only the use of well-understood, routine, and conventional functions and technology, based on court precedents, as cited above with regard to claim 1. The operations of claims 6 and 7, from which claim 8 depends, are not in themselves significantly technological. The limitations of claims 6, 7, and 8, whether considered separately or in combination with each other and with the limitations of claim 1, do not raise the claimed method to significantly more than an abstract idea. (Claims 1-8: Step 2B: NO) Specifically, claim 9 recites at least one processor, and at least one non-transitory storage medium storing instructions, that when executed by the at least one processor, cause the at least one processor to perform operations corresponding essentially, although not word-for-word, to the steps of method claim 1. Avidan et al (U.S. Patent Application Publication 2017/0193592) discloses (paragraph 25, emphasis added), “Although not illustrated, it should be appreciated that the ecommerce server 110, the merchant computer 120, and the customer computer 130 each include conventional components, such as a processor and a memory medium storing computer-readable instructions that are executable by the processor to perform various operations including those described herein. The computer-readable instructions can be stored on non-transitory computer-readable storage media of a conventional type, whether devices and/or materials.” Hence, the recited processor and at least one non-transitory storage media require only well-understood, routine, and conventional technology. The receiving and transmitting operations of claim 9 need involve only the use of well-understood, routine, and conventional functions and technology, based on court precedents as cited above with regard to claim 1 (receiving or transmitting data over a network). The comparing and authenticating steps, and the operations of determining a match, executing the virtual transaction, and preventing execution of the virtual transaction, are not in themselves technological. The operation of “comparing the received user virtual authentication data with at least one stored received user authentication data, the at least one stored received user authentication data being stored in a storage location communicatively coupled to the virtual computing system” requires only well-understood, routine, and conventional functions and technology, as cited with regard to claim 1 above (regarding storing and retrieving information in memory), and the same applies to “update the data to indicate the virtual object is now associated with the user and no longer associated with the virtual computing device”. The limitations of claim 9, whether considered separately or in combination, do not raise the claimed system to significantly more than an abstract idea. Furthermore, the limitations of dependent claims 10 through 13, whether considered separately or in combination with each other and with the limitations of claim 9, do not raise the claimed system to significantly more than an abstract idea. Specifically with regard to claim 12, Maes et al. (U.S. Patent 6,016,476) discloses (column 5, lines 54-63, emphasis added), “A biometric sensor 40 of any conventional type may also be provided for collecting biometric data (other than voice data, which is received by microphone 18) such as a finger, thumb or palm print, a handwriting sample, a retinal vascular pattern, or a combination thereof, to provide biometric verification as an alternative to, or in addition to, voice biometric verification. The data is then processed by the biometric processor module 22 to provide user verification (i.e., biometric security) prior to accessing the financial and personal information stored in memory 14.” The limitations of claim 11, from which claim 12 depends, need not be significantly technological. Hence, biometric data for personal identification was well-understood, routine and conventional more than twenty years before inventors’ filing date, and only well-understood, routine and conventional technology would be needed to implement the limitation of claim 12. The limitation of claim 12, whether considered separately or in combination with the limitations of claim 9 and claim 11, does not raise the claimed system to significantly more than an abstract idea. Specifically with regard to claim 13, the receiving operation need involve only the use of well-understood, routine, and conventional functions and technology, based on court precedents, as cited above with regard to claim 1 (receiving or transmitting data over a network). The authenticating of the user, recited in claim 13, need not be in itself technological. Hence, the limitations of claim 13, whether considered separately or in combination with each other and with the limitations of claim 9, do not raise the claimed system to significantly more than an abstract idea. (Claims 9-13: Step 2B: NO) Specifically, claim 15 recites a non-transitory machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations corresponding essentially, although not word-for-word, to the steps of method claim 1. Avidan et al (U.S. Patent Application Publication 2017/0193592) discloses (paragraph 25, emphasis added), “Although not illustrated, it should be appreciated that the ecommerce server 110, the merchant computer 120, and the customer computer 130 each include conventional components, such as a processor and a memory medium storing computer-readable instructions that are executable by the processor to perform various operations including those described herein. The computer-readable instructions can be stored on non-transitory computer-readable storage media of a conventional type, whether devices and/or materials.” Hence, the recited non-transitory machine-readable medium and at least one programmable processor require only well-understood, routine, and conventional technology. The receiving and transmitting operations of claim 17 need involve only the use of well-understood, routine, and conventional functions and technology, based on court precedents as cited above with regard to claim 1 (receiving or transmitting data over a network). The comparing and executing steps are not in themselves technological. The operation of “comparing the received user virtual authentication data with at least one stored received user authentication data, the at least one stored received user authentication data being stored in a storage location communicatively coupled to the virtual computing system” requires only well-understood, routine, and conventional functions and technology, as cited with regard to claim 1 above (regarding storing and retrieving information in memory). The limitations of claim 17, whether considered separately or in combination, do not raise the claimed system to significantly more than an abstract idea. Furthermore, the limitations of dependent claims 16 through 20, whether considered separately or in combination with each other and with the limitations of claim 15, do not raise the claimed system to significantly more than an abstract idea. Specifically with regard to claim 20, which depends from claim 19, Maes et al. (U.S. Patent 6,016,476) discloses (column 5, lines 54-63, emphasis added), “A biometric sensor 40 of any conventional type may also be provided for collecting biometric data (other than voice data, which is received by microphone 18) such as a finger, thumb or palm print, a handwriting sample, a retinal vascular pattern, or a combination thereof, to provide biometric verification as an alternative to, or in addition to, voice biometric verification. The data is then processed by the biometric processor module 22 to provide user verification (i.e., biometric security) prior to accessing the financial and personal information stored in memory 14.” The limitations of claim 19, from which claim 20 depends, need not be significantly technological. Hence, biometric data for personal identification was well-understood, routine and conventional more than twenty years before inventors’ filing date, and only well-understood, routine and conventional technology would be needed to implement the limitation of claim 20. The limitation of claim 20, whether considered separately or in combination with the limitations of claim 15 and claim 19, does not raise the claimed system to significantly more than an abstract idea. (Claims 15-20: Step 2B: NO) Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1, 2, 3, 4, 5, 6, 7, and 8 are rejected under 35 U.S.C. 103 as being unpatentable over May et al. (U.S. Patent Application Publication 2022/0188833) in view of Watson et al. (U.S. Patent Application Publication 2020/0028843), Rice (U.S. Patent Application Publication 2021/0279695), and Nickerson et al. (U.S. Patent 10,007,948). As per claim 1, May discloses a computer-implemented method, comprising: receiving, using at least one processor, a request to execute a virtual transaction with a virtual computing device communicating in a virtual computing system, the virtual transaction being requested by a user using a user device communicating with the virtual computing system (paragraph 79, emphasis added): “At 414, a transaction request is received that is associated with the provided access to the subset of content. In some examples, the transaction request is initiated by the user of the XR system via the user interface of the XR system and based on a portion of the XR system provided to the user (e.g., the user selects DLC of a virtual game they want to purchase or the user selects a product they want to purchase based on AR content that is displayed to them when looking at the product at a store). Additionally, or alternatively, the received transaction request may be initiated based on the user responding to a prompt by which the user agrees to make the purchase or the user may select the content to be purchased within the interface of the XR system.” For a processor, see Figure 8, described in paragraph 106. Further, May discloses (paragraph 109, emphasis added), “According to an embodiment, the computing apparatus 818 is configured by the program code when executed by the processor 819 to execute the embodiments of the operations and functionality described.” It is thus at least obvious for what is done in the system and method of May to be done using the at least one processor (including the authenticating set forth below). For the user’s user device communicating with a virtual computing system, see Figure 1 of May; further, May discloses (paragraph 17, emphasis added): “In some examples, the user 106 wears or interacts with the XR system 100 using the XR device 102 via the user interface 110 of the XR device 102 . . . . The XR profile module 104 is further configured to communicate and/or interact with a payment network 130 via a transaction interface 124 to enable the user to initiate and process payments and/or associated transactions via the XR system 100.” May also discloses (paragraph 45, emphasis added): “The XR profile module 104 is further configured to initiate and/or otherwise facilitate transactions and payments associated with the user 106’s use of the XR device 102 via the transaction interface 124.” May further discloses authenticating, using the at least one processor, in response to receiving the request to execute the virtual transaction, the user in the virtual computer system, the authenticating including: receiving, by the virtual computer device, in response to a request from the virtual computer system, a user virtual authentication data transmitted to the virtual computer system; comparing the received user virtual authentication data with at least one stored user authentication data, the at least one stored user authentication data being stored in a storage location communicatively coupled to the virtual computer system (paragraph 96, emphasis added), “At 610, a transaction request associated with the product-based VR content is received and, at 612, a second set of biometric data of the user is collected based on the received transaction request. In some examples, 610 and 612 are performed in substantially the same way as 510 and 512 of method 500 described above. Additionally, or alternatively, the collection of the second set of biometric data may be based on specific aspects of the VR system, as with the collection of the first set of biometric data.” May continues (paragraph 97, emphasis added), “At 614, the association between the second set of biometric data and the user profile is verified and, based on the successful verification, a transaction based on the transaction request, a payment account identifier, and the second set of biometric data is initiated at 616.” Paragraphs 96 and 97 should be read in light of paragraphs 89-91 and 93-95. Also, May discloses (paragraph 45, emphasis added), “Alternatively, secured versions of the biometric data (e.g., biometric token data as described below) may be provided to a transaction processing entity when requesting transactions to enable the entity to authenticate the user’s identity (e.g., some transaction processing entities may require such processes to authenticate the user). For instance, a biometric key based on the biometric data 108 may be passed to the transaction processing entity and the transaction processing entity may be configured to compare the biometric key to a previously registered biometric key in order to authenticate the user’s identity.” The “previously registered biometric key” implies storage in a storage location communicatively coupled to a computer of the transaction processing entity. May does not clearly disclose the user virtual authentication data being generated by the user device. However, Watson teaches generation of biometric data used for authentication by a user device (paragraphs 41, 44, and 46). Watson (paragraph 41, emphasis added) teaches, “In this illustrative example, sensor system 128 comprises sensors in virtual reality headset 120. Biometric data 134 identified from user 120 performing a motion is sent to server computer 104. Server computer 104 compares biometric data 134 to stored biometric data 132 in motion action models 133. If a sufficient match is present between biometric data 130 and stored biometric data 132 for the motion performed by user 124, user 124 is authenticated and provided access to the requested computer resource.” Watson (paragraph 44, emphasis added) further teaches, “As another example, user 126 may request access to a computer resource. In a similar fashion, user 126 performs a motion in which biometric data 130 is generated by sensor system 128 from the motion performed by user 126. In this illustrative example, sensor system 128 includes sensors in smart glasses 122. If biometric data 130 is sufficiently close to stored biometric data 132 for the motion performed by user 126, access to the computer resource is provided.” Watson (paragraph 46, emphasis added) further teaches, “As another example, sensors in smart glasses 122 worn by user 126 can be used to detect motion of user 124 and generate biometric data 130. In this illustrative example, smart glasses 122 sends biometric data 130 to server computer 104 in place of virtual reality headset 120 as depicted in FIG. 1.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing for the user virtual authentication data to be generated by the user device, for at least the obvious advantage, as in Watson, of generating biometric data as authentication data by a user device present and in position to generate such biometric data. Yet further, Watson, as quoted in the preceding paragraph of the present Office Action, is entirely explicit about stored user authentication data being stored. May discloses upon determining a match between the received user virtual authentication data and the at least one stored user authentication data, authenticating the user in the virtual computing system and executing the virtual transaction using the virtual computing device (paragraph 97, emphasis added), “At 614, the association between the second set of biometric data and the user profile is verified and, based on the successful verification, a transaction based on the transaction request, a payment account identifier, and the second set of biometric data is initiated at 616.” May also discloses (paragraph 4, emphasis added), “Based on verifying that the second biometric token is associated with the user profile, a transaction is initiated based on the transaction request, the transaction including the payment account identifier and the second biometric token, whereby a transaction processing entity with which the transaction is initiated is configured to authenticate an identity of the user based on the second biometric token and to cause a transaction amount to be paid from the payment account.” May further discloses executing transactions in paragraph 45, and discloses involvement and use of the user’s virtual computing device “the XR device 102” (paragraph 45, emphasis added), “The XR profile module 104 is further configured to initiate and/or otherwise facilitate transactions and payments associated with the user 106’s use of the XR device 102 via the transaction interface 124. . . The XR profile module 104 may be configured to receive a transaction request from the XR device 102 and, as a result of the transaction request, the XR profile module 104 may initiate or otherwise facilitate the requested transaction via the transaction interface 124 through communications with the payment network 130.” May refers to virtual objects (in paragraph 93, and further in paragraph 101, quoted with emphasis added): “For instance, an MR system may go a step past AR systems toward being more immersive, such that a user is enabled to interact in real-time with virtual objects that are placed within the real world. These virtual objects may respond and react as if they were actual objects.” May does not disclose procuring at least one virtual object of the virtual transaction by transmitting the request to a server that stores data associated with the at least one virtual object and update the data to indicate the virtual object is now associated with the user and no longer associated with the virtual computing device. However, Rice first defines a virtual goods object or “VGO” (paragraph 36, emphasis added), “As referred to herein, a ‘virtual goods object’ (or ‘VGO’) is a two-dimensional or three-dimensional object that is rendered, displayed, and/or interacted with in a 3D environment such as, by way of non-limiting example, a 3D space, scene, browser, application, viewer, and/or interface, but which two-dimensional or three-dimensional object is linked to, or associated with, a real-world object, asset, or item, and can be redeemed to take ownership of the same. Any VGO described herein may be rendered, displayed, and/or interacted with by Augmented Reality technology, Virtual Reality technology, or any hybrid of Augmented and Virtual Reality technology.” Rice further teaches procuring virtual objects by interacting with a server that stores data associated with the virtual objects to indicate that a purchased virtual object is now associated with/owned by a user/purchaser, and by implication no longer associated with the previous owner and corresponding computing device (paragraph 65, emphasis added), “By way of non-limiting example, the user may discover and collect a 3D VGO in AR, VR, or VW, buy it from an online store or marketplace, receive it in a trade/buy/sell transaction with another user, or redeem a promo code, offer, credit, or voucher to acquire the rights to the VGO or NFT. The client application of the present innovation then notifies a system server that the user has acquired the object, at which time, the server then updates the file or blockchain record of the corresponding NFT’s properties and designates the user as the owner of the NFT.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing to procure at least one virtual object of the virtual transaction by transmitting the request to a server that stores data associated with the at least one virtual object and update the data to indicate the virtual object is now associated with the user and no longer associated with the virtual computing device, for at least the obvious advantage of maintaining accurate ownership records, enabling ownership to be established, and preventing a former owner of a virtual object from selling it again to a new and naïve buyer. May is suggestive of preventing a transaction (paragraph 45, emphasis added), “If this verification is successful, the process proceeds to 422, but if the verification fails, the XR system may prompt the user that the requested transaction cannot be performed.” This is not fully on point and explicit, but Nickerson teaches (column 12, lines 47-57, emphasis added), “In some embodiments, the service provider 110 may compare the second user input data against stored authentication data to determine if the authenticating gesture input at computing device 120 is within a predetermined threshold level of similarity to a stored authenticating gesture. In some embodiments, the service provider 110 may prevent the execution of a purchase transaction if the authenticating gesture is not determined to be within a predetermined threshold level of similarity to the stored authenticating gesture.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing, upon failing to determine a match between the received user virtual authentication data and the at least one stored user authentication data, to prevent execution of the virtual transaction using the virtual computing device, for at least the obvious advantage of not providing something of value to a fraudster impersonating a legitimate user. As per claim 2, May discloses that the virtual computing device includes at least a virtual gaming terminal (paragraph 67, emphasis added), “For instance, a user may access a VR game on the system 300 based on the user’s profile having access to the game.” Yet further, May discloses (paragraph 67, emphasis added), “With a VR system, users may be completely immersed in a computer-generated reality that is used for gaming, entertainment, or other uses.” For the system being a virtual device, see Claim Interpretation section above. As per claim 3, May discloses that the virtual transaction can include at least a virtual purchase transaction (paragraph 79, emphasis added), “At 414, a transaction request is received that is associated with the provided access to the subset of content. In some examples, the transaction request is initiated by the user of the XR system via the user interface of the XR system and based on a portion of the XR content that is being provided to the user (e.g., the user selects DLC of a virtual game they want to purchase or the user selects a product they want to purchase based on AR content that is displayed to them when looking at the product in a store). Additionally, or alternatively, the received transaction request may be initiated based on the user responding to a prompt by which the user agrees to make the purchase or the user may select the product to be purchased within the interface of the XR system, such that the transaction request is automatically initiated without further interaction from the user.” May also discloses that the virtual transaction can include at least a virtual gaming transaction (paragraph 67, emphasis added), “During use of the VR game, when the user attempts to make an associated purchase with the payment account associated with the user profile 314, the system matches the user’s biometric data 308 to the payment key data 346 of the user profile 314 based on, for instance, the user’s height, the user’s gait, the user’s retina, and a hand gesture made by the user when selecting to initiate the purchase.” For the transactions being virtual transactions, see Claim Interpretation section above. As per claim 4, as set forth above with regard to claim 1, it would have been obvious for the user virtual authentication data to be generated by the user device, based on the disclosure of Watson. Watson further teaches the user virtual authentication data being based on at least one personal identification data, wherein the at least one personal identification data includes at least one of the following: data associated with the user, data generated by the user device based on at least one action performed by the user, data generated by the user device based on at least one action performed by the user device, and any combination thereof (paragraph 44, emphasis added) “As another example, user 126 may request access to a computer resource. In a similar fashion, user 126 performs a motion in which biometric data 130 is generated by sensor system 128 from the motion performed by user 126. In this illustrative example, sensor system 128 includes sensors in smart glasses 122. If biometric data 130 is sufficiently close to stored biometric data 132 for the motion performed by user 126, access to the computer resource is provided.” This qualifies at least as data associated with the user, and data generated by the user device based on at least one action performed by the user. Watson further teaches (paragraph 46, emphasis added), “As another example, sensors in smart glasses 122 worn by user 126 can be used to detect motion of user 124 and generate biometric data 130. In this illustrative example, smart glasses 122 sends biometric data 130 to server computer 104 in place of virtual reality headset 120 as depicted in FIG. 1.” Also, May discloses, e.g., (paragraph 90, emphasis added), “The second set of biometric data may include motion data or other data gathered when the user performs gestures or head motions as well, such that the request for the transaction and the second set of biometric data of the user may be combined with respect to interactions between the user and the AR system.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing for the user virtual authentication data to be generated by the user device based on at least one personal identification data, wherein the at least one personal identification data includes at least one of the following: data associated with the user, data generated by the user device based on at least one action performed by the user, data generated by the user device based on at least one action performed by the user device, and any combination thereof, for at least the obvious advantage of providing personal identification in a way or ways that can readily distinguish a legitimate user from a would-be fraudster who does not know the proper motions to perform, or who is physically different enough from the legitimate user that his attempts to perform those motions would not be accepted as authentic. As per claim 5, May, as quoted above with respect to claim 4, discloses the user performing gestures or head motions [movements]; and Watson, as quoted above with respect to claim 4, discloses at least one movement performed by the user, and at least one biometric data associated with the user, so claim 5 would likewise have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing, also for at least the obvious advantage of providing personal identification in a way or ways that can readily distinguish a legitimate user from a would-be fraudster who does not know the proper motions to perform, or who is physically different enough from the legitimate user that his attempts to perform those motions would not be accepted as authentic. As per claim 6, May refers to virtual objects (in paragraph 93, and further in paragraph 101, quoted with emphasis added): “For instance, an MR system may go a step past AR systems toward being more immersive, such that a user is enabled to interact in real-time with virtual objects that are placed within the real world. These virtual objects may respond and reach as if they were actual objects.” May does not expressly disclose that the virtual transaction is associated with at least one virtual object existing in the virtual computing system. However, Rice teaches (paragraph 92, emphasis added), “Each action, transaction or activity related to an individual virtual object or multiple virtual objects, which include but are not limited to, generation, discovery, acquisition, sharing, trading, redemption, or change in object properties, location, ownership, or use can be recorded on one or more blockchains as well as updated in one or more databases or other storage medium, such storage medium including but not limited to one or more crypto wallets.” Paragraph 115 of Rice is also relevant, and Rice teaches (paragraph 124, emphasis added), “In a non-limiting example, in addition to finding and discovering virtual objects that are enabled as virtual goods, the user may acquire them through purchasing them through a marketplace that provides direct purchasing of virtual objects and virtual goods, or real-world merchandise. When directly purchasing virtual goods, ownership is transferred to the user, and they may exchange, activate, redeem, or convert the object in the future for real-world goods, transfer, trade, or sell to another user.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing for the virtual transaction to be associated with at least one virtual object existing in the virtual computing system, for at least the obvious advantage, in accordance with Rice, of enabling users to buy or sell desired virtual objects. As per claim 7, May and Rice as quoted above with regard to claim 6 are relevant. Rice further teaches (paragraph 115, emphasis added), “Virtual objects and virtual goods objects may be acquired through a purchase from a marketplace; discoverable and acquired through using an augmented reality application or application used to access or display a 3D environment or world (these 3D worlds may or may not be virtual reality enabled); or received as part of a sale or trade transaction between two or more individuals; or received as a gift or reward for some other activity (such as ‘checking in’ to a location, solving a puzzle or completing one or more tasks, completing some other transaction (like a purchase at a store or e-commerce), or as a prize in a contest.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing for the request to execute the transaction to include procuring the at least one virtual object, for at least the obvious advantage of enabling a user to acquire a virtual object through a purchase, as taught by Rice; the transaction would presumably have little purpose if nothing were acquired thereby. As per claim 8, May discloses authenticating of the user and determining that a user has been authenticated (paragraphs 96 and 97, quoted above with respect to claim 1). May does not expressly disclose transmitting a result of the authenticating to the at least one server, the result including a determination whether the user has been authenticated. However, Rice teaches communication with servers to authenticate user identity, inter alia (paragraph 179, emphasis added), “Each local node communicates with other nearby geolocated nodes, sharing information, backing up data, validating users, activity, mapping, and transactions, as well as communicating certain data to remote servers. Any node can communicate with other nodes or servers to authenticate user identity, transaction history, activity, and virtual object or virtual goods ownership.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing to transmit a result of the authentication to at least one server, the result including a determination whether the user has been authenticated, for at least the obvious advantage of enabling the server to determine whether the user is who he claims to be, and should therefore be allowed to access information or opportunities. Further, May discloses access to content based on user identification, and enabling a user to search a virtual store, implying procuring/purchasing (paragraph 95, emphasis added), “At 606, a user profile is identified based on the first set of biometric data and access to product-based VR content is provided based on the identified user profile. . . . Additionally, or alternatively, the product-based VR content may be adapted to take advantage of aspects specific to the VR system, such as content that includes a virtual store environment that enables a user to search a virtual store, find products, and view product information of products, including price information, product review information, or the like.” May further discloses purchasing items (paragraph 50, emphasis added), “Once authentication is established, the user can purchase experiences or items. In this manner, the system facilitates payments in XR systems through behavioral biometric identification, AI learning personal assistant, natural language processing and the learning manager.” Yet further, May discloses (paragraph 97, emphasis added), “At 614, the association between the second set of biometric data and the user profile is verified and, based on the successful verification, a transaction based on the transaction request, a payment account identifier, and the second set of biometric data is initiated at 616. Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing to receive, by the virtual computing system, from the at least one server, an authorization to procure the at least one virtual object upon determining that the user has been authenticated, for such obvious advantages as assuring that a user is who he claims to be, and has made or will make payment for the procured virtual object. Claims 9, 10, 11, 12, and 13 are rejected under 35 U.S.C. 103 as being unpatentable over May et al. (U.S. Patent Application Publication 2022/0188833) in view of Watson et al. (U.S. Patent Application Publication 2020/0028843), Rice (U.S. Patent Application Publication 2021/0279695), and Nickerson et al. (U.S. Patent 10,007,948). As per claim 9, May discloses a processor, as shown in Figure 8 and described in paragraph 106. Further, May discloses (paragraph 109, emphasis added), “According to an embodiment, the computing apparatus 818 is configured by the program code when executed by the processor 819 to execute the embodiments of the operations and functionality described.” May likewise discloses at least one non-transitory storage medium storing instructions that, when executed by at least one processor, cause the at least one processor to perform operations (paragraph 117, emphasis added), “One or more non-transitory computer storage media have computer-executable instructions for enabling processing of transactions from within an extended reality (XR) system using behavioral biometrics that, upon execution by a processor, cause the processor to at least: detect a user using the XR system; automatically collect a first set of biometric data of the user using the XR system based on the user being detected; the first set of biometric data including biometric data of at least one behavioral biometric data type; transform the first set of biometric data of the user into a first biometric token; identify a user profile based on the first biometric token, wherein the user profile is associated with a subset of content and a payment account identifier of a payment account; provide access to the subset of content to the user via the XR system based on the identified user profile; receive a transaction request associated with the provided access to the subset of content; based on the received transaction request, automatically collect a second set of biometric data of the user using the XR system, the second set of biometric data including biometric data of at least one behavioral biometric data type; transform the second set of biometric data of the user into a second biometric token; verify that the second biometric token is associated with the user profile; and based on verifying that the second biometric token is associated with the user profile, initiate a transaction based on the transaction request, the payment account identifier, and the second biometric token, whereby an identity of the user is authenticated based on the second biometric token and a transaction processing entity with which the transaction is initiated is configured to cause a transaction amount to be paid from the payment account based on the authentication of the identity of the user.” May discloses receiving, by a virtual computer device, a user virtual authentication data representing a user, the user using a user device, communicating with a virtual computing system including the virtual computer device, to transmit a request to execute a virtual transaction associated with at least one virtual object in the virtual computer system; comparing the received user virtual authentication data with at least one stored user authentication data, the at least one stored user authentication data being stored in a storage location communicatively coupled to the virtual computer system (paragraph 96, emphasis added), “At 610, a transaction request associated with the product-based VR content is received and, at 612, a second set of biometric data of the user is collected based on the received transaction request. In some examples, 610 and 612 are performed in substantially the same way as 510 and 512 of method 500 described above. Additionally, or alternatively, the collection of the second set of biometric data may be based on specific aspects of the VR system, as with the collection of the first set of biometric data.” May continues (paragraph 97, emphasis added), “At 614, the association between the second set of biometric data and the user profile is verified and, based on the successful verification, a transaction based on the transaction request, a payment account identifier, and the second set of biometric data is initiated at 616.” Paragraphs 96 and 97 should be read in light of paragraphs 89-91 and 93-95. Also, May discloses (paragraph 45, emphasis added), “Alternatively, secured versions of the biometric data (e.g., biometric token data as described below) may be provided to a transaction processing entity when requesting transactions to enable the entity to authenticate the user’s identity (e.g., some transaction processing entities may require such processes to authenticate the user). For instance, a biometric key based on the biometric data 108 may be passed to the transaction processing entity and the transaction processing entity may be configured to compare the biometric key to a previously registered biometric key in order to authenticate the user’s identity.” The “previously registered biometric key” implies storage in a storage location communicatively coupled to a computer of the transaction processing entity. May does not clearly disclose the user virtual authentication data being generated by the user device. However, Watson teaches generation of biometric data used for authentication by a user device (paragraphs 41, 44, and 46). Watson (paragraph 41, emphasis added) teaches, “In this illustrative example, sensor system 128 comprises sensors in virtual reality headset 120. Biometric data 134 identified from user 120 performing a motion is sent to server computer 104. Server computer 104 compares biometric data 134 to stored biometric data 132 in motion action models 133. If a sufficient match is present between biometric data 130 and stored biometric data 132 for the motion performed by user 124, user 124 is authenticated and provided access to the requested computer resource.” Watson (paragraph 44, emphasis added) further teaches, “As another example, user 126 may request access to a computer resource. In a similar fashion, user 126 performs a motion in which biometric data 130 is generated by sensor system 128 from the motion performed by user 126. In this illustrative example, sensor system 128 includes sensors in smart glasses 122. If biometric data 130 is sufficiently close to stored biometric data 132 for the motion performed by user 126, access to the computer resource is provided.” Watson (paragraph 46, emphasis added) further teaches, “As another example, sensors in smart glasses 122 worn by user 126 can be used to detect motion of user 124 and generate biometric data 130. In this illustrative example, smart glasses 122 sends biometric data 130 to server computer 104 in place of virtual reality headset 120 as depicted in FIG. 1.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing for the user virtual authentication data to be generated by the user device, for at least the obvious advantage, as in Watson, of generating biometric data as authentication data by a user device present and in position to generate such biometric data. Yet further, Watson, as quoted in the preceding paragraph of the present Office Action, is entirely explicit about stored user authentication data being stored. May discloses upon determining a match between the received user virtual authentication data and the at least one stored user authentication data, authenticating the user in the virtual computing system and executing the virtual transaction using the virtual computing device (paragraph 97, emphasis added), “At 614, the association between the second set of biometric data and the user profile is verified and, based on the successful verification, a transaction based on the transaction request, a payment account identifier, and the second set of biometric data is initiated at 616.” May also discloses (paragraph 4, emphasis added), “Based on verifying that the second biometric token is associated with the user profile, a transaction is initiated based on the transaction request, the transaction including the payment account identifier and the second biometric token, whereby a transaction processing entity with which the transaction is initiated is configured to authenticate an identity of the user based on the second biometric token and to cause a transaction amount to be paid from the payment account.” May further discloses executing transactions in paragraph 45, and discloses involvement and use of the user’s virtual computing device “the XR device 102” (paragraph 45, emphasis added), “The XR profile module 104 is further configured to initiate and/or otherwise facilitate transactions and payments associated with the user 106’s use of the XR device 102 via the transaction interface 124. . . The XR profile module 104 may be configured to receive a transaction request from the XR device 102 and, as a result of the transaction request, the XR profile module 104 may initiate or otherwise facilitate the requested transaction via the transaction interface 124 through communications with the payment network 130.” May refers to virtual objects (in paragraph 93, and further in paragraph 101, quoted with emphasis added): “For instance, an MR system may go a step past AR systems toward being more immersive, such that a user is enabled to interact in real-time with virtual objects that are placed within the real world. These virtual objects may respond and react as if they were actual objects.” May does not disclose procuring at least one virtual object of the virtual transaction by transmitting the request to a server that stores data associated with the at least one virtual object and update the data to indicate the virtual object is now associated with the user and no longer associated with the virtual computing device. However, Rice first defines a virtual goods object or “VGO” (paragraph 36, emphasis added), “As referred to herein, a ‘virtual goods object’ (or ‘VGO’) is a two-dimensional or three-dimensional object that is rendered, displayed, and/or interacted with in a 3D environment such as, by way of non-limiting example, a 3D space, scene, browser, application, viewer, and/or interface, but which two-dimensional or three-dimensional object is linked to, or associated with, a real-world object, asset, or item, and can be redeemed to take ownership of the same. Any VGO described herein may be rendered, displayed, and/or interacted with by Augmented Reality technology, Virtual Reality technology, or any hybrid of Augmented and Virtual Reality technology.” Rice further teaches procuring virtual objects by interacting with a server that stores data associated with the virtual objects to indicate that a purchased virtual object is now associated with/owned by a user/purchaser, and by implication no longer associated with the previous owner and corresponding computing device (paragraph 65, emphasis added), “By way of non-limiting example, the user may discover and collect a 3D VGO in AR, VR, or VW, buy it from an online store or marketplace, receive it in a trade/buy/sell transaction with another user, or redeem a promo code, offer, credit, or voucher to acquire the rights to the VGO or NFT. The client application of the present innovation then notifies a system server that the user has acquired the object, at which time, the server then updates the file or blockchain record of the corresponding NFT’s properties and designates the user as the owner of the NFT.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing to procure at least one virtual object of the virtual transaction by transmitting the request to a server that stores data associated with the at least one virtual object and update the data to indicate the virtual object is now associated with the user and no longer associated with the virtual computing device, for at least the obvious advantage of maintaining accurate ownership records, enabling ownership to be established, and preventing a former owner of a virtual object from selling it again to a new and naïve buyer. May is suggestive of preventing a transaction (paragraph 45, emphasis added), “If this verification is successful, the process proceeds to 422, but if the verification fails, the XR system may prompt the user that the requested transaction cannot be performed.” This is not fully on point and explicit, but Nickerson teaches (column 12, lines 47-57, emphasis added), “In some embodiments, the service provider 110 may compare the second user input data against stored authentication data to determine if the authenticating gesture input at computing device 120 is within a predetermined threshold level of similarity to a stored authenticating gesture. In some embodiments, the service provider 110 may prevent the execution of a purchase transaction if the authenticating gesture is not determined to be within a predetermined threshold level of similarity to the stored authenticating gesture.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing, upon failing to determine a match between the received user virtual authentication data and the at least one stored user authentication data, to prevent execution of the virtual transaction using the virtual computing device, for at least the obvious advantage of not providing something of value to a fraudster impersonating a legitimate user. As per claim 10, May discloses that the virtual computing device includes at least a virtual gaming terminal (paragraph 67, emphasis added), “For instance, a user may access a VR game on the system 300 based on the user’s profile having access to the game.” Yet further, May discloses (paragraph 67, emphasis added), “With a VR system, users may be completely immersed in a computer-generated reality that is used for gaming, entertainment, or other uses.” For the system being a virtual device, see Claim Interpretation section above. May further discloses that the virtual transaction can include at least a virtual purchase transaction (paragraph 79, emphasis added), “At 414, a transaction request is received that is associated with the provided access to the subset of content. In some examples, the transaction request is initiated by the user of the XR system via the user interface of the XR system and based on a portion of the XR content that is being provided to the user (e.g., the user selects DLC of a virtual game they want to purchase or the user selects a product they want to purchase based on AR content that is displayed to them when looking at the product in a store). Additionally, or alternatively, the received transaction request may be initiated based on the user responding to a prompt by which the user agrees to make the purchase or the user may select the product to be purchased within the interface of the XR system, such that the transaction request is automatically initiated without further interaction from the user.” May also discloses that the virtual transaction can include at least a virtual gaming transaction (paragraph 67, emphasis added), “During use of the VR game, when the user attempts to make an associated purchase with the payment account associated with the user profile 314, the system matches the user’s biometric data 308 to the payment key data 346 of the user profile 314 based on, for instance, the user’s height, the user’s gait, the user’s retina, and a hand gesture made by the user when selecting to initiate the purchase.” For the transactions being virtual transactions, see Claim Interpretation section above. As per claim 11, as set forth above with regard to claim 1, it would have been obvious for the user virtual authentication data to be generated by the user device, based on the disclosure of Watson. Watson further teaches the user virtual authentication data being based on at least one personal identification data, wherein the at least one personal identification data includes at least one of the following: data associated with the user, data generated by the user device based on at least one action performed by the user, data generated by the user device based on at least one action performed by the user device, and any combination thereof (paragraph 44, emphasis added) “As another example, user 126 may request access to a computer resource. In a similar fashion, user 126 performs a motion in which biometric data 130 is generated by sensor system 128 from the motion performed by user 126. In this illustrative example, sensor system 128 includes sensors in smart glasses 122. If biometric data 130 is sufficiently close to stored biometric data 132 for the motion performed by user 126, access to the computer resource is provided.” This qualifies at least as data associated with the user, and data generated by the user device based on at least one action performed by the user. Watson further teaches (paragraph 46, emphasis added), “As another example, sensors in smart glasses 122 worn by user 126 can be used to detect motion of user 124 and generate biometric data 130. In this illustrative example, smart glasses 122 sends biometric data 130 to server computer 104 in place of virtual reality headset 120 as depicted in FIG. 1.” Also, May discloses, e.g., (paragraph 90, emphasis added), “The second set of biometric data may include motion data or other data gathered when the user performs gestures or head motions as well, such that the request for the transaction and the second set of biometric data of the user may be combined with respect to interactions between the user and the AR system.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing for the user virtual authentication data to be generated by the user device based on at least one personal identification data, wherein the at least one personal identification data includes at least one of the following: data associated with the user, data generated by the user device based on at least one action performed by the user, data generated by the user device based on at least one action performed by the user device, and any combination thereof, for at least the obvious advantage of providing personal identification in a way or ways that can readily distinguish a legitimate user from a would-be fraudster who does not know the proper motions to perform, or who is physically different enough from the legitimate user that his attempts to perform those motions would not be accepted as authentic. As per claim 12, May, as quoted above with respect to claim 11, discloses the user performing gestures or head motions [movements]; and Watson, as quoted above with respect to claim 11, discloses at least one movement performed by the user, and at least one biometric data associated with the user, so claim 5 would likewise have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing, also for at least the obvious advantage of providing personal identification in a way or ways that can readily distinguish a legitimate user from a would-be fraudster who does not know the proper motions to perform, or who is physically different enough from the legitimate user that his attempts to perform those motions would not be accepted as authentic. As per claim 13, May discloses authenticating of the user and determining that a user has been authenticated (paragraphs 96 and 97, quoted above with respect to claim 9). May does not expressly disclose transmitting a result of the authenticating to the at least one server, the result including a determination whether the user has been authenticated. However, Rice teaches communication with servers to authenticate user identity, inter alia (paragraph 179, emphasis added), “Each local node communicates with other nearby geolocated nodes, sharing information, backing up data, validating users, activity, mapping, and transactions, as well as communicating certain data to remote servers. Any node can communicate with other nodes or servers to authenticate user identity, transaction history, activity, and virtual object or virtual goods ownership.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing to transmit a result of the authentication to at least one server, the result including a determination whether the user has been authenticated, for at least the obvious advantage of enabling the server to determine whether the user is who he claims to be, and should therefore be allowed to access information or opportunities. Further, May discloses access to content based on user identification, and enabling a user to search a virtual store, implying procuring/purchasing (paragraph 95, emphasis added), “At 606, a user profile is identified based on the first set of biometric data and access to product-based VR content is provided based on the identified user profile. . . . Additionally, or alternatively, the product-based VR content may be adapted to take advantage of aspects specific to the VR system, such as content that includes a virtual store environment that enables a user to search a virtual store, find products, and view product information of products, including price information, product review information, or the like.” May further discloses purchasing items (paragraph 50, emphasis added), “Once authentication is established, the user can purchase experiences or items. In this manner, the system facilitates payments in XR systems through behavioral biometric identification, AI learning personal assistant, natural language processing and the learning manager.” Yet further, May discloses (paragraph 97, emphasis added), “At 614, the association between the second set of biometric data and the user profile is verified and, based on the successful verification, a transaction based on the transaction request, a payment account identifier, and the second set of biometric data is initiated at 616. Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing to receive, by the virtual computing system, from the at least one server, an authorization to procure the at least one virtual object upon determining that the user has been authenticated, for such obvious advantages as assuring that a user is who he claims to be, and has made or will make payment for the procured virtual object. Claims 15, 16, 17, 18, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over May et al. (U.S. Patent Application Publication 2022/0188833) in view of Watson et al. (U.S. Patent Application Publication 2020/0028843) and Rice (U.S. Patent Application Publication 2021/0279695). As per claim 15, May discloses a computer program product comprising a non-transitory machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations (paragraph 117, emphasis added), “One or more non-transitory computer storage media have computer-executable instructions for enabling processing of transactions from within an extended reality (XR) system using behavioral biometrics that, upon execution by a processor, cause the processor to at least: detect a user using the XR system; automatically collect a first set of biometric data of the user using the XR system based on the user being detected; the first set of biometric data including biometric data of at least one behavioral biometric data type; transform the first set of biometric data of the user into a first biometric token; identify a user profile based on the first biometric token, wherein the user profile is associated with a subset of content and a payment account identifier of a payment account; provide access to the subset of content to the user via the XR system based on the identified user profile; receive a transaction request associated with the provided access to the subset of content; based on the received transaction request, automatically collect a second set of biometric data of the user using the XR system, the second set of biometric data including biometric data of at least one behavioral biometric data type; transform the second set of biometric data of the user into a second biometric token; verify that the second biometric token is associated with the user profile; and based on verifying that the second biometric token is associated with the user profile, initiate a transaction based on the transaction request, the payment account identifier, and the second biometric token, whereby an identity of the user is authenticated based on the second biometric token and a transaction processing entity with which the transaction is initiated is configured to cause a transaction amount to be paid from the payment account based on the authentication of the identity of the user.” May further discloses receiving, by a virtual computer device, a user virtual authentication data representing a user, the user using a user device, communicating with a virtual computing system including the virtual computer device, to transmit a request to execute a virtual transaction associated with at least one virtual object in the virtual computer system; comparing the received user virtual authentication data with at least one stored user authentication data, the at least one stored user authentication data being stored in a storage location communicatively coupled to the virtual computer system (paragraph 96, emphasis added), “At 610, a transaction request associated with the product-based VR content is received and, at 612, a second set of biometric data of the user is collected based on the received transaction request. In some examples, 610 and 612 are performed in substantially the same way as 510 and 512 of method 500 described above. Additionally, or alternatively, the collection of the second set of biometric data may be based on specific aspects of the VR system, as with the collection of the first set of biometric data.” May continues (paragraph 97, emphasis added), “At 614, the association between the second set of biometric data and the user profile is verified and, based on the successful verification, a transaction based on the transaction request, a payment account identifier, and the second set of biometric data is initiated at 616.” Paragraphs 96 and 97 should be read in light of paragraphs 89-91 and 93-95. Also, May discloses (paragraph 45, emphasis added), “Alternatively, secured versions of the biometric data (e.g., biometric token data as described below) may be provided to a transaction processing entity when requesting transactions to enable the entity to authenticate the user’s identity (e.g., some transaction processing entities may require such processes to authenticate the user). For instance, a biometric key based on the biometric data 108 may be passed to the transaction processing entity and the transaction processing entity may be configured to compare the biometric key to a previously registered biometric key in order to authenticate the user’s identity.” The “previously registered biometric key” implies storage in a storage location communicatively coupled to a computer of the transaction processing entity. May does not clearly disclose the user virtual authentication data being generated by the user device. However, Watson teaches generation of biometric data used for authentication by a user device (paragraphs 41, 44, and 46). Watson (paragraph 41, emphasis added) teaches, “In this illustrative example, sensor system 128 comprises sensors in virtual reality headset 120. Biometric data 134 identified from user 120 performing a motion is sent to server computer 104. Server computer 104 compares biometric data 134 to stored biometric data 132 in motion action models 133. If a sufficient match is present between biometric data 130 and stored biometric data 132 for the motion performed by user 124, user 124 is authenticated and provided access to the requested computer resource.” Watson (paragraph 44, emphasis added) further teaches, “As another example, user 126 may request access to a computer resource. In a similar fashion, user 126 performs a motion in which biometric data 130 is generated by sensor system 128 from the motion performed by user 126. In this illustrative example, sensor system 128 includes sensors in smart glasses 122. If biometric data 130 is sufficiently close to stored biometric data 132 for the motion performed by user 126, access to the computer resource is provided.” Watson (paragraph 46, emphasis added) further teaches, “As another example, sensors in smart glasses 122 worn by user 126 can be used to detect motion of user 124 and generate biometric data 130. In this illustrative example, smart glasses 122 sends biometric data 130 to server computer 104 in place of virtual reality headset 120 as depicted in FIG. 1.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing for the user virtual authentication data to be generated by the user device, for at least the obvious advantage, as in Watson, of generating biometric data as authentication data by a user device present and in position to generate such biometric data. Yet further, Watson, as quoted in the preceding paragraph of the present Office Action, is entirely explicit about stored user authentication data being stored. May discloses executing an authentication of the user by comparing the received user virtual authentication data with at least one stored user authentication data, authenticating the user in the virtual computing system and executing the virtual transaction using the virtual computing device (paragraph 97, emphasis added), “At 614, the association between the second set of biometric data and the user profile is verified and, based on the successful verification, a transaction based on the transaction request, a payment account identifier, and the second set of biometric data is initiated at 616.” May also discloses (paragraph 4, emphasis added), “Based on verifying that the second biometric token is associated with the user profile, a transaction is initiated based on the transaction request, the transaction including the payment account identifier and the second biometric token, whereby a transaction processing entity with which the transaction is initiated is configured to authenticate an identity of the user based on the second biometric token and to cause a transaction amount to be paid from the payment account.” May further discloses executing transactions in paragraph 45, and discloses involvement and use of the user’s virtual computing device “the XR device 102” (paragraph 45, emphasis added), “The XR profile module 104 is further configured to initiate and/or otherwise facilitate transactions and payments associated with the user 106’s use of the XR device 102 via the transaction interface 124. . . The XR profile module 104 may be configured to receive a transaction request from the XR device 102 and, as a result of the transaction request, the XR profile module 104 may initiate or otherwise facilitate the requested transaction via the transaction interface 124 through communications with the payment network 130.” May refers to virtual objects (in paragraph 93, and further in paragraph 101, quoted with emphasis added): “For instance, an MR system may go a step past AR systems toward being more immersive, such that a user is enabled to interact in real-time with virtual objects that are placed within the real world. These virtual objects may respond and react as if they were actual objects.” May does not disclose procuring, or receiving an authorization to procure, at least one virtual object of the virtual transaction by transmitting the request to a server that stores data associated with the at least one virtual object upon determining that the user has been authenticated. However, Rice first defines a virtual goods object or “VGO” (paragraph 36, emphasis added), “As referred to herein, a ‘virtual goods object’ (or ‘VGO’) is a two-dimensional or three-dimensional object that is rendered, displayed, and/or interacted with in a 3D environment such as, by way of non-limiting example, a 3D space, scene, browser, application, viewer, and/or interface, but which two-dimensional or three-dimensional object is linked to, or associated with, a real-world object, asset, or item, and can be redeemed to take ownership of the same. Any VGO described herein may be rendered, displayed, and/or interacted with by Augmented Reality technology, Virtual Reality technology, or any hybrid of Augmented and Virtual Reality technology.” Rice further teaches procuring virtual objects by interacting with a server that stores data associated with the virtual objects to indicate that a purchased virtual object is now associated with/owned by a user/purchaser, implying authorization to procure at least one virtual object (paragraph 65, emphasis added), “By way of non-limiting example, the user may discover and collect a 3D VGO in AR, VR, or VW, buy it from an online store or marketplace, receive it in a trade/buy/sell transaction with another user, or redeem a promo code, offer, credit, or voucher to acquire the rights to the VGO or NFT. The client application of the present innovation then notifies a system server that the user has acquired the object, at which time, the server then updates the file or blockchain record of the corresponding NFT’s properties and designates the user as the owner of the NFT.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing to receive from the at least one server, authorization to procure at least one virtual object upon determining that the user has been authenticated, for at least the obvious advantage of enabling profitable exchanges to be carried out. As per claim 16, May does not disclose updating the stored data associated with the at least one virtual object to indicate that the at least one virtual object is associated with the user and is no longer associated with the at least one virtual computing device, but Rice further teaches procuring virtual objects by interacting with a server that stores data associated with the virtual objects to indicate that a purchased virtual object is now associated with/owned by a user/purchaser, implying authorization to procure at least one virtual object (paragraph 65, emphasis added), “By way of non-limiting example, the user may discover and collect a 3D VGO in AR, VR, or VW, buy it from an online store or marketplace, receive it in a trade/buy/sell transaction with another user, or redeem a promo code, offer, credit, or voucher to acquire the rights to the VGO or NFT. The client application of the present innovation then notifies a system server that the user has acquired the object, at which time, the server then updates the file or blockchain record of the corresponding NFT’s properties and designates the user as the owner of the NFT.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing to update the stored data associated with at least one virtual object to indicate that the at least one virtual object is associated with the user and is no longer associated with the at least one virtual computing device, for at least the obvious advantage of enabling profitable exchanges to be carried out, while preventing a former owner of a virtual object from selling it again to a new and naïve buyer. As per claim 17, May discloses that the virtual computing device includes at least a virtual gaming terminal (paragraph 67, emphasis added), “For instance, a user may access a VR game on the system 300 based on the user’s profile having access to the game.” Yet further, May discloses (paragraph 67, emphasis added), “With a VR system, users may be completely immersed in a computer-generated reality that is used for gaming, entertainment, or other uses.” For the system being a virtual device, see Claim Interpretation section above. As per claim 18, May discloses that the virtual transaction can include at least a virtual purchase transaction (paragraph 79, emphasis added), “At 414, a transaction request is received that is associated with the provided access to the subset of content. In some examples, the transaction request is initiated by the user of the XR system via the user interface of the XR system and based on a portion of the XR content that is being provided to the user (e.g., the user selects DLC of a virtual game they want to purchase or the user selects a product they want to purchase based on AR content that is displayed to them when looking at the product in a store). Additionally, or alternatively, the received transaction request may be initiated based on the user responding to a prompt by which the user agrees to make the purchase or the user may select the product to be purchased within the interface of the XR system, such that the transaction request is automatically initiated without further interaction from the user.” May also discloses that the virtual transaction can include at least a virtual gaming transaction (paragraph 67, emphasis added), “During use of the VR game, when the user attempts to make an associated purchase with the payment account associated with the user profile 314, the system matches the user’s biometric data 308 to the payment key data 346 of the user profile 314 based on, for instance, the user’s height, the user’s gait, the user’s retina, and a hand gesture made by the user when selecting to initiate the purchase.” For the transactions being virtual transactions, see Claim Interpretation section above. As per claim 19, as set forth above with regard to claim 15, it would have been obvious for the user virtual authentication data to be generated by the user device, based on the disclosure of Watson. Watson further teaches the user virtual authentication data being based on at least one personal identification data, wherein the at least one personal identification data includes at least one of the following: data associated with the user, data generated by the user device based on at least one action performed by the user, data generated by the user device based on at least one action performed by the user device, and any combination thereof (paragraph 44, emphasis added) “As another example, user 126 may request access to a computer resource. In a similar fashion, user 126 performs a motion in which biometric data 130 is generated by sensor system 128 from the motion performed by user 126. In this illustrative example, sensor system 128 includes sensors in smart glasses 122. If biometric data 130 is sufficiently close to stored biometric data 132 for the motion performed by user 126, access to the computer resource is provided.” This qualifies at least as data associated with the user, and data generated by the user device based on at least one action performed by the user. Watson further teaches (paragraph 46, emphasis added), “As another example, sensors in smart glasses 122 worn by user 126 can be used to detect motion of user 124 and generate biometric data 130. In this illustrative example, smart glasses 122 sends biometric data 130 to server computer 104 in place of virtual reality headset 120 as depicted in FIG. 1.” Also, May discloses, e.g., (paragraph 90, emphasis added), “The second set of biometric data may include motion data or other data gathered when the user performs gestures or head motions as well, such that the request for the transaction and the second set of biometric data of the user may be combined with respect to interactions between the user and the AR system.” Hence, it would have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing for the user virtual authentication data to be generated by the user device based on at least one personal identification data, wherein the at least one personal identification data includes at least one of the following: data associated with the user, data generated by the user device based on at least one action performed by the user, data generated by the user device based on at least one action performed by the user device, and any combination thereof, for at least the obvious advantage of providing personal identification in a way or ways that can readily distinguish a legitimate user from a would-be fraudster who does not know the proper motions to perform, or who is physically different enough from the legitimate user that his attempts to perform those motions would not be accepted as authentic. As per claim 20, May, as quoted above with respect to claim 18, discloses the user performing gestures or head motions [movements]; and Watson, as quoted above with respect to claim 18, discloses at least one movement performed by the user, and at least one biometric data associated with the user, so claim 20 would likewise have been obvious to one of ordinary skill in the art of electronic commerce on the date of inventors’ filing, also for at least the obvious advantage of providing personal identification in a way or ways that can readily distinguish a legitimate user from a would-be fraudster who does not know the proper motions to perform, or who is physically different enough from the legitimate user that his attempts to perform those motions would not be accepted as authentic. Response to Arguments Applicant's arguments filed March 26, 2026 have been fully considered but they are not persuasive. Upon reconsideration, Examiner has now rejected all currently pending claims under 35 U.S.C. 103, with the result that the current Office Action is non-final. It is further noted that claims 19 and 20 remain objected to for an informality. Applicant’s arguments regarding the 35 U.S.C. 101 rejections are not persuasive. Applicant argues that that the claims are integrated into a practical application under Step 2A, Prong Two. In particular, Applicant argues that the claims recite a specific authentication handshake designed to secure transactions within a virtual computing system. Examiner replies that the “authentication handshake” does not involve improvement to the functioning of a computer or to any other technology or technical field, only the application of general means of authentication to a particular method (and corresponding computer system and computer program product) for performing commercial interactions. The interacting is recited in claim as including: receiving, by the virtual computing device, in response to a request from the virtual computing system, a user virtual authentication data representing the user, the user virtual authentication data being generated by the user device and transmitted to the virtual computing system; comparing the received user virtual authentication data with at least one stored user authentication data, the at least one stored user authentication data being stored in a storage location communicatively coupled to the virtual computing system This is merely applying a largely abstract procedure for authenticating users (which might involve passwords typed in, fingerprints or other biometrics, or data generated by a user device, perhaps a cellphone or dongle) to particular commercial purposes. The four Shepherd patents at issue in the Alice Corporation v. CLS Bank decision were presumably of some use for exchanging obligations as between parties, but the Supreme Court nonetheless found them patent-ineligible. The representative claim at issue in the Ultramercial, Inc. v. Hulu, LLC decision of the CAFC involved technology (such as “a third step of providing the media product for sale at an Internet website”), and was surely of some practical use in that it enabled consumers to pay for media products by viewing a sponsor’s message, presumably to the advantage of consumers who could not afford to pay in money, or lacked a convenient way of making payments over the Internet, but was nonetheless ruled patent-ineligible. Therefore, Examiner maintains that rejection of the instant claims under 35 U.S.C. is in accordance with judicial precedents, and that contrary to Applicant’s arguments on pages 12-13 of the Amendment and Remarks of March 26, 2026, the claimed invention is not a technical improvement in any significant and relevant way. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Merritt, Junior (U.S. Patent Application Publication 2017/0116680) discloses a system and method for facilitating and managing transactions of fractional ownership interests in assets (in particular, paragraphs 42, 48, 57, and 61 are noted for teaching that record are updated to reflect the transfer of ownership in assets). Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS D ROSEN whose telephone number is (571)272-6762. The examiner can normally be reached 9:00 AM-5:30 PM, M-F. Non-official/draft communications may be faxed to the examiner at 571-273-6762, or else emailed to Nicholas.Rosen@uspto.gov (in the body of an email, please, not as an attachment). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Marissa Thein, can be reached at 571-272-6764. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NICHOLAS D ROSEN/ Primary Examiner, Art Unit 3689 May 28, 2026
Read full office action

Prosecution Timeline

Mar 14, 2024
Application Filed
Oct 30, 2025
Non-Final Rejection mailed — §101, §103
Mar 26, 2026
Response Filed
Jun 02, 2026
Non-Final Rejection mailed — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12583148
ARTIFICIAL NAIL MEASUREMENT SYSTEM AND METHOD
4y 11m to grant Granted Mar 24, 2026
Patent 12555074
CONSUMER PURCHASING AND INVENTORY CONTROL ASSISTANT APPARATUS, SYSTEM AND METHODS
1y 9m to grant Granted Feb 17, 2026
Patent 12548062
TRAINED MACHINE LEARNING MODELS FOR PREDICTING REPLACEMENT ITEMS USING EXPIRATION DATES
2y 11m to grant Granted Feb 10, 2026
Patent 12530714
LOCATION-BASED DATA TRACKING FOR DYNAMIC DATA PRESENTATION ON MOBILE DEVICES
2y 1m to grant Granted Jan 20, 2026
Patent 12518305
NON-FUNGIBLE TOKEN MANAGEMENT SYSTEMS AND METHODS FOR AN ENTERTAINMENT VENUE
2y 5m to grant Granted Jan 06, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

2-3
Expected OA Rounds
70%
Grant Probability
93%
With Interview (+22.1%)
3y 1m (~9m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 678 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month