Prosecution Insights
Last updated: July 17, 2026
Application No. 18/671,127

Unauthorized Activity Detection at Automated Teller Machine

Non-Final OA §101
Filed
May 22, 2024
Examiner
SHAHABI, ARI ARASTOO
Art Unit
3697
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Bank of America Corporation
OA Round
3 (Non-Final)
54%
Grant Probability
Moderate
3-4
OA Rounds
1y 2m
Est. Remaining
94%
With Interview

Examiner Intelligence

Grants 54% of resolved cases
54%
Career Allowance Rate
111 granted / 206 resolved
+1.9% vs TC avg
Strong +41% interview lift
Without
With
+40.6%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
26 currently pending
Career history
238
Total Applications
across all art units

Statute-Specific Performance

§101
18.2%
-21.8% vs TC avg
§103
55.5%
+15.5% vs TC avg
§102
12.3%
-27.7% vs TC avg
§112
12.8%
-27.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 206 resolved cases

Office Action

§101
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 06/09/2026 has been entered. Status of Claims Claims 1, 9 and 17 are amended. Claims 1-20 are pending. Response to Remarks 35 U.S.C. § 101 Remark 1: Applicant contends that the claims are necessarily rooted in computer technology and while the present claims may merely involve an exception, they do not recite an exception. Response to Remark 1: Applicant's argument is not persuasive because these features are part of the additional elements discussed in Step 2A, Prong Two. Remark 2: Applicant contends that claim 1 recites features that, when considered as a whole, are a technical implementation that integrates any alleged exception into a practical application and thus renders the claim eligible. For instance, claim 1 recites specific hardware components arranged in a particular configuration: "a transaction processing card having a microprocessor, micro antenna and actuator for causing vibration of the transaction processing card in response to potential unauthorized activity arranged in a generally planar region of the transaction processing card." This is not a generic computer implementation but rather a specific physical arrangement of components on a transaction processing card that enables the claimed bidirectional cryptographic validation. Claim 1 further recites that the validation code is transmitted "via the micro-antenna arranged in the generally planar region of the transaction processing card," and that the encrypted version is encrypted "by the microprocessor arranged in the generally planar region of the transaction processing card." These limitations specify how the particular hardware components interact to perform the validation process. Further, claim 1 recites that when validation fails, the notification is transmitted "to the transaction processing card, wherein transmitting the notification to the transaction processing card causes the actuator on the generally planar region of the transaction card to vibrate indicating potential unauthorized activity." This provides a specific technical mechanism for alerting users to compromised devices through haptic feedback on the card itself. Response to Remark 2: Examiner respectfully disagrees. The features relied upon by Applicant in their argument are not within the broadest reasonable interpretation (BRI) of the claim. Regarding claims 1 and 17, the features relied upon by Applicant in their argument is language that does not limit a claim to a particular structure of the “computing platform” (See MPEP 2103(I)(C), 2111.04(I)). Regarding claim 9, the features relied upon by Applicant in their argument does not define a step nor an act to be performed in the process claim (See MPEP 2103(I)(C)). Accordingly, this contention is unpersuasive. Remark 3: Applicant contends that Claim 1 recites a specific arrangement of components and processes, including the transaction processing card's embedded microprocessor encrypting dynamically generated codes, transmission via micro-antenna, and causing an actuator to vibrate upon detecting invalid transactions, that represent a non-conventional and non-generic arrangement that is significantly more than any alleged abstract idea and provides a technical improvement to detecting compromised devices and providing notification of compromised devices. The MPEP recites that "[i]f the elements or functions are beyond those recognized in the art or by the courts as being well- understood, routine, conventional activity, then the elements or functions will in most cases amount to significantly more," as is the case with claim 1. MPEP 2106.05(d). Response to Remark 3: Examiner respectfully disagrees. The features relied upon by Applicant in their argument are not within the broadest reasonable interpretation (BRI) of the claim. Regarding claims 1 and 17, the features relied upon by Applicant in their argument is language that does not limit a claim to a particular structure of the “computing platform” (See MPEP 2103(I)(C), 2111.04(I)). Regarding claim 9, the features relied upon by Applicant in their argument does not define a step nor an act to be performed in the process claim (See MPEP 2103(I)(C)). Accordingly, this contention is unpersuasive. Information Disclosure Statement The information disclosure statement(s) (IDS) submitted on 06/09/2026 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) has/have been considered by the examiner. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Step 1 Step 1 of the eligibility analysis asks is the claim to a process, machine, manufacture or composition of matter (See MPEP § 2106.03, subsections I and II). Claims 1-8 are directed to a computing platform (i.e., machine, and manufacture). Claims 9-16 are directed to a computer-implemented method (i.e., process). Claims 17-20 are directed to a non-transitory computer-readable storage medium (i.e., manufacture). Therefore, these claims fall within the four statutory categories of invention. Step 2A, Prong One Prong One asks does the claim recite an abstract idea, law of nature, or natural phenomenon (MPEP § 2106.04(II)(A)(1)). Claims 1, 9 and 17 under a broadest reasonable interpretation recite an abstract idea because the claims describe transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas (MPEP § 2106.04(a)(2), subsection II). The claim limitations reciting the abstract idea are grouped within the “certain methods of organizing human activity” grouping of abstract ideas because the limitations describe fundamental economic principles or practices, including mitigating risk, and describe commercial or legal interactions, including advertising, marketing or sales activities or behaviors. The following underlined claim limitations recite the abstract idea. Claim 1: at least one processor; a communication interface communicatively coupled to the at least one processor; and a memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: receive, from a transaction processing card having a microprocessor, micro-antenna and actuator for causing vibration of the transaction processing card in response to potential unauthorized activity arranged in a generally planar region of the transaction processing card, via a card reader of a transaction processing device, a request for a transaction; transmit, to the transaction processing card and via the micro-antenna arranged in the generally planar region of the transaction processing card, a dynamically generated validation code; receive, from the transaction processing card, an encrypted version of the dynamically generated validation code, wherein the encrypted version of the dynamically generated validation code is encrypted by the microprocessor arranged in the generally planar region of the transaction processing card and using a private key associated with the transaction processing card; decrypt, using a public key associated with the transaction processing device, the encrypted version of the dynamically generated validation code; responsive to decryption of the encrypted version of the dynamically generated validation code being unsuccessful: deny the request for the transaction; generate a notification indicating that the transaction processing card is invalid; and transmit the notification to a computing device and to the transaction processing card, wherein transmitting the notification to the computing device causes the notification to be displayed on a display of the computing device and wherein transmitting the notification to the transaction processing card causes the actuator on the generally planar region of the transaction processing card to vibrate indicating potential unauthorized activity; and responsive to decryption of the encrypted dynamically generated validation code being successful, process the request for the transaction. Claim 9: receiving, by a computing platform, the computing platform having at least one processor, and memory, and from a transaction processing card having a microprocessor, micro-antenna and actuator for causing vibration of the transaction processing card in response to potential unauthorized activity arranged in a generally planar region of the transaction processing card, and via a card reader of a transaction processing device, a request for a transaction; transmitting, by the at least one processor and to the transaction processing card and via the micro-antenna arranged in the generally planar region of the transaction processing card, a dynamically generated validation code; receiving, by the at least one processor and from the transaction processing card, an encrypted version of the dynamically generated validation code, wherein the encrypted version of the dynamically generated validation code is encrypted by the microprocessor arranged in the generally planar region of the transaction processing card and using a private key associated with the transaction processing card; decrypting, by the at least one processor and using a public key associated with the transaction processing device, the encrypted version of the dynamically generated validation code; responsive to decryption of the encrypted version of the dynamically generated validation code being unsuccessful: denying, by the at least one processor, the request for the transaction; generating, by the at least one processor, a notification indicating that the transaction processing card is invalid; and transmitting, by the at least one processor, the notification to a computing device and to the transaction processing card, wherein transmitting the notification to the computing device causes the notification to be displayed on a display of the computing device and wherein transmitting the notification to the transaction processing card causes the actuator on the generally planar region of the transaction processing card to vibrate indicating potential unauthorized activity; and responsive to decryption of the encrypted dynamically generated validation code being successful, processing, by the at least one processor, the request for the transaction. Claim 17: One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, memory, and a communication interface, cause the computing platform to: receive, from a transaction processing card having a microprocessor, micro-antenna and actuator for causing vibration of the transaction processing card in response to potential unauthorized activity arranged in a generally planar region of the transaction processing card, via a card reader of a transaction processing device, a request for a transaction; transmit, to the transaction processing card and via the micro-antenna arranged in the generally planar region of the transaction processing card, a dynamically generated validation code; receive, from the transaction processing card, an encrypted version of the dynamically generated validation code, wherein the encrypted version of the dynamically generated validation code is encrypted by the microprocessor arranged in the generally planar region of the transaction processing card and using a private key associated with the transaction processing card; decrypt, using a public key associated with the transaction processing device, the encrypted version of the dynamically generated validation code; responsive to decryption of the encrypted version of the dynamically generated validation code being unsuccessful: deny the request for the transaction; generate a notification indicating that the transaction processing card is invalid; and transmit the notification to a computing device and to the transaction processing card, wherein transmitting the notification to the computing device causes the notification to be displayed on a display of the computing device and wherein transmitting the notification to the transaction processing card causes the actuator on the generally planar region of the transaction processing card to vibrate indicating potential unauthorized activity; and responsive to decryption of the encrypted dynamically generated validation code being successful, process the request for the transaction. Step 2A, Prong Two Prong Two asks does the claim recite additional elements that integrate the judicial exception into a practical application (MPEP § 2106.04(II)(A)(2)). Examiners evaluate integration into a practical application by: (1) identifying whether there are any additional elements recited in the claim beyond the judicial exception(s); and (2) evaluating those additional elements individually and in combination to determine whether they integrate the exception into a practical application, using one or more of the considerations discussed in more detail in MPEP §§ 2106.04(d)(1), 2106.04(d)(2), 2106.05(a) through (c) and 2106.05(e) through (h). Here, the non-underlined claim limitations above recite additional elements. The additional elements do not improve the functioning of computers, another technology, or a technical field (MPEP §§ 2106.04(d)(1) and 2106.05(a)). The Specification does not assert that the invention improves upon conventional functioning of a computer, or upon conventional technology or technological processes. The claim does not purport to improve computer capabilities, but rather invokes computers merely as a tool by adding general purpose computers post-hoc to an abstract idea. A commonplace business method being applied on a general-purpose computer is not sufficient to show an improvement to technology. The claim must include more than mere instructions to perform the method on a generic component or machinery to qualify as an improvement to an existing technology. The Specification and the claim language provide evidence that the focus of the claim is on a scheme. An improvement in the abstract idea itself is not an improvement in technology. Even if the Specification describes technical improvements, they are not claimed. The additional elements do not apply the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (MPEP § 2106.04(d)(2)). The additional elements do not implement the abstract idea with a particular machine or manufacture that is integral to the claim (MPEP § 2106.05(b)). A general-purpose computer that applies a judicial exception, such as an abstract idea, by use of conventional computer functions does not qualify as a particular machine. The additional elements do not transform or reduce a particular article to a different state or thing (MPEP § 2106.05(c)). The claim does not recite any transformation of an article where the article changes to a different state or thing. Nor do the additional elements apply the abstract idea in a meaningful way or impose a meaningful limit on it beyond linking its use to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP § 2106.05(e)). The additional elements generally link the use of the judicial exception to a particular technological environment. A wholly generic computer implementation is not generally the sort of additional feature that provides any practical assurance that the process is more than a drafting effort designed to monopolize the abstract idea itself. The additional elements individually and in combination, merely serve as a tool to perform the abstract idea (MPEP § 2106.05(f)). Implementing an abstract idea on a generic computer, does not integrate the abstract idea into a practical application, similar to how the recitation of the computer in the claim in Alice amounted to mere instructions to apply the abstract idea of intermediated settlement on a generic computer. Use of a computer or other machinery in its ordinary capacity for economic or other tasks or simply adding a general-purpose computer or computer components after the fact to an abstract idea does not integrate a judicial exception into a practical application. The additional elements are being used in their ordinary capacity. The additional elements do no more than merely invoke computers or machinery as a tool to perform an existing process. The additional elements generally link the use of the abstract idea to a particular technological environment or field of use (MPEP § 2106.05(h)). Limitations that amount to merely indicating a field of use or technological environment in which to apply a judicial exception cannot integrate a judicial exception into a practical application. Thus, the additional elements do not integrate the abstract idea into a practical application. Accordingly, the claims are directed to the abstract idea identified above. Step 2B Step 2B determines whether the claim as a whole amount to significantly more than the abstract idea itself (MPEP § 2106.05). In Step 2B examiners carry over their identification of the additional element(s) in the claim from Step 2A Prong Two; carry over their conclusions from Step 2A Prong Two on the considerations discussed in MPEP §§ 2106.05(a)-(c), (e), (f) and (h); re-evaluate any additional element or combination of elements that was considered to be insignificant extra-solution activity per MPEP § 2106.05(g), because if such re-evaluation finds that the element is unconventional or otherwise more than what is well-understood, routine, conventional activity in the field, this finding may indicate that the additional element is no longer considered to be insignificant; and evaluate whether any additional element or combination of elements are other than what is well-understood, routine, conventional activity in the field, or simply append well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception, per MPEP § 2106.05(d). The additional elements individually and in combination, merely serve as a tool to perform the abstract idea (MPEP § 2106.05(f)). The additional elements generally link the use of the abstract idea to a particular technological environment or field of use (MPEP § 2106.05(h)). Individually, the additional elements do not amount to significantly more than the abstract idea. Here, the additional elements simply append well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception, e.g., a claim to an abstract idea requiring no more than a generic computer to perform generic computer functions that are well-understood, routine and conventional activities previously known to the industry. A factual determination is required to support a conclusion that an additional element (or combination of additional elements) is well-understood, routine, conventional activity. Here, the specification of the application indicates that additional elements are well-known or conventional (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). There is nothing in the specification to indicate that the operations recited in the claims require any specialized hardware or inventive computer components or that the claimed invention is implemented using other than generic computer components to perform generic computer functions. The ordered combination recites no more than the individual elements do. Thus, the additional elements are not significantly more than the abstract idea. Accordingly, the claims are directed to the abstract idea identified above without significantly more. The claims are not eligible, warranting a rejection for lack of subject matter eligibility and concluding the eligibility analysis. Dependent Claims Claim 2 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein the public key associated with the transaction processing device is associated with the card reader of the transaction processing device. Claim 3 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein the dynamically generated validation code includes a time stamp of the transaction, a unique identifier associated with the card reader of the transaction processing device, and geo-location data associated with the transaction processing device. Claim 4 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. further including instructions that when executed cause the computing platform to: responsive to decryption of the encrypted version of the dynamically generated validation code being successful, and prior to processing the request for the transaction: generate a verification code; encrypt, using a private encryption key associated with the transaction processing device, the verification code; transmit, to the transaction processing card, the encrypted verification code; receive, from the transaction processing card, a decrypted verification code, wherein the decrypted verification code is generated by the transaction processing card using a public key associated with the transaction processing card; verify that the decrypted verification code matches the generated verification code; responsive to determining that the decrypted verification code does not match the verification code: generate a notification indicating that the card reader is compromised; and transmit the notification that the card reader is compromised to the computing device; and responsive to determining that the decrypted verification does match the verification code, process the transaction. Claim 5 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein the private encryption key associated with the transaction processing device is associated with the card reader of the transaction processing device. Claim 6 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein the computing device is a computing device of an enterprise organization associated with the transaction processing device. Claim 7 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein transmitting the notification that the card reader is compromised causes the computing device of the enterprise organization to disable or deactivate the transaction processing device. Claim 8 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein the computing device is a user computing device. Claim 10 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein the public key associated with the transaction processing device is associated with the card reader of the transaction processing device. Claim 11 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein the dynamically generated validation code includes a time stamp of the transaction, a unique identifier associated with the card reader of the transaction processing device, and geo-location data associated with the transaction processing device. Claim 12 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. responsive to decryption of the encrypted version of the dynamically generated validation code being successful, and prior to processing the request for the transaction: generating, by the at least one processor, a verification code; encrypting, by the at least one processor and using a private encryption key associated with the transaction processing device, the verification code; transmitting, by the at least one processor and to the transaction processing card, the encrypted verification code; receiving, by the at least one processor and from the transaction processing card, a decrypted verification code, wherein the decrypted verification code is generated by the transaction processing card using a public key associated with the transaction processing card; verifying, by the at least one processor, that the decrypted verification code matches the generated verification code; responsive to determining that the decrypted verification code does not match the verification code: generating, by the at least one processor, a notification indicating that the card reader is compromised; and transmitting, by the at least one processor, the notification that the card reader is compromised to the computing device; and responsive to determining that the decrypted verification does match the verification code, processing, by the at least one processor, the transaction. Claim 13 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein the private encryption key associated with the transaction processing device is associated with the card reader of the transaction processing device. Claim 14 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein the computing device is a computing device of an enterprise organization associated with the transaction processing device. Claim 15 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein transmitting the notification that the card reader is compromised causes the computing device of the enterprise organization to disable or deactivate the transaction processing device. Claim 16 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein the computing device is a user computing device. Claim 18 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein the public key associated with the transaction processing device is associated with the card reader of the transaction processing device. Claim 19 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. wherein the dynamically generated validation code includes a time stamp of the transaction, a unique identifier associated with the card reader of the transaction processing device, and geo-location data associated with the transaction processing device. Claim 20 recites an abstract idea because the claim describes transaction authorization using correspondence of codes, grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The following underlined claim limitations recite the abstract idea. The non-underlined claim limitations recite additional elements. The additional elements do not integrate the abstract idea into a practical application and are not significantly more than the abstract idea because the additional elements individually and in combination, merely serve as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment or field of use. The additional elements, individually and in combination, are well-understood, routine, conventional activity (See Spec. 0005, 0032, 0037-0039, 0047, 0132, 0139, 0141, 0145-0146). Therefore, the claim is not eligible. further including instructions that when executed cause the computing platform to: responsive to decryption of the encrypted version of the dynamically generated validation code being successful, and prior to processing the request for the transaction: generate a verification code; encrypt, using a private encryption key associated with the transaction processing device, the verification code; transmit, to the transaction processing card, the encrypted verification code; receive, from the transaction processing card, a decrypted verification code, wherein the decrypted verification code is generated by the transaction processing card using a public key associated with the transaction processing card; verify that the decrypted verification code matches the generated verification code; responsive to determining that the decrypted verification code does not match the verification code: generate a notification indicating that the card reader is compromised; and transmit the notification that the card reader is compromised to the computing device; and responsive to determining that the decrypted verification does match the verification code, processing the transaction. Claims Free of Art The closest prior art of record is US 2018/0005243 A1 (“Zovi”) (hereinafter “Zovi”). Zovi teaches: at least one processor; a communication interface communicatively coupled to the at least one processor; and a memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: [One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, memory, and a communication interface, cause the computing platform to:] (Fig.1A item 40, Fig.1C item 40, Fig.5, paras 0165-0188) receiving, by a computing platform, the computing platform having at least one processor, and memory, and from a transaction processing card having a microprocessor, micro-antenna and actuator for causing vibration of the transaction processing card in response to potential unauthorized activity arranged in a generally planar region of the transaction processing card, and via a card reader of a transaction processing device, a request for a transaction; (paras 0194-0195, 0203, 0212-0213) transmitting, by the at least one processor and to the transaction processing card and via the micro-antenna arranged in the generally planar region of the transaction processing card, a dynamically generated validation code; (paras 0216) decrypting, by the at least one processor and using a public key associated with the transaction processing device, the encrypted version of the dynamically generated validation code; (paras 0193, 0196, 0204, 0221-0223, 0251-0253) responsive to decryption of the encrypted version of the dynamically generated validation code being unsuccessful: (paras 0193, 0196, 0204, 0221-0223, 0251-0253) denying, by the at least one processor, the request for the transaction; generating, by the at least one processor, a notification indicating that the transaction processing card is invalid; and transmitting, by the at least one processor, the notification to a computing device and to the transaction processing card, wherein transmitting the notification to the computing device causes the notification to be displayed on a display of the computing device and wherein transmitting the notification to the transaction processing card causes the actuator on the generally planar region of the transaction processing card to vibrate indicating potential unauthorized activity; and (paras 0200-0201, 0221-0223, 0251-0253) responsive to decryption of the encrypted dynamically generated validation code being successful, (paras 0193, 0196, 0204, 0221-0223, 0251-0253) processing, by the at least one processor, the request for the transaction. (paras 0198-0199, 0221-0223, 0251-0253) Therefore, the prior art does not teach, neither singly nor in combination the following: receiving, by the at least one processor and from the transaction processing card, an encrypted version of the dynamically generated validation code, wherein the encrypted version of the dynamically generated validation code is encrypted by the microprocessor arranged in the generally planar region of the transaction processing card and using a private key associated with the transaction processing card Conclusion The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 2018/0315043 A1 (“Royyuru”) discloses: Methods, systems, and machine-readable media are disclosed for handling information related to a financial transaction including utilizing dynamic cryptograms. According to one embodiment, a method of processing a financial transaction related to a financial account can comprise detecting initiation of the transaction with a device used as a presentation instrument in the transaction. A Dynamic Transaction Cryptogram (DTC) and a dynamic PAN can be generated at the device. The DTC can be used to authenticate the transaction and the dynamic PAN can comprise an encrypted form of a real PAN of the financial account that is valid for a single transaction. The DTC and the dynamic PAN can be provided by the device for use in the transaction. US 2014/0067683 A1 (“Varadarajan”) discloses: A method and system is provided for generating a dynamic card value (DCV) from a mobile user device for use in a transaction between a user cardholder and a transaction provider. The DCV may be configured for use as a card verification value (CVV), also known as a card security code (CSC), a primary account number (PAN), or a portion of a PAN. The DCV may be generated using a DCV generator which may include an algorithm and a DCV generation key. The DCV generation key may be camouflaged. Obtaining a DCV from the user device may require inputting a PIN, a device identifier, a challenge or transaction information. The DCV may be used for any transaction requiring the input of a user identification number and a verification value, including, credit card transactions, debit card transactions, online or telephonic transactions. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ari Shahabi whose telephone number is (571)272-2565. The examiner can normally be reached M-F: 8:00-5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached at 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ARI SHAHABI/Primary Examiner, Art Unit 3697
Read full office action

Prosecution Timeline

May 22, 2024
Application Filed
Oct 31, 2025
Non-Final Rejection mailed — §101
Jan 22, 2026
Response Filed
Mar 10, 2026
Final Rejection mailed — §101
Apr 08, 2026
Response after Non-Final Action
Jun 09, 2026
Request for Continued Examination
Jun 17, 2026
Response after Non-Final Action
Jul 01, 2026
Non-Final Rejection mailed — §101 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12664486
METHOD, APPARATUS, AND SYSTEM FOR CALCULATING OPTIMAL PATH ON BASIS OF NODE REDUCTION
1y 7m to grant Granted Jun 23, 2026
Patent 12659158
UTILIZING A CONTINGENT ACTION TOKEN
1y 10m to grant Granted Jun 16, 2026
Patent 12651252
INFORMATION PROCESSING SYSTEM, METHOD, AND MEDIUM
3y 3m to grant Granted Jun 09, 2026
Patent 12646070
METHODS AND SYSTEMS FOR PREVENTING A FRAUDULENT PAYMENT TRANSACTION
2y 4m to grant Granted Jun 02, 2026
Patent 12619962
SYSTEMS AND METHODS TO GENERATE A DIGITAL ASSET ON A TEMPORARY WALLET AND TRANSFER THE DIGITAL ASSET TO A PERMANENT DIGITAL WALLET
2y 11m to grant Granted May 05, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
54%
Grant Probability
94%
With Interview (+40.6%)
3y 4m (~1y 2m remaining)
Median Time to Grant
High
PTA Risk
Based on 206 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month