Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsVISA INTERNATIONAL SERVICE ASSOCIATION › 18890320
Last updated: May 29, 2026
Application No. 18/890,320

USE OF WEB AUTHENTICATION TO ENHANCE SECURITY OF SECURE REMOTE PLATFORM SYSTEMS

Non-Final OA §103
Filed
Sep 19, 2024
Priority
Nov 13, 2019 — provisional 62/934,988 +2 more
Examiner
SCOTT, RANDY A
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
VISA INTERNATIONAL SERVICE ASSOCIATION
OA Round
1 (Non-Final)
85%
Grant Probability
Favorable
1-2
OA Rounds
1y 2m
Est. Remaining
82%
With Interview

Interview Optional

-2.1% interview lift. Interview already conducted in this application's prosecution history. This examiner has a 85% grant rate with -2.1% interview lift. Since an interview has already been tried, recommend written response with narrowed claims based on precedent claim evolution patterns.
Based on 946 resolved cases, 2023–2026

Examiner Intelligence

SCOTT, RANDY A View full profile →
Grants 85% — above average
85%
Career Allowance Rate
800 granted / 946 resolved
+26.6% vs TC avg
Minimal -2% lift
Without
With
+-2.1%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
16 currently pending
Career history
971
Total Applications
across all art units

Statute-Specific Performance

§101
2.6%
-37.4% vs TC avg
§103
88.3%
+48.3% vs TC avg
§102
2.9%
-37.1% vs TC avg
§112
3.6%
-36.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 946 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION 1. This Office Action is responsive to the communication filed 9/19/2024. Information Disclosure Statement 2. The information disclosure statement (IDS) submitted on 9/19/2024, 3/19/2025, and 1/21/2026 were filed after the mailing date of the instant application. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Objections 3. Claim 9 is objected to because of the following informalities: The claim should be amended to: --a universally unique identifier (UUID)--. Claim 16 is objected to because of the following informalities: Line 2 of the claim should be concluded with a colon and amended to: --a user device comprising:--. Line 6 of the claim should be concluded with a colon and amended to: --method comprising:--. Appropriate correction is required. Double Patenting 4. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claims because the examined application claim is either anticipated by, or would have been obvious over, the reference claims. See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). 5. Claims 1-3, 6-12, and 14 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-3, 6-12, and 14, respectively of U.S. Patent No. 12,126,614. Although the conflicting claims are not identical, they are not patentably distinct from each other because all limitations recited in claims 1-3, 6-12, and 14 of the instant application are anticipated by limitations recited in claims 1-3, 6-12, and 14 of the patent US 12,126,614, respectively (see table below). Instant Application 18/890,320 Patent No. US 12,126,614 Claim 1: A method comprising: receiving, by a universal authentication application from a resource provider computer, a user credential verification request message comprising a user identifier, server computer data, and interaction data for an interaction between a resource provider of the resource provider computer and a user of a user device; transmitting, by the universal authentication application, the user credential verification request message to a web browser that invokes an authenticator to verify biometric information of the user; receiving, by the universal authentication application, a user credential verification response message from the authenticator, the user credential verification response message comprising signed interaction data; and sending, by the universal authentication application, the user credential verification response message to the resource provider computer, wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers. 2. The method of claim 1, wherein the universal authentication application is a component on the user device. 3. The method of claim 2, wherein the user device further includes the authenticator. 6. The method of claim 1, wherein the server computer data originates from any server computer of the plurality of server computers. 7. The method of claim 1, wherein the authenticator determines whether or not to verify the biometric information of the user based at least on the server computer data. 8. The method of claim 7, wherein the plurality of portable device credentials are a plurality of masked portable device credentials, wherein the resource provider computer obtains each of the masked portable device credentials from a different server computer based on the signed interaction data generated by the authenticator. 9. The method of claim 1, wherein the user identifier is a universally unite identifier (UUID). 1.A method comprising: receiving, by a universal authentication application from a resource provider computer, a user credential verification request message comprising a user identifier, server computer data, and interaction data for an interaction between a resource provider of the resource provider computer and a user of a user device; transmitting, by the universal authentication application, the user credential verification request message to a web browser that invokes an authenticator to verify biometric information of the user; receiving, by the universal authentication application, a user credential verification response message from the authenticator, the user credential verification response message comprising signed interaction data; and sending, by the universal authentication application, the user credential verification response message to the resource provider computer, wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers. 10. A user device comprising: a processor; and a computer-readable medium coupled to the processor, the computer-readable medium comprising code executable by the processor for implementing a method comprising: receiving, by a universal authentication application of the user device from a resource provider computer, a user credential verification request message comprising a user identifier, server computer data, and interaction data for an interaction between a resource provider of the resource provider computer and a user of the user device; transmitting, by the universal authentication application, the user credential verification request message to a web browser that invokes an authenticator to verify biometric information of the user; receiving, by the universal authentication application, a user credential verification response message from the authenticator, the user credential verification response message comprising signed interaction data; and sending, by the universal authentication application, the user credential verification response message to the resource provider computer, wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers. 11. The user device of claim 10, wherein after the authenticator verifies the biometric information of the user, the authenticator signs the interaction data with private key. 12. The user device of claim 10, wherein the user identifier is a universally unique identifier. 14. The user device of claim 10, wherein the interaction is a secure data interaction, a secure webpage interaction, or a secure location interaction. Claim 1: A method comprising: receiving, by a universal authentication application from a resource provider computer, a user credential verification request message comprising a user identifier, server computer data, and interaction data for an interaction between a resource provider of the resource provider computer and a user of a user device; transmitting, by the universal authentication application, the user credential verification request message to a web browser that invokes an authenticator to verify biometric information of the user; receiving, by the universal authentication application, a user credential verification response message from the authenticator, the user credential verification response message comprising signed interaction data; and sending, by the universal authentication application, the user credential verification response message to the resource provider computer, wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers, wherein the server computer data is first server computer data, and wherein prior to receiving the user credential verification request message, the resource provider computer a) receives an interaction request message comprising a recognition identifier from the user device, b) provides a recognition request message comprising the recognition identifier to the plurality of server computers, c) respectively receives one or more recognition response messages from one or more server computers of the plurality of server computers, each recognition response message comprising the user identifier and server computer data that relates to each respective server computer, d) selects a selected recognition response message of the one or more recognition response messages, and e) generates the user credential verification request message comprising the user identifier, the first server computer data of the selected recognition response message, and the interaction data 2. The method of claim 1, wherein the universal authentication application is a component on the user device. 3. The method of claim 2, wherein the user device further includes the authenticator. 6. The method of claim 1, wherein the server computer data originates from any server computer of the plurality of server computers. 7. The method of claim 1, wherein the authenticator determines whether or not to verify the biometric information of the user based at least on the server computer data. 8. (Original) The method of claim 7, wherein the plurality of portable device credentials are a plurality of masked portable device credentials, wherein the resource provider computer obtains each of the masked portable device credentials from a different server computer based on the signed interaction data generated by the authenticator. 12. The user device of claim 10, wherein the user identifier is a universally unique identifier. 9. A method comprising: receiving, by a universal authentication application from a resource provider computer, a user credential verification request message comprising a user identifier, server computer data, and interaction data for an interaction between a resource provider of the resource provider computer and a user of a user device; transmitting, by the universal authentication application, the user credential verification request message to a web browser that invokes an authenticator to verify biometric information of the user; receiving, by the universal authentication application, a user credential verification response message from the authenticator, the user credential verification response message comprising signed interaction data; and sending, by the universal authentication application, the user credential verification response message to the resource provider computer, wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers, sending, by the universal authentication application, the user credential verification response message to the resource provider computer, wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers, wherein the user credential verification request message is a first user credential verification request message, the server computer data is first server computer data, the interaction data is first interaction data, the interaction is a first interaction, the user credential verification response message is a first user credential verification response message, the signed interaction data is first signed interaction data, the plurality of portable device credentials are a plurality of first portable device credentials, wherein the method further comprises: receiving, by the universal authentication application from the resource provider computer or another resource provider computer, a second user credential verification request message comprising the user identifier, second server computer data, and second interaction data for a second interaction between the resource provider of the resource provider computer and the user of the user device, wherein the first server computer data originates from a first server computer and the second server computer data originates from a second server computer; transmitting, by the universal authentication application, the second user credential verification request message to the Web browser that invokes the authenticator to verify the biometric information of the user; receiving, by the universal authentication application, a second user credential verification response message from the authenticator, the second user credential verification response message comprising second signed interaction data; and sending, by the universal authentication application, the second user credential verification response message to the resource provider computer, wherein the resource provider computer provides at least the second signed interaction data to at least one of the plurality of server computers to retrieve the plurality of portable device credentials respectively associated with the plurality of server computers. 10. A user device comprising: a processor; and a computer-readable medium coupled to the processor, the computer-readable medium comprising code executable by the processor for implementing a method comprising: receiving, by a universal authentication application of the user device from a resource provider computer, a user credential verification request message comprising a user identifier, server computer data, and interaction data for an interaction between a resource provider of the resource provider computer and a user of the user device; transmitting, by the universal authentication application, the user credential verification request message to a web browser that invokes an authenticator to verify biometric information of the user; receiving, by the universal authentication application, a user credential verification response message from the authenticator, the user credential verification response message comprising signed interaction data; and sending, by the universal authentication application, the user credential verification response message to the resource provider computer, wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers wherein the user credential verification request message is a first user credential verification request message, the server computer data is first server computer data, the interaction data is first interaction data, the interaction is a first interaction, the user credential verification response message is a first user credential verification response message, the signed interaction data is first signed interaction data, the plurality of portable device credentials are a plurality of first portable device credentials, wherein the method further comprises: receiving, by the universal authentication application from the resource provider computer or another resource provider computer, a second user credential verification request message comprising the user identifier, second server computer data, and second interaction data for a second interaction between the resource provider of the resource provider computer and the user of the user device, wherein the first server computer data originates from a first server computer and the second server computer data originates from a second server computer; transmitting, by the universal authentication application, the second user credential verification request message to the Web browser that invokes the authenticator to verify the biometric information of the user; receiving, by the universal authentication application, a second user credential verification response message from the authenticator, the second user credential verification response message comprising second signed interaction data; and sending, by the universal authentication application, the second user credential verification response message to the resource provider computer, wherein the resource provider computer provides at least the second signed interaction data to at least one of the plurality of server computers to retrieve the plurality of portable device credentials respectively associated with the plurality of server computers. 11. The user device of claim 10, wherein after the authenticator verifies the biometric information of the user, the authenticator signs the interaction data with a private key. 12. The user device of claim 10, wherein the user identifier is a universally unique identifier. 14. (Original) The user device of claim 10, wherein the interaction is a secure data interaction, a secure webpage interaction, or a secure location interaction. Claim Rejections – 35 USC 103 6. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office Action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 7. Claims 1-7 and 9-20 are rejected under 35 USC 103 as being unpatentable over Maheshwari et al (US 2019/0005487) in view of Avetisov et al (US 2020/0067907). Regarding claim 1, Maheshwari et al teaches a method, comprising: receiving, by a universal authentication application (fig. 4, ‘408, fig. 9, par [0020], par [0037], lines 1-5, & par [0063], lines 1-18, which disclose a client application implemented a user GUI, for the user to receive authentication-related information) from a resource provider computer, a user credential verification request message comprising a user identifier (fig. 3-4, fig. 5-9, par [0017], and par [0020], which disclose the user interface receiving prompts, from a merchant-related computing system, for a user to input credentials for authentication, including the user’s ID and biometric data), server computer data (fig. 1 & fig. 2, ‘202 & fig. 4, ‘202, which disclose the user modules in communication with a server system during a transaction), and interaction data for an interaction between a resource provider of the resource provider computer and a user of a user device (fig. 3-4 & par [0059], lines 3-13, which discloses merchant identification data transmitted between the user’s account and the merchant-related computing system, during the transaction process); and transmitting, by the universal authentication application, the user credential verification request message to a web browser that invokes an authenticator to verify biometric information of the user (fig. 4, fig. 6, fig. 9, and par [0066], lines 5-10, which disclose using the user’s input module and processor to display a prompt transmitted to the user’ user interface, which may be implemented as a web browser, requesting the user to input biometric/fingerprint credentials). Maheshwari et al does not explicitly teach receiving, by the universal authentication application, a user credential verification response message from the authenticator, the user credential verification response message comprising signed interaction data; and sending, by the universal authentication application, the user credential verification response message to the resource provider computer, wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers. However, Avetisov et al teaches receiving, by the universal authentication application, a user credential verification response message from the authenticator (fig. 1, ‘120 & par [0227], lines 1-6, which discloses an API implemented for transmitting authentication responses between an authentication application and other TEE/CEE applications on the same device), the user credential verification response message comprising signed interaction data (par [0231], lines 1-10, which disclose transmitting a signed authentication response between the authentication application and TEE application, in response to an authentication-related request being transmitted); and sending, by the universal authentication application, the user credential verification response message to the resource provider computer (fig. 1, ‘145/‘147 & par [0096], lines 1-10, which discloses transmitting a response to a security credential request to a server containing the online resources), wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers (fig. 3A, ‘333 & ‘334, fig. 3B, ‘346, & par [0012], lines 20-38, which disclose transmitting first and second signed authentication response data to first and second servers, in response to the transmitted credential verification request). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the teachings of Avetisov et al within the financial transaction authentication embodiment of Maheshwari et al in order to provide the predictive result of improving computer security by preventing unauthorized access of secure user credentials provided by client devices even in the event that a malicious party has access to an authorized user’s device (as disclosed in par [0029], lines 15-30 of Avetisov et al). Regarding claim 2, Maheshwari et al and Avetisov et al teach the limitations of claim 1. Maheshwari et al further teaches wherein the universal authentication application is a component on the user device (fig. 4, ‘408, par [0037], lines 1-3, par [0063], lines 15-18, which disclose the client application being implemented for authenticating user identity). Regarding claim 3, Maheshwari et al does not explicitly teach wherein the user device further includes the authenticator. However, Avetisov et al further teaches wherein the user device further includes the authenticator (fig. 1, ‘120, “authentication application”). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the teachings of Avetisov et al within the financial transaction authentication embodiment of Maheshwari et al according to the motivation disclosed regarding claim 1. Regarding claim 4, Maheshwari et al and Avetisov et al teach the limitations of claim 1. Maheshwari et al further teaches wherein the user device is a mobile phone (par [0135], lines 12-15). Regarding claim 5, Maheshwari et al and Avetisov et al teach the limitations of claim 1. Maheshwari et al further teaches wherein the biometric information of the user comprises data associated with a voice sample, a face sample (par [0068], “iris scan”), or a fingerprint (par [0068], “fingerprint scan”). Regarding claim 6, Maheshwari et al and Avetisov et al teach the limitations of claim 1. Maheshwari et al further teaches wherein the server computer data originates from any server computer of the plurality of server computers (par [0135], lines 16-17). Regarding claim 7, Maheshwari et al and Avetisov et al teach the limitations of claim 1. Maheshwari et al further teaches wherein the authenticator determines whether or not to verify the biometric information of the user based at least on the server computer data (par [0084], which discloses utilizing the server system to determine if a user’s entered biometric data is successful). Regarding claim 9, Maheshwari et al and Avetisov et al teach the limitations of claim 1 Maheshwari et al further teaches wherein the user identifier is a universally unique identifier (UUID) (par [0036], lines 8-12). Regarding claim 10, Maheshwari et al teaches a user device (fig. 4, ‘208), comprising: a processor (fig. 4, ‘402); and a computer-readable medium coupled to the processor (par [0010], lines 1-6), the computer-readable medium comprising code executable by the processor for implementing a method comprising: receiving, by a universal authentication application (fig. 4, ‘408, fig. 9, par [0020], par [0037], lines 1-5, & par [0063], lines 1-18, which disclose a client application implemented a user GUI, for the user to receive authentication-related information) from a resource provider computer, a user credential verification request message comprising a user identifier (fig. 3-4, fig. 5-9, par [0017], and par [0020], which disclose the user interface receiving prompts, from a merchant-related computing system, for a user to input credentials for authentication, including the user’s ID and biometric data), server computer data (fig. 1 & fig. 2, ‘202 & fig. 4, ‘202, which disclose the user modules in communication with a server system during a transaction), and interaction data for an interaction between a resource provider of the resource provider computer and a user of a user device (fig. 3-4 & par [0059], lines 3-13, which discloses merchant identification data transmitted between the user’s account and the merchant-related computing system, during the transaction process); and transmitting, by the universal authentication application, the user credential verification request message to a web browser that invokes an authenticator to verify biometric information of the user (fig. 4, fig. 6, fig. 9, and par [0066], lines 5-10, which disclose using the user’s input module and processor to display a prompt transmitted to the user’ user interface, which may be implemented as a web browser, requesting the user to input biometric/fingerprint credentials). Maheshwari et al does not explicitly teach receiving, by the universal authentication application, a user credential verification response message from the authenticator, the user credential verification response message comprising signed interaction data; and sending, by the universal authentication application, the user credential verification response message to the resource provider computer, wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers. However, Avetisov et al teaches receiving, by the universal authentication application, a user credential verification response message from the authenticator (fig. 1, ‘120 & par [0227], lines 1-6, which discloses an API implemented for transmitting authentication responses between an authentication application and other TEE/CEE applications on the same device), the user credential verification response message comprising signed interaction data (par [0231], lines 1-10, which disclose transmitting a signed authentication response between the authentication application and TEE application, in response to an authentication-related request being transmitted); and sending, by the universal authentication application, the user credential verification response message to the resource provider computer (fig. 1, ‘145/‘147 & par [0096], lines 1-10, which discloses transmitting a response to a security credential request to a server containing the online resources), wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers (fig. 3A, ‘333 & ‘334, fig. 3B, ‘346, & par [0012], lines 20-38, which disclose transmitting first and second signed authentication response data to first and second servers, in response to the transmitted credential verification request). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the teachings of Avetisov et al within the financial transaction authentication embodiment of Maheshwari et al in order to provide the predictive result of improving computer security by preventing unauthorized access of secure user credentials provided by client devices even in the event that a malicious party has access to an authorized user’s device (as disclosed in par [0029], lines 15-30 of Avetisov et al). Regarding claim 11, Maheshwari et al and Avetisov et al teach the limitations of claim 10. Maheshwari et al further teaches wherein after the authenticator verifies the biometric information of the user (par [0037], lines 1-3). Maheshwari et al does not explicitly teach wherein the authenticator signs the interaction data with private key. However, Avetisov et al further teaches wherein the authenticator signs the interaction data with private key (par [0010], lines 45-50, “second signed data is signed by a private key”). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the teachings of Avetisov et al within the financial transaction authentication embodiment of Maheshwari et al according to the motivation disclosed regarding claim 10. Regarding claim 12, Maheshwari et al and Avetisov et al teach the limitations of claim 1 Maheshwari et al further teaches wherein the user identifier is a universally unique identifier (UUID) (par [0036], lines 8-12). Regarding claim 13, Maheshwari et al and Avetisov et al teach the limitations of claim 10. Maheshwari et al further teaches wherein the plurality of portable device credentials comprise primary account numbers (par [0079], lines 6-7, “information related to user account numbers”). Regarding claim 14, Maheshwari et al and Avetisov et al teach the limitations of claim 10. Maheshwari et al further teaches wherein the interaction is a secure data interaction (par [0037], lines 1-5, “when performing a financial transaction”), a secure webpage interaction, or a secure location interaction. Regarding claim 15, Maheshwari et al and Avetisov et al teach the limitations of claim 10. Maheshwari et al further teaches wherein the user device is a mobile phone (par [0135], lines 12-15). Regarding claim 16, Maheshwari et al teaches a system comprising: a user device (fig. 4, ) comprising: a processor (fig. 4, ‘402); and a computer-readable medium coupled to the processor (par [0010], lines 1-6), the computer-readable medium comprising code executable by the processor for implementing a method comprising: receiving, by a universal authentication application (fig. 4, ‘408, fig. 9, par [0020], par [0037], lines 1-5, & par [0063], lines 1-18, which disclose a client application implemented a user GUI, for the user to receive authentication-related information) from a resource provider computer, a user credential verification request message comprising a user identifier (fig. 3-4, fig. 5-9, par [0017], and par [0020], which disclose the user interface receiving prompts, from a merchant-related computing system, for a user to input credentials for authentication, including the user’s ID and biometric data), server computer data (fig. 1 & fig. 2, ‘202 & fig. 4, ‘202, which disclose the user modules in communication with a server system during a transaction), and interaction data for an interaction between a resource provider of the resource provider computer and a user of a user device (fig. 3-4 & par [0059], lines 3-13, which discloses merchant identification data transmitted between the user’s account and the merchant-related computing system, during the transaction process); and transmitting, by the universal authentication application, the user credential verification request message to a web browser that invokes an authenticator to verify biometric information of the user (fig. 4, fig. 6, fig. 9, and par [0066], lines 5-10, which disclose using the user’s input module and processor to display a prompt transmitted to the user’ user interface, which may be implemented as a web browser, requesting the user to input biometric/fingerprint credentials). Maheshwari et al does not explicitly teach receiving, by the universal authentication application, a user credential verification response message from the authenticator, the user credential verification response message comprising signed interaction data; sending, by the universal authentication application, the user credential verification response message to the resource provider computer, wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers; and the resource provider computer in communication with the user device. However, Avetisov et al teaches receiving, by the universal authentication application, a user credential verification response message from the authenticator (fig. 1, ‘120 & par [0227], lines 1-6, which discloses an API implemented for transmitting authentication responses between an authentication application and other TEE/CEE applications on the same device), the user credential verification response message comprising signed interaction data (par [0231], lines 1-10, which disclose transmitting a signed authentication response between the authentication application and TEE application, in response to an authentication-related request being transmitted); sending, by the universal authentication application, the user credential verification response message to the resource provider computer (fig. 1, ‘145/‘147 & par [0096], lines 1-10, which discloses transmitting a response to a security credential request to a server containing the online resources), wherein the resource provider computer provides at least the signed interaction data to a plurality of server computers to retrieve a plurality of portable device credentials respectively associated with the plurality of server computers (fig. 3A, ‘333 & ‘334, fig. 3B, ‘346, & par [0012], lines 20-38, which disclose transmitting first and second signed authentication response data to first and second servers, in response to the transmitted credential verification request); and the resource provider computer in communication with the user device (fig. 1, ‘147). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the teachings of Avetisov et al within the financial transaction authentication embodiment of Maheshwari et al in order to provide the predictive result of improving computer security by preventing unauthorized access of secure user credentials provided by client devices even in the event that a malicious party has access to an authorized user’s device (as disclosed in par [0029], lines 15-30 of Avetisov et al). Regarding claim 17, Maheshwari et al and Avetisov et al teach the limitations of claim 16. Maheshwari et al further teaches the plurality of server computers (par [0135], lines 16-17). Regarding claim 18, Maheshwari et al and Avetisov et al teach the limitations of claim 16. Maheshwari et al further teaches wherein the user device is a mobile phone (par [0135], lines 12-15). Regarding claim 19, Maheshwari et al and Avetisov et al teach the limitations of claim 16. Maheshwari et al further teaches wherein the plurality of portable device credentials comprise primary account numbers (par [0079], lines 6-7, “information related to user account numbers”). Regarding claim 20, Maheshwari et al and Avetisov et al teach the limitations of claim 16. Maheshwari et al further teaches wherein the interaction data comprises an amount (par [0044], lines 12-14, “amount of the purchase”). 8. Claim 8 is rejected under 35 USC 103 as being unpatentable over Maheshwari et al (US 2019/0005487) in view of Avetisov et al (US 2020/0067907), further in view of Shavell et al (US 2016/0300231). Regarding claim 8, Maheshwari et al and Avetisov et al do not explicitly teach wherein the plurality of portable device credentials are a plurality of masked portable device credentials, wherein the resource provider computer obtains each of the masked portable device credentials from a different server computer based on the signed interaction data generated by the authenticator. However, Shavell et al teaches wherein the plurality of portable device credentials are a plurality of masked portable device credentials (Abstract, “masked credentials associated with the user”), wherein the resource provider computer obtains each of the masked portable device credentials from a different server computer based on the signed interaction data generated by the authenticator (Abstract & par [0062], lines 1-6, which disclose the masked credentials associated with a user terminal being provided by a server platform). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the teachings of Shavell et al within the teachings of Maheshwari et al and Avetisov et al in order to provide the predictive result of improving protection of user credentials during a transaction by implementing the anonymous credential server platform (as disclosed in par [0058], lines 1-10 of Shavell et al) because this feature would allow the disclosures of Maheshwari et al and Avetisov et al to further prevent unauthorized sources from accessing user identification by requiring that the user device credential to be accessed via a proxy server platform that scrambles the identification data of each user device. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Randy A. Scott whose telephone number is (571) 272-3797. The examiner can normally be reached on Monday-Thursday 7:30 am-5:00 pm, second Fridays 7:30 am-4pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /RANDY A SCOTT/Primary Examiner, Art Unit 2439 20260323
Read full office action

Prosecution Timeline

Sep 19, 2024
Application Filed
Apr 01, 2026
Non-Final Rejection mailed — §103
May 01, 2026
Applicant Interview (Telephonic)
May 01, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

18/225,763
Patent 12641062
SECURITY REPLICATOR FOR PERSONAL ARTIFICIAL INTELLIGENCE SYSTEM
2y 10m to grant Granted May 26, 2026
18/438,095
Patent 12621304
SYSTEMS AND METHOD FOR AUTHENTICATING USERS OF A DATA PROCESSING PLATFORM FROM MULTIPLE IDENTITY PROVIDERS
2y 2m to grant Granted May 05, 2026
17/864,860
Patent 12615144
A Method for Tunneling an Internet Protocol Connection Between Two Endpoints
3y 9m to grant Granted Apr 28, 2026
16/159,436
Patent 12564764
SYSTEM AND METHOD OF BASKETBALL TESTING
7y 4m to grant Granted Mar 03, 2026
18/318,617
Patent 12556581
Policy based privileged remote access in zero trust private networks
2y 9m to grant Granted Feb 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
85%
Grant Probability
82%
With Interview (-2.1%)
2y 10m (~1y 2m remaining)
Median Time to Grant
Low
PTA Risk
Based on 946 resolved cases by this examiner. Grant probability derived from career allowance rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month