Prosecution Insights
Last updated: July 05, 2026
Application No. 18/896,853

Secure Management of Execution of an Application

Final Rejection §101§112
Filed
Sep 25, 2024
Priority
Apr 18, 2023 — continuation of 12/136,092
Examiner
MUSTAFA, MOHAMMED H
Art Unit
3693
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
T-Mobile USA Inc.
OA Round
2 (Final)
35%
Grant Probability
At Risk
3-4
OA Rounds
1y 2m
Est. Remaining
67%
With Interview

Examiner Intelligence

Grants only 35% of cases
35%
Career Allowance Rate
62 granted / 175 resolved
-16.6% vs TC avg
Strong +31% interview lift
Without
With
+31.4%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
23 currently pending
Career history
207
Total Applications
across all art units

Statute-Specific Performance

§101
55.2%
+15.2% vs TC avg
§103
36.2%
-3.8% vs TC avg
§102
5.5%
-34.5% vs TC avg
§112
0.2%
-39.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 175 resolved cases

Office Action

§101 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims This action is in reply to the communications filed on 02/03/2026. Claims 1, 5, 7, and 14 have been amended and are hereby entered. Claims 1-20 are currently pending and have been examined. This action is made Final. Examiner Request The Applicant is requested to indicate where in the specification there is support for future claim amendments to avoid U.S.C 112(a) issues that can arise. The Examiner thanks the Applicant in advance. Terminal Disclaimer The terminal disclaimer filed on February 3rd, 2026 disclaiming the terminal portion of any patent granted on this application, which would extend beyond the expiration date of US PAT. 12,136,092 has been reviewed and is accepted. The terminal disclaimer has been recorded. Claim Objections Claims 1, 11, 12, and 14 are objected to because of the following informalities: Claim 1: line 20 recites the limitation “a trusted area of the wireless communication device.” “A trusted area” is initially and previously recited in Claim 1: lines 7-8. Is the ‘trusted area’ recited in Claim 1: line 20 different than ‘a trusted area’ initially and previously recited in Claim 1: lines 7-8? It appears there is a typographical mistake since the specification only points to one trusted area for this interpretation. For compact examination purposes, Examiner interpreted the instance recited in Claim 1: line 20, after the initial recitation in Claim 1: lines 7-8, as “the trusted area of the wireless communication device.” Appropriate correction is required. Claim 11: lines 6-7 and Claim 12: lines 6-7 recite the limitation “a trusted area of the second wireless communication device.” “A trusted area” is initially and previously recited in Independent Claim 7: lines 16-17. Is the ‘trusted area’ recited in Dependent Claim 11: lines 6-7 and Dependent Claim 12: lines 6-7 different than ‘a trusted area’ initially and previously recited in Independent Claim 7: line 20? It appears there is a typographical mistake since the specification only points to one trusted area for this interpretation. For compact examination purposes, Examiner interpreted the instances recited in Claim 11: lines 6-7 and Claim 12: lines 6-7, after the initial recitation in Independent Claim 7: lines 16-17, as “the trusted area of the second wireless communication device.” Appropriate correction is required. Claim 14: lines 26-27 recites the limitation “the trusted area of the first wireless communication device.” A “trusted area of the first wireless communication device” was not previously recited in Independent Claim 14. It appears there is a typographical mistake. For compact examination purposes, Examiner interpreted the instance recited in Claim 14: lines 26-27 as “a trusted area of the first wireless communication device.” Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. Claims 1-13 are rejected under 35 U.S.C. 112(a), as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA the inventor(s), at the time the application was filed, had possession of the claimed invention. For instance, in In re Hayes Microcomputer Products, the written description requirement was satisfied because the specification disclosed the specific type of microcomputer used in the claimed invention as well as the necessary steps for implementing the claimed function. The disclosure was in sufficient detail such that one skilled in the art would know how to program the microprocessor to perform the necessary steps described in the specification. In re Hayes Microcomputer Prods., Inc. Patent Litigation, 982 F.2d 1527, 1533-34, 25 USPQ2d 1241, ___ (Fed. Cir. 1992). In the present applicant, independent claim 1 recite “the initial profile constructed by a portion of the API executing in a trusted area of the wireless communication device by surveying hardware and software resources of the wireless communication device” where this limitation recites “constructed by a portion of the API executing in a trusted area of the wireless communication device” which is not disclosed within the application’s specification and to show possession of the invention at the time of filing. While one skilled in the art could have devised a way to accomplish this aspect of the invention, Applicant’s original disclosure lacks sufficient detail to explain how Applicant envisioned achieving the goal of the initial profile constructed by a portion of the API executing in a trusted area of the wireless communication device. Similarly, in the present applicant, independent claim 7 recite “the first initial profile is constructed by a portion of the first API executing in a trusted area of the first wireless communication device” and “the second initial profile is constructed by the second API executing in a trusted area of the second wireless communication device by surveying the hardware and software resources of the second wireless communication device;” where these limitations recite “constructed by a portion of the first API executing in a trusted area of the first wireless communication device” and “second initial profile is constructed by the second API executing in a trusted area of the second wireless communication device by surveying the hardware and software resources of the second wireless communication device,” which is not disclosed within the application’s specification and to show possession of the invention at the time of filing. While one skilled in the art could have devised a way to accomplish this aspect of the invention, Applicant’s original disclosure lacks sufficient detail to explain how Applicant envisioned achieving the goal of the first initial profile is constructed by a portion of the first API executing in a trusted area of the first wireless communication device; and the second initial profile is constructed by the second API executing in a trusted area of the second wireless communication device by surveying the hardware and software resources of the second wireless communication device. Simply stating or re-stating the claim limitation does not provide enough support to show possession. Since these important details about how the invention operates are not disclosed, it is not readily evident that Applicant has full possession of the invention at the time of filing (i.e., the original disclosure fails to provide adequate written description to support the claimed invention as a whole). Neither the specification nor the drawings disclose in detail the specific steps or algorithm needed to perform the operation. If the specification does not provide a disclosure of the computer and algorithm in sufficient detail to demonstrate to one of ordinary skill in the art that the inventor possessed the invention including how to program the disclosed computer to perform the claimed function, a rejection under 35 U.S.C. 112a, for lack of written description must be made. For more information regarding the written description requirement, see MPEP §2161.01- §2163.07(b). Dependent claims 2-6 and 8-13 are rejected by virtue of dependency on independent claims 1 and 7. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea of processing profile data without significantly more. Claim 1 is directed to a method, which is one of the statutory categories of invention; Claim 7 is directed to a method, which is one of the statutory categories of invention; and Claim 14 is directed to a system, which is one of the statutory categories of invention. (Step 1: YES). Claim 1 is directed to a method of managing execution of a secure application, comprising: receiving, by a secure application manager executing on a computer, an initial profile of a wireless communication device from an application programming interface (API) of the secure application on the wireless communication device, the initial profile constructed by a portion of the API executing in a trusted area of the wireless communication device by surveying hardware and software resources of the wireless communication device and comprising a plurality of an identity of the wireless communication device, a firmware version of the wireless communication device, an operating system version of the wireless communication device, or a hash value determined over the API as installed on the wireless communication device; storing the initial profile as an immutable record in a datastore; receiving, by the secure application manager, a request from the API on the wireless communication device to invoke an operation of the secure application, wherein the request comprises a current profile of the wireless communication device generated by surveying the hardware and software resources of the wireless communication device via the portion of the API executing in a trusted area of the wireless communication device; comparing, by the secure application manager, the current profile of the wireless communication device to the initial profile of the wireless communication device stored in the immutable record in the datastore; responsive to the current profile of the wireless communication device matching the initial profile of the wireless communication device, passing, by the secure application manager, the request to the secure application for execution; and responsive to the current profile of the wireless communication device not matching the initial profile of the wireless communication device, determining that the wireless communication device is presumptively compromised and preventing passage of the request to the secure application for execution by rejecting, by the secure application manager, the request. These series of steps describe the abstract idea of processing profile data (with the exception of the italicized and bolded terms above), which is mitigating risk of an unauthorized uses of profiles by processing, updating, and securing profile data; therefore, corresponding to a fundamental economic principle or practice (including mitigating risk). Hence, a fundamental economic principle or practice (mitigating risk) is a Certain Methods of Organizing Human Activity. The system limitations, e.g., a secure application, secure application manager, computer, wireless communication device, application programming interface (API), trusted area of the wireless communication device, hardware and software resources, firmware version, operating system version, hash value, and datastore, do not necessarily restrict the claim from reciting an abstract idea. Thus, claim 1 recites an abstract idea (Step 2A-Prong 1: YES). This judicial exception is not integrated into a practical application because the additional elements of a secure application, secure application manager, computer, wireless communication device, application programming interface (API), trusted area of the wireless communication device, hardware and software resources, firmware version, operating system version, hash value, and datastore, are no more than simply applying the abstract idea using generic computer elements. The additional elements listed above are all recited at a high level of generality and under their broadest reasonable interpretation comprises a generic computing arrangement. The presence of a generic computer arrangement is nothing more than to implement the claimed invention (MPEP 2106.05(f)). Therefore, the recitations of additional elements do not meaningfully apply the abstract idea and hence do not integrate the abstract idea into a practical application. Thus, claim 1 does not integrate the abstract idea into a practical application (Step 2A-Prong 2: NO). Claim 1 does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements of a secure application, secure application manager, computer, wireless communication device, application programming interface (API), trusted area of the wireless communication device, hardware and software resources, firmware version, operating system version, hash value, and datastore, are recited at a high level of generality in that it results in no more than simply applying the abstract idea using generic computer elements. The additional elements when considered separately and as an ordered combination do not amount to add significantly more as these limitations provide nothing more than to simply apply the exception in a generic computer environment (Step 2B: NO). Thus, claim 1 is not patent eligible. Dependent claims 2-6 are directed to a method, which recites the steps that describe the abstract idea of processing profile data. Furthermore, dependent claims 2-6 are directed to a method, which recite the steps: “wherein the wireless communication device is an Internet of things (IoT) device; wherein the wireless communication device is one of a smart phone, a mobile phone, a laptop computer, a desktop computer, a tablet computer, a notebook computer, a wearable computer, a robot, or an in-vehicle computer; wherein the API of the secure application comprises a secure application API portion that executes on the wireless communication device normally and a secure application API trustlet that executes in a trusted mode supported by the wireless communication device, and wherein the secure application API trustlet builds the initial profile of the wireless communication device and transmits the initial profile to the secure application manager; wherein the wireless communication device communicates via an industry standardized wireless communication protocol; and wherein the wireless communication device communicates via one of a 5G, a long-term evolution (LTE), a code division multiple access (CDMA), or a global system for mobile communications (GSM) telecommunication protocol.” These series of steps describe the abstract idea of processing profile data (with the exception of the italicized and bolded terms above), which is mitigating risk of an unauthorized uses of profiles by processing, updating, and securing profile data; therefore, corresponding to a fundamental economic principle or practice (including mitigating risk). Hence, a fundamental economic principle or practice (mitigating risk) is a Certain Methods of Organizing Human Activity. Thus, claims 2-6 are directed to an abstract idea. The additional elements of a secure application, secure application manager, computer, wireless communication device, application programming interface (API), trusted area of the first wireless communication device, hardware and software resources, firmware version, operating system version, hash value, datastore, Internet of things (IoT) device, smart phone, mobile phone, laptop computer, desktop computer, tablet computer, notebook computer, wearable computer, robot, in-vehicle computer, secure application API portion, a secure application API trustlet, industry standardized wireless communication protocol, 5G, long-term evolution (LTE), code division multiple access (CDMA), and global system for mobile communications (GSM) telecommunication protocol, are no more than simply applying the abstract idea using generic computer elements. The presence of a generic computer arrangement is nothing more than to implement the claimed invention (MPEP 2106.05(f)). The computer network limitations are a field of use limitations (MPEP 2106.05(h)).Therefore, the recitations of additional elements do not meaningfully apply the abstract idea and hence do not integrate the abstract idea into a practical application. Furthermore, the additional elements: a secure application, secure application manager, computer, wireless communication device, application programming interface (API), trusted area of the first wireless communication device, hardware and software resources, firmware version, operating system version, hash value, datastore, Internet of things (IoT) device, smart phone, mobile phone, laptop computer, desktop computer, tablet computer, notebook computer, wearable computer, robot, in-vehicle computer, secure application API portion, a secure application API trustlet, industry standardized wireless communication protocol, 5G, long-term evolution (LTE), code division multiple access (CDMA), and global system for mobile communications (GSM) telecommunication protocol, do not amount to add significantly more as these limitations provide nothing more than to simply apply the exception in a generic computer environment. Claim 7 is directed to a method of managing execution of a plurality of secure applications, comprising: receiving, by a secure application manager executing on a computer, a first initial profile of a first wireless communication device from a first application programming interface (API) of a first secure application on the first wireless communication device, wherein the first initial profile is constructed by a portion of the first API executing in a trusted area of the first wireless communication device by surveying hardware and software resources of the wireless communication device and comprising a plurality of an identity of the first wireless communication device, a firmware version of the first wireless communication device, an operating system version of the first wireless communication device, or a hash value determined over the first API as installed on the first wireless communication device; receiving, by the secure application manager, a second initial profile of a second wireless communication device from a second API of a second secure application on the second wireless communication device, wherein the second initial profile is constructed by the second API executing in a trusted area of the second wireless communication device by surveying the hardware and software resources of the second wireless communication device and comprising a plurality of an identity of the second wireless communication device, a firmware version of the second wireless communication device, an operating system version of the second wireless communication device, or a hash value determined over the second API as installed on the first wireless communication device, and wherein the first secure application and the second secure application are different; storing, by the secure application manager, the first initial profile and the second initial profile as immutable records in a datastore; receiving, by the secure application manager, a first request from the first API on the first wireless communication device to invoke an operation of the first secure application, wherein the first request comprises a current profile of the first wireless communication device generated by surveying the hardware and software resources of the wireless communication device via the portion of the first API executing in the trusted area of the first wireless communication device; comparing, by the secure application manager, the current profile of the first wireless communication device to the first initial profile of the first wireless communication device stored in one of the immutable records in the datastore; responsive to the current profile of the first wireless communication device matching the initial profile of the first wireless communication device, passing, by the secure application manager, the request to the first secure application for execution to invoke the operation of the first secure application; and responsive to the current profile of the first wireless communication device not matching the initial profile of the first wireless communication device, determining that the first wireless communication device is presumptively compromised and preventing passage of the request to the first secure application for execution by rejecting, by the secure application manager, the request. These series of steps describe the abstract idea of processing profile data (with the exception of the italicized and bolded terms above), which is mitigating risk of an unauthorized uses of profiles by processing, updating, and securing profile data; therefore, corresponding to a fundamental economic principle or practice (including mitigating risk). Hence, a fundamental economic principle or practice (mitigating risk) is a Certain Methods of Organizing Human Activity. The system limitations, e.g., a plurality of secure applications, secure application manager, computer, first wireless communication device, first application programming interface (API), first secure application, trusted area of the first wireless communication device, trusted area of the second wireless communication device, hardware and software resources, firmware version of the first wireless communication device, operating system version of the first wireless communication device, hash value determined over the first API, second wireless communication device, second API , second secure application, firmware version of the second wireless communication device, operating system version of the second wireless communication device, hash value determined over the second API, and datastore, do not necessarily restrict the claim from reciting an abstract idea. Thus, claim 7 recites an abstract idea (Step 2A-Prong 1: YES). This judicial exception is not integrated into a practical application because the additional elements of a plurality of secure applications, secure application manager, computer, first wireless communication device, first application programming interface (API), first secure application, trusted area of the first wireless communication device, trusted area of the second wireless communication device, hardware and software resources, firmware version of the first wireless communication device, operating system version of the first wireless communication device, hash value determined over the first API, second wireless communication device, second API , second secure application, firmware version of the second wireless communication device, operating system version of the second wireless communication device, hash value determined over the second API, and datastore, are no more than simply applying the abstract idea using generic computer elements. The additional elements listed above are all recited at a high level of generality and under their broadest reasonable interpretation comprises a generic computing arrangement. The presence of a generic computer arrangement is nothing more than to implement the claimed invention (MPEP 2106.05(f)). Therefore, the recitations of additional elements do not meaningfully apply the abstract idea and hence do not integrate the abstract idea into a practical application. Thus, claim 7 does not integrate the abstract idea into a practical application (Step 2A-Prong 2: NO). Claim 7 does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements of a plurality of secure applications, secure application manager, computer, first wireless communication device, first application programming interface (API), first secure application, trusted area of the first wireless communication device, trusted area of the second wireless communication device, hardware and software resources, firmware version of the first wireless communication device, operating system version of the first wireless communication device, hash value determined over the first API, second wireless communication device, second API , second secure application, firmware version of the second wireless communication device, operating system version of the second wireless communication device, hash value determined over the second API, and datastore, are recited at a high level of generality in that it results in no more than simply applying the abstract idea using generic computer elements. The additional elements when considered separately and as an ordered combination do not amount to add significantly more as these limitations provide nothing more than to simply apply the exception in a generic computer environment (Step 2B: NO). Thus, claim 7 is not patent eligible. Dependent claims 8-13 are directed to a method, which recites the steps that describe the abstract idea of processing profile data. Furthermore, dependent claims 8-10 are directed to a method, which recite the steps: “wherein the first wireless communication device and the second wireless communication device are different wireless communication devices; wherein at least one of the first wireless communication device or the second wireless communication device is an Internet of things (IoT) device; and wherein at least one of the first wireless communication device or the second wireless communication device is one of a smart phone, a mobile phone, a laptop computer, a desktop computer, a tablet computer, a notebook computer, a wearable computer, a robot, or an in-vehicle computer.” These series of steps describe the abstract idea of processing profile data (with the exception of the italicized and bolded terms above), which is mitigating risk of an unauthorized uses of profiles by processing, updating, and securing profile data; therefore, corresponding to a fundamental economic principle or practice (including mitigating risk). Hence, a fundamental economic principle or practice (mitigating risk) is a Certain Methods of Organizing Human Activity. Thus, claims 8-13 are directed to an abstract idea. The additional elements of a plurality of secure applications, secure application manager, computer, first wireless communication device, first application programming interface (API), first secure application, trusted area of the first wireless communication device, trusted area of the second wireless communication device, hardware and software resources, firmware version of the first wireless communication device, operating system version of the first wireless communication device, hash value determined over the first API, second wireless communication device, second API , second secure application, firmware version of the second wireless communication device, operating system version of the second wireless communication device, hash value determined over the second API, datastore, different wireless communication devices, Internet of things (IoT) device, smart phone, mobile phone, laptop computer, desktop computer, tablet computer, notebook computer, wearable computer, robot, and in-vehicle computer, are no more than simply applying the abstract idea using generic computer elements. The presence of a generic computer arrangement is nothing more than to implement the claimed invention (MPEP 2106.05(f)). Therefore, the recitations of additional elements do not meaningfully apply the abstract idea and hence do not integrate the abstract idea into a practical application. Furthermore, the additional elements: a plurality of secure applications, secure application manager, computer, first wireless communication device, first application programming interface (API), first secure application, trusted area of the first wireless communication device, trusted area of the second wireless communication device, hardware and software resources, firmware version of the first wireless communication device, operating system version of the first wireless communication device, hash value determined over the first API, second wireless communication device, second API , second secure application, firmware version of the second wireless communication device, operating system version of the second wireless communication device, hash value determined over the second API, datastore, different wireless communication devices, Internet of things (IoT) device, smart phone, mobile phone, laptop computer, desktop computer, tablet computer, notebook computer, wearable computer, robot, and in-vehicle computer, do not amount to add significantly more as these limitations provide nothing more than to simply apply the exception in a generic computer environment. Claim 14 is directed to a secure application management system, comprising: an at least one processor; a non-transitory memory; a datastore; a secure application manager stored in the non-transitory memory that, when executed by the at least one processor: receives a plurality of initial profiles from a plurality of application programming interfaces (APIs) corresponding to different secure applications on a plurality of wireless communication devices, wherein each of the plurality of initial profiles is built by a corresponding API executing in a trusted area on a corresponding wireless communication device by surveying hardware and software resources of the wireless communication device and comprises a plurality of an identity of the corresponding wireless communication device, a firmware version of the corresponding wireless communication device, an operating system version of the corresponding wireless communication device, or a hash value determined over the corresponding API as installed on the corresponding wireless communication device, stores the plurality of initial profiles as immutable records in the datastore, receives a request from a first API of the plurality of APIs on a first wireless communication device of the plurality of wireless communication devices to invoke an operation of a first secure application associated with the first API, wherein the request comprises a current profile of the first wireless communication device generated by a portion of the first API executing in the trusted area of the first wireless communication device by surveying the hardware and software resources of the first wireless communication device, compares the current profile of the first wireless communication device to a first initial profile of the plurality of initial profiles that corresponds to the first wireless communication device and is stored in one of the immutable records in the datastore, responsive to the current profile of the wireless communication device matching the initial profile of the wireless communication device, passing, by the secure application manager, the request to the secure application for execution, and responsive to the current profile of the wireless communication device not matching the initial profile of the wireless communication device, determining that the wireless communication device is presumptively compromised and preventing passage of the request to the secure application for execution by rejecting, by the secure application manager, the request. These series of steps describe the abstract idea of processing profile data (with the exception of the italicized and bolded terms above), which is mitigating risk of an unauthorized uses of profiles by processing, updating, and securing profile data; therefore, corresponding to a fundamental economic principle or practice (including mitigating risk). Hence, a fundamental economic principle or practice (mitigating risk) is a Certain Methods of Organizing Human Activity. The system limitations, e.g., at least one processor, non-transitory memory, datastore, secure application manager, plurality of application programming interfaces (APIs), different secure applications, plurality of wireless communication devices, corresponding API, corresponding wireless communication device, trusted area on a corresponding wireless communication device, trusted area of the first wireless communication device, hardware and software resources, firmware version of the corresponding wireless communication device, operating system version of the corresponding wireless communication device, hash value determined over the corresponding API, first wireless communication device, first API, and first secure application, do not necessarily restrict the claim from reciting an abstract idea. Thus, claim 14 recites an abstract idea (Step 2A-Prong 1: YES). This judicial exception is not integrated into a practical application because the additional elements of at least one processor, non-transitory memory, datastore, secure application manager, plurality of application programming interfaces (APIs), different secure applications, plurality of wireless communication devices, corresponding API, corresponding wireless communication device, trusted area on a corresponding wireless communication device, trusted area of the first wireless communication device, hardware and software resources, firmware version of the corresponding wireless communication device, operating system version of the corresponding wireless communication device, hash value determined over the corresponding API, first wireless communication device, first API, and first secure application, are no more than simply applying the abstract idea using generic computer elements. The additional elements listed above are all recited at a high level of generality and under their broadest reasonable interpretation comprises a generic computing arrangement. The presence of a generic computer arrangement is nothing more than to implement the claimed invention (MPEP 2106.05(f)). Therefore, the recitations of additional elements do not meaningfully apply the abstract idea and hence do not integrate the abstract idea into a practical application. Thus, claim 14 does not integrate the abstract idea into a practical application (Step 2A-Prong 2: NO). Claim 14 does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements of at least one processor, non-transitory memory, datastore, secure application manager, plurality of application programming interfaces (APIs), different secure applications, plurality of wireless communication devices, corresponding API, corresponding wireless communication device, trusted area on a corresponding wireless communication device, trusted area of the first wireless communication device, hardware and software resources, firmware version of the corresponding wireless communication device, operating system version of the corresponding wireless communication device, hash value determined over the corresponding API, first wireless communication device, first API, and first secure application, are recited at a high level of generality in that it results in no more than simply applying the abstract idea using generic computer elements. The additional elements when considered separately and as an ordered combination do not amount to add significantly more as these limitations provide nothing more than to simply apply the exception in a generic computer environment (Step 2B: NO). Thus, claim 14 is not patent eligible. Dependent claims 15-20 are directed to a system, which performs the steps that describe the abstract idea of processing profile data. Furthermore, dependent claims 15-19 are directed to a system, which performs the steps: “wherein at least one some of the plurality of wireless communication devices are Internet of things (IoT) device; wherein at least one some of the plurality of wireless communication devices are a smart phone, a mobile phone, a laptop computer, a desktop computer, a tablet computer, a notebook computer, a wearable computer, a robot, or an in-vehicle computer; wherein the secure application, when executed by the at least one processor: receives a request from a second API of the plurality of APIs on a second wireless communication device of the plurality of wireless communication devices to invoke an operation of a second secure application associated with the second API, wherein the request comprises a current profile of the second wireless communication device generated by a portion of the second API executing in a trusted area of the second wireless communication device, compares the current profile of the second wireless communication device to a second initial profile of the plurality of initial profiles that corresponds to the second wireless communication device and is stored in one of the immutable records in the datastore, and in response to determining that the current profile of the second wireless communication device matches the second initial profile of the second wireless communication device, passes the request to invoke the operation of the second secure application to the second secure application for execution; wherein the secure application, when executed by the at least one processor: receives a request from a second API of the plurality of APIs on a second wireless communication device of the plurality of wireless communication devices to invoke an operation of a second secure application associated with the second API, wherein the request comprises a current profile of the second wireless communication device generated by a portion of the second API executing in a trusted area of the second wireless communication device, compares the current profile of the second wireless communication device to a second initial profile of the plurality of initial profiles that corresponds to the second wireless communication device and is stored in one of the immutable records in the datastore, and in response to determining that the current profile of the second wireless communication device does not match the second initial profile of the second wireless communication device, rejects the second request to invoke the operation of the second secure application; and wherein the secure application, when executed by the at least one processor, reports the rejection of the second request to at least one of an owner of the second secure application or an owner of record of the second wireless communication device.” These series of steps describe the abstract idea of processing profile data (with the exception of the italicized and bolded terms above), which is mitigating risk of an unauthorized uses of profiles by processing, updating, and securing profile data; therefore, corresponding to a fundamental economic principle or practice (including mitigating risk). Hence, a fundamental economic principle or practice (mitigating risk) is a Certain Methods of Organizing Human Activity. Thus, claims 15-20 are directed to an abstract idea. The additional elements of at least one processor, non-transitory memory, datastore, secure application manager, plurality of application programming interfaces (APIs), different secure applications, plurality of wireless communication devices, corresponding API, corresponding wireless communication device, trusted area on a corresponding wireless communication device, trusted area of the first wireless communication device, hardware and software resources, firmware version of the corresponding wireless communication device, operating system version of the corresponding wireless communication device, hash value determined over the corresponding API, first wireless communication device, first API, first secure application, trusted area of the second wireless communication device, Internet of things (IoT) devices, smart phone, mobile phone, laptop computer, desktop computer, tablet computer, notebook computer, wearable computer, robot, in-vehicle computer, second wireless communication device, second API, and second secure application, are no more than simply applying the abstract idea using generic computer elements. The presence of a generic computer arrangement is nothing more than to implement the claimed invention (MPEP 2106.05(f)). Therefore, the recitations of additional elements do not meaningfully apply the abstract idea and hence do not integrate the abstract idea into a practical application. Furthermore, the additional elements: at least one processor, non-transitory memory, datastore, secure application manager, plurality of application programming interfaces (APIs), different secure applications, plurality of wireless communication devices, corresponding API, corresponding wireless communication device, trusted area on a corresponding wireless communication device, trusted area of the first wireless communication device, hardware and software resources, firmware version of the corresponding wireless communication device, operating system version of the corresponding wireless communication device, hash value determined over the corresponding API, first wireless communication device, first API, first secure application, trusted area of the second wireless communication device, Internet of things (IoT) devices, smart phone, mobile phone, laptop computer, desktop computer, tablet computer, notebook computer, wearable computer, robot, in-vehicle computer, second wireless communication device, second API, and second secure application, do not amount to add significantly more as these limitations provide nothing more than to simply apply the exception in a generic computer environment. Dependent claims 2-6, 8-13, and 15-20 have further defined the abstract idea that is present in their respective independent claims: Claims 1, 7, and 14; and thus correspond to Certain Methods of Organizing Human Activity and are abstract in nature for the reason presented above. The dependent claims 2-6, 8-13, and 15-20 do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. Therefore, claims 2-6, 8-13, and 15-20 are directed to an abstract idea without significantly more. Thus, claims 1-20 are not patent-eligible. Response to Arguments With respect to the 35 U.S.C. 112(b) rejection of claim 5, the rejection is withdrawn in view of Applicant’s arguments/remarks made in an amendment filed on 02/03/2026. With respect to the nonstatutory double patenting rejection of Claims 1-20, the rejection is withdrawn because a terminal disclaimer was filed on February 3rd, 2026 disclaiming the terminal portion of any patent granted on this application, which would extend beyond the expiration date of US PAT. 12,136,092 and has been reviewed and accepted. Thus, the terminal disclaimer has been recorded. Applicant's arguments filed on 02/03/2026 have been fully considered, but are not persuasive due to the following reasons: With respect to the rejection of claims 1-20 under 35 U.S.C. 101, Applicant arguments are moot in view of the grounds of rejections presented above in this office action. The arguments are addressed to the extent they apply to the amended claims. Applicant argues that “that "Certain Methods of Organizing Human Activity" is not a catch-all category that encompasses all human activity. Instead, MPEP 2106.04(a)(2)(II) states "not all methods of organizing human activity are abstract ideas."….. the Office Action errs in its analysis and misreads the MPEP and controlling case law. Specifically, the Office Action alleges that an impermissible "fundamental economic principle or practice (including mitigating risk)" exists because the claims are allegedly directed to "mitigating risk of an unauthorized use of profiles by processing, updating, and securing profile data."….. Applicant respectfully submits that it is clear from the examples of the MPEP and the language of the Federal Circuit that "mitigating risk of an unauthorized uses of profiles by processing, updating, and securing profile data" is neither a fundamental economic practice or principle within the meaning of 35 U.S.C. § 101, nor among any other grouping or sub-grouping of patent ineligible subject matter. Instead, mitigating economic risk is a fundamental economic practices or principle. As such, Applicant respectfully submits that the Office Action both misconstrues and misapplies the concept of a fundamental economic practices or principle based method of organizing human activity to Applicant's claims.” Examiner respectfully disagrees. Under Step 2A: Prong I, Examiner respectfully notes that the claims, as amended, are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea of processing profile data; without significantly more. The series of steps recited in independent claims 1, 7, and 14, as amended, describe the abstract idea of processing profile data, which is mitigating risk of an unauthorized uses of profiles by processing, updating, and securing profile data; therefore, corresponding to a fundamental economic principle or practice (including mitigating risk). Hence, a fundamental economic principle or practice (mitigating risk) is a Certain Methods of Organizing Human Activity. Furthermore, the system limitations, e.g., a secure application, secure application manager, computer, wireless communication device, application programming interface (API), trusted area of the wireless communication device, hardware and software resources, firmware version, operating system version, hash value, and datastore (claim 1) do not necessarily restrict the claim from reciting an abstract idea. Furthermore, Examiner respectfully notes that the claims are first analyzed in the absence of technology to determine if it recites an abstract idea. The additional limitations of technology are then considered to determine if it restricts the claim from reciting an abstract idea. In this case, and as discussed in the Guidance on Patent Subject Matter Eligibility, it is determined that the additional limitations of technology do not necessarily restrict the claim from reciting an abstract idea. Moreover, Examiner respectfully notes that the recited features in the limitations (claim 1): “receiving, by a secure application manager executing on a computer, an initial profile of a wireless communication device from an application programming interface (API) of the secure application on the wireless communication device, the initial profile constructed by a portion of the API executing in a trusted area of the wireless communication device by surveying hardware and software resources of the wireless communication device and comprising a plurality of an identity of the wireless communication device, a firmware version of the wireless communication device, an operating system version of the wireless communication device, or a hash value determined over the API as installed on the wireless communication device; storing the initial profile as an immutable record in a datastore; receiving, by the secure application manager, a request from the API on the wireless communication device to invoke an operation of the secure application, wherein the request comprises a current profile of the wireless communication device generated by surveying the hardware and software resources of the wireless communication device via the portion of the API executing in a trusted area of the wireless communication device; comparing, by the secure application manager, the current profile of the wireless communication device to the initial profile of the wireless communication device stored in the immutable record in the datastore; responsive to the current profile of the wireless communication device matching the initial profile of the wireless communication device, passing, by the secure application manager, the request to the secure application for execution; and responsive to the current profile of the wireless communication device not matching the initial profile of the wireless communication device, determining that the wireless communication device is presumptively compromised and preventing passage of the request to the secure application for execution by rejecting, by the secure application manager, the request” are simply making use of a computer and the computer limitations do not necessarily restrict the claim from reciting an abstract idea as discussed above under Step 2A-Prong I of the 35 U.S.C. 101 rejection. Hence, Examiner has also considered each and every arguments under Step 2A-Prong I and concludes that these arguments are not persuasive. For example, under Step 2A-Prong I, Examiner considers each and every limitation to determine if the claim recites an abstract idea. In this case, it is determined that the claim recites an abstract idea and the additional limitations of a computer device does not necessarily restrict the claim from reciting an abstract idea. The recited steps, as amended, are abstract in nature as there are no technical/technology improvements as a result of these steps. Thus, the claim recites an abstract idea. Whether the claim integrates the abstract idea into a practical application by providing technical/technology improvements are considered under Step 2A-Prong II. Applicant argues that “the claimed embodiments affect a technical improvement compared to conventional approaches by addressing cybersecurity challenges and secure access to electronic applications. Particularly, at paragraphs [0015] through [0030], Applicant details the improvement to a computer or other technology or technical field in which security of a secure application is increased. Applicant respectfully reminds the Office that claims affecting an improvement to a computer or other technology or technical field are not directed to an abstract idea, but rather integrate any allegedly recited abstract idea into a practical application of such abstract idea and are patent eligible. See MPEP §§ 2106.04(d)(1) and 2106.05(a) (citing Enfish, LLC v. Microsoft Corp., 822 F.3d 1327, 1339 (Fed. Cir. 2016) and McRO, Inc. v. Bandai Namco Games Am. Inc., 837 F.3d 1299, 1315 (Fed. Cir. 2016))…. when evaluating Applicant's claims as a whole, the improvement described in Applicant's Specification is made clear. Further, Applicant notes that the Office is cautioned against evaluating claims at a high level of generality when the claims are adequately described and otherwise nonobvious, as well as the fact that "§§ 102, 103 and 112 are the traditional and appropriate tools to limit patent protection to its proper scope" and "should be the focus of examination." Ex parte Desjardins, Appeal 2024-000567 (Decided September 26, 2025). Additionally, Applicant has amended the claims herein to specify an API executing in a trusted area of a wireless communication device surveying hardware and software resources of the wireless communication device to construct a profile of the wireless communication device and, based on a comparison of initial and current profiles of the wireless communication device, passing or blocking a request from reaching a secure application, where such passing or blocking improves security of the wireless communication device……Applicant respectfully submits that these features are further incapable of performance by a human in any form, are wholly unrelated to a "fundamental economic principle or practice," and provide a practical application of any allegedly abstract idea by preventing a request from reaching a secure application on a device that is determined to be presumptively compromised. For the reasons established above, Applicant respectfully submits that subject matter in independent claims 1, 7, and 14 are patentable as being directed to statutory subject matter. Claims 2-6, 8-13 and 15-20 depend directly or indirectly from claims 1, 7, and 14, and incorporate all of the corresponding limitations thereof. Thus, claims 2-6, 8- 13, and 15-20 are patentable as being directed to statutory subject matter. Accordingly, Applicant respectfully requests the rejections under 35 U.S.C. § 101 be withdrawn.” Examiner respectfully disagrees. Under Step 2A: Prong II, Examiner respectfully notes that there is no improved technology in simply receiving, storing. requesting, surveying, executing, comparing, matching, passing, and outputting data (i.e., initial and current profile data, records, and etc.). As noted in the 2019 Guidance on Patent Subject Matter Eligibility, the disclosed invention simply cannot be equated to improvement to technological practices or computers. There is no technical improvement at all. Instead, Applicant recites (Claim 1): “receiving, by a secure application manager executing on a computer, an initial profile of a wireless communication device from an application programming interface (API) of the secure application on the wireless communication device, the initial profile constructed by a portion of the API executing in a trusted area of the wireless communication device by surveying hardware and software resources of the wireless communication device and comprising a plurality of an identity of the wireless communication device, a firmware version of the wireless communication device, an operating system version of the wireless communication device, or a hash value determined over the API as installed on the wireless communication device; storing the initial profile as an immutable record in a datastore; receiving, by the secure application manager, a request from the API on the wireless communication device to invoke an operation of the secure application, wherein the request comprises a current profile of the wireless communication device generated by surveying the hardware and software resources of the wireless communication device via the portion of the API executing in a trusted area of the wireless communication device; comparing, by the secure application manager, the current profile of the wireless communication device to the initial profile of the wireless communication device stored in the immutable record in the datastore; responsive to the current profile of the wireless communication device matching the initial profile of the wireless communication device, passing, by the secure application manager, the request to the secure application for execution; and responsive to the current profile of the wireless communication device not matching the initial profile of the wireless communication device, determining that the wireless communication device is presumptively compromised and preventing passage of the request to the secure application for execution by rejecting, by the secure application manager, the request.” Unlike Enfish and Ex parte Desjardins, the recited features in the limitations of amended claims 1, 7, and 14 do not result in computer functionality or technical improvement. Examiner respectfully notes that Applicant is simply using a computer/processor to input, process, and output data. The recited features in the limitations does not disclose a technical solution to technical problem, but simply a business solution. Specifically, the recited steps, as amended, are merely managing/processing data (MPEP 2106.05(d)(II)) and does not result in computer functionality or technical improvement. Thus, Applicant has simply provided a business method practice of processing data (i.e., profile data, records, and etc.), and no technical solution or improvement has been disclosed. Moreover, there is no technology/technical improvement as a result of implementing the abstract idea. The recited limitations in the pending claims simply amount to the abstract idea of processing profile data, without significantly more. There is no computer functionality improvement or technology improvement. The claim does not provide a technical solution to a technical problem. If there is an improvement, it is to the abstract idea and not to technology. Furthermore, Examiner notes that it is important to keep in mind that an improvement in the judicial exception itself (e.g., recited fundamental economic principle or practice and/or commercial interaction) is not an improvement in technology (See, MPEP 2106.05(a)(II)). Additionally, Examiner respectfully notes that claims 1, 7, and 14, as amended, recite steps at a high level of generality. In addition, all uses of the recited judicial exceptions require such data gathering and outputting, and, as such, these limitations do not impose any meaningful limits on the claim. These limitations amount to necessary data gathering and output. See MPEP 2106.05. Hence, unlike Enfish and Ex parte Desjardins, the claim simply makes use of a computer as a tool to apply the abstract idea without transforming the abstract idea into a patent eligible subject matter. Thus, these arguments are not persuasive. Additionally, these steps, as amended, are recited as being performed by a secure application, secure application manager, computer, wireless communication device, application programming interface (API), trusted area of the wireless communication device, hardware and software resources, firmware version, operating system version, hash value, and datastore (claim 1), which are recited at a high level of generality, and are used as a tool to perform the generic computer function of receiving, processing, and outputting data. See MPEP 2106.05(f). Amended claims 1, 7, and 14 recite a secure application, secure application manager, computer, wireless communication device, application programming interface (API), trusted area of the wireless communication device, hardware and software resources, firmware version, operating system version, hash value, and datastore (claim 1), which are simply used to perform an abstract idea, as discussed above in Step 2A, Prong I, such that it amounts to no more than mere instructions to apply the exception using a generic computer. See MPEP 2106.05(f). Specifically, the recitation of “a secure application, secure application manager, computer, wireless communication device, application programming interface (API), trusted area of the wireless communication device, hardware and software resources, firmware version, operating system version, hash value, and datastore (claim 1)” in the limitations merely indicates a field of use or technological environment in which the judicial exception is performed. The claims, as amended, merely confines the use of the abstract idea to a particular technological environment; and thus fails to add an inventive concept to the claims. See MPEP 2106.05(h). Even when viewed in combination, these additional elements do not integrate the recited judicial exception into a practical application, and the claim is directed to the judicial exception. Hence, Claims 1, 7, and 14 do not integrate the abstract idea into a practical application. Thus, these arguments are not persuasive. Hence, Examiner respectfully declines Applicant’s request to withdraw the 35 U.S.C. 101 rejection of claims 1- 20. Conclusion 24. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure are the following: Parsel (U.S. Patent No. US 9,801,056-B1) “Wireless communication system to secure data communications between application programming interfaces” Raleigh (U.S. Patent Application No. US 2017/0201850-A1) “Method for Child Wireless Device Activation to Subscriber Account of a Master Wireless Device” Vukich (U.S. Patent Application No. US 2020/0111102-A1) “Secure transfer of tokens between devices” MacLeod (U.S. Patent Application No. US 2020/0133744-A1) “Application interface governance platform to harmonize, validate, and replicate data-driven definitions to execute application interface functionality” Cano (U.S. Patent Application No. US 2021/0174914-A1) “Procedure for the global unified registration and universal identification of donors” Zionpour (U.S. Patent Application No. US 2022/0222431-A1) “Digital processing systems and methods for dynamic work document updates using embedded in-line links in collaborative work systems” 25. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 26. A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 27. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED H MUSTAFA whose telephone number is (571)270-7978. The examiner can normally be reached M-F 8:00 - 5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael W Anderson can be reached on 571-270-0508. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MOHAMMED H MUSTAFA/Examiner, Art Unit 3693 /ELIZABETH H ROSEN/Primary Examiner, Art Unit 3693
Read full office action

Prosecution Timeline

Sep 25, 2024
Application Filed
Nov 06, 2025
Non-Final Rejection mailed — §101, §112
Jan 06, 2026
Applicant Interview (Telephonic)
Jan 07, 2026
Examiner Interview Summary
Feb 03, 2026
Response Filed
May 13, 2026
Final Rejection mailed — §101, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12561701
PROCESSING GRAPHS USING GRAPH PATTERNS
2y 10m to grant Granted Feb 24, 2026
Patent 12561726
AUTOMATICALLY DETERMINING A PERSONALIZED SET OF PROGRAMS OR PRODUCTS INCLUDING AN INTERACTIVE GRAPHICAL USER INTERFACE
2y 2m to grant Granted Feb 24, 2026
Patent 12524804
USING MODEL-BASED TREES WITH BOOSTING TO FIT LOW-ORDER FUNCTIONAL ANOVA MODELS
2y 9m to grant Granted Jan 13, 2026
Patent 12511654
SYSTEMS AND METHODS FOR BYPASSING CONTACTLESS PAYMENT TRANSACTION LIMIT
3y 4m to grant Granted Dec 30, 2025
Patent 12450655
MODULAR BLOCKCHAIN-IMPLEMENTED COMPONENTS FOR ALGORITHMIC TRADING
2y 2m to grant Granted Oct 21, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
35%
Grant Probability
67%
With Interview (+31.4%)
2y 11m (~1y 2m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 175 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month