Prosecution Insights
Last updated: July 17, 2026
Application No. 18/898,761

DYNAMIC ACCESS CODE GENERATION TO FACILITATE SECURE OPERATIONS

Final Rejection §101§103§112
Filed
Sep 27, 2024
Examiner
FARAMARZI, GITA
Art Unit
2496
Tech Center
2400 — Computer Networks
Assignee
Truist Bank
OA Round
2 (Final)
53%
Grant Probability
Moderate
3-4
OA Rounds
1y 10m
Est. Remaining
72%
With Interview

Examiner Intelligence

Grants 53% of resolved cases
53%
Career Allowance Rate
41 granted / 78 resolved
-5.4% vs TC avg
Strong +19% interview lift
Without
With
+19.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 7m
Avg Prosecution
17 currently pending
Career history
116
Total Applications
across all art units

Statute-Specific Performance

§101
1.8%
-38.2% vs TC avg
§103
96.0%
+56.0% vs TC avg
§102
1.0%
-39.0% vs TC avg
§112
1.3%
-38.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 78 resolved cases

Office Action

§101 §103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims The following is a Final Office Action in response to applicant’s filing on March 13, 2026. Claims 1, 3-5, 7-8, 10-12, 15, and 17-19 were amended. Claims 21-24 were newly added. Claims 2, 6, 9, 13, 16, and 20 were canceled. Claims 1, 3-5, 7-8, 10-12, 14-15, 17-19, and 21-24 are pending of which claims 1, 8, and 15 are in independent form. Response to Amendment Applicant’s amendments and arguments regarding the 101 rejection does not obviate the rejection, therefore the rejection under 35 U.S.C. 101 is maintained. Applicant’s amendment regarding the Abstract obviates the objection, therefore the Abstract objection is withdrawn. Applicant’s amendment regarding the drawings obviates the objection, therefore the drawing objection is withdrawn. Applicant’s amendment regarding claim 10 obviates the objection, therefore the claim objection is withdrawn. Response to Arguments Sections 101 On pages 16-17 of remarks, Applicant argues that the limitation “executing instructions associated with the database that automatically configure the IoT service device to initiate the secure operation between the IoT service device and the entity account," as in amended claim 8, clearly recites a technical improvement to the technical field of information security. The examiner disagrees. The claim language does not recite an improvement to computer functionality , IOT device technology or QR code technology. Instead, the claims merely use generic computer components as tool to implement the abstract idea of authorization management and secure transaction validation. More specifically, the claims remain directed to: associating QR codes…, determining whether a QR code satisfies predefined restrictions , identifying an associated entity account, determining whether a request satisfies location, time, and value limitations, and authorizing or preventing access… These activities constitute certain methods of organizing human activity, including mental process involving evaluation of predefined criteria. Moreover, Applicant’s newly added limitations do not recite a specific improvement to IOT device operation or specific database improvement. Instead, the additional limitation merely applies the abstract authorization decision using generic computer implementation. Applicant’s citation to paragraph [0018] is also not persuasive. Although the specification generally states examples “provide secure access” or “improve security measure”, but the claims do not recite a specific technological improvement rather than invoking generic computer components to perform conventional security functions. Applicant’s arguments regarding the dependent claims are not persuasive. Therefore, the examiner maintains the rejection under 35 USC § 101. Section 102 Applicant’s arguments with respect to claim(s) are rejected, under 35 USC 102(a)(1), have been considered but are not persuasive. Applicant’s amendment regarding the amended claim 1 “selecting a category among a plurality of categories that comprises a time restriction and a location restriction, the category indicated by at least one use limitation associated with the entity account," "encoding, based on the database and the category, the dynamic QR code into the encoded dynamic QR code, wherein the encoded dynamic QR code comprises (i) a first individual mapping that maps the dynamic QR code to restrictions unique to the entity account and the category and (ii) a second individual mapping that maps the dynamic QR code to the entity account," and "in response to receiving the encoded dynamic QR code, determining that the encoded dynamic QR code is valid at the loT service device, wherein determining whether the encoded QR code is valid comprises (i) determining whether the encoded dynamic QR code was not previously used in a previous secure operation and (ii) extracting the restrictions unique to the entity account from the encoded dynamic QR code.” is conclusory because Applicant merely asserts that Babcock is “silent” regarding the amended limitations without sufficiently addressing the specific teachings of the cited reference. Further, Applicant’s argument are not commensurate in scope with the amended claims. The newly added limitations broadly recite categorization of restriction, encoding…, validating... , extraction of information from encoded data. Such concepts were known in the art. Additionally, the Examiner notes that the prior art rejection under 35 USC § 102 based solely on Bobcock has been withdrawn in view of the amendments. However, following further search and consideration, as discussed during the Examiner interview, the Examiner has identified additional prior art that teaches the newly added limitations. Accordingly, the claims are now rejected under 35 USC § 103 as being obvious over Babcock in view of the cited secondary reference (Davey (US 11,706,219 B1)). Lastly, the newly added claim 24 is now rejected under 35 USC § 103 as being obvious over Babcock in view of Davey (US 11,706,219 B1) and further in view of Hammad (WO2013/082190 Al). Dependent Claims As to the dependent claims 3-5, 7, 10-12, 14, 17-19, and 21-24, these claims remain rejected by virtue of dependency to their independent claims. Therefore, the examiner maintains the rejection under 35 USC § 103. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. Claims 1, 3-5, 7-8, 10-12, 14-15, 17-19, and 21-24 provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-12, 14-19 and 21-22 of copending Application No. 18/898,200. Although the claims at issue are not identical, they are not patentably distinct from each other because: Instant application (18/898,761) Co-pending Application (18/898,200) 1.A system comprising: an Internet of Things (IoT) service device associated with a service provider; and a computing environment, the computing environment configured to control the IoT service device by: receiving a dynamic QR code from an imaging device of the IoT service device, the dynamic QR code transmitted in response to a mobile device displaying the dynamic access QR code to the imaging device of the IoT service device, the dynamic QR code digitally transmitted in response to a digital request to perform a secure operation with the IoT service device, the digital request and the dynamic QR code associated with a predetermined amount of resources that are pre-identified from an entity account, wherein the dynamic QR code is encodable into an encoded dynamic QR code by: adjusting a database comprising a plurality of mappings, each mapping of the plurality of mappings associating a different dynamic QR code of a plurality of dynamic QR codes with a unique combination of user account and limitation, the adjusting comprising using the dynamic QR code to identify a mapping of the plurality of mappings included in the database that maps the entity account with the dynamic QR code, wherein the mapping defines (i) a one-to-one correspondence between the entity account and the dynamic QR code and (ii) a limitation associated with the entity account; selecting a category among a plurality of categories that comprises a time restriction and a location restriction, the category indicated by at least one use limitation associated with the entity account; and encoding, based on the database and the category, the dynamic QR code into the encoded dynamic QR code, wherein the encoded dynamic QR code comprises (i) a first individual mapping that maps the dynamic QR code to restrictions unique to the entity account and the category and (ii) a second individual mapping that maps the dynamic QR code to the entity account; in response to receiving the encoded dynamic QR code, determining that the encoded dynamic QR code is valid at the IoT service device, wherein determining whether the encoded QR code is valid comprises (i) determining whether the encoded dynamic QR code was not previously used in a previous secure operation and (ii) extracting the restrictions unique to the entity account from the encoded dynamic QR code; identifying the entity account associated with the dynamic QR code; and subsequent to validating the encoded dynamic QR code for the IoT service device and identifying the entity account, executing instructions associated with the database that automatically configure the IoT service device to initiate the secure operation between the IoT service device and the entity account. 4. (Currently Amended) The system of claim 1, wherein the dynamic QR code is associated with dynamic access code use limitations to prevent use of the dynamic QR code in an environment that exceeds the dynamic access code use limitations. 5. (Currently Amended) The system of claim 4, wherein the dynamic access code use limitations comprise particular locations and particular times in which the dynamic QR code is valid, and wherein the dynamic access code use limitations further comprise a value limitation available in the secure operation. 22. (New) The system of claim 1, wherein the computing environment is further configured to: delegate the dynamic QR code from the entity account to a secondary user account by: receiving a delegation request specifying the secondary user account, a delegation window, and a set of permitted operations; generating a delegated dynamic access QR code encoded with a subset of the original entity account's access limitations including a reduced transaction amount, a narrowed set of permitted IoT service devices, and a shortened time window; associating the delegated dynamic access QR code with a hierarchical permission structure in the database, wherein permissions of the secondary user account are subordinate to those of the entity account; and enabling the entity account to revoke, modify, or audit permissions of the delegated dynamic access QR code in real time; receive a revocation request from the entity account associated with the dynamic access QR code; update the database to mark the dynamic access QR code as revoked; and in response to a subsequent presentation of revoked dynamic access QR code at an IoT service device, deny access and generating a security alert to the entity account. 1. A system comprising: a processor; and a non-transitory computer-readable medium comprising instructions that are executable by a processing device for causing the processing device to perform operations comprising: receiving a request to generate a dynamic access code associated with an entity account, the dynamic access code used to facilitate a secure operation between an Internet of Things (IoT) service device and a recipient of the dynamic access code, wherein the request further comprises a value limitation specifying a maximum value for the secure operation; generating the dynamic access code comprising cryptographically encoded information uniquely identifying the entity account and the secure operation, wherein the dynamic access code is uniquely mapped to the value limitation and to the entity account, wherein the dynamic access code is encodable into an encoded dynamic access code by: adjusting a database comprising a plurality of mappings, each mapping of the plurality of mappings associating a different dynamic access code of a plurality of dynamic access codes with a unique combination of user account and the value limitation, the adjusting comprising using the dynamic access code to identify a mapping of the plurality of mappings included in the database that maps the entity account with the dynamic access code, wherein the mapping defines (i) a one-to- one correspondence between the entity account and the dynamic access code and (ii) a limitation associated with the entity account; selecting a category among a plurality of categories that comprises a time restriction and a location restriction, the category indicated by at least one use limitation associated with the entity account; and encoding, based on the database and the category, the dynamic access code into the encoded dynamic access code, wherein the encoded dynamic access code comprises (i) a first individual mapping that maps the dynamic access code to restrictions unique to the entity account and the category and (ii) a second individual mapping that maps the dynamic access code to the entity account; and transmitting the encoded dynamic access code to the recipient identified in the request to generate the dynamic access code, the encoded dynamic access code configured to be captured by an imaging device of the IoT service device to facilitate a secure operation between the IoT service device and the entity account. 3. (Original) The system of claim 1, wherein the request to generate the dynamic access code further comprises dynamic access code use limitations, and wherein the dynamic access code is mapped to the dynamic access code use limitations to prevent use of the dynamic access code in an environment that exceeds the dynamic access code use limitations. 4. (Original) The system of claim 3, wherein the dynamic access code use limitations comprise particular locations and particular times in which the dynamic access code is valid. and 5. (Original) The system of claim 4, wherein the dynamic access code use limitations further comprise a value limitation available in the secure operation. 21. (New) The system of claim 1, wherein the operations further comprise: reassigning the dynamic access code from the entity account to a secondary user account by: receiving a delegation request specifying the secondary user account, a delegation window, and a set of permitted operations; generating a delegated dynamic access code encoded with a subset of access limitations of the original entity account, the access limitations including a reduced transaction amount, a narrowed set of permitted loT service devices, and a shortened time window; associating the delegated dynamic access code with a hierarchical permission structure in the database, wherein permissions of the secondary user account are subordinate to those of the entity account; and enabling the entity account to revoke, modify, or audit permissions of the delegated dynamic access code in real time; receiving a revocation request from the entity account associated with the dynamic access code; updating the database to mark the dynamic access code as revoked; and in response to a subsequent presentation of revoked dynamic access code at an loT service device, denying access and generating a security alert to the entity account. This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL. — The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1, 3-5, 7-8, 10-12, 14-15, 17-19, and 21-24 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 1 recites “adjusting a database comprising a plurality of mappings”. The specification fails to describe an adjustment for a database (i.e., the computing environment of the IoT service device may access a database with a mapping that relates each dynamic access code to a corresponding entity account. Thus, the computing environment may identify which entity account is related to the access request based on the mapping, see paragraph [0015]). Accordingly, the disclosure does not disclose any operation or algorithm corresponding to “adjusting” the database itself. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed “adjusting” limitation. This limitation adds new matter to the claims. This limitation adds new matter to the claims. Claim 1 recites “selecting a category among a plurality of categories that comprises a time restriction and a location restriction”. The specification fails to describe an selecting a category (i.e., the limitations may include time of access limitations or location limitations. Thus, the computing environment may identify whether the dynamic access code is usable at a particular time at an IoT service device located in a particular location, see paragraph [0015]). Accordingly, there is no disclosure for “selecting one category from plurality of categories…” in the manner presently claimed. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed “selecting” limitation. This limitation adds new matter to the claims. This limitation adds new matter to the claims. Claim 1 recites “encoding, based on the database and the category, the dynamic QR code into the encoded dynamic QR code”. The specification fails to describe encoding the dynamic QR code is based on the database and category (i.e., the dynamic access code may be encoded with information relating to the entity account and the controls on the validity of the dynamic access code provided by the entity requesting the dynamic access code. For example, the computing environment 202 may map the entity account to the dynamic access code and the identified controls in the database 214 using the mapping 216, see paragraph [0045]). Accordingly, there is no disclosure as to how the dynamic QR code is encoded and there is no algorithm presented for “encoding … the dynamic QR code …” in the manner presently claimed. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed “encoding, based on the database and the category, the dynamic QR code into the encoded dynamic QR code” limitation. This limitation adds new matter to the claims. Claim 1 recites “a first individual mapping …and a second individual mapping”. The specification fails to describe first individual mapping …and a second individual mapping (i.e., the computing environment of the IoT service device may access a database with a mapping that relates each dynamic access code to a corresponding entity account. Thus, the computing environment may identify which entity account is related to the access request based on the mapping. Further, the mapping may also relate the dynamic access code with particular limitations associated with use of the dynamic access code at the IoT service device, see paragraph [0015]). While the specification generally discloses a mapping between a dynamic access code and a entity account, the specification does not disclose separate first and second mappings having the specifically recited relationships. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed “first individual mapping …and a second individual mapping” limitation. This limitation adds new matter to the claims. Claim 1 recites “executing instructions associated with the database that automatically configure the IoT service device initiate the secure operation between the IoT service device and the entity account.”. The specification fails to describe executing instructions associated with the database (i.e., the computing environment 202 may identify the entity account 208 by accessing the database 214 and determining, based on the mapping 216, that the entity account 208 is associated with the dynamic access code 224 even when the dynamic access code 224 is displayed on a device other than the mobile device 204, see paragraph [0032]). Accordingly, the disclosure does not disclose any steps to execute the instructions associated with the database for initiating the secure operation between the IoT service device and the entity account. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed “executing instructions associated with the database…” limitation. This limitation adds new matter to the claims. This limitation adds new matter to the claims. Claim 21 recites “monitor contextual parameters associated with each dynamic QR code”. The specification fails to describe contextual parameters. Although the specification generally describes validating dynamic access codes based on controls such as time limits, location restrictions…, the specification does not disclose “contextual parameters associated with each dynamic QR code”. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed “contextual parameters” limitation. This limitation adds new matter to the claims. Claim 21 recites “a proximity of the mobile device to the IOT service device as determined by Bluetooth or Near Field Communication (NFC) signals”. The specification fails to describe Bluetooth or Near Field Communication (NFC) signals. Although the specification generally describes (i.e., the devices 104 a-c can be associated with the entity 101 such as by displaying a dynamic access code registered with an entity account belonging to the entity 101. While the devices 104 a-c are shown in proximity to the entity 101, the devices 104 a-c are not necessarily under direct control by the entity 101, see Paragraph [0021], the specification does not disclose “a proximity of the mobile device to the IOT service device as determined by Bluetooth or Near Field Communication (NFC) signals”. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed “Bluetooth or Near Field Communication (NFC) signals” limitation. This limitation adds new matter to the claims. Claim 22 recites “receiving a delegation request specifying the secondary user account, a delegation window, and a set of permitted operations”. The specification fails to describe receiving a delegation request that specifies the secondary user account, a delegation window, and a set of permitted operations. Although the specification generally describes that the dynamic access code can initiate a request to transfer a certain amount of resources from the entity account to a secondary account …, the specification does not disclose “receiving a delegation request …a delegation window, and a set of permitted operations”. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed limitation. This limitation adds new matter to the claims. Claim 22 recites “generating a delegate dynamic access QR code encoded with a subset of the original entity account’s access limitations including a reduced transaction amount, a narrowed set of permitted IOT service devices, and a shortened time window;”. The specification fails to describe generating a delegate dynamic access code that is encoded with the limitations such as a reduced transaction amount, a narrowed set of permitted IOT service devices, and a shortened time window. Although the specification generally describes “the dynamic access code may be encoded with information relating to the entity account and the controls on the validity of the dynamic access code provided by the entity requesting the dynamic access code, in paragraph [0045], the specification does not disclose “generating a delegate dynamic access QR code encoded with a subset of the original entity account’s access limitations including a reduced transaction amount, a narrowed set of permitted IOT service devices, and a shortened time window;”. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed limitation. This limitation adds new matter to the claims. Claim 22 recites “associating the delegated dynamic access QR code with a hierarchical permission structure in the database”. The specification fails to describe a hierarchical permission structure in the database to associate the delegated dynamic access code with. Although the specification generally describes “the computing environment of the IoT service device may access a database with a mapping that relates each dynamic access code to a corresponding entity account. Thus, the computing environment may identify which entity account is related to the access request based on the mapping. Further, the mapping may also relate the dynamic access code with particular limitations associated with use of the dynamic access code at the IoT service device, in paragraph [0045], the specification does not disclose as to how the delegated dynamic access QR code is associated with a hierarchical permission structure in the database. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed limitation. This limitation adds new matter to the claims. Claim 22 recites “generate a security alert to the entity account”. The specification fails to describe a hierarchical permission structure in the database to associate the delegated dynamic access code with. Although the specification generally describes “the terminal handler 120 may grant or deny requests based on an authentication process associated with the dynamic access code, in paragraph [0023], the specification does not disclose as to how a security alert is generated and there is no steps or algorithm to generate a security alert. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed limitation. This limitation adds new matter to the claims. Claim 23 recites “a specification of resource partitioning instructions, the resource partitioning instructions comprising an allocation of interaction value among multiple entity accounts…”. The specification fails to describe the partitioned instructions comprising an allocation of interaction value among multiple entity accounts. Although the specification generally describes “The terminal handler 220 can manage interactions between the computing environment 202, the IoT service device 206, and the mobile device 204, in paragraph [0038], the specification does not disclose as to how the instructions are partitioned and there is no steps or algorithm to partition the instructions comprising an allocation of interaction value among multiple entity accounts. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed limitation. This limitation adds new matter to the claims. Claim 23 recites “sequentially or concurrently debiting the specified amounts from each entity account in accordance with the resource partitioning instructions,”. The specification fails to describe sequentially or concurrently debiting the specified amounts from each entity account in accordance with the resource partitioning instructions. Although the specification generally describes “The dynamic access code may be associated with a specific amount of resources that are drawn from the entity's account. In an example, a user of the dynamic access code may present the dynamic access code to the IoT service devices 106 a-b during an exchange of goods or services, and the specific amount of resources associated with the dynamic access code may be debited by the cost of the goods or services, in paragraph [0024], the specification does not disclose as to how sequentially or concurrently debiting the specified amounts from each entity account in accordance with the resource partitioning instructions was debited. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed limitation. This limitation adds new matter to the claims. Claim 24 recites “calculate a risk score for the secure operation based on at least interaction location, interaction amount, time of access, and device behavioral patterns; compare the risk score to a configurable risk threshold associated with the entity account; if the risk score exceeds the threshold, automatically initiate a risk-based response comprising (i) requesting additional authentication from the user, (ii) temporarily suspending the dynamic QR code, (iii) notifying the entity account of suspicious activity, or (iv) denying digital request,”. The specification fails to describe calculating a risk score based on the different factors as recited in the claim. Although the specification generally describes “the dynamic controls may control use in a manner that is consistent with the use patterns. In such an example, the IoT service devices 106 a-b may reject operations when the use exceeds the learned use patterns. For example, when a user uses the dynamic access code to purchase groceries of approximately $50 most Sunday evenings, the IoT service device 106 may reject an operation on a different night or an operation that exceeds the typical spending amount. Other learned use behaviors may also provide limiting controls on how the dynamic access code is used, in paragraph [0026], the specification does not disclose as to how the risk score was calculated , using interaction location, interaction amount, time of access, device behavioral pattern as inputs to the risk score calculation, comparing the score to the threshold and automatically initiating responsive actions such as requesting additional information, notifying the entity account or deny the digital request based on the threshold comparison. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed limitation. This limitation adds new matter to the claims. Claim 24 recites “generate an electronic audit trail for each secure interaction facilitated by the IOT service device,”. The specification fails to describe creating or generating an electronic audit trail…. Although the specification generally describes “the computing environment can be configured, subsequent to validating the dynamic access code for the IoT service device and identifying the entity account, to provide access for the IoT service device to facilitate a secure transaction between the IoT service device and the entity account, in paragraph [0004], the specification does not disclose generating an “electronic audit trail”, for each secure transaction facilitated by the IOT service device. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed limitation. This limitation adds new matter to the claims. Claim 24 recites “store the audit in a tamper-evident database,”. The specification fails to describe a tamper-evident database that stores the audit …. Although the specification generally describes “A database 214 can include a mapping 216 that relates the dynamic access codes to corresponding entities. Thus, the computing environment 202 may identify the entity account 208 by accessing the database 214 and determining, based on the mapping 216, that the entity account 208 is associated with the dynamic access code 224 even when the dynamic access code 224 is displayed on a device other than the mobile device 204, in paragraph [0032], the specification does not disclose storing such an audit trail in a database configured to be “tamper-evident”. Therefore, the originally filed disclosure does not provide sufficient written description support for the claimed limitation. This limitation adds new matter to the claims. Independent claims 8 and 15 are similarly rejected. Claims 3-5, 7, 10-12, 14, 17-19, and 21-24 which are dependent to claims 1, 8, and 15 are similarly rejected. Appropriate correction is required. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION. — The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1, 3-5, 7-8, 10-12, 14-15, 17-19, and 21-23 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 1 recites the limitation “wherein the dynamic QR code is encodable into an encoded dynamic QR code” renders the claim indefinite because the language of the claim limitation is uncertain. It is unclear if “encodable” refers to mere capability, an actual encoding operation being performed. Therefore, the language does not define a certainty and the metes and bounds of the claim are unascertainable. Thus, it is unclear what is the intended scope of the claim invention. Claim 1 recites the limitation “a one-to-one correspondence between the entity account and the dynamic QR code” renders the claim indefinite because the language of the claim limitation is uncertain. The specification describes mapping between dynamic access codes and entity account, but does not define or explain a “one-to-one correspondence”. Therefore, the language does not define a certainty and the metes and bounds of the claim are unascertainable. Thus, it is unclear what is the intended scope of the claim invention. Claim 1 recites the limitation “a limitation associated with the entity account” renders the claim indefinite because the language of the claim limitation is uncertain. It is unclear what type of “limitation” is being recited, how the limitation is defined, and what degree of association is required between the limitation and the entity account. Therefore, the language does not define a certainty and the metes and bounds of the claim are unascertainable. Thus, it is unclear what is the intended scope of the claim invention. Claim 21 recites “a proximity of the mobile device to the IOT service device as determined by Bluetooth or Near Field Communication (NFC) signals” renders the claim indefinite because the claim recites “Bluetooth” without identifying the term refers to a trademark. Therefore, the language does not define a certainty and the metes and bounds of the claim are unascertainable. Thus, it is unclear what is the intended scope of the claim invention. Independent claims 8 and 15 are similarly rejected. Claims 3-5, 7, 10-12, 14, 17-19, and 21-24 which are dependent to claims 1, 8, and 15 are similarly rejected. Appropriate correction is required. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1, 3-5, 7-8, 10-12, 14-15, 17-19, and 21-24 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Analysis Step 1 (Statutory Categories) — 2019 PEG pq. 53 Claims 1, 3-5, 7-8, 10-12, 14-15, 17-19, and 21-24 are directed to the statutory categories of invention. Step 2A, Prong 1 (Do the claims recite an abstract idea?) — 2019 PEG pq. 54 Claim 8 recites the following types of subject matter that are judicial exceptions: Abstract idea — mental processes and organizing human activity, including commercial interactions: “… the digital request and the dynamic QR code associated with a predetermined amount of resources that are pre-identified from an entity account… associating a different dynamic QR code of a plurality of dynamic QR codes with a unique combination of user account and limitation, … using the dynamic QR code to identify a mapping … that maps the entity account with the dynamic QR; selecting a category … that comprises a time restriction and a location restriction, … determining that the encoded dynamic QR code is valid at the loT service device,… determining whether the encoded dynamic QR code was not previously used in a previous secure operation … extracting the restrictions unique to the entity account from the encoded dynamic QR code; identifying the entity account associated with the dynamic QR code...”. These limitations recite concepts relating to managing access permissions, applying restrictions, validating credentials, identifying accounts, and authorizing transactions, which are commercial interactions that can be performed mentally using rules and validation criteria. Accordingly, claim 8 is directed to an abstract idea. Step 2A, Prong 2 (Does the claim recite additional elements that integrate the judicial exception into a practical application?) - 2019 PEG pq. 54 Claim 8 does not integrate the abstract idea into a practical application. The additional elements include: “receiving… an imaging device of an IOT service device”, “a mobile device displaying the dynamic access QR code”, “adjusting …a database comprising a plurality of mappings”, “encoding…the dynamic QR code into the dynamic QR code”; and “executing instructions associated with the database”. These elements merely use generic computer and networking technology as tools to implement the abstract idea. The claim does not recite any improvement to QR code technology or network communication. Therefore, claim 8 is directed to an abstract idea and is not integrated into a practical application under Step 2A. Step 2B (Does the claim recite additional elements that amount to significantly more than the judicial exception?) - 2019 PEG pq. 56 Claim 8 does not recite additional element that amount to significantly more than the judicial exception. The claim recites a “loT service device”, “QR code”, “database”, “receiving data from an imaging device of an IoT service device”, “mappings associating a different dynamic QR code”, “encoding… the dynamic QR code”, “selecting a category … that comprises a time restriction and a location restriction”, “identifying the entity account associated” and “secure operation” these elements perform routine computer functions. There is no specific unconventional technical solution. The claim therefore amounts to: applying an abstract idea using generic computer components which does not constitute significantly more. Accordingly, under Step 2B of the PEG, the claim 8 is not patent eligible. Step 2A, Prong 1 (Do the claims recite an abstract idea?) — 2019 PEG pq. 54 Claim 10 recites the following types of subject matter that are judicial exceptions: Abstract idea — mental processes and organizing human activity: “… determining that the dynamic QR code is valid for the IoT service device comprises: determining that the IoT service device is located at a particular location associated with the QR code; and determining that the digital request was generated during a particular time associated with the dynamic QR code....”. These limitations recite evaluating location restrictions and time restrictions to determine whether access should be permitted, which are security interactions that can be performed mentally using rules and validation criteria. Accordingly, claim 10 is directed to an abstract idea. Step 2A, Prong 2 (Does the claim recite additional elements that integrate the judicial exception into a practical application?) - 2019 PEG pq. 54 Claim 10 does not integrate the abstract idea into a practical application. The additional elements include: “a computer-implemented method”, “adynamic QR code”, “an IOT service device” and “a digital request”. These elements merely use generic computer and networking technology as tools to implement the abstract idea. The claim does not recite any improvement to QR code technology or network communication. Therefore, claim 10 is directed to an abstract idea and is not integrated into a practical application under Step 2A. Step 2B (Does the claim recite additional elements that amount to significantly more than the judicial exception?) - 2019 PEG pq. 56 Claim 10 does not recite additional element that amount to significantly more than the judicial exception. The claim recites a “determining device location”, “determining a time associated with a request”, and “validating requests” these components perform routine computer functions. There is no specific unconventional technical solution. The claim therefore amounts to: applying an abstract idea using generic computer components which does not constitute significantly more. Accordingly, under Step 2B of the PEG, the claim 10 is not patent eligible. Step 2A, Prong 1 (Do the claims recite an abstract idea?) — 2019 PEG pq. 54 Claim 11 recites the following types of subject matter that are judicial exceptions: Abstract idea — mental processes and organizing human activity: “…prevent use of the dynamic QR code in an environment that exceeds the dynamic access code use limitations.”. These limitations recite applying usage restrictions and making a determination, which are security interactions that can be performed mentally using rules and validation criteria. Accordingly, claim 11 is directed to an abstract idea. Step 2A, Prong 2 (Does the claim recite additional elements that integrate the judicial exception into a practical application?) - 2019 PEG pq. 54 Claim 11 does not integrate the abstract idea into a practical application. The additional elements include: “a computer-implemented method”, and “adynamic QR code”. These elements merely use generic computer and networking technology as tools to implement the abstract idea. The claim does not recite any improvement to QR code technology or network communication. Therefore, claim 11 is directed to an abstract idea and is not integrated into a practical application under Step 2A. Step 2B (Does the claim recite additional elements that amount to significantly more than the judicial exception?) - 2019 PEG pq. 56 Claim 11 does not recite additional element that amount to significantly more than the judicial exception. The claim recites a “associating a restriction with a dynamic QR code” this element performs routine computer functions. There is no specific unconventional technical solution. The claim therefore amounts to: applying an abstract idea using generic computer components which does not constitute significantly more. Accordingly, under Step 2B of the PEG, the claim 11 is not patent eligible. Step 2A, Prong 1 (Do the claims recite an abstract idea?) — 2019 PEG pq. 54 Claim 12 recites the following types of subject matter that are judicial exceptions: Abstract idea — mental processes and organizing human activity: “…wherein the dynamic access code use limitations comprise particular locations and particular times in which the dynamic access code is valid, and wherein the dynamic access code use limitations further comprise a value limitation available in the secure operation.”. The limitations recite applying location restrictions, time restrictions, and value limitations to determine whether an operation should be authorized, which are security interactions that can be performed mentally using rules and validation criteria. Accordingly, claim 12 is directed to an abstract idea. Step 2A, Prong 2 (Does the claim recite additional elements that integrate the judicial exception into a practical application?) - 2019 PEG pq. 54 Claim 12 does not integrate the abstract idea into a practical application. The additional elements include: “a computer-implemented method”, and “a dynamic access code”. These elements merely use generic computer and networking technology as tools to implement the abstract idea. The claim does not recite any improvement to QR code technology or network communication. Therefore, claim 12 is directed to an abstract idea and is not integrated into a practical application under Step 2A. Step 2B (Does the claim recite additional elements that amount to significantly more than the judicial exception?) - 2019 PEG pq. 56 Claim 12 does not recite additional element that amount to significantly more than the judicial exception. The claim recites a “associating a restriction with a dynamic access code”, “evaluating a request”, and “permitting or preventing access” these elements perform routine computer functions. There is no specific unconventional technical solution. The claim therefore amounts to: applying an abstract idea using generic computer components which does not constitute significantly more. Accordingly, under Step 2B of the PEG, the claim 12 is not patent eligible. Step 2A, Prong 1 (Do the claims recite an abstract idea?) — 2019 PEG pq. 54 Claim 14 recites the following types of subject matter that are judicial exceptions: Abstract idea — mental processes and organizing human activity: “… the dynamic access code use limitations are dynamically adjusted using a machine-learning model configured to track usage of the entity account associated with the dynamic access code over time.”. The limitations recite evaluating historical account usage and modifying authorization restrictions based on observed usage patterns to control access to secure operations, which are security interactions that can be performed mentally using rules and security rule adjustment. Accordingly, claim 14 is directed to an abstract idea. Step 2A, Prong 2 (Does the claim recite additional elements that integrate the judicial exception into a practical application?) - 2019 PEG pq. 54 Claim 14 does not integrate the abstract idea into a practical application. The additional elements include: “a computer-implemented method”, “a dynamic access code” and “machine learning model”. These elements merely use generic computer and networking technology as tools to implement the abstract idea. The claim does not recite any improvement to QR code technology or the machine learning model. Therefore, claim 14 is directed to an abstract idea and is not integrated into a practical application under Step 2A. Step 2B (Does the claim recite additional elements that amount to significantly more than the judicial exception?) - 2019 PEG pq. 56 Claim 14 does not recite additional element that amount to significantly more than the judicial exception. The claim recites a “tracking usage”, “historical usage patterns”, and “the dynamic access code” these elements perform routine computer functions. There is no specific unconventional technical solution. The claim therefore amounts to: applying an abstract idea using generic computer components which does not constitute significantly more. Accordingly, under Step 2B of the PEG, the claim 14 is not patent eligible. Claim 1 includes all the limitations of claim 8. Therefore, claim 1 recites the same abstract idea of claim 8. Claim 1 recites the additional limitation “a system”, which in Step 2A, Prong 2, the limitation is merely elaborating on the abstract idea, by further specifying an additional limitation at a high-level of generality, therefore, does not amount to significantly more than the abstract idea. Claim 3 includes all the limitations of claim 10. Therefore, claim 3 recites the same abstract idea of claim 10. Claim 3 recites the additional limitation “a system”, which in Step 2A, Prong 2, the limitation is merely elaborating on the abstract idea, by further specifying an additional limitation at a high-level of generality, therefore, does not amount to significantly more than the abstract idea. Claim 4 includes all the limitations of claim 11. Therefore, claim 4 recites the same abstract idea of claim 11. Claim 4 recites the additional limitation “a system”, which in Step 2A, Prong 2, the limitation is merely elaborating on the abstract idea, by further specifying an additional limitation at a high-level of generality, therefore, does not amount to significantly more than the abstract idea. Claim 5 includes all the limitations of claim 12. Therefore, claim 5 recites the same abstract idea of claim 12. Claim 5 recites the additional limitation “a system”, which in Step 2A, Prong 2, the limitation is merely elaborating on the abstract idea, by further specifying an additional limitation at a high-level of generality, therefore, does not amount to significantly more than the abstract idea. Claim 7 includes all the limitations of claim 14. Therefore, claim 7 recites the same abstract idea of claim 14. Claim 7 recites the additional limitation “a system”, which in Step 2A, Prong 2, the limitation is merely elaborating on the abstract idea, by further specifying an additional limitation at a high-level of generality, therefore, does not amount to significantly more than the abstract idea. Claim 15 includes all the limitations of claims 1 and 8. Therefore, claim 15 recites the same abstract idea of claims 1 and 8. Claim 15 recites the additional limitation “A non-transitory computer-readable medium comprising instructions that are executable by a processing device for causing the processing device to perform operations”, which in Step 2A, Prong 2, the limitations are merely elaborating on the abstract idea, by further specifying an additional limitation at a high-level of generality, therefore, does not amount to significantly more than the abstract idea. Claim 18 includes all the limitations of claims 4 and 11. Therefore, claim 18 recites the same abstract idea of claims 4 and 11. Claim 18 recites the additional limitation “A non-transitory computer-readable medium comprising instructions that are executable by a processing device for causing the processing device to perform operations”, which in Step 2A, Prong 2, the limitations are merely elaborating on the abstract idea, by further specifying an additional limitation at a high-level of generality, therefore, does not amount to significantly more than the abstract idea. Claim 19 includes all the limitations of claims 5 and 12. Therefore, claim 19 recites the same abstract idea of claims 5 and 12. Claim 19 recites the additional limitation “A non-transitory computer-readable medium comprising instructions that are executable by a processing device for causing the processing device to perform operations”, which in Step 2A, Prong 2, the limitations are merely elaborating on the abstract idea, by further specifying an additional limitation at a high-level of generality, therefore, does not amount to significantly more than the abstract idea. Claim 21 depends from claim 1 includes all the limitations of claim 1. Therefore, claim 21 recites the same abstract idea of claim 1. Claim 21 recites the additional limitation “a system”, which in Step 2A, Prong 2, the limitation is merely elaborating on the abstract idea, by further specifying an additional limitation at a high-level of generality, therefore, does not amount to significantly more than the abstract idea. Claim 22 depends from claim 1 includes all the limitations of claim 1. Therefore, claim 22 recites the same abstract idea of claim 1. Claim 22 recites the additional limitation “a system”, which in Step 2A, Prong 2, the limitation is merely elaborating on the abstract idea, by further specifying an additional limitation at a high-level of generality, therefore, does not amount to significantly more than the abstract idea. Claim 23 depends from claim 1 includes all the limitations of claim 1. Therefore, claim 23 recites the same abstract idea of claim 1. Claim 23 recites the additional limitation “a system”, which in Step 2A, Prong 2, the limitation is merely elaborating on the abstract idea, by further specifying an additional limitation at a high-level of generality, therefore, does not amount to significantly more than the abstract idea. Claim 24 depends from claim 1 includes all the limitations of claim 1. Therefore, claim 24 recites the same abstract idea of claim 1. Claim 24 recites the additional limitation “a system”, which in Step 2A, Prong 2, the limitation is merely elaborating on the abstract idea, by further specifying an additional limitation at a high-level of generality, therefore, does not amount to significantly more than the abstract idea. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1,3-5,7-8,10-12,14-15,17-19 and 21-24 are rejected under 35 U.S.C. 103 as being unpatentable over Babcock et al. (US 2022/0147966 A1), hereinafter Babcock in view of Davey (US 11,706,219 B1), hereinafter Davey. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Regarding claim 1, Babcock discloses a system comprising (Babcock, Fig.1): an Internet of Things (IoT) service device associated with a service provider; and a computing environment, the computing environment configured to control the loT service device by (Babcock, Para. 0346) and (Babcock, Para. 0046): receiving a dynamic QR code from an imaging device of the IoT service device (Babcock, Para. 0109, the scanner 110 can be any suitable optical sensor and/or imaging device (e.g., barcode scanner, camera) that can sense and/or capture optical and/or visual information rendered and/or displayed on the display 106. In some cases, the POS device 108 can be an automated cash register and/or kiosk which can interact with customers before, during, and/or after commercial transactions), the dynamic QR code transmitted in response to a mobile device displaying the dynamic QR code to the imaging device of the IoT service device (Babcock, Para. 0168, the user's device can display the QR code, and a merchant point-of-sale device (e.g., 108) can scan the QR code and can decipher the predetermined transaction restrictions and the financial instrument information that are encoded into and/or represented by the QR code) [0178]-[0179], the dynamic QR code digitally transmitted in response to a digital request to perform a secure operation with the IoT service device (Babcock, Para. 0054, in various instances, the computing device can electronically display the electronically generated QR code to a scanner/reader device of the second entity (e.g., such that the electronically generated QR code is visible to the scanner/reader device of the second entity). In various aspects, the scanner/reader device can scan, process, and/or decipher the desired information that is encrypted, encoded, and/or embedded within the QR code. The scanner/reader device can then transmit the scanned information to a payment processing system for processing), [0112]-[0113], and [0209], the digital request and the dynamic QR code associated with a predetermined amount of resources that are pre-identified from an entity account (Babcock, Para. 0310, the smart device 104 can generate (and/or can select from a QR code vault) a QR code that likewise corresponds to the $100 transaction spending cap. Such a QR code can be deemed valid and/or usable for transaction amounts up to $100, and can be deemed invalid and/or unusable for transaction amounts exceeding $100. In other words, different QR codes can be bound to different transaction amounts/prices/values, and such different QR codes can be selected by the user of the smart device 104 by performing appropriate physical gestures/motions with the smart device 104), wherein the dynamic QR code is encodable into an encoded dynamic QR code by (Babcock, Para. 0167, this can include encoding, encrypting, and/or embedding into the QR code the credit card number of the user): adjusting a database comprising a plurality of mappings, each mapping of the plurality of mappings associating a different dynamic QR code of a plurality of dynamic QR codes with a unique combination of user account and limitation (Babcock, Para. 0078, storing, encoding, encrypting, and/or embedding restriction-based information into QR codes, this is exemplary and non-limiting. In various cases, rather than directly storing, encoding, encrypting, and/or embedding restriction-based information into QR codes, various embodiments of the subject innovation can correlate and/or map via any suitable technique restriction-based information to QR codes), the adjusting comprising using the dynamic QR code to identify a mapping of the plurality of mappings included in the database that maps the entity account with the dynamic QR code, wherein the mapping defines (i) a one-to-one correspondence between the entity account and the dynamic QR code (Babcock, Para. 0103, identify an electronic persona corresponding to the identified current user, and can electronically generate QR codes according to the information contained within and/or indicated by the selected electronic persona (e.g., different personas can correspond to different payment information, different restriction-based information, different biometric information, different preference information, different contact information, and/or different biographical information, which means that the electronically generated QR codes can themselves be different depending upon the selected and/or active persona) and (ii) a limitation associated with the entity account (Babcock, Para. 0331, different electronic personas can be associated with different restriction-based information (e.g., a certain persona can be utilized only in certain geo-locations, only at certain times, only with certain products/services, only for certain monetary amounts, and/or only with certain merchants); selecting a category among a plurality of categories that comprises a time restriction and a location restriction (Babcock, Para. 0166, such predetermined transaction restrictions can include geo-fencing restrictions, temporal restrictions), the category indicated by at least one use limitation associated with the entity account (each QR code in the set of already-generated QR codes can be dedicated to particular transaction contexts (Babcock, Para. 0339, e.g., bound to particular locations, bound to particular times/dates, bound to particular products/services, bound to particular prices/values, bound to particular merchants)); and encoding, based on the database and the category, the dynamic QR code into the encoded dynamic QR code (Babcock, Fig. 11, and Para. 0167, by the device (e.g., 120), a quick response (QR) code based on the predetermined transaction restrictions and based on financial instrument information of the user (e.g., 302). For example, this can include encoding, encrypting, and/or embedding into the QR code the credit card number of the user, the geo-fencing restrictions, the temporal restrictions, the product/service restrictions, the value/price restrictions, and/or the merchant identity restrictions), wherein the encoded dynamic QR code comprises (i) a first individual mapping that maps the dynamic QR code to restrictions unique to the entity account and the category (Babcock, Para. 0078, various embodiments of the subject innovation can correlate and/or map via any suitable technique restriction-based information to QR codes (e.g., can correlate and/or map particular restriction-based information to the particular optical barcode pattern exhibited by a particular QR code)) and (ii) a second individual mapping that maps the dynamic QR code to the entity account (Babcock, Para. 0105, when a QR code is generated using the second electronic persona, much (and/or all) available preference information, contact information, and/or biographical/demographic information of the user can be embedded within and/or correlated/mapped to the QR code); in response to receiving the encoded dynamic QR code, determining that the encoded dynamic QR code is valid at the IoT service device (Babcock, Para. 0059, the point-of-sale device can scan/read the electronically generated QR code, thereby extracting both the payment information and the indication of the geo-location A from the electronically generated QR code. … generated QR code indicates and/or corresponds to the geo-location A, the payment processing system can determine that the geographic information stored within and/or correlated to the electronically generated QR code matches and/or corresponds to the known geographic location of the point-of-sale device and/or transaction (e.g., and/or is within an acceptable range and/or distance of the known geographic location of the point-of-sale device and/or transaction). Thus, the payment processing system can determine that the transaction is valid), wherein determining whether the encoded QR code is valid comprises and (ii) extracting the restrictions unique to the entity account from the encoded dynamic QR code (Babcock, Para. 0168, a merchant point-of-sale device (e.g., 108) can scan the QR code and can decipher the predetermined transaction restrictions and the financial instrument information that are encoded into and/or represented by the QR code); identifying the entity account associated with the dynamic QR code (Babcock, Para. 0213, after determining that biometric information provided by the attempted user matches and/or corresponds to stored biometric information of known authorized users, the user's device can display the QR code and a merchant point-of-sale device (e.g., 108) can scan the QR code and can decipher financial instrument information (e.g., 302) that is encoded within the QR code); and subsequent to validating the encoded dynamic QR code for the IoT service device and identifying the entity account (Babcock, Para. 0080, the point-of-sale device can transmit both the electronically generated QR code and the known geographic location of the transaction to the payment processing system, and the payment processing system can compare the geo-fencing restrictions encrypted within and/or correlated to the electronically generated QR code with the known geographic location of the transaction and/or of the point-of-sale device), executing instructions associated with the database that automatically configure the IoT service device to initiate the secure operation between the IoT service device and the entity account (Babcock, Para. 0081, such temporal and/or time fencing restrictions can be obtained and/or retrieved from any suitable database and/or data structure) and (Babcock, Para. 0196, if the transaction restrictions are satisfied, the payment processing system 112 can transmit to the transaction settlement system 802 financial instrument information (e.g., 302) that is encoded within (and/or correlated to) the QR code, at act 1514). Babcock does not explicitly disclose (i) determining whether the encoded dynamic QR code was not previously used in a previous secure operation; However, Davey teaches (i) determining whether the encoded dynamic QR code was not previously used in a previous secure operation (Davey, Col. 5, Lines 60-67, and Col. 6, Lines 1-4, the server system 106 can generate an authorization credential that is unique to the particular authorization request received from the non-authenticated computing device 104. The server system 106 can generate the MRC 110 based on the authorization credential. For example, the server system 106 can encode the authorization credential in the MRC 110. In some examples, the authorization credential is an alphanumeric code that is unique to the authorization request). Babcock and Davey, both considered to be analogous to the claimed invention because they are in the same field of identifying an entity account associated with a verified dynamic access code. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Babcock to incorporate the teaching of Davey to include (i) determining whether the encoded dynamic QR code was not previously used in a previous secure operation (Davey, Col. 5, Lines 60-67, and Col. 6, Lines 1-4). Doing so would aid to share a secure computing session or authorizing a second computing device to access a secure computing session refers to permitting a user to access a secure user account on a non-authenticated computing device based on an active account session with an authenticated computing device (Davey, Col. 4, Lines 7-11). Regarding claim 3, the combination of Babcock in view of Davey teaches the system of claim1 wherein determining that the encoded dynamic QR code is valid for the IoT service device comprises: determining that the IoT service device is located at a particular location associated with the encoded dynamic QR code (Babcock, Para. 0058, the geographic location of the smart device at the time that the smart device generates the QR code can match and/or correspond to the geographic location of the transaction (e.g., can match and/or correspond to the geographic location of the point-of-sale device)); and determining that the access digital request was generated during a particular time associated with the dynamic QR code (Babcock, Para. 0062, suppose that the transaction between the first entity and the second entity occurs at a time/date C. In a situation where no fraud is attempted by the first entity, the smart device of the first entity can electronically generate the QR code during and/or at the time/date C (e.g., while the transaction is transpiring). In such case, the smart device can incorporate, store, encode, encrypt, and/or embed both the payment information of the first entity and an indication of the time/date C (e.g., the time and/or date recorded by the smart device when the smart device generates the QR code) into the electronically generated QR code). Regarding claim 4, the combination of Babcock in view of Davey teaches the system of claim 1, wherein the dynamic QR code is associated with dynamic access code use limitations to prevent use of the dynamic QR code in an environment that exceeds the dynamic access code use limitations (Babcock, Para. 0206, when the POS device 108 scans the QR code, the POS device can be made aware of both the credit card number and the $20.00 price restriction. Accordingly, the payment processing system 112 can instruct the POS device 108 to accept the credit card number if the actual amount of money to be charged in the transaction does not exceed $20.00. If, on the other hand, the actual amount of money to be charged in the transaction does exceed $20.00, the payment processing system 112 can instruct the POS device 108 to refuse to accept/charge the credit card number). Regarding claim 5, the combination of Babcock in view of Davey teaches the system of claim 4, wherein the dynamic access code use limitations comprise particular locations and particular times in which the dynamic QR code is valid, and wherein the dynamic access code use limitations further comprise a value limitation available in the secure operation (Babcock, Para. 0104, identify an appropriate electronic persona to use based on the context of a current transaction (e.g., based on the geographic location of the transaction, the time/date of the transaction, the products/services involved in the transaction, the value/price of the transaction, and/or the merchant facilitating the transaction). The smart device can then electronically generate and display QR codes based on the information associated with the selected electronic persona (e.g., the smart device can generate QR codes based on the payment information indicated by the selected electronic persona, based on the restriction-based information indicated by the selected electronic persona, based on the biometric information indicated by the selected electronic persona, based on the preference information indicated by the selected electronic persona, based on the contact information indicated by the selected electronic persona, and/or based on the biographical information indicated by the selected electronic persona)). Regarding claim 7, the combination of Babcock in view of Davey teaches the system of claim 4, wherein the dynamic access code use limitations are dynamically adjusted using a machine-learning model configured to track usage of the entity account associated with the dynamic QR code over time (Babcock, Para. 0336, the machine learning model/algorithm can receive as input any suitable information regarding the user of the smart device 104, such as product/service preferences of the user of the smart device 104 (e.g., the preference information 2902), purchase history and/or transaction history and/or browsing history of the user of the smart device 104 (e.g., the biographical information 2906), social media posts and/or social media accounts associated with the user of the smart device 104, online shopping carts associated with the user of the smart device 104, … an appropriate QR code can be electronically generated based on such predicted and/or inferred information (e.g., the QR code can be generated ahead of time so as to represent an identifier of the predicted/inferred merchant, so as to represent an indication of the predicted/inferred geo-location, so as to represent an indication of the predicted/inferred time/date, so as to represent an indication of the predicted/inferred product/service, and/or so as to represent an indication of the predicted/inferred price)). In regards to claim 8, the computer-implemented method of claim 8 is similarly analyzed and rejected as the system claim 1. In regards to claim 10, the computer-implemented method of claim 10 is similarly analyzed and rejected as the system claim 3. In regards to claim 11, the computer-implemented method of claim 11 is similarly analyzed and rejected as the system claim 4. In regards to claim 12, the computer-implemented method of claim 12 is similarly analyzed and rejected as the system claim 5. In regards to claim 14, the computer-implemented method of claim 14 is similarly analyzed and rejected as the system claim 7. In regards to claim 15, the non-transitory computer-readable medium of claim 15 is similarly analyzed and rejected as the system claim 1 and method claim 8. In regards to claim 17, the non-transitory computer-readable medium of claim 17 is similarly analyzed and rejected as the system claim 3 and method claim 10. In regards to claim 18, the non-transitory computer-readable medium of claim 18 is similarly analyzed and rejected as the system claim 4 and method claim 11. In regards to claim 19, the non-transitory computer-readable medium of claim 19 is similarly analyzed and rejected as the system claim 5 and method claim 12. Regarding claim 21, the combination of Babcock in view of Davey teaches the system of claim 1, wherein the computing environment is further configured to: receive device attribute information from the mobile device displaying the dynamic QR code (Babcock, Para. 0109, the scanner 110 can be any suitable optical sensor and/or imaging device (e.g., barcode scanner, camera) that can sense and/or capture optical and/or visual information rendered and/or displayed on the display 106. In some cases, the POS device 108 can be an automated cash register and/or kiosk which can interact with customers before, during, and/or after commercial transactions) and (Babcock, Para. 0131, including merchant identity and/or user identify information that can facilitate enhanced, context-based QR code generation in accordance with one or more embodiments described herein. As shown, the system 600 can, in some cases, comprise the same components as the system 500, and can further comprise merchant identity information 602 and/or user identity information 604), the device attribute information comprising a device identifier, a geolocation, and a device usage pattern (Babcock, Para. 0135, such that the QR code 702 represents, indicates, symbolizes, and/or is correlated to the financial instrument information 302, the geo-location information 402, the time/date information 404, the product/service information 502, the price/value information 504, the merchant identity information 602, and/or the user identity information 604); authenticate the dynamic QR code based on the device attribute information matching a set of stored device attributes associated with the entity account (Babcock, Para. 0091, the smart device can then compare the inputted/provided fingerprint signature, facial signature, and/or vocal signature to stored fingerprint signatures, facial signatures, and/or vocal signatures that are known to correspond to authorized users of the smart device and/or to authorized users of QR codes. If the smart device determines that the inputted/provided biometric signatures match and/or correspond to the stored biometric signatures (e.g., if the smart device recognizes the first entity as being authorized to use QR codes and/or to use the smart device), the smart device can electronically generate and/or display a QR code at the instruction of the first entity); monitor contextual parameters associated with each dynamic access QR code (Babcock, Para. 0076, such context-based information can be verified and/or cross-checked by the point-of-sale device and/or by the payment processing system in order to reduce the occurrence of fraud (e.g., if the context-based information characterizing the transaction for which the QR code is generated and/or for which the QR code is intended to be used matches and/or corresponds to known context-based information of the current transaction), the contextual parameters comprising a real-time network status of the loT service device (Babcock, Para. 0336, various embodiments of the subject innovation can electronically generate enhanced and/or enriched QR codes in real-time in order to facilitate a current transaction between a buyer/customer ), a user authentication state on the mobile device, and a proximity of the mobile device to the loT service device as determined by Bluetooth or Near Field Communication (NFC) signals (Babcock, Para. 0064, an electronic beacon at or near the point-of-sale device can transmit a signal that indicates and/or identifies the products and/or services involved in the transaction (e.g., the point-of-sale device can track which products/services are involved in the transaction by scanning barcodes during checkout). In such case, the smart device can receive the signal from the electronic beacon and can incorporate an indication of the products and/or services identified by the electronic beacon into the electronically generated QR code. In various cases, the smart device can receive input ); compare the monitored contextual parameters to predetermined validity criteria associated with the entity account (Babcock, Para. 0168, the point-of-sale device can independently track details and/or context-based information of the transaction, and can thus check whether the predetermined transaction restrictions encoded in the QR code are satisfied by the current transaction); automatically invalidate the dynamic access QR code in response to detecting a deviation from the validity criteria (Babcock, Para. 0063, the payment processing system can transmit an unsuccessful verification/validation message to the point-of-sale device and/or can otherwise instruct the point-of-sale device to refuse to accept the payment information stored within and/or correlated to the electronically generated QR code and/or to refuse to provide the product/service to the first entity), wherein the deviation includes the mobile device leaving a predefined geofence, a loss of network connectivity, or a user de-authentication (Babcock, Para. 0060, the payment processing system can send an unsuccessful verification/validation message to the point-of-sale device and/or can otherwise instruct the point-of-sale device to refuse to accept the payment information stored within the electronically generated QR code and/or to refuse to provide the product/service to the first entity); and Page 11 of 20 transmit an invalidation notification to the loT service device and the mobile device upon an automatic invalidation (Babcock, Para. 0063, the payment processing system can transmit an unsuccessful verification/validation message to the point-of-sale device and/or can otherwise instruct the point-of-sale device to refuse to accept the payment information stored within and/or correlated to the electronically generated QR code and/or to refuse to provide the product/service to the first entity). Regarding claim 22, the combination of Babcock in view of Davey teaches the system of claim 1, wherein the computing environment is further configured to: delegate the dynamic QR code from the entity account to a secondary user account by (Babcock, Para. 0159, the transaction settlement system 802 can be any suitable collection and/or network of computer servers and/or databases that can facilitate the transfer of funds from one financial account to another based upon the financial instrument information stored within and/or correlated to the QR code): receiving a delegation request specifying the secondary user account, a delegation window, and a set of permitted operations (Babcock, Para. 0075, the point-of-sale device can query the first entity for its birthdate. As also mentioned, the point-of-sale device can then transmit both the electronically generated QR code (e.g., the information extracted from the electronically generated QR code) and the inputted user identity information to the payment processing system. Thus, the payment processing system can compare the user identity information encrypted within the electronically generated QR code with the inputted user identity information provided by the first entity); generating a delegated dynamic access QR code encoded with a subset of the original entity account's access limitations including a reduced transaction amount (Babcock, Para. 0082, including/encoding such temporal and/or time-fencing restrictions in (and/or correlating/mapping such temporal and/or time-fencing restrictions to) the electronically generated QR code can help to enhance the safety, security, and/or privacy of the transaction between the first entity and the second entity), a narrowed set of permitted IoT service devices, and a shortened time window (Babcock, Para. 0164, the POS device 108 can process and/or interpret (e.g., via the scanner 110) such one or more electronically generated QR codes to learn such restriction-based information, and the payment processing system 112 can verify whether such restriction-based information is satisfied in order to help detect and/or prevent fraudulent transactions. In this way, safe, secure, and/or private transmission and/or conveyance of financial instrument information can be facilitated); associating the delegated dynamic access QR code with a hierarchical permission structure in the database (Babcock, Para. 0282, multiple electronic personas can correspond to a single user of the smart device 104. In some cases, each persona can list different financial instrument information of the user (e.g., different credit card numbers of the user and/or different bank account numbers of the user), different restriction-based information of the user, different biometric-based information of the user, different gesture-based information of the user, and/or different privacy-based information of the user. There can be various purposes for a single user having multiple electronic personas), wherein permissions of the secondary user account are subordinate to those of the entity account (Babcock, Para. 0122, the financial instrument information 302 can be any suitable information pertaining to financial instruments and/or financial accounts associated with a user); and enabling the entity account to revoke, modify, or audit permissions of the delegated dynamic access QR code in real time (Babcock, Para. 0143, the payment processing system 112 can then transmit an unsuccessful verification/validation message to the POS device 108 and/or can otherwise instruct the POS device 108 to refuse to accept the financial instrument information 302 that is contained within and/or correlated to the QR code 702); receive a revocation request from the entity account associated with the dynamic access QR code (Babcock, Para. 0141, the payment processing system 112 can then transmit an unsuccessful verification/validation message to the POS device 108 and/or can otherwise instruct the POS device 108 to refuse to accept the financial instrument information 302 that is contained within and/or correlated to the QR code 702); update the database to mark the dynamic access QR code as revoked; and in response to a subsequent presentation of revoked dynamic access QR code at an IoT service device (Babcock, Para. 0142, financial instrument information in the QR code can be refused), deny access and generating a security alert to the entity account (Babcock, Para. 0141, the payment processing system 112 can then transmit an unsuccessful verification/validation message to the POS device 108 and/or can otherwise instruct the POS device 108 to refuse to accept the financial instrument information 302 that is contained within and/or correlated to the QR code 702). Regarding claim 22, the combination of Babcock in view of Davey teaches the system of claim 1, wherein, in response to validating the dynamic QR code, the computing environment is further configured to: establish a secure bi-directional communication channel between the IoT service device and the mobile device (Babcock, Fig. 4); transmit interaction parameters from the mobile device to the IoT service device via the secure bi-directional communication channel (Babcock, Para. 0116, the QR code system 102 can facilitate the safe, secure, and/or private transmission and/or conveyance of financial instrument information from the smart device 104 to the POS device 108 ), the interaction parameters comprising a transaction type, a resource amount, and an operation selection (Babcock, Para. 0116, the transaction context component 120 can receive, detect, and/or sense context-based information regarding the current transaction (e.g., geo-location, time/date, products/services, prices/values, merchant/user identifiers); receive, as part of the dynamic QR code or associated interaction request (Babcock, Para. 0304, receiving, by the device, a transaction confirmation based on a verification of a transaction completed using the identified QR code from the payment processor. In various aspects, the verification can be based on determining that the identified QR code corresponds to the merchant identifier transmitted by the point-of-sale device), a specification of resource partitioning instructions, the resource partitioning instructions comprising an allocation of interaction value among multiple entity accounts controlled by the same or different users (Babcock, Para. 0089, an electronically generated QR code restriction-based information defining situations and/or conditions in which payment information is deemed valid and/or invalid (e.g., geo-fencing restrictions, temporal and/or time-fencing restrictions, product/service restrictions, value/price restrictions, and/or merchant identity restrictions)); validate that each entity account of the multiple entity accounts has sufficient resources and is associated with valid dynamic access QR codes (Babcock, Para. 0059, the payment processing system can send a successful verification/validation message to the point-of-sale device and/or can otherwise instruct the point-of-sale device to accept the payment information stored within and/or correlated to the electronically generated QR code and/or to provide the product/service to the first entity), each with access limitations satisfying the partitioning instructions (Babcock, Para. 0086, because it allows the point-of-sale device and/or the payment processing system to determine whether the value/price restrictions that are indicated by the electronically generated QR code are satisfied by the actual values, prices, costs, and/or monetary amounts involved in the transaction known by the point-of-sale device); and upon successfully validating that each entity account of the multiple entity accounts has sufficient resources and is associated with valid dynamic access QR codes (Babcock, Para. 0185, the payment processing system 112 can determine that the known values/prices involved in the current transaction satisfy the value/price restrictions encoded and/or encrypted in (and/or correlated to) the QR code 702 (e.g., $100.00 does not exceed $300.00)), coordinate execution of the secure operation by: sequentially or concurrently debiting the specified amounts from each entity account in accordance with the resource partitioning instructions (Babcock, Para. 0159, the transaction settlement system 802 can be any suitable collection and/or network of computer servers and/or databases that can facilitate the transfer of funds from one financial account to another based upon the financial instrument information stored within and/or correlated to the QR code); aggregating the specified amounts into an aggregated value (Babcock, Para. 0146, the price/value information 504 inputted into and/or correlated to the QR code 702 can be considered as a price stamp that identifies the overall and/or itemized monetary amounts for which the QR code 702 was generated by the smart device 104); and facilitating transfer of the aggregated value to a target account associated with the loT service device (Babcock, Para. 0159, the transaction settlement system 802 can be any suitable collection and/or network of computer servers and/or databases that can facilitate the transfer of funds from one financial account to another based upon the financial instrument information stored within and/or correlated to the QR code). Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Babcock et al. (US 2022/0147966 A1), hereinafter Babcock in view of Davey (US 11,706,219 B1), hereinafter Davey and further in view of Hammad (WO 2013/082190 Al) hereinafter Hammad. Regarding claim 24, the combination of Babcock in view of Davey teaches do not explicitly teach the system of claim 1, wherein the computing environment further comprises a machine-learning model configured to analyze historical usage data of the entity account (Babcock, Para. 0333, a machine learning model (e.g., a trainable function as described herein) can receive as input any suitable information related to a user (e.g., transaction/purchase history of the user, online shopping carts associated with the user, online wish lists associated with the user, online product/service reviews written by the user, online social media accounts associated with the user, any other information associated with the user's behavior, and/or so on) and the dynamic QR code (Babcock, Para. 0334, in various aspects, one or more users that are similar to a given user can be identified via any suitable technique (e.g., via a similarity algorithm, such as collaborative filtering, that can compare profile/persona characteristics, preferences, demographics, transaction histories, QR code restrictions, and/or so on in order to determine whether the one or more users are similar to the given user)), and wherein, upon receipt of the digital request using the dynamic QR code (Babcock, Para. 0202, the QR code system 102 and/or the smart device 104 can generate and/or select a QR code (e.g., 702) only if the QR code system 102 determines that the transaction context information satisfies and/or is consistent with the transaction restrictions, at act 1606), the machine-learning model is configured to: calculate a risk score for the secure operation based on at least interaction location, interaction amount, time of access, and device behavioral patterns; compare the risk score to a configurable risk threshold associated with the entity account; if the risk score exceeds the threshold, automatically initiate a risk-based response comprising (i) requesting additional authentication from the user, , the audit trail comprising a timestamp, location data, the entity account identifier, and details of an interaction performed; store the audit trail in a tamper-evident database; and provide access to the audit trail to authorized personnel for forensic review. However, Hammad teaches the machine-learning model is configured to: calculate a risk score for the secure operation based on at least interaction location (Hammad, Para. 0043, utilize for the transaction (see 116b), and the dependence of the transaction risk level of a transaction risk type associated with the transaction request on the familiarity of the TSGS with the geographic location of the originator of the transaction (see 116b)), interaction amount (Hammad, Para. 0043, transaction cost), time of access ((Hammad, Para. 0049, Transaction Timestamp Required SCSReqTime (Length - 14, Numeric digits, YYYYMMDDHHMMSS)), and device behavioral patterns (Hammad, Para. 0043, the TSGS may also utilize device fingerprinting data in real-time risk assessment/security protocol graduation for online and/or mobile transactions); compare the risk score to a configurable risk threshold associated with the entity account (Hammad, Para. 0046, the TSGS may recalculate the risk score associated with the risk type. If the risk score is acceptable, see 221, (e.g., lower than a maximum allowable risk threshold value for the risk type for the current transaction), then the TSGS may authorize the transaction (assuming no other transaction risks are present that need to be mitigated)); if the risk score exceeds the threshold, automatically initiate a risk-based response comprising (Hammad, Para. 0037, the TSGS may categorize risks associated with a type of transaction risk into graduated levels. According to the graduated level of the risk type, the TSGS may appropriately escalate (or de-escalate, as the case may be) the security protocol(s) required to mitigate the risk. For example, where a transaction risk type is at a higher risk level) (i) requesting additional authentication from the user (Hammad, Para. 0037, according to the graduated level of the risk type, the TSGS may appropriately escalate (or de-escalate, as the case may be) the security protocol(s) required to mitigate the risk. For example, where a transaction risk type is at a higher risk level, the TSGS may escalate the security protocol required to authorize the transaction to a more secure protocol), (Hammad, Para. 0036, current user transaction request details, historical (including recent/real-time) user virtual wallet activity, historical fraud reporting data (e.g., including parameters correlated to fraudulent activity), responses to secure authentication requests, ), the audit trail comprising a timestamp (Hammad, Para. 0050), location data (Hammad, Para. 0043), the entity account identifier (Hammad, Paras. 0030-0032), and details of an interaction performed (Hammad, Para. 0043) and (Para.0050); store the audit trail in a tamper-evident database (Hammad, Para. 0050, stored credential service (SCS) processing component within embodiments of the TSGS); and provide access to the audit trail to authorized personnel for forensic review (Hammad, Para. 0062, Within implementations, the TSGS may generate fraud reports based on the SCS status verification, which may be sent to a processing network hourly. In one implementation, the TSGS database may retain l year of rolling history for fraud reports). Babcock, Davey and Hammad are all considered to be analogous to the claimed invention because they are in the same field of identifying an entity account associated with a verified dynamic access code. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified Babcock and Davey to incorporate the teaching of Hammad to include the machine-learning model is configured to: calculate a risk score for the secure operation based on at least interaction location (Hammad, Para. 0043), interaction amount (Hammad, Para. 0043), time of access ((Hammad, Para. 0049), and device behavioral patterns (Hammad, Para. 0043); compare the risk score to a configurable risk threshold associated with the entity account (Hammad, Para. 0046); if the risk score exceeds the threshold, automatically initiate a risk-based response comprising (Hammad, Para. 0037) (i) requesting additional authentication from the user (Hammad, Para. 0037), (Hammad, Para. 0036), , the audit trail comprising a timestamp (Hammad, Para. 0050), location data (Hammad, Para. 0043), the entity account identifier (Hammad, Paras. 0030-0032), and details of an interaction performed (Hammad, Para. 0043) and (Para.0050); store the audit trail in a tamper-evident database (Hammad, Para. 0050); and provide access to the audit trail to authorized personnel for forensic review (Hammad, Para. 0062). Doing so would aid the rules defined by issuers, insurers, merchants, payment processor and/or other entities to facilitate processing of specialized goods and services (Hammad, Para. 00238). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GITA FARAMARZI whose telephone number is (571)272-0248. The examiner can normally be reached Monday- Friday 9:00 am- 6:00 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached at (571)272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GITA FARAMARZI/Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Sep 27, 2024
Application Filed
Jan 12, 2026
Non-Final Rejection mailed — §101, §103, §112
Feb 12, 2026
Interview Requested
Feb 24, 2026
Applicant Interview (Telephonic)
Feb 26, 2026
Examiner Interview Summary
Mar 13, 2026
Response Filed
Jun 29, 2026
Final Rejection mailed — §101, §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12627633
SYSTEM AND METHOD FOR APPLICATION TRAFFIC AND RUNTIME BEHAVIOR LEARNING AND ENFORCEMENT
5y 9m to grant Granted May 12, 2026
Patent 12339997
ENTITY FOCUSED NATURAL LANGUAGE GENERATION
2y 1m to grant Granted Jun 24, 2025
Patent 12316648
Data value classifier
5y 10m to grant Granted May 27, 2025
Patent 12301564
VIRTUAL SESSION ACCESS MANAGEMENT
4y 3m to grant Granted May 13, 2025
Patent 12256022
BLOCKCHAIN TRANSACTION COMPRISING RUNNABLE CODE FOR HASH-BASED VERIFICATION
3y 3m to grant Granted Mar 18, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
53%
Grant Probability
72%
With Interview (+19.1%)
3y 7m (~1y 10m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 78 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month