Prosecution Insights
Last updated: July 17, 2026
Application No. 18/921,968

SYSTEMS AND METHODS FOR PASSIVE MULTI-FACTOR AUTHENTICATION OF DEVICE USERS

Final Rejection §103§112
Filed
Oct 21, 2024
Priority
Dec 30, 2020 — continuation of 12/126,615
Examiner
POLTORAK, PIOTR
Art Unit
2433
Tech Center
2400 — Computer Networks
Assignee
Mastercard International Incorporated
OA Round
2 (Final)
75%
Grant Probability
Favorable
3-4
OA Rounds
1y 8m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 75% — above average
75%
Career Allowance Rate
451 granted / 604 resolved
+16.7% vs TC avg
Strong +31% interview lift
Without
With
+30.7%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
14 currently pending
Career history
622
Total Applications
across all art units

Statute-Specific Performance

§101
1.5%
-38.5% vs TC avg
§103
85.1%
+45.1% vs TC avg
§102
3.6%
-36.4% vs TC avg
§112
6.5%
-33.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 604 resolved cases

Office Action

§103 §112
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION The communication received on 4/28/26 has been entered. Response to Arguments/Amendments Applicant’s arguments/amendments did not address the 112 rejection issues as well as the double patenting cited in the previous Office Action. These rejections are maintained for the reason of record. As per art rejection, applicant's arguments have been considered but are moot in view of the new ground(s) of rejection. (See Chick’s reference cited below.) Claims 21-40 are pending. The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Double Patenting The nonstatutory double patenting rejection of claim(s) 21-40 is/are maintained for the reason of record. Claim Rejections - 35 USC § 112 The rejection of claim(s) 22 and 29 is/are maintained for the reason of record. The examiner was unable to find the support for the newly introduced limitation: “wherein browsing the remote site occurs before the remote site requests user credentials to the user”. The following is a quotation of 35 U.S.C. 112(b): The rejection of claim(s) 22 and 29 is/are maintained for the reason of record. The limitation “wherein browsing the remote site occurs before the remote site requests user credentials to the user” is not understood. It is not clear whether the phrase should be read as remote site requests user credentials for or remote site requests user credentials of In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim Rejections - 35 USC § 103 Claim(s) 21-40 is/are rejected under 35 U.S.C. 103 unpatentable over Jordan (USPUB 20090265276) in view of Chick (CN107209821). Jordan teaches web-based transaction where after compiling the basket, the user selects a payment function activating self-service terminal independent of the smart client. Thereafter, the shop system transfers the basket itself to an identification information, which is assigned to the bank which displays the basket or identification information and outputs an authentication dialog for authentication of the suer. Via this authentication dialog, the user is authenticated based on received payment card and biometric features, see para 29-31. Subsequently, the user has to confirm the transaction in order to authorize the transaction upon which the bank posts the amount necessary for the transaction from an account of the user to an account of the shop provider and the shop is informed that the posting has been carried out (see para 32-33). The above teaching addresses the limitation of claims 28 and 31-34, most notably the limitation: in response to initiating the first payment transaction, comparing, by the passive MFA server, biometrics data to a user profile model; transmitting, by the passive MFA server via the communications interface to the ACS, a user authentication confidence generated based on the comparison determining, by the ACS, that the user authentication confidence score satisfies a predefined threshold for passively authenticating the user of the user computing device during the current session; and transmitting, by the ACS to the remote site in response to the determination and without conducting an active authentication process with the user, an indication that the user is authenticated for the first payment transaction. In the above interpretation the examiner made following assumption, the biometric data clearly would be compared with the previously received/enrolled biometric data (a user profile data), the confidence and confidence score: without a specific restricting limitation a skilled in the art would readily appreciate that comparison in computer science utilize numbers and Boolean structures. Lastly, not only specific computing modules/set of instructions could be interpreted as MFA/ACS and even remote site but also, separating computing functionalities to different server would have been (Official Notice is taken) old and well known in the computer science (especially in network and distributing computing) in the art at the time the application was filed offering the predictable benefit of flexibility and customization. As taught by Jordan, after internet shopping, where the shop system generates and provide a shop session to the bank system, the bank system uses the biometric authentication (para 14-16, 26-31, etc.), but Jordan is silent regarding the passive biometric data including at least one of (i) physical input interaction between the user and the user computing device while browsing the remote site, (ii) gesture and navigation behavior of the user on the remote site, and (iii) device handling of the user computing device by the user while on the remote site. However, in light of Chick’s teaching suggests such biometric data (biometric data collected based on mouse movement during web page browsing, see pg. 16), it would have been obvious to one of ordinary skill in the art at the time the application was filled to include Chick’s teaching into Jordan’s invention given the predictable benefit of authentication, customization and usability. Lastly, as other similar (system and computer readable medium) claims, a skilled in the art would readily appreciate that computing functionalities are accomplished by using processors executing computing instructions. Note that Jordan as modified teach browsing followed by (passive biometric) authentication utilizing the authentication threshold. Thus, there is no need to for the remote site requesting user credentials to the user. As a result, implementing such requesting could be done at any point, including after the process is completed, e.g., after the user completed a transaction and attempted to ask for additional access to the remote server requiring additional authentication. Moreover, this additional requesting would not affect the functionality of the invention. In other words, one could argue that having the remote terminal requesting user credentials to the user could have finite number of solutions: requesting before, after or during the browsing, not functionally affect the invention while offering the predictable benefit of customization. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peter Poltorak whose telephone number is (571) 272-3840. The examiner can normally be reached Monday through Thursday from 9:00 a.m. to 5:00 p.m. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). /PIOTR POLTORAK/ Primary Examiner, Art Unit 2433
Read full office action

Prosecution Timeline

Oct 21, 2024
Application Filed
Jan 17, 2025
Response after Non-Final Action
Jan 28, 2026
Non-Final Rejection mailed — §103, §112
Mar 19, 2026
Examiner Interview Summary
Mar 19, 2026
Applicant Interview (Telephonic)
Apr 28, 2026
Response Filed
Jul 07, 2026
Final Rejection mailed — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12676853
USER IDENTIFICATION WITH INPUT PROFILE RECORD
4y 9m to grant Granted Jul 07, 2026
Patent 12670267
CIPHERTEXT HYBRID OPERATION METHOD AND DEVICE
1y 9m to grant Granted Jun 30, 2026
Patent 12652283
AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, AND PROGRAM
3y 4m to grant Granted Jun 09, 2026
Patent 12627656
SECURE AUTHORIZATION FOR ACCESS TO PRIVATE DATA IN VIRTUAL REALITY
3y 3m to grant Granted May 12, 2026
Patent 12621284
SYSTEMS AND METHODS FOR USER AUTHENTICATION USING SUBJECT IDENTIFIER AND/OR SUBJECT IDENTIFIER DOCUMENTS
2y 1m to grant Granted May 05, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
75%
Grant Probability
99%
With Interview (+30.7%)
3y 5m (~1y 8m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 604 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month