Prosecution Insights
Last updated: July 17, 2026
Application No. 18/941,991

ACCESS CONTROLLER FOR SECURE TRANSACTIONS

Non-Final OA §103
Filed
Nov 08, 2024
Priority
Feb 21, 2020 — continuation of 11/489,835 +1 more
Examiner
WOLDEMARIAM, NEGA
Art Unit
2407
Tech Center
2400 — Computer Networks
Assignee
Asa Technologies Corporation
OA Round
1 (Non-Final)
76%
Grant Probability
Favorable
1-2
OA Rounds
1y 9m
Est. Remaining
94%
With Interview

Examiner Intelligence

Grants 76% — above average
76%
Career Allowance Rate
474 granted / 624 resolved
+18.0% vs TC avg
Strong +18% interview lift
Without
With
+18.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 6m
Avg Prosecution
13 currently pending
Career history
639
Total Applications
across all art units

Statute-Specific Performance

§101
0.3%
-39.7% vs TC avg
§103
91.2%
+51.2% vs TC avg
§102
7.6%
-32.4% vs TC avg
§112
0.6%
-39.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 624 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of claims This office action is in response to claims filed on 11/08/2024; the parent application priority date of 02/21/2020 is considered Claim 1 is pending and rejected Information Disclosure Statement The information disclosure statement (IDS) submitted on 11/08/2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claim 1 is rejected on the ground of nonstatutory double patenting as being anticipated by claim 1 of U.S. Patent No. 11,489,835 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the parent claimed patents and the instant application are directed to access control for secure transaction. Please see the table below for claim comparison. Instant application US 11,489,835 B2 1. A method for performing secure transactions, comprising: providing an access controller between a core application and a third-party application, wherein the access controller prevents the third-party application from unauthorized access to the core application; receiving, by the access controller, a command from the third-party application to access the core application; transmitting, by the access controller, an authorization request to a secure application storing credentials of a user; providing, by the access controller, the third-party application with access to the core application in response to the access controller receiving notification from the secure application that the command is authorized; and preventing, by the access controller, the third-party application from accessing the core application in response to the access controller receiving notification from the secure application that the command is unauthorized. 1. A method for performing secure transactions, comprising: providing an access controller between a core application and a third-party application, wherein the access controller prevents the third-party application from unauthorized access to the core application, wherein the access controller is independent from the core application; receiving, by the access controller, a command from the third-party application to access the core application; receiving, by the access controller, an identifier associated with the command and identifying a secure application, wherein the identifier is one of a two-dimensional bar code, numerical value, or a string, generated by the secure application and transmitted by the third-party application, wherein the third-party application and the secure application execute on a mobile device of a user; transmitting, by the access controller, an authorization request to the secure application storing credentials of the user, wherein the access controller transmits the authorization request to the secure application based on the identifier; providing, by the access controller, the third-party application with access to the core application in response to the access controller receiving a notification from the secure application that the command is authorized; and preventing, by the access controller, the third-party application from accessing the core application in response to the access controller receiving the notification from the secure application that the command is unauthorized. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Clancy et al. US Pub. No.: 2013/0268997 A1 (hereinafter Clancy) in view of Hockey et al US Pub. No: 2019/0318122 A1 (hereinafter Hockey). Clancy discloses: As to claim 1, A method for performing secure transactions, comprising: providing an access controller between a core application and a third-party application, wherein the access controller prevents the third-party application from unauthorized access to the core application (see Clancy Figs. 1, 6-7 and ¶¶66 99 101, policy engine 118 [i.e. access controller] determines whether a call, by an application 110 [i.e. third-party application], to execute privileged code [i.e. core application] may be executed application 110 [i.e. third party application] seeking to execute a privileged code service 140, … privileged code policy engine 118 [i.e. access controller] to facilitate determining whether the originating application is authorized to execute the requested privileged code [i.e. core application]… enforce the determination and may either allow or disallow the execution of privileged code service 140 [i.e., access controller prevents the third-party application from unauthorized access to the core application]; ¶103, methods for enforcing security and access control policies on privileged code execution on mobile devices may include calling, by an application 110 to a system controller 134, to execute privileged code; requesting, by the system controller 134 to an inter-process communications controller 138A, for a permission to access the privileged code [i.e. core application]; requesting, by the system controller 134 to a privileged code policy engine 118 [i.e., access controller], a determination whether the application 110 is permitted to access the privileged code; determining, by the privileged code policy engine 118, whether the application 110 may execute the privileged code; and enforcing, by the system controller 134, the determination by the privileged code policy engine 118 [i.e., determining and enforcing whether the application is permitted to access privileged code is preventing the third-party application from unauthorized access to the core application]); receiving, by the access controller, a command from the third-party application to access the core application (see Clancy ¶92, an application 110 [third-party application] seeking to execute a privileged code service 140 [i.e. a command to access the core application] may attempt to make such a privileged code service 140 execution attempt by interfacing with the system controller 134…this service may make an access decision request of the privileged code policy engine 118 [i.e. access controller receiving a command for access] to facilitate determining whether the originating application is authorized to execute the requested privileged code [i.e. receiving by the access controller a commend from the third-party application to access core application]; providing, by the access controller, the third-party application with access to the core application in response to the access controller receiving notification from the secure application that the command is authorized (see Clancy ¶92, service may make an access decision request of the privileged code policy engine 118 to facilitate determining whether the originating application is authorized to execute the requested privileged code [i.e. provide/prevent command to execute core application]; ¶¶108-109, the policy engine 118 determines whether a call, by an application 110, to execute privileged code may be executed.[i.e. providing/preventing access authorization to the core/privileged code/application]; ¶¶83 127, The policy server 106 [i.e. secure application] may serve policies upon request from the policy engine 118…permissions for applications, processes, users, groups 126, and other policy checks 128; ¶174, the policy engine 118 may be connected to policy server 106, which may push one or more policies 130 as policy data to the policy engine 118 [i.e. receiving notification from secure application]; ¶175, policy engine 118 may be used to enforce one or more security policies on the system 102 [i.e. providing/preventing access authorization to the core/privileged code/application upon receiving a notification from the secure application]); and preventing, by the access controller, the third-party application from accessing the core application in response to the access controller receiving notification from the secure application that the command is unauthorized (see Clancy ¶92, service may make an access decision request of the privileged code policy engine 118 to facilitate determining whether the originating application is authorized to execute the requested privileged code [i.e. provide/prevent command to execute core application]; ¶¶108-109, the policy engine 118 determines whether a call, by an application 110, to execute privileged code may be executed. In some embodiments, the policy engine 118 [i.e. may be a privileged code policy engine; ¶¶83 127, The policy server 106 [i.e. secure application] may serve policies upon request from the policy engine 118…permissions for applications, processes, users, groups 126, and other policy checks 128; ¶174, the policy engine 118 may be connected to policy server 106, which may push one or more policies 130 as policy data to the policy engine 118 [i.e. receiving notification from secure application]; ¶175, policy engine 118 may be used to enforce one or more security policies on the system 102 [i.e. providing/preventing access authorization to the core/privileged code/application upon receiving a notification from the secure application]); Although Clancy discloses: transmitting, by the access controller, an authorization request to a secure application (see Clancy ¶127, policy server 106 may serve policy requests 622 from the policy engine 118 …, permissions for applications, processes, users, groups 126, and other policy checks 128.) Clancy does not explicitly disclose but the related art Hockey discloses: transmitting, by the access controller, an authorization request to a secure application storing credentials of a user (see Hockey ¶¶471 488, in order to execute the transaction requested by the external user-facing system/application 1308, the trusted third-party processor system 1312 communicates with the permissions management system 1304 to obtain account details (e.g., account and routing numbers) of the user, and to get authorization to execute the transaction) ; Therefore, it would have been obvious to one with ordinary skill in the art at the time the invention was filed to modify the systems for enforcing access control policies on privileged access for mobile devices disclosed by Clancy to include the secure permissioning of access to user accounts, including secure distribution of aggregated user account data as thought by Hockey. It would have been obvious to a person with ordinary skill in the art to create useful system and method for secure permissioning of access to user accounts, including secure distribution of aggregated user account data (see Hockey ¶5). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Montgomerie et al. US Pub. No.: 20210400037 A1: disclosing, Authenticated interaction with access control system is provided to prevent the surreptitious granting of access to privacy related functionality on an electronic device. Modi et al. US Pub. No.: 20210392136 A1: disclosing, service and security enhancement of communication services and authorization for access to an application server and associated communication service. Dunjic et al. US Pub. No.: 20210075791 A1: disclosing, managing third-party access to confidential data using dynamic ally generated application-specific credentials. Dunjic et al. US Pub. No.: 20210089657 A1: disclosing, a method for data security and, in particular, to systems and methods for evaluating security of third-party applications that request to gain access to a protected data resource Lin et al. US Pub. No.: 20190220419 A1: disclosing, secure electronic device safeguard intellectual property for the developers and further improves the security of the secure electronic device. Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Cathy Thiaw can be reached at 5712701138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. NEGA . WOLDEMARIAM Examiner Art Unit 2407 /N.W/ Examiner, Art Unit 2407 /Catherine Thiaw/ Supervisory Patent Examiner, Art Unit 2407 6/15/2026
Read full office action

Prosecution Timeline

Nov 08, 2024
Application Filed
Jun 18, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12676849
Account Authentication Using Synthetic Merchants
2y 2m to grant Granted Jul 07, 2026
Patent 12652281
USING A NATIVE LOGIN SCREEN TO LOG IN TO AN ALTERNATE SYSTEM
3y 2m to grant Granted Jun 09, 2026
Patent 12652172
SEPARATE ENCRYPTION OF DIFFERENT PARAMETERS OF AN ACCESS TOKEN
2y 0m to grant Granted Jun 09, 2026
Patent 12641078
SYSTEMS AND METHODS FOR AUTHENTICATING ACCESS TO A SERVICE BY A MOBILE DEVICE
3y 4m to grant Granted May 26, 2026
Patent 12615249
AES-GCM Engine Optimized for Execute-in-Place Authenticated Decryption
3y 4m to grant Granted Apr 28, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
76%
Grant Probability
94%
With Interview (+18.1%)
3y 6m (~1y 9m remaining)
Median Time to Grant
Low
PTA Risk
Based on 624 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month