Prosecution Insights
Last updated: July 17, 2026
Application No. 18/971,236

SYSTEM AND METHOD FOR SUPPLEMENTAL FIDO KEYS IN A SWITCHING NETWORK AUTHENTICATION

Non-Final OA §101§103
Filed
Dec 06, 2024
Examiner
RAZA, ZEHRA
Art Unit
3697
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Capital One Services LLC
OA Round
1 (Non-Final)
45%
Grant Probability
Moderate
1-2
OA Rounds
3y 0m
Est. Remaining
93%
With Interview

Examiner Intelligence

Grants 45% of resolved cases
45%
Career Allowance Rate
84 granted / 186 resolved
-6.8% vs TC avg
Strong +48% interview lift
Without
With
+48.0%
Interview Lift
resolved cases with interview
Typical timeline
4y 8m
Avg Prosecution
20 currently pending
Career history
219
Total Applications
across all art units

Statute-Specific Performance

§101
3.1%
-36.9% vs TC avg
§103
87.2%
+47.2% vs TC avg
§102
5.7%
-34.3% vs TC avg
§112
3.7%
-36.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 186 resolved cases

Office Action

§101 §103
DETAILED ACTION The following NON-FINAL Office action is in response to Application filed on December 6, 2024 for application 18971236 Acknowledgements Claims 21-33 have been added. Claims 8-20 have been canceled. Claims 1-7 and 21-33 are pending. Claims 1-7 and 21-33 have been examined. Notice of Pre-AIA or AIA Status The present application, filed on or after December 13, 2013, is being examined under the first inventor to file provisions of the AIA . Election/Restrictions Claims 8-20 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected species B and C, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 02/02/2026. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-7 and 21-33 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. In the instant case, claims 1-7 are directed to a method, claims 21-27 are directed to a product (switching node) and claims 28-33 are directed to a non-transitory computer-readable medium. Therefore, these claims fall within the four statutory categories of invention. The claims recite verifying identity of a user which is an abstract idea. Specifically, the claim recites “receiving encrypted data to verify an identity of a user account…; routing the encrypted data to verify the identity of the user account; receiving a registration request associated with the user account including a client identifier (client ID) and at least one Fast Identity Online (FIDO) key associated with the user account; receiving a response indicating that the identity of the user account is verified; in response to receiving the response registering the client ID with the at least one FIDO key; and transmitting a message to the relying party that the identity of the user account is verified” which is grouped within the “certain methods of organizing human activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test, classified under “fundamental economic principles or practices”, specifically “mitigating risk” as part of a transaction (See MPEP 2106, specifically 2106.04(a)) because – for example, in this case, the claims involve a series of steps for verifying identity of a user associated with a contactless card and registering a client identifier (client ID) and at least one Fast Identity Online (FIDO) key associated with the user account. Accordingly, the claim recites an abstract idea (See MPEP 2106, specifically 2106.04(a)). This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See MPEP 2106.04(d)), the additional elements of the claims such as the use of a switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key merely involves using a computer as a tool to perform an abstract idea and/or generally links the use of a judicial exception to a particular technological environment. The use of a switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key to implement the abstract idea and/or generally linking the use of the abstract idea to a particular technological environment] does not render the claim patent eligible because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. Specifically, a switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key perform the steps or functions of “receiving encrypted data to verify an identity of a user account…; routing the encrypted data to verify the identity of the user account; receiving a registration request associated with the user account including a client identifier (client ID) and at least one Fast Identity Online (FIDO) key associated with the user account; receiving a response indicating that the identity of the user account is verified; in response to receiving the response registering the client ID with the at least one FIDO key; and transmitting a message to the relying party that the identity of the user account is verified”. The additional claim elements are not indicative of integration into a practical application, because the claims do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See MPEP 2106, specifically 2106.05), the additional elements of the switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key, to perform the steps amounts to no more than using the switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key to automate and/or implement the abstract idea of verifying identity of a user. As discussed above, taking the claim elements separately the switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key perform the steps of Claim 1. These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of verifying identity of a user. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of the switching node, a payment instrument, a relying party server, an authentication server, a computing device and a Fast Identity Online (FIDO) key to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible. Dependent claims further describe the detailed steps required to registering the client ID with the at least one FIDO key such as storing the client ID and the associated at least one FIDO key and querying the database using the client ID from the subsequent authentication request to determine whether the client ID and associated at least one FIDO key are stored further elaborating on the abstract idea of verifying identity of a user. The dependent claims recite additional elements such as “the distributed storage system”, however, they do not integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-7 and 21-33 are rejected under 35 U.S.C. 103 as being unpatentable over OSBORN et al. (US 2020/0265427 A1) in view of Nowak et al. (US 10,917,405 B2) Regarding Claim 1, 21 and 28, OSBORN discloses: a method comprising: receiving, at a switching node, encrypted data of a payment instrument (“¶0073 contactless card”) via a relying party server, the encrypted data to verify an identity of a user account associated with the payment instrument; (¶0047, ¶0048, ¶0064, ¶0195) routing, by the switching node, the encrypted data to an authentication server to verify the identity of the user account; (¶0048, ¶0050 “verifying the MAC cryptogram may be performed by a device other than client device 110, such as a server 120”, ¶0084 “also referred to as server 320 may be configured to validate one or more credentials from contactless card 305 and/or client device 310 by comparison with one or more credentials in database”, ¶0165, ¶0172, ¶0175, ¶0178, ¶0179, ¶0180 “one or more servers may receive the encrypted data from the device and may decrypt it in order to compare the received data to record data accessible to the one or more servers”, ¶0196-¶0197) [receiving, at the switching node, a registration request from a computing device associated with the user account], the registration request including a client identifier (client ID) and at least one Fast Identity Online (FIDO) key associated with the user account; (¶0185, ¶0190, ¶0196 “the tablet may transmit the user's contactless card information (e.g., account number, account holder name, account holder address, security code, a unique card identifier) and/or transaction information ( e.g., amount, merchant name, merchant location, date, time goods or services purchased) to the third-party to process a payment for the transaction) receiving, by the switching node, a response from the authentication server indicating that the identity of the user account is verified; (¶0175 “a server activates a card and application may then displays a message indicating successful activation of the card”, ¶0181 “the one or more servers may transmit a return message based on the successful activation of the card”, ¶0193 “server 1310 may then perform any authentication processes necessary and sends the results of the authentication processes to client device”) in response to receiving the response from the authentication server, registering, by the switching node, the client ID with the at least one FIDO key; and (¶0186, ¶0188, ¶0190, ¶0191 “Once the server 1310 receives the FIDO public key, the server 1310 may store the FIDO public key in the database in association with an account for the user”) transmitting, by the switching node, a message to the relying party server that the identity of the user account is verified. (¶0159, ¶0161, ¶0180, ¶0188, ¶196) OSBORN does not disclose: [receiving, at the switching node, a registration request from a computing device associated with the user account]. Nowak however discloses: [receiving, at the switching node, a registration request from a computing device associated with the user account] (Col. 4 lines 57-59, Col. 6 lines 34-67 ) Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the method of OSBORN to include “[receiving, at the switching node, a registration request from a computing device associated with the user account]”, as disclosed in Nowak, in order to provide a platform for providing a variety of FIDO authentication services to clients (see Nowak abstract). Regarding Claims 2, 23, and 29, OSBORN discloses: wherein registering the client ID with the at least one FIDO key includes storing, by the switching node, the client ID and the associated at least one FIDO key in a distributed storage system associated with the switching node (¶0191). Regarding Claims 3, 23 and 30, OSBORN discloses: storing, by the switching node, the client ID and the associated at least one FIDO key in the distributed storage system for a predetermined period of time (¶0191).; and removing the client ID and the associated at least one FIDO key from the distributed storage system after the predetermined period of time has expired (¶0113). Regarding Claims 4, 24 and 31, OSBORN discloses: wherein the processing circuit is further caused to: receive, from the relying party server, a subsequent authentication request including the at least one FIDO key and the client ID; query the distributed storage system using the client ID from the subsequent authentication request to determine whether the client ID and associated at least one FIDO key are stored in the distributed storage system; in response to the client ID and associated at least one FIDO key being stored in the distributed storage system, access the associated at least one FIDO key in the distributed storage system; and compare the at least one FIDO key in the distributed storage system to the at least one FIDO key received in the subsequent authentication request (¶0175 “a server activates a card and application may then displays a message indicating successful activation of the card”, ¶0181 “the one or more servers may transmit a return message based on the successful activation of the card”, ¶0193 “server 1310 may then perform any authentication processes necessary and sends the results of the authentication processes to client device”) Regarding Claims 5 and 25, OSBORN discloses: in response to the at least one FIDO key from the subsequent authentication request corresponding to the at least one FIDO key associated with the client ID in the distributed storage system, authorizing, by the switching node, the subsequent authentication request (¶0186, ¶0188, ¶0190, ¶0191 “Once the server 1310 receives the FIDO public key, the server 1310 may store the FIDO public key in the database in association with an account for the user”) Regarding Claims 6, 26 and 32, OSBORN discloses: before storing the client ID and the associated at least one FIDO key in the distributed storage system: sending a request, by the switching node, to a computing device associated with the user account to permit the switching node to store the client ID and the at least one FIDO key in the distributed storage system; and receiving a message, at the switching node and from the computing device, indicating the switching node is authorized to store the client ID and the associated at least one FIDO key in the distributed storage system (¶0165, ¶0172, ¶0175, ¶0178, ¶0179, ¶0180 “one or more servers may receive the encrypted data from the device and may decrypt it in order to compare the received data to record data accessible to the one or more servers”, ¶0196-¶0197) Regarding Claims 7, 27 and 33, OSBORN discloses: in response to the computing device of the relying party server receiving the indication that the user account is verified, permitting a transaction to proceed or permitting an access request to proceed (¶0159, ¶0161, ¶0180, ¶0188, ¶196). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZEHRA RAZA whose telephone number is (571)272-8128. The examiner can normally be reached 10AM-6:30PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached at (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ZEHRA RAZA/Examiner, Art Unit 3697 /JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3697
Read full office action

Prosecution Timeline

Dec 06, 2024
Application Filed
Jun 08, 2026
Non-Final Rejection mailed — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12675792
NODE MONITORING TO DETECT MISCLASSIFIED ON-CHAIN ADDRESSES
3y 4m to grant Granted Jul 07, 2026
Patent 12657580
SYSTEMS AND METHODS FOR PROVIDING QUEUED CREDENTIALS FOR AN ACCOUNT
2y 1m to grant Granted Jun 16, 2026
Patent 12613942
MANAGE TRAINING DATA IN ARTIFICIAL INTELLIGENCE
1y 8m to grant Granted Apr 28, 2026
Patent 12608692
SYSTEM, COMMUNICATION TERMINAL, METHOD, AND RECORDING MEDIUM
3y 7m to grant Granted Apr 21, 2026
Patent 12579541
Efficient Creation of Non-Fungible Tokens
4y 3m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
45%
Grant Probability
93%
With Interview (+48.0%)
4y 8m (~3y 0m remaining)
Median Time to Grant
Low
PTA Risk
Based on 186 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month