Prosecution Insights
Last updated: July 17, 2026
Application No. 19/004,258

SYSTEMS AND METHODS FOR DYNAMIC AUTHENTICATION ACROSS DISPARATE SYSTEMS

Final Rejection §103
Filed
Dec 28, 2024
Priority
Dec 29, 2023 — provisional 63/616,069
Examiner
SHAAWAT, MAYASA A.
Art Unit
2433
Tech Center
2400 — Computer Networks
Assignee
Synchrony Bank
OA Round
2 (Final)
87%
Grant Probability
Favorable
3-4
OA Rounds
1y 0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 87% — above average
87%
Career Allowance Rate
152 granted / 174 resolved
+29.4% vs TC avg
Strong +22% interview lift
Without
With
+21.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
20 currently pending
Career history
203
Total Applications
across all art units

Statute-Specific Performance

§103
93.8%
+53.8% vs TC avg
§102
3.3%
-36.7% vs TC avg
§112
1.6%
-38.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 174 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment Claims 1-23 are currently pending and have been considered below. Claims 1, 8 and 15 are independent claims. Claims 21-23 are new claims Response to Arguments Applicant’s arguments with respect to claims 1-23 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-4, 6-11, 13-18 and 20-23 are rejected under 35 U.S.C. 103 as being unpatentable over McHugh(US Publication No. 2021/0192519 A1) in view of Bloom(US Publication No. 2021/0344659 A1) in further view of Kukreja (US Publication No. 2020/0127994 A1). Regarding Claim 1: McHugh discloses: A method comprising: receiving, through a web-based interface, a connection request from a user device(McHugh, [0026], Client device 110 may be in communication with one or more servers 120 via one or more networks 115 and may operate as a respective front-end to back-end pair with server 120), wherein the connection request includes personal identifiable information associated with a current user of the user device(McHugh, [0068], the information associated with the financial instrument, the third-party wallet app 502 may display the received information to the user for confirmation. For example, various card details 508 may be displayed, such as the type of card (e.g., debit, credit), account balance, available credit, etc.); selecting an authentication process from a plurality of authentication processes based on at least a portion of the personal identifiable information(McHugh, [0069], the banking app 514 may allow the user to perform at least one-tap contactless card authentication to verify the user's identity to complete the card verification process, [0071], The banking app 602 may receive log-in information from the user and determine whether access should be granted or denied based on the log-in information. Upon successfully logging in to the user's account, the banking app 602 may display one or more user identity verification options, e.g., text temporary code 606, one-tap contactless card authentication 608, ID card verification 610, as shown…); and facilitating execution of at least one action of the one or more actions(McHugh, [0064], the identity of the user has been verified, the third-party wallet application 402 may then be reopened and an indication 410 that the card has been successfully activated may be displayed). McHugh does not disclose: authenticating the user device by executing the authentication process using the portion of the personal identifiable information Bloom discloses: authenticating the user device by executing the authentication process using the portion of the personal identifiable information(Bloom, [0026], the person 305 is prompted to provide authentication information such as, for example, a username, a password, identification number (e.g., social security number, driver's license number, account number, etc.), and other personally identifying information (PII). [0032], The authenticator 330 may identify a second authentication process to be completed for the person 305 based on the risk score. The person 305 may be prompted to undergo additional authentication processes based on the likelihood that the authentication request is fraudulent as indicated by the risk score. [0015], The communication to the person 105 on their mobile device 120 may direct the person to perform a verification action such as providing a personal identification number (PIN) or a biometric identification (e.g., fingerprint, facial recognition, iris scan)); Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh's Authentication for third party digital wallet provisioning by enhancing McHugh’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Bloom in order to enhance the reliability and security of authentication processes in digital wallet provisioning systems. The motivation is to ensure that authentication decisions are based on verified user identity information to reduce fraudulent access and improve authentication accuracy. McHugh in view of Bloom in further view of Kukreja do not disclose: wherein the web-based interface enables temporary access to a resource associated with a user profile when access to a physical card associated with the user profile is unavailable establishing a temporary session for the user device wherein the temporary session restricts access to one or more features associated with user profile and enables execution of one or more actions associated with the resource Kukreja discloses: wherein the web-based interface enables temporary access to a resource associated with a user profile when access to a physical card associated with the user profile is unavailable (Kukreja, [0030], the applications 120 include a Web browser (not shown) operable to request access to a resource, [0008], receiving, by an access management system (AMS or AM system), an access token request from a client application, the access token request identifying a user and a resource to be accessed. The method further includes determining, by the AMS, that the user is authorized to access the resource; and generating, by the AMS, a first access token… presentable in an access request for obtaining access to the resource; [0038], access token expiration time 240. The access token 200 can be a token created for a particular user (identified by user ID 210) and for a particular session (identified by session ID 220). [0040], access token expiration time 240 may indicate a particular time at which the access token 200 is no longer valid, [0038], access token 200 may include a user ID 210, a session ID 220)); establishing a temporary session for the user device wherein the temporary session restricts access to one or more features associated with user profile and enables execution of one or more actions associated with the resource (Kukreja, [0025], access requests may be sent during a session… the user may request resources without having to re-authenticate. In some embodiments, a session can be an SSO session. [0038], a user ID 210, a session ID 220, rule information 230, and an access token expiration time. [0005], constraints, each constraint corresponding to a condition for granting or denying access. [0039], Rule information 230 may include one or more constraints 232 and a rule expiration time 234… [0038], access token 200 to be presented for accessing some, but not all of the resources. [0008], token is presentable in an access request for obtaining access to the resource. [0025], access requests may be sent during a session) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh in view of Bloom in further view of Kukreja’s Authentication for third party digital wallet provisioning by enhancing McHugh in view of Bloom in further view of Kukreja’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Kukreja in order to ensure secure, controlled and temporary access to resources by restricting access to only those features permitted during a session. The motivation is to ensure that authenticated users can perform authorized operations on protected resources in a secure and controlled manner during a valid session. Regarding Claim 2: The method of claim 1, McHugh in view of Bloom in further view of Kukreja disclose wherein the user profile correspond to accounts associated with the current user of the user device(Bloom, [0038], an operation 404 to transmit a prompt to a user device associated with the user for authentication of the user and authentication of the request. [0039], The prompt may include a QR code. The prompt may include directions for the user to authenticate at an ATM. The prompt may direct the user to sign in with a username and password through the proprietary application. The prompt may direct the user to provide biometric information such as a fingerprint, iris scan, or facial recognition image. ). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh's Authentication for third party digital wallet provisioning by enhancing McHugh’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Bloom in order to enhance the efficiency and reliability of user authentication interactions in digital wallet provisioning systems. The motivation is to ensure that the system can dynamically request and receive authentication information from the user device to properly authenticate the user. Regarding Claim 3: The method of claim 1, McHugh in view of Bloom in further view of Kukreja disclose wherein the one or more actions are determined based on the authentication process(Bloom, [0045], Based on the type of verified authentications and any risk calculations may alter the type or amount of secure data that is released. For example, when the person verifies their location through an application on their mobile device, the data holding entity may release general background information about the person… if the service provider is a doctor in a known network of medical providers. If the service provider is not known, such as a new credit union, then the data holding entity may request additional authentication of the service provider). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh's Authentication for third party digital wallet provisioning by enhancing McHugh’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Bloom in order to enhance the security and adaptability of system operations based on authentication outcomes. The motivation is to ensure that the system actions are conditionally executed based on authentication results to prevent unauthorized access and improve system security. Regarding Claim 4: The method of claim 1, McHugh in view of Bloom in further view of Kukreja disclose wherein the at least one action pushes a token into a secure environment of the user device, the token enabling access to a resource associated with a user profile of the user profile(McHugh, [0064], the user may be provided an option to perform card verification via a banking application 406. then the banking application option is selected, the banking application 406 may be opened, where the user can perform identity verification 408, for example via one-tap contactless card authentication, as will be further described below. When the identity of the user has been verified, the third-party wallet application. [0079], the user may be prompted to accept one or more terms and/or conditions related to adding or linking the one or more financial instruments to the third-party wallet. The user may select or press the “accept and add” icon, as shown, to proceed with adding or linking the financial instrument ) . Regarding Claim 6: The method of claim 1, McHugh in view of Bloom in further view of Kukreja disclose further comprising: identifying, using the personal identifiable information, the user profile associated with the current user of the user device, wherein selecting an authentication process is further based on the user profile(Bloom, [0026], the authentication process, the person 305 is prompted to provide authentication information such as, for example, a username, a password, identification number (e.g., social security number, driver's license number, account number, etc.), and other personally identifying information (PII). The person 305 may provide the data via a connection to the adaptive authentication interface system 315. Similarly, the service provider 306 may be prompted for identifying information to confirm identity. [0028], a user profile for the user from the user profile data 360). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh's Authentication for third party digital wallet provisioning by enhancing McHugh’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Bloom in order to enhance the security of authentication processes and protect against unauthorized access to user associated resources. The motivation is to ensure the authentication mechanisms incorporate user identity data and contextual evaluation to prevent unauthorized access, reduce fraud, and safeguard user profiles and associated resources. Regarding Claim 7: The method of claim 1, McHugh in view of Bloom in further view of Kukreja disclose wherein the authentication process includes transmitting a request to the user device for information associated with a user profile of the user profile(Bloom, [0038], The technique 400 includes an operation 404 to transmit a prompt to a user device associated with the user for authentication of the user and authentication of the request. The first entity may store contact information for the user, such as a phone number or email address. The first entity may transmit a communication, using the contact information, [0015], he communication to the person 105 on their mobile device 120 may direct the person to perform a verification action such as providing a personal identification number (PIN) or a biometric identification (e.g., fingerprint, facial recognition, iris scan). [0028], a user profile for the user from the user profile data 360).). Regarding Claim 8: McHugh discloses: A system comprising: one or more processors; and a non-transitory computer-readable medium storing instructions that when executed by the one or more processors, cause the one or more processors to perform operations including(McHugh, [0024], The client device 110 device can include a processor and a memory, and it is understood that the processing circuitry may contain additional components, including processors, memories): receiving, through a web-based interface, a connection request from a user device (McHugh, [0026], Client device 110 may be in communication with one or more servers 120 via one or more networks 115 and may operate as a respective front-end to back-end pair with server 120), wherein the connection request includes personal identifiable information associated with a current user of the user device (McHugh, [0068], the information associated with the financial instrument, the third-party wallet app 502 may display the received information to the user for confirmation. For example, various card details 508 may be displayed, such as the type of card (e.g., debit, credit), account balance, available credit, etc.); selecting an authentication process from a plurality of authentication processes based on at least a portion of the personal identifiable information (McHugh, [0069], the banking app 514 may allow the user to perform at least one-tap contactless card authentication to verify the user's identity to complete the card verification process, [0071], The banking app 602 may receive log-in information from the user and determine whether access should be granted or denied based on the log-in information. Upon successfully logging in to the user's account, the banking app 602 may display one or more user identity verification options, e.g., text temporary code 606, one-tap contactless card authentication 608, ID card verification 610, as shown…); and facilitating execution of at least one action of the one or more actions (McHugh, [0064], the identity of the user has been verified, the third-party wallet application 402 may then be reopened and an indication 410 that the card has been successfully activated may be displayed). McHugh does not disclose: authenticating the user device by executing the authentication process using the portion of the personal identifiable information Bloom discloses: authenticating the user device by executing the authentication process using the portion of the personal identifiable information (Bloom, [0026], the person 305 is prompted to provide authentication information such as, for example, a username, a password, identification number (e.g., social security number, driver's license number, account number, etc.), and other personally identifying information (PII). [0032], The authenticator 330 may identify a second authentication process to be completed for the person 305 based on the risk score. The person 305 may be prompted to undergo additional authentication processes based on the likelihood that the authentication request is fraudulent as indicated by the risk score. [0015], The communication to the person 105 on their mobile device 120 may direct the person to perform a verification action such as providing a personal identification number (PIN) or a biometric identification (e.g., fingerprint, facial recognition, iris scan)); Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh's Authentication for third party digital wallet provisioning by enhancing McHugh’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Bloom in order to enhance the reliability and security of authentication processes in digital wallet provisioning systems. The motivation is to ensure that authentication decisions are based on verified user identity information to reduce fraudulent access and improve authentication accuracy. McHugh in view of Bloom in further view of Kukreja do not disclose: wherein the web-based interface enables temporary access to a resource associated with a user profile when access to a physical card associated with the user profile is unavailable establishing a temporary session for the user device wherein the temporary session restricts access to one or more features associated with user profile and enables execution of one or more actions associated with the resource Kukreja discloses: wherein the web-based interface enables temporary access to a resource associated with a user profile when access to a physical card associated with the user profile is unavailable (Kukreja, [0030], the applications 120 include a Web browser (not shown) operable to request access to a resource, [0008], receiving, by an access management system (AMS or AM system), an access token request from a client application, the access token request identifying a user and a resource to be accessed. The method further includes determining, by the AMS, that the user is authorized to access the resource; and generating, by the AMS, a first access token… presentable in an access request for obtaining access to the resource; [0038], access token expiration time 240. The access token 200 can be a token created for a particular user (identified by user ID 210) and for a particular session (identified by session ID 220). [0040], access token expiration time 240 may indicate a particular time at which the access token 200 is no longer valid, [0038], access token 200 may include a user ID 210, a session ID 220)); establishing a temporary session for the user device wherein the temporary session restricts access to one or more features associated with user profile and enables execution of one or more actions associated with the resource (Kukreja, [0025], access requests may be sent during a session… the user may request resources without having to re-authenticate. In some embodiments, a session can be an SSO session. [0038], a user ID 210, a session ID 220, rule information 230, and an access token expiration time. [0005], constraints, each constraint corresponding to a condition for granting or denying access. [0039], Rule information 230 may include one or more constraints 232 and a rule expiration time 234… [0038], access token 200 to be presented for accessing some, but not all of the resources. [0008], token is presentable in an access request for obtaining access to the resource. [0025], access requests may be sent during a session) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh in view of Bloom in further view of Kukreja’s Authentication for third party digital wallet provisioning by enhancing McHugh in view of Bloom in further view of Kukreja’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Kukreja in order to ensure secure, controlled and temporary access to resources by restricting access to only those features permitted during a session. The motivation is to ensure that authenticated users can perform authorized operations on protected resources in a secure and controlled manner during a valid session. Regarding Claim 9: The system of claim 8, McHugh in view of Bloom in further view of Kukreja disclose wherein the user profile correspond to accounts associated with the current user of the user device (Bloom, [0038], an operation 404 to transmit a prompt to a user device associated with the user for authentication of the user and authentication of the request. [0039], The prompt may include a QR code. The prompt may include directions for the user to authenticate at an ATM. The prompt may direct the user to sign in with a username and password through the proprietary application. The prompt may direct the user to provide biometric information such as a fingerprint, iris scan, or facial recognition image. ). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh's Authentication for third party digital wallet provisioning by enhancing McHugh’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Bloom in order to enhance the efficiency and reliability of user authentication interactions in digital wallet provisioning systems. The motivation is to ensure that the system can dynamically request and receive authentication information from the user device to properly authenticate the user. Regarding Claim 10: The system of claim 8, McHugh in view of Bloom in further view of Kukreja disclose wherein the one or more actions are determined based on the authentication process (Bloom, [0045], Based on the type of verified authentications and any risk calculations may alter the type or amount of secure data that is released. For example, when the person verifies their location through an application on their mobile device, the data holding entity may release general background information about the person… if the service provider is a doctor in a known network of medical providers. If the service provider is not known, such as a new credit union, then the data holding entity may request additional authentication of the service provider). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh's Authentication for third party digital wallet provisioning by enhancing McHugh’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Bloom in order to enhance the security and adaptability of system operations based on authentication outcomes. The motivation is to ensure that the system actions are conditionally executed based on authentication results to prevent unauthorized access and improve system security. Regarding Claim 11: The system of claim 8, McHugh in view of Bloom in further view of Kukreja disclose wherein the at least one action pushes a token into a secure environment of the user device, the token enabling access to a resource associated with a user profile of the user profile (McHugh, [0064], the user may be provided an option to perform card verification via a banking application 406. then the banking application option is selected, the banking application 406 may be opened, where the user can perform identity verification 408, for example via one-tap contactless card authentication, as will be further described below. When the identity of the user has been verified, the third-party wallet application. [0079], the user may be prompted to accept one or more terms and/or conditions related to adding or linking the one or more financial instruments to the third-party wallet. The user may select or press the “accept and add” icon, as shown, to proceed with adding or linking the financial instrument ) . Regarding Claim 13: The system of claim 8, McHugh in view of Bloom in further view of Kukreja disclose wherein the operations further include: identifying, using the personal identifiable information, the user profile associated with the current user of the user device, wherein selecting an authentication process is further based on the one or more user profile (Bloom, [0026], the authentication process, the person 305 is prompted to provide authentication information such as, for example, a username, a password, identification number (e.g., social security number, driver's license number, account number, etc.), and other personally identifying information (PII). The person 305 may provide the data via a connection to the adaptive authentication interface system 315. Similarly, the service provider 306 may be prompted for identifying information to confirm identity. [0028], a user profile for the user from the user profile data 360). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh's Authentication for third party digital wallet provisioning by enhancing McHugh’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Bloom in order to enhance the security of authentication processes and protect against unauthorized access to user associated resources. The motivation is to ensure the authentication mechanisms incorporate user identity data and contextual evaluation to prevent unauthorized access, reduce fraud, and safeguard user profiles and associated resources. Regarding Claim 14: The system of claim 8, McHugh in view of Bloom in further view of Kukreja disclose wherein the authentication process includes transmitting a request to the user device for information associated with a user profile of the user profile (Bloom, [0038], The technique 400 includes an operation 404 to transmit a prompt to a user device associated with the user for authentication of the user and authentication of the request. The first entity may store contact information for the user, such as a phone number or email address. The first entity may transmit a communication, using the contact information, [0015], he communication to the person 105 on their mobile device 120 may direct the person to perform a verification action such as providing a personal identification number (PIN) or a biometric identification (e.g., fingerprint, facial recognition, iris scan). [0028], a user profile for the user from the user profile data 360).). Regarding Claim 15: McHugh discloses: A non-transitory computer-readable medium storing instructions that when executed by one or more processors, cause the one or more processors to perform operations including (McHugh, [0024], The client device 110 device can include a processor and a memory, and it is understood that the processing circuitry may contain additional components, including processors, memories): receiving, through a web-based interface, a connection request from a user device (McHugh, [0026], Client device 110 may be in communication with one or more servers 120 via one or more networks 115 and may operate as a respective front-end to back-end pair with server 120), wherein the connection request includes personal identifiable information associated with a current user of the user device (McHugh, [0068], the information associated with the financial instrument, the third-party wallet app 502 may display the received information to the user for confirmation. For example, various card details 508 may be displayed, such as the type of card (e.g., debit, credit), account balance, available credit, etc.); selecting an authentication process from a plurality of authentication processes based on at least a portion of the personal identifiable information (McHugh, [0069], the banking app 514 may allow the user to perform at least one-tap contactless card authentication to verify the user's identity to complete the card verification process, [0071], The banking app 602 may receive log-in information from the user and determine whether access should be granted or denied based on the log-in information. Upon successfully logging in to the user's account, the banking app 602 may display one or more user identity verification options, e.g., text temporary code 606, one-tap contactless card authentication 608, ID card verification 610, as shown…); The motivation is to ensure that authentication decisions are based on verified user identity information to reduce fraudulent access and improve authentication accuracy. and facilitating execution of at least one action of the one or more actions (McHugh, [0064], the identity of the user has been verified, the third-party wallet application 402 may then be reopened and an indication 410 that the card has been successfully activated may be displayed) McHugh does not disclose: authenticating the user device by executing the authentication process using the portion of the personal identifiable information Bloom discloses: authenticating the user device by executing the authentication process using the portion of the personal identifiable information (Bloom, [0026], the person 305 is prompted to provide authentication information such as, for example, a username, a password, identification number (e.g., social security number, driver's license number, account number, etc.), and other personally identifying information (PII). [0032], The authenticator 330 may identify a second authentication process to be completed for the person 305 based on the risk score. The person 305 may be prompted to undergo additional authentication processes based on the likelihood that the authentication request is fraudulent as indicated by the risk score. [0015], The communication to the person 105 on their mobile device 120 may direct the person to perform a verification action such as providing a personal identification number (PIN) or a biometric identification (e.g., fingerprint, facial recognition, iris scan); Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh's Authentication for third party digital wallet provisioning by enhancing McHugh’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Bloom in order to enhance the reliability and security of authentication processes in digital wallet provisioning systems. The motivation is to ensure that authentication decisions are based on verified user identity information to reduce fraudulent access and improve authentication accuracy. McHugh in view of Bloom in further view of Kukreja do not disclose: wherein the web-based interface enables temporary access to a resource associated with a user profile when access to a physical card associated with the user profile is unavailable establishing a temporary session for the user device wherein the temporary session restricts access to one or more features associated with user profile and enables execution of one or more actions associated with the resource Kukreja discloses: wherein the web-based interface enables temporary access to a resource associated with a user profile when access to a physical card associated with the user profile is unavailable (Kukreja, [0030], the applications 120 include a Web browser (not shown) operable to request access to a resource, [0008], receiving, by an access management system (AMS or AM system), an access token request from a client application, the access token request identifying a user and a resource to be accessed. The method further includes determining, by the AMS, that the user is authorized to access the resource; and generating, by the AMS, a first access token… presentable in an access request for obtaining access to the resource; [0038], access token expiration time 240. The access token 200 can be a token created for a particular user (identified by user ID 210) and for a particular session (identified by session ID 220). [0040], access token expiration time 240 may indicate a particular time at which the access token 200 is no longer valid, [0038], access token 200 may include a user ID 210, a session ID 220)); establishing a temporary session for the user device wherein the temporary session restricts access to one or more features associated with user profile and enables execution of one or more actions associated with the resource (Kukreja, [0025], access requests may be sent during a session… the user may request resources without having to re-authenticate. In some embodiments, a session can be an SSO session. [0038], a user ID 210, a session ID 220, rule information 230, and an access token expiration time. [0005], constraints, each constraint corresponding to a condition for granting or denying access. [0039], Rule information 230 may include one or more constraints 232 and a rule expiration time 234… [0038], access token 200 to be presented for accessing some, but not all of the resources. [0008], token is presentable in an access request for obtaining access to the resource. [0025], access requests may be sent during a session) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh in view of Bloom in further view of Kukreja’s Authentication for third party digital wallet provisioning by enhancing McHugh in view of Bloom in further view of Kukreja’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Kukreja in order to ensure secure, controlled and temporary access to resources by restricting access to only those features permitted during a session. The motivation is to ensure that authenticated users can perform authorized operations on protected resources in a secure and controlled manner during a valid session. Regarding Claim 16: The non-transitory computer-readable medium of claim 15, McHugh in view of Bloom in further view of Kukreja disclose wherein the one or more user profile correspond to accounts associated with the current user of the user device (Bloom, [0038], an operation 404 to transmit a prompt to a user device associated with the user for authentication of the user and authentication of the request. [0039], The prompt may include a QR code. The prompt may include directions for the user to authenticate at an ATM. The prompt may direct the user to sign in with a username and password through the proprietary application. The prompt may direct the user to provide biometric information such as a fingerprint, iris scan, or facial recognition image. ). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh's Authentication for third party digital wallet provisioning by enhancing McHugh’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Bloom in order to enhance the efficiency and reliability of user authentication interactions in digital wallet provisioning systems. The motivation is to ensure that the system can dynamically request and receive authentication information from the user device to properly authenticate the user. Regarding Claim 17: The non-transitory computer-readable medium of claim 15, McHugh in view of Bloom in further view of Kukreja disclose wherein the one or more actions are determined based on the authentication process (Bloom, [0045], Based on the type of verified authentications and any risk calculations may alter the type or amount of secure data that is released. For example, when the person verifies their location through an application on their mobile device, the data holding entity may release general background information about the person… if the service provider is a doctor in a known network of medical providers. If the service provider is not known, such as a new credit union, then the data holding entity may request additional authentication of the service provider). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh's Authentication for third party digital wallet provisioning by enhancing McHugh’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Bloom in order to enhance the security and adaptability of system operations based on authentication outcomes. The motivation is to ensure that the system actions are conditionally executed based on authentication results to prevent unauthorized access and improve system security. Regarding Claim 18: The non-transitory computer-readable medium of claim 15, McHugh in view of Bloom in further view of Kukreja disclose wherein the at least one action pushes a token into a secure environment of the user device, the token enabling access to a resource associated with a user profile of the user profile (McHugh, [0064], the user may be provided an option to perform card verification via a banking application 406. then the banking application option is selected, the banking application 406 may be opened, where the user can perform identity verification 408, for example via one-tap contactless card authentication, as will be further described below. When the identity of the user has been verified, the third-party wallet application. [0079], the user may be prompted to accept one or more terms and/or conditions related to adding or linking the one or more financial instruments to the third-party wallet. The user may select or press the “accept and add” icon, as shown, to proceed with adding or linking the financial instrument ) . Regarding Claim 20: The non-transitory computer-readable medium of claim 15, McHugh in view of Bloom in further view of Kukreja disclose: wherein the operations further include: identifying, using the personal identifiable information, the user profile associated with the current user of the user device, wherein selecting an authentication process is further based on the user profile (Bloom, [0026], the authentication process, the person 305 is prompted to provide authentication information such as, for example, a username, a password, identification number (e.g., social security number, driver's license number, account number, etc.), and other personally identifying information (PII). The person 305 may provide the data via a connection to the adaptive authentication interface system 315. Similarly, the service provider 306 may be prompted for identifying information to confirm identity. [0028], a user profile for the user from the user profile data 360). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh's Authentication for third party digital wallet provisioning by enhancing McHugh’s systems for executing authentication using personal identifiable information associated with a user to ensure accurate verification of user identity based on user-specific identifying data as taught by Bloom in order to enhance the security of authentication processes and protect against unauthorized access to user associated resources. The motivation is to ensure the authentication mechanisms incorporate user identity data and contextual evaluation to prevent unauthorized access, reduce fraud, and safeguard user profiles and associated resources. Regarding Claim 21: The method of claim 1, wherein establishing the temporary session includes: generating a single-use token usable to access a resource associated with the user profile(Kukreja, [0008], generating, by the AMS, a first access token…generating, by the AMS, a first access token in response to the determining that the user is authorized to access the resource…The first access token is presentable in an access request for obtaining access to the resource. [0038], access token 200 may include a user ID 210, a session ID 220). Regarding Claim 22: The system of claim 8, wherein establishing the temporary session includes: generating a single-use token usable to access a resource associated with the user profile(Kukreja, [0008], generating, by the AMS, a first access token…generating, by the AMS, a first access token in response to the determining that the user is authorized to access the resource…The first access token is presentable in an access request for obtaining access to the resource. [0038], access token 200 may include a user ID 210, a session ID 220).. Regarding Claim 23: The non-transitory computer-readable medium of claim 15, wherein establishing the temporary session includes: generating a single-use token usable to access a resource associated with the user profile(Kukreja, [0008], generating, by the AMS, a first access token…generating, by the AMS, a first access token in response to the determining that the user is authorized to access the resource…The first access token is presentable in an access request for obtaining access to the resource. [0038], access token 200 may include a user ID 210, a session ID 220).. Claims 5, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over McHugh(US Publication No. 2021/0192519 A1) in view of Bloom(US Publication No. 2021/0344659 A1) in further view of Kukreja (US Publication No. 2020/0127994 A1) and in further view of Ross (US Publication No. 2012/0265681 A1) Regarding Claim 5: McHugh in view of Bloom in further view of Kukreja in further view of Kukreja disclose: The method of claim 1… McHugh in view of Bloom in further view of Kukreja in further view of Kukreja do not disclose: wherein the at least one action includes a request to increase a resource associated with a user profile of the user profile Ross discloses: wherein the at least one action includes a request to increase a resource associated with a user profile of the user profile(Ross, [0006], (a) prompting the holder to consent to a credit limit increase; and (b) receiving the holder's consent to the credit limit increase. [0010], receiving an authorization request associated with a transaction, where the transaction involves a holder of a credit account and the credit account, and where the credit account has a credit limit; [0043], the apparatus having the process flow 140 can be configured to increase the credit limit by any amount.). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh in view of Bloom in further view of Kukreja in further view of Kukreja’s Authentication for third party digital wallet provisioning by enhancing McHugh in view of Bloom in further view of Kukreja’s systems for transmitting a prompt to a user device requesting authentication information during an authentication process to ensure that required authentication inputs are obtained from the user device to complete identity verification as taught by Ross in order to enhance the efficiency and reliability of user authentication interactions in digital wallet provisioning systems. The motivation is to ensure that the system can dynamically request and receive authentication information from the user device to properly authenticate the user. Regarding Claim 12: McHugh in view of Bloom in further view of Kukreja in further view of Kukreja disclose: The system of claim 8… McHugh in view of Bloom in further view of Kukreja in further view of Kukreja do not disclose: wherein the at least one action includes a request to increase a resource associated with a user profile of the user profile Ross discloses: wherein the at least one action includes a request to increase a resource associated with a user profile of the user profile (Ross, [0006], (a) prompting the holder to consent to a credit limit increase; and (b) receiving the holder's consent to the credit limit increase. [0010], receiving an authorization request associated with a transaction, where the transaction involves a holder of a credit account and the credit account, and where the credit account has a credit limit; [0043], the apparatus having the process flow 140 can be configured to increase the credit limit by any amount.). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh in view of Bloom in further view of Kukreja in further view of Kukreja’s Authentication for third party digital wallet provisioning by enhancing McHugh in view of Bloom in further view of Kukreja in further view of Kukreja’s systems for transmitting a prompt to a user device requesting authentication information during an authentication process to ensure that required authentication inputs are obtained from the user device to complete identity verification as taught by Ross in order to enhance the efficiency and reliability of user authentication interactions in digital wallet provisioning systems. The motivation is to ensure that the system can dynamically request and receive authentication information from the user device to properly authenticate the user. Regarding Claim 19: McHugh in view of Bloom in further view of Kukreja in further view of Kukreja disclose: The non-transitory computer-readable medium of claim 15, McHugh in view of Bloom in further view of Kukreja in further view of Kukreja do not disclose: wherein the at least one action includes a request to increase a resource associated with a user profile of the user profile Ross discloses: wherein the at least one action includes a request to increase a resource associated with a user profile of the user profile (Ross, [0006], (a) prompting the holder to consent to a credit limit increase; and (b) receiving the holder's consent to the credit limit increase. [0010], receiving an authorization request associated with a transaction, where the transaction involves a holder of a credit account and the credit account, and where the credit account has a credit limit; [0043], the apparatus having the process flow 140 can be configured to increase the credit limit by any amount.). Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify McHugh in view of Bloom in further view of Kukreja in further view of Kukreja’s Authentication for third party digital wallet provisioning by enhancing McHugh in view of Bloom in further view of Kukreja in further view of Kukreja’s systems for transmitting a prompt to a user device requesting authentication information during an authentication process to ensure that required authentication inputs are obtained from the user device to complete identity verification as taught by Ross in order to enhance the efficiency and reliability of user authentication interactions in digital wallet provisioning systems. The motivation is to ensure that the system can dynamically request and receive authentication information from the user device to properly authenticate the user. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939. The examiner can normally be reached on M-F, 8 AM TO 5 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MAYASA SHAAWAT/ Examiner, Art Unit 2433 /JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433
Read full office action

Prosecution Timeline

Dec 28, 2024
Application Filed
Apr 08, 2026
Non-Final Rejection mailed — §103
Jun 02, 2026
Interview Requested
Jun 16, 2026
Response Filed
Jun 17, 2026
Examiner Interview Summary
Jul 07, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12665771
OUT-OF-BAND (OOB) PACKET AUTHENTICATION IN HETEROGENEOUS COMPUTING PLATFORMS
2y 10m to grant Granted Jun 23, 2026
Patent 12659292
RESOLVING AND MANAGING BLOCKCHAIN DOMAINS
2y 2m to grant Granted Jun 16, 2026
Patent 12647277
DATA DIODE FOR ENHANCING DATA SECURITY
3y 0m to grant Granted Jun 02, 2026
Patent 12647283
SYSTEM AND METHOD FOR TRUSTED MEDIA ORIGINATION
2y 4m to grant Granted Jun 02, 2026
Patent 12640937
DEVICE GENUINENESS CERTIFICATE DEPRECATION WITHOUT CERTIFICATE REVOCATION
2y 4m to grant Granted May 26, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
87%
Grant Probability
99%
With Interview (+21.9%)
2y 7m (~1y 0m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 174 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month