Prosecution Insights
Last updated: July 17, 2026
Application No. 19/062,498

DEVICE AND METHOD FOR VIRTUAL AUTHENTICATION CODE-BASED PROCESS AUTHORIZATION

Non-Final OA §103
Filed
Feb 25, 2025
Priority
Feb 24, 2020 — RE 10-2020-0022023 +3 more
Examiner
CHOUDHURY, RAQIUL A
Art Unit
Tech Center
Assignee
Ssenstone Inc.
OA Round
1 (Non-Final)
87%
Grant Probability
Favorable
1-2
OA Rounds
9m
Est. Remaining
93%
With Interview

Examiner Intelligence

Grants 87% — above average
87%
Career Allowance Rate
220 granted / 253 resolved
+27.0% vs TC avg
Moderate +6% lift
Without
With
+6.2%
Interview Lift
resolved cases with interview
Fast prosecutor
2y 1m
Avg Prosecution
20 currently pending
Career history
275
Total Applications
across all art units

Statute-Specific Performance

§101
4.3%
-35.7% vs TC avg
§103
80.3%
+40.3% vs TC avg
§102
2.1%
-37.9% vs TC avg
§112
10.2%
-29.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 253 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references. Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981). Claims 1-5 are rejected under 35 U.S.C. 103 as being unpatentable over Yoo (“Yoo”, US 20190050849, included in IDS filed 2/25/2025) in view of Kudelski et al (“Kudelski”, US 20140373131). Regarding Claim 1, Yoo teaches a method of approving a procedure based on a virtual authorization code, performed by a server, the method comprising: receiving, by the server, a virtual authentication code to request user authentication (par 9; par 88); and extracting, by the server, user identification information by performing the user authentication based on at least one detailed code included in the virtual authentication code (par 9; par 88; Fig. 7, elements {S1000, S1200} par 120); wherein the virtual authentication code is generated by a virtual authentication code generation function in the user terminal without communication with the server, and is generated by changing with each unit count as a specific time interval elapses (par 9; par 68-72; par 83; par 88; Fig. 7, elements {S400, S1000, S1200} par 120; Fig. 4A-4C, par 104-105; The virtual card number is generated on the device without communication with the server.), wherein the user identification information is transmitted to the server or a device that requested the user authentication to the server and is used to verify the authority for performing a specific procedure of the user (par 9; Fig. 7, elements {S400, S1000, S1200} par 120). Yoo does not explicitly teach wherein the procedure includes at least one of a plurality of procedure types of a plurality of services. Kudelski teaches wherein the procedure includes at least one of a plurality of procedure types of a plurality of services (par 15). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Yoo with the authentication of Kudelski because it provides for more customized authentication tailored to a specific service or user (Kudelski; par 7-8; par 15-18), thereby improving privacy and security. Regarding Claim 2, Yoo and Kudelski teach the method of claim 1. Yoo further teaches wherein the virtual authentication code is generated by combining a first code with a second code included in a plurality of detailed codes according to a specific rule (par 22-23; par 112-113; par 115; par 141; par 143), wherein the first code and the second code have a correlation (par 112-113; par 115; par 141; par 143), and wherein the first code determines a search start point with respect to the storage location in the server and the second code determines a search path with respect to the storage location from the search start point (par 22-23; par 112-113; par 115; par 141; par 143). Regarding Claim 3, Yoo and Kudelski teach the method of claim 2. Yoo further teaches wherein validity time data of the virtual authentication code is set through the user terminal (par 68-72), wherein a third code included in the plurality of detailed codes is further generated based on the validity time data (par 68-72), and wherein the virtual authentication code is generated by combining the first code, the second code, and the third code according to a specific rule (par 68-72). Regarding Claim 4, Yoo and Kudelski teach the method of claim 2. Yoo further teaches wherein the virtual authentication code includes a virtual security code that is generated based on time data regarding a time when the virtual authentication code is generated or time data regarding a time when the procedure approval is requested by the user terminal (par 81-85; par 164-172), and wherein the server further verifies the virtual authentication code based on the virtual security code (par 81-85; par 164-172; par 11). Regarding Claim 5, Yoo and Kudelski teach the method of claim 1. Yoo further teaches wherein the virtual authentication code is generated based on one of card data provided to the user terminal and biometric data provided to the user terminal (par 68-72). Allowable Subject Matter Claims 6 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The following is a statement of reasons for the indication of allowable subject matter: In interpreting the currently amended claims, in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record. Regarding Claim 6, the closest prior art of record Yoo (US 20190050849, included in IDS filed 2/25/2025) in view of Hsu et al (US 20080115198, included in IDS filed 2/25/2025) in further view of Murthy et al (US 20180097789, included in IDS filed 2/25/2025) and in even further view of Steiner et al (US 20150095968, included in IDS filed 2/25/2025) does not teach a method of approving a procedure based on a virtual authorization code, performed by a server, the method comprising: receiving, by the server, a virtual authentication code to request user authentication; and extracting, by the server, user identification information by performing the user authentication based on at least one detailed code included in the virtual authentication code; and wherein the virtual authentication code is generated by a virtual authentication code generation function in the user terminal without communication with the server, and is generated by changing with each unit count as a specific time interval elapses, wherein the user identification information is transmitted to the server or a device that requested the user authentication to the server and is used to verify the authority for performing a specific procedure of the user, and wherein the procedure includes at least one of a plurality of procedure types of a plurality of services; wherein the virtual authentication code according to a first type procedure from among the plurality of procedure types includes a first virtual authentication code and a second virtual authorization code, wherein the first virtual authentication code is generated by a first virtual authentication code generating function in a first user terminal based on first user information, wherein the second virtual authentication code is generated by a second virtual authentication code generating function in a second user terminal based on second user information, wherein the receiving of the virtual authentication code comprises receiving a request for approval of the first type procedure by receiving the first virtual authentication code and the second virtual authorization code, and wherein the authority for performing the specific procedure is performed only when user identification codes of the first virtual authentication code and the second virtual authentication code are the same as each other. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Hsu et al (US 20080115198), Abstract - A system that uses multi-factor authentication while retrieving information is described. During operation, the system requests and receives multiple authentication factors from a user of an application on a first host. These multiple authentication factors are associated with a document on a second host, and include authentication information that enables access to the document. Furthermore, the system uses the multiple authentication factors to access the document. While accessing the document, the system retrieves information from the document by navigating through the document, identifying the information, and aggregating the information. Murthy et al (US 20180097789), Abstract - Techniques for time-based network authentication challenges are disclosed. In some embodiments, a system, process, and/or computer program product for time-based network authentication challenges includes monitoring a session at a firewall to identify a user associated with the session, generating a timestamp for an authentication factor associated with the user after the user successfully authenticates for access to a resource based on an authentication profile, intercepting another request from the user for access to the resource at the firewall, and determining whether the timestamp for the authentication factor is expired based on the authentication profile. Steiner et al (US 20150095968), Abstract - Systems and methods described herein relate to role-based authorization systems which allow customization of role templates as well as the ability, using roles, for one user to act on behalf of another user. Dvir (US 20070056022), Abstract - A method, system and computer-readable code for providing authentication services. In some embodiments, an attempt is made to match an IP address associated with a service and/or authentication request and user details of the request with an ISP account. In exemplary embodiments, if there is an indication that the IP address was issued by an ISP to a user matching the user details, the user is authenticated. In exemplary embodiments, a database of allowable dynamic and/or static IPs is maintained, and users are authenticated in accordance with contents of the maintained database. Systems, methods and computer-readable code for maintaining a database of allowable IPs are disclosed herein. Ramesh Kumar et al (US 20190386981), Abstract - Techniques are described for enrolling an authentication device for generating time-based one-time passwords (TOTPs) for use with multi-factor authentication (MFA). A user is prompted to initiate an enrollment procedure after successful authentication based on a first authentication factor in connection with a request for a resource protected by an access management (AM) system. The authentication device contacts the AM system to establish that the authentication device is a trusted device (e.g., through validation of an authentication token contained in a Quick Response (QR) code generated by the AM system). After the authentication device has been established as a trusted device, the AM system sends a shared secret to the authentication device, which uses the shared secret to complete enrollment (e.g., by generating a TOTP for verification by the AM system). A session is then created for the user to enable access to the protected resource. Zimman et al (US 20080278325), Abstract - A radio frequency transponder, or a device that comprises a radio frequency transponder, wherein the radio frequency transponder is operative in invoking self-programming of data stored in the radio frequency transponder. In some implementations the radio frequency transponder selectively enables the transmission of a unique identifier by selectively programming the unique identifier stored in the radio frequency transponder. In various implementations, the radio frequency transponder programs data stored in the transponder by generating a signal that is reactively coupled to the antenna of the radio frequency transponder. Luo et al (US 9043890), Abstract - An authentication system including a first server configured to store identifiers of respective users in association with respective pseudonyms, and a second server configured to store templates of the respective users in association with the respective pseudonyms. Input is received from a given user in conjunction with an authentication attempt. The first server is configured to determine if a first portion of the received input is associated with one of the user identifiers stored in the first server. If the first portion of the received input is associated with one of the user identifiers stored in the first server, the corresponding pseudonym is provided from the first server to the second server. The given user is authenticated based on a determination as to whether or not a second portion of the received input matches one of the stored user templates corresponding to the pseudonym provided to the second server. Juels et al (US 9270655), Abstract - Configurable one-time authentication tokens are provided with improved resilience to attacks. A one-time authentication token is configured by providing a plurality of token features that may be selectively incorporated into the configurable one-time authentication token, wherein the plurality of token features comprise at least two of the features; obtaining a selection of at least a plurality of the token features: and configuring the one-time authentication token based on the selected token features, wherein the configuration must always enable forward security for the one-time authentication token and at least one additional selected token feature. A configurable one-time authentication token is provided that comprises a plurality of selectable token features that may be selectively incorporated into the configurable one-time authentication token, wherein the configurable one-time authentication token is always configured with the forward security and at least one additional token feature. Any inquiry concerning this communication or earlier communications from the examiner should be directed to RAQIUL AMIN CHOUDHURY whose telephone number is (571)272-2482. The examiner can normally be reached Monday-Friday 7:30 AM - 5:30 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached at 571-272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /RAQIUL A CHOUDHURY/Examiner, Art Unit 2444
Read full office action

Prosecution Timeline

Feb 25, 2025
Application Filed
Jun 11, 2026
Non-Final Rejection mailed — §103
Jun 26, 2026
Interview Requested
Jul 02, 2026
Applicant Interview (Telephonic)
Jul 02, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12675575
METHOD AND APPARATUS FOR AUTOMATICALLY VALIDATING APPLICATION TRANSPORT ROLLOUTS
2y 5m to grant Granted Jul 07, 2026
Patent 12676798
METHOD FOR MANAGING PERFORMANCE IN A DISTRIBUTED SYSTEM WITH A BROKER-BASED PUBLISH-SUBSCRIBE ARCHITECTURE
1y 10m to grant Granted Jul 07, 2026
Patent 12664039
TRANSFERRING AUDIT LOGS FROM A CLUSTER SYSTEM TO AN AUDIT LOG MANAGEMENT SYSTEM
2y 4m to grant Granted Jun 23, 2026
Patent 12647337
PERFORMANCE MEASUREMENT ANALYTICS PLATFORM BASED ON TOPOLOGY STABILITY
2y 8m to grant Granted Jun 02, 2026
Patent 12647405
SECURITY APPARATUS, MANAGEMENT APPARATUS, COMMUNICATION SYSTEM, AND SECURITY MANAGEMENT METHOD
1y 11m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
87%
Grant Probability
93%
With Interview (+6.2%)
2y 1m (~9m remaining)
Median Time to Grant
Low
PTA Risk
Based on 253 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month