Prosecution Insights
Last updated: July 17, 2026
Application No. 19/082,671

COMPREHENSIVE STORAGE APPLICATION PROVISIONING USING A PROVISIONING SOFTWARE DEVELOPMENT KIT (SDK)

Non-Final OA §101§103
Filed
Mar 18, 2025
Priority
Dec 30, 2020 — provisional 63/131,954 +2 more
Examiner
SIDDIQI, MOHAMMAD A
Art Unit
Tech Center
Assignee
Visa International Service Association
OA Round
1 (Non-Final)
85%
Grant Probability
Favorable
1-2
OA Rounds
1y 7m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 85% — above average
85%
Career Allowance Rate
654 granted / 768 resolved
+25.2% vs TC avg
Strong +16% interview lift
Without
With
+15.6%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
15 currently pending
Career history
785
Total Applications
across all art units

Statute-Specific Performance

§101
2.7%
-37.3% vs TC avg
§103
80.5%
+40.5% vs TC avg
§102
10.6%
-29.4% vs TC avg
§112
0.4%
-39.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 768 resolved cases

Office Action

§101 §103
DETAILED ACTION Claims 1-20 are presented for examination. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The Information Disclosure Statement(s) submitted by applicant on 01/05/2026, 06/04/2025, and 03/18/2025 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title Claim 10 is rejected under 35 U.S.C. 101 because the broadest reasonable interpretation of a claim drawn to a computer readable medium (also called machine readable medium and other such variations) typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent. See MPEP 2111.01 When the broadest reasonable interpretation of a claim covers a signal perse, the claim must be rejected under U.S.C. 101 as covering non- statutory subject matter. See n re Nuijten, 500 F.3d 1346, 1356-56 (Fed Cir. 2007)(transitory embodiments are not directed to statutory subject matter) The USPTO suggests the following approach to overcome this 101 rejection. A claim drawn to such a computer readable medium that covers both transitory and non- transitory may be amended to marrow the claim to cover only statutory embodiments to avoid a rejection under 35 U.S.C. 101 by adding the limitation "non-transitory" to the claim. Likewise, claims 11-14 are dependent claims that depend on claim 1, fails to resolve the above problems, therefore, claims 11-14 are also rejected under 35 U.S.C. 101. Any amendment to the claim should be commensurate with its corresponding disclosure. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. Claims 15-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of US Patent No. 12,289,411. Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is substantially similar in nature and anticipated by US Patent No. 12,289,411. See the table below: Instant Application US Patent No. 12,289,411. 15. A processing computer comprising: a processor; and a computer readable medium comprising code, executable by the processor, to perform operations comprising: receiving, from a provisioning software development kit (SDK), an encrypted credential and a storage application identifier, wherein the processing computer decrypts the encrypted credential using a first application cryptographic key to obtain the credential, identifies a second application cryptographic key using the storage application identifier, and encrypts the credential with the second application cryptographic key, wherein the second application cryptographic key is one of a second application key pair; and transmitting, to the provisioning SDK, the credential encrypted by the second application cryptographic key, wherein the provisioning SDK provides the credential encrypted with the second application cryptographic key to a second application, and the second application provides the credential encrypted with the second application cryptographic key to a storage application server, wherein the storage application server decrypts the credential encrypted with another second application cryptographic key of the second application key pair, and then (i) stores the credential or a token associated with the credential and/or (ii) transmits the credential or the token associated with the credential to the second application. 16. The processing computer of claim 15, wherein the first application cryptographic key is a symmetric key. 17. The processing computer of claim 15, wherein the first application cryptographic key is stored at the processing computer and a corresponding first application cryptographic key is stored an authorizing entity computer that issued the credential. 18. The processing computer of claim 15, wherein the processing computer comprises a token processing module. 19. The processing computer of claim 15, wherein the second application cryptographic key is a symmetric key, the second application cryptographic key being different from the first application cryptographic key. 20. The processing computer of claim 15, wherein the encrypted credential is an encrypted account number. 1.A method performed by a mobile device comprising a processor, and memory coupled to the processor, the memory storing a provisioning software development kit (SDK), a first application, and a second application, the method comprising: receiving, by the provisioning SDK from the first application on the mobile device an encrypted credential and a storage application identifier; transmitting, by the provisioning SDK, the encrypted credential and the storage application identifier to a processing computer, wherein the processing computer decrypts the encrypted credential using a first application cryptographic key to obtain the credential, identifies a second application cryptographic key using the storage application identifier, and encrypts the credential with the second application cryptographic key, wherein the second application cryptographic key is one of a second application key pair; receiving, by the provisioning SDK, the credential encrypted by the second application cryptographic key; providing, by the provisioning SDK, the credential encrypted with the second application cryptographic key to the second application; and providing, by the second application to a storage application server, the credential encrypted with the second application cryptographic key, wherein the storage application server decrypts the credential encrypted with another second application cryptographic key of the second application key pair, and then (i) stores the credential or a token associated with the credential and/or transmits the credential or the token associated with the credential to the second application. 2. The method of claim 1, wherein the first application is an authorizing entity application and the second application is a storage application. 3. The method of claim 1, wherein the second application comprises a storage application and a storage application SDK. 4. The method of claim 1, wherein the second application comprises a storage application SDK. 5. The method of claim 1, further comprising: receiving, by the second application on the mobile device, the credential or the token from the storage application server; and storing the credential or the token on the mobile device in association with the second application. 6. The method of claim 5, wherein the token is received from the storage application server and is stored on the mobile device. 7. The method of claim 5, wherein the token is a reference identifier for a substitute for the credential, or is the substitute for the credential. 8. The method of claim 5, further comprising: providing, by the mobile device, the token or the credential to an access device to obtain access to a location. 9. The method of claim 1, wherein the storage application server transmits the credential to the processing computer, and receives the token in exchange for the credential. 10. The method of claim 1, wherein the second application comprises a storage application and a storage application SDK, and wherein the mobile device comprises a plurality of different storage application SDKs and associated storage applications, and wherein prior to receiving the encrypted credential and the storage application identifier, receiving by the provisioning SDK from the first application, a request to identify supported storage applications, the request comprising the encrypted credential; decrypting the encrypted credential using another first application cryptographic key; verifying, by the provisioning SDK with the plurality of different storage application SDKs if the credential is compatible with each of the plurality of different storage application SDKs; and providing by the provisioning SDK a list of supported storage applications to the first application. 11. The method of claim 10, wherein the first application is an authorizing entity application. 12. The method of claim 1, further comprising: receiving, by the second application on the mobile device, the token from the storage application server; and storing the credential or the token on the mobile device in association with the second application. 13. The method of claim 12, further comprising: providing, by the second application to the provisioning SDK, the token; and providing, by the provisioning SDK to the processing computer, the token, wherein the processing computer stores the token along with the credential. 14. The method of claim 1, wherein the first application cryptographic key is a symmetric key and the second application cryptographic key is also a symmetric key. This is a nonstatutory double patenting rejection. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-14 are rejected under 35 U.S.C. 103 as being unpatentable over Osborn et al. (U.S. Patent Application Publication No. 20210201324 ) (hereinafter Osborn) in view of Desai et al. (U.S. Patent Application Publication No. 20190197537) (hereinafter Desai). As per claim 1, Osborn discloses a method comprising: receiving, by an authorizing entity computer from an authorizing entity application on a mobile device, a request for encrypted user device details, the request including a user device identifier for a selected user device and a signed nonce, which is a nonce signed by a processing computer (para 41, The contactless card 101 may then transmit the encrypted data (e.g., the encrypted customer ID 109) to the account application 113 of the mobile device 110 (e.g., via an NFC connection, Bluetooth connection, etc.). The account application 113 of the mobile device 110 may then transmit the encrypted data to the server 120 via the network 130; para 43, a random nonce, generated); verifying, by the authorizing entity computer, the signed nonce (para 45, authorization response cryptogram (ARPC). Generally, upon receipt of the message indicating the user is verified and/or authenticated based on verification); retrieving, by the authorizing entity computer, user device information associated with the user device identifier (para 42, allows the management application 123 to verify the data transmitted by the contactless card 101 via the mobile device); encrypting, by the authorizing entity computer, the user device information (para 41, contactless card encrypts data and encrypted customer id); and transmitting, by the authorizing entity computer to the authorizing entity application on the mobile device, the encrypted user device information (para 41, transmit the encrypted data to the server 120 via the network). Osborn does not explicitly disclose signed nonce. However, Desai discloses signed nonce (para 45, he SDK works to exchange the authentication code for a device token. Accordingly, in step 322, the SDK submits a requests for the secure element to generate a signature for a verifier (i.e., a nonce and a timestamp). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of identification and verification for provisioning mobile applications taught in Osborn and Desai to include a means to utilize a signed nonce for transaction/processing. One of ordinary skill in the art would have been motivated to perform such a modification because the use of personal devices (i.e. mobile phones) to make online purchases has increasingly more common there is a need to improve the user experience. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims. As per claim 2, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Osborn discloses wherein after transmitting, the authorizing entity application on the mobile device transmits the encrypted user device information to the processing computer, which decrypts the encrypted user device information and provides the decrypted user device information to a provisioning Accordingly, in step 322, the SDK submits a requests for the secure element to generate a signature for a verifier). As per claim 3, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Osborn discloses wherein the decrypted user device information is used by the provisioning on the mobile device (para 41-42, comparing the decrypted customer ID , account-linked identifier data). Desai discloses SDK to provide a token to a storage application SDK on the mobile device (software development kit) (software development kit) (para 45, the SDK works to exchange the authentication code for a device token. Accordingly, in step 322, the SDK submits a requests for the secure element to generate a signature for a verifier). As per claim 4, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Osborn discloses comprising: signing, by the authorizing entity computer, the encrypted user device information, wherein the encrypted user device information is signed encrypted user device information (para 41, mac generation over encrypted data, MAC cryptogram). As per claim 5, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Osborn discloses wherein the user device information is encrypted using a secret that is shared between the authorizing entity computer and the processing computer (para 41-44, shared cryptographic keys, encryption uses secret shared between authorizing entity computer and processing computer). As per claim 6, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Osborn discloses wherein the mobile device is a mobile phone (fig 2, para 41). As per claim 7, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Desai discloses wherein the user device information comprises a primary account number and a verification value (para 41-42, verify the data transmitted by the contactless card 101 via the mobile device 110, e.g., by comparing the decrypted customer ID 107 to a customer ID in the account data 124a for the account. And counter value). As per claim 8, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Desai discloses wherein the signed nonce is verified with a public key of a public-private key pair, and a private key of the public-private key pair was used by the processing computer to sign the nonce (para 45, “ the SDK submits a requests for the secure element to generate a signature for a verifier (i.e., a nonce and a timestamp). The signature is returned from the secure element to the SDK in step 324. In step 326, the SDK sends the authentication code, the signature and the verifier to the third-party payment service server for validation. The third-party payment service server performs the validation in step 328 using the public key that was passed to the server during the consent step. Furthermore, the third-party payment service server associates a device token with the public key and the user account” ). As per claim 9, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Desai discloses wherein the user device identifier corresponds to a user device that was selected by a user of the mobile device. As per claim 10, claim is rejected for the same reasons and motivations as claim 1, above. As per claim 11, claim is rejected for the same reasons and motivations as claim 4, above. As per claim 12, claim is rejected for the same reasons and motivations as claim 5, above. As per claim 13, claim is rejected for the same reasons and motivations as claim 7, above. As per claim 14, claim is rejected for the same reasons and motivations as claim 8, above. Conclusion Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976. The examiner can normally be reached Monday-Friday. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493
Read full office action

Prosecution Timeline

Mar 18, 2025
Application Filed
Jun 17, 2026
Non-Final Rejection mailed — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12684065
TELEPHONE SERVICE DELAY AND CONNECTION SYSTEM
1y 11m to grant Granted Jul 14, 2026
Patent 12671578
TECHNIQUES FOR ON-DEMAND SECRET KEY REQUESTING AND SHARING
2y 4m to grant Granted Jun 30, 2026
Patent 12671594
SYSTEMS, METHODS, AND APPARATUSES FOR NETWORK MANAGEMENT
1y 11m to grant Granted Jun 30, 2026
Patent 12664309
OBFUSCATION OF CONTENT BASED UPON CONTEXT OF AND PATTERN OF DATA WITHIN THE CONTENT
2y 8m to grant Granted Jun 23, 2026
Patent 12665741
PROTECTION OF SECRET DATA USING UNPROTECTED DATA PATH
2y 1m to grant Granted Jun 23, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
85%
Grant Probability
99%
With Interview (+15.6%)
2y 11m (~1y 7m remaining)
Median Time to Grant
Low
PTA Risk
Based on 768 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month