Prosecution Insights
Last updated: July 17, 2026
Application No. 19/284,923

DYNAMIC MULTILAYER SECURITY FOR INTERNET MOBILE-RELATED TRANSACTIONS

Non-Final OA §101§DP
Filed
Jul 30, 2025
Priority
Nov 20, 2015 — continuation of 12/400,209
Examiner
REAGAN, JAMES A
Art Unit
3697
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Afirma Consulting & Technologies S L
OA Round
1 (Non-Final)
71%
Grant Probability
Favorable
1-2
OA Rounds
2y 9m
Est. Remaining
91%
With Interview

Examiner Intelligence

Grants 71% — above average
71%
Career Allowance Rate
624 granted / 877 resolved
+19.2% vs TC avg
Strong +20% interview lift
Without
With
+20.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 9m
Avg Prosecution
30 currently pending
Career history
912
Total Applications
across all art units

Statute-Specific Performance

§101
6.5%
-33.5% vs TC avg
§103
78.8%
+38.8% vs TC avg
§102
5.4%
-34.6% vs TC avg
§112
1.7%
-38.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 877 resolved cases

Office Action

§101 §DP
DETAILED ACTION Acknowledgments The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This action is in reply to the application filed on 07/30/2025, and the subsequent preliminary amendment filed on 10/08/2025. Claims 11-18 have been added. Claims 1-18 are currently pending and have been examined. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-patent eligible subject matter because the claim(s) as a whole, considering all claim elements both individually and in combination, do not amount to significantly more than an abstract idea. Step 1: The claims recite a process, system, apparatus, article of manufacture, and/or a nontransitory storage medium with instructions, each of which are proper statutory categories. Step 2A (prong 1): Claim 1 (representative of claim 11): The claim limitations are grouped as shown immediately following: A method associated with one or more providers of authentication services for internet transactions in connection with use of a mobile device having an active generator that generates at transaction time dynamic authentication credentials calculated by the mobile device upon a different input data, and a transaction terminal that transmits at least part of the dynamic authentication credentials, the method comprising: (Certain Methods Of Organizing Human Activity - business relations or managing personal behavior or relationships or interactions between people including following rules or instructions) electronically storing in one or more server memories data capable of linking the mobile device to one or more authentication services for internet transactions, the data including authentication parameters associated to server dynamic authentication rules of dynamic credentials and one or more identifiers related to a user and the one or more authentication services, the server dynamic authentication rules indicating for each related dynamic authentication credential whether success in its authentication is mandatory or optional to obtain a successful result of an authentication of a mobile-related internet transaction, (Certain Methods Of Organizing Human Activity - business relations or managing personal behavior or relationships or interactions between people including following rules or instructions) sending to the mobile device personalization data for the mobile device to generate dynamic authentication credentials, the personalization data associated to the server stored authentication parameters associated to the dynamic authentication rules of dynamic authentication credentials, receiving from the transaction terminal a first dynamic authentication credential generated by the mobile device at the time of a first transaction using the personalization data and as input data a user's Personal Identification Number (PIN), one or more additional dynamic authentication credentials, each one calculated by the mobile device at the time of the first transaction upon the personalization data and a different input data, and at least one identifier related to the user and to the authentication service the dynamic authentication credentials refers to, (Certain Methods Of Organizing Human Activity - business relations or managing personal behavior or relationships or interactions between people including following rules or instructions) authenticating the first dynamic authentication credential and, based on the server dynamic authentication rules and associated authentication parameters, further authenticating one or more of the one or more additional dynamic authentication credentials and generating an authentication result of the first mobile-related internet transaction by one or more processing devices having access to at least a portion of the data, (Certain Methods Of Organizing Human Activity - business relations or managing personal behavior or relationships or interactions between people including following rules or instructions) wherein the authentication of each authenticated dynamic authentication credential is used to validate the corresponding input data. (Certain Methods Of Organizing Human Activity - business relations or managing personal behavior or relationships or interactions between people including following rules or instructions) Additional dependent claims 2-10 and 12-18 do not appear remedy the deficiency. Step 2A (prong 2): Claim 1 (representative of claim 1): …a mobile device …one or more server memories These remaining claim limitations are delineated as shown immediately preceding. The abstract idea is not integrated into a practical application. There are no improvements to the functioning of a computer, other technology or technical field, a particular machine is not cited, nothing is transformed to a different state or thing, the abstract idea is not more than a drafting effort designed to monopolize the abstract idea. The claim merely uses a computer as a tool to perform the abstract idea, which is generally linked to a particular field of use, in this case, marketing and advertising. Thus, these limitations are recited at a high-level of generality (i.e., as a generic processor and memory performing a generic computer function of processing and storing data) such that it amounts no more than mere instructions to apply the exception using a generic computer component – MPEP 2106.05(f). Further, receiving data, evaluating data and distributing data are data gathering and data outputting, which has no effect on technology and does no more than generally link the use of the judicial exception to a particular technological environment or field of use – see MPEP 2106.05(h). Step 2B: The claim limitations do not provide an Inventive Concept. The claim limitations do not recite additional elements that amount to significantly more that the abstract idea because the additional elements of the system comprising a computer processor, computer readable storage medium with instructions, and a memory configured to store information, each recited at a high level of generality in a computer network which only perform the universal computer functions of accessing, receiving, storing, and processing data, transmitting and presenting information. Taking the elements both individually and as an ordered combination, the function performed by the computer at each step of the process is purely orthodox. Using a computer to obtain and display data are some of the most basic functions of a computer. As shown, the individual limitations claimed are some of the most rudimentary functions of a computer. The technical solution described in this invention does not alter hardware structure or its routine, does not transform the character of the information being processed, does not identify a novel source or type of data, does not advance the functionality of a computer as a tool, and does not incorporate specific rules enabling the computer to accomplish innovative utilities. In summary, the individual step and/or component does no more than require a general computer to perform standard computer functions. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of a computer devices amounts to no more than mere instructions to apply the exception using a generic computer component - requiring the use of software to tailor information and provide it to the user on a generic computer, Intellectual Ventures I LLC v. Capital One Bank (USA), 792 F.3d 1363, 1370-71, 115 USPQ2d 1636, 1642 (Fed. Cir. 2015). Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1-18 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-24 of U.S. Patent No. 12,400,209 B2, hereinafter the ‘209 patent. Although the claims at issue are not identical, they are not patentably distinct from each other. Each of the ‘209 patent as well as this presently claimed invention are directed towards using a personal mobile device to generate a dynamic password or biometric PIN. Additionally, Although the conflicting claims are not identical, they are not patentably distinct from each other. The independent claims of this instant application recite: A method associated with one or more providers of authentication services for internet transactions in connection with use of a mobile device having an active generator that generates at transaction time dynamic authentication credentials calculated by the mobile device upon a different input data, and a transaction terminal that transmits at least part of the dynamic authentication credentials, the method comprising: electronically storing in one or more server memories data capable of linking the mobile device to one or more authentication services for internet transactions, the data including authentication parameters associated to server dynamic authentication rules of dynamic credentials and one or more identifiers related to a user and the one or more authentication services, the server dynamic authentication rules indicating for each related dynamic authentication credential whether success in its authentication is mandatory or optional to obtain a successful result of an authentication of a mobile-related internet transaction, sending to the mobile device personalization data for the mobile device to generate dynamic authentication credentials, the personalization data associated to the server stored authentication parameters associated to the dynamic authentication rules of dynamic authentication credentials, receiving from the transaction terminal a first dynamic authentication credential generated by the mobile device at the time of a first transaction using the personalization data and as input data a user's Personal Identification Number (PIN), one or more additional dynamic authentication credentials, each one calculated by the mobile device at the time of the first transaction upon the personalization data and a different input data, and at least one identifier related to the user and to the authentication service the dynamic authentication credentials refers to, authenticating the first dynamic authentication credential and, based on the server dynamic authentication rules and associated authentication parameters, further authenticating one or more of the one or more additional dynamic authentication credentials and generating an authentication result of the first mobile-related internet transaction by one or more processing devices having access to at least a portion of the data, wherein the authentication of each authenticated dynamic authentication credential is used to validate the corresponding input data. The independent claims of the ‘209 patent differ since it further recites additional claim limitations including: receiving from the transaction terminal a first dynamic non-mobile-device-pre-stored authentication credential generated by the mobile device at the time of a first transaction using in the context of the first transaction as input data a user's Personal Identification Number (PIN), one or more additional dynamic non-mobile-device-pre-stored authentication credentials, each one calculated by the mobile device at the time of the first transaction upon a different input data related to the context of the first transaction, and at least one identifier related to the user and to the authentication service the dynamic non-mobile-device-pre-stored authentication credentials refers to, wherein neither an additional dynamic non-mobile-device-pre-stored authentication credential nor the input data used to calculate it are respectively within a predetermined tolerance of the first dynamic non-mobile-device-pre-stored authentication credential or the user's PIN, authenticating the first dynamic non-mobile-device-pre-stored authentication credential and, based on the server dynamic authentication rules and associated authentication parameters, further authenticating one or more of the one or more additional dynamic non-mobile-device-pre-stored authentication credentials and generating an authentication result of the first mobile-related internet transaction by one or more processing devices having access to at least a portion of the data, However, it would have been obvious to a person of ordinary skill in the art to modify claims 1-18 of the claimed invention by removing the limitations directed to utilizing a PIN and completing various authentication and validation steps resulting generally in the claims of the present application since the claims of the present application and the claims recited in the ‘209 patent actually perform a similar function. It is well settled that the omission of an element and its function is an obvious expedient if the remaining elements perform the same function as before. In re Karlson, 136 USPQ 184 (CCPA 1963). Also note Ex parte Rainu, 168 USPQ 375 (Bd. App. 1969). Omission of a reference element whose function is not needed would be obvious to one of ordinary skill in the art. In this case, the limitation as claimed by the invention is merely an improvement over a base device, product, or method as taught by the references. The specifications also teach a comparable device improved in the same way. The technical ability existed to improve the base device in the same way and the result of the improvement is predictable. (KSR v. Teleflex, 127 S. Ct. 1727 (2007)). Consequently, it would have been obvious to one of ordinary skill in the art at the effective filing date to combine/modify the method of the ‘209 patent with the technique of instant application because there is a recognized problem or need in the art including market pressure, design need, etc., and there are a finite number of identified predictable solutions. Accordingly, those in the art could have pursued known solutions with reasonable expectation of success. (KSR v. Teleflex, 127 S. Ct. 1727 (2007)). Fundamentally, in the competitive business climate, there is a profit-driven motive to maximize the profitability of goods and services that are provided or marketed to customers. Enterprises typically use business planning to make decisions in order to maximize profits. CONCLUSION The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Non-Patent Literature: European Central Bank. “ASSESSMENT GUIDE FOR THE SECURITY OF INTERNET PAYMENTS.” (FEBRUARY 2014). Retrieved online 05/06/2025. https://www.ecb.europa.eu/pub/pdf/other/assessmentguidesecurityinternetpayments201402en.pdf Cisco Systems, Inc. “Authentication Authorization and Accounting Configuration Guide Cisco IOS XE Release 3S.” (2015). Retrieved online 05/06/2025. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-3s/sec-usr-aaa-xe-3s-book.pdf PCi. “Information Supplement: PCI DSS E-commerce Guidelines.” (2013). Retrieved online 05/06/2025. https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_eCommerce_Guidelines.pdf Foreign Art: CHEN et al. “Identity Management Method For Mobile Terminal, Involves Notifying Identity Verification Result According To Return Message To Application Programs In Relevant Program, When Identity Verification Server Receives Return Message.” (WO 2012/100677 A1) AGARWAL et al. “Mobile Device E.g. Mobile Phone, Has Processing System, Which Implements Restricted Execution Service That Is Configured To Activate Restricted Execution Mode Of Mobile Device, Where Restrict Access Of Device Application Is Activated.” (WO 2013/096949 A1) BARTLETT et al. “Method For Registering User Of Mobile Device E.g. Smart Phone, Involves Validating User With Account Using Data Identifying User And Account Data.” (WO 2014/117833 A1) Any inquiry of a general nature or relating to the status of this application or concerning this communication or earlier communications from the Examiner should be directed to James A. Reagan (james.reagan@uspto.gov) whose telephone number is 571.272.6710. The Examiner can normally be reached Monday through Friday from 9 AM to 5 PM. If attempts to reach the examiner by telephone are unsuccessful, the Examiner’s supervisor, John Hayes, can be reached at 571.272.6708. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://portal.uspto.gov/external/portal/pair . Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). Any response to this action should be mailed to: Commissioner for Patents PO Box 1450 Alexandria, Virginia 22313-1450 or faxed to 571-273-8300. Hand delivered responses should be brought to the United States Patent and Trademark Office Customer Service Window: Randolph Building 401 Dulany Street Alexandria, VA 22314. /JAMES A REAGAN/Primary Examiner, Art Unit 3697 james.reagan@uspto.gov 571.272.6710 (Office) 571.273.6710 (Desktop Fax)
Read full office action

Prosecution Timeline

Jul 30, 2025
Application Filed
Jun 09, 2026
Non-Final Rejection mailed — §101, §DP (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682372
METHODS AND SYSTEMS FOR REGULATING OPERATION OF UNITS USING ENCRYPTION TECHNIQUES ASSOCIATED WITH A BLOCKCHAIN
3y 6m to grant Granted Jul 14, 2026
Patent 12664536
SYSTEMS AND METHODS FOR USING LIMITED USE TOKENS BASED ON RESOURCE SPECIFIC RULES
3y 6m to grant Granted Jun 23, 2026
Patent 12664566
System and Method for Measuring the Duration of a Mobile Platform in a Stationary Location
1y 11m to grant Granted Jun 23, 2026
Patent 12657607
MOBILE DIGITAL ADVERTISING WITH GEOGRAPHIC ENHANCEMENT
1y 11m to grant Granted Jun 16, 2026
Patent 12651257
SYSTEMS, METHODS, APPARATUSES AND COMPUTER PROGRAM PRODUCTS FOR PERFORMING OPERATIONS ON RECEIVED REQUEST DATA OBJECTS
3y 2m to grant Granted Jun 09, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
71%
Grant Probability
91%
With Interview (+20.1%)
3y 9m (~2y 9m remaining)
Median Time to Grant
Low
PTA Risk
Based on 877 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month