Prosecution Insights
Last updated: July 17, 2026
Application No. 19/301,801

SYSTEMS AND METHODS FOR LOCATION-BINDING AUTHENTICATION

Non-Final OA §101§102§103
Filed
Aug 15, 2025
Priority
Jul 07, 2016 — continuation of 11/132,425 +1 more
Examiner
BRIDGES, CHRISTOPHER
Art Unit
Tech Center
Assignee
Wells Fargo Bank, N.A.
OA Round
1 (Non-Final)
45%
Grant Probability
Moderate
1-2
OA Rounds
2y 3m
Est. Remaining
55%
With Interview

Examiner Intelligence

Grants 45% of resolved cases
45%
Career Allowance Rate
155 granted / 345 resolved
-15.1% vs TC avg
Moderate +10% lift
Without
With
+10.5%
Interview Lift
resolved cases with interview
Typical timeline
3y 2m
Avg Prosecution
23 currently pending
Career history
364
Total Applications
across all art units

Statute-Specific Performance

§101
59.3%
+19.3% vs TC avg
§103
32.1%
-7.9% vs TC avg
§102
4.2%
-35.8% vs TC avg
§112
0.3%
-39.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 345 resolved cases

Office Action

§101 §102 §103
DETAILED ACTION This office action is in response to Applicant’s communication of 8/15/2025. Claims 1-20 are pending and have been examined. The rejections are stated below. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on 10/22/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claims do fall within at least one of the four categories of patent eligible subject matter because claim 1 is directed to a process, claim 8 is directed to a system and claim 15 is directed to a non-transitory computer-readable medium; Step 1-yes. Under Step 2A, prong 1, representative claim 1 recites a series of steps for location based authentication, i.e. mitigating risk, which is a fundamental economic practice and thus grouped as “Certain Methods of Organizing Human Activity”. The claim as a whole and the limitations in combination recite this abstract idea. Specifically, the limitations of representative claim 1, in bold below and stripped of all additional elements, recite the abstract idea as follows: 1. A method of authenticating a login request at a computing device, the method comprising: receiving, by a computing device, the login request including a user identifier associated with a user; transmitting, by the computing device, a request for location information of a user device associated with the user to indicate a location of the user device; receiving, by the computing device and from the user device, a location-based modifiable digital fingerprint comprising an encoded value for a location of the user device, wherein the updated location-based modifiable digital fingerprint is received by the computing device based on a change in the location of the user device; verifying, by the computing device, the user device based on a change to the encoded value for the location of the user device; and providing, by the computing device, the user access to the computing device. The claimed limitations, identified above, recite a process that, under its broadest reasonable interpretation, covers performance of a fundamental economic practice, but for the recitation of generic computer components. That is, other than the mere nominal recitation of a “a computing device” and “a user device” in claim 1, “a computing device comprising a processing circuit” and “a user device” in claim 8 and “instructions, when executed by a processor of a computing device” and “a user device” in claim 15, there is nothing in the claim element which takes the steps out of the methods of organizing human activity abstract idea grouping. Thus, the claim recites an abstract idea. Under step 2A, prong 2, this judicial exception is not integrated into a practical application. In particular, the claim only recites using generic, commercially available, off-the-shelf computing devices, i.e. processors suitably programmed communicating over a generic network, to perform the steps of receiving, transmitting, receiving, verifying and providing. The computer components are recited at a high-level of generality (i.e., as generic processors with memory suitably programmed communicating information over a generic network, see at least paragraphs [0016-0018] and [0035] of the specification) such that it amounts no more than adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform the abstract idea, see MPEP 2106.05(f). Accordingly, the additional elements claimed do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. Under step 2B, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of using generic computer processors with memory suitably programmed communicating over a generic network to perform the limitation steps amounts no more than adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform the abstract idea, see MPEP 2106.05(f) Mere instructions to apply an exception using generic computer components interacting in a conventional manner cannot provide an inventive concept. The claim is not patent eligible. Applicant has leveraged generic computing elements to perform the abstract idea of location based authentication, i.e. mitigating risk, without significantly more. Dependent claims 2-7, 9-14 and 16-20 when analyzed as a whole and in an ordered combination are held to be patent ineligible under 35 U.S.C. 101 because the additional recited limitation(s) fail(s) to establish that the claim(s) is/are not directed to an abstract idea, as detailed below. The additional recited limitations in the dependent claims only refine the abstract idea. For instance, claims 2, 3, 9, 10, 16 and 17 are claimed at a very high level of generality and are merely determining if a user identifier matches a password. This can also be completed through mental evaluation but for any nominal recitation of generic computing elements. Claims 4, 5, 11, 12, 18 and 19 further recite how the location is determined. There are no technical implementation details such that this is anything more than leveraging known technology for its most basic use to gather information to be used in the abstract idea. Claims 6, 7, 13, 14 and 20 provide no technical implementation details other than blacklisting users based on received information. This can be performed manually through mental evaluation but for any nominal recitation of generic computing elements. Clearly, the additional recited limitations in the dependent claim only refines the abstract idea further. Further refinement of an abstract idea does not convert an abstract idea into something concrete. The claims merely amount to the application or instructions to apply the abstract idea (i.e. a series of steps for location based authentication, i.e. mitigating risk) on one or more computers, and are considered to amount to nothing more than requiring a generic computer system (e.g. processors suitably programmed and communicating over a network) to merely carry out the abstract idea itself. As such, the claims, when considered as a whole, are nothing more than the instruction to implement the abstract idea (i.e. a series of steps for location based authentication, i.e. mitigating risk) in a particular, albeit well-understood, routine and conventional technological environment. Accordingly, the Examiner concludes that there are no meaningful limitations in the claims that transform the judicial exception into a patent eligible application such that the claims amount to significantly more than the judicial exception itself or integrate the judicial exception into a practical application. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-4, 8-11 and 15-18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Disraeli (US 10,050,976 B2) Regarding claims 1, 8 and 15: Disraeli discloses a method, device and non-transitory computer-readable medium for authenticating a login request at a computing device, the method comprising: receiving, by a computing device, the login request including a user identifier associated with a user; (at least FIG. 7, element 704, “…a first factor of authentication (e.g. username and password combination)”). transmitting, by the computing device, a request for location information of a user device associated with the user to indicate a location of the user device; (at least FIG. 7, element 706, “Obtain LC location data”, i.e. Login Client,). receiving, by the computing device and from the user device, a location-based modifiable digital fingerprint comprising an encoded value for a location of the user device, wherein the updated location-based modifiable digital fingerprint is received by the computing device based on a change in the location of the user device; (at least FIG. 7, element 716 and 718). verifying, by the computing device, the user device based on a change to the encoded value for the location of the user device; (at least FIG. 7, element 722 and 724). providing, by the computing device, the user access to the computing device, (at least FIG. 7, element 730). Regarding claims 2, 9 and 16: Disraeli further discloses, wherein: the login request further comprises a password associated with the user identifier, (at least FIG. 7, element 704, “…a first factor of authentication (e.g. username and password combination)”). Regarding claims 3, 10 and 17: Disraeli further discloses, further comprising: verifying, by the computing device, that the user identifier and the password match a known user identifier and a known password, (at least FIG. 7, elements 710 and 712). Regarding claims 4, 11 and 18: Disraeli further discloses, wherein: the location of the user device is determined based on information provided by at least one of a wireless access point or a cellular transceiver in broadcast range of the user device, (at least col.5, lines 36-67, “The location information service 140 may be any location based service (LBS) provider that utilizes various positioning technologies to locate mobile devices.”, at least col.7, lines 9-10, “…nearby Wi-Fi access point data”, at least claim 9). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 5, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Disraeli (US 10,050,976 B2) in view of Ellis et al. (US 9,600,815 Bl)( Ellis hereinafter) Regarding claims 5, 12 and 19: although Disraeli substantially discloses claims 1, 8 and 15 above, it appears that Disraeli does not disclose, however, Ellis discloses, wherein: the location of the user device is determined based on a code provided to the user device, (at least col.1, lines 66-67 and col.2, lines 1-4, “…the code being generated for a mobile device that belongs to an account holder. The method includes generating the code, including embedding in the code a transaction identification number, a geographic location of the mobile device, a timestamp.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include in the frictionless multi-factor authentication system of Disraeli the ability to encode location data as disclosed by Ellis since the claimed invention is merely a combination of old elements and, in combination, each element would merely have performed the same function as it did separately. One of ordinary skill in the art would have recognized that applying the features disclosed by Ellis, to the known invention of Disraeli, would have yielded predictable results and resulted in an improved invention. The motivation to combine is that a “code”, e.g. a QR code, provides a secure encoding of data and is one of a myriad of ways a mobile device can transmit location information. Claims 6, 7, 13, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Disraeli (US 10,050,976 B2) in view of Aaron et al. (US 10,489,819 B2)(Aaron hereinafter) Regarding claims 6, 13 and 20: although Disraeli substantially discloses claims 1, 8 and 15 above, it appears that Disraeli does not disclose, however, Aaron discloses further comprising, in response to determining that the encoded value corresponds to a specific location of the user device, blacklisting, by the computing device, the user device, (at least col.11, lines 10-15, ‘“Specific sources, as identified by, for example, IP address, measured location or other means, may also be "blacklisted" so that requests for a web page originating from those sources are not honored (i.e., the web page is not delivered) or so that no pay-per-click charge is incurred for activations by the blacklisted source.”’). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include in the frictionless multi-factor authentication system of Disraeli the ability to identify possible fraudulent IP location data as disclosed by Aaron since the claimed invention is merely a combination of old elements and, in combination, each element would merely have performed the same function as it did separately. One of ordinary skill in the art would have recognized that applying the features disclosed by Aaron, to the known invention of Disraeli, would have yielded predictable results and resulted in an improved invention. The motivation to combine is that blacklisting a possible fraudulent IP address, i.e. computer location, can mitigate the risk of fraud by not allowing any interaction with said site. Regarding claims 7 and 14: Aaron further discloses further comprising: blacklisting, by the computing device, the user device based on an IP address associated with the login request, (at least col.11, lines 10-15, ‘“Specific sources, as identified by, for example, IP address, measured location or other means, may also be "blacklisted" so that requests for a web page originating from those sources are not honored (i.e., the web page is not delivered) or so that no pay-per-click charge is incurred for activations by the blacklisted source.”’). Double Patenting The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321 (c) or 1.321 (d) may be used to overcome an actual or provisional rejection based on a non-statutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321 (b). The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. Claim Rejections - Double Patenting (Obviousness-type) Claims 1-20 are rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-31 of US Patent No. 11,132,425 (‘425 hereinafter) and claims 1-20 of US Patent No. 12,406,038 (‘038 hereinafter). Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the ‘425 and ‘038 Patent recite all the limitations of claims 1-20 of the instant application as indicated in the comparison table below. Claims of 19/301,801 Claims of 11,132,425 and 12,406,038 1. (as well as 8 and 15) A method of authenticating a login request at a computing device, the method comprising: receiving, by a computing device, the login request including a user identifier associated with a user; transmitting, by the computing device, a request for location information of a user device associated with the user to indicate a location of the user device; receiving, by the computing device and from the user device, a location-based modifiable digital fingerprint comprising an encoded value for a location of the user device, wherein the updated location-based modifiable digital fingerprint is received by the computing device based on a change in the location of the user device; verifying, by the computing device, the user device based on a change to the encoded value for the location of the user device; and providing, by the computing device, the user access to the computing device. (‘425) 1. A method of authenticating a login request at a computing device, the method comprising: receiving, at an authentication system associated with the computing device, the login request from the computing device, the login request including a user identifier associated with a user; transmitting, by the authentication system, a request for location information of a user device associated with the user; causing computer-executable code deployed to the user device to generate a location-based modifiable digital fingerprint comprising a first encoded value based on a unique identifier of the user device and a second encoded value based on location information of the user device, comprising causing the computer-executable code to: maintain a location snapshot comprising the unique identifier and location information; upon receiving the request for location information at the user device, generate the first encoded value and the second encoded value; generate the location-based modifiable digital fingerprint comprising the first encoded value and the second encoded value; and transmit the location-based modifiable digital fingerprint to the authentication system; and receiving, by the authentication system, the location based modifiable digital fingerprint from the user device; verifying, by the authentication system, that the location information from the location-based modifiable digital fingerprint corresponds to a known location of the computing device; and providing, by the authentication system, the user access to the computing device. 2. (as well as 9 and 16) The method of claim 1, wherein the login request further comprises a password associated with the user identifier. (‘425) 2. The method of claim 1, wherein the login request further includes a password associated with the user identifier. 3. (as well as 10 and 17) The method of claim 2, further comprising verifying, by the computing device, that the user identifier and the password match a known user identifier and a known password. (‘425) 3. The method of claim 2, further comprising verifying, by the authentication system, the user identifier and the password as matching a known user identifier and a known password associated with the user prior to requesting location information of the user device. 4. (as well as 11 and 18) The method of claim 1, wherein the location of the user device is determined based on information provided by at least one of a wireless access point or a cellular transceiver in broadcast range of the user device. (‘038) 4. The method of claim 1, wherein the first location of the user device is determined based on information provided by at least one of a wireless access point or a cellular transceiver in broadcast range of the user device. 5. (as well as 12 and 19) The method of claim 1, wherein the location of the user device is determined based on a code provided to the user device. (‘038) 5. The method of claim 1, wherein the first location of the user device is determined based on a code provided to the user device. 6. (as well as 13 and 20) The method of claim 1, further comprising, in response to determining that the encoded value corresponds to a specific location of the user device, blacklisting, by the computing device, the user device. (‘038) 6. The method of claim 1, further comprising, in response to determining that the second encoded value corresponds to a third location of the user device, blacklisting, by the computing device, the user device. 7. (as well as 14) The method of claim 6, further comprising blacklisting, by the computing device, the user device based on an IP address associated with the login request. (‘038) 7. The method of claim 6, further comprising blacklisting, by the computing device, the user device based on an IP address associated with the login request. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure are listed on the enclosed PTO-892. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER J BRIDGES whose telephone number is (571)270-5451. The examiner can normally be reached 7:00am-3:30pm M-F EDT. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mike Anderson can be reached at 571-270-0508. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER BRIDGES/Primary Examiner, Art Unit 3693
Read full office action

Prosecution Timeline

Aug 15, 2025
Application Filed
Jun 29, 2026
Non-Final Rejection mailed — §101, §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682345
GATED CONTROL FOR BLOCKCHAIN UNITS
2y 0m to grant Granted Jul 14, 2026
Patent 12664009
DISTRIBUTED REGULATORY TANGLEGRAPH CONSORTIUM SYSTEM FOR EXECUTING PROCESSES IN A VIRTUAL COMPUTING ENVIRONMENT
4y 0m to grant Granted Jun 23, 2026
Patent 12659155
PROCESSING A CONTINGENT ACTION TOKEN SECURELY
2y 7m to grant Granted Jun 16, 2026
Patent 12647288
Systems and Methods for Generation of Energy-Backed Digital Units Stored in a Decentralized Ledger
3y 10m to grant Granted Jun 02, 2026
Patent 12646117
APPARATUS AND METHODS FOR IMPLEMENTING CHANGED MONITORING CONDITIONS AND/OR REQUIREMENTS USING DYNAMICALLY-MODIFIABLE CONTROL LOGIC
1y 7m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
45%
Grant Probability
55%
With Interview (+10.5%)
3y 2m (~2y 3m remaining)
Median Time to Grant
Low
PTA Risk
Based on 345 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month