DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application is being examined under the pre-AIA first to invent provisions.
Status of the Claims
Claims 21-24, 27, 29, 31-32, 46-53, and 55-64, are presented for examination. Applicant filed a request for continued examination (RCE) on 01/02/2026 amending claims 21, 46, 47, 52, and 57; and adding new claims 63 and 64. Examiner has maintained the previous double patenting rejection of claims 21-24, 27, 29, 31-32, 46-53, and 55-62; and the previous § 101 rejection of claims 21-24, 27, 29, 31-32, and 55-62. In light of Applicant’s amendments, Examiner has withdrawn the previous objections of claims 21 and 57; and § 101 rejection of claims 46-53. Examiner has, however, established new § 101 rejection for claims 46-53 and for the newly added claims 63-64 in the instant Office action. Further, Examiner has established a double patenting rejection for the newly added claims 63 and 64 in the instant Office action.
Examiner’s Remarks
Patent Eligibility under § 101: Applicant argues in pages 16 of Applicant’s Remarks:
[T]he Examiner has not considered claim 55 as a whole, under Step 2A, prong 2. This requirement is from the 2019 PEG guidelines.
The remaining main argument on pages 4-5 of the Office Action could be a strong argument, if the relevant feature on pages 4-5 of the Office Action represented all the asserted AE limitations [additional limitations] in claim 55. Of course, that is not the case, as can be easily seen by comparing the idea of a “channel” with all the italicized language appearing in claim 55. The critical question is not whether a singled out (and overgeneralized) feature, severed from all the other asserted AE limitations (i.e. 'a channel,' as the Examiner proposes), can, by itself, integrate the JE limitations into a practical application. Rather, the critical question concerns is inclusive with regard to all the AE limitations, does not overgeneralize them, and concerns whether they integrate the asserted judicial exception when the claim is considered as a whole. The arguments on page 4-5 of the Final Office Action do not reach the requirement to consider the claim as a whole under Step 2A, prong two - and thus do not cure the deficiencies already noted with regard to the asserted Step 2A, prong two evaluation on pages 15-17 of the Office Action.
Examiner respectfully disagrees. Examiner has evaluated instant claims according to the 2019 PEG guideline. As before, and considering each claim as a whole, communicating information by types of networks or storing information in two types of network nodes – private and public – does not provide a technological solution to a problem of technology. Instead, it is merely using technology in communicating and storing information. As such, there is no integration of the abstract idea into a practical solution under Step 2A – Prong 2 of the Test, nor are the instant claims rendered patent eligible under Step 2B of the Test. Instead of technological solution to a problem of technology, Applicant is using technology in solving a business problem of mitigating fraud. Again, communicating information by types of networks or storing information in two types of computer network nodes does not integrate the abstract idea into a practical solution under Step 2A – Prong 2 of the Test, nor does it render instant claims patent eligible under Step 2B of the Test.
Prior Art under § 102/§ 103: The claimed invention is directed to a method for user identity validation for online transactions. The prior reference, Dockter (US 6,295,605 B1) teaches generally a method for user identity validation for online transactions. The prior art, however, fails to teach – either alone or in combination with other references – the claim limitations found in independent claims 21, 46, 55, and 63, as an ordered combination of steps.
Double Patenting
The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR § 1.321(c) or § 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP §§ 706.02(l)(1) – 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR § 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21-24, 27, 29, 31-32, 46-53, and 55-64, are rejected on the grounds of non-statutory double patenting as being unpatentable over claims 1-17 of U.S. Patent No. 8,515,847 B2 (application No. 12/142,727). While 8,515,847 B2 is not a parent of the instant application, both 8,515,847 B2 and instant application originate from a common parent application No. 12/118,135 (now abandoned). Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application are obvious over the reference claims.
Claim Rejections - 35 USC § 101
35 U.S.C. § 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 21-24, 27, 29, 31-32, 46-53, and 55-64, are rejected under 35 USC § 101 because they are directed to non-statutory subject matter. The rationale for this finding is explained below.
The Supreme Court in Mayo laid out a framework for determining whether an applicant is seeking to patent a judicial exception itself or a patent-eligible application of the judicial exception. See Alice Corp., 134 S. Ct. at 2355,110 USPQ2d at 1981 (citing Mayo, 566 U.S. 66, 101 USPQ2d 1961). This framework, which is referred to as the Mayo test or the Alice/Mayo test (“the test”), is described in detail in Manual of Patent Examining Procedure (”MPEP”) (see MPEP § 2106(III) for further guidance). The step 1 of the test: It need to be determined whether the claims are directed to a patent eligible (i.e., statutory) subject matter under 35 USC § 101. Step 2A of the test: If the claims are found to be directed to a statutory subject matter, the next step is to determine whether the claims are directed to a judicial exception i.e., law of nature, natural phenomenon, and abstract idea (Prong 1). If the claims are found to be directed to an abstract idea, it needs to be determined whether the claims recite additional elements that integrate the judicial exception into a practical application (Prong 2). Step 2B of the test: If the claims are directed to a judicial exception, the next and final step is to determine whether the claims recite additional elements that amount to significantly more than the judicial exception.
Step 1 of the Test:
When considering subject matter eligibility under 35 USC § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. Here, the claimed invention of claims 21-24, 27, 29, 31-32, and 55-62, is a series of steps, which is a method (i.e., a process) and, thus, one of the statutory categories of invention. Further, the claimed invention of claims 46-53 and 63-64 is a system, which is also one of the statutory categories of invention.
Conclusion of Step 1 Analysis: Therefore, claims 21-24, 27, 29, 31-32, 46-53, and 55-64, are statutory under 35 USC § 101 in view of step 1 of the test.
Step 2A of the Test:
(i) Prong 1: Claims 21-24, 27, 29, 31-32, 46-53, and 55-64, however, recite an abstract idea of protecting against fraud when using machine-to-machine transactions. The creation of protecting against fraud when using machine-to-machine transactions, as recited in the independent claims 21, 46, 55, and 63, belongs to certain methods of organizing human activity (i.e., commercial interactions and fundamental economic principles or practices including mitigating risk) that are found by the courts to be abstract ideas. Applicant's specification in paragraph 5 sets out the problem to be solved in the following manner:
[0005] There are various forms of technologies current employed by online merchants to avoid identity-related fraud and prevent credit card fraud, both in-person and online. Such technologies include but are not limited to, identifying Media Access Control (MAC) address of a device used to participate in a digitally based interaction, sniffing the IP address to confirm if the originating address is the anticipated one, determining the identity by accessing credit reporting agencies, and requesting forensic report of previous purchase discrepancies associated with the user name, data or credit card as well as manual review of purchases including outbound call centers to validate that the consumer has actually placed an order. These technologies are designed to minimize or eliminate human interaction, relying instead of complex algorithms to define if an online user is actually the person they proclaim they are and there is a minimal interaction with the user themselves to prove identity. When it comes to subsequent logins the current processes use PINs or passwords, such as Verified by VISA, there is limited follow up identity verification. In spite of these technologies being applied to prevent fraud, online merchants in the USA and Canada are estimated to have lost over $3.6 billion to online fraud in 2007. Consequently, there is a strong need for an identity verification system, which allows a person's identity to be conveniently and promptly validated when the person initiates any major activities online. The use of information from credit files to verify user identity has been used to authorize access to online accounts for credit file reporting (e.g., Experian at creditexpert.com) or for lost account passwords with a credit card issuer (e.g., Chase at chase.com). However, such information has not been utilized for online transactions due to strict limitations and compliance requirements for such transactions.
The limitations in independent claims 21, 46, 55, and 63, which set forth or describe the recited abstract idea, are recited by the following steps:
“retaining personally identifying information entirely within a private network, wherein data egressing from the private network to information other than the personally identifying information is constrained, wherein data provided to the one or more remote devices is associated with the personally identifying information, and wherein said associated data does not include the personally identifying information” (claims 21 and 55);
“performing the machine-to-machine transactions with the front end” (claims 21 and 55);
“implementing (a layer of) fraud protection (technology) for the machine-to-machine transactions, (including) identifying a physical address of user terminals used to participate in the machine-to-machine transactions, or sniff a logical address during the machine-to-machine transactions to confirm if an originating address is an anticipated address, wherein one of the machine-to-machine transactions is associated with an exception” (claims 21 and 55);
“implementing an additional (layer of) fraud protection (technology) for the one of the machine-to-machine transactions, (including:)
access(ing), based on correlating information taken from the content of the one of the minimal data sets, a profile of two or more profiles for two or more identities, respectively, of two or more individuals, wherein the accessed profile includes at least some of the personally identifying information; [and]
generat(ing), based at least in part on the accessed profile, challenge data including only person-specific information, the person-specific information comprising the associated data, wherein the generated challenge data includes a knowledge-based authentication (KBA) question and answer that does not contain personally identifying information” (claim 21);
“utilizing the generated challenge data including only the person-specific information, (including:)
initiat(ing) a challenge for presentation at one of the user terminals or another user device associated with an individual corresponding to the minimal data set, wherein the challenge comprises the question;
compar(ing) a reply to the question to the answer of the KBA question and answer; and
authoriz[ing] the one of the machine-to-machine transactions based, at least in part, on a result of the comparison” (claims 21 and 55);
“implementing fraud protection technology for the machine-to-machine transactions that: identify a physical address of user terminals used to participate in the machine-to-machine transactions, or sniff a logical address during the machine-to-machine transactions to confirm if an originating address is an anticipated address” (claim 46);
“applying additional fraud protection technology for the one of the machine-to-machine transactions” (claim 46);
“retaining personally identifying information entirely within a private network, wherein data egressing from the private network to information other than the personally identifying information is constrained, wherein data provided to the one or more remote devices is associated with the personally identifying information, and wherein said associated data does not include the personally identifying information” (claim 46);
“accessing, based on correlating information provided to the private network, the correlating information taken from the content of the one of the minimal data sets, a profile of two or more profiles for two or more identities, wherein the accessed profile includes at least some of the personally identifying information” (claim 46);
“initiating a challenge for presentation at one of the user terminals or another user device associated with an individual corresponding to the minimal data set following output of the question of the KBA question and answer from the private network, wherein the challenge comprises the question” (claim 46);
“comparing a reply to the question to the answer of the KBA question and answer” (claim 46);
“authorizing the one of the machine-to-machine transactions based, at least in part, on a result of the comparison” (claim 46);
“grading the reply based at least in part on a time-limited window, to avoid a person looking up data for the reply” (claim 46);
“recognizing a minimal data set in a communication received by the platform” (claim 63);
“correlating, internally within the platform and using said internal data, the minimal data set to an individual, of the two or more individuals” (claim 63);
“identifying a KBA (Knowledge Based Authentication) question and answer set that is derived from the internal data, but which does not include any of the internal data” (claim 63);
“including, [by] the KBA question and answer set, one or more questions presentable to a person, to verify whether the person is the individual” (claim 63);
“evaluating one or more characteristics of at least one response by the person, to a challenge presented to the person on a device under their control, the challenge using at least one question of the one or more questions, the evaluation based on at least one answer from the identified KBA question and answer set” (claim 63); and
“producing a rating or a grading representing a result of the evaluation, the produced rating or grading usable by an online merchant to determine whether or not to complete an online transaction associated with the minimal data set, wherein the recognized minimal data set is a minimal data set of minimal data sets collected by during machine-to-machine transactions consistent with a type of the machine-to-machine transactions” (claim 63).
(ii) Prong 2: In addition to abstract steps recited above in Prong 1, independent claims 21, 46, 55, and 63, recite the following additional elements:
“a technological platform having a secure architecture, [wherein] the secure architecture [is] characterized in that it employs a front end to communicate with one or more remote devices, wherein the one or more remote devices are located outside a private network, and wherein the one or more remote devices include an online merchant engine” (claims 21, 46, and 55);
“user terminals” (claims 21, 46, and 55);
“a network different than the private network” (claims 21 and 55);
“one or more first processors” (claim 21);
“one or more second processors in the private network, wherein the one or more second processors are different than the one or more first processors” (claim 21);
“a memory storing instructions” (claim 46);
“one or more processors, wherein the front end includes the one or more processors” (claim 46);
“an apparatus comprising: means for applying; means for accessing; means for providing; means for initiating; means for comparing; means for authorizing; and means for grading” (claim 46);
“a secure architecture including a platform, and one or more data structures, wherein the one or more data structures further comprise, or the apparatus further comprises an additional data structure to operate outside the platform” (claim 63); and
“an online merchant engine” (claim 63).
These additional elements are recited at a high level of generality (i.e., as a generic processor performing a generic computer functions) such that they amount to no more than mere instructions to apply the exception using a generic computer components. Further, the following limitation recite insignificant extra solution activity (for example, data gathering):
“collecting minimal data sets from user terminals to conduct the machine-to-machine transactions consistent with a type of the machine-to-machine transactions” (claims 21, 46, and 55);
“providing a corresponding one of the minimal data sets following the physical address identification or logical address sniffing for the one of the machine-to-machine transactions” (claims 21 and 55);
“transmitting the associated data, the associated data including the question of the KBA question and answer” (claims 21 and 55);
“forwarding the KBA question and answer to one or more first processors” (claim 21);
“transmitting the KBA question and answer outside the private network” (claim 55);
“outputting content of a corresponding one of the minimal data sets for review following the physical address identification or logical address sniffing for the one of the machine-to-machine transactions in response to one of the machine-to-machine transactions associated with an exception” (claim 46);
“providing, based at least in part on the access to the profile, challenge data including only person-specific information, wherein the generated challenge data includes a knowledge-based authentication (KBA) question and answer that does not contain personally identifying information” (claim 46);
“outputting the question of the KBA question and answer” (claim 46); and
“retaining the platform data internally, strictly prohibiting the transmission of any of the internal data outside the platform” (claim 63);
These additional limitations do not integrate the abstract idea into a practical application because they do not impose a meaningful limit on the judicial exception. The additional elements/limitations of independent claims 21, 46, 55, and 63, here do not render improvements to the functioning of a computer or to any other technology or technical field (see MPEP § 2106.05(a)), nor do they integrate the abstract idea into a practical application under MPEP § 2106.05(b) (particular machine); MPEP § 2106.05(c) (particular transformations); or MPEP § 2106.05(e) (other meaningful limitations). Further, the combination of these additional elements/limitations is no more than mere instructions to apply the exception using a generic device(s). Accordingly, even in combination, these additional elements/limitations do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
Conclusion of Step 2A Analysis: Therefore, independent claims 21, 46, 55, and 63, are non-statutory under 35 USC § 101 in view of step 2A of the test.
Step 2B of the Test: The additional elements of independent claims 21, 46, 55, and 63, (see above in Step 2A – Prong 1) are well-understood, routine, and conventional elements that amount to no more than implementing the abstract idea with a computerized system. The Applicant’s Specification describes these additional elements in following terms:
[0015] FIG. 2 shows an example of a system to support user identity validation for online transactions. In the example of FIG. 2, the system 200 includes an online merchant engine (or merchant acquiring engine) 202, a third-party validation engine 204, a credit reporting engine 206, a credit database 208 coupled to the credit reporting engine 206, and an insurance engine 210. The term "engine," as used herein, generally refers to any combination of software, firmware, hardware, or other component that is used to effectuate a purpose.
[0016] In the example of FIG. 2, the online merchant engine 202, the third-party validation engine 204, the credit reporting engine 206, and the insurance engine 210 are operable to provide services on behalf of an online merchant, a third party validator, a credit reporting agency, and an insurer, respectively, via one or more hosting devices (hosts). Here, a host can be a computing device, a communication device, a storage device, or any electronic device capable of running software. For non-limiting examples, a computing device can be but is not limited to, a laptop PC, a desktop PC, a tablet PC, or a server machine. A storage device can be but is not limited to a hard disk drive, a flash memory drive, or any portable storage device. A communication device can be but is not limited to a mobile or cellular phone.
[0026] In the example of FIG. 2, the credit database 208 coupled to the credit reporting engine 206 can include both public and/or private databases. The database 208 is operable to store and manage identity, profile, and/or credit history of the individual, wherein such information may include but is not limited to, credit scores, transaction history, reported incidents or issues regarding previous transactions made by the individual. In addition, the database may also contain KBA questions and answers or the database may be used to generate KBA questions and answers tailored to each individual's credit and/or transaction history. Here, the term database is used broadly to include any known or convenient means for storing data, whether centralized or distributed, relational or otherwise. Due to their sensitive nature, records in the credit database 208 should be highly secured and optionally encrypted. Such record can be indexed and be made searchable via any of the information of the individual, such as credit card number, social security number, name, or telephone number upon request. In one embodiment, the KBA questions do not contain personally identifying information, but rather person-specific information, and therefore does not compromise the security of the credit reporting engine 206or database 208 or the individual's identity. In one embodiment, the selection of KBA questions to ask the individual varies from one transaction to another, thereby limiting the potential damage if the KBA questions Patent App and their answers are somehow intercepted or otherwise compromised. In one environment, sensitive personally identifying information, such as social security number, are not disclosed by the credit reporting engine 206, but rather are used internally to generate KBA questions and answers, which are much less sensitive that the personally identifying information.
[0036] One embodiment may be implemented using a conventional general purpose or a specialized digital computer or microprocessor(s) programmed according to the teachings of the present disclosure, as will be apparent to those skilled in the computer art. Appropriate software coding can readily be prepared by skilled programmers based on the teachings of the present disclosure, as will be apparent to those skilled in the software art. The invention may also be implemented by the preparation of integrated circuits or by interconnecting an appropriate network of conventional component circuits, as will be readily apparent to those Patent Application 14 Docket No. 129009-217742skilled in the art.
[0037] One embodiment includes a computer program product which is a machine readable medium (media) having instructions stored thereon/in which can be used to program one or more computing devices to perform any of the features presented herein. The machine readable medium can include, but is not limited to, one or more types of disks including floppy disks, optical discs, DVD, CO-ROMs, micro drive, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices, magnetic or optical cards, nanosystems (including molecular memory ICs), or any type of media or device suitable for storing instructions and/or data. Stored on any one of the computer readable medium (media), the present invention includes software for controlling both the hardware of the general purpose/specialized computer or microprocessor, and for enabling the computer or microprocessor to interact with a human user or other mechanism utilizing the results of the present invention. Such software may include, but is not limited to, device drivers, operating systems, execution environments/containers, and applications.
This is a description of general-purpose computer system performing routine functions that amount to no more than mere instructions to apply the exception using generic computer components. Thus, these additional elements are not sufficient to provide an inventive concept. Therefore, the additional elements of independent claims 21, 46, 55, and 63, are well-understood, routine, and conventional. Further, the additional limitations of claims 21, 46, 55, and 63, (“collecting,” “providing,” “outputting,” “transmitting,” “forwarding,” and “retaining” information) amount to no more than mere instructions to apply the exception using generic computer components. For the same reason these elements are not sufficient to provide an inventive concept. The additional limitations of “collecting,” “providing,” “outputting,” “transmitting,” “forwarding,” and “retaining” information were considered as insignificant extra-solution activity in Step 2A – Prong 2. Re-evaluating here in Step 2B, they are also determined to be well-understood, routine, and conventional activity in the field. Similarly to OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network), and buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network), the additional limitations of independent claims 21, 46, and 55, receive or transmits data over a network in a merely generic manner. Further, similarly to Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015) and OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93, the additional limitation of independent claim 63 retains information. Therefore, the additional limitations of independent claims 21, 46, 55, and 63, are well-understood, routine, and conventional. Still further, taken as combination, the additional elements/limitations add nothing more than what is present when the additional elements/limitations are considered individually. There is no indication that the combination of the additional elements/limitations provides any effect regarding the functioning of the computer or any improvement to another technology.
Conclusion of Step 2B Analysis: Therefore, independent claims 21, 46, 55, and 63, are non-statutory under 35 USC § 101 in view of step 2B of the test.
Dependent Claims: Dependent claims 22-24, 27, 29, and 31-32, depend on independent claim 21; dependent claims 47-53 depend on independent claim 46; dependent claims 56-62 depend on independent claim 55; and dependent claim 64 depends on independent claim 63. The elements in dependent claims 22-24, 27, 29, 31-32, 47-53, 56-62, and 64, which set forth or describe the abstract idea, are:
“transmitting a message using a communication channel different from a communication channel used by the online merchant engine for the machine-to-machine transaction associated with the exception” (claims 22, 47, and 56: further narrowing the recited abstract idea);
“the reply to the question is received through a communication channel different from a communication channel used by the online merchant engine for the machine-to-machine transaction associated with the exception” (claims 23, 48, and 57: further narrowing the recited abstract idea);
“the two or more profiles comprise two or more credit histories, respectively” (claims 24, 49, and 58: further narrowing the recited abstract idea);
“the minimal data set for the one of the machine-to-machine transactions includes a first name, a last name, an address, or a phone number of the individual” (claims 27, 50, and 59: further narrowing the recited abstract idea);
“the personally identifying information includes a social security number” (claims 29, 51, and 60: further narrowing the recited abstract idea);
“comparing a duration of time from receipt of the reply to the question to a threshold; and authorizing the one of the machine-to-machine transactions based, at least in part, on a result of the comparison of the duration of time from receipt of the reply to the threshold” (claims 31, 52, and 61: further narrowing the recited abstract idea);
“generating the challenge data further comprises generating the KBA question and answer from a credit report of the accessed profile” (claims 32, 53, and 62: further narrowing the recited abstract idea); and
“the system including the platform and a remote computing device, wherein the remote computing device is in communication with an external interface of the platform; and the system including the one or more data structures and the additional data structure, in which the platform includes the one or more data structures and the remote computing device includes the additional data structure” (claim 64: further narrowing the recited abstract idea).
Conclusion of Dependent Claims Analysis: Dependent claims 22-24, 27, 29, 31-32, 47-53, 56-62, and 64, do not correct the deficiencies of independent claims 21, 46, 55, and 63, and they are, thus, rejected on the same basis.
Conclusion of the 35 USC § 101 Analysis: Therefore, claims 21-24, 27, 29, 31-32, 46-53, and 55-64, are rejected as directed to an abstract idea without “significantly more” under 35 USC § 101.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Wiczkowski (US 2003/0163413 A1) discloses: “A method of conducting anonymous transactions over the Internet protects consumers from identity fraud. The process involves the formation of a Secure Anonymous Transaction Engine to enable any consumer operating over an open network, such as the Internet to browse, collect information, research, shop, and purchase anonymously. The Secure Anonymous Transaction Engine components provide a highly secure connection between the consumer and the provider of goods or services over the Internet by emulating an in store anonymous cash transaction although conducted over the Internet. The Secure Anonymous Transaction Engine is accessible to all merchants conducting business over the Internet and does not require subscription to any special service.”
Bachenheimer (WO 2007/044596 A2) discloses: “A system and method for preventing personal identity theft when making online and offline purchases requires a purchaser to first subscribe and become a member user by registering and providing relevant personal identity information. Once registered, the member is assigned a user name and a password. The subscribing member's personal identity Information Is then encrypted and stored at one or more highly secure locations.”
D. G. Abraham, G. M. Dolan, G. P. Double and J. V. Stevens, "Transaction Security System," in IBM Systems Journal, vol. 30, no. 2, pp. 206-229, 1991.
Tsiakis, Theodosios, and George Sthephanides. "The concept of security and trust in electronic payments." Computers & Security 24.1 (2005): 10-15.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRPI H. KANERVO whose telephone number is 571-272-9818. The examiner can normally be reached on Monday – Friday, 10 am – 6 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Abhishek Vyas can be reached on 571-270-1836. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VIRPI H KANERVO/Primary Examiner, Art Unit 3691