Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Applicant filed an amendment on 12/11/25. Claims 1-4, 6-14, 16, 18, 19, and 22-26 were pending at the time of the action. Applicant cancels claims 25 and 26. Applicant amends claims 1, 11, and 16.
Applicant adds new claims 27 and 28. Thus claims 1-4, 6-14, 16, 18, 19, 22-24, 27, and 28 are examined. After careful consideration the examiner finds applicant arguments to be moot and/or non persuasive. This action is a final rejection.
Claim Objections
Claims 1, 11 and 16 are objected to because of the following informalities: Here the term not required as been added. “the authorization parameter indicates that the use of the multi-factor authentication (MFA) security credential is not required” Is the signal that It’s not required claimed or is it that if none is requested, then it’s not required. Does the absence of a request create the indication? Furthermore if there is a decision not to require the MFA credential then this would be similar to Hirson’s and Caldera’s alternate embodiments that can request a further security credential. Clarification is required to positively recite the limitation. For the purposes of examination it will presumed that the lack of an MFA credential in an embodiment could read on this limitation. MFA meaning multi factor. Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-4,6-14,16, 18-19,22-24, 27-28 are rejected as being directed to an abstract idea without more.
Here claims 1, 11, 16 are directed to system and method claim respectively which are statutory classes of invention.
Analyzing claim 16 for example, the claim is directed to a method of essentially determining if a user is authorized for the billing account.
These limitations under their broadest reasonable interpretation cover the performance of the limitation as certain methods of organizing human activity which is a fundamental economic practice.
For example, the abstract elements include;
receive a user request; validate a security credential associated with a user generate an authentication token based on the security credential being validated; receive a billing account authorization request indicating billing account authorization is required, the billing account authorization request including an authorization parameter, wherein the I) authentication token is included in the billing account authorization request and utilized to authorize the user request; and ii the user authorization parameter indicates that the use of a multifactor authentication security credential is not required generate a token based at least in part on the authorization parameter wherein the token does not require the MFA security credential based at least in part on the authorization parameter ; transmitting an account pin request based at least in part on the authorization parameter; receiving an account pin response including an account pin that is proof authorization provided to a … and by [[a]]the user having ownership of a billing account established by a telecommunications service provider; generating an enhanced token usable for
one or more entitlements for which the token is not authorized, based at least in part on the authorization parameter and the billing account PIN being validated, wherein the authentication token is utilized to generate the enhanced token; and transmitting the enhanced token indicating that the user is authorized for the billing account.
Here the physical or technical element is a user device and possibly a telecom service provider though that is not clearly a computing element.
The application of an abstract idea with no more than reciting a generic computing component would fall into an “apply it” type of interpretation.
The judicial exception is not integrated into the practical application. For example while the claims do not contain a specific technical implementation, it is clear that the specification includes servers and other computing elements that could be incorporated to create a technical and practical application.
Claims 2-4, 6-10,12-14,18-19,22-4 and 27-28 are rejected because they do not further correct the concerns of claims 1, 11 and 16.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-4,6-14,16,18-19,22-24,27, 28 is/are rejected under 35 U.S.C. 103 as being unpatentable over Patterson et al (PGPub 2016/0232527) and further in view of Bacastow et al (PGPub 2015/0154597) 2011/0143711 HIrson and US Patent Publication 20170331828 to Caldera (0064
As per claim 1 Patterson discloses;
a processor; and memory storing computer-executable instructions that, when executed by the processor, cause the network node to: Patterson(0125-0127)
receive a user request;)
receive a billing account authorization request indicating billing account authorization is required, the billing account authorization request including an authorization
parameter, Patterson(0060, 0106, authorization parameter could be almost anything, but 0023 literally
wherein the authentication token is included in the billing account authorization request and utilized to authorize the user request; Patterson (0047)
generate a token based on the authorization parameter;
transmit, to a user device, a billing account pin request;
Patterson(0120) receive, from the user device, a billing account pin response including a billing account pin that is proof of authorization provided to the user device
Patterson(0120, PIN response)
and by [[a]]the user having ownership of a billing account established by a telecommunications service provider; validate the billing account pin as being associated with the user that provides the billing account pin Patterson(PIN 0120)
Patterson does not explicitly disclose what Boscatow teaches;
generate an enhanced token … and the billing account pin being validated, wherein the authentication token is utilized to generate the enhanced token,
and transmit the enhanced token indicating that the user is authorized for the billing account, to allow a purchase transaction to be processed based on the enhanced token.
Boscatow(0239)
It would therefore have been obvious to one of ordinary skill in the art before the effective filling date of the invention to incorporate the enhanced token of Bascatow with the disclosure of Patterson for the motivation of limiting fraud. (0007)
Here Patterson and Boscatow do not explicitly what Hirson teaches;
Telecom billing PIN the one or more entitlements including the enhanced token being utilized to
enable the user to view a telecommunications bill or to process a payment utilizing stored payment information in the billing account established by a telecommunications service provider; (or is a choice)
and ii) the authorization parameter indicates that the use of a multi-factor authentication (MFA) security credential is not required (see above objection with interpretation)
parameter, wherein the token does not require the MFA security credential based at least in part on the authorization parameter;
Hirson(0097-103, the multi factor authentication, ie using another means to authentication a user is an option, thus in some embodiments it’s required but in others it might not be, (in view of the scope of the amendment which is a negative limitation, the code can be requested or not requested, it is also noted that Caldera 0171-5 also appears to be able to trigger a fraud check for user authentication…. Ie request additional authentication)
(here in 0107 it appears that billing via a telecom carrier to pay for purchases is disclosed, here “or” of the applicant wording is a choice, the examiner sees telecom billing for purchases which is a telecom bill broadly or process payment… using information in a billing account by the telecom service provider, see also 0122, via mobile phone bill/or account)
It would therefore have been obvious to one of ordinary skill in the art before the effective filing date of the invention to combine the telecom pin of Hirson with the PIN disclosures of Peterson and Bacastow for
the motivation of providing secure billing (0009)
Paterson, Bscatow and Hirson do not explicitly disclose what Caldera teaches,
validate a security credential associated with a user; generate an authentication token based on the security credential being validated; (0046 and 004-5 and 0041, it is noted that “security credential” as defined by applicant could be PIN numbers or various other elements)
usable for one or more entitlements for which the token is not authorized usable based on the authorization parameter (0064, ie access token with enhanced user authentication or access control). It would therefore have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the disclosure of Peterson with the enhanced tokens of Caldera for the motivation of providing privileges and resources in a secure manner. (0005-6)
Claims 11 and 16 are broader than claim 1 but rejected for similar reasons.
As regards claims 2 and 12, Patterson and Bacastow disclose the network node of claims 1 and 11, Patterson does not expressly disclose wherein the enhanced token includes a billing account attribute indicating the billing account pin is associated with the user as an authorized user. Bacastow discloses wherein the enhanced token includes a billing account attribute indicating the billing account pin is associated with the authorized user.[0242] It would have been obvious for a person of ordinary skill in the art at the time of effective filing to use Bacastow in the device of Patterson. The rationale to support a conclusion that the claim would have been obvious is that a method of enhancing a particular class of devices was made part of the ordinary capabilities of one skilled in the art based upon the teaching of such improvement in other situations. One of ordinary skill in the art would have been capable of applying this known method of enhancement to a base device in the prior art and the results would have been predictable to one of ordinary skill in the art.
As regards claims 3,13 and 18, Patterson and Bacastow disclose the network node of claims 1,11 and 16, wherein validation of the authorization parameter is utilized to generate an authorization code, and validation of the authorization code is utilized to generate an authentication token, the instructions further causing the network node to: Patterson does not expressly disclose generate an enhanced authorization code based on the authentication token and the billing account pin being validated, wherein the enhanced token is generated based on an enhanced token request, the enhanced token request including the enhanced authorization code. Bacastow discloses generate an enhanced authorization code based on the authentication token and the billing account pin being validated [0125] wherein the enhanced token is generated based on an enhanced token request, the enhanced token request including the enhanced authorization code.(0125] It would have been obvious for a person of ordinary skill in the art at the time of effective filing to use Bacastow in the device of Patterson. The rationale to support a conclusion that the claim would have been obvious is that a method of enhancing a particular class of devices was made part of the ordinary capabilities of one skilled in the art based upon the teaching of such improvement in other situations. One of ordinary skill in the art would have been capable of applying this known method of enhancement to a base device in the prior art and the results would have been predictable to one of ordinary skill in the art.
As regards claims 4,14 and19, Patterson and Bacastow disclose the network node of claims 1,11 and 16, Patterson discloses wherein the authorization parameter is included in a user authentication token generated based on an authorization request, the instructions further causing the network node to: receive a device verification authorization request ;[0035-0036] transmit a device verification request; [0057,0077] receive device verification data in a modified authorization request;[0062] and generate a modified token based on the modified authorization request, wherein the enhanced token is generated based on the modified token and the billing account pin being validated. Here Peterson, Boscatow, and Hirson do not explicitly disclose what Caldera teaches, usable for one or more entitlements for which the token is not usable based on the authorization parameter (0064, ie access token with enhanced user authentication or access control). It would therefore have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the disclosure of Peterson with the enhanced tokens of Caldera for the motivation of providing privileges and resources in a secure manner. (0005-6)
As regards claim 6, Patterson and Bacastow disclose the network node of claim 1, Patterson does not expressly disclose the authorization parameter is included in retail request data, and the enhanced token 1s generated based on the retail request data. Bacastow discloses the authorization parameter is included in retail request data, and the enhanced token 1s generated based on the retail request data.[0231 ,0276] It would have been obvious for a person of ordinary skill in the art at the time of effective filing to use Bacastow in the device of Patterson. The rationale to support a conclusion that the claim would have been obvious is that a method of enhancing a particular class of devices was made part of the ordinary capabilities of one skilled in the art based upon the teaching of such improvement in other situations. One of ordinary skill in the art would have been capable of applying this known method of enhancement to a base device in the prior art and the results would have been predictable to one of ordinary skill in the art.
As regards claim 8, Patterson and Bacastow disclose the network node of claim 1, Patterson discloses the authorization parameter is utilized to generate a user authentication token as the token; [053] the user authentication token and a device verification code are utilized to generate a modified token; [0051-0052,0059] and the enhanced token is generated based on the modified token. [0051 - 0052,0059]
As regards claim 9, Patterson and Bacastow disclose the network node of claim 1, Patterson discloses the authorization parameter is included in customer care request data;[0035] the customer care request data and device verification data are utilized to generate a user authentication token; as the token[0053] and the enhanced token is generated based on the user authentication token.[0051-0052,0059]
As regards claim 10, Patterson and Bacastow disclose the network node of claim 1, the instructions further causing the network node to: Patterson discloses receive an authorization request utilized to generate the token including the authorization parameter;[0060] and receive an enhanced authorization request based on the billing account pin request, wherein the enhanced authorization request is validated and utilized to generate the enhanced token.[0051 - 0052,0059,0062]
As regards claim 22, Patterson and Bacastow disclose the network node of claim 1, Patterson does not expressly disclose wherein a token is utilized to authorize a first telecommunications account owner related request not requiring enhanced authentication, and the enhanced token is utilized to authorize a second telecommunications account owner related request requiring the enhanced authentication. Bacastow discloses wherein a token Is utilized to authorize a first telecommunications account owner related request not requiring enhanced authentication, and the enhanced token is utilized to authorize a second telecommunications account owner related request requiring the enhanced authentication.[0253, Fig 41, steps 41.07 and 41.08] It would have been obvious for a person of ordinary skill in the art at the time of effective filing to use Bacastow in the device of Patterson. The rationale to support a conclusion that the claim would have been obvious is that a method of enhancing a particular class of devices was made part of the ordinary capabilities of one skilled in the art based upon the teaching of such improvement in other situations. One of ordinary skill in the art would have been capable of applying this known method of enhancement to a base device in the prior art and the results would have been predictable to one of ordinary skill in the art.
In regards to claim 23, it is noted above that an objection was made to the “useable” for different entitlements. Here Peterson, Boscatow, and Hirson do not explicitly disclose what Caldera teaches, usable for one or more entitlements for which the token is not usable based on the authorization parameter (0064, ie access token with enhanced user authentication or access control). It would therefore have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the disclosure of Peterson with the enhanced tokens of Caldera for the motivation of providing privileges and resources in a secure manner. (0005-6)
As per claim 24, Patterson discloses The network node of claim 1, wherein the token includes another authentication token. (0021-22, multiple tokens may be utilized)
As per claims 27,28, Paterson, does not explcilty disclose what Boscatow teaches;
Bascatow teaches in 00158-163, “controls may be used separately or in unique combinations to achieve the desired security level for pin-debit e commerce transactions. Thus, The ability to control the level of security offered is known and one of ordinary skill might use this feature to change security as necessary for the application. The motivation would be similar to that provided for claims 1, 11 and 16.
Response to Arguments
Applicant filed an amendment on 12/11/25. Claims 1-4, 6-14, 16, 18, 19, and 22-26 were pending at the time of the action. Applicant cancels claims 25 and 26. Applicant amends claims 1, 11, and 16.
Applicant adds new claims 27 and 28. Thus claims 1-4, 6-14, 16, 18, 19, 22-24, 27, and 28 are examined. After careful consideration the examiner finds applicant arguments to be moot and/or non persuasive. This action is a final rejection.
35 USC 101- No specific arguments are provided.
Nevertheless, for the sole purpose of expediting allowance and without commenting on the propriety of the Office's rejections. No specific arguments but the standard is not altered by arguments directly at this point.
35 USC 103
Claims 1-4, 6-14, 16, 18, 19, and 22-24 Would Not Have Been Obvious over Patterson in View of Bacastow, Hirson, and Caldera
Claims 1-4, 6-14, 16, 18, 19, and 22-24 stand rejected under 35 U.S.C. § 103 as allegedly being obvious over a combination of Patterson in view of Bacastow, Hirson, and Caldera. Applicant respectfully traverses the rejection.
Independent Claim 1
Claim 1, as amended herein, recites, in part:
receive a billing account authorization request indicating billing
account authorization is required, the billing account authorization request including an authorization parameter, wherein the authentication token is included in the billing account authorization request and utilized to authorize the user request and ii) the authorization parameter indicates that the use
of a multi-factor authentication (MFA) security credential is not required;
generate a token based on the authorization parameter, wherein the
token does not require the MFA security credential based at least in part on
the authorization parameter;
Claim1, as amended, includes features similar to those previously found in dependent claim 25. In the rejection of claim 25, the Office cites Friedman at paragraphs [0030] and [0055] as allegedly teaching "determining that multi-factor authentication (MFA) does not need to be utilized to generate the token based at least in part on information included in the billing account authorization request." Office Action, p. 11. Applicant submits that Friedman fails to teach or suggest at least receiving "an authorization parameter, wherein i) the authentication token is included in the billing account authorization request and utilized to authorize the user request and ii) the serial
authorization parameter indicates that the use of a multi-factor authentication (MFA) security credential is not required" and "wherein the token does not require the MFA security credential based at least in part on the authorization parameter," as recited in amended claim 1.
Friedman discusses a "specially configured payment card that functions as both a standard payment, e.g., bank credit, debit, or ATM card for use in point-of-purchase transactions and an optical storage device that can be read by any common CD or DVD drive for use in secure online E-Commerce transactions." Friedman, abstract. Friedman states that "[v]erification of other factors can also be incorporated to provide even stronger multi-factor authentication. For example, if terminal 102 includes a biometric reader, such as a fingerprint sensor, then verification of a biometric can also be incorporated to provide multifactor authentication."Id., para. [0030]. Friedman further states that "[a]ccordingly, fairings 506 and 508, as well as raised portion 504, and their specific dimensions and contours, allow card 500 to work in an optical drive as well as POS terminals. Thus, these features and their dimensions and contours allow strong two factor authentication in both the online and POS environments."Id., para. [0055]. That is, Friedman discusses utilizing "two factor authentication." Claim 1, in contrast, recites "the authorization parameter indicates that the use of a multi-factor authentication (MFA) security credential is not required" and "wherein the token does not require the MFA security credential based at least in part on the authorization parameter." Friedman only discusses utilizing two factor authentication and does not discuss any scenarios in which the two factor authentication is not required.
For at least the reasons presented herein, claim 1 would not have been obvious in view of Patterson, Bacastow, Hirson, and Caldera. Accordingly, Applicant respectfully requests that the Office withdraw the § 103 rejection of claim 1.
Here the examiner notes that the argued element form claim 25 is not “rolled up” verbatim and in view of applicant arguments and amendments, the highlighted element that is argued is “not required” use of MFA which Hirson teaches. It is noted that “not required” is merely the absence of the feature and “at least in part on” is likewise not a strong limitation because it might not be a very large part.
Thus the applicant arguments are both moot and non-persuasive.
Dependent Claims 2-4, 6-10, and 22-24-by virtue of dependency
Independent Claim 11 – similar to claim 1
Dependent Claims 12-14 – by virtue of dependency
Independent Claim 16 - argued similar to claim 1.
Dependent Claims 18 and 19 – By virtue of dependency.
Claims 25, 26 – moot in view of cancelation.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. (cited at non-final rejection)
A Comprehensive Study on Passwordless Authentication IEEE 2022
Security in Next Generation Mobile Payment Systems: A Comprehensive Survey, IEEE 2021
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRUCE I EBERSMAN whose telephone number is (571)270-3442. The examiner can normally be reached 8:00 am - 5:00 pm Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael W Anderson can be reached at 571-270-0508. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRUCE I EBERSMAN/Primary Examiner, Art Unit 3693