Prosecution Insights
Last updated: July 17, 2026
Application No. 17/743,188

METHODS AND APPARATUS FOR AUTHORIZING AUTOMATED TELLER MACHINE TRANSACTIONS USING BIOMETRIC DATA

Final Rejection §103
Filed
May 12, 2022
Priority
Nov 01, 2016 — SG 10201609117T +1 more
Examiner
XIAO, ZESHENG
Art Unit
3698
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Mastercard International Incorporated
OA Round
8 (Final)
44%
Grant Probability
Moderate
9-10
OA Rounds
0m
Est. Remaining
76%
With Interview

Examiner Intelligence

Grants 44% of resolved cases
44%
Career Allowance Rate
52 granted / 119 resolved
-8.3% vs TC avg
Strong +32% interview lift
Without
With
+32.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 9m
Avg Prosecution
11 currently pending
Career history
142
Total Applications
across all art units

Statute-Specific Performance

§101
3.3%
-36.7% vs TC avg
§103
91.4%
+51.4% vs TC avg
§102
2.2%
-37.8% vs TC avg
§112
0.9%
-39.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 119 resolved cases

Office Action

§103
DETAILED ACTION This is office action on the merits in response to the application filed on 02/11/2026. Claims 1-34 have been filed by the applicant. Claims 1-10, 15-23 and 30 were previously canceled. Claims 11, 14 and 24 are currently amended. Claims 11-14, 24-30 and 32-34 are currently pending and have been examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Rejection under 112: The applicant’s argument regarding 112 are persuasive. The 112 rejection has been withdrawn. Rejection under 103: The applicant argues that Brown does not teach “persistent code” because Brown’s code is a single-use code. The examiner respectfully disagrees. According to Merriam-Webster dictionary, the definition of “persistent” is existing for a long or longer than usual time or continuously. Brown discloses the code can be printed on paper or electronically stored as a JPG image file, which fits the definition of “persistent” because the code exist for long time once it is printed or saved. In addition, the specification does not provide explanation of “persistent”. The specification merely discloses the issuer provides the QR code to user [0047]. The applicant further argues that the combination of multiple references is not obvious. The examiner respectfully disagrees. Patterson discloses an ATM transaction which collects various data such as user identification information, biometric data and transaction data for authorization. Stinson further discloses an ATM transaction which collects another type of user identification information for authorization. Brown also discloses a transaction which user identification information can be encoded as a QR code for a faster check out. it would have been obvious to combine them because they are from the same field of endeavor as the claimed invention even if they address different problems. Patterson and Stinson do not have to be related to a code-based provision of user identifier, Brown does not have to be related to an ATM transaction. Examiner Note Claims 11, 14 and 24 recite “the biometric data input by the customer in response to a prompt from the ATM to input the biometric data after scanning of the single, persistent machine-readable optical code at the ATM”. It is intended use of the ATM machine (which is outside the scope of the claimed invention) and does not limit the scope of the claims. It has been held language that suggests or makes optional but does not require steps to be performed or does not limit a claim to a particular structure does not limit the scope of a claim or claim limitation. An example of such language includes statements of intended use or field of use (MPEP §2103 I C). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claim(s) 11,14, 24, 27-29 and 32- 33 is/are rejected under 35 U.S.C. 103 as being unpatentable over Patterson (US 20120079581 A1; hereinafter, "Patterson"), and further in view of Stinson et al. (US 6045039; hereinafter, "Stinson") and Brown et al. (US 20140100973 A1; hereinafter, " Brown") and Chang (US 20120173311 A1; hereinafter, "Chang"). With respect to claim 11, 14 and 24: Patterson teaches (in italic): receiving, at the server from the ATM, a single transaction authorization request message formatted as one of an ISO 8583 transaction authorization request message or an NCR Direct Connect (NDC) transaction authorization request message, wherein the transaction authorization request message includes: (i) the account identifier, […], (ii) biometric data for the customer input by the customer at a biometric sensor of the ATM to initiate the biometric transaction, the biometric data input by the customer in response to a prompt from the ATM to input the biometric data after [scanning of the single, persistent machine-readable optical code at the ATM], (iii) a transaction amount, and (iv) a transaction indication indicating a transaction type of the biometric transaction, including a request for funds, said receiving occurring prior to authentication of the customer and authorization of the biometric transaction. (The terminal (step s410) collects user identifying information including bank card data, user data, and the like. In some embodiments, the terminal 120 may be a Micro-ATM terminal, a BC (Business Correspondent), and the like, as described above with respect to FIG. 1. At step s420, the terminal 120 prompts the user for biometric data. At step s430, the terminal 120 sends the payment data (e.g., BIN) and the biometric data to the identification system 175 by way of the payment processing network 140 to authenticate the user. An authorization request message according to an embodiment of the invention may comply with ISO 8583, which is a standard for systems that exchange electronic transactions made by cardholders using payment cards. For example, the authorization request message can include transaction data, such as information derived from a payment device (e.g., an account identifier), terminal data, the transaction amount, as well as the authentication data which can be added therein. banking services using the micro-ATM including, but not limited to, taking deposits, dispensing cash for withdrawals. See at least [0020] [0036] [0052-0053] [0065-0066]) in response to receiving the transaction authorization request message: generating a customer verification request including the [..] identifier of the customer and the biometric data from the transaction authorization request message; sending the customer verification request to a biometric data authentication server to initiate authentication of the customer based on a combination of the […] identifier from the transaction authorization request message and the biometric data from the transaction authorization request message matching a previously stored, linked version of the combination of the […] identifier and the biometric data. (The payment data and the biometric data may be sent to the identification system 175 in an authorization request message, or alternatively in an authentication request message. Once the user's UID is determined, the request server computer 152 sends an authentication request including the user UID and biometric data to the ID server computer 170 to determine if there is a predetermined correlation (s270) between the UID, biometric data, and the user. See at least [0051][0066]) when the combination of the […] identifier and the biometric data from the transaction authorization request message matches the previously stored, linked version of the combination of the […] identifier and the biometric data, receiving a customer verification response from the biometric data authentication server, the customer verification response authenticating the customer. (The request server computer 152 receives the result (i.e., the authentication response message) from the ID server computer 170 of the identification system 175 (s275), and authenticates the user if a correlation between the UID and biometric data exists (s280). See at least [0051]) in response to receiving the customer verification response, automatically authorizing the biometric transaction using the transaction amount and the account identifier from the transaction authorization request message, based on a funds balance of a payment account identified by the account identifier. (At step s285, payment processing network 140 requests authorization for the transaction from the issuer 160. In some embodiments, the authorization request message may originate from the request server computer 152, the authorization and settlement server 154, or other server or system within the payment processing network 140. As described above, the authorization request message may include financial transaction data. At step s290, the payment processing network 140 receives an authorization response from the issuer 160. An aspect of the authorization process is to determine if the user has enough funds to complete the financial transaction. See at least [0015][0052-0053]) generating a transaction authorization response based on the authorizing; transmitting the transaction authorization response to the ATM, the transaction authorization response activating the ATM to dispense funds in the transaction amount to the customer operating the ATM. (At step 470, the transaction can be completed at the terminal 120. If the issuer 160 authorizes the transaction, then the user-initiated transaction is completed. See at least [0054][0069]) Patterson does not specifically teach the following limitations. However, Stinson teaches (in italic): a unique personal identifier of the customer. (The ATM 350 prompts the customer to enter the customer's social security number or other identification number. See at least Col 9 Line 7-10) determining the unique personal identifier of the customer is a unique personal identifier that is persistent and uniquely associated with a single customer. (Referring to FIG. 7, upon receiving and validating the information from the ATM 350 (step 705), the processor 300 attempts to identify the customer (step 710). See at least Col 9:47-49) Both Patterson and Stinson discloses a method of processing ATM transactions. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method as disclosed by Patterson to utilizing personal identification number in addition during transaction with the technique as disclosed by Stinson to accurately and quickly authenticate user. Patterson in view of Stinson does not teach the following limitation. However, Brown teaches (in italic): issuing, to a customer, a single, persistent machine-readable optical code having encoded therein […] identifier of a financial account of the customer […] in an encrypted format. (User 300 registers with issuing bank 302 in a step 310. They provide personal information 312 and are assigned an account ID 314. Such personal information 312 can include the preregistration of a smartphone, email, SMS, etc. The user chooses a password 316 and sends the issuing bank their selection in a step 318. All is quiet until the user 300 intends to make a purchase and requests a matrix barcode to be issued for display on a smartphone or to be printed on a check. An intent 320 is sent in a step 322. A step 324 assigns a temporary index number obtained from a random number generator (RNG) and logs its generation with a time stamp. A relational database stores the associations of account ID's to temporary index numbers. The RNG can produce a unique identifier (UID). A step 326 adds an Issuer ID. The combination is encoded and issued in a step 328 for a transmission 330 to the user as a 2D matrix barcode 332. Several matrix barcode checks 202, each with unique encodings for single-use-codes (SUC), are printed out in color or black-and-white (BW) by a printer 204. The matrix barcodes can be conventional QR-Codes. [0047 0056-0057] Fig. 2, 3A) wherein the single machine-readable optical code is configured to, upon being scanned by the customer via an input device of the [ATM], provide [the account identifier and unique personal identifier] to the [ATM] for initiation of the […] transaction. (When the user is ready to complete a purchase and pay for it, they present a matrix barcode check 202. The matrix barcode encoding payment information displayed for a 2D scan 244 by the merchant tablet 234. The matrix barcode from check 202 was previously encoded with identification codes for the user account, the issuing bank, and Internet or other network access routings. [0053]) in response to the single machine-readable optical code being scanned at the [ATM] and the […] transaction being initiated, receiving, at the server from the [ATM], a single transaction authorization request message. (Each such 2D-scan 244 by the merchant tablet 234 triggers merchant app 236 to combine the user account information and tally 238 to be packed into a payment processor request 246 via a wireless link 248 and router 250 to a payment processor 252. This, and other transactions, are amalgamated according to merchant app 236 into a transaction authorization request 254 for action by the respective issuing banks 206. A normal response will be to approve or decline the transaction. [0053]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method as disclosed by Patterson in view of Stinson to use QR code with the technique as disclosed by Brown to provide faster and reliable transaction as Brown suggested in [0016]. Patterson in view of Stinson and Brown does not teach an ATM capable of scanning QR code. However, Chang teaches an ATM capable of scanning QR code. (The ATM may provide a menu option including `scan QR code` or `standard financial transaction`. The processor 205 may determine a requested financial transaction based on the scanned QR code, and may provide a service screen supporting the determined financial transaction to a display unit. [0045-0046]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method as disclosed by Patterson in view of Stinson and Brown to perform an ATM QR-code transaction with the technique as disclosed by Chang to provide a simple and quick financial transaction as Chang suggested in [0046]. Claim 14, a non-transitory computer readable medium with the same scope as claim 11, is rejected. Claim 24, an apparatus with the same scope as claim 11, is rejected. With respect to claim 27: Stinson further teaches wherein the unique personal identifier is an identification number. (The customer identifier may be an identification number, and may include multiple symbols. See at least Col 2 Line 35-40). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method as disclosed by Patterson to use an identification number during transaction with the technique as disclosed by Stinson to accurately and quickly authenticate user. With respect to claim 28: Stinson further teaches wherein the identification number is a 12-digit random identification number issued by the Unique Identification Authority of India (UIDAI). (The ATM 350 prompts the customer to enter the customer's social security number or other identification number. See at least Col 9 Line 7-10). Stinson does not specifically teach the same identification number. It would be appreciated that social security number is randomly generated, and it is merely design choice to have a 9-digit (i.e., SSN) or 12-digit, the process would not be affected and each of which had a reasonable expectation of success. In addition, Stinson also suggested other identification number. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method as disclosed by Patterson to use an identification number during transaction with the technique as disclosed by Stinson to accurately and quickly authenticate user. With respect to claim 29: Patterson further teaches wherein the transaction authorization request is formatted according to the ISO 8583 standard. (An authorization request message according to an embodiment of the invention may comply with ISO 8583, which is a standard for systems that exchange electronic transactions made by cardholders using payment cards. See at least [0020]) With respect to claim 32: Brown further teaches wherein the machine-readable optical code is a QR code. (Fig. 3A). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method as disclosed by Patterson in view of Stinson to use QR code with the technique as disclosed by Brown to provide faster and reliable transaction as Brown suggested in [0016]. With respect to claim 33: Patterson further teaches further comprising extracting the unique personal identifier and the biometric data from the transaction authorization request message. (The payment data and the biometric data may be sent to the identification system 175 in an authorization request message, or alternatively in an authentication request message. Once the user's UID is determined, the request server computer 152 sends an authentication request including the user UID and biometric data to the ID server computer 170 to determine if there is a predetermined correlation (s270) between the UID, biometric data, and the user. See at least [0051][0066]). Claim(s) 12-13 and 25-26 is/are rejected under 35 U.S.C. 103 as being unpatentable over Patterson, Stinson, Brown and Chang as applied to claim 11 and 24 above, and further in view of Miller et al. (US 20100059587 A1; hereinafter, "Miller"). With respect to claim 12 and 25: Patterson in view of Stinson and Brown and Chang does not teach retrieving customer contact information from a database; and transmitting a transaction notification to a computing device of the customer using the customer contact information. However, Miller teaches retrieving customer contact information from a database; and transmitting a transaction notification to a computing device of the customer using the customer contact information. (In a second stage of the transaction the computer sends a message to a remote computer (e.g., server). The message causes cell phone contact data to be obtained (by the remote computer) from a data store which associates the cell phone contact data with the user identifying data. The message also causes a security code to be sent (by the remote computer) to the user cell phone which corresponds to the cell phone contact data. See at least [0242]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method as disclosed by Patterson in view of Stinson and Brown and Chang to look up user’s phone number and send transaction notifications with the technique as disclosed by Miller to efficiently and accurately processing the transactions. Claim 25, an apparatus with the same scope as claim 12, is rejected. With respect to claim 13 and 26: Miller further teaches wherein the customer contact information includes a mobile telephone number associated with the customer, and wherein transmitting the transaction notification comprises transmitting the transaction notification as a text message. (The message also causes a security code to be sent (by the remote computer) to the user cell phone which corresponds to the cell phone contact data. The data store may also operate to include the particular type of notification to be given to the address. This may include for example a text message, e-mail message, voice notification message, or other suitable message sufficient to notify the user. See at least [0242][0260]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method as disclosed by Patterson in view of Stinson and Brown and Chang to transmitting notification to user mobile phone and send transaction notifications with the technique as disclosed by Miller to efficiently and accurately processing the transactions. Claim 26, an apparatus with the same scope as claim 13, is rejected. Claim(s) 30 is/are rejected under 35 U.S.C. 103 as being unpatentable over Patterson, Stinson, Brown and Chang as applied to claim 29 above, and further in view of Wikipedia (ISO 8583; hereinafter, “Wikipedia”). With respect to claim 30: Patterson in view of Stinson and Brown and Chang does not teach wherein the biometric data of the customer is included in data element 63 of the transaction authorization request. However, Wikipedia teaches wherein the biometric data of the customer is included in data element 63 of the transaction authorization request. (Data Field 63: Reserved private. See at least Table: ISO-defined data elements). Data field 63 is reserved for private use. It would have been obvious to one of ordinary still in the art it is merely design choice to insert data in the reserved data fields or other available suitable Data Fields. Claim(s) 34 is/are rejected under 35 U.S.C. 103 as being unpatentable over Patterson, Stinson, Brown and Chang as applied to claim 11 above, and further in view of Bishop et al. (US 20090076966 A1; hereinafter, " Bishop"). With respect to claim 34: Patterson in view of Stinson and Brown and Chang does not teach wherein the transaction authorization request message further includes a flag indicating the transaction was initiated as a biometric transaction. However, Bishop teaches wherein the transaction authorization request message further includes a flag indicating the transaction was initiated as a biometric transaction. (The transaction authorization request may include a code or flag indicative of the biometric sample being transmitted to the third-party authentication server 306. Accordingly, the CAS may perform the transaction authorization processes while waiting for a verification signal from the third-party authentication server 306. See at least [0097]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method as disclosed by Patterson in view of Stinson and Brown and Chang to flag a biometric transaction with the technique as disclosed by Bishop to properly process the biometric authentication as Bishop suggested in [0097]. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 5870723 A: The commercial transaction message is forwarded to the computer system, where the computer system compares the personal authentication information in the commercial transaction message with previously registered buyer biometric samples. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZESHENG XIAO whose telephone number is (571)272-6627. The examiner can normally be reached 10:00am-4:30pm M-F. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Z.X./Examiner, Art Unit 3698 /PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3698
Read full office action

Prosecution Timeline

Show 16 earlier events
Jun 12, 2025
Response Filed
Jul 08, 2025
Final Rejection mailed — §103
Sep 08, 2025
Response after Non-Final Action
Nov 10, 2025
Request for Continued Examination
Nov 18, 2025
Response after Non-Final Action
Dec 03, 2025
Non-Final Rejection mailed — §103
Feb 11, 2026
Response Filed
Jun 23, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12632855
SYSTEM AND METHOD FOR SECURE AND CONTACTLESS FUND TRANSFER IN OPEN AND CLOSED LOOP TRANSACTIONS
4y 1m to grant Granted May 19, 2026
Patent 12597020
AUTHENTICATED DATA FEED FOR BLOCKCHAINS
2y 5m to grant Granted Apr 07, 2026
Patent 12536528
Cross-Blockchain Transaction Rebroadcasting
2y 10m to grant Granted Jan 27, 2026
Patent 12524768
ON-DEMAND APPLICATIONS TO EXTEND WEB SERVICES
1y 10m to grant Granted Jan 13, 2026
Patent 12518268
PERSONALLY IDENTIFIABLE INFORMATION SECURE PERSON-TO-PERSON PAYMENT TECHNOLOGY
5y 3m to grant Granted Jan 06, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

9-10
Expected OA Rounds
44%
Grant Probability
76%
With Interview (+32.0%)
3y 9m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 119 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month