DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a final office action in response to the application filed 26 October 2025.
Applicant’s has submitted no amendments and the addition of claim 21 has been received and is acknowledged.
Claims 1, 3, 5-8, 10, 12-15, 17, and 19-21 have been examined and are pending.
Response to Arguments
Applicant's arguments filed 26 October 2025 have been fully considered but they are not persuasive.
With regard to the rejections under 35 USC 101, Applicant reiterates the arguments of: (1) The instant claimed invention does not recite “ a method of organizing human activity” because “ .. the claimed solution is necessarily rooted in computer technology in order to overcome a problem specifically arising in the realm of computer networks." 2019 PEG, Example 2; (quoting DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1257 (Fed. Cir. 2014))….”. Applicant asserts that in contrast to Examiner’s interpretation which “…imply the physical presence of the consumer and/or personal knowledge of the consumer…”, the “….claims, on the other hand, involve identity verification in a much more difficult scenario that is rooted in the technology (e.g., the internet) that enables consumers to carry out completely remote and anonymous transactions….”. (Applicant’s response, pg. 14-15). (2) Applicant additionally argues that the recited claims “integrate the alleged abstract idea into a “practical application”…” by including several elements that “…tie the claimed subject matter to a specific improvement in software technology that enables a consumer client device to obtain and store a prior successful verification of the consumer's identity performed by a credential issuer computing platform and then transfer this information to a credential verifier (e.g., merchant) computing platform in a cryptographically secure way during a card-not-present transaction which is undoubtedly a "practical application" under Step 2A of the Office's § 101 Framework. …” (Applicant’s response, pg. 16-17) (3) Referencing the recited limitations (as program instructions,” Applicant further asserts that the limitations “…impose “meaningful limitations” on alleged “method of organizing human activity.” (Applicant’s response, pg. 17-18) (4) Referencing the Specification [32-33], [50, 69] and Enfish, Applicant asserts that the recited claims integrate the alleged abstract idea into a “practical application.” (Applicant’s response, pg. 17-18). (5) Referencing, Example 35, Claims 2 and 3, and BASCOM and DDR, Applicant asserts that the recited claims recite ‘significantly more” than the abstract idea. (Applicant’s response, pg. 17-18).
Examiner respectfully disagrees as stated in the rejection previously and below. As previously stated, the instant invention (Pre-authorization authentication and customer identity verification) is an abstract idea generally linked to a particular technical environment (i.e. a payment system) in a specific type of transaction ( one that lacks a specific type of payment instrument i.e.“card-not-present”). Examiner previously stated that the problem is a business problem albeit a specific one- which has a real-world corollary in store credit at a local store or a “running” bar tab at a local bar where the proprietor verifies and authorizes later payment at their own discretion. Additionally, Examiner previously noted that in the ‘real world’ historically payment without payment instruments has been known to be allowed at establishments “where everybody knows your name.” Further, Applicant’s own arguments references that the recited invention allows transactions “…completely remote and anonymous transactions…” and the Specification discloses the ‘attestations’ which are included in the DTC as : “…The attestations may represent identifying information about the consumer in which the credential issuer has a high degree of trust. …” (See Specification [43]) Using broadest reasonable interpretation, Examiner’s examples of a ‘running’ bar tab and at establishments “where everybody knows your name” include “attestations” as disclosed. As such, pre-authorization authentication and customer identity verification is an abstract idea in the category of organizing human activity [organizing human activity (commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations) As such the “problem” is not ‘necessarily rooted in technology.’. The use of technology to solve a business problem is at most the improvement to an abstract idea. The instant claims as recited use technology at a ‘high-level’ which is ‘apply-it’ not an improvement to technology. Though the invention addresses a “specific context”, it is still an improvement to abstract idea. The instant claims are not analogous to previously and currently argued Amdocs, Enfish, and DDR Holdings, and the patent eligible claims of Example 35. (Applicant’s response 1-5) As such, Applicant’s arguments are not persuasive.
With regard to the rejections under 35 USC 103, Applicant argues: That Ross does not disclose the “ receiving… a digital trust credential” step and that Nonni and Dimmick do not cure the deficiency. Applicant asserts that the cited portion of Ross discloses the generation of the authentication token which is distinct from Applicant’s claimed ‘receiving” of a DTC. (Applicant’s response,19-20)
Applicant further argues that Ross does not teach the “displaying….transmitting… receiving… transmitting ..transmitting” steps as cited, because Ross does not disclose “ engaging in an authentication challenge with the same computing platform ….seen visually in Fig. 3 of Applicant’s disclosure… “ Applicant asserts that the disclosure of Ross discloses a “…user request to a different server…” and there is no motivation to modify Ross. (Applicant’s response, 20-21)
Applicant reiterates the argument that the “..where in the credential information was encrypted using a private key of the credential issuer before reception of the digital credential at the client device…” is not disclosed by the previously cited art of Ross/Nonni. (Applicant’s response, 21-22)
Examiner respectfully disagrees. The rejections were noted in the citations below and previously. The cited portions (e.g. Fig 14-15) include the generation and storing of the authentication token (including private key) which requires ‘receiving’ the token/ DTC.
Also as previously stated, Ross does not disclose that the location of where the credential information is encrypted is particularly relevant to the ability of the IDP service to trust that communications are authentic. Ross [292] clearly indicates that the system relies on “the single-use session token or equivalent security feature” to establish ‘trust.’ As such any equivalent security system is adequate including a system in which the credential data is created and encrypted elsewhere and sent to client device.
The combination Ross and Nonni as stated in the previous and current rejection teaches that “ … … wherein the credential information was encrypted using a private key of the credential issuer before reception of the DTC at the client device…” As noted in the rejection, Nonni also teaches a method and system of customer information verification with an encrypted wallet credential with is returned to the customer’s wallet prior to the transaction authorization. Ross was also cited including: “ ….[11-12] identifier… user credential…”; the receiving…. wherein the authentication… step also includes the citation of ( See at least Ross, [11-12] identifier… user credential…encrypting the private key portion …). In other words Ross discloses encryption using a private key and Nonni discloses the timing of the encryption. As such, the combination of Ross and Nonni is used to reject the argued limitation. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
As such Applicant’s arguments are not persuasive.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1, 3, 5-8, 10, 12-15, 17, and 19-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
When considering subject matter eligibility under 35 U.S.C. 101, (1) it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. If the claim does fall within one of the statutory categories, (2a) it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so (2b), it must additionally be determined whether the claim is a patent-eligible application of the exception. If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself. Examples of abstract ideas include fundamental economic practices; certain methods of organizing human activities; an idea itself; and mathematical relationships/formulas. Alice Corporation Pty. Ltd. v. CLS Bank International, et al., 573 U.S. ____ (2014).
The claimed invention is directed to a judicial exception (i.e. a law of nature, a natural phenomenon, or an abstract idea) without significantly more. In the instant case, the claim(s) as a whole, considering all claim elements both individually and in combination, do not amount to significantly more than an abstract idea.
(1) In the instant case, the claims are directed towards a method, non-transitory computer readable medium, and the system of applying pre-authorization authentication and customer identity verification. In the instant case, Claims 15, 17, 19-20 are directed to a process. Claims 1, 3, 5-7 are directed to a system/device. Claims 8, 10, 12-14 are directed to a non-transitory computer readable medium.
(2a) Prong 1: Pre-authorization authentication and customer identity verification is categorized in/akin to the abstract idea subject matter grouping of: methods of organizing human activity [organizing human activity (commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations)]. As such, the claims include an abstract idea.
The specific limitations of the invention are (a) identified to encompass the abstract idea include:
(Currently Amended) A client …comprising:
A…;
at least …
at least …; and
…. configured to:
…, … from a first… associated with a credential issuer that has verified an identity of a user associated with the client device, a digital trust credential (DTC)comprising (i) an identifier for the credential issuer and (ii) encrypted credential information indicating the identity of the user, wherein the credential information was encrypted using a private key of the credential issuer before reception of the …. DTC at the client device;
cause the ….DTC to be maintained in storage on the client device;
after receiving the DTC, …, …, one or more inputs collectively indicating a request to initiate a card-not-present transaction using a payment instrument;
…, … associated with a credential verifier, the request to initiate the card-not-present transaction;
after transmitting the request,…., …., a selectable option for the user to accept an authentication challenge from the second computing platform in association with the card-not-present transaction;
…, …., one or more inputs indicating acceptance of the authentication challenge;
…, … to the second …, an indication that the authentication challenge has been accepted;
…, …._the second …associated with
PNG
media_image1.png
8
6
media_image1.png
Greyscale
the credential verifier,
PNG
media_image2.png
8
9
media_image2.png
Greyscale
the authentication challenge associated with the card-not-present transaction, wherein the authentication challenge comprises (i) an identifier for the credential verifier and (ii) an encrypted request for credential information indicating the identity of the user of the payment instrument, wherein the request is encrypted using a private key of the credential verifier;
based on the identifier for the credential verifier, …, from a public registry.. a public key of the credential verifier;
decrypt the encrypted request using the retrieved public key of the credential verifier; .
based on the decrypted request, .an authentication challenge response comprising the. DTC to the second….. second …to (i) retrieve a public key of the credential issuer and (ii) use the public key of the credential issuer to decrypt the encrypted credential information and thereby verify the identity of the user;
after transmitting the authentication challenge response, …, …, (i) an indication that the identity of the user has been verified and (ii) a selectable option to complete the card-not-present transaction;
…, …., one or more inputs indicating a request to complete the card-not-present transaction; and
…, … the request to complete the card-not-present transaction.
8. (Currently Amended) A … to:
…, via the … from a first… associated with a credential issuer that has verified an identity of a user associated …, a digital trust credential (DTC)comprising (i) an identifier for the credential issuer and (ii) encrypted credential information indicating the identity of the user, wherein the credential information was encrypted using a private key of the credential issuer before reception of the . DTC at the client device;
cause the . DTC to be maintained in storage on the client….
after receiving the DTC, receive, via …, one or more inputs collectively indicating a request to initiate a card-not-present transaction using a payment instrument;
…,… to a second … associated with a credential verifier, the request to initiate the card-not-present transaction;
after transmitting the request, …, …, a selectable option for the user to accept an authentication challenge from the second computing platform in association with the card-not-present transaction;
…, …, one or more inputs indicating acceptance of the authentication challenge;
…, … to the second …, an indication that the authentication challenge has been accepted;
…,… second … associated with the credential verifier, the authentication challenge associated with- the card-not-present transaction, wherein the authentication challenge comprises (i) an identifier for the credential verifier and (ii) an encrypted request for credential information indicating the identity of the user of the payment instrument, wherein the request is encrypted using a private key of the credential verifier;
based on the identifier for the credential verifier, …, from a public registry … a public key of the credential verifier;
decrypt the encrypted request using the retrieved public key of the credential verifier;
based on the decrypted request, … an authentication challenge response comprising the l DTC to the second … … in order to cause the second … to (i) retrieve a public key of the credential issuer and (ii) use the public key of the credential issuer to decrypt the encrypted credential information and thereby verify the identity of the user;
after transmitting the authentication challenge response, …, …, (i) an indication that the identity of the user has been verified and (ii) a selectable option to complete the card-not-present transaction;
…, …, one or more inputs indicating a request to complete the card- not-present transaction; and
… … to the second …, the request to complete the card-not-present transaction.
15. (Currently Amended) A method carried out by …, the method comprising:
…, … from a first … associated with a credential issuer that has verified an identity of a user associated …., a digital trust credential (DTC) comprising (i) an identifier for the credential issuer and (ii) encrypted credential information indicating the identity of the user, wherein the credential information was encrypted using a private key of the credential issuer before reception of the .DTC …;
… the . DTC … on the client …;
after receiving the DTC, …, …, one or more inputs collectively indicating a request to initiate a card-not-present transaction using a payment instrument;
…, …. second …. associated with a credential verifier, the request to initiate the card-not-present transaction;
after transmitting the request, …, …, a selectable option for the user to accept an authentication challenge from the second … in association with the card-not-present transaction;
…, …, one or more inputs indicating acceptance of the authentication challenge;
…, … to the second …., an indication that the authentication challenge has been accepted;
…,… from . the second …associated with . the credential verifier, . the authentication challenge associated with- the card-not-present transaction, wherein the authentication challenge comprises (i) an identifier for the credential verifier and (ii) an encrypted request for credential information indicating the identity of the user of the payment instrument, wherein the request is encrypted using a private key of the credential verifier;
based on the identifier for the credential verifier, …, from a public registry …, a public key of the credential verifier;
decrypting the encrypted request using the retrieved public key of the credential verifier;…
based on the decrypted request, … an authentication challenge response comprising .DTC to the second… in order to cause the second computing platform to (i) retrieve a public key of the credential issuer and (ii) use the public key of the credential issuer to decrypt the encrypted credential information and thereby verify the identity of the user;
after transmitting the authentication challenge response, …, ….,(i) an indication that the identity of the user has been verified and (ii) a selectable option to complete the card-not-present transaction;
…, …., one or more inputs indicating a request to complete the card-not-present transaction; and
…., … to the second …, the request to complete the card-not-present transaction.
21. (New) A … comprising:
a client …, the client… comprising:
a first network interface for communicating over at least one data network;
at least …;
at least …; and
… that are executable by the at least one first processor such that the client device is configured to:
…, … associated with a credential issuer that has verified an identity of a user associated with the client device, a digital trust credential (DTC) comprising (i) an identifier for the credential issuer and (ii) encrypted credential information indicating the identity of the user, wherein the credential information was encrypted using a private key of the credential issuer before reception of the DTC at the client…;
… the DTC to be … on the client …;
after receiving the DTC, …, v……, one or more inputs collectively indicating a request to initiate a card-not-present transaction using a payment instrument;
…, … associated with a credential verifier, the request to initiate the card-not-present transaction;
after transmitting the request, …, … a selectable option for the user to accept an authentication challenge from the second computing platform in association with the card-not-present transaction;
…, …, one or more inputs indicating acceptance of the authentication challenge;
…, …, an indication that the authentication challenge has been accepted;
…, … associated with the credential verifier, the authentication challenge associated with the card-not-present transaction, wherein the authentication challenge comprises (i) an identifier for the credential verifier and (ii) an encrypted request for credential information indicating the identity of the user of the payment instrument, wherein the request is encrypted using a private key of the credential verifier;
based on the identifier for the credential verifier, …, from a public registry …, a public key of the credential verifier;
decrypt the encrypted request using the retrieved public key of the credential verifier;
based on the decrypted request, … an authentication challenge response comprising the DTC to the second … in order to cause the second … to (i) retrieve a public key of the credential issuer and (ii) use the public key of the credential issuer to decrypt the encrypted credential information and thereby verify the identity of the user;
after transmitting the authentication challenge response, …, …, (i) an indication that the identity of the user has been verified and (ii) a selectable option to complete the card-not-present transaction;
…, …, one or more inputs indicating a request to complete the card-not-present transaction; and
…, …, the request to complete the card-not-present transaction; and
the second … associated with a credential verifier, the second …comprising:
a second … for communicating over …;
at least one second …
at least one second …; and
…… on the at least one second … …is configured to:
…, …, the request to initiate the card-not-present transaction;
based on the request, …, …, information that indicates the selectable option for the user to accept the authentication challenge in association with the card-not-present payment transaction;
… …, the indication that the authentication challenge has been accepted;
based on receiving the indication that the authentication challenge has been accepted, … … information that indicates the authentication challenge for display …, wherein the authentication challenge comprises the encrypted request for credential information indicating the identity of the user of the payment instrument, wherein the request is encrypted using a private key of the credential verifier;
…, … the authentication challenge response comprising the DTC;
based on receiving the DTC, (i) utilizing the identifier for the credential issuer to retrieve a public key of the credential issuer and (ii) use the public key of the credential issuer to decrypt the encrypted credential information and thereby verify the identity of the user;
…, …, the indication that the identity of the user has been verified; and
…, … the request to complete the card-not-present transaction.
As stated above, this abstract idea falls into the (b) subject matter grouping of: methods of organizing human activity.
Prong 2: When considered individually and in combination, the instant claims are do not integrate the exception into a practical application because the steps of using… decrypt….using… utilizing… use… to decrypt…do not apply, rely on, or use the judicial exception in a manner that that imposes a meaningful limitation on the judicial exception (i.e. the abstract idea).
The instant recited claims including additional elements (i.e. receiving…, causing … to be maintained in storage (i.e. storing)… receiving… transmitting… displaying…receiving… transmitting… … receiving…retrieving… transmitting…displaying… receiving… transmitting…receive…transmitting….receive… transmit… receive… transmit..receive…) do not improve the functioning of the computer or improve another technology or technical field nor do they recite meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment. The limitations merely recite: “apply it” (or an equivalent) or merely include instructions to implement an abstract idea on a computer or merely uses a computer a as tool to perform an abstract idea or merely add insignificant extra-solution activity to the judicial exception or merely uses generic computing elements to perform well known, routine, and conventional functions or generally link the use of the judicial exception to a particular technological environment or field of use (See MPEP 2106.05 (d) and (f))
(2b) In the instant case, Claims 15, 17, 19-20 are directed to a process. Claims 1, 3, 5-7 and 21 are directed to a system/device. Claims 8, 10, 12-14 are directed to a non-transitory computer readable medium.
Additionally, the claims (independent and dependent) do not include additional elements that individually or in combination are sufficient to amount to significantly more than the judicial exception of abstract idea (i.e. provide an inventive concept). As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of: (network interface, processor, data network, non-transitory computer – readable medium, program instructions, data network, digital, client device, user interface) merely uses a computer a as tool to perform an abstract idea or merely uses generic computing elements to perform well known, routine, and conventional functions. (See MPEP 2106.05 (d) and (f)) (Specification, [26] data networks such as …(PANs), …(LANs),…( WANs) such as the Internet or cellular networks, cloud networks and/or operational technology (OT) networks, among other possibilities, [92-96] Fig. 5, computing platform, processor, data storage, a communication interface, general-purpose processors, non-transitory computer readable medium, communication interface)
The dependent claims have also been examined and do not correct the deficiencies of the independent claims.
It is noted that claim (3, 5-7, 10, 12-14, 17, 19-20) introduce the additional elements of various wherein clauses further defining claim elements (Claims 3, 10, 17) and further additional steps (5, 6, 7, 12, 13, 14, 19, 20) This element is not a practical application of the judicial exception because the limitations merely recite: “apply it” (or an equivalent) or merely include instructions to implement an abstract idea on a computer or merely uses a computer a as tool to perform an abstract idea or merely uses generic computing elements to perform well known, routine, and conventional functions or generally link the use of the judicial exception to a particular technological environment or field of use (See MPEP 2106.05 (d) and (f)). Further these limitations taken alone or in combination with the abstract do not amount to significantly more than the abstract idea alone because the elements amount to mere use of a computer a as tool to perform an abstract idea or merely uses generic computing elements to perform well known, routine, and conventional functions. (See MPEP 2106.05 (d) and (f)) (Specification, [26] data networks such as …(PANs), …(LANs),…( WANs) such as the Internet or cellular networks, cloud networks and/or operational technology (OT) networks, among other possibilities, [92-96] Fig. 5, computing platform, processor, data storage, a communication interface, general-purpose processors, non-transitory computer readable medium, communication interface)
Therefore, Claims 1, 3, 5-8, 10, 12-15, 17, and 19-21 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3, 7, 8, 10, 14, 15, 17 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190334884 A1 Ross et al. hereinafter referred to Ross. and further in view of US 2022/0261789 Al, Nonni hereinafter referred to Nonni further in view of US 2014/0164254 A1, Dimmick hereinafter referred to as Dimmick.
Claims 1, 8, 15, and 21
Ross discloses a system, non-transitory computer readable medium and a method carried out by a client device, ( See at least Ross, Fig. 2) the method comprising:
receiving, via the at least one data network from a first computing platform associated with a credential issuer that has verified an identity of a user associated with the client device, a digital trust credential (DTC)comprising (i) an identifier for the credential issuer and (ii) encrypted credential information indicating the identity of the user, ….(See at least Ross, Fig. 1[11-12] identifier… user credential……encrypting the private key portion [62-63] any suitable device…[74] identity wallet single IDP.. pre-registered user… token…l [136] manage payment options… )
causing the DTC to be maintained in storage on the client device; (See at least Ross, [11-12] store data…)
…., receiving, via a user interface of the client device, one or more inputs collectively indicating a request to initiate …transaction using a payment instrument; ( See at least Ross, [145] … an attempt significant purchase (e.g. an attempt to spend $2000 on a computer) may trigger the fraud analytics challenge origin… wherein a purchase reads on initiate payment using a payment instrument)
….
….displaying, via the user interface, a selectable option for the user to accept an authentication challenge from the second computing platform in association with the…. transaction; ( See at least Ross, Fig. 15, enables users to select responses, users select responses)
receiving, via the user interface, one or more inputs indicating acceptance of the authentication challenge; ( See at least Ross, Fig. 15, enables users to select responses, users select responses)
transmitting, via the at least one data network to the second computing platform, an indication that the authentication challenge has been accepted; ( See at least Ross, Fig. 15, enables users to select responses, users select responses)
receiving, via the at least one data network from the second computing platform associated with the credential verifier, the authentication challenge associated with- the …transaction, wherein the authentication challenge comprises (i) an identifier for the credential verifier and (ii) an encrypted request for credential information indicating the identity of the user of the payment instrument, wherein the request is encrypted using a private key of the credential verifier; ( See at least Ross, [11-12] identifier… user credential…encrypting the private key portion [136] manage payment options… )
based on the identifier for the credential verifier, retrieving, from a public registry via the at least one data network a public key of the credential verifier; ( See at least Ross, [11-12] identifier… user credential…public key…[74] public key portion stored (e.g. in identity registry).)
decrypting the encrypted request using the retrieved public key of the credential verifier; ( See at least Ross, [11-12]….decrypting)
based on the decrypted request, transmitting an authentication challenge response comprising DTC to the second computing platform via the at least one data network in order to cause the second computing platform to (i) retrieve a public key of the credential issuer and (ii) use the public key of the credential issuer to decrypt the encrypted credential information and thereby verify the identity of the user; ( See at least Ross, Abstract, public key, [11-12]…decrypting… generating …an authentication challenge message)
after transmitting the authentication challenge response, displaying, via the user interface,(i) an indication that the identity of the user has been verified and (ii) a selectable option to complete the …transaction; ( See at least Ross, Abstract, public key [11-12] identifier… user credential… [135-136] challenges…intent verification… purchase and payment confirmations..)
receiving, via the user interface, one or more inputs indicating a request to complete the … transaction; and ( See at least Ross, Abstract, public key [11-12] identifier… user credential… [135-136] challenges…intent verification… purchase and payment confirmations..)
transmitting, via the at least one data network to the second computing platform, the request to complete the … transaction. (See at least Ross, [11-12] identifier… user credential… [135-136] challenges…intent verification purchase and payment confirmations.)
(Claim 21)…..the second computing platform associated with a credential verifier, the second computing platform comprising:
a second network interface for communicating over at least one data network; (See at least Ross, Fig. 14-15)
at least one second processor; (See at least Ross, Fig. 14-15)
at least one second non-transitory computer-readable medium; and (See at least Ross, Fig. 14-15)
program instructions stored on the at least one second non-transitory computer- readable medium that are executable by the at least one second processor such that the second computing platform (See at least Ross, Fig. 14-15) is configured to:
receive, via the at least one data network from the client device, the request to initiate the …transaction; (See at least Ross, Fig. 14-15)
based on the request, transmitting, via the at least one data network to the client device, information that indicates the selectable option for the user to accept the authentication challenge in association with the …payment transaction; (See at least Ross, Fig 14-17 challenge; fig. 20 challenge message… [11-12] identifier… user credential…[119] “accept”…authentication challenge)
receive, via the at least one data network from the client device, the indication that the authentication challenge has been accepted; (See at least Ross, Fig 14-17 challenge; fig. 20 challenge message… [11-12] identifier… user credential…)
based on receiving the indication that the authentication challenge has been accepted, transmit, via the at least one data network to the client device, information that indicates the authentication challenge for display by the client device, wherein the authentication challenge comprises the encrypted request for credential information indicating the identity of the user of the payment instrument, wherein the request is encrypted using a private key of the credential verifier; (See at least Ross, Fig 14-17 challenge; fig. 20 challenge message… [11-12] identifier… user credential… [135-137] challenges may include (examples of challenges)…intent verification purchase and payment confirmations…cryptographically secure mobile devices)
receive, via the at least one data network from the client device, the authentication challenge response comprising the DTC; (See at least Ross, Fig 14-16 receiving message comprising response information… [11-12] identifier… user credential… [135-136] challenges…intent verification purchase and payment confirmations.)
based on receiving the DTC, (i) utilizing the identifier for the credential issuer to retrieve a public key of the credential issuer and (ii) use the public key of the credential issuer to decrypt the encrypted credential information and thereby verify the identity of the user; (See at least Ross, Fig 14-15 public key portion of authentication token and public key portion of the access token…Fig. 16 validating…messages comprising responses.. public key portions of authentication token.. .[11-12] identifier… user credential… [135-136] challenges…intent verification purchase and payment confirmations.)
transmit, via the at least one data network to the client device, the indication that the identity of the user has been verified; and (See at least Ross, Fig 14-15 user credential successfully validated [11-12] identifier… user credential… [135-136] challenges…intent verification purchase and payment confirmations.)
receive, via the at least one data network from the client device, the request to complete the …transaction. (See at least Ross, Fig 14-15 [11-12] identifier… user credential… [135-136] challenges…intent verification purchase and payment confirmations.)
As noted above, Ross discloses identity wallets. (See at least Ross, Fig. 1[11-12] identifier… user credential… [74] identity wallet single IDP.. pre-registered user… token… )
Ross does not directly disclose the following; however, Nonni teaches:
… wherein the credential information was encrypted using a private key of the credential issuer before reception of the DTC at the client device; (See at least Nonni, [22] Decentralized Identifier …customer registers… an encrypted wallet credential is returned to the customer’s wallet)
Furthermore, the Supreme Court has supported in KSR International Co. Teleflex Inc. (KSR), 550US___, 82 USPQ2d 1385 (2007), that merely applying a known technique to a known method, yield predictable results, render the claimed invention obvious over such combination. In the instant case, Ross discloses a system and method for customer authentication and authorization which includes a wallet feature such as an identity wallet and pre-registered users . Nonni also teaches a method and system of customer information verification with an encrypted wallet credential with is returned to the customer’s wallet prior to the transaction authorization. One of ordinary skill in the art would clearly recognize that this combination would lead to a predictable result (i.e. a system and method for customer authentication and authorization which including wallet features where the encrypted wallet credentials of users/customers is verified prior to transaction authorization). As such the claimed invention is obvious over Ross/ Nonni.
Ross does not directly disclose the following; however, Dimmick teaches:
after receiving the DTC … card-not-present transaction….( See at least Dimmick, Abstract, card not present transactions… Fig. [22-24] … determining trusted party or an issuer… card not present transactions … [41-42] stored in database associated with the COF service…[48] receive authorization request…personal identifier… mobile phone number … associated with the payment account details …stored in phone card database… )
transmitting, via the at least one data network to a second computing platform associated with a credential verifier, the request to initiate the card-not-present transaction; ( See at least Dimmick, [22-24] … determining trusted party or an issuer… card not present transactions …payment processing network…facilitate data exchange…transaction…)
after transmitting the request,… card-not-present transaction…( See at least Dimmick, [22-24] … determining trusted party or an issuer… card not present transactions …payment processing network…facilitate data exchange…transaction…)
….… card-not-present transaction….( See at least Dimmick, Abstract, card not present transactions… Fig. [22-24] … determining trusted party or an issuer… card not present transactions …)
Furthermore, the Supreme Court has supported in KSR International Co. Teleflex Inc. (KSR), 550US___, 82 USPQ2d 1385 (2007), that merely applying a known technique to a known method, yield predictable results, render the claimed invention obvious over such combination. In the instant case, Ross discloses a system and method for customer authentication and authorization which includes a wallet feature such as an identity wallet and pre-registered users. Nonni also teaches a method and system of customer information verification with an encrypted wallet credential with is returned to the customer’s wallet prior to the transaction authorization. Dimmick teaches a method and system of card not present transactions that include registering/authenticating a consumer wallet/payment instrument with the issuer and processing the card not present transaction. One of ordinary skill in the art would clearly recognize that this combination would lead to a predictable result (i.e. a system and method for customer authentication and authorization which including wallet features where the encrypted wallet credentials of users/customers is verified prior to card-not-present transaction authorization). As such the claimed invention is obvious over Ross/ Nonni/ Dimmick.
Claims 3, 10 and 17
Ross, Nonni and Dimmick disclose the invention as claimed above in Claims 1, 8, and 15.
Ross further discloses:
wherein the authentication challenge further comprises (iii) information indicating a destination for the client device to transmit the authentication challenge response, and wherein transmitting the authentication challenge response comprises transmitting the authentication challenge response to the indicated destination via the at least one data network. ( See at least Ross, [134-136] challenge origins… [137] mobile device users… respond to challenges delivered to their mobile devices…)
Claim 7 and 14
Ross, Nonni and Dimmick disclose the invention as claimed above in Claims 1 and 8.
Ross further discloses:
wherein the credential issuer is an issuer of the payment instrument, and (See at least Ross, [136] manage payment methods [267-269] AuthService Claim 7)
wherein the non-transitory computer-readable medium is also provisioned with program instructions that, when executed by at least one processor, cause the client device to:
receive, via the at least one data network from the first computing platform associated with the credential issuer, an indication that the DTC is available to be associated with the payment instrument; and ( See at least Ross,[136] manage payment methods)
request, from the first computing platform associated with the credential issuer via the at least one data network, the DTC to be associated with the payment instrument. ( See at least Ross,[136] manage payment methods)
Claims 5, 6, 12, 13 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ross, Nonni, and Dimmick further in view of US 20180019872 A1, Radocchia et al. hereinafter referred to Radocchia .
Claims 5, 12, and 19
Ross, Nonni and Dimmick disclose the invention as claimed above in Claims 1, 11, and 18.
Ross does not directly disclose the following; Dimmick teaches:
…. card-not-present transaction t(See at least Dimmick,[22-23] …card-not-present transactions… [30] transaction details… discount… [66] update.. consumer record… COF…)
Ross does not directly disclose the following; Radocchia teaches:
wherein the selectable option to accept the authentication challenge comprises a discount offer that will be applied to the … transaction if the user completes the authentication challenge; (See at least Radocchia, [64] wherein the discount is only available to the user/device that authenticates, proves proximity…)
The Supreme Court has supported in KSR International Co. Teleflex Inc. (KSR), 550US___, 82 USPQ2d 1385 (2007), that merely applying a known technique to a known method, yield predictable results, render the claimed invention obvious over such combination. In the instant case, Ross discloses a method and system of customer authentication and authorization. Radocchia is a method, system and device of provenance tracking with a feature of providing a discount upon authentication challenge acceptance. Nonni also teaches a method and system of customer information verification with an encrypted wallet credential with is returned to the customer’s wallet prior to the transaction authorization. Dimmick teaches a method and system of card not present transactions that include registering/authenticating a consumer wallet/payment instrument with the issuer and processing the card not present transaction. One of ordinary skill in the art would clearly recognize that this combination would lead to a predictable result (i.e. method and system of authentication and authorization for card-not present transactions including a discount feature). As such the claimed invention is obvious over Ross/ Nonni/ Dimmick/Radocchia.
Claims 6, 13 and 20
Ross, Nonni, Dimmick and Radocchia disclose the invention as claimed above in Claims 5, 12, and 19.
Ross does not directly disclose the following; Radocchia teaches:
after transmitting the authentication challenge response, receiving, via the at least one data network from the second computing platform associated with the credential verifier, an update to the card-not-present transaction comprising the discount, wherein the indication that the identity of the user has been verified comprises an indication of the update….; (See at least Radocchia, [63-64]..update the item… wherein the discount is only available to the user/device that authenticates, proves proximity…)
Ross does not directly disclose the following; Dimmick teaches:
….to the card-not-present transaction comprising the discount(See at least Dimmick,[22-23] …card-not-present transactions… [30] transaction details… discount… [66] update.. consumer record… COF…)
Conclusion
12. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ASHA PUTTAIA H whose telephone number is (571)270-1352. The examiner can normally be reached on Monday- Friday 8:00am - 5:00 pm EST.
13. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Abhishek Vyas, can be reached on (571) 270-1836. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
14. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ASHA PUTTAIA H/Primary Examiner, Art Unit 3691