DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
The following is Office Action on the merits in response to the communication received on 3/23/26.
Claim status:
Amended claims: 21-24, 26, 28-31, 34-38 and 41
Canceled claims: 1-20 and 27
Added New claims: None
Pending claims: 21-26 and 28-41
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 21-26 and 28-41 are rejected under 35 U.S.C. § 101 because the claimed invention is not directed to statutory subject matter. Specifically, the invention of claims 21-26 and 28-41 is directed to an abstract idea without significantly more.
Independent claims 21, 28 and 35 are directed to a device (claim 21), a method (claims 28) and at least one non-transitory computer-readable storage medium (claim 35). Therefore on its face, each of claims 21, 28 and 35 are directed to a statutory category of invention under Step 1 of the 2019 PEG. However each of claims 21, 28 and 35 are also directed to an abstract idea without significantly more, under Step 2A (Prong One and Prong Two) and Step 2B of the 2019 PEG, which is a judicial exception to 35 U.S.C. 101, as detailed below. Using the language of independent claim 21 to illustrate the claim recites the limitations of, (i) electronically and remotely verifying a payor as a legitimate payor using an electronic authentication process (ii) to exchange data messages associated with direct electronic transactions including ACH type transactions, (iii) providing access (iv) wherein the computer application causes display of an interactive user interface; (v) receive, over Internet communication from the computer application executing, an authentication request for a direct electronic transaction initiated by a candidate payor inputting an account identifier associated with a candidate payor account into the computer application executing to directly transfer funds from the candidate payor account to a payee account, the authentication request including the account identifier, a transaction amount, and device information; (vi) apply a decisioning model to the device information and account data associated with the candidate payor account to determine a risk score for the direct electronic transaction, the risk score representing a likelihood that the candidate payor is the legitimate payor; in response to the risk score not satisfying a threshold level and thereby indicating that the candidate payor initiating the direct electronic transaction is likely not the legitimate payor, verify the candidate pavor; in response to the risk score indicating that the candidate payor initiating the direct electronic transaction is likely not the legitimate payor, verify the candidate payor's identity by: (i) generating, using a secure protocol , and the account data an authentication challenge including at least one of a code or an authentication challenge question, the authentication challenge generated to confirm that the candidate payor who initiated the direct electronic transaction is the legitimate payor; (ii) causing display of the authentication challenge on the interactive user interface associated with the inputted account identifier, the authentication challenge prompting the candidate payor to respond to the authentication challenge by inputting at least one of (a) the code into the computer application executing or (b) a challenge response to the authentication challenge question into the computer application executing; (iii) receiving, via the communication interface over the Internet communication, at least one of (a) the code or the computer application executing or (b) the challenge response from the computer application executing; (vii) authenticating, using at least one of a set of authentication rules or modules, at least one of the code or the challenge response based on the account data, the authenticating comprising (a) confirming the candidate payor as the legitimate payor and (b) authenticating the direct electronic transaction including verifying that the candidate payor account includes funds greater than the transaction amount; and (viii) generating a first authentication response by embedding in the first authentication response a first indicator indicating the determination that the direct electronic transaction as authenticated; in response to the risk score satisfying the threshold level and thereby indicating that the candidate payor initiating the direct electronic transaction is likely the legitimate payor: (i) bypass the verification of the candidate payor as the legitimate payor; (ii) determine that the direct electronic transaction as authenticated based on the risk score including verifying that the candidate payor account includes the funds greater than the transaction amount; and (iii) generate a second authentication response by embedding in the second authentication response a second indicator indicating that the direct electronic transaction is authenticated without further authentication; and (ix) in response to authenticating the direct electronic transaction, (i) approve the direct electronic transaction on behalf of an issuer of the candidate payor account, and (ii) transmit a data message indicating that the direct electronic transaction has been approved under the broadest reasonable interpretation (BRI) covers methods of organizing human activity – fundamental economic principles or practices - mitigating risk but for the recitation of generic computers and generic computer components. (Independent claims 28 and 35 recite similar limitations and the analysis is the same).
That is, other than reciting a computer network, authentication computing device, at least one processor, a memory, registered payor computing devices, registered payee computing devices, a registered payee computing device, a registered payor computing device and a communication interface nothing in the claim precludes the steps from being directed to organizing human activity – fundamental economic principles or practices - mitigating risk. If a claim limitation under its BRI, covers methods of organizing human activity but for the recitation of generic computers, then the limitations fall within the “methods of organizing human activity” grouping of abstract ideas. Therefore, claim 21 recites an abstract idea under Step 2A Prong One of the Revised Patent Subject Matter Eligibility Guidance 84 Fed.Reg 50 (“2019 PEG”).
This “methods of organizing human activity” is not integrated into a practical application under Step 2A prong Two of the 2019 PEG. In particular claim 21 recites the following additional elements of, a computer network, authentication computing device, at least one processor, a memory, registered payor computing devices, registered payee computing devices, a registered payee computing device, a registered payor computing device and a communication interface. This judicial exception is not integrated into a practical application. In particular, the claim only recites the additional elements – a computer network, authentication computing device, at least one processor, a memory, registered payor computing devices, registered payee computing devices, a registered payee computing device, a registered payor computing device and a communication interface.
The computer network, authentication computing device, at least one processor, memory, registered payor computing devices, registered payee computing devices, registered payee computing device, registered payor computing device and communication interface are recited at a high-level or generality (i.e. as a generic computer performing generic computer functions) such that, they amount to no more than instructions to apply the abstract idea with a computer (see MPEP 2106.05(h). Accordingly these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea.
Under Step 2B of the 2019 PEG independent claim 21 does not include additional elements that are sufficient to amount to significantly more than the abstract idea. The claim(s) do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of using a computer network, authentication computing device, at least one processor, a memory, registered payor computing devices, registered payee computing devices, a registered payee computing device, a registered payor computing device and a communication interface, electronically and remotely verifying a payor as a legitimate payor using an electronic authentication process to exchange data messages associated with direct electronic transactions including ACH type transactions, providing access wherein the computer application causes display of an interactive user interface; receive, over Internet communication from the computer application executing, an authentication request for a direct electronic transaction initiated by a candidate payor inputting an account identifier associated with a candidate payor account into the computer application executing to directly transfer funds from the candidate payor account to a payee account, the authentication request including the account identifier, a transaction amount, and device information; apply a decisioning model to the device information and account data associated with the candidate payor account to determine a risk score for the direct electronic transaction, the risk score representing a likelihood that the candidate payor is the legitimate payor; in response to the risk score not satisfying a threshold level and thereby indicating that the candidate payor initiating the direct electronic transaction is likely not the legitimate payor, verify the candidate pavor; in response to the risk score indicating that the candidate payor initiating the direct electronic transaction is likely not the legitimate payor, verify the candidate payor's identity by: (i) generating, using a secure protocol , and the account data an authentication challenge including at least one of a code or an authentication challenge question, the authentication challenge generated to confirm that the candidate payor who initiated the direct electronic transaction is the legitimate payor; (ii) causing display of the authentication challenge on the interactive user interface associated with the inputted account identifier, the authentication challenge prompting the candidate payor to respond to the authentication challenge by inputting at least one of (a) the code into the computer application executing or (b) a challenge response to the authentication challenge question into the computer application executing; (iii) receiving, via the communication interface over the Internet communication, at least one of (a) the code or the computer application executing or (b) the challenge response from the computer application executing; authenticating, using at least one of a set of authentication rules or modules, at least one of the code or the challenge response based on the account data, the authenticating comprising (a) confirming the candidate payor as the legitimate payor and (b) authenticating the direct electronic transaction including verifying that the candidate payor account includes funds greater than the transaction amount; and generating a first authentication response by embedding in the first authentication response a first indicator indicating the determination that the direct electronic transaction as authenticated; in response to the risk score satisfying the threshold level and thereby indicating that the candidate payor initiating the direct electronic transaction is likely the legitimate payor: (i) bypass the verification of the candidate payor as the legitimate payor; (ii) determine that the direct electronic transaction as authenticated based on the risk score including verifying that the candidate payor account includes the funds greater than the transaction amount; and (iii) generate a second authentication response by embedding in the second authentication response a second indicator indicating that the direct electronic transaction is authenticated without further authentication; and in response to authenticating the direct electronic transaction, (i) approve the direct electronic transaction on behalf of an issuer of the candidate payor account, and (ii) transmit a data message indicating that the direct electronic transaction has been approved, amount to instructions to apply the abstract idea with a computer. The claims are not patent eligible.
The dependent claims have been given the full two part analysis including analyzing the additional limitations both individually and in combination. The Dependent claim(s) when analyzed individually are also held to be patent ineligible under 35 U.S.C. 101 because for the same reasoning as above and the additional recited limitation(s) fail to establish that the claim(s) are not directed to an abstract idea. The additional limitations of the dependent claim(s) when considered individually do not amount to significantly more than the abstract idea. Claims 22-26, 29-34 and 36-41 merely further explain the abstract idea.
When viewed individually the additional limitations do not amount to a claim as a whole that is significantly more than the abstract idea. Accordingly claims 21-26 and 28-41 are ineligible.
Response to Arguments
Applicant's arguments filed 3/23/26 have been fully considered but they are not persuasive.
The Applicant states “the claimed system improves the technical functioning of authentication computing systems by providing a more robust electronic verification mechanism for remotely exchanged data, rather than merely reciting an abstract economic practice or risk-mitigation concept” (page 16), that “the claimed invention effects an improvement in computer functionality by enabling a distributed authentication process that cannot be performed by a single generic computer acting alone” (page 17), and that “the claims are directed to something "significantly more" than the idea itself” (page 21). The Examiner disagrees with the sentences because the claims are an improvement of the abstract idea only. It is a business solution to a business problem of processing direct electronic transactions (e.g., ACH transaction). The applicant has not shown how the claims improve a computer or other technology, invoke a particular machine, transform matter, or provide more than a general link between the abstraction and the technology, MPEP 2106.05(a)-(c) & (e). The Examiner disagrees that “The requirement for synchronized interaction between independently controlled devices, along with coordinated capture and exchange of authentication data, constitutes a specific technical solution to problems arising in remote electronic verification environments, including device trust, data integrity, and authentication reliability” (page 17). The claimed invention operates in a conventional manner to verify the payor’s identity. The separate devices used for authentication and funds verification purposes operate in a conventional manner without any technical improvements being made to the generic, conventional devices. The Examiner disagrees that the Claims are similar to example 35 (page 19). The claims do not provide an improvement over prior systems and only add details to the abstract idea, they do not address a problem particular to computer networks and merely apply the abstract idea on general computer components. The amended claims make the abstract idea more specific, and using separate devices for authentication and funds verification purposes when processing direct electronic transactions is not an unconventional activity. Applicant’s remarks about why these limitations provide a practical application fail to surface any technical improvement identified in the specification and, therefore this is not an inventive concept and significantly more.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MARLA HUDSON whose telephone number is (571)272-1063. The examiner can normally be reached M-F 9:30 a.m. - 5:30 p.m. ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bennett Sigmond can be reached at (303) 297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.H./Examiner, Art Unit 3694
/BENNETT M SIGMOND/Supervisory Patent Examiner, Art Unit 3694