DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, 18/204,360, filed 05/31/2023, is a Continuation of 16/681,608, filed 11/12/2019, now U.S. Patent No. 11,706,213, which claims priority from U.S. Provisional Application 62/760,795, filed 11/13/2018.
The effective filing date is after the AIA date of March 16, 2013, and so the application is being examined under the “first inventor to file” provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Status of the Application
This Final Office Action is in response to Applicant’s communication of Jan. 20, 2026.
Claims 1, 2, 7, 9-11, 16, and 18 are pending, of which claims 1 and 10 are independent. Claims 3-6, 8, 12-15, and 17 were previously cancelled. Claims 1 and 10 are currently amended.
All pending claims have been examined on the merits.
Claim Rejections - 35 USC § 103
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 2, 7, 9-11, 16, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over US 2020/0045041 A1 to Heidari et al. (“Heidari”. Eff. Filed on Aug. 6, 2018) in view of US 2014/0222678 A1 to Sheets et al. (“Sheets”. Eff. Filed on Feb. 5, 2013. Published on Aug. 7, 2014), and further in view of US-2018/0199195-A1 to Metral (“Metral”. Eff. Filed on Sep. 27, 2013. Published on Jul. 12, 2018).
In regards to claim 1,
1. (Currently Amended) A computer-implemented method for use in facilitating authentication of a user in connection with a network transaction by the user, the method comprising:
capturing, by a voice interactive device, a voice command to initiate a transaction from a user, the voice command identifying a specific party from which a product is to be purchased,
(See Heidari, para. [0002]: “Various services, such as banking services, retail shopping services, food delivery services, etc., are often accessible by users via computing or assistant devices, such as computers, cell phones, smart speaker devices, etc. coupled to a network. Such computing or assistant devices generally support specific development platforms, and require applications that enable over-network access to various services (e.g., banking or shopping services) to be implemented and maintained on the specific development platforms. As an example, voice activated assistant devices, such as smart speakers, are utilized to communicate with various services over a network using voice commands to cause one of various operations, such as banking transactions/operations, online shopping, etc., each to be performed on a specific platform for a particular service (e.g., individual, separate platforms for Chase Bank or for Walmart). … Thus, there is a need for a centralized secure hub or platform that can manage multiple service platforms for banking and shopping service providers.”)
(See Heidari, para. [0023]: “Merchant/service servers 108 may be utilized by respective one or more merchant or service providers to provide access to merchant or services provided by the merchant or service providers to customers or users to over network 112. For example, a first one of merchant/service provider server 108 may be utilized by a food merchant such as a restaurant (e.g., Domino's Pizza) to allow users to order food over network 112, a second one of merchant/service provider server 108 may be utilized by a utility provider (e.g., ComEd) to provide access to utility accounts over network 112, a third one of merchant/service provider server 108 may be utilized by a cab company or car service provider (e.g., Uber) to allow users to order car service over network 112, etc. In an embodiment, a merchant or server provider application running on merchant/service servers 108 may implement an interface, such as an API, to allow a third-party entity to communicate with the merchant or service provider application and to thereby allow the third-party entity to permit access to merchant/service services available to users of the third-party entity over network 112.”)
the voice interactive device including a smart speaker associated with the user, the voice interactive device physically remote from the party;
(See Heidari, para [0024]: “Centralized gateway server 102 provides user access to services provided by various service provider servers 104-108. Centralized gateway server 102 is configured to communicate with at least user devices 111 and service provider servers 104-108. Users or customers of financial institutions, credit card providers, merchants, services, etc. may conduct transactions with respective servers 102-108 via various user devices 111 that may include computing user devices 113 and/or artificial intelligence (AI) speaker devices 114 (e.g., “smart speaker” devices) communicatively coupled to network 112. Computing user devices 113 may include, for example, personal computers, cellular phones, smart phones, web-enabled televisions, and other suitable web-enabled devices communicatively coupled to network 112.”)
(See Heidari, para. [0025]: “Smart speaker devices 114 may include smart speaker devices configured to communicate with voice assistant servers 116 that support different development platforms for developing and maintaining applications accessible on voice assistant servers 116 via different smart speaker devices 114. In an exemplary embodiment, a first smart speaker device 114 may be an Amazon Echo speaker device configured to communicate with an Alexa voice assistant server that supports an Alexa development platform for developing applications (e.g., “skills” built with an Alexa Skills Kit to add to the capabilities of any Alexa-enabled device, such as to add food ordering capabilities, to facilitate financial transactions, to add question answering capabilities, etc.) accessible via Amazon Echo devices;”)
determining content of the voice command;
(See Heidari, para. [0002]: “As an example, voice activated assistant devices, such as smart speakers, are utilized to communicate with various services over a network using voice commands to cause one of various operations, such as banking transactions/operations, online shopping, etc., each to be performed on a specific platform for a particular service (e.g., individual, separate platforms for Chase Bank or for Walmart).”)
(See Heidari, para. [0024]: “Voice assistant server 116 may identify, based on the voice command received from smart speaker device 114, a particular application implemented on voice assistant server 116 that may respond to the voice command, and may allow the user to communicate with the identified application to implement an operation requested by the voice command.”)
authenticating, by an authentication service server, separate from the voice interactive device …, the user, by retrieving a voice biometric reference based on an identifier specific to the voice interactive device and comparing the captured voice command to initiate the transaction to the retrieved voice biometric reference;
(See Heidari, para. [0006]: “In yet another embodiment, an apparatus comprises at least one biometric interface, a memory to store biometric data, and a processor implemented on one or more integrated circuits configured to receive a voice command from a user, the voice command indicating an operation to be performed on behalf of the user, cause a user request to be generated based on the voice command, the user request to be transmitted to a centralized gateway server, and receive, from the centralized gateway server, an authentication request to authenticate that the user is authorized to request the operation. The one or more integrated circuits are further configured to receive a biometric input, the biometric input generated based on a biometric characteristic provided via the biometric interface, and compare the biometric input to biometric data stored in the memory to determine if the biometric input matches the biometric data.”)
(See Heidari, para. [0018]: “In some embodiments, prior to transmitting requests for at least some operations, such as security-sensitive banking operations, the centralized gateway server may authenticate the user and ascertain whether the user is authorized to request the operations. For example, the centralized gateway server may generate an authorization request requesting certain authentication information, such as personal identification number (e.g., PIN or pin) information, security question information, biometric information, and the like to be provided by the user via a user device, and may analyze a response received from the user device to determine whether the user is an authorized user.”)
(See Heidari, para. [0045]: “Secure smart speaker device 414 may be equipped with one or more biometric interfaces 430, which may include a fingerprint pad, a retina scanner, voice recognition interface, etc., in various exemplary embodiments. Biometric authentication module 420 may be configured to receive inputs from one or more biometric interfaces 430 provided by a user and to compare the inputs with corresponding user data to authenticate the user. Biometric data corresponding to one or more users may be stored in a secure element device 432, for example. Such biometric data may be utilized for authenticating a particular user requesting secure operations via smart speaker device 414. In addition to or instead of biometric authentication performed using biometric inputs obtained via biometric interfaces 430, smart speaker device 414 may authenticate a user using a user's voice. For example, voice assistant engine 416 of smart speaker device 414 may utilize voice recognition to authenticate a user based on voice characteristics that may be stored in secure element 432.”)
(See Heidari, para. [0046]: “In an exemplary embodiment, when a user provides a voice command to smart speaker device 414 for a particular secure operation (e.g., a banking operation), voice assistant engine 416 may perform voice recognition to authenticate the user and/or biometric authentication module 420 may request the user to provide input for biometric authentication. If voice and/or biometric input provided by the user matches the corresponding data stored in secure element device 432, then processor 402 may transmit a user request via a communication interface 434 to instruct centralized gateway server 102 to perform the requested operation.”)
The Examiner interprets that performing this feature “authenticating, by an authentication service server, separate from the voice interactive device, the user” is an obvious variation that is functionally equivalent to performing all of these tasks on a single “centralized gateway server”, as taught in Heidari.
whereby the party is permitted to initiate an enhanced authentication of the user in connection with the transaction; and
(See Heidari, para. [0030]: “Upon receiving a selection of a particular service to which the user wishes to connect, the registration application may prompt the user to enter additional information associated with the service, such as user account information (e.g., user name) for the user at the particular service (e.g., user name for the user's Uber account). In some embodiments, the registration information may request that the user input additional information, such as credit card number information, user secondary authentication information, two-factor or multi-factor authentication information; user answers to security questions, etc.”)
issuing, by the voice interactive device, a challenge question from an access controller server (ACS), which is separate from the authentication service server, to the user as part of the enhanced authentication of the user; and
providing, by the voice interactive device, a challenge response from the user back to the ACS, in response to the challenge question.
(See Heidari, para. [0018]: “In some embodiments, prior to transmitting requests for at least some operations, such as security-sensitive banking operations, the centralized gateway server may authenticate the user and ascertain whether the user is authorized to request the operations. For example, the centralized gateway server may generate an authorization request requesting certain authentication information, such as personal identification number (e.g., PIN or pin) information, security question information, biometric information, and the like to be provided by the user via a user device, and may analyze a response received from the user device to determine whether the user is an authorized user.”)
The Examiner interprets that performing this feature “issuing, by the voice interactive device, a challenge question from an access controller server (ACS), which is separate from the authentication service server,” is an obvious variation that is functionally equivalent to performing all of these tasks on a single “centralized gateway server”, as taught in Heidari.
However, under a conservative interpretation of Heidari, it fails to expressly disclose the following features, which are disclosed by Sheets:
in response to the authenticating of the user being successful, receiving, by the voice interactive device, from the authentication service server, a key indicating successful authentication of the user; and
(See Sheets, para. [0026]: “An “authorization response message” can be a message that includes an authorization code, and may typically be produced by an issuer. A “transaction response” may be an authorization response message in some embodiments of the invention.”)
The Examiner interprets that Sheet’s “authorization code” reads upon the claimed “key”.
in response to the key from the authentication service server, transmitting, by the voice interactive device, to the party, a purchase request for the transaction consistent with the content of the voice command, the purchase request including the key indicating the successful authentication for the user,
(See Sheets, para. [0025]: “An “authorization request message” can include a request for authorization to conduct an electronic payment transaction. It may further include an issuer account identifier. The issuer account identifier may be a payment card account identifier associated with a payment card. The authorization request message may request that an issuer of the payment card authorize a transaction. An authorization request message according to an embodiment of the invention may comply with ISO 8583, which is a standard for systems that exchange electronic transactions made by users using payment cards.”)
(See Sheets, para. [0057]: “The description below provides descriptions of other components in the system as well as authentication methods using voice samples. The authentication methods can be performed at any suitable point during the above-described transaction flow. For example, the voice authentication method may be performed before or after the user uses a payment device to interact with the terminal 120. If it is afterwards, then the authentication method may be performed when the authorization request message is received by the payment processing network 140 or the issuer 150.”)
It would have been obvious to a person having ordinary skill in the art (PHOSITA), at the effective filing date of the Application, to combine the “Centralized gateway server for providing access to services”, as taught by Heidari above, with the “System and method for authentication using speaker verification techniques and fraud model”, as further taught by Sheets above, because both are in the same art of authenticating voice commands for commercial transactions, and more specifically, of using voice biometrics and keywords (or passwords) to authenticate a user, and because Sheets discloses more details pertaining to techniques of authentication.
However, under a conservative interpretation of Heidari in view of Sheets, they fail to expressly disclose the following features, which are disclosed by Metral:
authenticating, by an authentication service server, separate from the voice interactive device and the party, the user,
…
after authenticating the user by the authentication service server and after transmitting the purchase request …
(See Metral, para. [0024]: “Remote server 104, according to some embodiments, may be maintained by an online payment provider, which may provide processing for online financial and payment transactions on behalf of user 110. Remote server 104 may also be maintained by a merchant and provide access to a merchants goods and services (collectively referred to as “items”) that are for purchase and may provide a payment service processing for the purchased items. Remote server 104 may include at least authentication application 118, which may be configured to interact with client computing device 102 connected to network and remote server 104 via access point 108 to authenticate client computing device 102 to remote server 104. In some embodiments, authenticating client computing device 102 to remote server 104 may allow applications executing on client computing device 102, such as browser application 112 and/or payment application 114, to access features provided by remote server 104. Such features may include viewing items for purchase, selecting items for purchase, and paying for selected items, with an online payment provider such as PayPal, Inc. of San Jose, Calif., processing the payment.”)
(See Metral, para. [0033]: “A merchant having a physical, brick and mortar store as well as an online presence, including but not limited to, an online inventory, online ordering, online payment, and online-manageable loyalty programs, may wish to provide these online features to a customer when the customer is in the physical store. For example, a merchant may allow user 110 having client computing device 102 to enter their store, find an item for purchase, and allow user to pay for the item using client computing device 102, and then show proof of payment to the merchant before user 110 can exit the store with the item. To allow this, the merchant may require that user authenticate to remote server 104 and/or check in to perform these actions. As another example, user 110 may be part of a loyalty program of the store, and may be provided with coupons or offers when user 110 authenticates to remote server 104 when in the store and/or checks in to the store, with such coupons or offers being provided to client computing device 102 for scanning by the merchant.”)
It would have been obvious to a person having ordinary skill in the art (PHOSITA), at the effective filing date of the Application, to combine the “Centralized gateway server for providing access to services”, as taught by Heidari above, with the “System and method for authentication using speaker verification techniques and fraud model”, as further taught by Sheets above, because both are in the same art of authenticating voice commands for commercial transactions, and more specifically, of using voice biometrics and keywords (or passwords) to authenticate a user, and because Sheets discloses more details pertaining to techniques of authentication.
Furthermore, it would have been obvious to a person having ordinary skill in the art (PHOSITA), at the effective filing date of the Application, to combine the “Centralized gateway server for providing access to services”, as taught by Heidari above, with the “System and method for authentication using speaker verification techniques and fraud model”, as further taught by Sheets above, and further with “Automatic authentication of a mobile device using stored authentication credentials”, as taught by Metral, because all three references are in the same art of authentication for commercial transactions, and further because “authenticating, by an authentication service server, separate from the voice interactive device and the party, the user” is an obvious design choice variation regarding the location of the authentication service server.
In regards to claim 2,
2. (Previously Presented) The computer-implemented method of claim 1, wherein determining the content of the voice command includes:
transmitting, via a skill included in the voice interactive device, the voice command to a voice recognition service; and
receiving, from the voice recognition service, the content of the voice command, prior to transmitting the purchase request.
(See Heidari, para. [0046]: “Secure smart speaker device 414 may utilize voice and/or biometric input authentication to only allow authorized users to issue any requests via secure smart speaker device 414 and/or to request particular secure operations via secure smart speaker device 414. In an exemplary embodiment, when a user provides a voice command to smart speaker device 414 for a particular secure operation (e.g., a banking operation), voice assistant engine 416 may perform voice recognition to authenticate the user and/or biometric authentication module 420 may request the user to provide input for biometric authentication. If voice and/or biometric input provided by the user matches the corresponding data stored in secure element device 432, then processor 402 may transmit a user request via a communication interface 434 to instruct centralized gateway server 102 to perform the requested operation.”)
In regards to claims 3 to 6, they are cancelled.
In regards to claim 7,
7. (Previously Presented) The computer-implemented method of claim 1, wherein authenticating the user includes:
transmitting the voice command and the identifier specific to the voice interactive device to the authentication service server.
(See Heidari, para. [0046]: “Secure smart speaker device 414 may utilize voice and/or biometric input authentication to only allow authorized users to issue any requests via secure smart speaker device 414 and/or to request particular secure operations via secure smart speaker device 414. In an exemplary embodiment, when a user provides a voice command to smart speaker device 414 for a particular secure operation (e.g., a banking operation), voice assistant engine 416 may perform voice recognition to authenticate the user and/or biometric authentication module 420 may request the user to provide input for biometric authentication. If voice and/or biometric input provided by the user matches the corresponding data stored in secure element device 432, then processor 402 may transmit a user request via a communication interface 434 to instruct centralized gateway server 102 to perform the requested operation.”)
In regards to claim 8, it is cancelled.
In regards to claim 9,
9. (Previously Present) The computer-implemented method of claim 1,
wherein transmitting, by the voice interactive device, the purchase request to the party includes transmitting, via a skill included in the voice interactive device, the purchase request to a merchant backend for the skill; and
wherein the party includes a merchant associated with the merchant backend.
(See Heidari, para. [0023]: “Merchant/service servers 108 may be utilized by respective one or more merchant or service providers to provide access to merchant or services provided by the merchant or service providers to customers or users to over network 112. For example, a first one of merchant/service provider server 108 may be utilized by a food merchant such as a restaurant (e.g., Domino's Pizza) to allow users to order food over network 112, a second one of merchant/service provider server 108 may be utilized by a utility provider (e.g., ComEd) to provide access to utility accounts over network 112, a third one of merchant/service provider server 108 may be utilized by a cab company or car service provider (e.g., Uber) to allow users to order car service over network 112, etc. In an embodiment, a merchant or server provider application running on merchant/service servers 108 may implement an interface, such as an API, to allow a third-party entity to communicate with the merchant or service provider application and to thereby allow the third-party entity to permit access to merchant/service services available to users of the third-party entity over network 112.”)
In regards to claim 10, it is rejected on the same grounds as independent claim 1.
In regards to claim 11, it is rejected on the same grounds as independent claim 2.
In regards to claims 12-15, they are cancelled.
In regards to claim 16, it is rejected on the same grounds as claim 7.
In regards to claim 17, it is cancelled.
In regards to claim 18, it is rejected on the same grounds as claim 9.
Response to Amendments
Re: Claim Objections
The objection to claim 2 was previously withdrawn, in response to Applicant’s amendments to the claim.
Re: Claim Rejections - 35 USC § 112
The 35 U.S.C. 112 rejections were previously withdrawn, in response to Applicant’s amendments to the claims.
Re: Claim Rejections - 35 USC § 103
The 35 U.S.C. 103 rejections have been amended, in response to Applicant’s amendments to the claims.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications should be directed to Examiner Ayal Sharon, whose telephone number is (571) 272-5614, and fax number is (571) 273-1794. The Examiner can normally be reached from Monday to Friday between 9 AM and 6 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christine M Behncke can be reached on (571) 272-8103. The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Sincerely,
/Ayal I. Sharon/
Examiner, Art Unit 3695
May 7, 2026