DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/2/25 has been entered.
Status of Claims
This action is in reply to RCE, amendment and response filed on 12/2/25 and IDS filed on 12/18/25. Claims 1, 8 and 15 were amended. Claims 1-20 are pending and examined.
Response to Arguments
101: The Applicant’s amendments and arguments have been fully considered but are not persuasive.
The Applicant essentially argues that the amended claims overcome the rejection.
The Examiner disagrees.
The Applicant’s arguments are moot because of claim amendments that are substantive. Per example, claim 1 recites additional elements (e.g.: “trigger a download activation to download the application if the application is not present on the user device”) that necessitate reconsideration of the claims.
As such, an updated rejection is provided that addresses the amended claims.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. (Step 1) The claims recite a process (claims 1-7), an apparatus (claim 8-14) and an article of manufacture (claims 15-20). For the purposes of this analysis, representative claim 8 (from claims 1, 8 and 15) is addressed. (Step 2A, prong 1) Abstract ideas are in bold below, and represent organizing human activity, as a method of verifying a user at a location and providing an assistance notification based on the verification, as are all a form of commercial or legal interaction and managing personal behavior or relationships or interactions between people.
A server comprising:
a processing circuit;
executable instructions, which when executed by the processing circuit cause the server to:
receive, from a first device, a first cryptogram of a contactless card along with information from the first device;
determine a location of the first device based on the information received from the first device;
transmit, to a user device, a notification requesting tapping the contactless card to the user device, wherein the notification is configured to cause an application on the user device to be executed, or trigger a download activation to download the application if the application is not present on the user device;
receive, from the user device, a second cryptogram of the contactless card, wherein the application is configured to receive the second cryptogram and forward it to the server;
authenticate, a user of the user device based on the second cryptogram, the user being associated with the contactless card, wherein authenticating the user verifies that the user of the user device is at the location; and
send a notification to a second device that the user of the user device is at the location and is requesting assistance, wherein the notification includes an authentication success notification.
(Step 2A prong 2) The additional elements are as follows:
“A server comprising”, “a processing circuit”, “executable instructions, which when executed by the processing circuit cause the server to”. This is no more than “apply it” as the “server” that comprises the “processing circuit” and “executable instructions, which when executed by the processing circuit cause the server” are mere “[u]se of a computer or other machinery in its ordinary capacity for economic or other tasks”, see MPEP 2106.05(f)(2).
“[receive], from a first device, [a first cryptogram] of a contactless card […]”. This is no more than “apply it” as the “first device” and “contactless card” are mere “[u]se of a computer or other machinery in its ordinary capacity for economic or other tasks”, see MPEP 2106.05(f)(2).
“transmit, to a user device, [a notification …]” and “[the notification] is configured to cause an application on the user device to be executed, or trigger a download activation to download the application if the application is not present on the user device”. This is no more than “apply it” as “transmit, to a user device [a notification]” is mere “[u]se of a computer or other machinery in its ordinary capacity for economic or other tasks”, see MPEP 2106.05(f)(2). Furthermore, ““[the notification] is configured to cause an application on the user device to be executed, or trigger a download activation to download the application …” is no more than “apply it” as the claim fails to recite details of how configuring “the notification” causes “an application on the user device to be executed, or trigger a download activation to download the application”, see MPEP 2106.05(f)(1).
“[receive …, wherein] the application is configured to receive the second cryptogram and forward it to the server. This is no more than “apply it” as “the application is configured to receive the second cryptogram and forward it to the server” is mere “[u]se of a computer or other machinery in its ordinary capacity for economic or other tasks”, see MPEP 2106.05(f)(2).
“authenticate, [a user] of the user device [based on the second cryptogram]”. This is no more than “apply it” as “authenticate, […] the user device” is mere “[u]se of a computer or other machinery in its ordinary capacity for economic or other tasks”, see MPEP 2106.05(f)(2).
“send [a notification] to a second device […]”. This is no more than “apply it” as “send, […] to a second device” is mere “[u]se of a computer or other machinery in its ordinary capacity for economic or other tasks”, see MPEP 2106.05(f)(2).
(Step 2B) The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration into a practical application, the additional elements amount do no more than provide mere instructions to apply the abstract idea of using generic computer components. The claim elements when considered separately and in an ordered combination, do not add significantly more than implementing the abstract idea of verifying a user at a location and providing an assistance notification based on the verification, over a generic computer network with generic computing elements, and generic hardware.
Analysis of dependent claim 3, recited additional elements of:
“the first device is in data communication with the contactless card through a near field communication (NFC)”. This is no more than “apply it” as the “the first device is in data communication with the contactless card” is mere “[u]se of a computer or other machinery in its ordinary capacity for economic or other tasks”, see MPEP 2106.05(f)(2). Furthermore, “data communication with the contactless card through a near field communication (NFC)” is no more than “apply it" because the abstract idea is being done by a computer environment (e.g.: NFC), but no details of how that is happening has been provided, or the details that have been provided amount to merely apply it because they are generic to the environment, see MPEP 2106.05(f)(1 & 2).
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration into a practical application, the additional elements amount do no more than provide mere instructions to apply the abstract idea of using generic computer components. The claim elements when considered separately and in an ordered combination, do not add significantly more than implementing the abstract idea of verifying a user at a location and providing an assistance notification based on the verification, over a generic computer network with generic computing elements, and generic hardware.
Analysis of dependent claim 6, recited additional elements of:
“the notification includes a link” and “the application is executed in response to the user interacting with the link and the user of the user device is prompted, via the application, to tap the contactless card to the user device”. This is no more than “apply it” as “the notification includes a link” and “the application is executed in response to the user interacting with the link and the user of the user device is prompted, via the application, to tap the contactless card to the user device” are mere “[u]se of a computer or other machinery in its ordinary capacity for economic or other tasks”, see MPEP 2106.05(f)(2).
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration into a practical application, the additional elements amount do no more than provide mere instructions to apply the abstract idea of using generic computer components. The claim elements when considered separately and in an ordered combination, do not add significantly more than implementing the abstract idea of verifying a user at a location and providing an assistance notification based on the verification, over a generic computer network with generic computing elements, and generic hardware.
Analysis of dependent claim 7, recited “wherein the contactless card comprises a processor and a memory, the memory storing the second cryptogram that contains an unique customer identifier”, additional details which further narrow the abstract idea and additional elements of:
“the contactless card comprises a processor and a memory, the memory storing”. This is no more than “apply it” as the “contactless card” that comprises “a processor and a memory, the memory storing” are mere “[u]se of a computer or other machinery in its ordinary capacity for economic or other tasks”, see MPEP 2106.05(f)(2).
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration into a practical application, the additional elements amount do no more than provide mere instructions to apply the abstract idea of using generic computer components. The claim elements when considered separately and in an ordered combination, do not add significantly more than implementing the abstract idea of verifying a user at a location and providing an assistance notification based on the verification, over a generic computer network with generic computing elements, and generic hardware.
Analysis of dependent claim 9, recited “wherein the first device is a self-service kiosk in a bank branch at the location”, additional details which further narrow the abstract idea and additional elements of:
“the first device is a self-service kiosk”. This is general linking as the “self-service kiosk” does no more than link the use of the abstract idea to a particular technological environment or field of use, see MPEP 2106.05(h).
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration into a practical application, the additional elements amount do no more than provide mere instructions to apply the abstract idea of using generic computer components. The claim elements when considered separately and in an ordered combination, do not add significantly more than implementing the abstract idea of verifying a user at a location and providing an assistance notification based on the verification, over a generic computer network with generic computing elements, and generic hardware.
Analysis of dependent claim 10, recited additional elements of:
“the user device is a user mobile device”. This is no more than “apply it” as the “user mobile device” is mere “[u]se of a computer or other machinery in its ordinary capacity for economic or other tasks”, see MPEP 2106.05(f)(2).
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration into a practical application, the additional elements amount do no more than provide mere instructions to apply the abstract idea of using generic computer components. The claim elements when considered separately and in an ordered combination, do not add significantly more than implementing the abstract idea of verifying a user at a location and providing an assistance notification based on the verification, over a generic computer network with generic computing elements, and generic hardware.
Analysis of dependent claim 2, 4-5, 8, 11-14 and 16-20 recited additional details which only further narrow the abstract idea and do not add any additional features, alone or in combination, that would provide a practical application or provide significantly more.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. as being unpatentable over US 20210004803 A1 (Rule) in view of US 20160275760 A1 (Block).
As to claims 1, 8 and 15,
with respect to claim 8,
Rule teaches,
A server (FIG. 1, item 120, para. 20 “a server”) comprising:
a processing circuit (para. 20 “the server”); and
executable instructions (para. 74 “a number of program modules can be stored in the drives and memory units”), which when executed by the processing circuit cause the server (para. 74) to
receive, from a first device, a first cryptogram of a contactless card along with information from the first device (para. 15 “The account application may transmit the encrypted data and location data describing the current location of the mobile device to a server”, FIG. 4, item 410, para. 48 “transmits the encrypted data 108 and location data received from the location module 114 to the server”);
determine a location of the first device based on the information received from the first device (FIG. 4, item 420, para. 49 “determine whether the received location data is within one or more permitted locations to use the contactless card”);
transmit, to a user device, a notification requesting tapping the contactless card to the user device (FIG. 4, item 460, para. 52 “transmit the EMV payload to the POS device”), [download application];
receive, from the user device, a second cryptogram of the contactless card (para. 42 “The account application 113 may then output another indication to tap the contactless card 101 to the mobile device”), wherein the application is configured to receive the second cryptogram and forward it to the server (para. 44 “The payment applet 106 may then transmit the EMV payload to the POS device 140. The POS device 140 may then transmit the EMV payload to the server”);
authenticate, a user of the user device based on the second cryptogram, the user being associated with the contactless card, wherein authenticating the user verifies that the user of the user device is at the location (FIG. 4, item 480, para. 52 “ the authorization application 123 of the server 120 approves payment for the transaction using the contactless card 101 based at least in part on the indication of the preauthorization in the EMV payload”);
[alert customer presence at location], wherein the notification includes an authentication notification (para. 52 “ the authorization application 123 may determine that the location data in the stored indication of preauthorization in the account data 124 is within a threshold distance of the location of the POS device”).
Rule does not teach,
[transmit …], wherein the notification is configured to cause an application on the user device to be executed, or trigger a download activation to download the application if the application is not present on the user device,
send a notification to second device that the user of the user device is at the location and is requesting assistance, [wherein the notification …].
however, Block teaches,
[transmit …], wherein the notification is configured to cause an application on the user device to be executed, or trigger a download activation to download the application if the application is not present on the user device (para. 281 “download new states and screens or new programs”),
send a notification to second device that the user of the user device is at the location and is requesting assistance (para. 105 “outputs to a selected banking employee's terminal which include visual information which indicates, for example, “Customer #1 is interested in opening a checking account and was told to go to the waiting area”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine card based presence related actions of Rule with customer location based employee response of Block because customer location based employee response improves card based presence related actions by “ enhance[ing] security within a banking facility by tailoring the security to the locations of banking employees and customers within the banking facility”, see Block, para. 216.
Additionally, with respect to claims 1 and 15,
the method claim 1 and article of manufacture claim 1 are rejected under the same rationale as claim 8.
As to claim 2, combination of Rule and Block teach all the limitations of claim 1.
Rule teaches,
the first cryptogram is generated by the first device upon tapping the contactless card to the first device (para. 31 “the user may tap the contactless card 101 to the POS device”).
As to claim 3, combination of Rule and Block teach all the limitations of claims 1-2.
Rule teaches,
wherein the first device is in data communication with the contactless card through a near field communication (NFC) (para. 25 “ transmit the encrypted data 108 to the account application 113 of the mobile device 110, e.g., via NFC”).
As to claim 4, combination of Rule and Block teach all the limitations of claim 1.
Rule teaches,
wherein the first device and the contactless card are near field communication (NFC)-enabled (para. 25, 88, 89).
As to claim 5, combination of Rule and Block teach all the limitations of claim 1.
validating, by the server, the second cryptogram (para. 46 “approve the transaction based at least in part on whether the expected indication of preauthorization is present in the EMV payload”);
extracting, by the server from the second cryptogram, a unique customer identifier associated with the user of the user device (para. 46 “approve the transaction based at least in part on whether the expected indication of preauthorization is present in the EMV payload”);
verifying, by the server, the unique customer identifier (para. 46 “matches a corresponding indication stored in the account data”).
As to claim 6, combination of Rule and Block teach all the limitations of claim 1.
Rule does not teach,
wherein the notification includes a link, wherein the application is executed in response to the user interacting with the link and the user of the user device is prompted, via the application, to tap the contactless card to the user device.
however, Block teaches,
wherein the notification includes a link, wherein the application is executed in response to the user interacting with the link and the user of the user device is prompted, via the application, to tap the contactless card to the user device (para. 132 “the bank may provide “smart” posters or advertisements that may include RFID tags, whereby the banking customer may tap their NFC mobile device against the RFID equipped poster or advertisement”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine card based presence related actions of Rule with customer location based employee response of Block because customer location based employee response improves card based presence related actions by “ enhance[ing] security within a banking facility by tailoring the security to the locations of banking employees and customers within the banking facility”, see Block, para. 216.
As to claim 7, combination of Rule and Block teach all the limitations of claim 1.
Rule teaches,
wherein the contactless card comprises a processor and a memory, the memory storing the second cryptogram that contains an unique customer identifier (FIG. 1, item 101, 102, 108, para. 26 “contactless card”, para. 27 “the customer identifier associated with the contactless card 101 may be used to generate the encrypted data”).
As to claim 9, combination of Rule and Block teach all the limitations of claim 8.
Rule does not teach,
wherein the first device is a self-service kiosk in a bank branch at the location.
however, Block teaches,
wherein the first device is a self-service kiosk in a bank branch at the location (para. 63 “The exemplary banking system 100 contains an automated banking machine”, para. 74 “determine the location of persons within the facility”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine card based presence related actions of Rule with customer location based employee response of Block because customer location based employee response improves card based presence related actions by “ enhance[ing] security within a banking facility by tailoring the security to the locations of banking employees and customers within the banking facility”, see Block, para. 216.
As to claim 10, combination of Rule and Block teach all the limitations of claim 8.
Rule teaches,
wherein the user device is a user mobile device (FIG. 1, item 110, para. 21 “the mobile device”).
As to claim 11, combination of Rule and Block teach all the limitations of claim 8.
Rule does not teach,
wherein the user of the second device is an employee in a bank branch at the location.
however, Block teaches,
wherein the user of the second device is an employee in a bank branch at the location (para. 79 “The image is sent to a terminal or other output device in proximity to a banking employee to allow the banking employee to offer a more personal welcome greeting to the banking customer”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine card based presence related actions of Rule with customer location based employee response of Block because customer location based employee response improves card based presence related actions by “ enhance[ing] security within a banking facility by tailoring the security to the locations of banking employees and customers within the banking facility”, see Block, para. 216.
As to claim 12, combination of Rule and Block teach all the limitations of claim 8.
Rule teaches,
the contactless card, wherein the contactless card comprises a processor and a memory, the memory storing the first cryptogram (FIG. 1, item 101, 102, 108, para. 26 “contactless card”, para. 27).
As to claim 13, combination of Rule and Block teach all the limitations of claim 8.
Rule teaches,
wherein the second cryptogram is generated by the user device upon tapping the contactless card to the user device (para. 42, 44).
As to claim 14, combination of Rule and Block teach all the limitations of claim 8.
Rule teaches,
wherein the user device is in data communication with the contactless card through a near field communication (NFC) (para. 25).
As to claim 16, combination of Rule and Block teach all the limitations of claim 15.
Rule teaches,
wherein the first device is a near field communication (NFC)-enabled device (para. 25, 88, 89).
As to claim 17, combination of Rule and Block teach all the limitations of claim 15.
Rule teaches,
wherein the user device is an NFC-enabled device (para. 25, 88, 89).
As to claim 18, combination of Rule and Block teach all the limitations of claim 15.
Rule teaches,
wherein the contactless card is an NFC-enabled device (para. 25, 88, 89).
As to claim 19, combination of Rule and Block teach all the limitations of claim 15.
Rule teaches,
wherein the contactless card is one of a credit card, a debit card, or a gift card (para. 81 “wherein the contactless card is one of a credit card, a debit card, or a gift card”).
As to claim 20, combination of Rule and Block teach all the limitations of claim 15.
Rule does not teach,
wherein the notification includes a link, wherein the application is executed in response to the user interacting with the link and the user of the user device is prompted, via the application, to tap the contactless card to the user device.
however, Block teaches,
wherein the notification includes a link, wherein the application is executed in response to the user interacting with the link and the user of the user device is prompted, via the application, to tap the contactless card to the user device (para. 132).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine card based presence related actions of Rule with customer location based employee response of Block because customer location based employee response improves card based presence related actions by “ enhance[ing] security within a banking facility by tailoring the security to the locations of banking employees and customers within the banking facility”, see Block, para. 216.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BROCK E TURK whose telephone number is (571)272-5626. The examiner can normally be reached Monday-Friday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ryan Donlon can be reached at 571-270-3602. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BROCK E TURK/Examiner, Art Unit 3692
/RYAN D DONLON/Supervisory Patent Examiner, Art Unit 3692
Prosecution Insights