ENHANCED DATA MESSAGING SYSTEMS AND METHODS FOR AUTHENTICATING AN IDENTITY OF ONLINE USERS

§101 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on December 29, 2025 has been entered. Status of Claims • This action is in reply to the RCE filed on December 29, 2025. • Claims 1, 7-8, 11, 16-17, and 20 have been amended and are hereby entered. • Claims 1-20 are currently pending and have been examined. • This action is made Non-FINAL. Response to Arguments Applicant’s arguments filed December 29, 2025 have been fully considered but they are not persuasive. The Examiner is withdrawing the 35 USC § 112 rejections due to Applicant’s amendments. New 35 USC § 112 rejections have been entered due to applicant’s amendments. The Examiner is withdrawing the 35 USC § 103 rejections due to Applicant’s amendments. Applicant’s arguments with respect to 35 USC § 101 have been fully considered and are not persuasive. Regarding Applicant’s argument on pages 11-13, that the claims are not directed to an abstract idea, the Examiner respectfully disagrees. As indicated in the 35 USC § 101 rejection below, the claimed inventions allows for using an authentication model to authenticate the identity of a user, and modify an authorization request by adding identity authentication data to the request. The Specification at [0002] states: “The need to authenticate online users before providing such online users with numerous different online services and/or confidential data is extremely important. For example, online transactions conducted over electronic payment networks are growing exponentially. For card-not-present transactions (e.g., online transactions in which the consumer does not actually provide a payment card to the merchant), fraud is markedly higher. Accordingly, for such transactions, authentication procedures are often implemented to verify that the alleged cardholder is, in fact, the actual or legitimate cardholder. In many cases, certain parties involved in the online transaction either do not have access to certain data that may be used to help authenticate the true identity of the online user or have access to only limited data. Thus, these parties are at a significant disadvantage when trying to authenticate the true identity of the online user prior to completing the purchase transaction.” Regarding Applicant’s argument on pages 13-16, that the claims integrate a practical application, the Examiner respectfully disagrees. Under the Patent Subject Matter Eligibility analysis, Step 2A, prong two, integration into a practical application requires an additional element(s) or a combination of additional elements in the claim to apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the exception. Limitations that are not indicative of integration into a practical application are those that generally link the use of the judicial exception into a particular technological environment or field of use-see MPEP 2106.05(h). Here the claims recite an authentication platform for use; an online user; the authentication platform comprising: a memory device; and at least one processor coupled to the memory device, the at least one processor programmed to perform claim functions and at least one non-transitory computer-readable storage media having computer-executable instructions embodied thereon for use in authenticating an online user, wherein when executed by at least one processor, the computer-executable instructions cause the at least one processor to perform claim functions; issuers communicatively coupled to the authentication platform; a merchant computing device; computers of a closed processing network; an issuer computing device such that they amount to no more than generally linking the use of the judicial exception (e.g., authenticating an identity of a user) to a particular technological environment or field of use (e.g., a computer network) (see MPEP 2106.05(h)). Furthermore, and in response to Applicant’s arguments on pages 13-14 regarding an improvement to technology, in determining whether a claim integrates a judicial exception into a practical application, a determination is made of whether the claimed invention pertains to an improvement in the functioning of the computer itself or any other technology or technical field (i.e., a technological solution to a technological problem). Here, the claims recite generic computer components, i.e., a generic processor, a memory storing a computer program executable by the processor to perform the claimed method steps and system functions. The processor, memory and system are recited at a high level of generality and are recited as performing generic computer functions customarily used in computer applications. Furthermore, the Specification describes a problem and improvement to a business or commercial process at least at [0002], describing improving the process of authenticating the identity of an online user completing a transaction. Regarding Applicant’s arguments on pages 14-16, that the purported technical improvements do not arise merely from complement implementation of an abstract idea, but from the technical solution routed in computing environment, the Examiner respectfully disagrees. Applicant’s reliance upon paragraph [0060] has been considered and is not persuasive. As an initial matter, regarding paragraph [0060], the paragraph states an unsupported conclusory statement of “As will be appreciated, based on the description herein the technical improvement in the authentication system as described herein is a computer- based solution to a technical deficiency or problem that is itself rooted in computer technology (e.g., the problem itself derives from the use of computer technology).” Then, immediately after this statement, Paragraph [0060] goes on to describe the problem with fraud and various fraud detection methodologies. Furthermore, paragraph [0060] purports the claims to be addressing increases in network traffic and processing loads, the Specification does not describe how the claims improve the functioning of a computer network by decreasing network traffic and processing loads. Nor does the Specification describe how the claims improve technology or a technological environment or field of use. Applicant’s arguments are therefore unpersuasive. And again and in response to this argument, Examiner reminds Applicant, “‘claiming the improved speed or efficiency inherent with applying the abstract idea on a computer’ [is] insufficient to render the claims patent eligible as an improvement to computer functionality.” Customedia, 951 F.3d at 1364 (quoting Intell. Ventures I LLC v. Capital One Bank (USA), 792 F.3d 1363, 1367, 1370 (Fed. Cir. 2015)); see also BSG Tech LLC v. BuySeasons, Inc., 899 F.3d 1281, 1288 (Fed. Cir. 2018) (“These benefits, however, are not improvements to database functionality. Instead, they are benefits that flow from performing an abstract idea in conjunction with a well-known database structure.”). Regarding Applicant’s arguments on pages 17-18, that the claims recite significantly more than the abstract idea, the Examiner respectfully disagrees. The limitations are directed to an abstract idea and when determining if the claims are directed to significantly more, the additional limitations of the claims in addition to the abstract idea are analyzed. In the instant application, the additional elements of the claim include an authentication platform for use; an online user; the authentication platform comprising: a memory device; and at least one processor coupled to the memory device, the at least one processor programmed to perform claim functions and at least one non-transitory computer-readable storage media having computer-executable instructions embodied thereon for use in authenticating an online user, wherein when executed by at least one processor, the computer-executable instructions cause the at least one processor to perform claim functions; issuers communicatively coupled to the authentication platform; a merchant computing device; computers of a closed processing network; an issuer computing device. The additional limitations, when considered both individually and in combination, do not affect an improvement to another technology or technological field; the claims do not amount to an improvement to the functioning of the computer itself; and the claims do not move beyond a general link of use of an abstract idea to a particular technological environment. Therefore, the claims merely amount to merely generally linking the use of the abstract idea to a particular technological environment or field of use (e.g., a computer network), and is considered to amount to nothing more than requiring a generic computer network to carry out the abstract idea itself. The specifics about the abstract idea do not overcome the rejection. Applicant’s reliance upon Bascom, on pages 17-18, is misplaced. The claims here are not like those the Court found patent eligible in Bascom, in which the inventive concept was the unconventional arrangement of the installation of a filtering tool at a specific location, remote from the end-users, with customizable filtering features specific to each end user, this design permitted the filtering tool to have both the benefits of a filter on a local computer and the benefits of a filter on the [Internet Service Provider] server and was not conventional or generic, instead, the patent claimed and explained how a particular arrangement of elements was “a technical improvement over prior art ways of filtering such content.” (BASCOM, 827 F.3d at 1345.). In the instant application the claims do not have an inventive concept found in the non-conventional and non-generic arrangement of the additional elements. The claims are not patent eligible. For the reasons above, Applicant’s arguments are not persuasive. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 1 recites the limitations of “extract… an issuer identifier from the authentication request message.” The Specification is devoid of any disclosure describing an issuer identifier; let alone does the Specification describe extracting an issuer identifier from an authentication request message. Therefore, it is new matter. Furthermore regarding claim 1, the claim recites the limitation of “based on the issuer identifier, retrieve a first authentication model associated with a first issuer identified by the issuer identifier.” Again, the Specification is devoid of any disclosure describing an issuer identifier. And, while the Specification at [0055] describes generating an identity insight model for each issuer, the Specification is devoid of any support for the feature of selecting a retrieving one of the models based on an issuer identifier. Therefore this limitation is new matter. Furthermore regarding claim 1, claim 1 recites the limitation of “computers of a closed processing network.” The Specification is devoid of any disclosure pertaining to a closed processing network. Therefore this limitation is new matter. Claims 11 and 20 have similar limitations found in claim 1 above, and therefore is rejected by the same rationale. The rest of the dependent claims are rejected due to their dependency to a rejected claim. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 1 recites the limitation “inputting the extracted consumer identity data into the first authentication model to leverage the historical data across the plurality of issuers as compared to a significantly smaller volume of limited historical transaction data processed only by the first issuer.” This limitation renders the claim indefinite because it is not clear how much data is being leveraged in comparison to “a significantly smaller volume of limited historical transaction data processed only by the first issuer.” The limitation is also confusing because it is not clear whether the claim requires a certain amount of historical data to be leveraged, nor how that data is limited in comparison to a smaller volume of data. Furthermore regarding this claim limitation of limitation “inputting the extracted consumer identity data into the first authentication model to leverage the historical data across the plurality of issuers as compared to a significantly smaller volume of limited historical transaction data processed only by the first issuer,” the term “significantly smaller” in claim is a relative term which renders the claim indefinite. The term “significantly smaller” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. The parameter of “volume of limited historical transaction data” is rendered indefinite by use of the term “significantly smaller.” Furthermore regarding claim 1, the claim recites “the issuer computing device.” There is insufficient antecedent basis for this limitation in the claim. Claims 11 and 20 have similar limitations found in claim 1 above, and therefore is rejected by the same rationale. The rest of the dependent claims are rejected due to their dependency to a rejected claim. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention recites an abstract idea without significantly more. Independent claims 1, 11, and 20 are directed to an apparatus (claims 1 and 20) and a method (claim 11). Therefore, on its face, each independent claim 1, 11, and 20 are directed to a statutory category of invention under Step 1 of the Patent Subject Matter Eligibility analysis (see MPEP 2106.03). Under Step 2A, Prong One of the Patent Subject Matter Eligibility analysis (see MPEP 2106.04), claims 1, 11, and 20 recite, in part, an apparatus and a method of organizing human activity. Using the limitations in claim 1 to illustrate, the claim recites authenticating a user; generate a plurality of authentication models using historical data, each model associated with a respective issuer and having a respective plurality of criteria defined by the respective issuer, the historical data comprising at least historical consumer identity data from historical authentication and authorization transactions conducted across a plurality of issuers; receive an authentication request message for a current transaction, the authentication request message having a first format and including consumer identity data for the current transaction; extract the consumer identity data and an issuer identifier from the authentication request message; based on the issuer identifier, retrieve a first authentication model, the first authentication model associated with a first issuer identifier by the issuer identifier; generate identity insight result data including an identity score, by inputting the extracted consumer identity data into the authentication model to leverage the historical data across the plurality of issuers as compared to a significantly smaller volume of limited historical transaction data processed by only the first issuer; when the identity insight result data meets first criteria of the plurality of criteria of the first authentication model: inject the identity insight result data into an authorization request message to generate an enhanced authorization request message for authorization of the current transaction, wherein the enhanced authorization request message is in a second, standardized format suitable for processing, the second format being different from the first format; and transmit the enhanced authorization request message to the issuer to enable the issuer to make an authentication decision with the identity insight result data prior to proceeding with authorization of the current transaction, without externally transmitting the consumer identity data; when the identity insight result data meets second criteria of the plurality of criteria, authenticate the current transaction without transmitting any request message to the issuer and transmit an authentication response message, in the first format and including the identity insight result data, to the merchant indicating the current transaction has been authenticated; and when the identity insight result data meets third criteria of the plurality of criteria, transmit an authentication response message, in the first format and including the identity insight result data, to the merchant indicating the current transaction has not been authenticated without transmitting any request message to the issuer. The limitations, as drafted, is a process that, under its broadest reasonable interpretation, covers commercial and legal interactions (certain methods of organizing human activity), but for the recitation of generic computer components. The claims as a whole recite a method of organizing human activity. The claimed inventions allows for using an authentication model to authenticate the identity of a user, and modify an authorization request by adding identity authentication data to the request, which is a fundamental economic principle or practice of mitigating risk and a commercial and legal interaction of sales activities or behaviors. The mere nominal recitation of a memory device and processor do not take the claim out of the methods of organizing human activity grouping. Thus, the claims recite an abstract idea. Under Step 2A, Prong Two of the Patent Subject Matter Eligibility analysis (see MPEP 2106.04), the judicial exception is not integrated into a practical application. In particular, the additional elements of an authentication platform for use; an online user; the authentication platform comprising: a memory device; and at least one processor coupled to the memory device, the at least one processor programmed to perform claim functions and at least one non-transitory computer-readable storage media having computer-executable instructions embodied thereon for use in authenticating an online user, wherein when executed by at least one processor, the computer-executable instructions cause the at least one processor to perform claim functions; issuers communicatively coupled to the authentication platform; a merchant computing device; computers of a closed processing network; an issuer computing device are recited at a high-level of generality (i.e., as a generic computer components performing generic computer functions of generating an authentication model, receiving an authentication request, extracting identity data from the request, generating identity insight result data, injecting an authorization request message and transmitting the authorization request message) such that it amounts to no more than generally linking the use of the judicial exception to a particular technological environment or field of use (e.g., a computer network).-see MPEP 2106.05(h). Accordingly, the combination of the additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea. Under Step 2B of the Patent Subject Matter Eligibility analysis (see MPEP 2106.05), the claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements in the claims amount to no more than generally linking the use of the judicial exception to a particular technological environment or field of use (see MPEP 2106.05(h)). Generally linking the use of the judicial exception to a particular technological environment or field of use using generic computer components cannot provide an inventive concept. The claims are not patent eligible. The dependent claims have been given the full two part analysis including analyzing the additional limitations both individually and in combination. The dependent claim(s) when analyzed both individually and in combination are also held to be patent ineligible under 35 U.S.C. 101 because for the same reasoning as above and the additional recited limitation(s) fail(s) to establish that the claim(s) is/are not directed to an abstract idea. Dependent claims 2-4, 6-10, 12-13, and 15-19 simply help to define the abstract idea. Dependent claims 5, and 14 simply further describes the technological environment. Dependent claims 5 and 14 recite the additional elements of data stored in a database accessible by a processor, which merely further describes a data storage component of the generally linked computer network. The additional limitations of the dependent claim(s) when considered individually and as an ordered combination do not amount to significantly more than the abstract idea. Viewing the claim limitations as an ordered combination does not add anything further than looking at the claim limitations individually. When viewed either individually, or as an ordered combination, the additional limitations do not amount to a claim as a whole that is significantly more than the abstract idea. Accordingly, claims 1-20 is/are ineligible. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 20150039506 A1 (“Groarke”) discloses conducting 3-D Secure transactions on-behalf-of (OBO) merchants. In an embodiment, a payer authentication response (PARes) message indicating enrollment in the 3-D Secure OBO merchants authentication service is received from an access control server by a computer and stored. The computer later receives a purchase transaction authorization request message, determines that data of the purchase transaction authorization request message matches stored PARes message data, and then injects a UCAF into the purchase transaction authorization request message to generate an updated transaction authorization request message. The updated transaction request message is then transmitted to an issuer financial institution for 3-D Secure purchase transaction authorization processing. US 10891610 B2 (“Powell”) discloses providing, along with a token, a token assurance level and data used to generate the token assurance level. At the time a token is issued, one or more Identification and Verification (ID&V) methods may be performed to ensure that the token is replacing a PAN that was legitimately used by a token requestor. A token assurance level may be assigned to a given token in light of the type of ID&V that is performed and the entity performing the ID&V. Different ID&Vs may result in different token assurance levels. An issuer may wish to know the level of assurance and the data used in generating the level of assurance associated with a token prior to authorizing a payment transaction that uses the token. US 20220044251 A1 (“Abouelenin”) discloses identifying types of network interactions. An example method includes generating, by a token service provider, a token for a payment account based on a request from a user, where the token includes an indicator of a type of transaction for which the token is available for use, and provisioning, by the token service provider, the token to a third party. In doing so, in response to use of the token in a transaction to the payment account, the indicator is included at a first data element of an authorization request for the transaction to the payment account thereby identifying the type of the transaction in the authorization request. Any inquiry concerning this communication or earlier communications from the examiner should be directed to RAVEN E YONO whose telephone number is (313)446-6606. The examiner can normally be reached Monday - Friday 8-5PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bennett M Sigmond can be reached on (303) 297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /RAVEN E YONO/Primary Examiner, Art Unit 3694