DETAILED ACTION
Response to Amendment
This Office Action is responsive to Applicant’s arguments and request for continued examination of application 18/385,664 (10/31/23) filed on 03/02/26.
Claim Objections
Claims 1, 7 and 14 are objected to because of the following informalities:
Claim 1 recites, “A computer implemented method for authorizing a transaction via a transaction device, comprising:”
This should be -- A [[DELETE computer implemented]] method for authorizing a transaction [[DELETE via]] using a transaction device, comprising: -- or something similar.
To avoid undue interpretation, consistent terminology should be used.
Also, adds clarity since the machine performing the positively recited steps or acts in the body of the claim is the “provider institution computing system”, not the “computer”.
Claim 7 recites, “receive, via the network interface, an authorization request for a transaction via a transaction device, the authorization request including information identifying an account of a user;”
This should be -- receive, via the network interface, an authorization request for a transaction [[DELETE via]] using a transaction device, the authorization request including information identifying an account of a user; -- or something similar.
To avoid undue interpretation, consistent terminology should be used.
Claim 14 recites, “A non-transitory computer readable medium having computer-executable instructions embodied therein that, when executed by at least one processor of a computing system, cause the computing system to perform operations to authorize a transaction via a transaction device, the operations comprising:”
This should be -- A non-transitory computer readable medium having computer-executable instructions embodied therein that, when executed by at least one processor of a computing system, cause the computing system to perform operations to authorize a transaction [[DELETE via]] using a transaction device, the operations comprising: -- or something similar.
To avoid undue interpretation, consistent terminology should be used.
Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1 - 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
ALICE/ MAYO: TWO-PART ANALYSIS
2A. First, a determination whether the claim is directed to a judicial exception (i.e., abstract idea).
Prong 1: A determination whether the claim recites a judicial exception (i.e., abstract idea).
Groupings of abstract ideas enumerated in the 2019 Revised Patent Subject Matter Eligibility Guidance.
Mathematical concepts- mathematical relationships, mathematical formulas or equations, mathematical calculations.
Certain methods of organizing human activity- fundamental economic principles or practices (including hedging, insurance, mitigating risk); commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations); managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions).
Mental processes- concepts performed in the human mind (including an observation, evaluation, judgement, opinion).
Prong 2: A determination whether the judicial exception (i.e., abstract idea) is integrated into a practical application.
Considerations indicative of integration into a practical application enumerated in the 2019 Revised Patent Subject Matter Eligibility Guidance.
Improvement to the functioning of a computer, or an improvement to any other technology or technical field
Applying or using a judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition
Applying the judicial exception with, or by use of a particular machine.
Effecting a transformation or reduction of a particular article to a different state or thing
Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception
Considerations that are not indicative of integration into a practical application enumerated in the 2019 Revised Patent Subject Matter Eligibility Guidance.
Merely reciting the words “apply it” (or an equivalent) with the judicial exception, or merely including instructions to implement an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea.
Adding insignificant extra-solution activity to the judicial exception.
Generally linking the use of the judicial exception to a particular technological environment or field of use.
2B. Second, a determination whether the claim provides an inventive concept (i.e., Whether the claim(s) include additional elements, or combinations of elements, that are sufficient to amount to significantly more than the judicial exception (i.e., abstract idea)).
Considerations indicative of an inventive concept (aka “significantly more”) enumerated in the 2019 Revised Patent Subject Matter Eligibility Guidance.
Improvement to the functioning of a computer, or an improvement to any other technology or technical field
Applying the judicial exception with, or by use of a particular machine.
Effecting a transformation or reduction of a particular article to a different state or thing
Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception NOTE: The only consideration that does not overlap with the considerations indicative of integration into a practical application associated with step 2A: Prong 2.
Considerations that are not indicative of an inventive concept (aka “significantly more”) enumerated in the 2019 Revised Patent Subject Matter Eligibility Guidance.
Merely reciting the words “apply it” (or an equivalent) with the judicial exception, or merely including instructions to implement an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea.
Adding insignificant extra-solution activity to the judicial exception.
Generally linking the use of the judicial exception to a particular technological environment or field of use.
Simply appending well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception. NOTE: The only consideration that does not overlap with the considerations that are not indicative of integration into a practical application associated with step 2A: Prong 2.
See also, 2010 Revised Patent Subject Matter Eligibility Guidance; Federal Register; Vol. 84, No. 4; Monday, January 7, 2019
Claims 1 - 20 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
1: Statutory Category
Applicant’s claimed invention, as described in independent claim 1, is/are directed to a process (i.e. a computer implemented method).
2(A): The claim(s) are directed to a judicial exception (i.e., an abstract idea).
PRONG 1: The claim(s) recite a judicial exception (i.e., an abstract idea).
Certain Method of Organizing Human Activity
The claim as a whole recites a method of organizing human activity. The claimed invention involves receiving an authorization request for the transaction including information identifying an account of a user; identifying, based on the information identifying the account of the user, an identity of the user associated with the authorization request; determining a computing device associated with the identified user based on cross-referencing the identity of the user to one or more computing devices associated with the identified user; identifying, based on the account of the user and the computing device, a transaction rule that (i) includes an authorization distance and an authentication distance and (ii) is associated with the account of the user, the computing device, and the identified user; determining a distance between a location of the transaction and a location of the determined computing device; determining, based on the transaction rule, that additional authentication is required based on the determined distance relative to the authentication distance such that (i) in response to the determined distance being greater than the authorization distance but less than or equal to the authentication distance, the required additional authentication includes a first set of authentication information, and (ii) in response to the determined distance being greater than the authentication distance, the required additional authentication includes a second set of authentication information different from the first set of authentication information; determining, based on the transaction rule, that the additional authentication information is configured to be provided by the determined computing device based on the authorization request being for the transaction using the transaction device; establishing a secure communication session; providing, during the secure communication session, a prompt for the additional authentication information; receiving, during the secure communication session, a response including encrypted additional information in response to the prompt; and authorizing the transaction based on the encrypted additional information matching stored additional authentication information3 29, which is a fundamental economic principles or practices (authorizing a transaction); commercial or legal interactions (authorizing a transaction); and managing personal behavior or relationships or interactions between people (receiving, identifying, determining, establishing, providing, authorizing).
The mere nominal recitation of a “provider institution computing system” does not take the claim out of the method of organizing human activity grouping. Thus, the claim recites an abstract idea.
Mental Processes
The claim recites limitations directed to 3 receiving an authorization request for the transaction including information identifying an account of a user; identifying, based on the information identifying the account of the user, an identity of the user associated with the authorization request; determining a computing device associated with the identified user based on cross-referencing the identity of the user to one or more computing devices associated with the identified user; identifying, based on the account of the user and the computing device, a transaction rule that (i) includes an authorization distance and an authentication distance and (ii) is associated with the account of the user, the computing device, and the identified user; determining a distance between a location of the transaction and a location of the determined computing device; determining, based on the transaction rule, that additional authentication is required based on the determined distance relative to the authentication distance such that (i) in response to the determined distance being greater than the authorization distance but less than or equal to the authentication distance, the required additional authentication includes a first set of authentication information, and (ii) in response to the determined distance being greater than the authentication distance, the required additional authentication includes a second set of authentication information different from the first set of authentication information; determining, based on the transaction rule, that the additional authentication information is configured to be provided by the determined computing device based on the authorization request being for the transaction using the transaction device; establishing a secure communication session; providing, during the secure communication session, a prompt for the additional authentication information; receiving, during the secure communication session, a response including encrypted additional information in response to the prompt; and authorizing the transaction based on the encrypted additional information matching stored additional authentication information3 29.
The limitation(s), as drafted, is/are a process that, under it’s broadest reasonable interpretation, covers performance of the limitation(s) in the mind but for the recitation of generic computer components. That is, other than reciting a “provider institution computing system”, nothing in the claim elements preclude the steps from practically being performed in the mind. For example, but for the “provider institution computing system”, the claim encompasses the user manually receiving an authorization request for the transaction including information identifying an account of a user; identifying, based on the information identifying the account of the user, an identity of the user associated with the authorization request; determining a computing device associated with the identified user based on cross-referencing the identity of the user to one or more computing devices associated with the identified user; identifying, based on the account of the user and the computing device, a transaction rule that (i) includes an authorization distance and an authentication distance and (ii) is associated with the account of the user, the computing device, and the identified user; determining a distance between a location of the transaction and a location of the determined computing device; determining, based on the transaction rule, that additional authentication is required based on the determined distance relative to the authentication distance such that (i) in response to the determined distance being greater than the authorization distance but less than or equal to the authentication distance, the required additional authentication includes a first set of authentication information, and (ii) in response to the determined distance being greater than the authentication distance, the required additional authentication includes a second set of authentication information different from the first set of authentication information; determining, based on the transaction rule, that the additional authentication information is configured to be provided by the determined computing device based on the authorization request being for the transaction using the transaction device; establishing a secure communication session; providing, during the secure communication session, a prompt for the additional authentication information; receiving, during the secure communication session, a response including encrypted additional information in response to the prompt; and authorizing the transaction based on the encrypted additional information matching stored additional authentication information.
The mere nominal recitation of a “provider institution computing system” does not take the claim limitation out of the mental processes grouping. This/these limitation(s) recite a mental process. Thus, the claim recites an abstract idea.
PRONG 2: The judicial exception (i.e., an abstract idea). Is not integrated into a practical application.
The claim recites the combination of additional elements of a “computer implemented method for authorizing a transaction via a transaction device” (preamble only). The claim recites the combination of additional elements of a “provider institution computing system” performing the steps. The claim recites the combination of additional elements of the secure communication being “between the provider institution computing system and the determined computing device, the secure communication session providing encrypted communication between the provider institution computing system and the determined computing device”. The claim recites the combination of additional elements of the “providing” being “to the determined computing device” and the “receiving” being “from the determined computing device”. The additional element(s) is/ are recited at a high level of generality (i.e., as a generic computer performing the generic computer functions of (a) data receipt/ transmission (e.g., receiving, providing, etc. step(s) as claimed); and (b) data processing (e.g., identifying, determining, establishing, authorizing, etc. step(s) as claimed)). The additional element(s) is/ are recited at a high level of generality (i.e., as general means of gathering authorization data, and amounts to mere data gathering, which is a form of insignificant extra-solution activity. The “provider institution computing system” that performs the step(s) is also recited at a high level of generality, and merely automates the step(s). The “provider institution computing system” limitations are no more than mere instructions to apply the exception using generic computer components. Accordingly, the additional element(s) does not integrate the abstract idea into a practical application because it does not impose any meaningful limitations on practicing the abstract idea. The claim is directed to an abstract idea. NOTE: (a) The claim is exclusively from the perspective of the “provider institution computing system”. (b) Although a “transaction device” is referenced in the claim, the claim is not from the perspective of the “transaction device” and the “transaction device” does not perform any of the positively recited steps or acts required of the claimed invention. (c) Although a “computing device” is referenced in the claim, the claim is not from the perspective of the “computing device” and the “computing device” does not perform any of the positively recited steps or acts required of the claimed invention. The “computing device” merely interacts with the machine (i.e., “provider institution computing system”) from whose perspective the invention is claimed.
Since the claim(s) recite a judicial exception and fails to integrate the judicial exception into a practical application, the claim(s) is/are “directed to” the judicial exception. Thus, the claim(s) must be reviewed under the second step of the Alice/ Mayo analysis to determine whether the abstract idea has been applied in an eligible manner.
2(B): The claims do not provide an inventive concept (i.e., The claim(s) do not include additional elements, or combinations of elements, that are sufficient to amount to significantly more than the judicial exception (i.e., abstract idea)).
As discussed with respect to Step 2A Prong Two, the additional element(s) in the claim amounts to no more than mere instructions to apply the exception using a generic computer component. The same analysis applies here in 2B, i.e., mere instructions to apply an exception using a generic computer component cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B.
Furthermore, the additional element(s) under STEP 2A Prong 2 have been evaluated in STEP 2B to determine if it is more than what is well-understood, routine conventional activity in the field. Applicant’s specification as filed 10/31/23 does not provide any indication that the “provider institution computing system” is anything other than a generic, off-the-shelf computer components, see at least Fig. 1, para. [0016] [0018] [0019]. Furthermore, the prosecution history of the instant application provides Mahaffey, US Pub. No. 2018/0068309; Kohli, 2017/0345006; Benkreira, US Pub. No. 2021/0357940; Pitz, US Pat. No. 10,565,589; and Chitalia, US Pub. No. 2017/0236113 operating in a similar environment, suggesting performing tasks such as (a) data receipt/ transmission (e.g., receiving, providing, etc. step(s) as claimed); and (b) data processing (e.g., identifying, determining, establishing, authorizing, etc. step(s) as claimed) are well understood, routine and conventional. See Mahaffey, abstract, Fig. 3, [0014] [0015] [0016] [0026] [0028] [0029] [0031] [0032] [0033] [0034] [0035] [0036] [0037] [0038] [0040] [0042] [0043] [0047] [0048] [0049] [0050] [0051] [0055] [0057] [0062] [0064] [0069] [0070] [0071] [0072] [0080]. See Kohli, abstract, [0005] [0006] [0007] [0022] [0023] [0065] [0069] [0073]. See Benkreira, [0042] [0043] [0127] [0158]. See Pitz, Fig. 3C, col. 4, lines 15 - 20; col. 9, line 62+ - col. 10, line 10; col. 20, line 30 - col. 21, line 3; col. 22, line 66+ - col.23, line 9; col. 23, lines 30 - 39. See Chitalia, [0064] [0065] [0072] [0084]. Furthermore, the courts have recognized that computer functions or tasks analogous to those claimed by applicant such as (a) data receipt/ transmission (e.g., receiving, providing, etc. step(s) as claimed); and (b) data processing (e.g., identifying, determining, establishing, authorizing, etc. step(s) as claimed) are well understood, routine and conventional. Symantec, TLI, OIP Techs and buySAFE court decisions cited in MPEP § 2106.05(D) (ii) indicate that mere collection or receipt of data over a network is a well-understood, routine, and conventional function when it is claimed in a merely generic manner (as here). Flook, Bancorp court decisions cited in MPEP § 2106.05(D) (ii) indicate performing repetitive calculations is a well-understood, routine, and conventional function when it is claimed in a merely generic manner (as here). Accordingly, a conclusion that the additional elements are well-understood, routine, conventional activity is supported under Berkheimer.
For these reasons, there is no invention concept in the claim, and thus the claim is ineligible.
Dependent claims 2 - 6 are rejected as ineligible subject matter under 35 U.S.C. 101 based on a rationale similar to the claims from which they depend.
Alice Corp. also establishes that the same analysis should be used for all categories of claims (e.g., product and process claims). Therefore, independent location-based transaction authentication computing system claim 7 and independent non-transitory computer readable medium claim 14 is/are also rejected as ineligible subject matter under 35 U.S.C. 101 for substantially the same reasons as the method claims. The component(s) (i.e., (a) “a network interface”; (b) “processing circuit”, etc.) described independent location-based transaction authentication computing system claim 7; and the component(s) (i.e., (a) “non-transitory computer readable medium”; (b) “at least one processor of a computing system”, etc.) described in independent non-transitory computer readable medium claim 14, add nothing of substance to the underlying abstract idea. At best, the product (location-based transaction authentication computing system; non-transitory computer readable medium) recited in the claim(s) are merely providing an environment to implement the abstract idea.
Dependent claims 8 - 13 and 15 - 20 are rejected as ineligible subject matter under 35 U.S.C. 101 based on a rationale similar to the claims from which they depend.
Alice Corp. also establishes that the same analysis should be used for all categories of claims (e.g., product and process claims). Therefore, independent location-based transaction authentication computing system claim 7 and independent non-transitory computer readable medium claim 14 is/are also rejected as ineligible subject matter under 35 U.S.C. 101 for substantially the same reasons as the method claims. The component(s) (i.e., (a) “a network interface”; (b) “processing circuit”, etc.) described independent location-based transaction authentication computing system claim 7; and the component(s) (i.e., (a) “non-transitory computer readable medium”; (b) “at least one processor of a computing system”, etc.) described in independent non-transitory computer readable medium claim 14, add nothing of substance to the underlying abstract idea. At best, the product (location-based transaction authentication computing system; non-transitory computer readable medium) recited in the claim(s) are merely providing an environment to implement the abstract idea.
Dependent claims 8 - 13 and 15 - 20 are rejected as ineligible subject matter under 35 U.S.C. 101 based on a rationale similar to the claims from which they depend.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1 and 7 - 14 (claims 2 - 6, 8 - 13 and 15 - 20 based on their dependency) are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Re Claims 1, 9 and 14 (claims 2 - 6, 8 - 13 and 15 - 20 based on their dependency): It is unclear where support may be found in applicant’s specification as filed 10/31/23 for the “transaction device” as claimed.
Re Claims 7 - 13: It is unclear where support may be found in the specification for a “location-based transaction authentication system” as claimed. NOTE: Does the applicant intend for the claims to refer to -- provider institution computing system -- instead? See at least. Fig. 1, para. [0016] [0018] [0019] of applicant’s specification as filed 10/31/23.
Response to Arguments
Double Patenting
Withdrawn in light of applicant’s arguments and/ or amendments.
101
Applicant's arguments have been fully considered but they are not persuasive.
(1)Applicant argues the claim(s) are not directed to a judicial exception (i.e., an abstract idea).
Certain Method of Organizing Human Activity
The claimed invention is directed to certain methods of organizing human activity.
Fundamental economic principles or practices relate to the economy and commerce. The claimed invention encompasses fundamental economic principles or practices as it relates to mitigating risk and processing of payments (e.g., authorizing a transaction).
This interpretation is consistent with the prosecution history of the instant application.
For example, applicant’s arguments/ remarks (e.g., See pgs. 17, 18, 20 and 21 of applicant’s arguments/ remarks as filed 02/02/26) which described the claimed invention’s purpose for “improved security”. For example, applicant’s claim(s) (e.g., See claim 8 as filed 02/02/26) which describe “fraudulent” designations and providing notification for “fraudulent” designations. Improving security, designating fraudulent transactions and providing notification of fraudulent transactions are all attempts at mitigating risk in transactions.
For example, para. [0003] of applicant’s specification as filed 10/31/23 states:
[0003] Customers of financial institutions typically must set travel plans prior to travelling out of a home area or country. In some instances in which a customer does not set a travel plan, a customer's own transactions may be marked as fraudulent such that the customer is not able to complete any or certain transactions. In especially negative instances, a customer can be left stranded such that a family member or another person must wire or otherwise transfer them money. Customers who do remember to set travel plans may be able to perform transactions when travelling but must make sure their travel plans are adjusted to cover any changes mid- trip. In areas with bad internet connection or cellular service, this can be challenging and a hassle. As a result, there is a need for a seamless way to process transactions in which a customer does not need to consistently update the financial institution on their location and travel plans.
The claimed invention encompasses commercial or legal interactions. The claimed invention relates to mitigating risk and processing of payments (e.g., authorizing a transaction). Mitigating risk and processing of payments, in the instant scenario, pertains to agreements in the form of “legal obligations”, “sales activities or behaviors” and “business relations”.
The claimed invention encompasses managing personal behavior or relationships or interactions (e.g., receiving, identifying, determining, establishing, providing, authorizing).
See also, MPEP §2106.04(a)(2)(II).
Mental Processes
The claimed invention is directed to mental processes. The claimed invention encompasses observations, evaluations, judgements and opinions (e.g., “identifying, ….. based on the information identifying the account of the user, an identity of the user associated with the authorization request; determining ….. a computing device associated with the identified user based on cross-referencing the identity of the user to one or more computing devices associated with the identified user; identifying, ….. based on the account of the user and the computing device, a transaction rule that (i) includes an authorization distance and an authentication distance and (ii) is associated with the account of the user, the computing device, and the identified user; determining ….. a distance between a location of the transaction and a location of the determined computing device; determining, ….. based on the transaction rule, that additional authentication is required based on the determined distance relative to the authentication distance such that (i) in response to the determined distance being greater than the authorization distance but less than or equal to the authentication distance, the required additional authentication includes a first set of authentication information, and (ii) in response to the determined distance being greater than the authentication distance, the required additional authentication includes a second set of authentication information different from the first set of authentication information; determining, ….. based on the transaction rule, that the additional authentication information is configured to be provided by the determined computing device based on the authorization request being for the transaction using the transaction device; establishing ….. a secure communication session …..”; “authorizing, by the provider institution computing system, the transaction based on the encrypted additional information matching stored additional authentication information”.) which are examples of mental processes.
Contrary to applicant’s arguments, the courts do not distinguish between mental processes that are performed entirely in the human mind and mental processes that require a human to use a physical aid. Similarly, the courts do not distinguish between claims that recite mental processes performed by humans and claims that recite mental processes performed on a computer. Although claims 1 - 20 recite performance on a machine (e.g., A “provider institution computing system” in method claims 1 - 6; A “location-based transaction authentication computing system” comprising “a network interface” and “a processing circuit comprising at least one processor and at least one memory” in system claims 7 - 13; A “non-transitory computer readable medium” and “at least one processor of a computing system” in non-transitory computer readable medium claims 14 - 20), nothing forecloses applicant’s claimed invention from being performed by a human and thus applicant’s claimed invention is still directed to a mental process.
See also, MPEP §2106.04(a)(2)(III).
(2)Applicant argues the judicial exception (i.e., an abstract idea) is integrated into a practical application.
Applicant suggests the claimed invention presents a “practical application” because it provides a technical solution to a technical problem; and provides improvements in the functioning of a computer, or to any other technology or technical field (e.g., “A problem in the field of transaction authentication is convenience, security, and resource consumption.” See pg. 17 of applicant’s arguments/ remarks as filed 02/02/26.; “Applicant respectfully submits that the exemplary features of amended claim 1 reflect an improvement to the technological field of transaction authentication, for example by offering improved security and increased convenience.” See pg. 17 of applicant’s arguments/ remarks as filed 02/02/26.). The Examiner disagrees.
Applicant’s arguments suggesting the claimed invention provides a technical solution to a technical problem; and provides improvements in the functioning of a computer, or to any other technology or technical field suggests the applicant believes the technical aspects of the invention are substantial. There exists alternative perspectives however.
The claims do not improve upon the computer’s capabilities/ functionality or any other technology or technical field. Applicant has not provided a technology based “solution”/ “improvement” as applicant suggests, but instead any alleged “solution”/ “improvement” is directed to the underlying abstract idea (i.e., mitigating risk and processing of payments (e.g., authorizing a transaction)) as noted above.
Applicant’s specification and what applicant argues as the “technical solution to a technical problem”/ “improvement” focuses on the benefits of automation itself.
For example, para. [0003] [0015] of applicant’s specification as filed 10/31/23 and pgs. 17 - 18 of applicant’s arguments/ remarks as filed 02/02/26 and state:
[0003] Customers of financial institutions typically must set travel plans prior to travelling out of a home area or country. In some instances in which a customer does not set a travel plan, a customer's own transactions may be marked as fraudulent such that the customer is not able to complete any or certain transactions. In especially negative instances, a customer can be left stranded such that a family member or another person must wire or otherwise transfer them money. Customers who do remember to set travel plans may be able to perform transactions when travelling but must make sure their travel plans are adjusted to cover any changes mid- trip. In areas with bad internet connection or cellular service, this can be challenging and a hassle. As a result, there is a need for a seamless way to process transactions in which a customer does not need to consistently update the financial institution on their location and travel plans.
[0015] The features described herein provide several technical advantages and benefits. For example, the features described herein allow for manipulation of location data in a unique manner to authenticate a transaction. Because the location data of both the transaction and the user device are used in tandem, less input is required from the user saving on bandwidth and processing power of the user's device. Furthermore, because of the interconnectivity between multiple components, the authentication process is enhanced yet still allows for a transaction in a frictionless way. For example, if the user is travelling, the location of the user's device (which is typically with the user) can be used to authenticate the user and prevent any unnecessary transaction denials. The user does not need to set up any "travel plans" or have concerns that their financial account may be inaccessible because they forgot to set up such a travel plan. This also saves on processing power of the provider institution computing system by resulting in less transactions being flagged for possible fraud.
The “solution”/ “improvements” with respect to “convenience” and “resource consumption” applicant describes is really the just the benefits of automation itself.
In response to applicant's arguments (e.g., “security”), it is noted that the features upon which applicant relies are not recited in the rejected claim(s). See pgs. 18 - 20 of applicant’s arguments/ remarks as filed 02/02/26 which quotes the following paragraphs from applicant’s specification a filed 10/31/23.
[0024] In this way, the provider institution computing system 102, the account generation and management circuit 114, and the transaction processing circuit 120 may receive multiple transaction rules relating to a single account (or multiple accounts), and authorize or deny transactions based on the transaction rules. By doing so, the provider institution computing system 102, the account generation and management circuit 114, and the transaction processing circuit 120 allow the user 122 to customize their transaction rules to best suit themselves and protect their accounts. In one example, a customer who travels a lot may have a relatively relaxed set of transaction rules (e.g., low levels of authentication) with regard to their travelling account (e.g., the account used during travel), but a very tight set of transaction rules (e.g., high levels of authentication) with regard to their non-travelling account (e.g., a particular demand deposit or savings account).
[0042] The transaction rules specified by the user 122 and stored within the rules database 118 may further be specific to the interface that is conducting the transaction. For example, the transaction rules may state that additional authentication must be via the user computing device 124 if the transaction takes place via the point of sale computing system 170, but that the additional authentication may be via either the user computing device 124 or the input/output circuit 152 if the transaction takes place through the ATM 143. By doing so, the provider institution 101 may only allow secure information to be received via their devices and not via a third party device (e.g., the point of sale computing system 170). This may provide for more secure transactions in which there is a lesser chance of the user's additional authentication or payment information being stolen.
[0055] Once the location of the transaction has been determined or received by the provider institution computing system 102, the method 200 proceeds to a step 217 at which the provider institution computing system 102 identifies an identity of the user associated with the transaction request. For example, the provider institution computing system 102 may search the accounts database 116 for a customer that has the same name, account, and/or payment information as identified in the transaction request. In situations where there is no matching customer or user, the transaction may be denied. Alternatively, if the accounts database 116 locates a matching account, the user 122 may be identified by the provider institution computing system 102. Further, the provider institution computing system 102 may then look for or determine any relevant transaction rules within the rules database 118, determine if any location based authentication requirements are met, etc.
[0056] Once the identity of the user associated with the transaction is determined, the method 200 may proceed to step 218. At process 218, a computing device associated with the identified user is determined. For example, the provider institution computing system 102 may look at transaction rules within the rules database 118 and determine that the identified user (e.g., the user 122) has one or more transaction rules associated with the user computing device 124. While the user may have multiple devices stored in the accounts database 116, the user computing device 124 may be selected by cross-referencing the identity of the user and the transaction rules. In some embodiments, more than one of the user computing device 124 may be selected at step 218 such that the each of the user computing devices 124 must be used in the subsequent steps.
NOTE: The claimed invention (e.g., As represented by independent claims 1, 7 and 14) does describe “multiple transaction rules” and does not recite customization of transaction rules. NOTE: The claimed invention (e.g., As represented by independent claims 1 and 14). does not reference an interface. Although the claimed invention (e.g., As represented by independent claim 7) references a interface, there are not transaction rules that are specific to an interface that is conducting the transaction. NOTE: The claimed invention (e.g., As represented by independent claims 1, 7 and 14) does not address a scenario where there is no matching customer or user and similarly does not address transaction denial. NOTE: The claimed invention (e.g., As represented by independent claims 1, 7 and 14) does not disclose any database (e.g., “rules database”, “accounts database”) usage.
Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Mere instructions to implement an abstract idea on a computer, merely using a computer as a tool to perform an abstract idea or an equivalent of an “apply it” rationale are not indicative of integration into a practical application. See also, MPEP §2106.05 (f).
The role of the device is limited to necessary data gathering and outputting (e.g.,
“receiving, by a provider institution computing system, an authorization request for the transaction including information identifying an account of a user”; and “providing, by the provider institution computing system during the secure communication session and to the determined computing device, a prompt for the additional authentication information;
receiving, by the provider institution computing system during the secure communication session and from the determined computing device, a response including encrypted additional information in response to the prompt”;).
Adding insignificant extra-solution activity to the judicial exception is not indicative of integration into a practical application. See also, MPEP §2106.05 (g).
Collecting information (e.g., “receiving, by a provider institution computing system, an authorization request for the transaction including information identifying an account of a user”; and “providing, by the provider institution computing system during the secure communication session and to the determined computing device, a prompt for the additional authentication information; receiving, by the provider institution computing system during the secure communication session and from the determined computing device, a response including encrypted additional information in response to the prompt”;); analyzing it (e.g., “identifying, by the provider institution computing system and based on the information identifying the account of the user, an identity of the user associated with the authorization request; determining, by the provider institution computing system, a computing device associated with the identified user based on cross-referencing the identity of the user to one or more computing devices associated with the identified user; identifying, by the provider institution computing system and based on the account of the user and the computing device, a transaction rule that (i) includes an authorization distance and an authentication distance and (ii) is associated with the account of the user, the computing device, and the identified user; determining, by the provider institution computing system, a distance between a location of the transaction and a location of the determined computing device; determining, by the provider institution computing system and based on the transaction rule, that additional authentication is required based on the determined distance relative to the authentication distance such that (i) in response to the determined distance being greater than the authorization distance but less than or equal to the authentication distance, the required additional authentication includes a first set of authentication information, and (ii) in response to the determined distance being greater than the authentication distance, the required additional authentication includes a second set of authentication information different from the first set of authentication information;
determining, by the provider institution computing system and based on the transaction rule, that the additional authentication information is configured to be provided by the determined computing device based on the authorization request being for the transaction using the transaction device; establishing, by the provider institution computing system, a secure communication session between the provider institution computing system and the determined computing device, the secure communication session providing encrypted communication between the provider institution computing system and the determined computing device”; “authorizing, by the provider institution computing system, the transaction based on the encrypted additional information matching stored additional authentication information”.); and displaying certain results of the collection and analysis merely indicates a field of use or technical environment in which to apply the judicial exception.
Generally linking the use of the judicial exception to a particular technological environment or field of use is not indicative of integration into a practical application. See also, MPEP §2106.05 (h).
(3) Applicant argues the claimed invention is significantly more than the judicial exception (i.e., abstract idea). Applicant argues the claimed invention is not “well-understood, routine, and conventional”.
As discussed with respect to Step 2A Prong Two, the additional element(s) in the claim amounts to no more than mere instructions to apply the exception using a generic computer component. The same analysis applies here in 2B, i.e., mere instructions to apply an exception using a generic computer component cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B.
Furthermore, the additional element(s) under STEP 2A Prong 2 have been evaluated in STEP 2B to determine if it is more than what is well-understood, routine conventional activity in the field. Applicant’s specification as filed 10/31/23 does not provide any indication that the “provider institution computing system” is anything other than a generic, off-the-shelf computer components, see at least Fig. 1, para. [0016] [0018] [0019]. Furthermore, the prosecution history of the instant application provides Mahaffey, US Pub. No. 2018/0068309; Kohli, 2017/0345006; Benkreira, US Pub. No. 2021/0357940; Pitz, US Pat. No. 10,565,589; and Chitalia, US Pub. No. 2017/0236113 operating in a similar environment, suggesting performing tasks such as (a) data receipt/ transmission (e.g., receiving, providing, etc. step(s) as claimed); and (b) data processing (e.g., identifying, determining, establishing, authorizing, etc. step(s) as claimed) are well understood, routine and conventional. See Mahaffey, abstract, Fig. 3, [0014] [0015] [0016] [0026] [0028] [0029] [0031] [0032] [0033] [0034] [0035] [0036] [0037] [0038] [0040] [0042] [0043] [0047] [0048] [0049] [0050] [0051] [0055] [0057] [0062] [0064] [0069] [0070] [0071] [0072] [0080]. See Kohli, abstract, [0005] [0006] [0007] [0022] [0023] [0065] [0069] [0073]. See Benkreira, [0042] [0043] [0127] [0158]. See Pitz, Fig. 3C, col. 4, lines 15 - 20; col. 9, line 62+ - col. 10, line 10; col. 20, line 30 - col. 21, line 3; col. 22, line 66+ - col.23, line 9; col. 23, lines 30 - 39. See Chitalia, [0064] [0065] [0072] [0084]. Furthermore, the courts have recognized that computer functions or tasks analogous to those claimed by applicant such as (a) data receipt/ transmission (e.g., receiving, providing, etc. step(s) as claimed); and (b) data processing (e.g., identifying, determining, establishing, authorizing, etc. step(s) as claimed) are well understood, routine and conventional. Symantec, TLI, OIP Techs and buySAFE court decisions cited in MPEP § 2106.05(D) (ii) indicate that mere collection or receipt of data over a network is a well-understood, routine, and conventional function when it is claimed in a merely generic manner (as here). Flook, Bancorp court decisions cited in MPEP § 2106.05(D) (ii) indicate performing repetitive calculations is a well-understood, routine, and conventional function when it is claimed in a merely generic manner (as here). Accordingly, a conclusion that the additional elements are well-understood, routine, conventional activity is supported under Berkheimer.
For these reasons, there is no invention concept in the claim, and thus the claim is ineligible.
Dependent claims 2 - 6 are rejected as ineligible subject matter under 35 U.S.C. 101 based on a rationale similar to the claims from which they depend.
Alice Corp. also establishes that the same analysis should be used for all categories of claims (e.g., product and process claims). Therefore, independent location-based transaction authentication computing system claim 7 and independent non-transitory computer readable medium claim 14 is/are also rejected as ineligible subject matter under 35 U.S.C. 101 for substantially the same reasons as the method claims. The component(s) (i.e., (a) “a network interface”; (b) “processing circuit”, etc.) described independent location-based transaction authentication computing system claim 7; and the component(s) (i.e., (a) “non-transitory computer readable medium”; (b) “at least one processor of a computing system”, etc.) described in independent non-transitory computer readable medium claim 14, add nothing of substance to the underlying abstract idea. At best, the product (location-based transaction authentication computing system; non-transitory computer readable medium) recited in the claim(s) are merely providing an environment to implement the abstract idea.
Dependent claims 8 - 13 and 15 - 20 are rejected as ineligible subject matter under 35 U.S.C. 101 based on a rationale similar to the claims from which they depend.
Alice Corp. also establishes that the same analysis should be used for all categories of claims (e.g., product and process claims). Therefore, independent location-based transaction authentication computing system claim 7 and independent non-transitory computer readable medium claim 14 is/are also rejected as ineligible subject matter under 35 U.S.C. 101 for substantially the same reasons as the method claims. The component(s) (i.e., (a) “a network interface”; (b) “processing circuit”, etc.) described independent location-based transaction authentication computing system claim 7; and the component(s) (i.e., (a) “non-transitory computer readable medium”; (b) “at least one processor of a computing system”, etc.) described in independent non-transitory computer readable medium claim 14, add nothing of substance to the underlying abstract idea. At best, the product (location-based transaction authentication computing system; non-transitory computer readable medium) recited in the claim(s) are merely providing an environment to implement the abstract idea.
Dependent claims 8 - 13 and 15 - 20 are rejected as ineligible subject matter under 35 U.S.C. 101 based on a rationale similar to the claims from which they depend.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure and relates to authorizing a transaction particularly with location and/ or authentication.
US 20110202460 A1
US 20170236113 A1
US 20200126078 A1
US 20080222038 A1
US 11461780 B2
US 10885522 B1
US 8295898 B2
WO 2014013342 A2
WO 2009009872 A2
US 9892402 B2
US 9122853 B2
US 10311423 B2
US 10304042 B2
US 8166068 B2
US 20200279263 A1
US 20150170149 A1
US 20070055785 A1
US 20160364716 A1
US 20140380424 A1
WO 2010011594 A1
GB 2500212 A
WO 2009085045 A1
Camenisch J, Ortiz-Yepes DA, Preiss FS. Strengthening authentication with privacy-preserving location verification of mobile phones. In Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society 2015 Oct 12 (pp. 37-48).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARA C HAMILTON whose telephone number is (571)272-1186. The examiner can normally be reached Monday-Thursday, 8-5, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christine Tran can be reached at 571-272-8103. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
SARA CHANDLER HAMILTON
Primary Examiner
Art Unit 3695
/SARA C HAMILTON/Primary Examiner, Art Unit 3695