DETAILED ACTION
Status of Application
This action is a Non-Final Rejection. This action is in response to the request for continued examination filed on January 29, 2026.
Claims 1-4, 7-11, 14-18, and 20 are amended.
Claim 19 has been canceled.
Claim 21 has been added.
Claims 1-18, 20, and 21 are pending and rejected.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Response to Arguments
Regarding the rejections under 35 U.S.C. 103, Applicant’s arguments are moot because the rejection has been withdrawn in light of Applicant’s amendments. Although individual claim limitations are known in the art, the independent claims as a whole are not obvious.
Regarding the rejection under 35 U.S.C. 101, the rejection is maintained for the reasons given in the rejection.
Claim Rejections - 35 USC § 101
35 U.S.C. § 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-18, 20, and 21 are rejected under 35 U.S.C. § 101 as being directed to non-statutory subject matter because the claimed invention is directed to an abstract idea without significantly more.
Step 1: Does the Claim Fall within a Statutory Category? (see MPEP 2106.03)
Yes, with respect to claims 1-7 and 21, which recite a computing device and, therefore, are directed to the statutory class of machine or manufacture.
Yes, with respect to claims 8-14, which recite a method and, therefore, are directed to the statutory class of process.
Yes, with respect to claims 15-18 and 20, which recite a non-transitory computer readable medium and, therefore, are directed to the statutory class of manufacture.
Step 2A, Prong One: Is a Judicial Exception Recited? (see MPEP 2106.04(a))
The following claims (Claims 1-7 and 21 are representative) identify the limitations that recite the abstract idea in regular text and that recite additional elements in bold:
1. A computing device comprising:
a communication interface configured to
communicate with an authentication device associated with a user via a first communication network, and
communicate with a plurality of local devices that are separate and distinct from the authentication device;
an electronic processor; and
a memory,
wherein the electronic processor is configured to:
receive a registration of the authentication device connected to and communicating with the first communications network,
store the registration of the authentication device in the memory,
iteratively receive local device information regarding the plurality of local devices,
generate a plurality of environmental fingerprints based on the local device information that is iteratively received,
store the plurality of environmental fingerprints in the memory,
receive a transaction request by the user,
responsive to receiving the transaction request, perform a passive authentication operation by analyzing the plurality of environmental fingerprints,
responsive to the passive authentication operation indicating that a strong consumer authentication of the user is required, request an active authentication operation to be performed only by the authentication device that is registered,
receive a result of the active authentication operation performed only by the authentication device,
determine whether the result validates the transaction request by the user, and
permit the transaction request by the user in response to determining that the result validates the transaction request by the user.
2. The computing device of claim 1, wherein the passive authentication operation and the active authentication operation are authentication challenges according to a 3DS 2.0 protocol.
3. The computing device of claim 1, wherein the electronic processor is further configured to:
receive a registration of a second authentication device associated with the user, the second authentication device being separate and distinct from the authentication device, and the second authentication device being connected to and communicating with a second communications network,
store the registration of the second authentication device in the memory,
receive a second transaction request by the user,
responsive to receiving the second transaction request, perform a second passive authentication operation by analyzing the plurality of environmental fingerprints,
responsive to the second passive authentication operation indicating that a second strong consumer authentication is required, request a second active authentication operation to be performed only by the authentication device, the second authentication device, or a combination thereof,
receive one or more results of the second authentication operation performed only by the authentication device, the second authentication device, or the combination thereof,
determine whether the one or more results validate the second transaction request by the user, and
permit the second transaction request by the user in response to determining that the result validates the second transaction request by the user.
4. The computing device of claim 3, wherein the electronic processor is configured to:
receive a registration of a third authentication device associated with the user, the third authentication device being separate and distinct from the authentication device and the second authentication device, and the second authentication device being connected to and communicating with a third communications network,
store the registration of the third authentication device in the memory,
receive a third transaction request by the user,
responsive to receiving the third transaction request, perform a third passive authentication operation by analyzing the plurality of environmental fingerprints,
responsive to the third passive authentication operation indicating that a third strong consumer authentication is required, request a third active authentication operation to be performed only by the authentication device, the second authentication device, or the third authentication device, or a combination thereof,
receive one or more results of the third authentication operation performed only by the authentication device, the second authentication device, the third authentication device, or the combination thereof,
determine whether the one or more results validate the third transaction request by the user, and
permit the third transaction request by the user in response to determining that the result validates the third transaction request by the user.
5. The computing device of claim 4, wherein the authentication device, the second authentication device, and the third authentication device are individually one of a smartphone, a tablet, laptop computer, a desktop computer, a smart watch, a smart refrigerator, a smart thermostat, a smart garage door opener, a smart light device, a smart washing machine, a drone, a smart sound system, a smart television, a smart set-top box, an automobile, or smart clothing.1
6. The computing device of claim 4, wherein the first communications network, the second communications network, and the third communications network are individually one of a local area network (LAN), a personal area network (PAN), a wireless local area network (WLAN), a wide area network (WAN), an enterprise private network (EPN), or a system-area network (SAN).
7. The computing device of claim 1, wherein, to perform the passive authentication operation by analyzing the plurality of environmental fingerprints, the electronic processor is further configured to
determine whether a change has occurred with respect to a portion of the plurality of environmental fingerprints,
responsive to determining that the change has not occurred with respect to the portion of the plurality of environmental fingerprint, permit the transaction request by the user, and
responsive to determining that the change has occurred with respect to the portion of the plurality of environmental fingerprints indicate that the strong consumer authentication of the user is required.
21. The computing device of claim 1, wherein the active authentication operation is a challenge to compute a hash of available Wi-Fi access point names.
Yes. But for the recited additional elements as shown above in bold, the remaining limitations of the claims recite certain methods of organizing human activity. The claims are directed to authenticating a user for a transaction. This type of method of organizing human activity is a commercial interaction such as sales activities or behaviors and business relations. Thus, the claims recite an abstract idea.
Step 2A, Prong Two: Is the Abstract Idea Integrated into a Practical Application? (see MPEP 2106.04(d))
No. The claims as a whole merely use a computer as a tool to perform the abstract idea. The computing components (i.e., additional elements that are in bold above) are recited at a high level of generality and are merely invoked as a tool to implement the steps. For example, only a programmed general purpose computing device is needed to implement the claimed steps (i.e., receive data, store data, generate data, analyze environmental fingerprints, send data, determine, and permit). Simply implementing the abstract idea on a generic computer is not a practical application of the abstract idea. Additionally, there is no improvement to the functioning of a computer or technology. Therefore, the abstract idea is not integrated into a practical application.
Step 2B: Does the Claim Provide an Inventive Concept? (see MPEP 2106.05)
No. As discussed with respect to Step 2A, Prong 2, the additional elements in the claims, both individually and in combination, amount to no more than tools to perform the abstract idea. Merely performing the abstract idea using a computer cannot provide an inventive concept. Therefore, the claims do not provide an inventive concept.
As such, the claims are not patent eligible.
Relevant Prior Art
The following references are relevant to Applicant’s invention (in addition to those previously used for the obviousness rejection):
Todasco et al., U.S. Patent Application Publication Number 2019/0311365 A1. This reference teaches shared authentication for limited use of an associated account based on user location and connected devices.
Kamal et al., U.S. Patent Application Publication Number 2021/0241266 A1. This reference teaches 3D Secure 2.0 protocol.
Grewal et al., U.S. Patent Application Publication Number 2021/0185526 A1. This reference teaches location based authentication. Specifically, paragraph 0008 recites “According to an example, there is provided a method and system that removes an authentication burden from users by automatically authenticating devices if they are present in a particular environment. For example, many internet of things (IoT) devices are equipped with sensors that can be used to collect an environmental fingerprint that can be used to provide a device location. Such location fingerprints can be used to match devices in the same general area and establish “co-presence.” In an example, a central hub based approach is described, in which the hub acts as a location fingerprint matching service among managed devices in an ad-hoc fashion. Unlike location based authentication, users do not need to pre-select a location where the authentication is not needed. Although the system works with a cloud service it can also work directly with local devices.”
Email Communications
Per MPEP 502.03, Applicant may authorize email communications by filing Form PTO/SB/439, available at https://www.uspto.gov/sites/default/files/documents/sb0439.pdf, via the USPTO patent electronic filing system.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELIZABETH H ROSEN whose telephone number is (571) 270-1850 and email address is elizabeth.rosen@uspto.gov. The examiner can normally be reached Monday - Friday, 10 AM ET - 7 PM ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael Anderson, can be reached at 571-270-0508. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ELIZABETH H ROSEN/Primary Examiner, 3693
1 According to the broadest reasonable interpretation of this claim, only one of these devices is required. For example, all three authentication devices may be smartphones.