DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of the Claims
Claims 1-20 are presented for examination. Applicant filed response to noon-final Office action on 10/27/2025 amending claims 1 and 16. In light of Applicant’s amendments, Examiner has withdrawn the previous objection of claim 16, and previous § 101 rejection of claims 1-20. Examiner has, however, established new § 101 rejection for claims 1-20 in the instant Office action. Since the new § 101 rejection is necessitated by Applicant’s amendment of claim 1, the instant rejection of claims 1-20 is the FINAL rejection of claims.
Examiner’s Remarks
Patent Eligibility under § 101:
Applicant argues in page 12 of Applicant’s Remarks:
Applicant's specification provides a technical solution to the technical problem by disclosing a method involving the step of a processor-based authentication service accessing a database to determine if a particular consumer has a disability, the authentication service formulating an authentication message according to a first format used when there is no disability identifier associated with a consumer and a second format when there is a disability identifier associated with the consumer, and sending the formatted authentication message to the consumer, a merchant completing a purchase by the consumer once it receives the authentication message from the consumer.
Examiner respectfully disagrees. Applicant’s claim-limitations are recited in high level of abstraction lacking details and specifics as to how the technological solution to a problem of technology is achieved. As such, instant claims 1-20 are not patent eligible under § 101.
Prior Art under § 102 and § 103:
Prior art reference Hay (US 2023/0129991 A1) discloses:
[0039] In some example embodiments, as part of enrollment, the user 110 may provide multiple different biometrics to the biometric reader 116 sufficient to support a biometric PIN. In turn, the biometric PIN may be used to authenticate the user 110 in a transaction performed at the merchant 104 in combination with such enrollment.
[0035] The terminal 114 is configured to read, capture, etc. the computer-readable indicia and obtain (e.g., decode, etc.) the encrypted user identifier therefrom (or the randomly generated number) (again, each broadly an identifier). In response, the terminal 114 is configured to direct the biometric reader 116 to capture and to return a biometric from the user 110 (a default biometric, a biometric specified by the user 110, etc.). In turn, the biometric reader 116 is configured to, in response, capture the requested biometric (e.g., fingerprint, facial image, etc.) and process the captured biometric. In this example embodiment, the processing includes generating a biometric template from the captured biometric, encrypting the biometric template based on a public, private, or potentially, proprietary encryption scheme, and appending an identifier of a BSP associated with the biometric reader 116 (e.g., one of the BSPs 106a-c, etc.). In addition (or alternatively), the processing may include appending an identifier associated with a model or type of the biometric reader 116 or specific to the biometric reader 116 (whereby one or more of the BSPs 106a-c may be identified based on the identifier), and may also include formatting and/or size reduction operations in connection with templating, etc. Then, after processing the biometric (e.g., into an encrypted biometric template, etc.), the biometric reader 116 is configured to provide the encrypted biometric template, including the appended identifier(s), back to the terminal 114.
Further, prior art reference Poulet (FR 2963973 A1) discloses:
[0035] The terminal 114 is configured to read, capture, etc. the computer-readable indicia and obtain (e.g., decode, etc.) the encrypted user identifier therefrom (or the randomly generated number) (again, each broadly an identifier). In response, the terminal 114 is configured to direct the biometric reader 116 to capture and to return a biometric from the user 110 (a default biometric, a biometric specified by the user 110, etc.). In turn, the biometric reader 116 is configured to, in response, capture the requested biometric (e.g., fingerprint, facial image, etc.) and process the captured biometric. In this example embodiment, the processing includes generating a biometric template from the captured biometric, encrypting the biometric template based on a public, private, or potentially, proprietary encryption scheme, and appending an identifier of a BSP associated with the biometric reader 116 (e.g., one of the BSPs 106a-c, etc.). In addition (or alternatively), the processing may include appending an identifier associated with a model or type of the biometric reader 116 or specific to the biometric reader 116 (whereby one or more of the BSPs 106a-c may be identified based on the identifier), and may also include formatting and/or size reduction operations in connection with templating, etc. Then, after processing the biometric (e.g., into an encrypted biometric template, etc.), the biometric reader 116 is configured to provide the encrypted biometric template, including the appended identifier(s), back to the terminal 114.
However, Hay and Poulet do not teach – alone or in combination with each other or other references located by Examiner – the limitations of independent claim 1 as an ordered combination of steps.
Claim Rejections - 35 USC § 101
35 U.S.C. § 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 USC § 101 because they are directed to non-statutory subject matter. The rationale for this finding is explained below.
The Supreme Court in Mayo laid out a framework for determining whether an applicant is seeking to patent a judicial exception itself or a patent-eligible application of the judicial exception. See Alice Corp., 134 S. Ct. at 2355,110 USPQ2d at 1981 (citing Mayo, 566 U.S. 66, 101 USPQ2d 1961). This framework, which is referred to as the Mayo test or the Alice/Mayo test (“the test”), is described in detail in Manual of Patent Examining Procedure (”MPEP”) (see MPEP § 2106(III) for further guidance). The step 1 of the test: It need to be determined whether the claims are directed to a patent eligible (i.e., statutory) subject matter under 35 USC § 101. Step 2A of the test: If the claims are found to be directed to a statutory subject matter, the next step is to determine whether the claims are directed to a judicial exception i.e., law of nature, natural phenomenon, and abstract idea (Prong 1). If the claims are found to be directed to an abstract idea, it needs to be determined whether the claims recite additional elements that integrate the judicial exception into a practical application (Prong 2). Step 2B of the test: If the claims are directed to a judicial exception, the next and final step is to determine whether the claims recite additional elements that amount to significantly more than the judicial exception.
Step 1 of the Test:
When considering subject matter eligibility under 35 USC § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. Here, the claimed invention of claims 1-20 is a system, which is an apparatus, which is one of the statutory categories of invention. Claims directed to an apparatus, however, must be distinguished from the prior art in terms of structure rather than function. See, e.g., In re Danly 263 F.2d 844, 847, 120 USPQ 582, 531 (CCPA 1959).
Conclusion of Step 1 Analysis: Therefore, claims 1-20 are statutory under 35 USC § 101 in view of step 1 of the test.
Step 2A of the Test:
Prong 1: Claims 1-20, however, recite an abstract idea of authorizing financial transactions. The creation of authorizing financial transactions, as recited in the independent claim 1 belongs to certain methods of organizing human activity (i.e., commercial interactions) that are found by the courts to be abstract ideas. The limitations in independent claim 1, which set forth or describe the recited abstract idea, are found in the following steps:
“purchasing a good or service from a merchant, wherein a consumer initiates a purchase by entering account information associated with a payment source into the first user interface” (claim 1);
“determining from the database whether the consumer is within the subset of the many consumers by checking the disability identifier for the consumer” (claim 1);
“authenticating the consumer, wherein a message is sent in response to the request to initiate authentication” (claim 1); and
“formatting the message according to a first format if the consumer is not within the subset of the many consumers and formatting the message according to a second format if the consumer is within the subset of the many consumers, the second format being easier for the subset of the many consumers to interpret compared to the first format, wherein the consumer inputs information from the message to authenticate the consumer and complete the purchase” (claim 1).
Prong 2: In addition to abstract steps recited above in Prong 1, independent claim 1 recites additional elements:
“a database” (claim 1);
“a processor and a memory storing instructions executable by the processor to implement an authentication service having access to the database” (claim 1);
“a first user interface” (claim 1); and
“a second user interface” (claim 1).
These additional elements are recited at a high level of generality (e.g., as a generic processor performing a generic computer functions) such that they amount to no more than mere instructions to apply the exception using a generic computer components. Further, the following limitations recite insignificant extra solution activity (for example, data gathering):
“storing account information for many consumers comprising a disability identifier associated with a subset of the many consumers” (claim 1); and
“receiving a request to initiate authentication in response to the account information being entered into the first user interface” (claim 1).
These additional limitations do not integrate the abstract idea into a practical application because they do not impose a meaningful limit on the judicial exception. The additional elements/limitations of independent claim 1 here do not render improvements to the functioning of a computer or to any other technology or technical field (see MPEP § 2106.05(a)), nor do they integrate the abstract idea into a practical application under MPEP § 2106.05(b) (particular machine); MPEP § 2106.05(c) (particular transformations); or MPEP § 2106.05(e) (other meaningful limitations). Further, the combination of these additional elements/limitations is no more than mere instructions to apply the exception using a generic device. Accordingly, even in combination, these additional elements/ limitations do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
Conclusion of Step 2A Analysis: Therefore, independent claim 1 is non-statutory under 35 USC § 101 in view of step 2A of the test.
Step 2B of the Test: The additional elements of independent claim 1 (see above under Step 2A - Prong 2) are described by Applicant’s Specification in following terms:
[0005] An improved authentication system for financial transactions is described. In the system, an authentication service accesses a database to determine if a particular consumer has a disability identifier associated with the consumer. The authentication service then formats an authentication message according to a first format or a second format. The first format is used by the authentication service when there is no disability identifier associated with the consumer. When a disability identifier is associated with the consumer, the authentication service formats the authentication message using a second format. []
[0018] It is understood that the described improved authentication system is intended to operate autonomously on programmed computer systems utilizing computer algorithms such that the system may be implemented by one or more computer processors (e.g., in a server system) executing computer-executable instructions stored on a non-transitory computer-readable storage medium. Thus, for example, in the case of the authentication service 20 it is unnecessary for human beings to make the required determinations or receive or send messages, etc. This autonomous design makes the improved system scalable to a level that would be impractical if human beings were to attempt to perform the steps required by the system. []
This is a description of general-purpose computer. Thus, individually, the additional elements of independent claim 1 are well-understood, routine, and conventional elements that amount to no more than implementing the abstract idea with a computerized system. Further, the additional limitations of “storing” and “receiving” information amount to no more than mere instructions to apply the exception using generic computer components. For the same reason these additional limitations are not sufficient to provide an inventive concept. The additional limitations of “storing” and “receiving” information were considered as insignificant extra-solution activity in Step 2A - Prong 2. Re-evaluating here in Step 2B, they are also determined to be well-understood, routine, and conventional activity in the field. Similarly to OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network), and buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network), the additional limitations of independent claim 1 “receives” information over a network in a merely generic manner. Further, similarly to Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015) and OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93, the additional limitations of independent claim 1 “store” information in memory. The courts have recognized “storing” and “receiving” information functions as well-understood, routine and conventional when claimed in a merely generic manner. Therefore, the additional limitations of independent claim 1 are well-understood, routine, and conventional. Further, taken as combination, the additional elements/limitations add nothing more than what is present when the additional elements/limitations are considered individually. There is no indication that the combination provides any effect regarding the functioning of the computer or any improvement to another technology.
Conclusion of Step 2B Analysis: Therefore, independent claim 1 is non-statutory under 35 USC § 101 in view of step 2B of the test.
Dependent Claims: Dependent claims 2-20 depend on independent claim 1. The elements in dependent claims 2-20, which set forth or describe the abstract idea, are:
“the second format enlarges the size of the information within the message which the consumer inputs into the first user interface relative to the first format” (claim 2: further narrowing the recited abstract idea);
“the message is a numerical code” (claim 3: further narrowing the recited abstract idea);
“the message is a one-time password” (claim 4: further narrowing the recited abstract idea);
“the second format enlarges characters at least three times larger than characters in the first format” (claim 5: further narrowing the recited abstract idea);
“the second format enlarges characters to utilize at least 25% of a width or length of a total screen size of the second user interface” (claim 6: further narrowing the recited abstract idea);
“the message includes a code with a plurality of characters, the plurality of characters of the code being the information input by the consumer into the first user interface” (claim 7: further narrowing the recited abstract idea);
“the first format displays all of the plurality of characters together in the second user interface, and the second format displays each of the plurality of characters separately in the second user interface such that each of the plurality of characters is displayed sequentially one after another with each of the plurality of characters being displayed momentarily by itself” (claim 8: further narrowing the recited abstract idea);
“the message includes an image of a non-textual object, the image being enlarged in the second format compared to the first format” (claim 9: further narrowing the recited abstract idea);
“the second user interface comprises an authentication app loaded onto a mobile phone of the consumer, the message being sent by the authentication service to a phone number for the mobile phone of the consume” (claim 10: further narrowing the recited abstract idea);
“the authentication app displays the message according to the first or second format as assigned to the message by the authentication service” (claim 11: further narrowing the recited abstract idea);
“the second user interface comprises an email system when the consumer is within the subset of the many consumers with the disability identifier, the message being an email sent by the authentication service to an email address of the consumer” (claim 12: further narrowing the recited abstract idea);
“the first format comprises sending the message as a text message without special formatting to a standard texting app on a mobile phone of the consumer, and the second format comprises sending the message to a non-standard authentication app associated with the authentication service loaded onto the mobile phone of the consumer” (claim 13: insignificant extra solution activity);
“the second format comprises sending the message as an audio clip such that the consumer listens to the message to acquire the information to input into the first user interface, and the first format comprises sending a text message such that the consumer reads the message to acquire the information to input into the first user interface” (claim 14: insignificant extra solution activity);
“the consumer self-identifies themselves as having a disability in reading characters, the authentication service updating the database with the disability identifier for the consumer in response to the self-identification” (claim 15: further narrowing the recited abstract idea);
“the second format enlarges size of the information within the message which the consumer inputs into the first user interface relative to the first format, and the message includes a code with a plurality of characters, the plurality of characters of the code being the information input by the consumer into the first user interface” (claim 16: further narrowing the recited abstract idea);
“the second user interface comprises an authentication app loaded onto a mobile phone of the consumer, the message being sent by the authentication service to a phone number for the mobile phone of the consumer” (claim 17: further narrowing the recited abstract idea);
“the consumer self-identifies themselves as having a disability in reading characters, the authentication service updating the database with the disability identifier for the consumer in response to the self-identification” (claim 18: further narrowing the recited abstract idea);
“the second format enlarges the plurality of characters at least three times larger than the plurality of characters in the first format” (claim 19: further narrowing the recited abstract idea); and
“the first format displays all of the plurality of characters together in the second user interface, and the second format displays each of the plurality of characters separately in the second user interface such that each of the plurality of characters is displayed sequentially one after another with each of the plurality of characters being displayed momentarily by itself” (claim 20: further narrowing the recited abstract idea).
Conclusion of Dependent Claims Analysis: Dependent claims 2-20 do not correct the deficiencies of independent claim 1 and they are, thus, rejected on the same basis.
Conclusion of the 35 USC § 101 Analysis: Therefore, claims 1-20 are rejected as directed to an abstract idea without “significantly more” under 35 USC § 101.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Northall (EP 3291162 A1) discloses: “Unique data is obtained from a consumer (210); the identity data is verified for the consumer based on the unique data (220). A verification message is provided for at least a portion of a transaction during a transaction after the identity data is verified (230).”
Gilbert (CN 105814592 A) discloses: “Cardholder authentication method includes receiving at a network authenticating account relating to the authentication request. said method further comprising at least partially based on information associated with the account identifier of a portion for specifying an authentication service. Additionally, the method includes at least determining authentication response based on a portion of the authentication service and the account identifier. the method further comprising sending the authentication response to the associated with transactions involving the account of the merchant.”
Furnell, Steven, Kirsi Helkala, and Naomi Woods. "Accessible authentication: Assessing the applicability for users with disabilities." Computers & security 113 (2022).
K. Helkala, "Disabilities and Authentication Methods: Usability and Security," 2012 Seventh International Conference on Availability, Reliability and Security, Prague, Czech Republic, 2012, pp. 327-334.
Applicant's amendment necessitated the new grounds of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRPI H. KANERVO whose telephone number is 571-272-9818. The examiner can normally be reached on Monday – Friday, 10 am – 6 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Abhishek Vyas can be reached on 571-270-1836. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VIRPI H KANERVO/Primary Examiner, Art Unit 3691