Location Based Transaction Authentication

DETAILED ACTION The present application is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This Office Action is in response Applicant communication filed on 10/20/2025. Claims Claims 1, 2, 7-9, 13-16, and 20 have been amended. Claims 1-20 are currently pending in the application. Response to Arguments 101 The examiner withdraws the 101 rejection based on the claim amendments. The claims recite that a masked one time password is generated based on the location of a mobile device and is not revealed until a user authenticates a transaction. The claim as a whole integrates the abstract idea into a practical application by masking the data needed to perform the transaction until authentication occurs. 103 The applicant argues that Carlson/Wadha fail to disclose “generate a one time password for display…”, “reveal the one time password in response to receiving an input on the mobile device to authenticate the transaction”, and “restrict approval of the transaction by the mobile device, maintain the masked one time password, and communicate an indication that the transaction is fraudulent” (see pages 9 and 10 of applicant’s arguments/remarks). The examiner respectfully disagrees. Carlson teaches in section [0027]-[0037] that a smart phone application receives transaction details including location data of a vendor. The smartphone application then compares the location data of the vendor to the location of the smartphone itself to determine if a fraudulent transaction may be occurring. If the location of the smartphone is not located near the location of the vendor then an alert is displayed on the smartphone and the user of the smartphone can either accept or decline the transaction. Wadhwa in sections [0082]-[0083], [0097-[0104], [0120]-[0121], and Figs 10B-10H discloses that a user initiates a payment transaction at a merchant. In response to the payment transaction initiation, a server generates a one time password which is displayed on a user’s mobile device as a masked one time password so the user cannot see the one time password. Only after the user authenticates themselves will the unmasked version of the one time password be displayed to the user so that the user can use the one time password to complete the payment transaction at the merchant. Although Wadhwa discloses both a “user mobile device” that displays the masked one time password to the user and a “one time password gateway server” that generates the masked one time password and sends it to the mobile device to be displayed to the user. Wadhwa fails to explicitly disclose that they are integrated. However, it would have been an obvious matter of design choice to integrate them into a single computing device, and it appears that Wadhwa would perform equally well with a single computing device (e.g. user mobile device that generates the masked one time password and displays it to the user). Such a modification would have achieved predictable benefits from economies of scale in addition to offering improved data management, fast response while reducing both operating and capital costs. It is the examiner’s position that when the difference between the claimed invention and the prior art is that the prior art does not disclose particular elements as integral, as a matter of law, it would have been obvious to one having ordinary skill in the art to make the elements integral. See MPEP §2144.04 V. B. and In re Larson, 340 F.2d 965, 968, 144 USPQ 347, 349 (CCPA 1965). The examiner has considered all of the applicant’s arguments but maintains the 103 rejection. Rejections under 35 § U.S.C. 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-3, 5-10, 12-16, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20140250009 A1 (“Carlson”) and US 20210065165 A1 (“Wadhwa”). Per claims 1, 8, and 15, Carlson discloses: a location service to determine a device location of the mobile device (e.g. The phone can be located by GPS, or any other approach, such as logging into a local wireless LAN, and gleaning the verification location from a server) (Section [0015] and [0016]); a transaction authentication manager implemented at least partially in hardware and configured to: (e.g. The present invention's fraud prevention software placed within the financial institution receives the request for funds from the vendor, along with the vendor's location, and provides notice of the pending transaction back to the subscriber's smart phone which has the pending invention's application installed) (Section [0028] and [0030]); receive a transaction location of a transaction associated with an account of a user of the mobile device (e.g. The present invention's fraud prevention software placed within the financial institution receives the request for funds from the vendor, along with the vendor's location, and provides notice of the pending transaction back to the subscriber's smart phone which has the pending invention's application installed) (Section [0030] and [0031]); compare the device location of the mobile device to the transaction location of the transaction (e.g. The smart phone's application receives the transaction details from the financial institution, which includes location data for the vendor. The smart phone application compares the location vendor information and the location of the smart phone itself) (Section [0031]); generate a [one time password] for display, [the one time password being masked] in response to determining that the device location does not match the transaction location (e.g. When the present invention's application does not recognize that the subscriber is within the geographical location of the vendor processing the subscriber's credit card for a purchase, then the present invention's application will immediately send an alert to the subscriber's smart phone) (Section [0034] and [0035]); restrict approval of the transaction by the mobile device, [maintain the masked one time password], and communicate an indication that the transaction is fraudulent (e.g. Should the subscriber not recognize the pending transaction, or feel as though their credit card has been compromised, then the subscriber can immediately decline the pending transaction using the present invention's smart phone application which will alert the present inventions fraud prevention software within the subscriber's financial institution that the subscriber declined the pending credit card transaction. The present invention's fraud prevention software located within the financial institution will immediately send a declined notice to the vendor attempting to process the subscriber's credit card. The present invention's fraud prevention software located within the financial institution (FIG. 12) will then notify the subscribers financial institution of possible credit card fraud involving the subscribers credit card) (Section [0036] and [0037]). Although Carlson discloses comparing the location of a user transaction with the location of a user’s mobile device and then receiving, at the user’s mobile device, an alert when the locations do not match, Carlson does not specifically disclose: [one time password being masked]; reveal the one time password in response to receiving an input on the mobile device to authenticate the transaction; [maintain the masked one time password]. However Wadhwa, in analogous art of transaction authentication, discloses: [one time password being masked] (e.g. It will be noted that the actual OTP is not displayed within the message, and [XXXX] within the data message is simply a masked OTP, pixelated OTP, encoded OTP, encrypted OTP or any other representation of an OTP that does not allow a viewer to correctly or fully read the OTP) (Section [0068], [0084]-[0086], [0097]-[0102]) and [0129]-[0133]); reveal the one time password in response to receiving an input on the mobile device to authenticate the transaction (e.g. The OTP gateway server compares the reply data message received from the registered mobile device against the response to the security question that has been retrieved from the issuer bank. In the present case, the reply data message matches the pre-stored response associated with the security question—thereby establishing that the user operating the registered mobile device is authorized to operate the payment account. Accordingly, the OTP gateway server transmits to the registered mobile device and initiates the process of displaying on the registered mobile device, a transaction OTP that can be used to authentication the payment transaction. As shown in the exemplary user interface shown in FIG. 10E, the OTP “864349” is displayed on the registered mobile device in response to the user providing the correct answer (“CHEWBACCA”) to the security question (“WHAT WAS YOUR FIRST PET'S NAME”)) (Section [0082]-[0086], [0103] and [0104], [0120]-[0121], and Figs. 10B-10H); [maintain the masked one time password] (e.g. As discussed above, if the responses to the security question(s) presented to the user 302a through the user device 302b match the pre-stored responses to said security question(s), a positive identity decision (i.e. identity confirmation decision) is generated. However, if the responses to the security question(s) do not match, a negative identity decision (i.e. identity not confirmed decision) is generated) (Section [0082]-[0086], [0120]-[0121], and [0129]-[0136]). It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify the alert sent to the mobile device of Carlson to include the use of masked passwords that are unmasked when the user is authenticated, as taught by Wadhwa, in order to achieve the predictable result of increasing the security of the user transactions. Note: Although Wadhwa discloses both a “user mobile device” that displays the masked one time password to the user and a “one time password gateway server” that generates the masked one time password and sends it to the mobile device to be displayed to the user. Wadhwa fails to explicitly disclose that they are integrated. However, it would have been an obvious matter of design choice to integrate them into a single computing device, and it appears that Wadhwa would perform equally well with a single computing device (e.g. user mobile device that generates the masked one time password and displays it to the user). Such a modification would have achieved predictable benefits from economies of scale in addition to offering improved data management, fast response while reducing both operating and capital costs. It is the examiner’s position that when the difference between the claimed invention and the prior art is that the prior art does not disclose particular elements as integral, as a matter of law, it would have been obvious to one having ordinary skill in the art to make the elements integral. See MPEP §2144.04 V. B. and In re Larson, 340 F.2d 965, 968, 144 USPQ 347, 349 (CCPA 1965). Per claims 2, 9, and 16 Carlson/Wadhwa discloses all the limitations of claims 1, 8, and 15 above. Wadhwa further discloses: wherein transaction authentication manager is configured to mask the one time password to conceal the one time password from the user of the mobile device (e.g. It will be noted that the actual OTP is not displayed within the message, and [XXXX] within the data message is simply a masked OTP, pixelated OTP, encoded OTP, encrypted OTP or any other representation of an OTP that does not allow a viewer to correctly or fully read the OTP) (Section [0102]). Per claims 3 and 10 Carlson/Wadhwa discloses all the limitations of claims 1 and 8 above. Carlson further discloses: wherein the transaction is initiated on a transaction device that is different than the mobile device, and the transaction location corresponds to the transaction initiated on the transaction device with the account of the user associated with the mobile device (e.g. A vendor swipes the subscriber's bank card data for purchase, which sends a request to the financial institution associated with the bank card) (Section [0029]-[0031] and [0040]). Per claims 5, 12, and 18 Carlson/Wadhwa discloses all the limitations of claims 1, 8, and 15 above. Wadhwa further discloses: wherein the transaction authentication manager is configured to: initiate a display of the one time password that is masked [and the transaction location of the transaction] (e.g. It will be noted that the actual OTP is not displayed within the message, and [XXXX] within the data message is simply a masked OTP, pixelated OTP, encoded OTP, encrypted OTP or any other representation of an OTP that does not allow a viewer to correctly or fully read the OTP) (Section [0097]-[0102]). The motivation to combine Wadhwa with Carlson is disclosed above with reference to claims 1, 8, and 15. Carlson further discloses: [the transaction location of the transaction] (e.g. The application then reveals the pending transaction details, which includes particulars such as vendor, amount, and location) (Section [0035]); prompt the user to authenticate the transaction based on the transaction location and the device location of the mobile device (e.g. The application then reveals the pending transaction details, which includes particulars such as vendor, amount, and location. The subscriber will then have 30 seconds to either accept or decline the pending transaction) (Section [0035]). Per claims 6, 13, and 19 Carlson/Wadhwa discloses all the limitations of claims 1, 8, and 15 above. Wadhwa further discloses: wherein the transaction authentication manager is configured to initiate an authentication of the transaction associated with the account of the user in response to receiving the input to authenticate the transaction (e.g. The OTP gateway server compares the reply data message received from the registered mobile device against the response to the security question that has been retrieved from the issuer bank. In the present case, the reply data message matches the pre-stored response associated with the security question—thereby establishing that the user operating the registered mobile device is authorized to operate the payment account. Accordingly, the OTP gateway server transmits to the registered mobile device and initiates the process of displaying on the registered mobile device, a transaction OTP that can be used to authentication the payment transaction) (Section [0103] and [0104]). The motivation to combine Wadhwa with Carlson is disclosed above with reference to claims 1, 8, and 15. Per claims 7, 14, and 20 Carlson/Wadhwa discloses all the limitations of claims 1, 8, and 15 above. Wadhwa further discloses: wherein the one time password is generated for display in at least one of an email message or a standard text message (e.g. The OTP gateway server then transmits to the registered mobile device, a data message comprising the following text by way of an SMS, flash message, USSD message or pop-up message, for display of the registered mobile device) (Section [0097]-[0101]). The motivation to combine Wadhwa with Carlson is disclosed above with reference to claims 1, 8, and 15. Claims 4, 11, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Carlson/Wadhwa, as applied to claims 3, 10, and 15 above, in further view of US 20210152540 A1 (“Kumar”). Per claims 4, 11, and 17, Although Carlson/Wadhwa discloses displaying a masked one time password on a user device when the user device location and transaction location do not match, Carlson/Wadhwa do not specifically disclose: wherein the transaction authentication manager is configured to initiate a display of the one time password on a display device of the mobile device in response to determining that the device location of the mobile device matches the transaction location of the transaction device. However Kumar, in analogous art of transaction verification using location data, discloses: wherein the transaction authentication manager is configured to initiate a display of the one time password on a display device of the mobile device in response to determining that the device location of the mobile device matches the transaction location of the transaction device (e.g. The device location may be compared to the transaction location (e.g., pickup location) to determine proximity. In some embodiments, the device 100 may communicate with the service provider device to indicate proximity) (e.g. Upon identifying transaction engagement in method block 215, the transaction verification application 160 sends the verification password to the service provider device in method block 220. The verification password may be sent via text message, by the POS application 170, via peer-to-peer message, via audio message (e.g., audible or encoded), via infrared message, etc) (Section [0020]-[0026]). It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify the masked one time password authentication of Carlson/Wadhwa to include the use of unmasked one time passwords when the locations match, as taught by Kumar, in order to achieve the predictable result of providing convenience to the user so that they don’t have to authenticate themselves if they are actually the one performing the transaction. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry of a general nature or relating to the status of this application or concerning this communication or earlier communications from the Examiner should be directed to TIMOTHY SAX whose telephone number is 571-272-2935. The Examiner can normally be reached on M-F 8-4:30. If attempts to reach the examiner by telephone are unsuccessful, the Examiner’s supervisor, Patrick McAtee can be reached at (571) 272-7575. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TPS/ Examiner, Art Unit 3698 /PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3698