DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
This action is in reply to the communications filed on 02/27/2026.
Claims 1, 4, 7, 13, and 16 have been amended and are hereby entered.
Claims 1-20 are currently pending and have been examined.
This action is made Non-Final.
Examiner Request
The Applicant is requested to indicate where in the specification there is support for future claim amendments to avoid U.S.C 112(a) issues that can arise. The Examiner thanks the Applicant in advance.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/13/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 02/27/2026 has been entered.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea of determining that a user is authorized to use the services of an entity based on a plurality of retrieved metrics associated with the user, without significantly more.
Examiner has identified claim 13 as the claim that represents the claimed invention presented in independent claims 1, 7, and 13.
13. Claim 1 is directed to one or more non-transitory computer storage media, which is one of the statutory categories of invention; Claim 7 is directed to a method, which is one of the statutory categories of invention; and Claim 13 is directed to a system, which is one of the statutory categories of invention. (Step 1: YES).
14. Claim 13 is directed to a system comprising: at least one processor; and one or more computer storage media storing computer-readable instructions thereon that, when executed by the at least one processor, cause the at least one processor to: receive a request to authorize a user to use services provided by a first entity, wherein the at least one processor is a centralized integration processor that supports risk-based authorization through a delegated risk acceptance architecture comprising an application service, a credit issuer service, a merchant service, and risk assessor, the delegated risk acceptance architecture configured to transmit, from the credit issuer service to the merchant service, risk metrics that are generated based on normalized data, by transmitting only the risk metrics without transmitting underlying external source data, the risk metrics enable a party associated with the merchant service to assume responsibility for a service otherwise provided by a party associated with the credit issuer service; store a plurality of metrics associated with the user in a database; retrieve the plurality of metrics from the database; generate a risk metric based on the plurality of metrics associated with the user; automatically determine, based on the risk metric, that the user is authorized to use the services of the first entity with a second entity assuming risk for the services provided by the first entity; and communicate an authorization decision to a graphical user interface, indicating that the user is authorized to use the services of the first entity. These series of steps describe the abstract idea of d determining that a user is authorized to use the services of an entity based on a plurality of retrieved metrics associated with the user (with the exception of the italicized and bolded terms above), which is mitigating risk of an unauthorized user using services provided by an entity; therefore, corresponding to a fundamental economic principle or practice (including mitigating risk). Hence, a fundamental economic principle or practice (mitigating risk) is a Certain Methods of Organizing Human Activity. The abstract idea is also the use of services provided by an entity of processing merchant credit applications, which is a commercial interaction. Therefore, a commercial interaction is also a Certain Methods of Organizing Human Activity. The system limitations, e.g., a processor, centralized integration processor, one or more computer storage media, delegated risk acceptance architecture, database, and graphical user interface do not necessarily restrict the claim from reciting an abstract idea. Thus, claim 13 recites an abstract idea (Step 2A-Prong 1: YES).
15. This judicial exception is not integrated into a practical application because the additional elements of a processor, centralized integration processor, one or more computer storage media, delegated risk acceptance architecture, database, and graphical user interface, are no more than simply applying the abstract idea using generic computer elements. The additional elements listed above are all recited at a high level of generality and under their broadest reasonable interpretation comprises a generic computing arrangement. The presence of a generic computer arrangement is nothing more than to implement the claimed invention (MPEP 2106.05(f)). Therefore, the recitations of additional elements do not meaningfully apply the abstract idea and hence do not integrate the abstract idea into a practical application. Thus, claim 13 does not integrate the abstract idea into a practical application (Step 2A-Prong 2: NO).
16. Claim 13 does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements of a processor, centralized integration processor, one or more computer storage media, delegated risk acceptance architecture, database, and graphical user interface are recited at a high level of generality in that it results in no more than simply applying the abstract idea using generic computer elements. The additional elements when considered separately and as an ordered combination do not amount to add significantly more as these limitations provide nothing more than to simply apply the exception in a generic computer environment (Step 2B: NO). Thus, claim 13 is not patent eligible.
17. Similar arguments can be extended to the other independent claims, claims 1 and 7, and hence; claims 1 and 7 are rejected on similar grounds as claim 13.
18. Dependent claims 2-6, 8-12, and 14-20 are directed to one or more non-transitory computer storage media, a method, and a system, respectively, which perform the steps that describe the abstract idea of determining that a user is authorized to use the services of an entity based on a plurality of retrieved metrics associated with the user. Furthermore, dependent claims 5 and 15 are directed to one or more non-transitory computer storage media and a system, respectively, which perform the steps: “wherein the risk metric is generated using a machine learning model trained on historical data; and wherein the graphical user interface provides a user-friendly interface for accessing and utilizing the services of the first entity.” These series of steps describe the abstract idea of determining that a user is authorized to use the services of an entity based on a plurality of retrieved metrics associated with the user (with the exception of the italicized and bolded terms above), which is mitigating risk of an unauthorized user using services provided by an entity; therefore, corresponding to a fundamental economic principle or practice (including mitigating risk). Hence, a fundamental economic principle or practice (mitigating risk) is a Certain Methods of Organizing Human Activity. The abstract idea is also the use of services provided by an entity of processing merchant credit applications, which is a commercial interaction. Therefore, a commercial interaction is also a Certain Methods of Organizing Human Activity. Thus, claims 2-6, 8-12, and 14-20 recite an abstract idea. The additional elements of a processor, centralized integration processor, one or more computer storage media, delegated risk acceptance architecture, database, graphical user interface, machine learning model, and user-friendly interface are no more than simply applying the abstract idea using generic computer elements. The presence of a generic computer arrangement is nothing more than to implement the claimed invention (MPEP 2106.05(f)). Therefore, the recitations of additional elements do not meaningfully apply the abstract idea and hence do not integrate the abstract idea into a practical application. Furthermore, the additional elements: a processor, centralized integration processor, one or more computer storage media, delegated risk acceptance architecture, database, graphical user interface, machine learning model, and user-friendly interface, do not amount to add significantly more as these limitations provide nothing more than to simply apply the exception in a generic computer environment.
19. Dependent claims 2-6, 8-12, and 14-20 have further defined the abstract idea that is present in their respective independent claims: Claims 1, 7, and 13; and thus correspond to Certain Methods of Organizing Human Activity and are abstract in nature for the reason presented above. The dependent claims 2-6, 8-12, and 14-20 do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. Therefore, claims 2-6, 8-12, and 14-20 are directed to an abstract idea without significantly more.
20. Thus, claims 1-20 are not patent-eligible.
Claim Rejections - 35 USC § 103
21. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
22. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
23. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Fidanza (U.S. Patent Application Publication No. US 2020/0349641 A1; hereinafter “Fidanza”), in view of Bennett (U.S. Patent Application Publication No. US 2023/0316393 A1; hereinafter “Bennett”), and further in view of Chebrole (U.S. Patent Application Publication No. US 2019/0026826 A1; hereinafter “Chebrole”).
Regarding Claims 1, 7, and 13:
Fidanza teaches:
A method for a user application performed by one or more processors, the method comprising: (Fidanza, See, Para. 9; Abstract);
A system comprising: a processor; and one or more computer storage media storing computer-readable instructions thereon that, when executed by the at least one processor, cause the at least one processor to: (Fidanza, See, Para. 4-8; Abstract))
receiving, by a processor from the one or more processors, a request to authorize a user to use services provided by a first entity; (Fidanza, transaction data may be user-authorized and received for credit in depository-type accounts via the transactions endpoint, and the data may be standardized across financial institutions (See, Para.122));
retrieving, by the processor from a database, a plurality of metrics associated with the user; (Fidanza, At the loan issuance server 50, the back end software of the loan issuance program will begin the exchange of the public access token for a new long-life private token (Block 220) and transmit data to the financial services data provider 60, which then verifies the public access token (Block 222) and calculates and processes a long-life private token and sends the private access token back to the loan issuance server 50 (Block 224), where the back end software stores the longlife private access token in the server database 54 at the loan issuance server 50 or other location (Block 226), (See, Para. 108; Fig. 7A));
generating, by the processor, a risk metric based on the plurality of metrics associated with the user; (Fidanza, When the loan is requested, an initial credit score may be computed 78 using the credit score engine 64 followed by a request for a transactions history of financial data 80, (See, Para.42; Fig. 3));
automatically determining, by the processor, based on the risk metric, that the user is authorized to use the services of the first entity with a second entity assuming risk for the services provided by the first entity; and (Fidanza, Once a pre-approved amount 76 is determined, the application layer 68 provides for further processing and possible user input, (See, Para. 40; Fig. 2)Note: The second entity assuming risk for the services provided by the first entity in the art is the bank.);
communicating to a graphical user interface, by the processor, that the user is authorized to use the services of the first entity. (Fidanza, The data entry 40 could be a keyboard or graphical user interface on the display 34. A communications module 42 allows the client computing device 32 to communicate via a communications network 46 such as the internet or a wireless communications network to a loan issuance server 50 running the loan issuance program via its server processor 52 that is connected to the server database 54, which may also include a database server network such as a cloud-based database infrastructure 56 or on-demand cloud computing platform, (See, Para. 31; Fig. 1)).
Fidanza does not specifically teach one or more non-transitory computer storage media storing computer-readable instructions that, when executed by one or more processors, cause the one or more processors to perform operations for a user application; wherein the processor is a centralized integration processor that supports risk-based authorization through a delegated risk acceptance architecture comprising an application service, a credit issuer service, a merchant service, and a risk assessor, the delegated risk acceptance architecture configured to transmit, from the credit issuer service to the merchant service, risk metrics that are generated based on normalized data, by transmitting only the risk metrics without transmitting underlying external source data, the risk metrics enable a party associated with the merchant service to assume responsibility for a service otherwise provided by a party associated with the credit issuer service.
However, Bennett further teaches the following limitations:
One or more non-transitory computer storage media storing computer-readable instructions that, when executed by one or more processors, cause the one or more processors to perform operations for a user application, the operations comprising; (Bennett, See, Para. 5, 90-91; Fig. 9; Abstract);
wherein the processor is a centralized integration processor that supports risk-based authorization through a delegated risk acceptance architecture comprising an application service, a credit issuer service, a merchant service, and a risk assessor, [the delegated risk acceptance architecture configured to transmit, from the credit issuer service to the merchant service, risk metrics that are generated based on normalized data, by transmitting only the risk metrics without transmitting underlying external source data], the risk metrics enable a party associated with the merchant service to assume responsibility for a service otherwise provided by a party associated with the credit issuer service. (Bennett, the risk assessment integration system 106 utilizes an open authorization (OAUTH) protocol to exchange data between the inter-network facilitation system 104 and the third-party risk assessment system 110 (and/or the data management platform). In particular, the risk assessment integration system 106 can receive an authorization request from the third-party risk assessment system. Upon receiving user authorization via an authorization permission selection in an application of the inter-network facilitation system 104, the risk assessment integration system 106 provides an authorization grant (and in some cases an access token) to the third-party risk assessment system. Additionally, the third-party risk assessment system can utilize the authorization grant to obtain an access token that is utilized to request data from the risk assessment integration system 106. Indeed, the risk assessment integration system 106 can communicate with the third-party risk assessment system 110 utilizing an OAUTH protocol that includes access tokens, authorization grants, authorization codes, and/or refresh tokens (See, Para. 5-6, 21, 61-72, 83, 88-89, 102, 110, 118-119; Fig. 5A-11 Abstract)).
It would have been obvious to one of ordinary skill in the art before the effective filing of the claimed invention to have modified Fidanza with the features of Bennett’s system “that provide benefits and solve one or more of the foregoing or other problems by determining and displaying recognized user activities for an integrated risk assessment value generator from a third-party system. For example, the disclosed systems can analyze user activities of a user account corresponding to the disclosed systems to determine recognized user activities that are potentially recognized by a third-party risk assessment value generator from a third-party risk assessment system that can re-evaluate a risk assessment value of the user account. Indeed, the disclosed systems can provide for display, within a graphical user interface of an application, a selectable element to initiate an integration of the user account with the third-party risk assessment system to access functionalities that can improve a risk assessment value for the user account. In addition to the selectable element, the disclosed systems can also provide for display the determined recognized user activities from the user account that are potentially recognized (or utilized) by the third-party risk assessment value generator.”(Bennett, Para. 5).
Fidanza and Bennett do not specifically teach the delegated risk acceptance architecture configured to transmit, from the credit issuer service to the merchant service, risk metrics that are generated based on normalized data, by transmitting only the risk metrics without transmitting underlying external source data.
However, Chebrole further teaches the following limitation:
the delegated risk acceptance architecture configured to transmit, from the credit issuer service to the merchant service, risk metrics that are generated based on normalized data, by transmitting only the risk metrics without transmitting underlying external source data (Chebrole, The statistical model may be validated and acceptance criteria established in a decision making scenario….. The system may be configured to use the same statistical model for all merchants in a common category so that comparisons can be made across the category. The system may be configured to assign categories, for example, by industry, geography, and calculated risk. a computer-implemented method for determining a credit risk score for an online merchant including… receiving, from a requester, an electronic request for a credit risk score for an online merchant …. extracting transaction data for the merchant and/or for similar merchants from the transaction database…extracting financial data for the merchant and/or for similar merchants from the financial performance database….combining the extracted transaction data and financial data in a statistical model to determine the credit risk score for the merchant ….. transmitting the credit risk score to the requester. (See, Para.39-49, 56-70; Fig. 1-2; Abstract)).
It would have been obvious to one of ordinary skill in the art before the effective filing of the claimed invention to have modified Fidanza and Bennett with the features of Chebrole’s system that “provides an electronic system for determining a credit risk score for an online merchant including: a) a transaction database including transaction data relating to payment card transactions performed by customers at multiple merchants; b) a financial performance database including financial data relating to multiple merchants selling merchandise through an e-commerce marketplace; and c) a risk assessment component configured for: i. receiving, from a requester, an electronic request for a credit risk score for an online merchant; ii. extracting transaction data for the merchant and/or for similar merchants from the transaction database; iii. extracting financial data for the merchant and/or for similar merchants from the financial performance database; iv. combining the extracted transaction data and financial data in a statistical model to determine the credit risk score for the merchant; and v. transmitting the credit risk score to the requester.” (Chebrole, Para. 6).
Regarding Claim 2:
Fidanza teaches:
further comprising notifying the user that the user is authorized to use the services of the first entity and providing information regarding any further steps that the user can take in response to a denial. (Fidanza, Usually transaction data is pulled multiple times per day and notifications may be made. The authentication may authenticate accounts for ACH and eliminate the requirement for clients to enter account and routing numbers or deal with micro-deposits (See, Para. 118)).
Regarding Claim 3:
Fidanza teaches:
wherein the plurality of metrics associated with the user comprises credit history, payment patterns, outstanding debts, and public records. (Fidanza, Information that is input to these algorithms 65,66 via a first Application Programming Interface (API), i.e., application layer 68 may come from different sources, including a third-party banking information provider 70, which in FIG. 1 corresponds to the financial services data provider 60, a credit history 72, and publicly available data 74 (See, Para.40; Fig. 1-2)).
Regarding Claim 4:
Fidanza teaches:
wherein matching the first entity is determined based on a comparison between the plurality of metrics associated with the user and one or more threshold criteria or policy parameters defined by the first entity. (Fidanza, There are different authentication paths for a user operating on a client computing device 32 to verify authentication numbers such as an instant authentication where the client enters their credentials and are authenticated immediately, or an instant match technique where a client enters their credentials, account and routing numbers, and the financial services data provider 60 may match user input and authenticate immediately (See, Para. 29, 40, 52, 122; Fig. 1-2)).
Regarding Claim 5:
Fidanza teaches:
wherein the risk metric is generated using a machine learning model trained on historical data. (Fidanza, It may be used to issue loans to consumers for personal needs and requirements. The loan issuance system has a platform that may combine a machine learning algorithm and may use a cloud-based data architecture to allow the system to access a data stream from the online banking of a user and within milliseconds, seemingly "instantly" to a client, approve the client up to a maximum allowed credit (See, Para. 29)).
Regarding Claim 6:
Fidanza teaches:
wherein the risk metric is scaled to a standardized range or transformed into a percentile. (Fidanza, Transaction data may be user-authorized and received for credit in depository-type accounts via the transactions endpoint, and the data may be standardized across financial institutions. There may be a unique ID of a transaction corresponding to a transaction ID and the ID of the account in which the transaction occurred such as an account ID ( See, Para. 122)).
Regarding Claim 8:
Fidanza teaches:
wherein the risk metric is based on a weighted evaluation of the plurality of metrics associated with the user. (Fidanza, In a non-limiting example only, the features extracted from third-party banking information or financial services provider may include: (1) available income, which is computed as a sum of client incomes, weighted by the confidence of income occurrence ( See, Para. 52)).
Regarding Claim 9:
Fidanza teaches:
wherein the second entity assuming risk for the services provided by the first entity is a merchant service. (Fidanza, Referring now to FIG. 1, the loan issuance system is illustrated generally at 30 and shows the client computing device 32 that may include a display 34, processor 36 connected to the display, and database 38 connected to the processor. A data entry 40 permits the client or consumer to enter data such as for initial registration with a loan issuance program (See, Para. 31; Fig. 1)).
Regarding Claim 10:
Fidanza teaches:
wherein the plurality of metrics related to the first entity comprises credit score information. (Fidanza, The loan issuance server receives a private access token and limited identity data regarding a bank account associated with the client. A credit score engine receives public data associated with the client and income and transactional data of the client bank account and applies a machine learning model to create an initial credit score that is indicative of the maximum allowed credit for the client (See, Abstract)).
Regarding Claim 11:
Fidanza teaches:
wherein the second entity assumes the risk by guaranteeing a payment or assuming a liability for an authorized user. (Fidanza, Referring now to FIGS. 8-15, there are illustrated screen shots of examples for process steps that are described generally in FIGS. 7A and 7B. The potential client makes initial contact with the loan insurance server 50 and accesses the loan issuance program (See, Para. 112; Fig. 7A-B, 8-15)).
Regarding Claim 12:
Fidanza teaches:
wherein the authorization decision is determined based on predefined risk thresholds set by the second entity. (Fidanza, The loan issuance server 50 operates in what appears to be almost instantaneously and its server processor 52 may estimate a pre-approved loan amount using the machine learning model with the associated credit risk by obtaining and processing publicly available information about the client and banking or financial data retrieved from a banking institution 62 associated with the client via a third-party financial services data provider 60. This risk measure is then combined with payment capacity forecasting based on the same sources of information, e.g., the banking or financial data and publicly available information credit data may be taken into account (See, Para. 32; Fig. 1)).
Regarding Claim 14:
Fidanza teaches:
wherein the graphical user interface displays an authorization status indicator indicating a user's authorized access. (Fidanza, The data entry 40 could be a keyboard or graphical user interface on the display 34. A communications module 42 allows the client computing device 32 to communicate via a communications network 46 such as the internet or a wireless communications network to a loan issuance server 50 running the loan issuance program via its server processor 52 that is connected to the server database 54, which may also include a database server network such as a cloud-based database infrastructure 56 or on-demand cloud computing platform (See, Para. 31; Fig. 1)).
Regarding Claim 15:
Fidanza teaches:
wherein the graphical user interface provides a user-friendly interface for accessing and utilizing the services of the first entity. (Fidanza, The data entry 40 could be a keyboard or graphical user interface on the display 34. A communications module 42 allows the client computing device 32 to communicate via a communications network 46 such as the internet or a wireless communications network to a loan issuance server 50 running the loan issuance program via its server processor 52 that is connected to the server database 54, which may also include a database server network such as a cloud-based database infrastructure 56 or on-demand cloud computing platform (See, Para. 31; Fig. 1)).
Regarding Claim 16:
Fidanza teaches:
wherein communicating to the graphical user interface includes displaying one or more available services and one or more relevant terms or conditions. (Fidanza, The model captures relationships among factors to allow assessment of bad debt risk or the potential of that consumer and associated with a particular set of conditions. This helps guide automatic decision-making in the system so that the system determines when the consumer requires an increase in the maximum allowed credit and the risk involved with increasing the maximum allowed credit. Thresholds can be set of the model outcome (See, Para. 93)).
Regarding Claim 17:
Fidanza teaches:
further comprising monitoring an authorized user's usage of the services and adjusting the authorization decision based on their behavior and compliance with one or more service terms. (Fidanza, Information that is input to these algorithms 65,66 via a first Application Programming Interface (API), i.e., application layer 68 may come from different sources, including a third-party banking information provider 70, which in FIG. 1 corresponds to the financial services data provider 60, a credit history 72, and publicly available data 74 (See, Para. 40; Fig. 2)).
Regarding Claim 18:
Fidanza teaches:
wherein the plurality of metrics associated with the user is periodically updated to ensure accuracy and relevancy of a risk assessment. (Fidanza, Wrapper methods may include those methods that consider the selection of a set of features as a search problem, where different combinations are prepared, evaluated and compared to other combinations. An example is the recursive feature elimination algorithm. Embedded methods may be related to how the loan issuance system 30 and a machine learning module as part of the server processor 52 or loan scoring engine 64 may learn which features best contribute to the accuracy of the model while the model is created. A common type of embedded feature selection methods are regularization methods (See, Para. 50; Fig. 1)).
Regarding Claim 19:
Fidanza teaches:
wherein the authorization decision is automatically reevaluated in response to changes in the plurality of metrics associated with the user or external factors affecting their creditworthiness. (Fidanza, Wrapper methods may include those methods that consider the selection of a set of features as a search problem, where different combinations are prepared, evaluated and compared to other combinations. An example is the recursive feature elimination algorithm. Embedded methods may be related to how the loan issuance system 30 and a machine learning module as part of the server processor 52 or loan scoring engine 64 may learn which features best contribute to the accuracy of the model while the model is created. A common type of embedded feature selection methods are regularization methods (See, Para. 50; Fig. 1)).
Regarding Claim 20:
Fidanza teaches:
wherein the risk metric is generated using statistical analysis techniques to identify patterns and correlations among the plurality of metrics associated with the user. (Fidanza, It may be used to issue loans to consumers for personal needs and requirements. The loan issuance system has a platform that may combine a machine learning algorithm and may use a cloud-based data architecture to allow the system to access a data stream from the online banking of a user and within milliseconds, seemingly "instantly" to a client, approve the client up to a maximum allowed credit (See, Para. 29)).
Response to Arguments
24. Applicant's arguments filed on 02/27/2026 have been fully considered, but are not persuasive due to the following reasons:
With respect to the rejection of 1-20 under 35 U.S.C. 101, Applicant arguments are moot in view of the grounds of rejections presented above in this office action. The arguments are addressed to the extent they apply to the amended claims.
Applicant “traverses the rejection of Claims 1-20 under 35 U.S.C. § 101. The Office Action asserts that the claims are directed to an abstract idea-evaluating risk and authorizing a user for services based on retrieved metrics-and that the claims do not recite significantly more than the alleged abstract idea …. Applicant respectfully submits that this characterization oversimplifies the focus of the claims and fails to account for the specific, non-generic computing architecture and data handling techniques recited in the claims and disclosed in the Specification. Further, Applicant has further amended Claim 1 to clarify and emphasize the technological nature of the invention by expressly reciting a delegated risk-acceptance architecture that transmits only risk metrics derived from normalized data-without transmitting underlying external source data-and that enables merchant-side assumption of authorization responsibility otherwise performed by a credit issuer. As amended, Claim 1 is not directed to a fundamental economic principle or a generalized method of organizing human activity. Rather, Claim 1 recites a specific, technologically implemented distributed authorization system coordinated by a centralized integration processor operating across a defined service architecture.”
Examiner respectfully disagrees.
Under Step 2A: Prong 1, Examiner respectfully notes that the claims, as amended, are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea of determining that a user is authorized to use the services of an entity based on a plurality of retrieved metrics associated with the user; without significantly more. As previously discussed in in the Final Office Action -dated 08/28/2025, the series of steps recited in the claims, as amended, describe the abstract idea of determining that a user is authorized to use the services of an entity based on a plurality of retrieved metrics associated with the user, which correspond to Certain Methods of Organizing Human Activity: fundamental economic principles or practices (including hedging, insurance, mitigating risk) and/or commercial or legal interactions. Furthermore, the system limitations, e.g., a processor, centralized integration processor, one or more computer storage media, delegated risk acceptance architecture, database, and graphical user interface do not necessarily restrict the claim from reciting an abstract idea.
Moreover, Examiner respectfully notes that the claims are first analyzed in the absence of technology to determine if it recites an abstract idea. The additional limitations of technology are then considered to determine if it restricts the claim from reciting an abstract idea. As previously discussed, it is determined that the additional limitations of technology do not necessarily restrict claim 1, as amended, from reciting an abstract idea. Furthermore, Examiner respectfully notes that the recited features in the limitations: “a system comprising: at least one processor; and one or more computer storage media storing computer-readable instructions thereon that, when executed by the at least one processor, cause the at least one processor to: receive a request to authorize a user to use services provided by a first entity, wherein the at least one processor is a centralized integration processor that supports risk-based authorization through a delegated risk acceptance architecture comprising an application service, a credit issuer service, a merchant service, and risk assessor, the delegated risk acceptance architecture configured to transmit, from the credit issuer service to the merchant service, risk metrics that are generated based on normalized data, by transmitting only the risk metrics without transmitting underlying external source data, the risk metrics enable a party associated with the merchant service to assume responsibility for a service otherwise provided by a party associated with the credit issuer service; store a plurality of metrics associated with the user in a database; retrieve the plurality of metrics from the database; generate a risk metric based on the plurality of metrics associated with the user; automatically determine, based on the risk metric, that the user is authorized to use the services of the first entity with a second entity assuming risk for the services provided by the first entity; and communicate an authorization decision to a graphical user interface, indicating that the user is authorized to use the services of the first entity” are simply making use of a computer and the computer limitations do not necessarily restrict the claim from reciting an abstract idea as discussed above under Step 2A-Prong 1 of the 35 U.S.C. 101 rejection.
Hence, Examiner has also considered each and every arguments under Step 2A-Prong 1 and concludes that these arguments are not persuasive. For example, under Step 2A-Prong 1, Examiner considers each and every limitation to determine if the claim recites an abstract idea. In this case, it is determined that the claim recites an abstract idea and the additional limitations of a computer device does not necessarily restrict the claim from reciting an abstract idea. The recited steps, as amended, are abstract in nature as there are no technical/technology improvements as a result of these steps. Thus, the claim recites an abstract idea. Whether the claim integrates the abstract idea into a practical application by providing technical/technology improvements are considered under Step 2A-Prong 2.
Applicant argues that “the recent amendment further underscores that the claims are directed to a technical solution in a computing environment. …..The technical solution addresses known technical problems in legacy credit authorization systems, including rigid single-party approval models, inefficient and error-prone coordination across fragmented services, repeated transmission of sensitive external data, and the resulting latency, I/O overhead, and security exposure inherent in distributed integrations……Applicant further submits that the claim language reflects a practical application of distributed risk evaluation and authorization implemented in a computing environment with concrete technical improvements…. Even if the Examiner maintains that a judicial exception is implicated, the claims satisfy Alice Step 2A, Prong Two because the recited architecture integrates any such exception into a practical application: the processor interfaces with external data sources, normalizes and consolidates data, generates machine-produced risk metrics, transmits only those metrics without underlying external data, and coordinates a reassignment of authorization responsibility between independent services in a manner that improves system performance and security. These limitations reflect a concrete implementation that materially improves the functioning of the computer system as a whole.”
Examiner respectfully disagrees.
Under Step 2A: Prong II, Examiner respectfully notes that there is no improved technology in simply receiving, requesting, enabling, retrieving, generating, determining, authorizing, communicating, displaying, assuming, and outputting data (i.e., user data, risk data, credit application data, credit issuer data, merchant data, risk assessor data, user metrics, risk metrics, entity data, authorization data, and etc.). As previously discussed, the disclosed invention simply cannot be equated to improvement to technological practices or computers. There is no technical improvement at all. Instead, the recited features in the limitations do not result in computer functionality or technical improvement. Examiner respectfully notes that Applicant is simply using a computer to input, process, and output data. The recited features in the limitations does not disclose a technical solution to technical problem, but simply a business solution. Specifically, the recited steps in the Claims, as amended, are merely managing/processing data (MPEP 2106.05(d)(II)) and does not result in computer functionality or technical improvement. Thus, Applicant has simply provided a business method practice of processing data (user, entity, risk, and credit application metrics/data), and no technical solution or improvement has been disclosed.
Moreover, there is no technology/technical improvement as a result of implementing the abstract idea. The recited limitations in the pending claims simply amount to the abstract idea of determining that a user is authorized to use the services of an entity based on a plurality of retrieved metrics associated with the user. There is no computer functionality improvement or technology improvement. The claim does not provide a technical solution to a technical problem. If there is an improvement, it is to the abstract idea and not to technology. Additionally, Examiner notes that it is important to keep in mind that an improvement in the judicial exception itself (e.g., recited fundamental economic principle or practice and/or commercial interaction) is not an improvement in technology (See, MPEP 2106.05(a)(II)). Additionally, the claims, as amended, recites steps at a high level of generality. In addition, all uses of the recited judicial exceptions require such data gathering and outputting, and, as such, these limitations do not impose any meaningful limits on the claim. These limitations amount to necessary data gathering and output. See MPEP 2106.05. Additionally, the ‘automatically’ feature simply amounts to mere automation of manual processes, such as using a generic computer to process an application for financing a purchase, Credit Acceptance Corp. v. Westlake Services, 859 F.3d 1044, 1055, 123 USPQ2d 1100, 1108-09 (Fed. Cir. 2017). Thus, the automation feature is not sufficient to show an improvement in computer-functionality or technology/technical improvements (see MPEP 2106.05(a)(1)). The claim simply makes use of a computer as a tool to apply the abstract idea without transforming the abstract idea into a patent eligible subject matter. Thus, the claim does not integrate the abstract idea into a practical application; and these arguments are not persuasive.
Furthermore, the steps in the claims, as amended, are recited as being performed by a processor, centralized integration processor, one or more computer storage media, database, and graphical user interface. The additional elements of a processor, centralized integration processor, one or more computer storage media, database, and graphical user interface are recited at a high level of generality, and are used as a tool to perform the generic computer function of receiving, processing, and outputting data. See MPEP 2106.05(f). Claim 1, as amended, recites the additional elements of a processor, centralized integration processor, one or more computer storage media, database, and graphical user interface, which are simply used to perform an abstract idea, as discussed above in Step 2A, Prong 1, such that it amounts to no more than mere instructions to apply the exception using a generic computer. See MPEP 2106.05(f). Specifically, the recitation of “a processor, centralized integration processor, one or more computer storage media, database, and graphical user interface” in the limitations merely indicates a field of use or technological environment in which the judicial exception is performed. Claim 1, as amended, merely confines the use of the abstract idea to a particular technological environment; and thus fails to add an inventive concept to the claims. See MPEP 2106.05(h). Even when viewed in combination, these additional elements do not integrate the recited judicial exception into a practical application, and the claim is directed to the judicial exception. Hence, the claims, as amended, do not integrate the abstract idea into a practical application. Thus, these arguments are not persuasive.
Applicant argues that “even at Alice Step 2B, the ordered combination of elements in amended Claim 1 amounts to significantly more than any alleged abstract idea. …. Applicant further notes that the other independent claims have been amended in a manner similar to Claim 1 to incorporate the same or substantively similar delegated risk acceptance and metric-only transmission limitations. …. Accordingly, for at least the reasons set forth above-and in view of the further amendment clarifying metric-only transmission and delegated merchant-side responsibility Applicant respectfully submits that Claims 1-20 are directed to patent-eligible subject matter. Applicant therefore respectfully requests withdrawal of the rejection under 35 U.S.C. § 101.”
Examiner respectfully disagrees.
Under Step 2B, Examiner respectfully notes that all of Applicant's arguments have been reviewed, and the inventive concept cannot be furnished by a judicial exception. As previously discussed, the improvements argued are to the abstract idea and not to technology. The technical limitations are simply utilized as a tool to implement the abstract idea without adding significantly more. Thus, the claim is directed to an abstract idea, and hence these arguments are not persuasive. The presence of a computer does not make the claimed solution necessarily rooted in computer technology. Furthermore, Examiner notes that the courts have determined that processing data is well-understood, routine, and conventional functions of a computer when they are claimed in a merely generic manner (see MPEP 2106.05(d)(II)). Thus, the recited combination of steps in claims 1, 7, and 13 operate in a well-understood, routine, conventional and generic way. As noted above, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements of a processor, centralized integration processor, one or more computer storage media, database, and graphical user interface are recited at a high level of generality in that it results in no more than simply applying the abstract idea using generic computer elements. The additional elements when considered separately and as an ordered combination do not amount to add significantly more as these limitations provide nothing more than to simply apply the exception in a generic computer environment.
Moreover, as explained with respect to Step 2A, Prong 2, the additional elements: a processor, centralized integration processor, one or more computer storage media, database, and graphical user interface, are at best mere instructions to “apply” the abstract idea, which cannot provide an inventive concept. See MPEP 2106.05(f). Additionally, as discussed in Step 2A, Prong Two above, the claims’ limitations are recited at a high level of generality. These elements simply amount to receiving and outputting data and are well-understood, routine, conventional activity. See MPEP 2106.05(d)(II). The recitation of a computer/processor to perform recited limitations, as amended, amounts to no more than mere instructions to apply the exception using a generic computer component. Even when considered in combination, these additional elements represent mere instructions to implement an abstract idea or other exception on a computer, which do not provide an inventive concept. (Step 2B: NO).
Hence, Examiner respectfully declines Applicant’s request to withdraw the 35 U.S.C. 101 rejection of claims 1-20.
With respect to the rejection of claims 1-20 under 35 U.S.C. 103, Examiner respectfully notes that Applicant's arguments are moot in view of new grounds of rejection presented above in this office action. Hence, Examiner respectfully declines Applicant’s request to withdraw the 35 U.S.C. 103 rejection of claims 1-20.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure are the following:
Pletz (U.S. Patent Application Publication No. US 2014/0297307-A1) “System and Method for Processing Qualified Healthcare Account Related Financial Transactions”
Foley (U.S. Patent No. US 10,248,915-B2) “Risk profiling for enterprise risk management”
Cannon (Patent Application Publication No. US 2016/0125412-A1) “Method and system for preventing identity theft and increasing security on all systems”
Matthew (U.S. Patent Application Publication No. US 2020/0167863-A1) “Method and System for Determining a Supplemental Credit Metric”
Soh Aik Guan (U.S. Patent Application Publication No. US 2023/0206320-A1) “Method and system for generating a financial infographic of a user through a financing platform”
Dhodapkar (U.S. Patent Application Publication No. US 2023/0252470-A1) “Verification and Approval Controls for Secondary Accounts”
Koupanou (U.S. Patent Application Publication No. US 2024/0046347-A1) “Machine-learning model to predict likelihood of events impacting a product”
Huke (U.S. Patent Application Publication No. US 2024/0078869-A1) “Real time action of interest notification system”
Overby (U.S. Patent Application Publication No. US 2024/0135445-A1) “User application approval”
Parker (U.S. Patent Application Publication No. US 2025/0054007-A1) “Affordability sweet spot identification”
31. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED H MUSTAFA whose telephone number is (571)270-7978. The examiner can normally be reached M-F 8:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael W Anderson can be reached on 571-270-0508. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MOHAMMED H MUSTAFA/Examiner, Art Unit 3693
/ELIZABETH H ROSEN/Primary Examiner, Art Unit 3693