CONTENT VERIFICATION

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment The amendment filed August 20, 2025 has been entered. Claims 1-15 and 18-19 remain pending in the application. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-15 and 18-19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. Under the Step 1 of the Section 101 analysis, Claims 1-15 are drawn to a method which is within the four statutory categories (i.e., a process), Claim 18 is drawn to a non-transitory computer-readable medium which is within the four statutory categories (i.e., a manufacture), and Claim 19 is drawn to a system which is within the four statutory categories (i.e. a machine). Since the claims are directed toward statutory categories, it must be determined if the claims are directed towards a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea). Based on consideration of all of the relevant factors with respect to the claim as a whole, claims 1-15 and 18-19 are determined to be directed to an abstract idea. The rationale for this determination is explained below: Regarding Claims 1 and 18-19: Claims 1 and 18-19 are drawn to an abstract idea without significantly more. The claims recite “receiving, at the authentication server, user verification data and content data from the third party platform, wherein the user verification data includes payment card details, wherein at least part of the content data is a date of a user transaction between the user and a merchant associated with the third party platform, wherein the content data includes a review portion that is generated and submitted by the user to the third party platform and includes an analysis of the merchant; verifying an identity of the user by determining if the payment card details of the received user verification data matches an active account of profile verification data stored in a user profile in order to generate a user identity status that indicates whether the payment card details match the active account; analysing the received content data against a historical transaction of pre-existing user data in order to generate a content data notification message indicating whether the historical transaction matches the date of the user transaction, wherein the historical transaction is associated with the payment card detail; and sending, from the authentication server to the third party platform, an authentication message, the authentication message comprising the user identity status and the content data notification message, wherein the authentication messages indicates whether the review portion is verified.” Under the Step 2A Prong One, the limitations, as underlined above, are processes that, under its broadest reasonable interpretation, cover Certain Methods Of Organizing Human Activity such as commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations). For example, but for the “server” and “platform” language, the underlined limitations in the context of this claim encompass the human activity. The series of steps belong to a typical sales activities or behaviors, because entities such as a user, a server, and a platform interact with one another and exchange and process information or data including user verification data, content data, message, etc. Under the Step 2A Prong Two, this judicial exception is not integrated into a practical application. In particular, the claim only recites additional elements – “A method of processing, at an authentication server, data provided during an interaction between a user and a third party platform, the method comprising:”, “A non-transitory computer-readable storage medium comprising instructions which, when executed by a computer, cause the computer to:”, “An authentication server arranged to process data provided during an interaction between a user and a third party platform, the server comprising: an input arranged to.. a processor arranged to.. an output arranged to”, “server”, and “platform”. The additional elements are recited at a high-level of generality (i.e., performing generic functions of an interaction) such that it amounts no more than mere instructions to apply the exception using a generic computer component, merely implementing an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea. Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present, there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present, there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present, there is no effecting a transformation or reduction of a particular article to a different state or thing present, and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present such that the claim as a whole is more than a drafting effort designed to monopolize the exception. Accordingly, these additional elements, individually or in combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea. Under the Step 2B, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements in the process amounts to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible. Regarding Claims 2-15: Dependent claims 3-4, 6, 8, and 15 only further elaborate the abstract idea and do not recite additional elements. Dependent claims 2, 5, 7, 9-14 include additional limitations, for example, “server” (Claim 2); “platform” (Claim 5); “platform” (claim 7); “platform” (claim 9); “platform” (claim 10); “platform” (claim 11); “platform” (claim 12); “server” (Claim 13); and “communications channel” (Claim 14), but none of these limitations are deemed significantly more than the abstract idea because, as stated above, they require no more than generic computer structures or signals to be executed, and do not recite any Improvements to the functioning of a computer, or Improvements to any other technology or technical field. Thus, taken alone, the additional elements do not amount to significantly more than the above-identified judicial exception (the abstract idea). Furthermore, looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology, and their collective functions merely provide conventional computer implementation or implementing the judicial exception on a generic computer. Therefore, whether taken individually or as an ordered combination, claims 2-15 are nonetheless rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-15 and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chen (WO 2020076845 A1; already of record in IDS) in view of Hammad (WO 2013075071 A1). Regarding Claims 1 and 18-19, Chen teaches A method of processing, at an authentication server, data provided during an interaction between a user and a third party platform, the method comprising (Chen: Abstract): A non-transitory computer-readable storage medium comprising instructions which, when executed by a computer, cause the computer to: (Chen: Abstract; Paragraph(s) 0034), An authentication server arranged to process data provided during an interaction between a user and a third party platform, the server comprising: an input arranged to.. a processor arranged to.. an output arranged to (Chen: Abstract; Paragraph(s) 0034) receiving, at the authentication server, user verification data and content data from the third party platform (Chen: Paragraph(s) 0087-0088, 0092 teach(es) a biometric sample is received by the security device from a user; the security device may transmit the obtained biometric sample to a service provider; the service provider may identify a number of supplemental information that may be provided to the security device), wherein the user verification data includes payment card details (Chen: Paragraph(s) 0031-0032 teach(es) A digital wallet may allow the user to load one or more payment cards onto the digital wallet so as to make a payment without having to enter an account number or present a physical card), wherein at least part of the content data is a date of a user transaction between the user and a merchant associated with the third party platform (Chen: Paragraph(s) 0020, 0023, 0074 teach(es) Exemplary access request data may include information indicating an access request amount, an access request location, resources received (e.g., products, documents, etc.), information about the resources received (e.g., size, amount, type, etc.), resource providing entity data (e.g., resource provider data, document owner data, etc.), user data, date and time of an access request, a method utilized for conducting the access request (e.g., contact, contactless, etc.), and other relevant information; An authorization request message may also comprise “transaction information,” such as any information associated with a current transaction, such as the transaction amount, merchant identifier, merchant location, etc.), …; verifying an identity of the user by determining if the payment card details of the received user verification data matches an active account of profile verification data stored in a user profile in order to generate a user identity status that indicates whether the payment card details match the active account (Chen: Paragraph(s) 0089, 0063-0064 teach(es) the service provider may receive the biometric sample. Upon receiving the biometric sample the process may involve the service provider identifying the user from which the biometric sample was obtained; The processing network computer may decrypt the transaction cryptogram using the cryptographic key to obtain the unpredictable number, the token, and the transaction amount, and may then compare this information to the information received in the authorization request message. If it matches, then the cryptogram can be validated; the processing network may route the authorization request message to the token service, which may identify a payment account mapped to the token); analysing the received content data against a historical transaction of pre-existing user data in order to generate a content data notification message indicating whether the historical transaction matches the date of the user transaction, wherein the historical transaction is associated with the payment card detail (Chen: Paragraph(s) 0092, 0057, 0074, 0020 teach(es) the service provider may identify a number of supplemental information that may be provided to the security device. For example, the service provider may retrieve demographic information for the user (e.g., age, race, income, etc.) or access level data associated with the user (membership, status, tickets, etc.); the service provider may receive a location of the security device and may provide data based on that location. In this example, a security device determined to be at an airport may be provided with airplane ticketing information; the service provider may also initiate retrieval of a cryptographic key (e.g., a limited use key, which may be used for only a specific number of transactions or for a specific period of time) that can be used to form a transaction cryptogram, such as an EMV (Europay MasterCard Visa) transaction dynamic cryptogram, from the token service; the account management module may identify ticketing information stored for the user in relation to a date and/or time. For example, upon identification of an account, the account management module may identify a ticket associated with the user’s account which provides access to an event being held on the current day); and sending, from the authentication server to the third party platform, an authentication message, the authentication message comprising the user identity status and the content data notification message, … (Chen: Paragraph(s) 0093, 0087-0092 teach(es) the security device may receive and present an image and/or name of the user so that an operator of the security device may visually confirm the identity of the user. The security device may also present an age of the user so that an operator of the security device may determine whether the user qualifies to conduct age-restricted transactions. Once the user information has been received by the security device, that information may be used by the security device to complete a transaction). However, Chen does not explicitly teach wherein the content data includes a review portion that is generated and submitted by the user to the third party platform and includes an analysis of the merchant, and wherein the authentication messages indicates whether the review portion is verified. Hammad from same or similar field of endeavor teaches wherein the content data includes a review portion that is generated and submitted by the user to the third party platform and includes an analysis of the merchant (Hammad: Paragraph(s) 0113, 0141, 0153 teach(es) the user may be able to perform additional operations in this view. For example, the user may (re)buy the item, obtain third-party reviews of the item, and write reviews of the item, add a photo to the item so as to organize information related to the item along with the item, add the item to a group of related items (e.g., a household), , provide ratings, or view quick ratings from the user's friends or from the web at large), and wherein the authentication messages indicates whether the review portion is verified (Hammad: Paragraph(s) 0113, 0141, 0153, as stated above). It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Chen to incorporate the teachings of Hammad for wherein the content data includes a review portion that is generated and submitted by the user to the third party platform and includes an analysis of the merchant, and wherein the authentication messages indicates whether the review portion is verified. There is motivation to combine Hammad into Chen because Hammad’s teaching of reviews of items would facilitate authentication process for transaction with merchants (Hammad: Paragraph(s) 0113, 0141, 0153). Regarding Claim 2, the combination of Chen and Hammad teaches all the limitations of claim 1 above; and Chen further teaches wherein the profile verification data stored in the user profile comprises user bank account data and the user verification data received at the authentication server comprises data associated with the user bank account (Chen: Paragraph(s) 0021-0022, 0024, 0032, 0044 teach(es) An “issuer” may typically include a business entity (e.g., a bank) that maintains an account for a user. An issuer may also issue payment credentials stored on a user device, such as a cellular telephone, smart card, tablet, or laptop to the user; An “electronic wallet” or “digital wallet” can include an electronic device that allows an individual to conduct electronic commerce transactions. A digital wallet may store user profile information, credentials, bank account information, one or more digital wallet identifiers and/or the like and can be used in a variety of transactions). Regarding Claim 3, the combination of Chen and Hammad teaches all the limitations of claim 2 above; and Chen further teaches wherein verification of the identity of the user comprises checking that the received data associated with the user bank account matches the user bank account data stored in the user profile (Chen: Paragraph(s) 0024 teach(es) The authorization response message may also include an authorization code, which may be a code that a credit card issuing bank returns in response to an authorization request message in an electronic message (either directly or through the payment processing network) to the merchant's access device (e.g., POS equipment) that indicates approval of the transaction). Regarding Claim 4, the combination of Chen and Hammad teaches all the limitations of claim 2 above; and Chen further teaches wherein the user profile comprises primary account number (PAN) data and the received user verification data comprises a PAN number (Chen: Paragraph(s) 0018, 0030, 0037 teach(es) "Access data" may include any suitable data that can be used to access a resource or create data that can access a resource. In some embodiments, access data may be account information for a payment account. Account information may include a PAN (primary account number), payment token, expiration date, verification values (e.g., CW, CW2, dCW, dCW2), etc.). Regarding Claim 5, the combination of Chen and Hammad teaches all the limitations of claim 1 above; and Chen further teaches wherein the content data received from the third party platform relates to a user-merchant transaction between the user and the merchant and wherein the pre-existing user data comprises historical transaction data of the user (Chen: Paragraph(s) 0024, 0035, 0027-0028 teach(es) The authorization response message may also include an authorization code, which may be a code that a credit card issuing bank returns in response to an authorization request message in an electronic message (either directly or through the payment processing network) to the merchant's access device (e.g., POS equipment) that indicates approval of the transaction; A “biometric template” may include biometric data which has been processed and stored with respect to a user. For example, a biometric sample may be processed by identifying a set of relationships between locations of facial landmarks identified within the biometric sample). Regarding Claim 6, the combination of Chen and Hammad teaches all the limitations of claim 5 above; and Chen further teaches wherein analysing the received content data against the pre-existing user data comprises determining if a match exists between the historical transaction data in the user profile and the user-merchant transaction contained in the received content data (Chen: Paragraph(s) 0024, 0035, 0027-0028, as stated above with respect to claim 5). Regarding Claim 7, the combination of Chen and Hammad teaches all the limitations of claim 1 above; and Chen further teaches wherein the content data received from the third party platform comprises an image of submitted by the user and the pre-existing user data comprises a profile image of the user (Chen: Paragraph(s) 0077). Regarding Claim 8, the combination of Chen and Hammad teaches all the limitations of claim 7 above; and Chen further teaches comprising analysing the submitted user image against the profile image to determine if a match exists between the user in the submitted image and the pre-existing user profile image (Chen: Paragraph(s) 0027, 0077 teach(es) a biometric sample of a user’s face may be image and/or depth data. In another example, a biometric sample of a user’s voice may be audio data). Regarding Claim 9, the combination of Chen and Hammad teaches all the limitations of claim 6 above; and Chen further teaches wherein the content data notification message comprises an indication whether or not a match exists between the content data received from the third party platform and the data within the user profile (Chen: Paragraph(s) 0043, 0077 teach(es) supplemental information may include any user-related information which is supplemental to payment account data for a user. Supplemental information may include any combination of demographic and/or biological details associated with the user (e.g., occupation, age, gender, etc.)). Regarding Claim 10, the combination of Chen and Hammad teaches all the limitations of claim 1 above; and Chen further teaches wherein the content data received from the third party platform comprises a request for pre-existing user data in order to populate a form and wherein analysing the received content data comprises extracting user data from the pre-existing user data (Chen: Paragraph(s) 0093, 0100-0101 teach(es) the security device may receive and present an image and/or name of the user so that an operator of the security device may visually confirm the identity of the user). Regarding Claim 11, the combination of Chen and Hammad teaches all the limitations of claim 10 above; and Chen further teaches wherein the content data notification message comprises the user data requested by the third party platform (Chen: Paragraph(s) 0100-0101 teach(es) the security device may receive an indication of an identity of the user as well as supplemental information associated with user; at least a portion of the received user information may be displayed upon the security device). Regarding Claim 12, the combination of Chen and Hammad teaches all the limitations of claim 11 above; and Chen further teaches wherein the content data received from the third party platform comprises a content formatting specification and the content data notification message comprises user data extracted from the pre-existing user data and formatted according to the content formatting specification (Chen: Paragraph(s) 0037 teach(es) a token may be “format preserving” and may have a numeric format that conforms to the account identifiers used in existing transaction processing networks (e.g., ISO 8583 financial transaction message format); the token format may be configured to allow the entity receiving the token to identify it as a token and recognize the entity that issued the token). Regarding Claim 13, the combination of Chen and Hammad teaches all the limitations of claim 1 above; and Chen further teaches comprising generating at the authentication server a consent notification message to send to the user to allow the user to consent to the verification of their verification data and analysis of the content data (Chen: Paragraph(s) 0100 teach(es) consider a scenario in which a security device obtains a biometric sample (in this case facial feature data) from a user. In this example, the biometric sample, or a derivation of the biometric sample, would be sent by the security device to a remote service provider. In response to sending the biometric sample, the security device may receive an indication of an identity of the user as well as supplemental information associated with user). Regarding Claim 14, the combination of Chen and Hammad teaches all the limitations of claim 13 above; and Chen further teaches wherein the consent notification message is sent via a second authenticated communications channel (Chen: Paragraph(s) 0040 teach(es) the security device may include one or more input sensors capable of obtaining biometric information as well as one or more communication means for communicating with other electronic devices). Regarding Claim 15, the combination of Chen and Hammad teaches all the limitations of claim 1 above; and Chen further teaches wherein the user is requesting a third party provider user account (Chen: Paragraph(s) 0042). However, the combination does not explicitly teach verifying the identity of the user comprises checking whether the received user verification data is already associated with another third party provider user account. Hammad from same or similar field of endeavor teaches wherein verifying the identity of the user comprises checking whether the received user verification data is already associated with another third party provider user account (Hammad: Paragraph(s) 00100 teach(es) a user may utilize a mobile device (e.g., smartphone, tablet computer, etc.) to conduct a purchase transaction for contents of a cart (e.g., physical cart at a brick-and-mortar store, virtual cart at an online shopping site), optionally at a point-of-sale (PoS) client (e.g., legacy terminal at a brick-and-mortar store, computing device at an online shopping site, another user with a virtual wallet application, for person-to-person funds transfers, etc.). The user may be able to choose from one or more cards to utilize for a transactions). It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of the combination of Chen and Hammad to incorporate the teachings of Hammad for wherein verifying the identity of the user comprises checking whether the received user verification data is already associated with another third party provider user account. There is motivation to combine Hammad into the combination of Chen and Hammad because Hammad’s teaching of a legacy terminal and choosing one from cards for a transaction would facilitate the user verification (Hammad: Paragraph(s) 00100). Response to Arguments Applicant's arguments filed August 20, 2025 have been fully considered but they are not persuasive. Regarding applicant’s argument under Claim Rejections - 35 USC § 101 that the claims are at least integrated into a practical application, examiner respectfully argues that the claims are directed to receiving user verification data and verifying a user identity, and analysing content data and sending an authentication message upon matching, which is not particular to technological environment such as online stores. The ‘wherein’ clause in the step of receiving recites what the data is, not how to obtain them in a real technical context. Therefore, the claims do not provide any improvements integrating the abstract idea into a practical application. The claims are not patent eligible. Regarding applicant’s argument under Claim Rejections - 35 USC § 103 that “Chen fails to disclose or suggest "wherein at least part of the content data is a date of a user transaction between the user and a merchant associated with the third party platform, wherein the content data includes a review portion that is generated and submitted by the user to the third party platform and includes an analysis of the merchant" as claimed,” examiner respectfully argues that the combination of Chen and Hammad teaches all the features as discussed above (Chen: Paragraph(s) 0020, 0023, 0074; Hammad: Paragraph(s) 0113, 0141, 0153). Regarding applicant’s argument that “Chen further does not disclose or suggest "analysing the received content data against a historical transaction of pre-existing user data in order to generate a content data notification message indicating whether the historical transaction matches the date of the user transaction, wherein the historical transaction is associated with the payment card details.",” examiner respectfully argues that the combination of Chen and Hammad teaches all the features as discussed above (Chen: Paragraph(s) 0092, 0057, 0074, 0020). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Hoffman (US 20210133722 A1) teaches System And Method For On-Line Financial Transactions, including content, merchant, match, signature, bank, image, and biometrics. Yehuda (US 20180330355 A1) teaches Portable Device With Local Verification Data, including identity, image, and match. Zhang (US 20150186892 A1) teaches Methods And Systems For Verifying A Transaction, including merchant, verify, signature, and credential. Johnston (US 20150142660 A1) teaches Centralized Financial Account Migration System, including populate, form, history, verify, and formats. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLAY LEE whose telephone number is (571)272-3309. The examiner can normally be reached Monday-Friday 8-5pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571)270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CLAY C LEE/ Primary Examiner, Art Unit 3699