SYSTEMS AND METHODS TO AUTHENTICATE A USER’S FINANCIAL CREDENTIALS

§101 §103 §DP

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Election/Restrictions Applicant’s election without traverse of Group I, claims 1-19 in the reply filed on September 8, 2025 is acknowledged. Status of Claims • This action is in reply to the Response to Restriction filed on 9/8/2025. • Claims 20-27 are withdrawn from further consideration. • Claims 1-19 are currently pending and have been examined. • This action is made Non-FINAL. • The Examiner would like to note that this application is now being handled by Examiner Raven Yono. Information Disclosure Statement The information disclosure Statement(s) filed on 07/23/2024 have been considered. Initialed copies of the Form 1449 are enclosed herewith. Double Patenting A rejection based on double patenting of the “same invention” type finds its support in the language of 35 U.S.C. 101 which states that “whoever invents or discovers any new and useful process... may obtain a patent therefor...” (Emphasis added). Thus, the term “same invention,” in this context, means an invention drawn to identical subject matter. See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957). A statutory type (35 U.S.C. 101) double patenting rejection can be overcome by canceling or amending the claims that are directed to the same invention so they are no longer coextensive in scope. The filing of a terminal disclaimer cannot overcome a double patenting rejection based upon 35 U.S.C. 101. Claims 1-19 are provisionally rejected under 35 U.S.C. 101 as claiming the same invention as that of claims 1-19 of copending Application No. 18410806 (reference application). This is a provisional statutory double patenting rejection since the claims directed to the same invention have not in fact been patented. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention recites an abstract idea without significantly more. Independent claims 1, 13, and 19 are directed to a method (claim 1), a system (claim 13), and an apparatus (claim 19). Therefore, on its face, each independent claim 1, 13, and 19 are directed to a statutory category of invention under Step 1 of the Patent Subject Matter Eligibility analysis (see MPEP 2106.03). Under Step 2A, Prong One of the Patent Subject Matter Eligibility analysis (see MPEP 2106.04), claims 1, 13, and 19 recite, in part, a method, a system, and an apparatus of organizing human activity. Claim 1 recites a method to authenticate a user's financial credentials, comprising: receiving a request to authenticate financial credentials of a user; determining, whether the financial credentials have been preliminarily authenticated based on static data indicative of the financial credentials of the user; in response to a determination that the financial credentials have been preliminarily authenticated, receiving dynamic data indicative of the financial credentials of the user, wherein the dynamic data are provided by the user; determining whether the dynamic data are valid; and in response to a determination that the dynamic data are valid, validating the financial credentials of the user. Claim 13 recites similar limitations as claim 1 above. Claim 19 recites similar limitations as claim 1 above, and claim 19 further recites requesting a financial institution to authorize a financial transaction; and in response to a determination that the dynamic data are not valid, requesting the financial institution to decline the financial transaction. The limitations, as drafted, is a process that, under its broadest reasonable interpretation, covers fundamental economic principles or practices and commercial and legal interactions (certain methods of organizing human activity), but for the recitation of generic computer components. The claims as a whole recite a method of organizing human activity. The claimed inventions allows for authenticating a user’s financial credentials by determining whether credentials are valid or not, and authorizing or declining a transaction based on the result of the authorization determination, which is a fundamental economic principle or practice of mitigating risk and a commercial and legal interaction including sales activities or behaviors. The mere nominal recitation of a ***merchant device, a computer, a database, a communication device, a stored value product processor in communication with memory to process instructions stored in memory*** do not take the claim out of the methods of organizing human activity grouping. Thus, the claims recite an abstract idea. Under Step 2A, Prong Two of the Patent Subject Matter Eligibility analysis (see MPEP 2106.04), the judicial exception is not integrated into a practical application. In particular, the additional elements of a computer-implemented method; a financial credentials authentication system, comprising: a storage medium; and a processor configured to perform claim functions; a non-transitory machine-readable medium comprising instructions, which when executed by a processor cause the processor to perform operations comprising claim functions; and an electronic device are recited at a high-level of generality (i.e., as a generic computer components performing generic computer functions obtaining financial credential data, determining whether the data is valid, and determining whether to authorize or reject a transaction based on the credential data) such that it amounts to no more than generally linking the use of the judicial exception to a particular technological environment or field of use (e.g., a computer network).-see MPEP 2106.05(h). Accordingly, the combination of the additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea. Under Step 2B of the Patent Subject Matter Eligibility analysis (see MPEP 2106.05), the claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements in the claims amount to no more than generally linking the use of the judicial exception to a particular technological environment or field of use (see MPEP 2106.05(h)). Generally linking the use of the judicial exception to a particular technological environment or field of use using generic computer components cannot provide an inventive concept. The claims are not patent eligible. The dependent claims have been given the full two part analysis including analyzing the additional limitations both individually and in combination. The dependent claim(s) when analyzed both individually and in combination are also held to be patent ineligible under 35 U.S.C. 101 because for the same reasoning as above and the additional recited limitation(s) fail(s) to establish that the claim(s) is/are not directed to an abstract idea. Dependent claims 2-12 and 14-18 simply help to define the abstract idea. The additional limitations of the dependent claim(s) when considered individually and as an ordered combination do not amount to significantly more than the abstract idea. Viewing the claim limitations as an ordered combination does not add anything further than looking at the claim limitations individually. When viewed either individually, or as an ordered combination, the additional limitations do not amount to a claim as a whole that is significantly more than the abstract idea. Accordingly, claims 1-20 are ineligible. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-8, 13-17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20230006844 A1 (“Cohen”) in view of US 20230273985 A1 (“Suchan”). Regarding claim 1, Cohen discloses a computer-implemented method to authenticate a user's financial credentials, comprising: receiving a request to authenticate financial credentials of a user (The computer cookie is received during a login attempt to the account. The received computer cookie may be received with or in place of authentication information (e.g., a username and/or password), and may be requested for use with passwordless authentication, reduced authentication requirements, and/or increased trust (e.g., for more sensitive computing operations). See at least [0061]. Credentials may be for a financial payment account such as Paypal, see at least [0012]. See also FIG. 4A, step 402-408.); determining, whether the financial credentials have been preliminarily authenticated based on static data indicative of the financial credentials of the user (The computer cookie includes a “static” cookie that corresponds to a portion, identifier, or value for the cookie. See at least [0016]. A login by a device to an account with a service provider is detected. The login may correspond to entry of authentication information and/or other authentication that a device and/or user is authorized to use the account. In some embodiments, this may be a first login or may be a subsequent login where a computer cookie having at least a static identifier is provided. If this is a first login, a static identifier and a dynamic value for a computer cookie is generated for the device. Once generated and combined, at step 406 the computer cookie is stored on the device, this includes storing the entire computer cookie so it can be provided during a subsequent login. See at least [0059]-[0060]. See also FIG. 4A, step 402-410. The Examiner interprets determining existence of the cookie which was created at a user’s first login as determining whether financial credentials have been preliminarily authenticated based on static data.); in response to a determination that the financial credentials have been preliminarily authenticated, receiving dynamic data indicative of the financial credentials of the user, wherein the dynamic data are provided (it is determined whether a dynamic value of the received computer cookie matches an expected value of the dynamic value of the computer cookie stored by the service provider system. See at least [0061] and FIG. 4A, step 410-412.) determining whether the dynamic data are valid; and in response to a determination that the dynamic data are valid, validating the financial credentials of the user (When performing the matching of the dynamic value to the expected stored value, the service provider may utilize the device's information, such as an identifier or fingerprint, to retrieve the expected stored value for the dynamic value of the computer cookie. Other information may also be utilized in order to receive the expected stored value, such as an authentication credential or other account identifying information that may allow for retrieval of the expected stored value for the particular account. The service provider may then compare the dynamic value, in the computer cookie received from the device requesting the login, to the expected stored value stored with the service provider. Based on this comparison, at step 414, it is determined whether to authenticate a use of the account based on whether the dynamic values match. In various embodiments, that may include approving the login. See at least [0062] and see also FIG. 4A, step 414.). While Cohen discloses dynamic data is provided, Cohen does not expressly disclose dynamic data is provided by an electronic device of the user. However, Suchan discloses dynamic data is provided by an electronic device of the user (User entering biometric data on their device to authenticate, see at least [0141], [0150]-[0151] and FIG. 7F-7G.). From the teaching of Suchan, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify the providing of the dynamic data to be from an electronic device of the user, as taught by Suchan, in order to improve efficiency of authenticating a user (see Suchan at least at [0006]), and in order to improve user experience and privacy and security (see Suchan at least at [0035]). Regarding claim 2, the combination of Cohen and Suchan discloses the limitations of claim 1, as discussed above, and Cohen further discloses in response to a determination that the dynamic data are valid, requesting a financial institution to authorize a financial transaction (When performing the matching of the dynamic value to the expected stored value, the service provider may utilize the device's information, such as an identifier or fingerprint, to retrieve the expected stored value for the dynamic value of the computer cookie. Other information may also be utilized in order to receive the expected stored value, such as an authentication credential or other account identifying information that may allow for retrieval of the expected stored value for the particular account. The service provider may then compare the dynamic value, in the computer cookie received from the device requesting the login, to the expected stored value stored with the service provider. Based on this comparison, at step 414, it is determined whether to authenticate a use of the account based on whether the dynamic values match. See at least [0062] and see also FIG. 4A, step 414. For example, a service provider, such as an online transaction processor (e.g., PayPal®), may provide services to users, including electronic transaction processing that allows merchants, users, and other entities to process transactions, provide payments, and/or transfer funds between these users, see at least [0011]-[0012]. See also [0013], [0019]. Service provider may be a payment provider, see at least [0026]-[0028].); and in response to a determination that the dynamic data are not valid, requesting the financial institution to decline the financial transaction (If the dynamic values do not match, authentication may be refused. See at least [0070]. See also [0068]. For example, a service provider, such as an online transaction processor (e.g., PayPal®), may provide services to users, including electronic transaction processing that allows merchants, users, and other entities to process transactions, provide payments, and/or transfer funds between these users, see at least [0011]-[0012]. See also [0013], [0019]. Service provider may be a payment provider, see at least [0026]-[0028].). Regarding claim 3, the combination of Cohen and Suchan discloses the limitations of claim 2, as discussed above, and Cohen further discloses determining whether the dynamic data are valid comprises: comparing the dynamic data provided by the electronic device with a second dynamic data (determining whether dynamic value of the computer cookie matches the dynamic value stored in the database of the service provider. See at least [0061].); and determining the dynamic data are valid in response to determining that the dynamic data match the second dynamic data (When performing the matching of the dynamic value to the expected stored value, the service provider may utilize the device's information, such as an identifier or fingerprint, to retrieve the expected stored value for the dynamic value of the computer cookie. Other information may also be utilized in order to receive the expected stored value, such as an authentication credential or other account identifying information that may allow for retrieval of the expected stored value for the particular account. The service provider may then compare the dynamic value, in the computer cookie received from the device requesting the login, to the expected stored value stored with the service provider. Based on this comparison, at step 414, it is determined whether to authenticate a use of the account based on whether the dynamic values match. See at least [0062] and see also FIG. 4A, step 414); and determining the dynamic data are not valid in response to determining that the dynamic data do not match the second dynamic data (If the dynamic values do not match, authentication may be refused. See at least [0070].). Regarding claim 4, the combination of Cohen and Suchan discloses the limitations of claim 3, as discussed above, and Cohen further discloses determining, from the dynamic data, a value that is associated with a financial score of the user (Cookie identifier further includes dynamic value and, optionally, timestamp that may correspond to dynamic portions, identifiers, or values that are used for single use authentication and/or login and are changed at each subsequent login. See at least [0047]. See also [0044]. Financial payment account such as Paypal, see at least [0012]. The Examiner interprets timestamp which may be indicative of fraud of a transaction as being a value associated with a financial score.); determining, from the second dynamic data, a second value that is associated with the financial score of the user (Stored values for dynamic value and timestamp from the service provider's systems. See at least [0050]. See also [0044].); determining the dynamic data are valid in response to determining that the value matches the second value (Comparing and matching dynamic value and timestamp from cookie identifier to expected and stored values for dynamic value and timestamp from the service provider's systems. See at least [0050]. If the expected values for dynamic value and timestamp are matched, cookie identifier may not be compromised. See at least [0047]. By comparing and matching dynamic value and timestamp from cookie identifier to expected and stored values for dynamic value and timestamp from the service provider's systems, authentication may be reduced and/or device trust may be increased. See at least [0050].); and determining the dynamic data are not valid in response to determining that the value does not match the second value (Cookie identifier includes cookie data, which may include individual identifiers, portions, or values added for a static identifier, a dynamic value, and/or, optionally, a timestamp. See at least [0044]. If the expected values for dynamic value and timestamp are matched, cookie identifier may not be compromised. See at least [0047]. By comparing and matching dynamic value and timestamp from cookie identifier to expected and stored values for dynamic value and timestamp from the service provider's systems, authentication may be reduced and/or device trust may be increased. See at least [0050].) Regarding claim 5, the combination of Cohen and Suchan discloses the limitations of claim 4, as discussed above, and Cohen further discloses determining, from the dynamic data, a first set of numerical values that are associated with the financial score of the user (Cookie identifier further includes dynamic value and, optionally, timestamp that may correspond to dynamic portions, identifiers, or values that are used for single use authentication and/or login and are changed at each subsequent login. See at least [0047]. See also [0044]. Financial payment account such as Paypal, see at least [0012]. The Examiner interprets timestamp and dynamic value as a set of numerical values.), wherein each numerical value of the first set of numerical values represents a portion of the value (Cookie identifier is shown that requires numbers, characters, symbols, timestamps, or the like that may be added to a computer cookie. See at least [0044] and FIG. 2.); determining, from the dynamic data, a second set of numerical values that are associated with the financial score of the user (Stored values for dynamic value and timestamp from the service provider's systems. See at least [0050]. See also [0044].), wherein each numerical value of the second set of numerical values represents a portion of the second value (Cookie identifier is shown that requires numbers, characters, symbols, timestamps, or the like that may be added to a computer cookie. See at least [0044] and FIG. 2.); determining the dynamic data are valid in response to determining that each value of the first set of values matches a corresponding value of the second set of values (Comparing and matching dynamic value and timestamp from cookie identifier to expected and stored values for dynamic value and timestamp from the service provider's systems. See at least [0050]. If the expected values for dynamic value and timestamp are matched, cookie identifier may not be compromised. See at least [0047]. By comparing and matching dynamic value and timestamp from cookie identifier to expected and stored values for dynamic value and timestamp from the service provider's systems, authentication may be reduced and/or device trust may be increased. See at least [0050].); and determining the dynamic data are not valid in response to determining that a value of the first set of values does not match a corresponding value of the second set of values (Cookie identifier includes cookie data, which may include individual identifiers, portions, or values added for a static identifier, a dynamic value, and/or, optionally, a timestamp. See at least [0044]. If the expected values for dynamic value and timestamp are matched, cookie identifier may not be compromised. See at least [0047]. By comparing and matching dynamic value and timestamp from cookie identifier to expected and stored values for dynamic value and timestamp from the service provider's systems, authentication may be reduced and/or device trust may be increased. See at least [0050].). Regarding claim 6, the combination of Cohen and Suchan disclose the limitations of claim 5, as discussed above. Cohen does not expressly disclose determining, for each respective value of the first set of values, whether the respective value is within a threshold range of a corresponding value of the second set of values; determining that the respective value matches the corresponding value if the respective value is within the threshold range of the corresponding value; and determining that the respective value does not match the corresponding value if the respective value is not within the threshold range of the corresponding value. However, Suchan discloses determining, for each respective value of the first set of values, whether the respective value is within a threshold range of a corresponding value of the second set of values; determining that the respective value matches the corresponding value if the respective value is within the threshold range of the corresponding value (the biometric information is compared to enrolled biometric information (e.g., compare obtained iris scan to stored iris print and/or compare current eye information to eye information from previous frame), wherein a determination whether the user authentication criterion is met is based on the comparison of the biometric information to the enrolled biometric information (e.g., user authentication criterion satisfied if comparison meets sufficient similarity threshold (e.g., 95% similarity)). In some embodiments, a first level (e.g., complete or high-fidelity) iris features verification is performed, and at a later time (e.g., one hour later), a second level (e.g., tracking eye information for continuity) iris features verification is performed in order to link the first level iris features verification to the performance criteria for initiating performance of the secure operation. Requiring biometric authentication in addition to user authorization for a secure operation provides improved security/privacy by adding a layer of biometric verification specific to user requesting authorization. See at least [0175]. Biometrics include eye data, fingerprint data, facial data, etc. See at least [0198]); and determining that the respective value does not match the corresponding value if the respective value is not within the threshold range of the corresponding value (the biometric information is compared to enrolled biometric information (e.g., compare obtained iris scan to stored iris print and/or compare current eye information to eye information from previous frame), wherein a determination whether the user authentication criterion is met is based on the comparison of the biometric information to the enrolled biometric information (e.g., user authentication criterion satisfied if comparison meets sufficient similarity threshold (e.g., 95% similarity)). See at least [0175]. a determination that the user authentication criterion is not met (e.g., device is unable to obtain a sufficient iris features scan, first level iris features verification result indicates iris features scan does not match reference scan, or user declines to provide iris features verification), a prompt (e.g., 728) is provided (e.g., displaying, via the display generation component (e.g., 120 and/or 700a)) to enable authentication with a passcode (e.g., a button the user activates to invoke a passcode entry interface). In some embodiments, the prompt (e.g., 704) includes a passcode entry portion and an affordance to decline passcode entry. Requiring passcode authentication after biometric authentication failure provides improved security/privacy by providing backup options for verifying a user's identity. See at least [0182].) From the teaching of Suchan, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify the determining of Cohen to determining, for each respective value of the first set of values, whether the respective value is within a threshold range of a corresponding value of the second set of values; determining that the respective value matches the corresponding value if the respective value is within the threshold range of the corresponding value; and determining that the respective value does not match the corresponding value if the respective value is not within the threshold range of the corresponding value, as taught by Suchan, in order to improve efficiency of authenticating a user (see Suchan at least at [0006]), and in order to improve user experience and privacy and security (see Suchan at least at [0035]). Regarding claim 7, the combination of Cohen and Suchan disclose the limitations of claim 6, as discussed above, and Cohen further discloses determining that the respective value matches the corresponding value if the respective value is identical to the corresponding value (When performing the matching of the dynamic value to the expected stored value, the service provider may utilize the device's information, such as an identifier or fingerprint, to retrieve the expected stored value for the dynamic value of the computer cookie. Other information may also be utilized in order to receive the expected stored value, such as an authentication credential or other account identifying information that may allow for retrieval of the expected stored value for the particular account. The service provider may then compare the dynamic value, in the computer cookie received from the device requesting the login, to the expected stored value stored with the service provider. Based on this comparison, at step 414, it is determined whether to authenticate a use of the account based on whether the dynamic values match. See at least [0062] and see also FIG. 4A, step 414); and determining that the respective value does not match the corresponding value if the respective value is not identical to the corresponding value (If the dynamic values do not match, authentication may be refused. See at least [0070].). Regarding claim 8, the combination of Cohen and Suchan disclose the limitations of claim 4, as discussed above. Cohen does not expressly disclose determining that the value matches the corresponding value if the value is within a threshold range of the second value; and determining that the value does not match the corresponding value if the value is not within the threshold range of the second value. However, Suchan discloses determining that the value matches the corresponding value if the value is within a threshold range of the second value (the biometric information is compared to enrolled biometric information (e.g., compare obtained iris scan to stored iris print and/or compare current eye information to eye information from previous frame), wherein a determination whether the user authentication criterion is met is based on the comparison of the biometric information to the enrolled biometric information (e.g., user authentication criterion satisfied if comparison meets sufficient similarity threshold (e.g., 95% similarity)). In some embodiments, a first level (e.g., complete or high-fidelity) iris features verification is performed, and at a later time (e.g., one hour later), a second level (e.g., tracking eye information for continuity) iris features verification is performed in order to link the first level iris features verification to the performance criteria for initiating performance of the secure operation. Requiring biometric authentication in addition to user authorization for a secure operation provides improved security/privacy by adding a layer of biometric verification specific to user requesting authorization. See at least [0175]. Biometrics include eye data, fingerprint data, facial data, etc. See at least [0198]); and determining that the value does not match the corresponding value if the value is not within the threshold range of the second value (the biometric information is compared to enrolled biometric information (e.g., compare obtained iris scan to stored iris print and/or compare current eye information to eye information from previous frame), wherein a determination whether the user authentication criterion is met is based on the comparison of the biometric information to the enrolled biometric information (e.g., user authentication criterion satisfied if comparison meets sufficient similarity threshold (e.g., 95% similarity)). See at least [0175]. a determination that the user authentication criterion is not met (e.g., device is unable to obtain a sufficient iris features scan, first level iris features verification result indicates iris features scan does not match reference scan, or user declines to provide iris features verification), a prompt (e.g., 728) is provided (e.g., displaying, via the display generation component (e.g., 120 and/or 700a)) to enable authentication with a passcode (e.g., a button the user activates to invoke a passcode entry interface). In some embodiments, the prompt (e.g., 704) includes a passcode entry portion and an affordance to decline passcode entry. Requiring passcode authentication after biometric authentication failure provides improved security/privacy by providing backup options for verifying a user's identity. See at least [0182].). From the teaching of Suchan, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify the determining of Cohen to determine that the value matches the corresponding value if the value is within a threshold range of the second value; and determining that the value does not match the corresponding value if the value is not within the threshold range of the second value, as taught by Suchan, in order to improve efficiency of authenticating a user (see Suchan at least at [0006]), and in order to improve user experience and privacy and security (see Suchan at least at [0035]). Regarding claim 11, the combination of Cohen and Suchan disclose the limitations of claim 3, as discussed above, and Cohen further discloses dynamically updating the second dynamic data (e service provider performing the valid authentication may generate a new dynamic value or update the dynamic value to a new identifier, such as a new alphanumeric identifier, hash value, encrypted value, or other like. In such embodiments, the service provider may then store, locally to a database accessible and/or trusted by the service provider, the new dynamic value. See at least [0066].). Regarding claim 12, the combination of Cohen and Suchan disclose the limitations of claim 1, as discussed above. Cohen does not expressly disclose providing a result to the electronic device. However, Suchan discloses providing a result to the electronic device (electronic device provides an indication to user that user authorization of the autofill function was successful. In particular, electronic device modifies (or otherwise replaced with an additional interface) authorization interface to include a positive indication that user authorization of the autofill function was successful (e.g., a “check” mark next to text “Done”). See at least [0142] and FIG. 7E.). From the teaching of Suchan, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify Cohen to provide a result to the electronic device, as taught by Suchan, in order to improve efficiency of authenticating a user (see Suchan at least at [0006]), and in order to improve user experience and privacy and security (see Suchan at least at [0035]). Claim 13 has similar limitations found in claim 1 above, and therefore is rejected by the same art and rationale. Claim 14 has similar limitations found in claim 3 above, and therefore is rejected by the same art and rationale. Claim 15 has similar limitations found in claim 4 above, and therefore is rejected by the same art and rationale. Claim 16 has similar limitations found in claim 5 above, and therefore is rejected by the same art and rationale. Claim 17 has similar limitations found in claim 6 above, and therefore is rejected by the same art and rationale. Claim 19 has similar limitations found in claims 1-2 above, and therefore is rejected by the same art and rationale. No Prior Art Rejections Based on the prior art search results, the prior art of record fails to anticipate or render obvious the claimed subject matter of claims 9-10 and 18. While some individual features of claims 9-10 and 18 may be shown in the prior art of record: no known reference, alone or in combination, would provide the invention of claims 9-10 and 18. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 11605078 B1 (“Adam”) discloses authorizing a payment card transaction using a dynamic code accessed from a first device and a presence of a second device. The dynamic code can be accessed on a first device when the second device is within a proximity of the first device (e.g., electronically paired using a short-range communication protocol, on the same local area network). The system can receive a request for authorization of a transaction using the payment card and can include a verification code associated with the payment card and an identifier of the payment card, and the payment card can have the associated dynamic code. The verification code can be compared with a value of the dynamic code at the time of the transaction. In response to the verification code matching the dynamic code at the time of the transaction, the system can authorize the transaction. US 9749308 B2 (“Jones”) discloses assessing network authentication requirements based on situational instance. In this regard, the invention dynamically determines specific user authentication requirements for accessing a service or executing an activity based on the determining the user's network connections, geographic location, and applications, in real-time. The invention provides a novel method for employing activity data provided by a plurality of users associated with historical activity information to vary the authentication requirements dynamically. Another aspect of the invention is directed to constructing geographic maps with predefined physical areas and overlaying graphical representations of activity data on the maps, in real-time. Any inquiry concerning this communication or earlier communications from the examiner should be directed to RAVEN E YONO whose telephone number is (313)446-6606. The examiner can normally be reached Monday - Friday 8-5PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bennett M Sigmond can be reached at (303) 297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /RAVEN E YONO/Primary Examiner, Art Unit 3694