DETAILED ACTION
This rejection is in response to application filed 03/26/2024.
Claims 1-19 are currently pending and have been examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (an abstract idea) without significantly more.
Under Step 1 of the Subject Matter Eligibility Test, it must be considered whether the claims are directed to one of the four statutory classes of invention. See MPEP § 2106. In the instant case, claims 1-8 are directed to a method, claims 9-15 are directed to a non-transitory computer readable medium, claims 16-19 are directed to a system which falls within one of the four statutory categories of invention(process/apparatus). Accordingly, the claims will be further analyzed under revised step 2:
Under step 2A (prong 1) of the Subject Matter Eligibility Test, it must be considered whether the claims recite a judicial exception if so, then determine in Prong Two if the recited judicial exception is integrated into a practical application of that exception. If the claim recites a judicial exception (i.e., an abstract idea), the claim requires further analysis in Prong Two. One of the enumerated groupings of abstract ideas is defined as certain methods of organizing human activity that includes fundamental economic principles or practices (including hedging, insurance, mitigating risk); commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations); managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions). See MPEP § 2106.04(a)(2).
Regarding representative independent claim 1, recites the abstract idea of:
receiving, …, a proxy from a first party, the proxy unique to a user;
retrieving, …, masked data based on the proxy, the masked data including an indicator of at least one account, the indicator being independent of an account number specific to the at least one account;
causing, …, the masked data to be displayed to the user, …, whereby the user is informed of the masked data prior to being authenticated;
receiving, …, a selection of one of the at least one account; and in response to the selection of the one of the at least one account: authenticating, …, the user; and in response to authenticating the user, transmitting, …, an account payload to the first party.
The above-recited limitations amounts to certain methods of organizing human activity associated with sales activities and commercial interaction such as receiving a proxy, retrieving and causing display of masked data, and in response to receiving a selection of an account, authenticate the user and transmit account payload. Such concepts have been considered ineligible certain methods of organizing human activity by the Courts. See MPEP § 2106.
The Step 2A (prong 2) of the Subject Matter Eligibility Test, is the next step in the eligibility analyses and looks at whether the abstract idea is integrated into a practical application. This requires an additional element or combination of additional elements in the claims to apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the exception. See MPEP § 2106.
In this instance, the claims recite the additional elements such as:
A computer-implemented method for use in reducing friction in network-based communication, the method comprising:…, at a platform computing device, …; retrieving, …, masked data based on the proxy, the masked data including an indicator of at least one account, the indicator being independent of an account number specific to the at least one account; …, by the platform computing device,…, at a communication device of the user, …; …, by the platform computing device, …; and …, by the platform computing device, …; and …, by the platform computing device, …. (Claim 1);
…, at the communication device (Claims 4, 12, and 19);
… the communication device … (Claims 5, 13, and 18);
… a website of the first party; and … via the website of the first party (Claim 6);
A non-transitory computer readable storage medium including executable instructions for use in reducing friction in network-based communication, which when executed by at least one processor of a platform, cause the at least one processor to:…, at a communication device of the user, … (Claim 9);
… when executed by the at least one processor, cause the at least one processor,… (Claims 12, 13, and 15);
A system for use in reducing friction in network-based communication, the system comprising: a platform computing device, which is configured to:…, at a communication device of the user, ...(Claim 16).
However, these elements do not amount to an improvement in the functioning of a computer or any other technology or technical field, apply the judicial exception with, or by use of, a particular machine, or apply or use the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception.
Independent claims and dependent claims also fail to recite elements which amount to an improvement in the functioning of a computer or any other technology or technical field, apply the judicial exception with, or by use of, a particular machine, or apply or use the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception. For example, independent claims and dependent claims are directed to the abstract idea itself and do not amount to an integration according to any one of the considerations above.
Step 2B is the next step in the eligibility analyses and evaluates whether the claims recite additional elements that amount to an inventive concept (i.e., “significantly more”) than the recited judicial exception. According to Office procedure, revised Step 2A overlaps with Step 2B, and thus, many of the considerations need not be re-evaluated in Step 2B because the answer will be the same. See MPEP § 2106.
In Step 2A, several additional elements were identified as additional limitations:
A computer-implemented method for use in reducing friction in network-based communication, the method comprising:…, at a platform computing device, …; retrieving, …, masked data based on the proxy, the masked data including an indicator of at least one account, the indicator being independent of an account number specific to the at least one account; …, by the platform computing device,…, at a communication device of the user, …; …, by the platform computing device, …; and …, by the platform computing device, …; and …, by the platform computing device, …. (Claim 1);
…, at the communication device (Claims 4, 12, and 19);
… the communication device … (Claims 5, 13, and 18);
… a website of the first party; and … via the website of the first party (Claim 6);
A non-transitory computer readable storage medium including executable instructions for use in reducing friction in network-based communication, which when executed by at least one processor of a platform, cause the at least one processor to:…, at a communication device of the user, … (Claim 9);
… when executed by the at least one processor, cause the at least one processor,… (Claims 12, 13, and 15);
A system for use in reducing friction in network-based communication, the system comprising: a platform computing device, which is configured to:…, at a communication device of the user, ...(Claim 16).
These additional limitations, including the limitations in the independent claims and dependent claims, do not amount to an inventive concept because the recitations above do not amount to an improvement in the functioning of a computer or any other technology or technical field, apply the judicial exception with, or by use of, a particular machine, or apply or use the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception. In addition, they were already analyzed under Step 2A and did not amount to a practical application of the abstract idea.
For these reasons, the claims are rejected under 35 U.S.C. 101.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-19 are rejected under 35 U.S.C. 103 as being unpatentable over McCarthy et al. (US Pub. No. 20200065789 A1, “hereinafter McCarthy”) in view of Sahoo et al. (US Pub. No. 20190050600 A1, hereinafter “Sahoo”).
Regarding claims 1, 9, and 16
McCarthy discloses a computer-implemented method for use in reducing friction in network-based communication, the method comprising (McCarthy, [0017]: networks; [0018]:computer implemented and reduced integration complexity):
receiving, at a platform computing device, a proxy from a first party, the proxy unique to a user (McCarthy, [0019]: a secure remote commerce (SRC) platform; [0020]: Each SRC system 102 coordinates messages and transactions among transaction participants (including the customer, the DSA 106, the SRCI 108 and the DCF 110) in order to facilitate remote card payments; [0022]: SRCI 108 may be operated by a merchant; FIG. 1, [0025]: SRCI exchanges SRC data (e.g. consumer’s email and phone number) with SRC);
retrieving, by the platform computing device, masked data based on the proxy, the masked data including an indicator of at least one account, the indicator being independent of an account number specific to the at least one account; causing, by the platform computing device, the masked data to be displayed to the user, at a communication device of the user, …(McCarthy, [0043]: card and consumer information is returned as message as masked to SRCI such as masked Cards (e.g. link to card art image, payment network ID, etc.); [0047]: SRCI is provided with masked card data; FIG. 9C, [0067]: As shown in FIG. 9C, a display is presented to the user which shows cards that may be selected for use by the user. The display may show card art associated with each card);
receiving, by the platform computing device, a selection of one of the at least one account; and in response to the selection of the one of the at least one account: authenticating, by the platform computing device, the user; and in response to authenticating the user, transmitting, by the platform computing device, an account payload to the first party (McCarthy, [0025]: Other messages between the SRCI 108 and SRC system 102 include payload data which is created by the SRC system 102 and sent to the SRCI 108 to enable payment authorization to be performed. The payload data may include consumer information (such as, for example, email and phone number), information identifying the digital card selected for use in the transaction by the user; FIGS. 3A-3B, [0050]: SRCI collects selection from consumer of which card to use for the transaction, SRCI 108 invokes a payload request API to retrieve the payload directly from the SRC 102 and SRCI 108 then uses the encrypted payload to create a standard payment system authorization request message to request authorization of the transaction transmitted to a payment network and an authorization response is communicated from SRCI to SRC); [0034] The clientAuthorization (or Client Digital authorization) will be used in order to certify that the payload can be accessed by the requesting SRCI 108. This is meant to enable the payload retrieval by the merchant server; [0037]: SRCI makes a payload request to an SRC 102 in order to receive an encrypted payload which contains a consumer's selected payment card information and then identity of SRCI is authenticated to ensure that the encrypted payload is provided to authenticated entities; [0022]: SRCI 108 may be operated by a merchant).
McCarthy does not teach:
whereby the user is informed of the masked data prior to being authenticated.
However, Sahoo teaches
whereby the user is informed of the masked data prior to being authenticated (Sahoo, FIGS. 5A, 5C and 5D, [0036]: FIG. 5A, displays masked version of notification message to user before user authentication. FIG. 5C, swiping right on the displayed masked notification message 320 may cause an alternate user interface element 510 to be displayed to allow the user to request presentation of the unmasked version of the notification message. For instance, upon selecting the interface element 510, a user authentication prompt 515 may be presented on the user interface such as illustrated in FIG. 5D where the authentication may only authenticate the user to allow presentation of the unmasked notification message).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to have modified the masked data and user authentication of McCarthy with informing the user of masked data prior to being authenticated as taught by Sahoo because the results of such a modification would be predictable. Specifically, McCarthy would continue to teach the masked data and user authentication except that now informing the user of masked data prior to being authenticated is taught according to the teachings of Sahoo in order to hide sensitive information. This is a predictable result of the combination. (Sahoo, [0036]).
Regarding claims 2 and 10
The combination of McCarthy and Sahoo teaches the computer-implemented method of claim 1, wherein the at least one account includes a first account and a second account; wherein the indicator of the first account includes a name of the first account and the indicator of the second account includes a name of the second account; and wherein the selection of the one of the at least one account includes a selection of the first account (McCarthy, [0027]: one or more payment accounts for consumer; [0035]: The cardAuthorization should contain a unique identifier that corresponds to the card; [0043]: card information associated with the consumer in a complex object referred to as “maskedCards” including access to card art image; [0050]: collects selections and other information from the consumer (e.g., such as a selection of which card from the “maskedCards” data the consumer wishes to use in the transaction); FIG. 9C, [0067] As shown in FIG. 9C, a display is presented to the user which shows cards that may be selected for use by the user. The display may show card art associated with each card as well as a name or other information associated with each card).
Regarding claims 3 and 11
The combination of McCarthy and Sahoo teaches the computer-implemented method of claim 2, wherein the indicator for the first account includes card art for the first account (McCarthy, [0027]: one or more payment accounts for consumer; [0043]: access to card art image; [0050]: collects selections and other information from the consumer (e.g., such as a selection of which card from the “maskedCards” data the consumer wishes to use in the transaction); FIG. 9C, [0067] As shown in FIG. 9C, display may show card art associated with each card).
Regarding claims 4, 12, and 19
The combination of McCarthy and Sahoo teaches the computer-implemented method of claim 1, wherein authenticating the user includes: generating and transmitting a first one-time-passcode (OTP) to the user, at the communication device; receiving a second OTP from the user, via the first party; and matching the first OTP to the second OTP, whereby a match indicates the user being authenticated successfully (McCarthy, FIG. 4A, [0045]:authentication includes processing in which the SRCI 108 interacts with an Identity Verification API (shown in FIG. 4A at message [05]) with the SRC system 102 resulting in a one-time password (“OTP”) being sent out of band to the consumer (e.g., to the consumer's email or phone), and the consumer's identity is thereby authenticated. Once the consumer has been authenticated at 212, the SRCI 108 again attempts to identify the appropriate SRC 102 to complete the checkout process (as described above). Once the appropriate SRC 102 is identified, processing continues at 208 as the SCM 108 interacts with the appropriate SRC 102 to complete the checkout process).
Regarding claims 5, 13, and 18
The combination of McCarthy and Sahoo teaches the computer-implemented method of claim 1, further comprising receiving a device identifier (ID) specific to the communication device with the selection of the one of the at least one account; and wherein authenticating the user includes authenticating the user based on the device ID, without any further data from the user (McCarthy, [0036]: user authenticated via identifier for telephone device and recognized users are issued a cryptographically signed JWT vouching for the user's identity; [0044] performing an Identity Lookup at [03] to transmit consumer information (such as phone number) to the SRC systems 102a-n to determine if any recognize the consumer based on that information. If an SRC system 102 recognizes the consumer, processing continues at 212 where the consumer is authenticated; [0045]: authentication includes processing in which the SRCI 108 interacts with an Identity Verification API to authenticate using phone number of consumer; [0032]: authorization based on identifier corresponding to device).
Regarding claim 6
The combination of McCarthy and Sahoo teaches the computer-implemented method of claim 5, wherein authenticating the user is further based on a recognition token associated with a website of the first party; and wherein receiving the proxy includes receiving the proxy via the website of the first party (McCarthy, [0032] The appInstanceAuthorization is a long-lived authorization that is meant to allow access to cards and/or consumer information that has been bound to a consumer's browser; [0036] When an authorization involves a browser, user authenticated via identifier for telephone device and recognized users are issued a cryptographically signed JWT vouching for the user's identity; [0044] performing an Identity Lookup at [03] to transmit consumer information (such as phone number) to the SRC systems 102a-n to determine if any recognize the consumer based on that information. If an SRC system 102 recognizes the consumer, processing continues at 212 where the consumer is authenticated; [0037] These authorizations are used, for example, as bearer tokens; [0042]: an appInstanceIdentifier (identifying the user's browser or application); [0038]: If the receiving SRC 102 is able to authenticate the token(s), it responds with an “appInstanceIdentifier” which is used to identify the connecting application instance in future sessions. Other bearer tokens may be used, although JWT tokens are believed to provide particularly desirable results in systems of the present invention; [0030]: web token; [0024] The browser 104 is a web browser or other application associated with a user device).
Regarding claims 7 and 14
The combination of McCarthy and Sahoo teaches the computer-implemented method of claim 1, wherein the proxy includes a phone number specific to the user and/or an email address associated with the user (McCarthy, [0036] When an authorization involves a browser, a consumer identity is established via a natural-identifier such as the consumer's email and/or phone number used to authenticate the user).
Regarding claims 8 and 15
The combination of McCarthy and Sahoo teaches the computer-implemented method of claim 7, wherein the account payload includes a payment account credential for the account; and further comprising, receiving an authorization request including the payment account credential, from an acquirer institution associated with the first party (McCarthy, [0025]: credentials to facilitate the secure exchange of data between participants such as different entities and devices and payload data which is created by the SRC system 102 and sent to the SRCI 108 to enable payment authorization to be performed; [0020]: different entities (e.g. Mastercard); [0021]: different entities (e.g. an financial account issuer, a merchant, a browser provider); [0026]: the generation of transaction credentials which can be used to transact through an acquiring channel; [0027]: one or more financial institutions that function as acquirers or issuers of payment accounts; [0050]: Collect selections from consumers of which payment account is selected which is provided to DCF 110 that then requests that the SRC 102 prepare transaction credentials. The SRC 102 upon receipt of the request to prepare transaction credentials, responds with a transaction identifier, an expiry of the transaction credentials, and an encrypted payload that provides a standardized, consistent and secure set of customer payment information that is provided to merchants (through SRCIs) to facilitate transactions and receive communication).
Regarding claim 17
The combination of McCarthy and Sahoo teaches the system of claim 16, wherein the at least one account includes a first account and a second account; wherein the indicator of the first account includes a name of the first account and card art for the first account; and wherein the indicator of the second account includes a name of the second account and card art for the second account (McCarthy, [0027]: one or more payment accounts for consumer; [0035]: The cardAuthorization should contain a unique identifier that corresponds to the card; [0043]: card information associated with the consumer in a complex object referred to as “maskedCards” including access to card art image; [0050]: collects selections and other information from the consumer (e.g., such as a selection of which card from the “maskedCards” data the consumer wishes to use in the transaction); FIG. 9C, [0067] As shown in FIG. 9C, a display is presented to the user which shows cards that may be selected for use by the user. The display may show card art associated with each card as well as a name or other information associated with each card).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is cited as Hardt et al. (US 12314430 B1) related to protecting a user's private data and information regarding their browsing and other on-line activities, Parento et al. (US Pub. No. 20190108508 A1) conducting payment transactions using mobile devices, and non-patent literature, Unbreakable distributed storage with quantum key distribution network and password-authenticated secret sharing, related to a password-authenticated secret sharing scheme and masking data.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LATASHA DEVI RAMPHAL whose telephone number is (571)272-2644. The examiner can normally be reached 11 AM - 7:30 PM (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey A. Smith can be reached at 5712726763. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LATASHA D RAMPHAL/Examiner, Art Unit 3688
/Jeffrey A. Smith/Supervisory Patent Examiner, Art Unit 3688