SYSTEMS AND METHODS FOR AUTHENTICATING A USER

§101 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims This action is in response to remarks received 12/30/2025. This application claims earliest priority from 18763802, filed 07/03/2024. Claims 21-24 are new and claims 14-16 and 19 cancelled. Claims 1, 2, 7-8, 10, 12 and 17-18 have been amended. Claims 1, 10 and 17 are independent claims and 2-9, 11-16 & 18-20 are dependent. Applicant’s arguments, see page 7, filed 12/30/2025, with respect to rejection under 35 USC 102 have been fully considered and are persuasive. The 35 USC 102 art rejection of the claims has been withdrawn. Claims 1-13, 17-18, and 20-24 are currently pending and have been examined. Response to Arguments Applicant's arguments filed 07/03/2024 have been fully considered but they are not persuasive. With respect to arguments under 35 USC 103, the arguments have been fully considered, however the examiner respectfully disagrees. Applicant’s arguments are not persuasive because they improperly attack Ho in isolation, whereas the rejection relies on the combination of Ho and McHUGH, and McHUGH teaches the disputed limitations, including encoding authentication-related information within transaction data (McHUGH ¶¶ [18-20, 46-47 & 83]). Accordingly, Applicant’s arguments directed to alleged deficiencies of Ho are moot in view of the combined teachings. With respect to arguments under 35 USC 101, the arguments have been fully considered, however the examiner respectfully disagrees. Unser Step 2A, Prong one, the Applicant argues that the claims do not recite a judicial exception and are not directed to certain methods of organizing human activity or mental processes. The examiner respectfully disagrees. The claims are directed to authentication of a user in a payment transaction environment, which constitutes a fundamental economic practice and commercial interaction, including verifying identity in a transaction. Such activities fall within the enumerated grouping of certain methods of organizing human activity. See MPEP § 2106.04(a)(2). Applicant further argues that the claims are integrated into a practical application. This argument is not persuasive. The additional elements, including a mobile device, card network, and smart card, merely implement the abstract idea using generic computer components performing their routine and conventional functions (e.g., receiving data, determining information, transmitting results). These elements do not impose a meaningful limit on the judicial exception and do not improve the functioning of the computer or another technology. Accordingly, the claims do not integrate the abstract idea into a practical application. Under Step 2B, the Applicant contends that the claims recite significantly more than the abstract idea. However, the additional elements, individually and in combination, amount to no more than well-understood, routine, and conventional activities previously known in the field of payment processing and authentication. The use of EMV data, authentication flags, and communication between a mobile device and a card network represents predictable use of known techniques. There is not indication of an inventive concept that transforms the abstract idea into patent-eligible subject matter. Accordingly, the claims remain directed to a judicial exception without significantly more, and the rejection under 35 U.S.C. § 101 is maintained. Claim Rejections – 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-13, 17-18, and 20-24 are rejected under 35 USC 101 because the claimed invention is directed to an abstract idea without significantly more. The claims do fall within at least one of the four categories of patent eligible subject matter because the independent claims 1 are directed to a process; Step 1-Yes. Under Step 2A, prong 1, representative claim 1 recites a series of steps for authenticating an identity, i.e. a fundamental economic process or commercial and legal interaction, and thus grouped as “Certain Methods of Organizing Human Activity”; and also can concepts performed in the human mind and thus grouped as “Mental processes”. The claim as a whole and the limitations in combination recite this abstract idea. Specifically, the limitations of representative claim 1, stripped of all additional elements, recite the abstract idea as follows: a method for authenticating a user, the method comprising: receiving first information at a card network, wherein received at least a portion of the first information from a smart card, and the first information is in a Europay-Mastercard-Visa (EMV) format; determining that the first information comprises an authentication flag added by the mobile device; authenticating an identity of the user by comparing the first information to second information associated with the user; and responsive to successfully authenticating the identity of the user, transmitting an indication of the authentication identity of the user. The claimed limitations, identified above, recite a process that, under its broadest reasonable interpretation, covers performance of a certain method of organizing human activity and mental processes, but for the recitation of generic computer components. There is nothing in the claim element which takes the steps out of the methods of organizing human activity abstract idea grouping. Claims 10 and 17 recite analogous limitations and is interpreted under the same premise. Under step 2A, Prong 2, this judicial exception is not integrated into a practical application. In particular, the claim only recites using generic, commercially available, off-the-shelf computing devices, i.e. processors suitably programmed communicating over a generic network, to perform the steps of establishing, receiving, determining, transmitting, and authenticating data as seen in claim 1. The additional elements (i.e. a card network, a database, and a mobile device) are recited at a high-level of generality (i.e.as generic processors with memory suitably programmed communication information over a generic network, see at least Fig. 4 and ¶¶ [81-87 & 186-191] of the specifications) such that it amounts no more than adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses computer as a tool to perform the abstract idea, see MPEP 2106.05(f) and generally linking the use of the judicial exception to a particular technological environment or field of use, see PEPE 2106.05(h). Furthermore, the steps for receiving and transmitting data are considered adding insignificant extra-solution activity to the judicial exception, see MPEP 2106.05(g). Accordingly, the additional elements claimed do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Claims 1, 10 and 17 are directed to an abstract idea. Under step 2B, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of using generic computer processors with memory suitably programmed communicating over a generic network to perform the limitation steps amounts no more than adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform the abstract idea, see MPEP 2106.05(f) and generally linking the use of the judicial exception to a particular technological environment or field of use, see MPEP 2106.05 (h). Furthermore, the step for receiving transaction details and transmitting blockchain data are considered adding insignificant extra-solution activity to the judicial exception, see MPEP 2106.05(g). Mere instructions to apply an exception using generic computer components interacting in a conventional manner cannot provide an inventive concept. Claims 1, 10 and 17 are not patent eligible. Applicant has leveraged generic computing elements to perform the abstract idea of without significantly more. The dependent claims when analyzed as a whole an in an ordered combination are held to be patent ineligible under 35 USC 101 because the additional recited limitations fail to establish that the claims are not directed to an abstract idea. The additional recited limitations in the dependent claims only refine the abstract idea. Further refinement of an abstract idea does not convert an abstract idea into something concrete. The claims merely amount to the application or instructions to apply the abstract idea (i.e. a series of steps for authenticating an identity) on one or more computers, and are considered to amount to nothing more than requiring a generic computer system (e.g. processors suitably programmed and communicating over a network) to merely carry out the abstract idea itself. As such, the claims, when considered as a whole, are nothing more than the instruction to implement the abstract idea (i.e. a series of steps for authenticating an identity) in a particular, albeit well-understood, routine and conventional technological environment. Accordingly, the Examiner concludes that there are no meaningful limitations in the claims that transform the judicial exception into a patent eligible application such that the claims amount to significantly more than the judicial exception itself or integrate the judicial exception into a practical application. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-4, 8-11, 17-18, 20 & 23 are rejected under 35 U.S.C. 103 as being unpatentable over Peter Ho (US 12,288,206 B1, herein Ho) in view of Katherine McHUGH et al. (US 2024/0303630 A1, herein McHUGH). As per claim 1, Ho teaches a method for authenticating a user, the method comprising: receiving, first information at a card network from a mobile device, wherein the mobile device received at least a portion of the first information from a smart card, […] (See Ho Fig. 3 at 306, column 4 lines 57-67, column 5 lines 1-27 and column 8 lines 48-65); determining, at the card network, that the first information comprises an authentication flag […] (Ho column 6 lines 12-39); authenticating, by the card network, an identity of the user by comparing the first information to second information associated with the user and stored in a database (Ho column 6 lines 25-39, column 9 lines 2-22 and column 10 lines 18-33) (see also McHUGH ¶¶ [50, 58, 73, 77 & 86] teach this limitation as well); and Ho does not explicitly disclose the following limitations, however, McHUGH teaches: receiving, first information at a card network from a mobile device, wherein the mobile device received at least a portion of the first information from a smart card, [and the first information is in a Europay-Mastercard-Visa (EMV) format] (McHUGH ¶¶ [46-47]); determining, at the card network, that the first information comprises an authentication flag added by the mobile device (McHUGH ¶¶ [18-20 & 83]); and responsive to successfully authenticating the identity of the user, transmitting, from the card network, an indication of the authentication of the identity of the user to the mobile device, the indication used by the mobile device to complete an authentication-related action (McHUGH ¶¶ [89, 97 & 105]). It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify Ho to utilize EMV-formatted transaction data as taught by McHUGH in order to standardize data formatting and ensure compatibility and interoperability with existing payment network infrastructure. Using EMV-compliant data strucutres for encoding authentication-related information represents a predictable use of known elements according to their established functions. As per claim 17, the claim recites analogous limitations as claim 1 above and rejected under the same premise. Claim 17 further disclose determining, at the card network, that the first information comprises an authentication flag, the authentication flag comprising a modification to transaction data of the first information (McHUGH ¶¶ [18-20 & 83] which disclose modifying transaction data fields to include authentication-related information); and As per claim 2, the combination of Ho and McHUGH teach the method of claim 1, Ho and McHUGH further teach: wherein: the mobile device receives the first information from the smart card via near field communication (NFC), and the first information is generated by an EMV applet on the smart card (Ho column 4 lines 4-20)(McHUGH ¶¶ [18-20, 41, 47, 53-55, 69-70, 76 & 88]). As per claim 18, the claim recites analogous limitations as claim 2 above and rejected under the same premise. As per claim 3, the combination of Ho and McHUGH teach the method of claim 1, Ho further teaches: wherein: the first information is transmitted to the card network from the mobile device via an acquirer, and the acquirer determines the card network from a plurality of card networks (Ho column 8 lines 48-67, column 9 lines 1-22 & column 10 lines 18-33). As per claim 19, the claim recites analogous limitations as claim 3 above and rejected under the same premise. As per claim 4, the combination of Ho and McHUGH teach the method of claim 3, Ho further teaches: wherein the identity information is not transmitted to the mobile device via the acquirer (Ho column 6 lines 7-24 and column 10 lines 1-17 & 34-50). As per claim 8, the combination of Ho and McHUGH teach the method of claim 1, Ho further teaches: wherein the authentication flag comprises a name, name prefix, name suffix, or combinations thereof (Ho column 5 lines 27-55, column 6 lines 25-39, column 7 lines 37-62, column 9 lines 1-22 & column 10 lines 18-33). As per claim 9, the combination of Ho and McHUGH teach the method of claim 1, Ho further teaches: wherein the second information associated with the user comprises communication information, and the card network transmits the identity information to a mobile application on the mobile device using the communication information (Ho column 9 lines 1-22 & column 10 lines 18-33). As per claim 10, Ho teaches a method for authenticating a user, the method comprising: receiving, at a mobile device, from a smart card via near field communication (NFC), first data, […] (see Ho column 4 lines 4-20, column 5 lines 28-55 and column 8 lines 48-65); generating, from the first data, second data comprising an authentication flag different from a zero-amount transaction, the authentication flag indicating a request for authentication (Ho column 6 lines 12-39 discloses transaction data used in an authentication process, but does not explicitly disclose that the authentication is indicated by a zero-amount transaction or by an authentication flag distinct from transaction amount.); transmitting the second data to a card network (Ho column 6 lines 10-39 and column 10 lines 34-50); receiving, from the card network, identity information authenticating the user (Ho column 6 lines 25-39 and column 7 lines 37-62); and responsive to successfully authenticating an identity of the user, performing, by the mobile device, an authentication-related action (Ho column 9 lines 23-45). Ho does not explicitly disclose the following limitations, however, McHUGH teaches: receiving, at a mobile device, from a smart card via near field communication (NFC), first data, [the first data in a Europay-Visa-Mastercard (EMV) format] (see McHUGH ¶ [47]); the motivation to combine the references is the same as seen above in claim 1. As per claim 11, the combination of Ho and McHUGH teach the method of claim 10, Ho further teaches: further comprising: receiving, from the user, via a first graphical user interface on a mobile application on the mobile device, an action requiring authentication (Ho column 5 lines 4-27 and column 6 lines 25-39); generating, at the mobile device, a second graphical user interface, requesting the user locate the smart card near the mobile device (Ho column 5 lines 27-55 and column 9 lines 30-45); and displaying the second graphical user interface on a display of the mobile device (Ho column 7 lines 37-62). As per claim 23, the combination of Ho and McHUGH teach the method of claim 17, McHUGH further teaches wherein: the modification to transaction data of the first information in the EMV format is performed by the mobile device to insert the authentication flag (McHUGH ¶ [20]). As per claims 21-22 and 24, it would have been obvious to a person of ordinary skill in the art to implement authentication-related indicators as specific data elements (e.g., flags, field values, or modified data fields) within transaction data, as structured data encoding of control or status information is well known in communication and payment protocols, including EMV systems as taught by McHUGH. The election of a particular encoding format (e.g., binary value, prefix-suffix, or modified field) represents a routine design choice yielding predictable results. Claims 5-7 are rejected under 35 U.S.C. 103 as being unpatentable over Ho in view of McHUGH and in further view of Erik T. Bogaard (US 10,339,525 B2). As per claim 5, the combination of Ho and McHUGH teach the method of claim 1, It can be argued the combination of Ho and McHUGH do not explicitly teach the following limitation; however, Bogaard teaches: wherein the identity information is transmitted from the card network to the mobile device directly (Bogaard column 36 lines 38-65). It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the combination of Ho and McHUGH with the confirmation of local marketplace transaction consummation for payment consummation of Bogaard in order to accept mobile payment from devices that are not themselves NFC-enabled (See Bogaard abstract, column 25 lines 65-67 and column 26 lines 1-3). As per claim 20, the claim recites analogous limitations as claim 5 above and rejected under the same premise. As per claim 6, the combination of Ho and McHUGH teach the method of claim 1, It can be argued the combination of Ho and McHUGH do not explicitly teach the following limitation; however, Bogaard teaches: wherein the authentication flag prevents the first information from being transmitted to an issuer (Bogaard column 35 lines 17-26, column 42 lines 6-15 & 23-51 and column 43 lines 4-12 & 35-45). It would have been obvious to a person of ordinary skill in the art to incorporate the functionality taught by Bogaard, into the system of Ho and McHUGH, in order to control transmission of transaction data and improve security by selectively preventing transmission of certain data to an issuer, which represents a predictable use of known data control techniques. As per claim 7, the combination of Ho and McHUGH teach the method of claim 1, Ho does not explicitly disclose the following limitation, however, Bogaard teaches: wherein the first information comprises a zero-amount authorization in addition to the authentication flag (Bogaard column 43 lines 13-26 and Fig. 14 at 1914). It would have been obvious to a person of ordinary skill in the art to include a zero-amount authorization in addition to an authentication flag, as taught by Bogaard, into the system of Ho and McHUGH, in order to enable validation or authentication without initiating a financial transaction, which improves system flexibility and is a known practice in payment systems. Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Ho in view of McHUGH and in further view of Ayokunle Omojola et al. (CA 3037671 A1). As per claim 12, the combination of Ho and McHUGH teach the method of claim 11, It can be argued the combination of Ho and McHUGH do not explicitly teach the following limitations, however, Omajola teaches further comprising: responsive to receiving the identity information from the card network authenticating the user, generating, at the mobile device, a third graphical user interface showing that the user is authenticated (Omajola Fig. 12E and ¶¶ [116-117]); and displaying the third graphical user interface on the display of the mobile device (Omajola Fig. 12E and ¶¶ [116-117]). It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the combination of Ho and McHUGH with the sensor enable activation of payment instruments of Omajola, in order to add and remove validation steps based on user profile (See Omajola ¶ [21]). As per claim 13, the combination of Ho and McHUGH teach the method of claim 10, It can be argued the combination of Ho and McHUGH do not explicitly teach the following limitation, however, Omajola teaches wherein: the first data is generated by an EMV applet on the smart card (see Omajola ¶¶ [40, 51, 58 & 63]). The motivation to combine the references is the same as seen above in claim 12. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TONY P KANAAN whose telephone number is (571)272-2481. The examiner can normally be reached Monday- Friday 7:30am - 3:30 pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Matthew Gart can be reached at 5712723955. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /T.P.K./Examiner, Art Unit 3696 /MATTHEW S GART/Supervisory Patent Examiner, Art Unit 3696