DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
This action is in reply to the amendment filed 04/22/2026.
Claims 1-3, 11-15, and 17-19 have been amended. Claims 1-20 are pending and have been examined on the merits (claims 1, 13, and 17 being independent).
The amendment filed 04/22/2026 to the claims has been entered.
Response to Arguments
Applicant’s arguments and amendments filed 04/22/2026 have been fully considered.
Applicants assert that the pending claims fully comply with the requirement of 35 U.S.C. 101. Examiner respectfully disagrees. Applicant’s argument and amendments have been considered and are not persuasive. The rejections under 35 U.S.C. 101 have been maintained and clarified in view of the USPTO MPEP 2106.
Applicant’s arguments (see Applicant’s remarks, pages 11-13)
Step 2A Prong One
(1) Applicant’s arguments that “Applicant submits that the claims are not directed to any type of fundamental economic practice or commercial interaction. Rather, the claims are directed to solving a technical problem in computer security systems-namely, how to dynamically determine an appropriate level of authentication for electronic transactions based on certain technical parameters.” (see page 11), are not found persuasive.
Response (1): Under Step 2 A, Prong 1 of the 2019 Revised § 101 Guidance, it is determined whether the claims are directed to a judicial exception such as a law of nature, a natural phenomenon, or an abstract idea (See Alice, 134 S. Ct. at 2355) by identify the specific limitation(s) in the claim that recites abstract idea(s); and then determine whether the identified limitation(s) falls within at least one of the groupings of abstract ideas enumerated in the MPEP 2106.04. The cited limitations as drafted are systems and methods that, under their broadest reasonable interpretation, covers performance of a method of organizing human activity, but for the recitation of the generic computer components. Further, none of the limitations recite technological implementations details for any of the steps but, instead, only recite broad functional language being performed by the generic use of at least one processor. Authenticating one or more parties for a transaction between a seller and a buyer in order to manage a risk is a fundamental economic practice long prevalent in commerce systems. If a claim limitation, under its broadest reasonable interpretation, covers a fundamental economic principle or practice but for the general linking to a technological environment, then it falls within the organizing human activity grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
Step 2A, Prong Two
(2) Applicant’s arguments that “However, even if the claims were interpreted as reciting an abstract idea, the claims integrate any such exception into a practical application.” (see page 11), are not found persuasive.
Response (2): Next, it is determined whether the claim is directed to the abstract concept itself or whether it is instead directed to some technological implementation or application of, or improvement to, this concept, i.e., integrated into a practical application. See, e.g., Alice, 573 U.S. at 223, discussing Diamond v. Diehr, 450 U.S. 175 (1981 ). The mere introduction of a computer or generic computer technology into the claims need not alter the analysis. See Alice, 573 U.S. at 223-24. "[T]he relevant question is whether the claims here do more than simply instruct the practitioner to implement the abstract idea on a generic computer." Alice, 573 U.S. at 225.
In the present case, the judicial exception is not integrated into a practical application. The claim limitations are not indicative of integration into a practical application by claiming an improvement to the functioning of the computer or to any other technology or technical field. Further, the claim limitations are not indicative of integration into a practical application by applying or using the judicial exception in some other meaningful way. In particular the claim limits of a first seller device, a network interface, and one or more processor are claimed and described at a high level of generality and are functions any general purpose computer performs such that it amount no more than mere instruction to apply the exception to a particular technological environment. Further, none of the limitations recite technological implementations details for any of the steps but, instead, only recite broad functional language being performed by the generic use of at least one processor. The claim limits also recite the use of processors, seller device, network interface, via a communication network, client application, a buyer device, user interface as additional elements. However, the use of these additionally elements, described at a high level of generality, perform generic computer functions such that it amounts to no more than mere instruction to apply the exception to a particular technological environment. Accordingly, these additional elements do not integrate the abstract idea into a practical application because it does not impose any meaning limits on practicing the abstract idea. Thus, the claim is directed toward an abstract idea.
Step 2B
(3) Applicant’s arguments that “Moreover, Applicant submits that the claims recite significantly more than any purported abstract idea because the claims recite features that cannot be considered well-understood, routine, or conventional.” (see page 11), are not found persuasive.
Response (3): The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration into a practical application, the additional elements amount to no more than mere instructions to apply the exactly using generic computer component. The claim elements when considered separately and in an ordered combination, do not add significantly more than implementing the abstract idea.
With regard to the rejections of claims 1-20 under 35 U.S.C. 103, Applicant’s arguments and amendments have been considered but are not persuasive and Examiner respectfully disagrees. Examiner notes that Applicant is arguing newly amended claim language. As noted in the citation above the prior art and it is addressed by the rejections under 35 USC 103. (Notes: Clarifying citations with regard the White in view of Gordon have been made to the 35 USC § 103 rejection above.)
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA the inventor(s), at the time the application was filed, had possession of the claimed invention.
As the amended claim in independent claims 1, 13, and 17, “based on a distance between the first seller device location and an expected location for transactions performed using an account associated with the account identifier”, the subject matter is not properly described in the application as filed, and provide an explanation of your position. The recited amendment as highlighted above is not clear as to how to determine a level of authentication required based on a distance between a seller device and an expected location for transactions performed using an account associated with the account identifier because the claimed limitations are not described in the application with sufficient detail such that one skilled in the art can reasonably conclude that the inventor had possession of the claimed invention at the time of filing.
Dependent claims (2-12, 14-16, and 18-20) stand rejected also, under 35 U.S.C. 112(a) by virtue of their dependency on a rejected claim.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter without significantly more.
When considering subject matter eligibility under 35 U.S.C. 101, (1) it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. If the claim does fall within one of the statutory categories, (2a) it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so (2b), it must additionally be determined whether the claim is a patent-eligible application of the exception. If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself. Examples of abstract ideas include fundamental economic practices; certain methods of organizing human activities; an idea itself; and mathematical relationships/formulas. Alice Corporation Pty. Ltd. v. CLS Bank International, et al., 573 U.S. (2014).
The claimed invention is directed to a judicial exception (i.e. a law of nature, a natural phenomenon, or an abstract idea) without significantly more. In the instant case, the claim(s) as a whole, considering all claim elements both individually and in combination, do not amount to significantly more than an abstract idea.
Step (1): In the instant case, the claims are directed towards to a method for authenticating one or more parties for transactions between sellers and buyers which contains the steps of receiving, determining, transmitting, receiving, and transmitting. The claim recites a series of steps and, therefore, is a process. The claims do fall within at least one of the four categories of patent eligible subject matter because claim 1 is direct to a non-transitory computer-readable medium, and claims 13 and 17 are direct to a computer-implemented method, i.e. machines programmed to carrying out process steps, Step 1-yes.
Step (2A) Prong 1: A method for authenticating one or more parties for transactions between sellers and buyers is akin to the abstract idea subject matter grouping of: Certain Methods of Organizing Human Activity as fundamental economic principles or practices and/or commercial or legal interactions. As such, the claims include an abstract idea.
The specific limitations of the invention are (a) identified to encompass the abstract idea include: { receiving, ……., a first authentication request to authenticate a buyer for a first transaction, the first authentication request comprising ….., a first transaction value, and an account identifier; based on a comparison of the first transaction value to a transaction threshold, and based on a distance between ….. location and an expected location for transactions performed using an account associated with the account identifier, determining a level of authentication required for the first transaction; in response to determining that the level of authentication required for the first transaction is a lower level of authentication: transmitting, ….. the buyer, ……, a first request for a first set of one or more user inputs via ….., the first set of one or more user inputs comprising at least one of an alphanumeric entry or a biometric user input; receiving, from ….. responsive to the first request, ……, a first response based on a first user input provided to …..; and in response to authenticating the first response from ….., transmitting, to ….., a first authentication message indicating the buyer is authenticated for the first transaction; in response to determining that the level of authentication required for the first transaction is a higher level of authentication: transmitting, to ….., a second request for a second set of user inputs ….., wherein the second set of user inputs comprises at least the biometric user input, each of ….. accepting one of the alphanumeric entry or the biometric user input; receiving, from ….. responsive to the second request, ……, a second response based on the second set of user inputs provided to …..; and in response to authenticating the second response from ….., transmitting, to ….., a second authentication message indicating the buyer is authenticated for the first transaction.}
As stated above, this abstract idea falls into the (b) subject matter grouping of: Certain Methods of Organizing Human Activity as fundamental economic principles or practices and/or commercial or legal interactions as authenticating one or more parties for transactions between sellers and buyers in order to manage a risk.
Step (2A) Prong 2: The instant claims do not integrate the exception into a practical application because additional elements: 1) “first seller device” and “using a network interface in communication with the one or more processors, via a communication network” amount to simply applying the abstract idea to a computer component and/or computer network. (e.g. “apply it”) 2) “client application at a buyer device” and “using the network interface, via the communication network” describe transmitting generic instructions to a generic device, and therefore also amount to simply applying the abstract idea to a generic computer/network, and client combination, or generically over the internet. (e.g. “apply it” or the equivalent) 3) “user interfaces”, again describes a generically interactive element, which amounts to simply applying the abstract idea of inputting or filtering on a computer. (e.g. on a web browser) do not apply, rely on, or use the judicial exception in a manner that that imposes a meaningful limitation on the judicial exception (i.e. generally linking the use of the judicial exception to a particular technological environment or field of use - see MPEP 2106.05(h) or apply it with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea - see MPEP 2106.05(f)).
The instant recited claims including additional elements (i.e., processors, seller device, network interface, via a communication network, client application at a buyer device, user interface) do not improve the functioning of the computer or improve another technology or technical field nor do they recite meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment. The limitations merely use a generic computing technology (Specification paragraphs [0004] and [0020]: authentication server, memory, processor, first party device, second party device, entity computing system, user computing device, cloud network, Internet, cellular network near field communication (NFC), etc.) as generally linking the use of the judicial exception to a particular technological environment or field of use - see MPEP 2106.05(h) or apply it with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea - see MPEP 2106.05(f)). Therefore, the claims are directed to an abstract idea
Step (2B): The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements (Claims: e.g., processors, seller device, network interface, via a communication network, client application at a buyer device, user interface) amount to no more than mere instructions to apply the exactly using generic computer/component. The claim elements when considered separately and in an ordered combination, do not add significantly more than implementing the abstract idea.
The computer is merely a platform on which the abstract idea is implemented. Simply executing an abstract concept on a computer does not render a computer “specialized,” nor does it transform a patent-ineligible claim into a patent-eligible one. See Bancorp Servs., LLC v. Sun Life Assurance Co. of Can., 687 F.3d 1266, 1280 (Fed. Cir. 2012). There are no improvements to another technology or technical field, no improvements to the functioning of the computer itself, transformation or reduction of a particular article to a different state or thing or any other meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment as a result of performing the claimed method. Also, the addition of merely novel or non-routine components to the claimed idea does not necessarily turn an abstraction into something concrete (See Ultramercial, Inc. v. Hulu, LLC, _ F.3d_, 2014 WL 5904902, (Fed. Cir. Nov. 14, 2014). Hence, the claims do not recite significantly more than an abstract idea. In conclusion, merely “linking/applying” the exception using generic computer components does not constitute ‘significantly more’ than the abstract idea. (MPEP 2106.05 (f)(h)). Therefore, the claims are not patent eligible under 35 USC 101.
Dependent claims 2-12, 14-16, and 18-20 when analyzed as a whole and in an ordered combination are held to be patent ineligible under 35 U.S.C. 101 because the additional recited limitation(s) fail(s) to establish that the claim(s) is/are not directed to an abstract idea, as detailed below. The additional recited limitations in the dependent claims only refine the abstract idea.
For instance, in claims 2 and 14, the step of “… receiving, ….. a second authentication request to authenticate the buyer for a second transaction, the second authentication request comprising a second transaction location and a second transaction value; and determining that the higher level of authentication is required for the second transaction….” (i.e., receiving a request and determining a level of authentication), in claim 3, the step of “… comparing the alphanumeric entry and the biometric user input with information stored in an account of the buyer to verify….” (i.e., verifying data), in claim 4, the step of “… perform operations comprising requesting, as the biometric user input, a picture taken ...” (i.e., comparing data), in claim 5, the step of “… perform operations comprising requesting fingerprint data...” (i.e., requesting an input), in claim 6, the step of “… perform operations comprising requesting facial recognition data...” (i.e., requesting an input), in claim 7, the step of “… perform operations comprising requesting a voice sample...” (i.e., requesting an input), in claim 8, the step of “… perform operations comprising requesting, as the alphanumeric entry, a password ...” (i.e., requesting an input), in claim 9, the step of “… perform operations comprising requesting, as the alphanumeric entry, personal information ...” (i.e., requesting an input), in claim 10, the step of “… perform operations comprising requesting a second alphanumeric entry as part of the second set of user inputs, ...” (i.e., requesting an input), in claim 11, the step of “… perform operations comprising authenticating the alphanumeric entry and the biometric user input by determining that the alphanumeric entry and the biometric user input match ...” (i.e., verifying data), in claim 12, the step of “… wherein the first authentication request identifies a good or service of the first transaction, wherein the second set of user inputs includes a verification of the good or service of the first transaction,...” (i.e., requesting an authentication), in claim 15, the step of “… determining, …, the transaction threshold based on an analysis of prior transactions...” (i.e., determining the threshold), in claim 16, the step of “… wherein the biometric user input requested in the second request is a picture taken...” (i.e., requesting an input), in claim 18, the step of “… wherein determining that the lower level of authentication is required for the first transaction comprises determining that the first transaction value is below the transaction threshold, ...” (i.e., determining a level of authentication), in claim 19, the step of “… wherein the transaction threshold is based on analysis of prior transactions...” (i.e., determining a threshold), and in claim 20, the step of “… wherein the second threshold is based on analysis of prior transactions...” (i.e., determining a threshold) are all processes that, under its broadest reasonable interpretation, covers performance of a fundamental economic practice but for the recitation of a generic computer component. Performing an authentication based on a level of authentication required for a transaction between a seller and a buyer in order to manage a risk is a most fundamental commercial process.
This is an abstract concept with nothing more and is also considered mere instructions to apply an exception akin to a commonplace business method or mathematical algorithm being applied on a general purpose computer, Alice Corp. Pty. Ltd.; Gottschalk and Versata Dev. Group, Inc.; see MPEP 2106.05(f)(2).
In dependent claims 2-12, 14-16, and 18-20, the step claimed are rejected under the same analysis and rationale as the independent claims 1, 13, and 17 above. Merely claiming the same process to perform an authentication based on a level of authentication required for a transaction between a seller and a buyer in order to manage a risk does not change the abstract idea without an inventive concept or significantly more. Clearly, the additional recited limitations in the dependent claims only refine the abstract idea further. Further refinement of an abstract idea does not convert an abstract idea into something concrete.
Therefore, claims 1-20 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
In the rejections below, where claims are currently amended, this is indicated by underlining.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over White et al. (hereinafter White), US Publication Number 2011/0035788 A1 in view of Rose Gregory Gordon et al. (hereinafter Gordon), KR 2012-0014224 A.
Regarding claim 1:
White discloses the following:
A non-transitory computer-readable medium having computer-executable instructions encoded thereon which, when executed by one or more processors, cause the one or more processors to perform operations comprising: (see White, [0057] discloses “The merchant server system 12, the SPC system 16, the BAC system 18, the communications device 20, and the workstation 14 each include a processor (not shown) and a memory (not shown). It should be understood that, as used herein, the term processor is not limited to just those integrated circuits referred to in the art as a processor, but broadly refers to a computer, an application specific integrated circuit, and any other programmable circuit. It should be understood that the processors execute instructions, or computer programs, stored in the memories (not shown) of the merchant server system 12, the SPC system 16, the BAC system 18 the communications device 20 and the workstation 14, respectively.”)
based on a comparison of the first transaction value to a transaction threshold, and based on a distance between the first seller device location and an expected location for transactions performed using an account associated with the account identifier, determining a level of authentication required for the first transaction; (see White, [0080] discloses “The SPC system 16 compares the levels of risk 64 associated with each of the involved electronic payment transaction risk factors 68 and determines which risk factor 68 has the greatest level of risk 64. For example, when an electronic payment transaction for less than $100 is conducted with an untrustworthy merchant, the level of risk 64 associated with each of the involved electronic payment transaction risks 68 is determined as low and highest, respectively, by the SPC system 16.”, [0086] discloses “when a user is located less than or equal to a distance of ten miles from a home address and attempts to conduct a transaction accessing the account balances data 62, the level of risk adjustment 78 requires decreasing the level of risk 64 by one level of risk, that is, from low to lowest. However, if a user is located greater than a distance of ten miles from the home address and attempts to conduct the transaction accessing the account balances data 62, the level of risk adjustment 78 requires increasing the level of risk 64 by one level of risk, that is, from low to high.”, and [0130] discloses “the merchant system 12 generates and transmits a credit card authentication request to the SPC system 16 over the first communications channel. The credit card authentication request includes at least the credit card number. In response to the credit card authentication request transmission”, and see also [0077])
in response to determining that the level of authentication required for the first transaction is a lower level of authentication: (see White, [0083] discloses “For example, a transaction 62 having a low level of risk 64 requires biometric data of a single biometric type such as voice biometric data.”)
transmitting, to a client application at a buyer device of the buyer, using the network interface, via the communication network, a first request for a first set of one or more user inputs via a first user interface, the first set of one or more user inputs comprising at least one of an alphanumeric entry or a biometric user input; (see White, [0045] discloses “The BAC system 18 is operable to generate and transmit authentication data capture requests to at least the communications device 20.”, [0053] discloses “the communications device 20 is a portable cellular phone operable to at least display messages and images, obtain authentication data from a user”, and [0104] discloses “transmitting the biometric authentication data capture request to the communications device 20, the biometric authentication data capture request is considered to be transmitted to the authorized user associated with the inputted unique user identifier”)
receiving, from the buyer device responsive to the first request, using the network interface, via the communication network, a first response based on a first user input provided to the first user interface of the client application; and (see White, [0053] discloses “the communications device 20 is a portable cellular phone operable to at least display messages and images, obtain authentication data from a user” and [0105] discloses “processing continues by transmitting the obtained biometric data from the communications device 20 to the BAC system 18 over the second communications channel”)
in response to authenticating the first response from the buyer device, transmitting, to the first seller device, using the network interface, via the communication network, a first authentication message indicating the buyer is authenticated for the first transaction; or (see White, [0136] discloses “After determining that the user is permitted to conduct 86 the desired electronic payment transaction 62, the SPC system 16 transmits an authentication confirmation message to the merchant system 12 over the first communications channel indicating that the workstation user has been successfully authenticated.”)
in response to determining that the level of authentication required for the first transaction is a higher level of authentication: (see White, [0083] discloses “A transaction 62 having a high level of risk 64 requires biometric data of a plurality of different biometric types such as face and iris biometric data.”)
transmitting, to the client application at the buyer device, using the network interface, via the communication network, a second request for a second set of user inputs via a plurality of user interfaces, wherein the second set of user inputs comprises at least the biometric user input, each of the plurality of user interfaces accepting one of the alphanumeric entry or the biometric user input; (see White, [0118] discloses “Upon invoking the capture level security application 138, a message appears on the display of the communications device 20 that prompts the user to input the authentication capture level 140 into the communications device 20…. In response to inputting the capture level of 3, the capture level security application causes the communications device 20 to display the biometric authentication data 72 to be obtained. Specifically, the communications device 20 displays a message indicating that the user is to obtain face and iris biometric data.”)
receiving, from the buyer device responsive to the second request, using the network interface, via the communication network, a second response based on the second set of user inputs provided to the plurality of user interfaces; and (see White, [0118] discloses “Upon invoking the capture level security application 138, a message appears on the display of the communications device 20 that prompts the user to input the authentication capture level 140 into the communications device 20…. The user then obtains 140 the biometric data in accordance with the biometric authentication data requirement 72 using the communications device 20”)
in response to authenticating the second response from the buyer device, transmitting, to the first seller device, using the network interface, via the communication network, a second authentication message indicating the buyer is authenticated for the first transaction. (see White, [0143] discloses “Specifically, after positively validating the identity 114 of the workstation user, instead of generating and transmitting the OTPP 118, in other embodiments the BAC system 18 may transmit a successful validation result message directly to the SPC system 16 indicating that the workstation user has been successfully validated. In response, the SPC system 16 may transmit a message to the merchant system 12 over the first communications channel indicating that the workstation user has been successfully validated. After receiving the message from the SPC system 16, the merchant system 12 accepts the inputted credit card number and completes the electronic payment transaction 86.”)
White does not explicitly disclose the following, however Gordon further teaches:
receiving, from a first seller device, using a network interface in communication with the one or more processors, via a communication network, a first authentication request to authenticate a buyer for a first transaction, the first authentication request comprising a first seller device location, a first transaction value, and an account identifier; (see Gordon, page 9, lines 28-32: discloses “For example, to provide payer information and / or account information, the access terminal 302 may be configured to store information associated with one or more payers 312. For example, if the payer 312 includes a financial card, such as a credit or debit card, the access terminal 302 may not only have a primary account number associated with the card, an expiration date of the card, and / or a name for the card. It may be configured to obtain and store payer information, such as other information. Thus, the authentication and authorization system 300 may allow a customer to include a transaction without physically carrying the payer 312” and page 12, line 1-12: discloses “The POS device then generates a payment request message and sends it over the network to a payment matching server to authenticate and/or authorize the payment transaction, which payment amount and one or more location parameters (e.g., seller name, seller). Identifier, merchant location, approximate geographic location and / or POS device location) (610). The payment request may also include other parameters such as transaction date, transaction time, transaction identifier, and the like.”)
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known of White to include authenticating and/or authorizing the payment transaction that includes payment amount and one or more location parameters (e.g., seller name, seller), as taught by Gordon, in order to provide a more secure transaction. (see Gordon, page 2)
Regarding claim 2:
White discloses the following:
The non-transitory computer-readable medium of The non-transitory computer-readable medium of wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform further operations comprising:
determining that the higher level of authentication is required for the second transaction based on the second transaction location and a comparison of the second transaction value to the transaction threshold. (see White, [0083] discloses “A transaction 62 having a high level of risk 64 requires biometric data of a plurality of different biometric types such as face and iris biometric data.”, and see also [0077] and [0086])
White does not explicitly disclose the following, however Gordon further teaches:
receiving, from a second seller device of a second seller, using the network interface, via the communication network, a second authentication request to authenticate the buyer for a second transaction, the second authentication request comprising a second transaction location and a second transaction value; and (see Gordon, page 12, line 1-12: discloses “The POS device then generates a payment request message and sends it over the network to a payment matching server to authenticate and/or authorize the payment transaction, which payment amount and one or more location parameters (e.g., seller name, seller). Identifier, merchant location, approximate geographic location and / or POS device location) (610). The payment request may also include other parameters such as transaction date, transaction time, transaction identifier, and the like.”, and also see page 5, lines 8-11: “Merchants, sellers, and VISAs acting as a bridge between financial institutions and issuers to authorize purchases and make payments [Image Omitted] And MasterCard [Image Omitted] Credit card associations, and users of access terminals (e.g., mobile radios) all want to conduct and close purchases and sales quickly and quickly. At least one concern is security, including proper authorization and authentication and allowance to give sellers and customers the confidence that fraudulent transactions will not occur.”, and Examiner notes: page 5, lines 8-11: teaches “a second seller device of the second seller” and “the second authentication request” as cited multiple merchants, sellers, and users)
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known of White to include authenticating and/or authorizing the payment transaction that includes payment amount and one or more location parameters (e.g., seller name, seller), as taught by Gordon, in order to provide a more secure transaction. (see Gordon, page 2)
Regarding claim 3:
White discloses the following:
The non-transitory computer-readable medium of The non-transitory computer-readable medium of wherein the second response comprises the alphanumeric entry and the biometric user input, and wherein authenticating the alphanumeric entry and the biometric user input comprises comparing the alphanumeric entry and the biometric user input with information stored in an account of the buyer to verify that the alphanumeric entry and the biometric user input are associated with the buyer. (see White, [0158] discloses “It should be appreciated that biometrically authenticating identities facilitates increasing the level of trust that a user attempting to conduct a network-based transaction is an authorized user. Moreover, it should be appreciated that providing an OTPP contingent on successfully biometrically authenticating the user enhances the level of trust in an authentication result. Furthermore, it should be understood that by virtue of using an out-of-band communications device, separate and distinct from the workstation 14, for capturing and transmitting biometric data and for receiving and transmitting the OTPP, an additional level of security is provided which also facilitates increasing the trust in an authentication result that indicates a user is an authorized user. By implementing a higher authentication standard, it is more difficult for an unauthorized user to be authenticated as an authorized user.”)
Regarding claim 4:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting, as the biometric user input, a picture taken by a camera. (see White, [0118] discloses “Upon invoking the capture level security application 138, a message appears on the display of the communications device 20 that prompts the user to input the authentication capture level 140 into the communications device 20…. In response to inputting the capture level of 3, the capture level security application causes the communications device 20 to display the biometric authentication data 72 to be obtained. Specifically, the communications device 20 displays a message indicating that the user is to obtain face and iris biometric data.”, and see also [0052] “a camera (not shown)”)
Regarding claim 5:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting fingerprint data as the biometric user input. (see White, [0084] discloses “For example, the biometric authentication data requirement 72 for a high level risk 64 may be reconfigured such that the appropriate biometric authentication data requirement 72 stipulates authenticating the user with face, iris and fingerprint biometric data, instead of face and iris biometric data.”)
Regarding claim 6:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting facial recognition data as the biometric user input. (see White, [0084] discloses “For example, the biometric authentication data requirement 72 for a high level risk 64 may be reconfigured such that the appropriate biometric authentication data requirement 72 stipulates authenticating the user with face, iris and fingerprint biometric data, instead of face and iris biometric data.”)
Regarding claim 7:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting a voice sample as the biometric user input. (see White, [0083] discloses “For example, a transaction 62 having a low level of risk 64 requires biometric data of a single biometric type such as voice biometric data.”)
Regarding claim 8:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting, as the alphanumeric entry, a password or a personal identification number (PIN). (see White, [0087] discloses “It should be appreciated that due to security concerns associated with passwords used to access web pages over networks such as the Internet”)
Regarding claim 9:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting, as the alphanumeric entry, personal information of the buyer. (see White, [0087] discloses “entering a use name and a password when remotely accessing a web page”)
Regarding claim 10:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting a second alphanumeric entry as part of the second set of user inputs, wherein the second alphanumeric entry is selected from a group consisting of a password, a secret code, and a PIN. (see White, [0111] discloses “After transmitting the OTPP 118 to the communications device 20, the communications device 20 displays the OTPP transmission such that the user is able to obtain 120 the received OTPP by reading the communications device 20 display, and manually enter 120 the OTPP into a pass-phrase text input box at the workstation 14. Next, the workstation 14 transmits 122 the OTPP to the SPC system 16, and the SPC system 16 in tum transmits 122 the OTPP to the BAC system 18 for validation 124.”)
Regarding claim 11:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising authenticating the alphanumeric entry and the biometric user input by determining that the alphanumericentry and the biometric user input match verified user inputs. (see White, [0158] discloses “It should be appreciated that biometrically authenticating identities facilitates increasing the level of trust that a user attempting to conduct a network-based transaction is an authorized user. Moreover, it should be appreciated that providing an OTPP contingent on successfully biometrically authenticating the user enhances the level of trust in an authentication result. Furthermore, it should be understood that by virtue of using an out-of-band communications device, separate and distinct from the workstation 14, for capturing and transmitting biometric data and for receiving and transmitting the OTPP, an additional level of security is provided which also facilitates increasing the trust in an authentication result that indicates a user is an authorized user. By implementing a higher authentication standard, it is more difficult for an unauthorized user to be authenticated as an authorized user.”)
Regarding claim 12:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the first authentication request identifies a good or service of the first transaction, wherein the second set of user inputs includes a verification of the good or service of the first transaction, and wherein the verification of the good or service of the first transaction is received as part of the second response. (see White, [0128] discloses “For AC system 10, the process starts 144 when a user at the workstation 14 navigates over a network to a web site operated by the merchant system 12 and identifies at least one item to purchase 146 from the merchant. In response, the merchant system 12 prompts the user to select an electronic payment transaction method from a menu of electronic payment transaction methods to complete an electronic payment transaction, and the user selects an electronic payment method.”)
Regarding claim 15:
White discloses the following:
The method of claim 13, further comprising determining, by the one or more processors, the transaction threshold based on an analysis of prior transactions of the buyer. (see White, [0077] discloses “For example, the value of a purchase may be divided into subcategories according to the amount of a purchase, such as $0-100, $100-500, and greater than $500. Each subcategory is assigned a corresponding level of risk 64. Consequently, an electronic payment transaction worth less than $100 may be associated with a low level of risk 64, an electronic payment transaction worth between $100 and $500 may be associated with a high level of risk 64, and an electronic payment transaction worth greater than $500 may be associated with a highest level of risk 64.”)
Regarding claim 16:
White discloses the following:
The method of claim 13, wherein the biometric user input requested in the second request is a picture taken by a camera. (see White, [0118] discloses “Upon invoking the capture level security application 138, a message appears on the display of the communications device 20 that prompts the user to input the authentication capture level 140 into the communications device 20…. In response to inputting the capture level of 3, the capture level security application causes the communications device 20 to display the biometric authentication data 72 to be obtained. Specifically, the communications device 20 displays a message indicating that the user is to obtain face and iris biometric data.”, and see also [0052] “a camera (not shown)”)
Regarding claim 17:
White discloses the following:
A computer-implemented method for authenticating, via an authentication server comprising one or more processors, electronic transactions involving seller devices of sellers and buyer devices of buyers, the method comprising: (see White, [0057] discloses “The merchant server system 12, the SPC system 16, the BAC system 18, the communications device 20, and the workstation 14 each include a processor (not shown) and a memory (not shown). It should be understood that, as used herein, the term processor is not limited to just those integrated circuits referred to in the art as a processor, but broadly refers to a computer, an application specific integrated circuit, and any other programmable circuit. It should be understood that the processors execute instructions, or computer programs, stored in the memories (not shown) of the merchant server system 12, the SPC system 16, the BAC system 18 the communications device 20 and the workstation 14, respectively.”)
based on a comparison of the first transaction value to a transaction threshold, and based on a distance between the seller device location and an expected location for transactions performed using an account associated with the account identifier, determining a level of authentication required for the first transaction; (see White, [0080] discloses “The SPC system 16 compares the levels of risk 64 associated with each of the involved electronic payment transaction risk factors 68 and determines which risk factor 68 has the greatest level of risk 64. For example, when an electronic payment transaction for less than $100 is conducted with an untrustworthy merchant, the level of risk 64 associated with each of the involved electronic payment transaction risks 68 is determined as low and highest, respectively, by the SPC system 16.”, [0086] discloses “when a user is located less than or equal to a distance of ten miles from a home address and attempts to conduct a transaction accessing the account balances data 62, the level of risk adjustment 78 requires decreasing the level of risk 64 by one level of risk, that is, from low to lowest. However, if a user is located greater than a distance of ten miles from the home address and attempts to conduct the transaction accessing the account balances data 62, the level of risk adjustment 78 requires increasing the level of risk 64 by one level of risk, that is, from low to high.”, and [0130] discloses “the merchant system 12 generates and transmits a credit card authentication request to the SPC system 16 over the first communications channel. The credit card authentication request includes at least the credit card number. In response to the credit card authentication request transmission”, and see also [0077])
in response to determining that the level of authentication indicates a lower level of authentication is required for the first transaction: (see White, [0083] discloses “For example, a transaction 62 having a low level of risk 64 requires biometric data of a single biometric type such as voice biometric data.”)
in response to verifying the alphanumeric user input is associated with the first buyer, transmitting, to the seller device, by the network interface, a first authentication message indicating the first buyer is authenticated for the first transaction; and (see White, [0118] discloses “Upon invoking the capture level security application 138, a message appears on the display of the communications device 20 that prompts the user to input the authentication capture level 140 into the communications device 20…. In response to inputting the capture level of 3, the capture level security application causes the communications device 20 to display the biometric authentication data 72 to be obtained. Specifically, the communications device 20 displays a message indicating that the user is to obtain face and iris biometric data.”)
in response to determining that the level of authentication indicates a higher level of authentication is required for the second transaction: (see White, [0083] discloses “A transaction 62 having a high level of risk 64 requires biometric data of a plurality of different biometric types such as face and iris biometric data.”, and see also [0077])
transmitting, to a second buyer device of the second buyer, by the network interface, a second request for a second set of user inputs via a plurality of user interfaces, the second set of user inputs comprising at least a biometric user input and a second alphanumeric entry; (see White, [0158] discloses “It should be appreciated that biometrically authenticating identities facilitates increasing the level of trust that a user attempting to conduct a network-based transaction is an authorized user. Moreover, it should be appreciated that providing an OTPP contingent on successfully biometrically authenticating the user enhances the level of trust in an authentication result. Furthermore, it should be understood that by virtue of using an out-of-band communications device, separate and distinct from the workstation 14, for capturing and transmitting biometric data and for receiving and transmitting the OTPP, an additional level of security is provided which also facilitates increasing the trust in an authentication result that indicates a user is an authorized user. By implementing a higher authentication standard, it is more difficult for an unauthorized user to be authenticated as an authorized user.”)
receiving, from the second buyer device responsive to the second request, by the network interface, the second alphanumeric entry, the biometric user input; and (see White, [0158] discloses “Furthermore, it should be understood that by virtue of using an out-of-band communications device, separate and distinct from the workstation 14, for capturing and transmitting biometric data and for receiving and transmitting the OTPP, an additional level of security is provided which also facilitates increasing the trust in an authentication result that indicates a user is an authorized user.”)
in response to verifying the biometric user input and the second alphanumeric entry, transmitting, to the seller device, by the network interface, a second authentication message indicating the second buyer is authenticated for the second transaction. (see White, [0158] discloses “for capturing and transmitting biometric data and for receiving and transmitting the OTPP, an additional level of security is provided which also facilitates increasing the trust in an authentication result that indicates a user is an authorized user.”)
White does not explicitly disclose the following, however Gordon further teaches:
receiving, by a network interface, from a seller device of a seller, a first authentication request to authenticate a first buyer for a first transaction, the first authentication request comprising a seller device location, a first transaction value, and an account identifier; (see Gordon, page 9, lines 28-32: discloses “For example, to provide payer information and / or account information, the access terminal 302 may be configured to store information associated with one or more payers 312. For example, if the payer 312 includes a financial card, such as a credit or debit card, the access terminal 302 may not only have a primary account number associated with the card, an expiration date of the card, and / or a name for the card. It may be configured to obtain and store payer information, such as other information. Thus, the authentication and authorization system 300 may allow a customer to include a transaction without physically carrying the payer 312” and page 12, line 1-12: discloses “The POS device then generates a payment request message and sends it over the network to a payment matching server to authenticate and/or authorize the payment transaction, which payment amount and one or more location parameters (e.g., seller name, seller). Identifier, merchant location, approximate geographic location and / or POS device location) (610). The payment request may also include other parameters such as transaction date, transaction time, transaction identifier, and the like.”)
transmitting, to a first buyer device of the first buyer, by the network interface, a first request for a first set of one or more user inputs via a first user interface, the first set of one or more user inputs comprising at least an alphanumeric entry; (see Gordon, page 10, line 1-3: discloses “Thus, for example, in order to further improve the reliability of authentication and authorization data provided by the mobile commerce authentication and authorization system of this document, a personal identification number (e.g. The user may be asked to enter "PIN.”))
receiving, from the first buyer device responsive to the first request, by the network interface, an alphanumeric user input provided to the first user interface; (see Gordon, page 10, line 1-3: discloses “authorization data provided by the mobile commerce authentication and authorization system of this document, a personal identification number (e.g. The user may be asked to enter "PIN.”)
receiving, from the seller device of the seller, by the network interface, a second authentication request to authenticate a second buyer for a second transaction, the second authentication request comprising a second transaction location and a second transaction value; or (see Gordon, page 12, line 1-12: discloses “The POS device then generates a payment request message and sends it over the network to a payment matching server to authenticate and/or authorize the payment transaction, which payment amount and one or more location parameters (e.g., seller name, seller). Identifier, merchant location, approximate geographic location and / or POS device location) (610). The payment request may also include other parameters such as transaction date, transaction time, transaction identifier, and the like.”, and also see page 5, lines 8-11: “Merchants, sellers, and VISAs acting as a bridge between financial institutions and issuers to authorize purchases and make payments [Image Omitted] And MasterCard [Image Omitted] Credit card associations, and users of access terminals (e.g., mobile radios) all want to conduct and close purchases and sales quickly and quickly. At least one concern is security, including proper authorization and authentication and allowance to give sellers and customers the confidence that fraudulent transactions will not occur.”, and Examiner notes: page 5, lines 8-11: teaches “second transaction location” and “second transaction value” as cited multiple merchants, sellers, and users).”)
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known of White to include authenticating and/or authorizing the payment transaction that includes payment amount and one or more location parameters (e.g., seller name, seller), as taught by Gordon, in order to provide a more secure transaction. (see Gordon, page 2)
Regarding claim 18:
White discloses the following:
The method of The method of wherein determining that the lower level of authentication is required for the first transaction comprises determining that the first transaction value is below the transaction threshold, and (see White, [0083] discloses “For example, a transaction 62 having a low level of risk 64 requires biometric data of a single biometric type such as voice biometric data.”, and also see [0077])
Regarding claim 19:
White discloses the following:
The method of claim 18, wherein the transaction threshold is based on analysis of prior transactions of the first buyer. (see White, [0077] discloses “For example, the value of a purchase may be divided into subcategories according to the amount of a purchase, such as $0-100, $100-500, and greater than $500. Each subcategory is assigned a corresponding level of risk 64. Consequently, an electronic payment transaction worth less than $100 may be associated with a low level of risk 64, an electronic payment transaction worth between $100 and $500 may be associated with a high level of risk 64, and an electronic payment transaction worth greater than $500 may be associated with a highest level of risk 64.”)
Regarding claim 20:
White discloses the following:
The method of claim 19, wherein the second threshold is based on analysis of prior transactions of the second buyer. (see White, [0077] discloses “For example, the value of a purchase may be divided into subcategories according to the amount of a purchase, such as $0-100, $100-500, and greater than $500. Each subcategory is assigned a corresponding level of risk 64. Consequently, an electronic payment transaction worth less than $100 may be associated with a low level of risk 64, an electronic payment transaction worth between $100 and $500 may be associated with a high level of risk 64, and an electronic payment transaction worth greater than $500 may be associated with a highest level of risk 64.”)
Regarding claim 13: it is similar scope to claim 1, and thus it is rejected under similar rationale.
Regarding claim 14: it is similar scope to claim 2, and thus it is rejected under similar rationale.
Conclusion
The prior art made of record but not relied upon herein but pertinent to Applicant’s disclosure is listed in the enclosed PTO-892.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YONG S PARK whose telephone number is (571)272-8349. The examiner can normally be reached on M-F 9:00-5:00 PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bennett M. Sigmond can be reached on (303)297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/YONGSIK PARK/Examiner, Art Unit 3694
July 1, 2026
/BENNETT M SIGMOND/Supervisory Patent Examiner, Art Unit 3694