DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Claims 1-20, as originally filed 08/26/2024, are pending and have been examined on the merits (claims 1, 13, and 17 being independent). The applicant’s claim for benefit of provisional application 61/806,686 filed 03/29/2013 has been received and acknowledged.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 09/20/2024, 10/16/2024, and 01/13/2026 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter without significantly more.
When considering subject matter eligibility under 35 U.S.C. 101, (1) it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. If the claim does fall within one of the statutory categories, (2a) it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so (2b), it must additionally be determined whether the claim is a patent-eligible application of the exception. If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself. Examples of abstract ideas include fundamental economic practices; certain methods of organizing human activities; an idea itself; and mathematical relationships/formulas. Alice Corporation Pty. Ltd. v. CLS Bank International, et al., 573 U.S. (2014).
The claimed invention is directed to a judicial exception (i.e. a law of nature, a natural phenomenon, or an abstract idea) without significantly more. In the instant case, the claim(s) as a whole, considering all claim elements both individually and in combination, do not amount to significantly more than an abstract idea.
Step (1): In the instant case, the claims are directed towards to a method for authenticating one or more parties for transactions which contains the steps of receiving, determining, transmitting, receiving, and transmitting. The claim recites a series of steps and, therefore, is a process. The claims do fall within at least one of the four categories of patent eligible subject matter because claim 1 is direct to a non-transitory computer-readable medium, and claims 13 and 17 are direct to a computer-implemented method, i.e. machines programmed to carrying out process steps, Step 1-yes.
Step (2A) Prong 1: A method for authenticating one or more parties for transactions is akin to the abstract idea subject matter grouping of: Certain Methods of Organizing Human Activity as fundamental economic principles or practices and/or commercial or legal interactions. As such, the claims include an abstract idea.
The specific limitations of the invention are (a) identified to encompass the abstract idea include: receiving… a first authentication request …, determining… a level of authentication required…, transmitting… a first request for a first set of one or more user inputs…., receiving… a first response based on a first user input provided…, transmitting… a authentication message…, transmitting… a second request for a second set of user inputs…, receiving… a second response based on the second set of user inputs provided…, and transmitting… a second authentication message….
As stated above, this abstract idea falls into the (b) subject matter grouping of: Certain Methods of Organizing Human Activity as fundamental economic principles or practices and/or commercial or legal interactions.
Step (2A) Prong 2: The instant claims do not integrate the exception into a practical application because additional elements: 1) “from a first seller device” and “using a network interface in communication with the one or more processors, via a communication network” amount to simply applying the abstract idea to a computer component and/or computer network. (e.g. “apply it”) 2) “client application at a buyer device” and “using the network interface, via the communication network” describe transmitting generic instructions to a generic device, and therefore also amount to simply applying the abstract idea to a generic computer/network, and client combination, or generically over the internet. (e.g. “apply it” or the equivalent) 3) “user interfaces”, again describes a generically interactive element, which amounts to simply applying the abstract idea of inputting or filtering on a computer. (e.g. on a web browser) do not apply, rely on, or use the judicial exception in a manner that that imposes a meaningful limitation on the judicial exception (i.e. generally linking the use of the judicial exception to a particular technological environment or field of use - see MPEP 2106.05(h) or apply it with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea - see MPEP 2106.05(f)).
The instant recited claims including additional elements (i.e., processors, seller device, network interface, via a communication network, client application at a buyer device, user interface) do not improve the functioning of the computer or improve another technology or technical field nor do they recite meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment. The limitations merely use a generic computing technology (Specification paragraphs [0004] and [0020]: authentication server, memory, processor, first party device, second party device, entity computing system, user computing device, cloud network, Internet, cellular network near field communication (NFC), etc.) as generally linking the use of the judicial exception to a particular technological environment or field of use - see MPEP 2106.05(h) or apply it with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea - see MPEP 2106.05(f)). Therefore, the claims are directed to an abstract idea
Step (2B): The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements (Claims: e.g., processors, seller device, network interface, via a communication network, client application at a buyer device, user interface) amount to no more than mere instructions to apply the exactly using generic computer/component. The claim elements when considered separately and in an ordered combination, do not add significantly more than implementing the abstract idea over a generic computer network with a generic interactive interface element.
The computer is merely a platform on which the abstract idea is implemented. Simply executing an abstract concept on a computer does not render a computer “specialized,” nor does it transform a patent-ineligible claim into a patent-eligible one. See Bancorp Servs., LLC v. Sun Life Assurance Co. of Can., 687 F.3d 1266, 1280 (Fed. Cir. 2012). There are no improvements to another technology or technical field, no improvements to the functioning of the computer itself, transformation or reduction of a particular article to a different state or thing or any other meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment as a result of performing the claimed method. Also, the addition of merely novel or non-routine components to the claimed idea does not necessarily turn an abstraction into something concrete (See Ultramercial, Inc. v. Hulu, LLC, _ F.3d_, 2014 WL 5904902, (Fed. Cir. Nov. 14, 2014). Hence, the claims do not recite significantly more than an abstract idea. In conclusion, merely “linking/applying” the exception using generic computer components does not constitute ‘significantly more’ than the abstract idea. (MPEP 2106.05 (f)(h)). Therefore, the claims are not patent eligible under 35 USC 101.
Dependent claims 2-12, 14-16, and 18-20 when analyzed as a whole and in an ordered combination are held to be patent ineligible under 35 U.S.C. 101 because the additional recited limitation(s) fail(s) to establish that the claim(s) is/are not directed to an abstract idea, as detailed below. The additional recited limitations in the dependent claims only refine the abstract idea.
For instance, in claims 2 and 14, the step of “… receiving, ….. a second authentication request to authenticate the buyer for a second transaction, the second authentication request comprising a second transaction location and a second transaction value; and determining that the higher level of authentication is required for the second transaction….” (i.e., receiving a request and determining a level of authentication), in claim 3, the step of “… comparing the alphanumeric input and the biometric user input with information stored in an account of the buyer to verify….” (i.e., verifying data), in claim 4, the step of “… perform operations comprising requesting, as the biometric user input, a picture taken ...” (i.e., comparing data), in claim 5, the step of “… perform operations comprising requesting fingerprint data...” (i.e., requesting an input), in claim 6, the step of “… perform operations comprising requesting facial recognition data...” (i.e., requesting an input), in claim 7, the step of “… perform operations comprising requesting a voice sample...” (i.e., requesting an input), in claim 8, the step of “… perform operations comprising requesting, as the alphanumeric entry, a password ...” (i.e., requesting an input), in claim 9, the step of “… perform operations comprising requesting, as the alphanumeric entry, personal information ...” (i.e., requesting an input), in claim 10, the step of “… perform operations comprising requesting a second alphanumeric input as part of the second set of user inputs, ...” (i.e., requesting an input), in claim 11, the step of “… perform operations comprising authenticating the alphanumeric user input and the biometric user input by determining that the alphanumeric user input and the biometric user input match ...” (i.e., verifying data), in claim 12, the step of “… wherein the authentication request identifies a good or service of the first transaction, wherein the second set of user inputs includes a verification of the good or service of the first transaction,...” (i.e., requesting an authentication), in claim 15, the step of “… determining, …, the threshold based on an analysis of prior transactions...” (i.e., determining the threshold), in claim 16, the step of “… wherein the biometric user input requested in the second request is a picture taken...” (i.e., requesting an input), in claim 18, the step of “… wherein determining that the lower level of authentication is required for the first transaction comprises determining that the first transaction value is below a first threshold, ...” (i.e., determining a level of authentication), in claim 19, the step of “… wherein the first threshold is based on analysis of prior transactions...” (i.e., determining a threshold), and in claim 20, the step of “… wherein the second threshold is based on analysis of prior transactions...” (i.e., determining a threshold) are all processes that, under its broadest reasonable interpretation, covers performance of a fundamental economic practice but for the recitation of a generic computer component. Performing an authentication based on a level of authentication required for a transaction is a most fundamental commercial process.
This is an abstract concept with nothing more and is also considered mere instructions to apply an exception akin to a commonplace business method or mathematical algorithm being applied on a general purpose computer, Alice Corp. Pty. Ltd.; Gottschalk and Versata Dev. Group, Inc.; see MPEP 2106.05(f)(2).
In dependent claims 2-12, 14-16, and 18-20, the step claimed are rejected under the same analysis and rationale as the independent claims 1, 13, and 17 above. Merely claiming the same process to perform an authentication based on a level of authentication required for a transaction does not change the abstract idea without an inventive concept or significantly more. Clearly, the additional recited limitations in the dependent claims only refine the abstract idea further. Further refinement of an abstract idea does not convert an abstract idea into something concrete.
Therefore, claims 1-20 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over White et al. (hereinafter White), US Publication Number 2011/0035788 A1 in view of Rose Gregory Gordon et al. (hereinafter Gordon), KR 2012-0014224 A.
Regarding claim 1:
White discloses the following:
A non-transitory computer-readable medium having computer-executable instructions encoded thereon which, when executed by one or more processors, cause the one or more processors to perform operations comprising: (see White, [0057] discloses “The merchant server system 12, the SPC system 16, the BAC system 18, the communications device 20, and the workstation 14 each include a processor (not shown) and a memory (not shown). It should be understood that, as used herein, the term processor is not limited to just those integrated circuits referred to in the art as a processor, but broadly refers to a computer, an application specific integrated circuit, and any other programmable circuit. It should be understood that the processors execute instructions, or computer programs, stored in the memories (not shown) of the merchant server system 12, the SPC system 16, the BAC system 18 the communications device 20 and the workstation 14, respectively.”)
based on a comparison of the first transaction value to a transaction threshold, and based on the first seller device location, determining a level of authentication required for the first transaction; (see White, [0080] discloses “The SPC system 16 compares the levels of risk 64 associated with each of the involved electronic payment transaction risk factors 68 and determines which risk factor 68 has the greatest level of risk 64. For example, when an electronic payment transaction for less than $100 is conducted with an untrustworthy merchant, the level of risk 64 associated with each of the involved electronic payment transaction risks 68 is determined as low and highest, respectively, by the SPC system 16.”, and see also [0077])
in response to determining that the level of authentication required for the first transaction is a lower level of authentication: (see White, [0083] discloses “For example, a transaction 62 having a low level of risk 64 requires biometric data of a single biometric type such as voice biometric data.”)
transmitting, to a client application at a buyer device of the buyer, using the network interface, via the communication network, a first request for a first set of one or more user inputs via a first user interface, the first set of one or more user inputs comprising at least one of an alphanumeric entry or a biometric user input; (see White, [0045] discloses “The BAC system 18 is operable to generate and transmit authentication data capture requests to at least the communications device 20.”, [0053] discloses “the communications device 20 is a portable cellular phone operable to at least display messages and images, obtain authentication data from a user”, and [0104] discloses “transmitting the biometric authentication data capture request to the communications device 20, the biometric authentication data capture request is considered to be transmitted to the authorized user associated with the inputted unique user identifier”)
receiving, from the buyer device responsive to the first request, using the network interface, via the communication network, a first response based on a first user input provided to the first user interface of the client application; (see White, [0053] discloses “the communications device 20 is a portable cellular phone operable to at least display messages and images, obtain authentication data from a user” and [0105] discloses “processing continues by transmitting the obtained biometric data from the communications device 20 to the BAC system 18 over the second communications channel”)
in response to authenticating the first response from the buyer device, transmitting, to the first seller device, using the network interface, via the communication network, a first authentication message indicating the buyer is authenticated for the first transaction; or (see White, [0136] discloses “After determining that the user is permitted to conduct 86 the desired electronic payment transaction 62, the SPC system 16 transmits an authentication confirmation message to the merchant system 12 over the first communications channel indicating that the workstation user has been successfully authenticated.”)
in response to determining that the level of authentication required for the first transaction is a higher level of authentication: (see White, [0083] discloses “A transaction 62 having a high level of risk 64 requires biometric data of a plurality of different biometric types such as face and iris biometric data.”)
transmitting, to the client application at the buyer device, using the network interface, via the communication network, a second request for a second set of user inputs via a plurality of user interfaces, wherein the second set of user inputs comprises at least the biometric user input, each of the plurality of user interfaces accepting one of the alphanumeric input or the biometric user input; (see White, [0118] discloses “Upon invoking the capture level security application 138, a message appears on the display of the communications device 20 that prompts the user to input the authentication capture level 140 into the communications device 20…. In response to inputting the capture level of 3, the capture level security application causes the communications device 20 to display the biometric authentication data 72 to be obtained. Specifically, the communications device 20 displays a message indicating that the user is to obtain face and iris biometric data.”)
receiving, from the buyer device responsive to the second request, using the network interface, via the communication network, a second response based on the second set of user inputs provided to the plurality of user interfaces; and (see White, [0118] discloses “Upon invoking the capture level security application 138, a message appears on the display of the communications device 20 that prompts the user to input the authentication capture level 140 into the communications device 20…. The user then obtains 140 the biometric data in accordance with the biometric authentication data requirement 72 using the communications device 20”)
in response to authenticating the second response from the buyer device, transmitting, to the first seller device, using the network interface, via the communication network, a second authentication message indicating the buyer is authenticated for the first transaction. (see White, [0143] discloses “Specifically, after positively validating the identity 114 of the workstation user, instead of generating and transmitting the OTPP 118, in other embodiments the BAC system 18 may transmit a successful validation result message directly to the SPC system 16 indicating that the workstation user has been successfully validated. In response, the SPC system 16 may transmit a message to the merchant system 12 over the first communications channel indicating that the workstation user has been successfully validated. After receiving the message from the SPC system 16, the merchant system 12 accepts the inputted credit card number and completes the electronic payment transaction 86.”)
White does not explicitly disclose the following, however Gordon further teaches:
receiving, from a first seller device, using a network interface in communication with the one or more processors, via a communication network, a first authentication request to authenticate a buyer for a first transaction, the first authentication request comprising a first seller device location and a first transaction value; (see Gordon, page 12, line 1-12: discloses “The POS device then generates a payment request message and sends it over the network to a payment matching server to authenticate and/or authorize the payment transaction, which payment amount and one or more location parameters (e.g., seller name, seller). Identifier, merchant location, approximate geographic location and/or POS device location) (610). The payment request may also include other parameters such as transaction date, transaction time, transaction identifier, and the like.”)
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known of White to include authenticating and/or authorizing the payment transaction that includes payment amount and one or more location parameters (e.g., seller name, seller), as taught by Gordon, in order to provide a more secure transaction. (see Gordon, page 2)
Regarding claim 2:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform further operations comprising:
a determining that the higher level of authentication is required for the second transaction based on the second transaction location and a comparison of the second transaction value to the transaction threshold. (see White, [0083] discloses “A transaction 62 having a high level of risk 64 requires biometric data of a plurality of different biometric types such as face and iris biometric data.”, and see also [0077])
White does not explicitly disclose the following, however Gordon further teaches:
receiving, from a second seller device of the second seller, using the network interface, via the communication network, a second authentication request to authenticate the buyer for a second transaction, the second authentication request comprising a second transaction location and a second transaction value; and (see Gordon, page 12, line 1-12: discloses “The POS device then generates a payment request message and sends it over the network to a payment matching server to authenticate and/or authorize the payment transaction, which payment amount and one or more location parameters (e.g., seller name, seller). Identifier, merchant location, approximate geographic location and/or POS device location) (610). The payment request may also include other parameters such as transaction date, transaction time, transaction identifier, and the like.”, and also see page 5, lines 8-11: “Merchants, sellers, and VISAs acting as a bridge between financial institutions and issuers to authorize purchases and make payments [Image Omitted] And MasterCard [Image Omitted] Credit card associations, and users of access terminals (e.g., mobile radios) all want to conduct and close purchases and sales quickly and quickly. At least one concern is security, including proper authorization and authentication and allowance to give sellers and customers the confidence that fraudulent transactions will not occur.”, and Examiner notes: page 5, lines 8-11: teaches the recited limitation of “a second seller device of the second seller” and “the second authentication request” as cited on merchants, sellers, and users)
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known of White to include authenticating and/or authorizing the payment transaction that includes payment amount and one or more location parameters (e.g., seller name, seller), as taught by Gordon, in order to provide a more secure transaction. (see Gordon, page 2)
Regarding claim 3:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the second response comprises the alphanumeric input and the biometric user input, and wherein authenticating the alphanumeric input and the biometric user input comprises comparing the alphanumeric input and the biometric user input with information stored in an account of the buyer to verify that the alphanumeric input and the biometric user input are associated with the buyer. (see White, [0158] discloses “It should be appreciated that biometrically authenticating identities facilitates increasing the level of trust that a user attempting to conduct a network-based transaction is an authorized user. Moreover, it should be appreciated that providing an OTPP contingent on successfully biometrically authenticating the user enhances the level of trust in an authentication result. Furthermore, it should be understood that by virtue of using an out-of-band communications device, separate and distinct from the workstation 14, for capturing and transmitting biometric data and for receiving and transmitting the OTPP, an additional level of security is provided which also facilitates increasing the trust in an authentication result that indicates a user is an authorized user. By implementing a higher authentication standard, it is more difficult for an unauthorized user to be authenticated as an authorized user.”)
Regarding claim 4:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting, as the biometric user input, a picture taken by a camera. (see White, [0118] discloses “Upon invoking the capture level security application 138, a message appears on the display of the communications device 20 that prompts the user to input the authentication capture level 140 into the communications device 20…. In response to inputting the capture level of 3, the capture level security application causes the communications device 20 to display the biometric authentication data 72 to be obtained. Specifically, the communications device 20 displays a message indicating that the user is to obtain face and iris biometric data.”, and see also [0052] “a camera (not shown)”)
Regarding claim 5:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting fingerprint data as the biometric user input. (see White, [0084] discloses “For example, the biometric authentication data requirement 72 for a high level risk 64 may be reconfigured such that the appropriate biometric authentication data requirement 72 stipulates authenticating the user with face, iris and fingerprint biometric data, instead of face and iris biometric data.”)
Regarding claim 6:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting facial recognition data as the biometric user input. (see White, [0084] discloses “For example, the biometric authentication data requirement 72 for a high level risk 64 may be reconfigured such that the appropriate biometric authentication data requirement 72 stipulates authenticating the user with face, iris and fingerprint biometric data, instead of face and iris biometric data.”)
Regarding claim 7:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting a voice sample as the biometric user input. (see White, [0083] discloses “For example, a transaction 62 having a low level of risk 64 requires biometric data of a single biometric type such as voice biometric data.”)
Regarding claim 8:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting, as the alphanumeric entry, a password or a personal identification number (PIN). (see White, [0087] discloses “It should be appreciated that due to security concerns associated with passwords used to access web pages over networks such as the Internet”)
Regarding claim 9:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting, as the alphanumeric entry, personal information of the buyer. (see White, [0087] discloses “entering a use name and a password when remotely accessing a web page”)
Regarding claim 10:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising requesting a second alphanumeric input as part of the second set of user inputs, wherein the second alphanumeric input is selected from a group consisting of a password, a secret code, and a PIN. (see White, [0111] discloses “After transmitting the OTPP 118 to the communications device 20, the communications device 20 displays the OTPP transmission such that the user is able to obtain 120 the received OTPP by reading the communications device 20 display, and manually enter 120 the OTPP into a pass-phrase text input box at the workstation 14. Next, the workstation 14 transmits 122 the OTPP to the SPC system 16, and the SPC system 16 in tum transmits 122 the OTPP to the BAC system 18 for validation 124.”)
Regarding claim 11:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions, when executed by the one or more processors, cause the one or more processors to perform operations comprising authenticating the alphanumeric user input and the biometric user input by determining that the alphanumeric user input and the biometric user input match verified user inputs. (see White, [0158] discloses “It should be appreciated that biometrically authenticating identities facilitates increasing the level of trust that a user attempting to conduct a network-based transaction is an authorized user. Moreover, it should be appreciated that providing an OTPP contingent on successfully biometrically authenticating the user enhances the level of trust in an authentication result. Furthermore, it should be understood that by virtue of using an out-of-band communications device, separate and distinct from the workstation 14, for capturing and transmitting biometric data and for receiving and transmitting the OTPP, an additional level of security is provided which also facilitates increasing the trust in an authentication result that indicates a user is an authorized user. By implementing a higher authentication standard, it is more difficult for an unauthorized user to be authenticated as an authorized user.”)
Regarding claim 12:
White discloses the following:
The non-transitory computer-readable medium of claim 1, wherein the authentication request identifies a good or service of the first transaction, wherein the second set of user inputs includes a verification of the good or service of the first transaction, and wherein the verification of the good or service of the first transaction is received as part of the second response. (see White, [0128] discloses “For AC system 10, the process starts 144 when a user at the workstation 14 navigates over a network to a web site operated by the merchant system 12 and identifies at least one item to purchase 146 from the merchant. In response, the merchant system 12 prompts the user to select an electronic payment transaction method from a menu of electronic payment transaction methods to complete an electronic payment transaction, and the user selects an electronic payment method.”)
Regarding claim 15:
White discloses the following:
The method of claim 13, further comprising determining, by the processor, the threshold based on an analysis of prior transactions of the buyer. (see White, [0077] discloses “For example, the value of a purchase may be divided into subcategories according to the amount of a purchase, such as $0-100, $100-500, and greater than $500. Each subcategory is assigned a corresponding level of risk 64. Consequently, an electronic payment transaction worth less than $100 may be associated with a low level of risk 64, an electronic payment transaction worth between $100 and $500 may be associated with a high level of risk 64, and an electronic payment transaction worth greater than $500 may be associated with a highest level of risk 64.”)
Regarding claim 16:
White discloses the following:
The method of claim 13, wherein the biometric user input requested in the second request is a picture taken by a camera. (see White, [0118] discloses “Upon invoking the capture level security application 138, a message appears on the display of the communications device 20 that prompts the user to input the authentication capture level 140 into the communications device 20…. In response to inputting the capture level of 3, the capture level security application causes the communications device 20 to display the biometric authentication data 72 to be obtained. Specifically, the communications device 20 displays a message indicating that the user is to obtain face and iris biometric data.”, and see also [0052] “a camera (not shown)”)
Regarding claim 17:
White discloses the following:
A computer-implemented method for authenticating, via an authentication server comprising one or more processors, electronic transactions involving seller devices of sellers and buyer devices of buyers, the method comprising: (see White, [0057] discloses “The merchant server system 12, the SPC system 16, the BAC system 18, the communications device 20, and the workstation 14 each include a processor (not shown) and a memory (not shown). It should be understood that, as used herein, the term processor is not limited to just those integrated circuits referred to in the art as a processor, but broadly refers to a computer, an application specific integrated circuit, and any other programmable circuit. It should be understood that the processors execute instructions, or computer programs, stored in the memories (not shown) of the merchant server system 12, the SPC system 16, the BAC system 18 the communications device 20 and the workstation 14, respectively.”)
in response to determining that a lower level of authentication is required for the first transaction, (see White, [0083] discloses “For example, a transaction 62 having a low level of risk 64 requires biometric data of a single biometric type such as voice biometric data.”)
in response to verifying the alphanumeric user input is associated with the first buyer, transmitting, to the seller device, by the network interface, a first authentication message indicating the first buyer is authenticated for the first transaction; (see White, [0118] discloses “Upon invoking the capture level security application 138, a message appears on the display of the communications device 20 that prompts the user to input the authentication capture level 140 into the communications device 20…. In response to inputting the capture level of 3, the capture level security application causes the communications device 20 to display the biometric authentication data 72 to be obtained. Specifically, the communications device 20 displays a message indicating that the user is to obtain face and iris biometric data.”)
in response to determining that a higher level of authentication is required for the second transaction, (see White, [0083] discloses “A transaction 62 having a high level of risk 64 requires biometric data of a plurality of different biometric types such as face and iris biometric data.”, and see also [0077])
transmitting, to a second buyer device of the second buyer, by the network interface, a second request for a second set of user inputs via a plurality of user interfaces, the second set of user inputs comprising at least a biometric user input and a second alphanumeric input; (see White, [0158] discloses “It should be appreciated that biometrically authenticating identities facilitates increasing the level of trust that a user attempting to conduct a network-based transaction is an authorized user. Moreover, it should be appreciated that providing an OTPP contingent on successfully biometrically authenticating the user enhances the level of trust in an authentication result. Furthermore, it should be understood that by virtue of using an out-of-band communications device, separate and distinct from the workstation 14, for capturing and transmitting biometric data and for receiving and transmitting the OTPP, an additional level of security is provided which also facilitates increasing the trust in an authentication result that indicates a user is an authorized user. By implementing a higher authentication standard, it is more difficult for an unauthorized user to be authenticated as an authorized user.”)
receiving, from the second buyer device responsive to the second request, by the network interface, the second alphanumeric input, the biometric user input; and (see White, [0158] discloses “Furthermore, it should be understood that by virtue of using an out-of-band communications device, separate and distinct from the workstation 14, for capturing and transmitting biometric data and for receiving and transmitting the OTPP, an additional level of security is provided which also facilitates increasing the trust in an authentication result that indicates a user is an authorized user.”)
in response to verifying the biometric user input and the second alphanumeric input, transmitting, to the seller device, by the network interface, a second authentication message indicating the second buyer is authenticated for the second transaction. (see White, [0158] discloses “for capturing and transmitting biometric data and for receiving and transmitting the OTPP, an additional level of security is provided which also facilitates increasing the trust in an authentication result that indicates a user is an authorized user.”)
White does not explicitly disclose the following, however Gordon further teaches:
receiving, by a network interface, from a seller device of a seller, a first authentication request to authenticate a first buyer for a first transaction, the first authentication request comprising a seller device location and a first transaction value; (see Gordon, page 12, line 1-12: discloses “The POS device then generates a payment request message and sends it over the network to a payment matching server to authenticate and/or authorize the payment transaction, which payment amount and one or more location parameters (e.g., seller name, seller). Identifier, merchant location, approximate geographic location and / or POS device location) (610). The payment request may also include other parameters such as transaction date, transaction time, transaction identifier, and the like.”)
transmitting, to a first buyer device of the first buyer, by the network interface, a first request for a first set of one or more user inputs via a first user interface, the first set of one or more user inputs comprising at least an alphanumeric entry; (see Gordon, page 10, line 1-3: discloses “Thus, for example, in order to further improve the reliability of authentication and authorization data provided by the mobile commerce authentication and authorization system of this document, a personal identification number (e.g. The user may be asked to enter "PIN.”))
receiving, from the first buyer device responsive to the first request, by the network interface, an alphanumeric user input provided to the first user interface; (see Gordon, page 10, line 1-3: discloses “authorization data provided by the mobile commerce authentication and authorization system of this document, a personal identification number (e.g. The user may be asked to enter "PIN.”)
receiving, from the seller device of the seller, by the network interface, a second authentication request to authenticate a second buyer for a second transaction, the second authentication request comprising a second transaction location and a second transaction value; (see Gordon, page 12, line 1-12: discloses “The POS device then generates a payment request message and sends it over the network to a payment matching server to authenticate and/or authorize the payment transaction, which payment amount and one or more location parameters (e.g., seller name, seller). Identifier, merchant location, approximate geographic location and / or POS device location) (610). The payment request may also include other parameters such as transaction date, transaction time, transaction identifier, and the like.”, and also see page 5, lines 8-11: “Merchants, sellers, and VISAs acting as a bridge between financial institutions and issuers to authorize purchases and make payments [Image Omitted] And MasterCard [Image Omitted] Credit card associations, and users of access terminals (e.g., mobile radios) all want to conduct and close purchases and sales quickly and quickly. At least one concern is security, including proper authorization and authentication and allowance to give sellers and customers the confidence that fraudulent transactions will not occur.”, and Examiner notes: page 5, lines 8-11: teaches the recited limitation od “second transaction location” and “second transaction value” as cited on merchants, sellers, and users).”)
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known of White to include authenticating and/or authorizing the payment transaction that includes payment amount and one or more location parameters (e.g., seller name, seller), as taught by Gordon, in order to provide a more secure transaction. (see Gordon, page 2)
Regarding claim 18:
White discloses the following:
The method of claim 17, wherein determining that the lower level of authentication is required for the first transaction comprises determining that the first transaction value is below a first threshold, and (see White, [0083] discloses “For example, a transaction 62 having a low level of risk 64 requires biometric data of a single biometric type such as voice biometric data.”, and also see [0077])
wherein determining that the higher level of authentication is required for the second transaction comprises determining that the second transaction value is at least as large as a second threshold. (see White, [0083] discloses “A transaction 62 having a high level of risk 64 requires biometric data of a plurality of different biometric types such as face and iris biometric data.”, and see also [0077])
Regarding claim 19:
White discloses the following:
The method of claim 18, wherein the first threshold is based on analysis of prior transactions of the first buyer. (see White, [0077] discloses “For example, the value of a purchase may be divided into subcategories according to the amount of a purchase, such as $0-100, $100-500, and greater than $500. Each subcategory is assigned a corresponding level of risk 64. Consequently, an electronic payment transaction worth less than $100 may be associated with a low level of risk 64, an electronic payment transaction worth between $100 and $500 may be associated with a high level of risk 64, and an electronic payment transaction worth greater than $500 may be associated with a highest level of risk 64.”)
Regarding claim 20:
White discloses the following:
The method of claim 19, wherein the second threshold is based on analysis of prior transactions of the second buyer. (see White, [0077] discloses “For example, the value of a purchase may be divided into subcategories according to the amount of a purchase, such as $0-100, $100-500, and greater than $500. Each subcategory is assigned a corresponding level of risk 64. Consequently, an electronic payment transaction worth less than $100 may be associated with a low level of risk 64, an electronic payment transaction worth between $100 and $500 may be associated with a high level of risk 64, and an electronic payment transaction worth greater than $500 may be associated with a highest level of risk 64.”)
Regarding claims 13: it is similar scope to claim 1, and thus it is rejected under similar rationale.
Regarding claim 14: it is similar scope to claim 2, and thus it is rejected under similar rationale.
Conclusion
The prior art made of record but not relied upon herein but pertinent to Applicant’s disclosure is listed in the enclosed PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YONG S PARK whose telephone number is (571)272-8349. The examiner can normally be reached M-F 9:00-5:00 PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bennett M. Sigmond can be reached on (303)297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/YONGSIK PARK/Examiner, Art Unit 3694
January 16, 2026
/BENNETT M SIGMOND/Supervisory Patent Examiner, Art Unit 3694