DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
This action is in reply to the application filed on 12/04/2024.
Claims 1-20 are currently pending and have been examined.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
In the instant case, claims 1, 13 and 20 are directed to a method, system, and non-transitory computer-readable recording medium. For the purposes of this analysis, representative claim 1 is addressed.
Claim 1 recites “secure account access” which is a grouped under “Certain methods of organizing human activity — fundamental economic practices” in prong one of step 2A (MPEP 2106.04(a)). Claim 1 recites
A method of providing biometrically authenticated centralized access to multiple accounts, the method comprising: generating, by a first server, a reference biometric identifier (RBI) from biometric data scanned from a user associated with a user account stored by the first server;
transmitting, by the first server, the RBI, to a central server linking a plurality of account servers including the first server;
responsive to a user transaction being conducted via a first application executing on a first device, generating, by the first application, a biometric data packet (BDP) from biometric data captured, by the first device, from the user, wherein the BDP is transmitted to the central server;
verifying the BPD, by the central center, based by determining a match between the BDP received from the first device and the RBI received from the first server; and
returning, by the central server, one or more payment credentials associated with the user from the plurality of servers.
The additional elements of claim 1 such as “A method of providing biometrically authenticated centralized access to multiple accounts, the method comprising: generating, by a first server, a reference biometric identifier (RBI) from biometric data scanned from a user associated with a user account stored by the first server; transmitting, by the first server, the RBI, to a central server linking a plurality of account servers including the first server”, “a first application executing on a first device” ” represent the use of a computer as a tool to perform an abstract idea and/or does no more than generally link the abstract idea to a particular field of use.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration into a practical application, the additional elements amount to no more than mere instructions to apply the abstract idea of using generic computer components. The claim elements when considered separately and in an ordered combination, do not add significantly more than implementing the abstract idea of fundamental economic practice.
Dependent claims 2-12, and 14-19 recited additional details which only further narrow the abstract idea and do not add any additional features, alone or in combination, that would provide a practical application or provide significantly more.
Claim 11 recites the additional elements of “wherein one or more of the RBI generated by the first server and the BDP generated by the first device correspond to a vectorized scan of a retina associated with the user. ” does no more than use a computer as a tool to perform an abstract idea and do no more than generally link the abstract idea to a particular field of use.
Claim 12 recites the additional elements of “wherein the vectorized scan of the retina corresponds to a vector image of branching pattern of blood vessels associated with the retina. ” does no more than use a computer as a tool to perform an abstract idea and do no more than generally link the abstract idea to a particular field of use.
The claims as a whole do not amount to significantly more than the abstract idea itself. This is because the claims do not affect an improvement to another technology or technical field, the claims do not amount to an improvement to the functioning of a computer system itself, and the claims do not move beyond a general link of the use of an abstract idea to a particular technological environment.
Accordingly, there are no meaningful limitations in the claims that transform the judicial exception into a patent eligible application such that the claims amount to significantly more than the judicial exception itself.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-3, 9-10, 13-15, and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Borucki (US 10,861,017 B2)
Regarding claims 1, 13 and 20
A method of providing biometrically authenticated centralized access to multiple accounts, the method comprising: generating, by a first server, a reference biometric identifier (RBI) from biometric data scanned from a user associated with a user account stored by the first server; (See at least Borucki (Col 2 lines 49-64) Initially, a user registered for participating in the cross-linking authentication services offered by the system 100. During registration, biometric data is then captured for the user through the peripheral input device 111 of the transaction terminal 110. This can be for a specific type of biometric data (face, voice, finger, eye, etc.) or a combination of types (face, voice, finger, and/or eye). Multiple readings for each or several types of biometric data may be captured by the peripheral input device 111 during the registration. Both of the biometric agent 112 and/or the token generator 123 produce one or more templates from the captured biometric data; each biometric data type(s) produces a unique template from the biometric data and the type(s). Each template is then provided to the generator 123 by the registration service 124 and a unique token for each template is generated through a hashing mechanism.)
transmitting, by the first server, the RBI, to a central server linking a plurality of account servers including the first server; (See at least Borucki (Col 3 lines 5-19) In an embodiment, the user is asked which services 131 that the user desires to link to the cross-linking authentication and cross-linking personably identifiable accounts services provided by the system 100. The user then provides through the transaction manager 113 and the registration service 124 an account or some uniquely identifiable information used by the selected services 131 to unique identify accounts of the user in the databases 132 maintained by the services 131, for example an email for the user or an account number. Each record for each template and token combination in the data store 122 (may also be referred to as index 122 herein) is then updated to include an identifier for the selected service 131 and the unique identifiable information used by the user for identifying the user to that service 131.)
responsive to a user transaction being conducted via a first application executing on a first device, generating, by the first application, a biometric data packet (BDP) from biometric data captured, by the first device, from the user, wherein the BDP is transmitted to the central server; (See at least Borucki (Col 7 lines 40-41) At 310, the biometric agent obtains biometric data of a user conducting a transaction at a transaction terminal.)
verifying the BPD, by the central center, based by determining a match between the BDP received from the first device and the RBI received from the first server; and (See at least Borucki (col 7 lines 56-64) At 330, the biometric agent provides the biometric template to an indexer as a search request. At 340, the biometric agent receives a token and a link to an external service in response to results returned by indexer to the search at 330. At 350, the biometric agent process the token and the link with the external service to obtain personal data for the user from an account of the user maintained and controlled by the external service.)
returning, by the central server, one or more payment credentials associated with the user from the plurality of servers. (See at least Borucki (Col 7 lines 65-67) At 360, the biometric agent uses the personal data to process at least a portion of the transaction at the transaction terminal.)
Regarding claims 2 and 14
further comprising displaying one or more payment credentials on the first device for selection of a desired payment credentials from one or more payment credentials returned from the plurality of servers, wherein the selected payment credentials is transmitted on behalf of the merchant, to a corresponding server for validation. (See at least Borucki (Col 5 lines 29-37) The transaction manager 113 provides access to the cross-linked personably identifiable information during a transaction at the transaction terminal 110. The cross-linked personably identifiable information may be provided as imaged information on a display of the terminal 110 during the transaction or provided as electronic information (name, birthdate, address, email, and/or account number), needed for processing during the transaction.)
Regarding claims 3, 15 and 16
wherein the first device corresponds to a merchant POS device, and the user transaction corresponds to an in-person transaction being conducted at the merchant POS device, wherein the BDP is generated by the POS device from biometric data captures by a biometric sensor associated with the POS device. (See at least Borucki (Col 5 lines 54-56)In an embodiment, the transaction terminal is one of: a Point-Of-Sale (POS) terminal, a Self-Service terminal (SST), a kiosk, or an ATM. (Col 6 lines 23-25) In an embodiment, at 212, the indexer generates the biometric template from biometric data captured at the transaction terminal during the transaction.
Regarding claim 9
wherein verifying the BDP comprises transmitting, by the central server, the BDP to the first server, wherein the BDP received from the central server, is compared with one or more RBIs stored on the first server for a determining a match. (See at least Borucki (col 7 lines 56-64) At 330, the biometric agent provides the biometric template to an indexer as a search request. At 340, the biometric agent receives a token and a link to an external service in response to results returned by indexer to the search at 330.
At 350, the biometric agent process the token and the link with the external service to obtain personal data for the user from an account of the user maintained and controlled by the external service.)
Regarding claims 10
wherein a user identifier associated with the RBI is provided to the central server in response to a successful match, wherein the central server is configured to return payment credentials associated with the user identifier from the plurality of servers. (See at least Borucki (col 7 lines 56-64) (Col 5 lines 29-37) The transaction manager 113 provides access to the cross-linked personably identifiable information during a transaction at the transaction terminal 110. The cross-linked personably identifiable information may be provided as imaged information on a display of the terminal 110 during the transaction or provided as electronic information (name, birthdate, address, email, and/or account number), needed for processing during the transaction.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 4-5 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Borucki (US 10,861,017 B2) in view of Safak (US 2019/0180275 A1)
Regarding claims 4 and 17
Borucki does not specifically teach: wherein the BDP further comprises a digital signature generated by the merchant, the digital signature enabling a validation of a merchant’s identity by the central server.
However Safak teaches at least at: [0035] In instances where the data may be submitted through an acquirer, the acquirer may endorse the merchant by verifying the digital signature using the merchant's public key. In other instances, the issuing institution 106 may be able to validate the merchant. In an exemplary embodiment, the data may be included in a transaction message that is submitted to the payment network 110 via payment rails associated therewith, where the transaction message may be formatted pursuant to one or more standards governing the exchange of transaction messages as used in traditional payment transactions, such as the International Organization of Standardization's ISO 8583 or ISO 20022 standards.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the Biometric index linking and processing of Borucki in view of the method for consumer initiated transactions using encrypted tokens as taught by Safak in order to validate the merchants identity.
Regarding claim 5
Borucki does not specifically teach: wherein the generation of the digital signature and validation of the merchant’s identity based on the digital signature is implemented using a public key cryptography protocol.
However Safak teaches at least at: [0035] In these embodiments, the transaction message may include a message type indicator indicative of an authorization request, and may include a plurality of data elements, where one data element is configured to store the encrypted payment token and another data element is configured to store the signed cryptographic checksum. In some cases, the encrypted payment token may be stored in the data element configured to store the primary account number. In other cases, the encrypted payment token may be stored in a data element configured for the storage of token data, such as data element 60 in ISO 8583, where an account number of the payment token may be stored in the data element configured to store the primary account number (e.g., data element 2 in ISO 8583). The signed cryptographic checksum may be stored in a data element reserved for private use as indicated by the applicable standard(s). In embodiments where the point of sale device 102 receives the transaction order, the signed transaction order may be stored in a data element included in the transaction message that is reserved for private use as indicated by the applicable standard(s).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the Biometric index linking and processing of Borucki in view of the method for consumer initiated transactions using encrypted tokens as taught by Safak in order to validate the merchants identity.
Claims 6 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Borucki (US 10,861,017 B2) in view of Beye et al. (US 2018/0039791 A1)
Regarding claims 6 and 18
Borucki does not specifically teach: wherein the first device corresponds to a user communication device, and the user transaction corresponds to an electronic transaction conducted at a merchant online checkout page, wherein the BDP is generated by the user communication device from biometric image data captured by a camera unit associated with the user communication device.
However Beye teaches at least at: [0043] In various embodiments, the system may be leveraged to web browsers to favor online shopping, which may be performed on any user device including a workstation, desktop, tablet computer, mobile device or the like of the user. All sensitive data that includes user information and card information, and public data that includes deals will be stored locally on mobile devices or on secured servers. The data communication and synchronization between the mobile version and web version occur via end-to-end encryption when this invention is in use. When making a purchase online, the user can choose between the conventional store payment method and “pay with the app”. “Pay with the app” enables users to complete the transaction with a single click. This web-based concept, in some embodiments, enables a browser plugin/extension running locally at the device with which the user is navigating the Internet merchant's website and at a checkout page of that online marketplace. When the user moves forward with an online marketplace transaction, the browser plugin/extension may be called and performs some or all the functionality described herein, including but not limited to, selecting a best resource for completing a transaction. In some embodiments, once the user makes a selection to utilize the web-based system described herein, by for example, clicking a “Pay with the app” button, additional authentication may be required at the device the user is using or, in some cases, at another device associated with the user, such as the user's mobile device. In some embodiments, for example, biometric authentication (e.g., fingerprint authentication) will be captured by the mobile device of the user, confirmation of which may then be forwarded across an operative connection between the mobile device and the device which the user is using (e.g., the user's desktop computer) to complete the transaction.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the Biometric index linking and processing of Borucki in view of the intelligent credential selection system as taught by Beye in order to securely conduct transaction with a merchant from an online store.
Claims 7-8 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Borucki (US 10,861,017 B2) in view of Safak (US 2019/0180275 A1) and further inv view of Martin (US 2023/0182687 A1)
Regarding claims 7 and 19
Borucki does not specifically teach: wherein the BDP is further accompanied by a one-time password (OTP) generated by a second device associated with the user and wherein the OTP is retrieved from the second device by the user communication device and transmitted to the central server along with the BDP.
However Martin teaches at least at: [0051] The authorization-enabling information includes information that enables sending of an OTP to the online shopper during a merchant checkout process. For example, in some embodiments, the authorization-enabling information includes an email address associated with the online shopper or a phone number associated with the online shopper. Thus, in such embodiments, an OTP or other trusted message can be sent via text or voice message to the phone number or email address, thereby enabling secure authorization of an online transaction by the online shopper without entering sensitive credit card information during the online transaction at merchant website 140.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the Biometric index linking and processing of Borucki in view of the User liked payment methods for completion of an online transaction as taught by Martin in order to securely conduct transaction with a merchant from an online store.
Regarding claim 8
Borucki does not specifically teach: wherein the second device corresponds to a contactless card storing user identification data, and wherein the user communication device is configured to communicate with the contactless card using near-field communication (NFC).
However Beye teaches at least at: [0119] Referring now to FIG. 8, a combined diagram and flowchart illustrates a payment sequence process 800 according to embodiments of the invention. The first step is for the user to select a pay button on the user device 204, as represented by arrow 852. In case the user device is not oriented properly with regard to the point of transaction device, a landing page interface then alerts to point to the point of transaction terminal (such as an NFC device) as represented by arrow 854. Then, as represented by arrow 856, the user points the user device 204 toward the NFC reader (or manipulates the user device in relation to the point of transaction device as necessary for establishing an operative connection between the user device and the point of transaction device). The NFC reader then gets the merchant and amount of the transaction from a merchant device, as represented by arrow 858. As represented by arrow 860, the “get best card” algorithm (embodiments of which were described above with reference to FIG. 7) is called and executed. The algorithm send a query for the best card to a database in some embodiments, as represented by arrow 862. The database returns the best card for the circumstances as represented by arrow 864, and the algorithm then initiates the payment using the selected card, as represented by arrow 866 by initiating communication with the payment processor. The payment processor then returns an alert to the user device that the card has been charged successfully, as represented by arrow 868.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the Biometric index linking and processing of Borucki in view of the intelligent credential selection system as taught by Beye in order to securely conduct transaction with a merchant from an online store.
Claims 11 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Borucki (US 10,861,017 B2) in view of Oskley (US 2012/0201436 A1)
Regarding claim 11
Borucki does not specifically teach: wherein one or more of the RBI generated by the first server and the BDP generated by the first device correspond to a vectorized scan of a retina associated with the user.
However Oskley teaches at least at: [0035] Another aspect of the embodiments is to apply the method in medical applications such as optical coherence tomography where structured matter is imaged. Given, for example, retinal layers in the eye, a given 1-d signal imaged at the retina will depth resolve the retinal layers. Its vectorization via scale and intensity is a very natural implementation given the finitely bounded--between the inner limiting membrane at the anterior and Bruch's membrane at the posterior--and consistently organized layers, in this example, retinal layers. As such, the input signals are ideal for vectorization and replacement with their lower noise (i.e., higher resolution) representations from each one's association in the partitioned data set. This offers aesthetic improvements that may help clinical interpretation. This will facilitate better images, where, for example, opacities in the eye diminished the signal quality at the sensing device. This notion can be extended to other structural anatomical information, such as layers in the skin for dermatological applications with similarly repeating patterns. And indeed to alternative modalities.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the Biometric index linking and processing of Borucki in view of the method for image analysis and onterpritation as taught by Oakley in order to high resolution imaging of the retina for biometric verification.
Regarding claim 12
Borucki does not specifically teach: wherein the vectorized scan of the retina corresponds to a vector image of branching pattern of blood vessels associated with the retina.
However Oskley teaches at least at: [0035] Another aspect of the embodiments is to apply the method in medical applications such as optical coherence tomography where structured matter is imaged. Given, for example, retinal layers in the eye, a given 1-d signal imaged at the retina will depth resolve the retinal layers. Its vectorization via scale and intensity is a very natural implementation given the finitely bounded--between the inner limiting membrane at the anterior and Bruch's membrane at the posterior--and consistently organized layers, in this example, retinal layers. As such, the input signals are ideal for vectorization and replacement with their lower noise (i.e., higher resolution) representations from each one's association in the partitioned data set. This offers aesthetic improvements that may help clinical interpretation. This will facilitate better images, where, for example, opacities in the eye diminished the signal quality at the sensing device. This notion can be extended to other structural anatomical information, such as layers in the skin for dermatological applications with similarly repeating patterns. And indeed to alternative modalities.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the Biometric index linking and processing of Borucki in view of the method for image analysis and onterpritation as taught by Oakley in order to high resolution imaging of the retina for biometric verification.
Prior Art of Record Not Currently Relied Upon
Robinson (US 2008/0147481 A1) Teaches Method for encouraging use of a biometric authorization system.
Zhang (US 2015/0120557 A1) Teaches: Fingerprint payment method.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY MARK JAMES whose telephone number is (571)272-5155. The examiner can normally be reached M-F 8:30am - 5:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ryan Donlon can be reached at 571-270-3602. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GREGORY M JAMES/Examiner, Art Unit 3692 /SARAH M MONFELDT/Supervisory Patent Examiner, Art Unit 3629