METHOD AND SYSTEM FOR AUTHENTICATING AN OPERATION

§101 §102

DETAILED ACTION The following NON-FINAL Office action is in response to application filed on February 10, 2025 for application 19049981. Acknowledgements Claims 1-7 are pending. Claims 1-7 have been examined. Notice of Pre-AIA or AIA Status The present application, filed on or after December 13, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-7 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. In the instant case, claims 1-7 are directed to a method. Therefore, these claims fall within the four statutory categories of invention. The claims recite authenticating an operation which is an abstract idea. Specifically, the claim recites “receiving an input from a user related to the security element of the given type; attempting to validate the input for each of the respective security elements of the given type; receiving a given information element; and upon successful validation with one of the respective security elements of the given type, authenticating, the operation using the information element for the one of the plural operations with which said one of the respective security elements is associated.” which is grouped within the “certain methods of organizing human activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test, classified under “fundamental economic principles or practices”, mitigating risk as part of a transaction (See MPEP 2106, specifically 2106.04(a)) because – for example, in this case, the claims involve a series of steps for authenticating an operation by using information elements such as a user identifier or a secret code with a respective security element such as a personal identification number, a password or a biometric information element. Accordingly, the claim recites an abstract idea (See MPEP 2106, specifically 2106.04(a)). This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See MPEP 2106.04(d)), the additional elements of the claims such as a system comprising a smart card and a computing device, reader, processing unit and input module merely involves using a computer as a tool to perform an abstract idea and/or generally links the use of a judicial exception to a particular technological environment. The use of “a system comprising a smart card and a computing device, reader, processing unit and input module” to implement the abstract idea and/or generally linking the use of the abstract idea to a particular technological environment] does not render the claim patent eligible because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. Specifically, the system comprising a smart card and a computing device, reader, processing unit and input module perform the steps or functions of “receiving an input from a user related to the security element of the given type; attempting to validate the input for each of the respective security elements of the given type; receiving a given information element; and upon successful validation with one of the respective security elements of the given type, authenticating, the operation using the information element for the one of the plural operations with which said one of the respective security elements is associated”. The additional claim elements are not indicative of integration into a practical application, because the claims do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See MPEP 2106, specifically 2106.05), the additional elements of system comprising a smart card and a computing device, reader, processing unit and input module to automate and/or implement the abstract idea of authenticating an operation. As discussed above, taking the claim elements separately system comprising a smart card and a computing device, reader, processing unit and input module perform the steps of Claim 1. These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of authenticating an operation. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of system comprising a smart card and a computing device, reader, processing unit and input module to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible. Dependent claims further describe details to perform authentication of either a user, device or a transaction using specific inputs. The dependent claims recite additional elements such as “a client-side apparatus, a server-side apparatus, a data processing system comprising a processor and a non-transitional computer-readable storage medium”, however, they do not integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible. Claim Rejections - 35 USC § 102 -The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this country, more than one year prior to the date of application for patent in the United States. Claims 1-7 are rejected under 35 U.S.C. 102(b) as being unpatentable over Maritzen et al. (US 7,478,068 B2) Regarding Claim 1, Maritzen discloses in a system comprising a smart card and a computing device, a computer-implemented method of authenticating an operation using the smart card, the smart card suitable for being read by a reader adapted to read a plurality of information elements on the smart card, the plurality of information elements disposed on the smart card as user credentials for 5authenticating a like plurality of operations, each information element being associated with a respective security element of a given type, the method comprising: (Fig.1; Col. 2 lines 52-64), the method comprising: receiving, by a processing unit, via an input module (“input module 660”), an input (“biometric information, such as finger print recognition, from a user”) from a user related to the security element of the given type (Col. 3 lines 56-61, Col. 5 line 65-Col. 6 line 2, Col. 9 lines 44-46) attempting, by the processing unit, to validate the input for each of the respective security elements of the given type (Col. 9 line 26-Col. 10 line 2, “the biometric identifier data corresponds to unique information identifying each fingerprint belonging to a user. For example, the right index finger corresponds to the Visa account information under the secure data”, Col. 10 lines 22-67) receiving, by the processing unit, from the smart card, via a card reader, a given information element comprised by the smart card (“privacy card 205”) (Fig. 2; Col. 5 line 39- Col 6 line 26, Col. 10 lines 2-5) upon successful validation with one of the respective security elements of the given type, authenticating, by the processing unit, the operation using the information element for the one of the plural operations with which said one of the respective security elements is associated. (Col. 9 line 26-Col. 10 line 7, Col. 10 lines 22-67) Regarding Claim 2, Maritzen discloses in which the operation is one of: authenticating a user, authenticating a device and authenticating a transaction (Col. 9 line 26-Col. 10 line 7) Regarding Claim 3, Maritzen discloses in which the input is one of: a personal identification number, a password, a biometric information element (Col. 9 line 44-46). Regard Claim 4, Maritzen discloses in which the attempting to validate is performed in one of a client-side apparatus and a server-side apparatus (Col. 6 lines 31-63). Regarding Claim 5, Maritzen discloses a data processing system comprising a processor adapted to perform the method of claim 1 (Col. 9 line 26-Col. 10 line 7) Regarding Claim 6, Maritzen discloses comprising respective information elements for authenticating respective ones of plural operations, each information element being associated with a respective security element of a given type (Col. 9 lines 63-65, Col. 10 lines 22-67) Regarding Claim 7, Maritzen discloses a non-transitional computer-readable storage medium storing a computer program comprising executable code which, when executed by a computer system, causes the computer system to perform the method of claim 5 (Fig. 1; Col. 9 lines 43-52). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZEHRA RAZA whose telephone number is (571)272-8128. The examiner can normally be reached 10AM-6:30PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached at (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ZEHRA RAZA/Examiner, Art Unit 3697 /JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3697