DETAILED ACTION
Notice of Pre-AIA or AIA Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
2. Claim 4 is objected to because of the following informalities:
Claim recites “… image databy matching…” wherein underlined words should be written separately “…image data by matching…”.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
3. The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
4. Claims 1-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Lack of Antecedent Basis
5. Claim 1 recites the limitations “said user” in paragraph starting with “performing…” and “the original party” in paragraph starting with “comparing…”. There is insufficient antecedent basis for these limitations in the claim.
6. Claims 2-9 are rejected under the same rationale as claim 1 because claims 2-9 inherit the deficiencies of claim 1 due to their dependency.
Claim Rejections - 35 USC §101
7. 35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
8. Claims 1-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
9. In the instant case, claims 1, 10, and 15 are directed to “methods and a system for securing commercial transactions”.
10. Claim 1 recites “creating a verified customer account for secure commercial transactions”. Specifically, claim recites “creating … a customer account associated with a customer using an account creation procedure comprising at least: receiving information related to said customer in a basic account creation step … capturing a captured … data of said customer during a … step, and comparing said government ID image data and said captured … data to verify a match related to said customer, and creating a verification algorithm representing a verification of said customer using…; creating a verification token … for a transaction associated with said customer using a pre-transaction identity verification procedure comprising at least: initiating a transaction, having a transaction data package … capturing an updated version of said captured … data …, performing a liveliness detection step to verify that said user is physically present; comparing … said captured … data to said verification algorithm to verify the original party is conducting said transaction, and providing the verification token provided said captured … data and said verification algorithm are verified”. Subject matter grouped under “Certain methods of organizing human activity” (e.g., commercial or legal interactions) and an abstract idea in prong one of step 2A (MPEP 2106.04(a)).
11. This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A (MPEP 2106.04 II), the additional elements of claim 1 such as “a commercial transaction system”, “a customer device”, “a sales system server”, “capturing a government ID image data in an ID scanning”, “biometric”, “a facial scanning”, and “said commercial transaction system” represent the use of a computer as a tool to perform an abstract idea and/or does no more than generally link the abstract idea to a particular field of use. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to (i.e., automate) the acts of creating a verified customer account for secure commercial transactions.
12. When analyzed under step 2B (MPEP 2106.04 II), the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception itself. Viewed as a whole, the combination of elements recited in the claim merely describes the concept of creating a verified customer account for secure commercial transactions using computer technology. Therefore, as the use of these additional elements do no more than employ a computer as a tool to automate and/or implement the abstract idea, they cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)).
13. Hence, claim 1 is not patent eligible.
14. Claim 10 recites “evaluating a commercial transaction whether it should be approved”. Specifically, claim recites “detecting … a trigger condition indicative of a high-risk or regulated transaction initiated by a user holding a previously created account; prompting … said user to perform a pre-transaction identity verification including …scan; comparing … scan to a stored … profile of said user created during an account creation procedure; and proceeding with a transaction approval process only if said stored … profile matches said … scan above a predetermined confidence threshold”. Subject matter grouped under “Mental processes” (e.g., evaluation) and an abstract idea in prong one of step 2A (MPEP 2106.04(a)).
15. This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A (MPEP 2106.04 II), the additional elements of claim 10 such as “a commercial transaction system”, “a sales system server”, “a customer device”, “a live facial scan”, and “biometric” represent the use of a computer as a tool to perform an abstract idea and/or does no more than generally link the abstract idea to a particular field of use. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to (i.e., automate) the acts of evaluating a commercial transaction whether it should be approved.
16. When analyzed under step 2B (MPEP 2106.04 II), the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception itself. Viewed as a whole, the combination of elements recited in the claim merely describes the concept of evaluating a commercial transaction whether it should be approved using computer technology. Therefore, as the use of these additional elements do no more than employ a computer as a tool to automate and/or implement the abstract idea, they cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)).
17. Hence, claim 10 is not patent eligible.
18. Claim 15 also recites “evaluating a commercial transaction whether it should be approved”. Specifically, claim recites “… adapted to capture a … image and transmit said …image …; … storing … profile of said user in an identity verification …, said … profile having been generated during an account creation procedure; and wherein… compares a newly captured … image to said … profile upon detecting an attempted transaction, and authorizes said attempted transaction only if said newly captured …image matches said … profile”. Subject matter grouped under “Mental processes” (e.g., evaluation) and an abstract idea in prong one of step 2A (MPEP 2106.04(a)).
19. This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A (MPEP 2106.04 II), the additional elements of claim 15 such as “a commercial transaction system”, “a customer device”, “a device application”, “capture user's facial image”, “a sales system server”, “a biometric”, and “an identity verification database” represent the use of a computer as a tool to perform an abstract idea and/or does no more than generally link the abstract idea to a particular field of use. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to (i.e., automate) the acts of evaluating a commercial transaction whether it should be approved.
20. When analyzed under step 2B (MPEP 2106.04 II), the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception itself. Viewed as a whole, the combination of elements recited in the claim merely describes the concept of evaluating a commercial transaction whether it should be approved using computer technology. Therefore, as the use of these additional elements do no more than employ a computer as a tool to automate and/or implement the abstract idea, they cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)).
21. Hence, claim 15 is not patent eligible.
22. The following dependent claims recent additional elements not addressed above:
claim 3 recites “a camera on said customer device”;
claim 4 recites “a government or third-party database”;
claim 5 recites “a repeated facial scan”;
claim 6 recites “a new facial scan”;
claim 8 recites “an encryption key”, “a key server”, and “a payment clearing system”;
claim 14 recites “a payment clearing system”;
claim 16 recites “a key server” and “an encryption key”;
claim 17 recites “a liveliness detection module” and “a static photograph or video replay”; and
claim 18 “a fraud detection module”.
When considered individually, and as a whole, each of these additional elements amount to merely "apply it", as they are merely applying the abstract idea to the technical environment of the camera on said customer device, the government or third-party database, the repeated facial scan, the new facial scan, the encryption key, the key server, the payment clearing system, the liveliness detection module, the static photograph or video replay, and the fraud detection module.
Dependent claims 2-9, 11-14, and 16-18 merely expand upon the abstract ideas of the independent claims, and are therefore rejected under the same rationale as claims 1, 10, and 15 respectively.
Conclusion of 35 USC §101
23. The claims as a whole do not amount to significantly more than the abstract idea itself. This is because the claims do not effect an improvement to another technology or technical field; the claims do not amount to an improvement to the functioning of a computer system itself; and the claims do not move beyond a general link of the use of an abstract idea to a particular technological environment.
24. Accordingly, there are no meaningful limitations in the claims that transform the judicial exception into a patent eligible application such that the claims amount to significantly more than the judicial exception itself.
Claim Rejections - 35 USC § 102
25. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
26. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
27. Claims 10, 11, and 13 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by
US11138594B2 to Tibor
28. As per claims 10:
Tibor discloses the following limitations:
A method of use method of securing commercial transactions in a commercial transaction system, said method comprising (Col.1, lines 34-40; discloses a biometric based electronic transaction verification system for securing commercial point-of-sale transactions)
detecting, by a sales system server, a trigger condition indicative of a high-risk or regulated transaction initiated by a user holding a previously created account (Col.5, lines 36-39, 55-58; col.19, lines 48-52; discloses a sales system server (the central processing system) that detects trigger conditions indicative of high-risk/regulated transactions for an existing enrolled account and account condition flags such as “exceeding credit limit”, “unpaid balance”, and “insufficient funds”)
prompting, at a customer device, said user to perform a pre-transaction identity verification including a live facial scan (Col/line 8/66-9/1; col.10, lines 32-36; col.22, lines 44-45; discloses prompting the customer at the customer’s device for a live facial scan as part of pre-transaction identity verification)
comparing, by said sales system server, said live facial scan to a stored biometric profile of said user created during an account creation procedure (Col.8, lines 38-43; col.22, lines 13-16; discloses the sales system server comparing a live biometric captured at transaction time to a stored biometric profile (template) created during the account enrollment procedure)
proceeding with a transaction approval process only if said stored biometric profile matches said live facial scan above a predetermined confidence threshold (Col.15, lines 50-57; col.22, lines 13-20; discloses proceeding with the transaction approval process only upon a positive biometric match against the stored profile)
29. As per claim 11:
Tibor discloses the following limitations:
The method of securing commercial transactions of claim 10, wherein said trigger condition comprises detection of at least one anomaly selected from the group consisting of unusual geographic location, excessive transaction frequency, or an abnormally large transaction amount (Col.5, lines 36-39, 55-58; col.6, lines 10-14; col.19, lines 48-52; discloses the three types of anomaly triggers: excessive transaction frequency (access exceeds the allowable amount), unusual geographic location (location of transactions tracked per account), and abnormally large amount (exceeding credit limit))
30. As per claim 13:
Tibor discloses the following limitations:
The method of securing commercial transactions of claim 10, wherein said transaction approval process includes retrieving a newly generated verification token from said sales system server and embedding said verification token in a payment request to confirm that said user was successfully verified (Col.22, lines 18-21, 57-58, 65-67; discloses retrieving a newly generated transaction/verification token from the sales system server following biometric verification and transmitting that token in the payment request to the transaction facilitating entity)
Claim Rejections - 35 USC § 103
31. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
32. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
33. Claims 1-4, 6, 9, 12, 15, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over US11138594B2 to Tibor in view of US8818052B2 to Hoyos et al.
34. As per claim 1:
Tibor discloses the following limitations:
A method of securing commercial transactions in a commercial transaction system, said method comprising (Col.1, lines 34-40; discloses a biometric-based electronic transaction verification system for securing commercial transactions at the point of sale)
creating, using a customer device and a sales system server, a customer account associated with a customer using an account creation procedure comprising at least (Col.8, lines 51-54; col.16, lines 26-29; discloses an account creation/enrollment procedure performed using a customer device (verification unit) and a central (sales system) server that creates an account/record for the customer)
receiving information related to said customer in a basic account creation step (Col.16, lines 29-32, 39-40; discloses a basic account creation step in which customer information (name, ID number, date of birth, address) is received and transmitted to the central processor)
capturing a government ID image data in an ID scanning step (Col.12, lines 41-48; col.15, lines 8-12; discloses capturing government ID image data by scanning a driver’s license with a dedicated license scanner)
capturing a captured biometric data of said customer during a facial scanning step (Col.9, lines 60-61; col.16, lines 35-38; col.22, lines 44-45; discloses capturing biometric data of a customer during a facial scanning step via a biometric scanner configured to scan the user’s face)
comparing said government ID image data and said captured biometric data to verify a match related to said customer (Col/line 4/65-5/2; col.12, lines 48-52; discloses comparing biometric data captured from the customer to biometric data obtained from a scanned government ID (driver’s license) to verify a match)
creating a verification algorithm representing a verification of said customer using said commercial transaction system (Col.2, lines 29-32; col.15, lines 43-45; discloses creating a verification algorithm/template (biometric template) that represents the verified customer and is used by the commercial transaction system for later comparison)
creating a verification token, using said customer device and said sales system server, for a transaction associated with said customer using a pre-transaction identity verification procedure comprising at least (Col.22, lines 18-21, 57-58, 65-67; discloses creating/transmitting a transaction (verification) token for a transaction following pre-transaction biometric identity verification using a customer device and a sales system server)
initiating a transaction, having a transaction data package, using said customer device (Col.8, lines 62-65; col.10, lines 32-36, col.22, lines 55-56; discloses initiating a transaction having a transaction data package (encoded transaction-token information) using the customer’s device)
capturing an updated version of said captured biometric data using said customer device (Col.8, lines 38-43; col/line 8/66-9/1; discloses capturing an updated biometric at the time the transaction token is tendered using the customer’s device)
comparing, by said sales system server, said captured biometric data to said verification algorithm to verify the original party is conducting said transaction (Col.8, lines 38-43; col.22, lines 14-17; discloses the sales system server (central processor) comparing the captured biometric data to the stored biometric template/algorithm to verify the original party is conducting the transaction)
providing the verification token provided said captured biometric data and said verification algorithm are verified (Col.22, lines 18-21, 65-67; discloses providing the verification/transaction token the transaction facilitating entity only after the captured biometric data has been verified against the stored biometric template (verification algorithm))
Tibor does not explicitly disclose, however, Hoyos et al., as shown, teaches the following limitations:
performing a liveliness detection step to verify that said user is physically present (Col.3, lines 10-13, 23-25; col.7, lines 61-63; discloses performing a liveliness detection step during transaction authorization to verify the user is physically present)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a method of authenticating financial transactions comprising acquiring biometric data from a person, calculating probability of liveness of the person and probability of a match between the person and known biometric information of Hoyos et al. (‘052, col.3, lines 54-58) with teaching of Tibor for credit approval and fraud protection at the point-of-sale for a transaction wherein biometric information is used to verify the identity of a person presenting a token for payment as an authorized user (‘594, col.1, lines 36-39) for determining whether a person is physically present during the transaction and providing an authorization decision based on combination of probability of liveness and probability of match in order to authorizes the transaction (‘052, col.3, lines 10-13; col.7, lines 61-63).
35. As per claim 2:
Tibor discloses the following limitations:
The method of securing commercial transactions of claim 1, further comprising storing user demographic data, name, address, or payment preferences in the customer account of said user, ensuring compliance with know-your-customer (KYC) regulations (Col.8, lines 54-59; col.16, lines 29-32, 39-42; discloses storing user demographic data (name, ID number, date of birth, address) together with transaction token (payment information) in the customer’s record in a verification system; name, address, and government ID for enrollment constitutes with KYC.)
36. As per claim 4:
Tibor discloses the following limitations:
The method of securing commercial transactions of claim 1, further comprising
verifying authenticity of said government ID image [data by] matching data from said identification document against a government or third-party database before storing said biometric profile (Col.12, lines 54-57; col.4, lines 12-15; discloses verifying the captured government ID image data by matching is against a government (DMV) or third-party licensed database before storing the associated biometric profile)
37. As per claim 6:
Tibor discloses the following limitations:
The method of securing commercial transactions of claim 1, further comprising detecting a request to initiate a transaction from said user and comparing a new facial scan against said stored biometric profile to confirm user identity prior to payment approval (Col.8, lines 38-43; col.10, lines 32-36; discloses detecting a transaction initiating event, capturing a new facial biometric, comparing it against the stored biometric profile, and using the comparison result to approve or deny the payment)
38. As per claim 9:
Tibor discloses the following limitations:
The method of securing commercial transactions of claim 1, further comprising logging an account creation timestamp, user location, and verification details in a transaction log to maintain a regulatory audit trail (Col.6, lines 6-8, 10-14; col.17, lines 2-6; col.19, lines 64-66; discloses logging account creation/enrollment events, per transaction records including transaction location and user/customer identifiers, and producing reports from those logs for merchant/regulators)
39. As per claim 12:
Tibor does not explicitly disclose, however, Hoyos et al., as shown, teaches the following limitations:
The method of securing commercial transactions of claim 10, further comprising a liveliness detection step wherein said customer device captures multiple frames of said user's face, verifying motion or blinking before transmitting said live facial scan for comparison (Col.3, lines 10-13; col.6, lines 61-67; col.7, lines 1-2; discloses a liveliness detection step in which the customer device captures multiple frames of the user’s face and verifies motion/change before concluding the biometric data is live and before authorizing the transaction)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a method of authenticating financial transactions comprising acquiring biometric data from a person, calculating probability of liveness of the person and probability of a match between the person and known biometric information of Hoyos et al. (‘052, col.3, lines 54-58) with teaching of Tibor for credit approval and fraud protection at the point-of-sale for a transaction wherein biometric information is used to verify the identity of a person presenting a token for payment as an authorized user (‘594, col.1, lines 36-39) for determining whether a person is physically present during the transaction and providing the recorded image of the person and verifies change before concluding the biometric data is live and before authorizing the transaction (‘052, col.3, lines 10-13; col.6, lines 61-67).
40. As per claim 15:
Tibor discloses the following limitations:
A commercial transaction system configured to implement a method of securing commercial transactions for pre-transaction identity verification, the system comprising (Col.1, lines 35-40; discloses a biometric based electronic transaction verification system for securing commercial POS transactions)
said sales system server storing a biometric profile of said user in an identity verification database, said biometric profile having been generated during an account creation procedure (Col.2, lines 29-32, col.8, lines 51-54; discloses storing the user’s biometric template in an identity verification database, generated during the account enrollment procedure, at the central processing system)
wherein said sales system server compares a newly captured facial image to said biometric profile upon detecting an attempted transaction, and authorizes said attempted transaction only if said newly captured facial image matches said biometric profile (Col.8, lines 38-43; col.22, lines 13-16; discloses the sales system server comparing a newly captured biometric to the stored biometric profile on transaction initiation and authorizing only on match)
Tibor does not explicitly disclose, however, Hoyos et al., as shown, teaches the following limitations:
a customer device having a device application adapted to capture a user's facial image and transmit said facial image to a sales system server (Col.2, lines 31-32; col.4, lines 1-3; discloses a customer device with a camera capturing the user’s facial biometric)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a method of authenticating financial transactions comprising acquiring biometric data from a person, calculating probability of liveness of the person and probability of a match between the person and known biometric information of Hoyos et al. (‘052, col.3, lines 54-58) with teaching of Tibor for credit approval and fraud protection at the point-of-sale for a transaction wherein biometric information is used to verify the identity of a person presenting a token for payment as an authorized user (‘594, col.1, lines 36-39) for providing a camera capturing the user’s facial biometric on a customer device (‘052, col.4, lines 1-3).
41. As per claim 17:
Tibor does not explicitly disclose, however, Hoyos et al., as shown, teaches the following limitations:
The commercial transaction system of claim 15, wherein said customer device includes a liveliness detection module configured to prompt the user for minimal movements, said module analyzing captured image frames to ensure said user is not presenting a static photograph or video replay (Col.3, lines 10-13; col.6, lines 61-67; col.7, lines 1-2; discloses a liveliness detection module that captures multiple image frames, analyzes pupil dilation and/or cornea reflection changes between frames, and rejects static photographs that do not respond to the stimulus)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a method of authenticating financial transactions comprising acquiring biometric data from a person, calculating probability of liveness of the person and probability of a match between the person and known biometric information of Hoyos et al. (‘052, col.3, lines 54-58) with teaching of Tibor for credit approval and fraud protection at the point-of-sale for a transaction wherein biometric information is used to verify the identity of a person presenting a token for payment as an authorized user (‘594, col.1, lines 36-39) for determining whether a person is physically present during the authentication by calculating of probability of liveness based on difference between the two images recorded (‘052, col.3, lines 10-13; col.7, lines 1-2).
42. As per claim 18:
Tibor discloses the following limitations:
The commercial transaction system of claim 15, further comprising a fraud detection module in said sales system server configured to track transaction velocity, location anomalies, or repeated failed login attempts, and to trigger said pre-transaction identity verification if suspicious activity is detected (Col.5, lines 36-39; col.6, lines 10-12; col.19, lines 48-52; discloses a server fraud detection module tracking transaction velocity (frequency of account access), location of transactions, and triggering action when frequency exceeds a pre-determined limit)
43. Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over US11138594B2 to Tibor in view of US8818052B2 to Hoyos et al. and US9286507B2 to Shuster.
44. As per claim 3:
Neither Tibor, nor Hoyos et al. disclose, however, Shuster, as shown, teaches the following limitations:
The method of securing commercial transactions of claim 1, wherein said capturing step includes using a camera on said customer device to scan said government ID image data in the ID scanning step, and simultaneously capturing the captured biometric data of said customer in the facial scanning step (Col.5, lines 19-24, 58-59; discloses a single camera (the webcam on the customer’s client device) simultaneously captures the user’s face and the user’s state issued identification card in one posed image)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a method of authenticating financial transactions comprising acquiring biometric data from a person, calculating probability of liveness of the person and probability of a match between the person and known biometric information of Hoyos et al. (‘052, col.3, lines 54-58) and a method for utilizing one or more of face recognition technology, identification and credit card recognition technology of Shuster (‘507, col.1, lines 65-67) with teaching of Tibor for credit approval and fraud protection at the point-of-sale for a transaction wherein biometric information is used to verify the identity of a person presenting a token for payment as an authorized user (‘594, col.1, lines 36-39) for capturing with webcam user’s face and the state issued identification card simultaneously in order to authenticate the user (‘507, col.5, lines 19-24).
45. Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over US11138594B2 to Tibor in view of US8818052B2 to Hoyos et al. and US20160063235A1 to Tussy.
46. As per claim 5:
Neither Tibor, nor Hoyos et al. disclose, however, Tussy, as shown, teaches the following limitations:
The method of securing commercial transactions of claim 1, wherein said biometric profile is updated periodically to account for changes in a facial appearance of said customer, said updates including a repeated facial scan validated by said sales system server ([0023] discloses that the facial biometric profile is adapted over time to account for changing biometrics due to age, weight gain/loss, and other factors, [0105] discloses that each successive facial authentication attempt perfects and improves the stored enrollment profile, and [claim 7] discloses that each authentication attempt is validated on the authentication server, which holds the stored enrollment biometric profile)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a method of authenticating financial transactions comprising acquiring biometric data from a person, calculating probability of liveness of the person and probability of a match between the person and known biometric information of Hoyos et al. (‘052, col.3, lines 54-58) and a method for enrolling and authenticating a user in an authentication system via a user's a mobile computing device of Tussy (‘235, [0008]) with teaching of Tibor for credit approval and fraud protection at the point-of-sale for a transaction wherein biometric information is used to verify the identity of a person presenting a token for payment as an authorized user (‘594, col.1, lines 36-39) for taking into consideration changing biometrics due to age, weight gain/loss, environment, user experience, security level, or other factors, combining the data from the multiple authentication attempts to achieve more accurate facial biometric information, and comparing the authentication biometrics and the authentication movement information with the enrollment biometrics and expected movement information stored in the database with the user authentication information profile (‘235, [0023], [0105], [claim 7]).
47. Claims 7, 14, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over US11138594B2 to Tibor in view of US8818052B2 to Hoyos et al. and US20110078776A1 to Boyer et al.
48. As per claim 7:
Neither Tibor, nor Hoyos et al. disclose, however, Boyer et al., as shown, teaches the following limitations:
The method of securing commercial transactions of claim 6, further comprising splitting a payment credential associated with said user into a portion A stored on said customer device and a portion B stored on said sales system server, and reconstructing said payment credential only upon said confirmed user identity ([claim 38], [0058] discloses splitting a user/entity credential into a portion held by a first entity and a portion accessible to a second entity, reconstructing access to the full credential only in response to a first secret from a common secret and an entity specific string)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a method of authenticating financial transactions comprising acquiring biometric data from a person, calculating probability of liveness of the person and probability of a match between the person and known biometric information of Hoyos et al. (‘052, col.3, lines 54-58) and a method for allowing the secure and selective sharing of digital credentials among a plurality of separate entities of Boyer et al. (‘776, [0007]) with teaching of Tibor for credit approval and fraud protection at the point-of-sale for a transaction wherein biometric information is used to verify the identity of a person presenting a token for payment as an authorized user (‘594, col.1, lines 36-39) for generating using a common secret shared by the first entity and the second entity and using a first entity specific string retrievable by the second entity and providing the second entity with access rights to the portion of the credentials of the first entity that are shared with the second entity (‘776, [claim 38]).
49. As per claim 14:
Neither Tibor, nor Hoyos et al. disclose, however, Boyer et al., as shown, teaches the following limitations:
The method of securing commercial transactions of claim 10, further comprising enabling a split-credential method wherein said sales system server reassembles a payment credential only after validating said user's identity via said pre-transaction identity verification, then transmits an authorization request to a payment clearing system ([0013], [0017], [0058], [claim 38] discloses the split credential method: credentials (cryptographic keys and biometric template) are stored by a first entity (the customer device) and the cryptographic reassemble/reconstruction step: access to the full credential is granted only upon combining a common secret with a first entity specific string)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a method of authenticating financial transactions comprising acquiring biometric data from a person, calculating probability of liveness of the person and probability of a match between the person and known biometric information of Hoyos et al. (‘052, col.3, lines 54-58) and a method for allowing the secure and selective sharing of digital credentials among a plurality of separate entities of Boyer et al. (‘776, [0007]) with teaching of Tibor for credit approval and fraud protection at the point-of-sale for a transaction wherein biometric information is used to verify the identity of a person presenting a token for payment as an authorized user (‘594, col.1, lines 36-39) for granting said at least a second entity permission to share said at least a portion of said first entity credentials, combining at least one of a hash operation, a concatenation operation, an exclusive OR operation or a symmetric cryptographic operation, and accessing to the full credential is granted only upon combining a common secret with a first entity specific string (‘776, [0013], [0017], [claim 38]).
50. As per claim 16:
Neither Tibor, nor Hoyos et al. disclose, however, Boyer et al., as shown, teaches the following limitations:
The commercial transaction system of claim 15, further comprising a key server storing an encryption key, wherein said sales system server and said customer device employ a split-knowledge technique by dividing a payment credential into a portion A and a portion B, and reassembling said payment credential upon receiving an indication that said user's facial verification has succeeded ([0017], [0147], [claim 38] discloses a split knowledge credential architecture: a first entity (customer device) and a second entity (sales system server) each hold a portion of the credential, an encryption key (common secret) is stored in a hardware security module (key server), and the credential is reassembled via a cryptographic combination upon satisfaction of the access policy)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a method of authenticating financial transactions comprising acquiring biometric data from a person, calculating probability of liveness of the person and probability of a match between the person and known biometric information of Hoyos et al. (‘052, col.3, lines 54-58) and a method for allowing the secure and selective sharing of digital credentials among a plurality of separate entities of Boyer et al. (‘776, [0007]) with teaching of Tibor for credit approval and fraud protection at the point-of-sale for a transaction wherein biometric information is used to verify the identity of a person presenting a token for payment as an authorized user (‘594, col.1, lines 36-39) for combining at least one of a hash operation, a concatenation operation, an exclusive OR operation or a symmetric cryptographic operation, for storing common secret and/or the credential store inside a hardware security module and sharing a portion of the credentials of the first entity in response to a first secret that is generated using a common secret (‘776, [0017], [0147], [claim 38]).
51. Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over US11138594B2 to Tibor in view of US8818052B2 to Hoyos et al., US20110078776A1 to Boyer et al., and US11593797B2 to Sykora et al.
52. As per claim 8:
Neither Tibor, nor Hoyos et al. or Boyer et al. disclose, however, Sykora et al., as shown, teaches the following limitations:
The method of securing commercial transactions of claim 7, wherein said reconstructing step comprises retrieving an encryption key from a key server, decrypting said portion A and said portion B, and submitting a resulting combined credential to a payment clearing system (Col.4, lines 28-30; col.6, lines 21-27; col.7, lines 28-40; discloses that the following biometric verification, the customer device issues a key request to a secure circuit/server to retrieve/use the stored private key, the circuit unlocks and uses that key to cryptographically combine its device secret with the server registered public key to form a valid signed credential, and the combined credential is submitted to the payment system, which processes the payment request)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate a method of authenticating financial transactions comprising acquiring biometric data from a person, calculating probability of liveness of the person and probability of a match between the person and known biometric information of Hoyos et al. (‘052, col.3, lines 54-58), a method for allowing the secure and selective sharing of digital credentials among a plurality of separate entities of Boyer et al. (‘776, [0007]), and a computing device of a user that may authenticate with an entity via a digital signature generated by a secure circuit of Sykora et al. (‘797, col.3, lines 7-8) with teaching of Tibor for credit approval and fraud protection at the point-of-sale for a transaction wherein biometric information is used to verify the identity of a person presenting a token for payment as an authorized user (‘594, col.1, lines 36-39) for generating the key pair and return the public key of the pair, storing the key pair with usage criteria indicating that the private key cannot be used to generate a digital signature without first confirming biometric information received from biosensor, collecting biometric information from a biometric credential supplied by the user in order to determine that an authorized user is present and upon successfully confirming the biometric information generating the requested signature (‘797, col.6, lines 21-27; col.7, lines 28-40).
Conclusion
53. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US20190257033A1 – Cornick et al. – Discloses a method and system for verifying the identity of a user in an identity authentication and biometric verification system to initiate a financial transaction, wherein the method includes receiving in an identity verification system biometric data obtained from a user desiring to initiate a financial electronic transaction and obtaining stored biometric data associated with the user from memory.
US20210065165A1 – Wadhwa et al. – Discloses methods, systems and computer program products for securing one time passwords (OTP) for use in OTP based authorization of electronic payment transactions, wherein the invention involves transmission and display of an OTP at a user device.
54. Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMANULLA ABDULLAEV whose telephone number is (571)272-4367. The examiner can normally be reached Monday-Friday 9:30AM -4:30PM ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ryan D Donlon can be reached at 571-270-3602. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/AMANULLA ABDULLAEV/Examiner, Art Unit 3692
/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3697