DETAILED ACTION
Status of Claims
Applicant has amended claims 1, 5, 6 and 15.  No claims have been added or canceled.  Claims 3, 4, 8-14, 17 and 18 were canceled prior to previous office action. Thus, claims 1, 2, 5-7, 15, 16 and 19-21 remain pending in this application. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments and amendments filed on 26 February 2021 with respect to rejections of claims under 35 U.S.C. § 103 have been fully considered.  Amendments to claims have been entered.
Applicant's arguments filed with respect to claims regarding the 35 U.S.C. § 103 rejections have been fully considered but they are moot in view of new ground(s) of rejection. 
Additional Comments
If, in the opinion of the Applicant, a telephone conference would expedite the prosecution of the subject application, the Applicant is encouraged to contact the undersigned Examiner at the phone number listed below. 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1, 2, 5, 15, 16 and 19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
Note: Examiner points Applicant to the Federal Register notice titled 2014 Interim Eligibility Guidance (IEG) on Patent Subject Matter Eligibility (79 FR 74618) and the January 2019 Patent Subject Matter Eligibility Guidance.
Subject Matter Eligibility Standard 
When considering subject matter eligibility under 35 U.S.C. 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. If the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e. law of nature, natural phenomenon, and abstract idea), and if so, it must additionally be determined whether the claim is a patent-eligible application of the exception. If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself.  Examples of abstract ideas include fundamental economic practices; certain methods of organizing human activities; an idea itself; and mathematical relationships/ formulas. (Alice Corporation Pty. Ltd. v. CLS Bank International, et al. US Supreme Court, No. 13-298, June 19, 2014). 
Analysis
Step 1:
Is the claim(s) fall into a statutory category – i.e. process, machine, manufacture or composition of matter? 
In the instant case, claim 1 is directed to a method, which is one of the four statutory categories of invention.  The answer is YES.  
Step 2A - Prong One: 
Is the claim(s) directed to a judicially exception, such as a law of nature, a natural phenomenon or an abstract idea? 
The claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.  Claims 1, 2 and 5 are directed to payment authentication method which is a judicial exception a fundamental business practice of mitigating risk.
Claim 1 recites, in part, a method for performing the steps of:
obtaining “data” entered by a user;
comparing “data”;
determining a matches of the “data”; and
in response to and after determining a match:
determining that the user is an owner of the mobile terminal; 
obtaining “more data”;
comparing “more data”;
determining a match of data;
based on the match, determining that the authentication is complete.
which is a series of steps which describes the judicial exception of the fundamental business practice, a method of organizing human behavior, or mathematical relationship.
Limitations such as:
wherein the second biometric feature information is prestored biometric feature information used for user identity authentication; and
wherein a security level of the second execution environment is higher than a security level of the first execution environment;
are merely descriptions of data and do not impose any meaningful limit on the computer implementation of the abstract idea.
Step 2A - Prong Two: 
Are there additional elements that are integrated into a practical application of the judicial exception?
The additional elements are:
using biometric data;
storing data on mobile devices; 
receiving data on mobile devices; 
storing data on mobile devices; 
These additional elements are recited at a high level of generality and are recited as performing generic computer functions routinely used in computer applications.  Generic functions include obtaining, determining, storing, and using.  As such, mere instructions to implement an abstract idea on a generic computer do not provide an inventive concept and thus do not implement the abstract idea into a practical application. The answer is NO.
Step 2B:
Do the claims include additional elements that are sufficient to amount to significantly more than the judicial exception – i.e. Is there an inventive concept?
The claims do not amount to significantly more than the abstract idea because, as was described previously they amount to mere instructions to implement an abstract idea on a generic computer. Furthermore, the claims include no indication that they involve an ordered combination of steps that are enough to indicate that the claims include material that amounts to significantly more than the abstract idea. The dependent claims do not add any meaningful limitations that qualify as significantly more. The answer is NO.
Similar reasoning and rationale applies to the apparatus claim 15 also.
Conclusion
The claim as a whole, does not amount to significantly more than the abstract idea itself. This is because the claim does not affect an improvement to another technology or technical field; the claim does not amount to an improvement to the functioning of a computer itself; and the claim does not move beyond a general link of the use of an abstract idea to a particular technological environment.
Dependent claims 2 and 5 when analyzed as a whole are held to be patent ineligible under 35 U.S.C. 101 because the additional recited limitations fail to establish that the claims judicial exception (Step 2A- Prong One).  Nor are the claims directed to a practical application to a judicial exception (Step 2A- Prong Two).  
For instance, the features of claims 5 do not affect the abstract idea of the independent claim in that they do not add a technological solution to the fundamental business practice in the independent claim.
In claim 2, the features of a rich execution environment (REE) and a trusted execution environment (TEE) add technology but do not affect the method claim; REE and TEE, as claimed, are merely functionally descriptive language which do not indicate an improvement to another technology or technical field nor the functioning of the computer itself.
It is clear from above, that the additional recited limitations in the dependent claims only refine the abstract idea further. Further refinement of an abstract idea does not convert an abstract idea into something concrete. The claims as a whole, do not amount to significantly more than the abstract idea itself. This is because the claims do not affect an improvement to another technology or technical field; the claims do not amount to an improvement to the functioning of a computer system itself; and the claim do not move beyond a general link of the use of an abstract idea to a particular technological environment. Accordingly, the Examiner concludes that there are no meaningful limitations in the claims that transform the judicial exception into a patent eligible application such that the claims amount to significantly more than the judicial exception itself. (Step 2B) 
Note: The analysis above applies to all statutory categories of invention. As such, the presentment of claims 15, 16 and 19 otherwise styled as an apparatus, would be subject to the same analysis.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 5-7, 15, 16 and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over Kamal et al (US Pub. No. 2017/0061441 A1) in view of Giles (US Pub. No. 2015/0227937 A1).
Regarding claim 1, Kamal teaches systems, apparatus and methods for performing a secure user authentication process utilizing a consumer mobile device, such as a Smartphone, to authenticate a cardholder during a transaction such as a financial transaction [0013].  He teaches a secure cardholder authentication process includes a consumer mobile device receiving a request to authenticate a user from an entity in conjunction with a transaction [0013]. He teaches:
obtaining, by the mobile terminal, first biometric feature information entered by a user – see at least [0002], [0005] “stored biometric templates to authenticate the user”, [0015], [0018], [0028];
comparing, by the mobile terminal, the first biometric feature information with second biometric feature information in a first execution environment, wherein the second biometric feature information is prestored biometric feature information used for user identity authentication – see at least [0015], [0018] and [0028]
determining that the first biometric feature information matches the second biometric feature information – see at least [0015], [0022] and [0028]; and
in response to and after determining that the first biometric feature information matches the second biometric feature information:
determining that the user is an owner of the mobile terminal – see at least [0014]; and
(after matching biometrics) determining, by the mobile terminal, that the payment authentication is complete – see at least [0063].
Kamal teaches providing different security levels for authentication that may be used for a wide variety of different transactions [0062].  Kamal does not explicitly disclose:
obtaining, by the mobile terminal, third biometric feature information;
comparing, by the mobile terminal, the first biometric feature information with the third biometric feature information in a second execution environment different than the first execution environment, wherein a security level of the second execution environment is higher than a security level of the first execution environment, and wherein the third biometric feature information is prestored biometric feature information used for payment authentication;
determining that the first biometric feature information matches the third biometric feature information; and
in response to determining that the first biometric feature information matches the third biometric feature information, determining, by the mobile terminal, that the payment authentication is complete.
However, Giles teaches system, method and computer-readable storage medium to authenticate users using biometric data from randomly selected digits [0002].  He teaches a processor categorizing a security level based at least in part on the transaction amount (Applicant’s execution environment), and generates a requested sequence based on the security level [0009]. The requested sequence represents a sequence of biometric information requested from a customer. The network interface electronically transmits the requested sequence to the device, and receives a received biometric template sequence from received biometric template (Applicant’s third biometric feature) is captured biometric information from the customer. The customer is authenticated when the received biometric template sequence (Applicant’s first biometric feature) matches the requested sequence [Id.].  
Giles teaches creating a random sequence of biometric identification information that a customer will have to provide depending upon the security level [0097]. He teaches prompting a customer for a random sequence of fingerprints transactions when requiring higher levels of security [0097].  Examiner interprets a random sequence of fingerprints as being indicative of Applicant’s third biometric feature.
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kamal’s disclosure to include prompting a customer for random sequence of fingerprints as taught by Giles because it provides higher security for higher dollar amount transactions by requiring a higher level of authentication - Giles [0067].
Regarding claims 2 and 16, Kamal teaches the first execution environment as a rich execution environment (REE) and the second execution environment as a trusted execution environment (TEE) – [0015], [0022], [0035] [0044].
Regarding claims 5 and 19, Kamal teaches:
obtaining, by the mobile terminal, a first payment request entered by the user – see at least [0030] and [0032]; and
wherein after the determining, by the mobile terminal, that the payment authentication is complete – see at least [0030] and [0032], the method further comprises:
responding, by the mobile terminal, to the first payment request to perform payment – see at least [0030], [0032] and [0057]
Regarding claims 6 and 20, Khan teaches, after the determining, by the mobile terminal, that the payment authentication is complete:
generating, by the mobile terminal, a second payment request, wherein the second payment request is used to request a payment device of the mobile terminal to perform payment – see at least [0057];
encrypting, by the mobile terminal, the second payment request by using a preset key – see at least [0057]; and
requesting, by the mobile terminal, the payment device to perform a payment operation after requesting a secure element of the mobile terminal to complete decryption of the second payment request by using the preset key – see at least [0054] and [claim 10].
Regarding claims 7 and 21, Kamal teaches the mobile terminal completing the payment operation by using a near field communication NFC apparatus – [0026].
Claim 15 is an apparatus (i.e. a mobile terminal) performing method steps substantially similar to those of method claim 1.  Accordingly, the combination of Kamal and Giles teaches these limitations.  In addition, Khan teaches:
a communications bus, an input device, and at least one processor – see at least [0024] “a touch screen display 128 for displaying information and/or for receiving user input”, [0025], [0036], [0051] and [0053], [0054] “mobile application/browser”; and
wherein the communications bus is configured to implement connection and communication between the input device and the at least one processor – see at least [0024] “a touch screen display 128 for displaying information and/or for receiving user input”, [0025], [0036], [0051] and [0053], [0054] “mobile application/browser”, and
wherein the input device is configured to obtain first biometric feature information entered by a user – see at least [0028].
Conclusion
The prior art of record and not relied upon is considered pertinent to Applicant’s disclosure:
Chen et al:  “ADAPTIVE BIOMETRIC AND ENVIRONMENTAL AUTHENTICATION SYSTEM”, (US Pub. No. 2015/0310444A1).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD J BAIRD whose telephone number is (571)270-3330.  The examiner can normally be reached on 7 am to 3:30 pm M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at:
http://www.uspto.gov/interviewpractice.

https://www.uspto.gov/sites/default/files/documents/sb0439.pdf
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt II can be reached on 571-272-6709.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/EDWARD J BAIRD/Primary Examiner, Art Unit 3692