DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This action is in reply to the amendment and response to office action filed 01/19/2021.
Claims 4, 7, 12, 15 and 20 are canceled.
Claims 1-3, 5-6, 8-11, 13-14, 16-19 and 21-23 are currently pending and have been examined.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/30/2019 has been entered.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-3, 5-6, 8-11, 13-14, 16-19 and 21-23 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.

The claims have been evaluated for patent subject matter eligibility under 35 U.S.C. 101 using the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG).




Claims 1-3, 5-6 and 8:
Step 1
Claims 1-3, 5-6 and 8 are directed to a computer-implemented method (i.e. process). Therefore, these claims fall within the four statutory categories of invention.

Step 2A Prong One
Claim 1 recites (i.e., sets forth or describes) mentally computing data, an abstract idea. Specifically, but for the additional elements, Claim 1 under its broadest reasonable interpretation recites the following limitations grouped within the “mental processes” grouping of abstract ideas because the claim recites a process that deals with concepts performed in the human mind.
determining ... a score for the transaction based on the stored single data record and a historical authentication pattern, the determined score being indicative of whether the authentication request is within a predetermined-range of values
Accordingly, the claim recites an abstract idea. 

Step 2A Prong Two
Claim 1 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the additional elements “server internal to an enterprise environment”, “at least one access control server (ACS) external to the enterprise environment”, “history server in the enterprise environment”, “at least one access control server (ACS) internal to the enterprise environment”, “a second server internal to the enterprise environment”, “an instance of a database management system” and “a shared data storage device” merely serve as a tool to perform an abstract idea. And second, there is no improvement in the functioning of a computer, nor an improvement to other technology or technical field present in the specification nor claims. Some additional elements amount to mere data gathering, which is a form of insignificant extra-solution activity (e.g. "receiving … a first authentication message and a second authentication message associated with a transaction, the first authentication message and the second authentication message conforming to an authentication protocol", "storing the first authentication message and the second authentication message", "generating … an authentication token internal to the enterprise environment and a first enrollment message and a second enrollment message conforming to the authentication protocol", "storing … the first enrollment message and the second enrollment message generated", "combining … the first authentication message and the second authentication message associated with the transaction and stored … the first enrollment message and the second enrollment message associated with the transaction and stored … and payment authorization details of the transaction into a single data record" and "storing … the single data record").

Step 2B
The additional elements, taken individually and in combination, do not result in claim 1, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea and/or generally link the use of the judicial exception to a particular technological environment. Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. MPEP 2106.05(d)(II) indicates that “Receiving or transmitting data over a network”, “Electronic recordkeeping”, “Storing and retrieving information in memory” and “Creating output data” is a well-understood, routine, conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the additional elements amounting to mere data gathering are well-understood, routine, conventional activity is supported under Berkheimer Option 2. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 2-3, 5-6 and 8 further recite (i.e., set forth or describe) the abstract idea of mentally computing data. Each dependent claim as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. Further, the additional elements in each dependent claim, taken individually and in combination, do not result in each dependent claim, as a whole, amounting to significantly more than the judicial exception. Therefore, the dependent claims are also not patent eligible.

Claims 9-11, 13-14 and 16:
Step 1
Claims 9-11, 13-14 and 16 are directed to a computer-implemented system (i.e. machine). Therefore, these claims fall within the four statutory categories of invention.


Step 2A Prong One
Claim 9 recites (i.e., sets forth or describes) mentally computing data, an abstract idea. Specifically, but for the additional elements, Claim 9 under its broadest reasonable interpretation recites the following limitations grouped within the “mental processes” grouping of abstract ideas because the claim recites a process that deals with concepts performed in the human mind.
determining a score for the transaction based on the stored single data record and a historical authentication pattern, the determined score being indicative of whether the authentication request is within a predetermined-range of values
Accordingly, the claim recites an abstract idea. 

Step 2A Prong Two
Claim 9 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the additional elements “an enterprise environment”, “a server internal to an enterprise environment”, “at least one access control server (ACS) external to the enterprise environment”, “history server”, “at least one access control server (ACS) internal to the enterprise environment”, “a second server internal to the enterprise environment”, “an instance of a database management system” and “a shared data storage device” merely serve as a tool to perform an abstract idea. And second, there is no improvement in the functioning of a computer, nor an improvement to other technology or technical field present in the specification nor claims. Some additional elements amount to mere data gathering, which is a form of insignificant extra-solution activity (e.g. "receiving … a first authentication message and a second authentication message associated with a transaction, the first authentication message and the second authentication message conforming to an authentication protocol", "storing the first authentication message and the second authentication message received", "generating an authentication token internal to the enterprise environment and a first enrollment message and a second enrollment message conforming to the authentication protocol", "storing the first enrollment message and the second enrollment message generated", "combining … the first authentication message and the second authentication message associated with the transaction and stored … the first enrollment message and the second enrollment message associated with the transaction and stored … and payment authorization details of the transaction into a single data record" and "storing the single data record").

Step 2B
The additional elements, taken individually and in combination, do not result in claim 9, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea and/or generally link the use of the judicial exception to a particular technological environment. Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. MPEP 2106.05(d)(II) indicates that “Receiving or transmitting data over a network”, “Electronic recordkeeping”, “Storing and retrieving information in memory” and “Creating output data” is a well-understood, routine, conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the additional elements amounting to mere data gathering are well-understood, routine, conventional activity is supported under Berkheimer Option 2. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 10-11, 13-14 and 16 further recite (i.e., set forth or describe) the abstract idea of mentally computing data. Each dependent claim as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. Further, the additional elements in each dependent claim, taken individually and in combination, do not result in each dependent claim, as a whole, amounting to significantly more than the judicial exception. Therefore, the dependent claims are also not patent eligible.

Claims 17-19 and 21-23:
Step 1
Claims 17-19 and 21-23 are directed to a non-transitory computer-readable storage medium (i.e. manufacture). Therefore, these claims fall within the four statutory categories of invention.

Step 2A Prong One
Claim 17 recites (i.e., sets forth or describes) mentally computing data, an abstract idea. Specifically, but for the additional elements, Claim 17 under its broadest reasonable interpretation recites the following limitations grouped within the “mental processes” grouping of abstract ideas because the claim recites a process that deals with concepts performed in the human mind.
determinine a score for the transaction based on the stored single data record and a historical authentication pattern, the determined score being indicative of whether the authentication request is within a predetermined-range of values
Accordingly, the claim recites an abstract idea. 

Step 2A Prong Two
Claim 17 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the additional elements “a server internal to an enterprise environment”, “at least one access control server (ACS) external to the enterprise environment”, “a history server in the enterprise environment”, “at least one access control server (ACS) internal to the enterprise environment”, “a second server internal to the enterprise environment”, “an instance of a database management system” and “a data storage device” merely serve as a tool to perform an abstract idea. And second, there is no improvement in the functioning of a computer, nor an improvement to other technology or technical field present in the specification nor claims. Some additional elements amount to mere data gathering, which is a form of insignificant extra-solution activity (e.g. "to receive … a first authentication message and a second authentication message associated with a transaction, the first authentication message and the second authentication message conforming to an authentication protocol", "to store the first authentication message and the second authentication message ", "to generate an authentication token internal to the enterprise environment and a first enrollment message and a second enrollment message conforming to the authentication protocol", "to store the first enrollment message and the second enrollment message generated", "combine the first authentication message and the second authentication message associated with the transaction and stored … the first enrollment message and the second enrollment message being associated with the transaction and stored … and payment authorization details of the transaction into a single data record" and "store the single data record").

Step 2B
The additional elements, taken individually and in combination, do not result in claim 17, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea and/or generally link the use of the judicial exception to a particular technological environment. Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. MPEP 2106.05(d)(II) indicates that “Receiving or transmitting data over a network”, “Electronic recordkeeping”, “Storing and retrieving information in memory” and “Creating output data” is a well-understood, routine, conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the additional elements amounting to mere data gathering are well-understood, routine, conventional activity is supported under Berkheimer Option 2. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 18-19 and 21-23 further recite (i.e., set forth or describe) the abstract idea of mentally computing data. Each dependent claim as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. Further, the additional elements in each dependent claim, taken individually and in combination, do not result in each dependent claim, as a whole, amounting to significantly more than the judicial exception. Therefore, the dependent claims are also not patent eligible.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a): 

(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:

The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 2, 10 and 18 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention. 

New Matter
Claims 2, 10 and 18 recite “determining, by the instance of a database management system, that the first enrollment message and the second enrollment message are associated with the transaction to which the first authentication message and the second authentication message are associated based on an indication of a source of the first enrollment message and the second enrollment message”. The PGPub discloses that the database management system, with respect to the PAReq, PARes, VEReq and VERes, may perform functions of either processed, combined, or aggregated for inclusion in a data warehouse, storage facility, device, or system (see para 56). However, the PGPub is silent with respect to the database management system determining that the first enrollment message and the second enrollment message are associated with the transaction to which the first authentication message and the second authentication message are associated based on an indication of a source of the first enrollment message and the second enrollment message. New matter is added.

The following is a quotation of 35 U.S.C. 112(b): 

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards his invention.

Claims 9-11, 13-14, 16-19 and 21-23 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Unclear Scope
Claim 9 recites "A system comprising: an enterprise environment comprising: a server internal to an enterprise environment …”. However, it is unclear whether these two recitations of “an enterprise environment” are the same or different. See In re Zletz, 893 F.2d 319, 13USPQ2d 1320 (Fed. Cir. 1989) and MPEP 2173.02 (III)(B) which states “Examiners should bear in mind that "[a]n essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed, as much as possible, during the administrative process.”
Claim 11 is directed to a system comprising claimed structure of an enterprise environment. However, the claim recites limitations directed to “at least one of an application, a service, or a communication channel external to the enterprise environment” (e.g. “wherein the first authentication message and the second authentication message associated with the transaction are generated by at least one of an application, a service, or a communication channel external to the enterprise environment”). As such, it is unclear whether the claims are solely directed towards the enterprise environment, or a combination of the enterprise environment with the at least one of an application, a service, or a communication channel external to the enterprise environment. Therefore, the scope is unclear. See In re Zletz, 893 F.2d 319, 13USPQ2d 1320 (Fed. Cir. 1989) and MPEP 2173.02 (III)(B) which states “Examiners should bear in mind that "[a]n essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed, as much as possible, during the administrative process.”
Claim 17 is directed to a medium storing program instructions that when executed by a processor. However, the claim also recites limitations directed to a server internal to an enterprise environment (e.g. “a server internal to an enterprise environment to receive …”), a history server in the enterprise environment (e.g. “a history server in the enterprise environment to store …”), at least one access control server (ACS) internal to the enterprise environment (e.g. “at least one access control server (ACS) internal to the enterprise environment to generate …”), a second server internal to the enterprise environment (e.g. “a second server internal to the enterprise environment to store …”), and an instance of a database management system (e.g. “an instance of a database management system to combine ... store ... determine ...”). As such, it is unclear whether the claims are solely directed towards the medium storing program instructions that when executed by a processor, or a combination of the medium storing program instructions that when executed by a processor with the a server internal to an enterprise environment, a history server in the enterprise environment, at least one access control server (ACS) internal to the enterprise environment, a second server internal to the enterprise environment, and an instance of a database management system. Therefore, the scope is unclear. See In re Zletz, 893 F.2d 319, 13USPQ2d 1320 (Fed. Cir. 1989) and MPEP 2173.02 (III)(B) which states “Examiners should bear in mind that "[a]n essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed, as much as possible, during the administrative process.”
Claim 19 is directed to a medium storing program instructions that when executed by a processor. However, the claim recites limitations directed to “at least one of an application, a service, or a communication channel external to the enterprise environment” (e.g. “wherein the first authentication message and the second authentication message associated with the transaction are generated by at least one of an application, a service, or a communication channel external to the enterprise environment”). As such, it is unclear whether the claims are solely directed towards the medium storing program instructions that when executed by a processor, or a combination of the medium storing program instructions that when executed by a processor with the at least one of an application, a service, or a communication channel external to the enterprise environment. Therefore, the scope is unclear. See In re Zletz, 893 F.2d 319, 13USPQ2d 1320 (Fed. Cir. 1989) and MPEP 2173.02 (III)(B) which states “Examiners should bear in mind that "[a]n essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed, as much as possible, during the administrative process.”
Claims 10-11, 13-14, 16, 18-19 and 21-23 are also rejected as they depend from either claims 9 or 17.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ari Shahabi whose telephone number is (571)272-2565.  The examiner can normally be reached on M-F: 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on 571-272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/Ari Shahabi/Examiner, Art Unit 3685 

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685