DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Arguments/Remarks (4/26/2021) amended claims 1, 7, 8 and 12-15 and added new claim 16.
Applicant summary of interview (held on 4/13/2021) is acknowledged.
Claims 1-3 and 6-16 are currently pending in this final office action.

Response to Arguments
Applicant’s arguments (4/26/2021) with respect to rejection of claims 1-3 and 6-15 over applied art have been fully considered but are not found persuasive.   As claims have been amended, the claim limitations are addressed below.  
With respect to rejection of claims 1-3 and 6-15 under 35 USC 101, applicant arguments (pgs 8 -10) have been considered and are not found persuasive. 
   Applicant argues claims are directed to more than an abstract idea - “payment authentication by analysis of gathered gesture and payment data.”…based on API functioning, sending/receiving encrypted data, comparing decrypted data to stored data (see, e.g., arguments on page 8)…
Response:  Applicant arguments are acknowledged. Examiner respectfully disagrees and notes that the claims recite an abstract idea -  performing payment authentication by analysis of gathered gesture and payment data, which can be grouped as certain methods of organizing human activity including mitigating risk.    Applicant arguments are directed to several limitations that recite detail as to the performance of the abstract idea which limitations are a part of the abstract idea - i.e., requesting collection of a PIN, processing received data, comparison (and/or matching) of received and/or stored data.  The recitation of multiple claim limitations that describe decryption, encryption, encoding, and decoding is recited functionally without specific technical or technological details on how, i.e., by what algorithm or on what basis/method, the computer component performs this.  These limitations, recited at a high level of generality (see e.g., specification paras 21, 29), generally apply the technology of encryption, decryption or encoding/decoding data and of themselves are considered abstract (see, e.g., Recognicorp, LLC v. Nintendo Co., 855 F.3d 1322, 1326 (Fed. Cir. 2017), …standard encoding and decoding considered an abstract concept long utilized to transmit information).    
    The sending of payment authentication response in response to a comparison merely recites an additional limitation that is the result of performance of the abstract idea.
Further, the computer/machine components recited in applicant arguments – camera, payment device - merely recite additional elements that are used to gather, receive and transmit data. Moreover, the API recited in applicant arguments (para 13 in specification) is an additional element recited at a high level of generality and is a type of software interface that  connects computers or pieces of software to each other (per Wikipedia).  Therefore, the claim recites an abstract idea (see additional arguments 
    The claimed process gathers image and payment data and makes various comparisons to authenticate a user and authorize a payment.  If there is an improvement, it is to the abstract idea of payment authentication and not to computers or technology for the reasons cited above. Examiner notes that it is important to keep in mind that an improvement in the judicial exception itself is not an improvement in technology. For example, in Trading Technologies Int'l v. IBG LLC, the court determined that the claim simply provided a trader with more information to facilitate market trades, which improved the business process of market trading but did not improve computers or technology (see October 2019 Update: Subject Matter Eligibility, page 13).  
   That claim 16 further describes the payment device as not having an integrated PIN pad merely adds further description of the additional element, the payment device. Lack of a PIN pad does not result in computer functionality or technical/technology improvement. There is no claimed technical solution to a technical problem.  Further, payment authentication is not a problem arising only in the realm of computer networks and here the authentication merely occurs over a computer system that is used to perform the abstract idea.  Thus, applicant arguments are not persuasive and rejection under 35 USC 101 is maintained. 



Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-3 and 6-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
        Claim 1 recites a system comprising a payment device and a computing system; claim 12 recites a method – both statutory categories of invention (Step 1: YES).
     Examiner has identified claim 1 as the claim that represents the claimed invention.
   Claim 1 recites a system for payment authentication, comprising
a)  a payment device comprising: 
   a1)       a camera to collect a video image of a moving gesture having a personal identification number (PIN) encoded therein; and 
  a2)      a payment interface to collect payment information; 
  a3)      a display to display text and images; and  
b)   a computing system coupled to the payment device and comprising: 
b1)      an application program interface (API) to:
           b1a) request from the camera collection of a PIN via the moving gesture;
           b1b) recognize the moving gesture and the PIN encoded therein using image processing;
b2)      a processing resource; and
b3)     a non-transitory machine-readable medium storing instructions executable by the processing resource to cause the computing system to:
c)             provide a prompt to a user via the display requesting the moving gesture having the PIN encoded therein;
d)            decode the moving gesture and the PIN;   
e)            receive, from the payment device, encrypted payment information, the decoded PIN, and data associated with the decoded moving gesture;
f)          decrypt the encrypted payment, the decoded PIN, and moving gesture data; 
g)          compare the decrypted payment information, the decrypted PIN,  and the decrypted moving gesture data to verified payment data, a verified PIN, and verified moving gesture data; 
h)         compare the decrypted payment information to the decrypted PIN and the moving gesture data; 
i)          send an encrypted payment authentication response to the payment device based on:
  i1)          the comparison of the decrypted payment information, the decrypted PIN, and the decrypted moving gesture data to the verified payment data, the verified PIN, and the verified gesture data; and 
  i2)           the comparison of the decrypted payment information to the decrypted PIN and the decrypted moving gesture data.   
   
    When considered collectively and under a broadest reasonable interpretation, the claim limitations, excluding the italicized limitations, recite a process of payment authentication that receives and analyzes gesture and payment data (through encryption/decryption and comparison to stored data) and outputs a result (a payment authentication response) of the analysis.  The abstract idea – performing payment authentication by analysis of gathered gesture and payment data -  can be grouped in certain methods of organizing human activity including mitigating risk (which is the actual authentication process itself), as the process undertaken involves commercial activity.  The addition of claim language that describes decryption, encryption, encoding and decoding is recited functionally without specific technical or technological details on how, i.e., by what algorithm or on what basis/method, the computer component performs this.  These limitations, recited at a high level of generality (see e.g., specification paras 21, 29), generally apply the technology of encryption, decryption or encoding/decoding data and of themselves – decryption, encryption, encoding , decoding - are considered abstract (see, e.g., Recognicorp, LLC v. Nintendo Co., 855 F.3d 1322, 1326 (Fed. Cir. 2017), …standard encoding and decoding considered an abstract concept long utilized to transmit information), and the recitations are a part of the abstract idea.  The recitation of generic computer components (payment device, processing resource) does not preclude the claim from reciting an abstract idea.  Thus, the claim 1 is directed to an abstract idea (Step 2A-Prong 1: YES).

Step 2A Prong 2
    Under step 2A, Prong 2, the additional elements individually and in combination fail to integrate the judicial exception (abstract idea) into a practical application.  
   The claim recites the additional elements – payment device (with display, payment interface and camera), computing system (API, processing resource, non-transitory machine readable medium) – that result in no more than simply applying the abstract idea using computer elements as tools to perform the abstract idea. The additional elements are recited at a high level of generality – i.e., a payment device (see e.g., specification paras 1, 11, 12, 15, 18, fig 1 (102) describing a camera used to collect an image, interface used to collect data; display used to show data; processing resource (paras 42, 43); API (para 13, a type of software interface that  connects computers or pieces of software to each other (per Wikipedia)); machine readable medium (memory, para 19).  Under a broadest reasonable interpretation the elements comprise a generic computing environment used as a tool to implement the claimed invention (MPEP 2106.05(f)), and further do not impose a meaningful limit on practicing the abstract idea.  
 
   Also under step 2A, Prong 2, the claim recites additional limitations-  
  -   (recited in claim limitations a1, a2, a3) …collect a video image of a moving gesture having a personal identification number (PIN) encoded therein; and…collect payment information;…display text and images   - recite gathering data and displaying data which are insignificant extra-solution activities (MPEP 2106.05(g)) and are not indicative of a practical application;
   - e)  receive…encrypted payment information, the decoded PIN, and data associated with the decoded moving gesture – which recites gathering data which is insignificant extra-solution activity (MPEP 2106.05(g)) and not indicative of a practical application;  
   -  g) send an encrypted payment authentication response…based on: i1) the comparison of the decrypted payment information and the decrypted moving gesture data to the verified payment and gesture data; and i2) the comparison of the decrypted payment information to the decrypted moving gesture data – is insignificant extra-solution activity as it recites the outputting of the results of an analysis, a post-solution activity (MPEP 2106.05(g)), which does not impose any meaningful limit on practicing the abstract idea. .   
    Therefore, the recitations of additional elements as presented above do not meaningfully apply the abstract idea and hence do not integrate the abstract idea into a practical application. Thus, the claim 1 is directed to an abstract idea (Step 2A-Prong 2: NO).

Step 2B
       Under step 2B, for similar reasons as recited above regarding a practical application, the claim 1 does not include additional elements that are sufficient to amount to significantly more than the judicial exception.  The additional elements as presented above are recited at a high level of generality in that it results in no more than simply applying the abstract idea using generic computer elements.  These additional elements when considered separately and as an ordered combination do not amount to significantly more than the abstract idea.  (Step 2B: NO)
   Under step 2B, for similar reasons as stated above, the additional elements –
  - (recited in claim limitations a1, a2, a3) …collect a video image of a moving gesture having a personal identification number (PIN) encoded therein; and…collect payment information;…display text and images   - recite gathering data and displaying data which are insignificant extra-solution activities (MPEP 2106.05(g)) and are not indicative of a practical application.
   - e) receive…encrypted payment information, the decoded PIN, and data associated with the decoded moving gesture – which recites gathering data which is insignificant extra-solution activity (MPEP 2106.05(g)) and not indicative of a practical application.  
   - i) send an encrypted payment authentication response…based on:  i1) the comparison of the decrypted payment information and the decrypted moving gesture data to the verified payment and gesture data; and i2) the comparison of the decrypted payment information to the decrypted moving gesture data
     The outputting of the results of an analysis, a post-solution activity  - when considered separately and in combination does not amount to significantly more than the abstract idea.  Court decisions cited in MPEP 2106.05 (d)(ll) and 2106.05(g) show activity that courts have found to be well understood, routine, conventional function when claimed in a merely generic manner or as insignificant extra-solution activity (as is the case here) (e.g., see Mayo,566 U.S. at 79, 101 USPQ2d at 1968; OIP Techs., Inc. v. Amazon.com, Inc., 788 F.3d1359, 1363, 115 USPQ2d 1090, 1092-93 (Fed. Cir. 2015) (presenting offers and gathering statistics amounted to mere data gathering); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network); Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015) (storing and retrieving information in memory).  Accordingly, a conclusion that these limitations are well understood, routine, conventional activity is supported under Berkheimer. (Step 2B: No)
   For these reasons, the claim is not patent eligible under 35 USC 101.  

    Dependent claim 2 (verifying information) further defines the abstract idea that is present in independent claim 1. Thus claim 2 corresponds to the abstract grouping of certain methods of organizing human activity and hence is abstract in nature for the reasons presented above. 
   Dependent claim 3 further defines the previously recited additional element a) that collects data associated with a moving gesture, which recites data gathering, insignificant extra-solution activity.  (MPEP 2106.05(g)) Claim 3 merely substitutes the moving gesture to read a sign language gesture – where the data received is associated with sign language as the moving gesture. Analysis as presented in claim 1 pertaining to insignificant extra-solution activity is applicable here. 
   Dependent claim 6 further defines the previously recited additional element a) payment device, for which previously applied arguments in claim 1 are applicable.  These dependent claims do not include any additional elements that integrate the abstract idea into a practical application or that are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.  Therefore, the claims 2, 3 and 6 are directed to an abstract idea.    
10.      Similar arguments as relates to claim 1 are applicable to independent non-transitory machine-readable medium claim 7 and method claim 12.  To the extent of the similarity of claim limitations, the claims are rejected on similar grounds as claim 1.  Examiner notes that claims 7 and 12 further include limitations reciting decoding image data, encrypting and decrypting data (payment and moving gesture data).  Similar arguments as presented for claim 1 are applicable here also.   Accordingly, these limitations do not impose any meaningful limit on practicing the abstract idea.    
Dependent claims 9 (decode image) and 10 (compare data to stored data) further define the abstract idea(s) present in independent claim 7. Thus claims 9 and 10 correspond to the abstract grouping of certain methods of organizing human activity and hence are abstract in nature for the reasons presented above.  
  Dependent claims 8 and 11 further define the previously recited additional element that receives an image of a custom moving gesture, which recites mere data gathering, insignificant extra-solution activity.  (MPEP 2106.05(g)) Claims 8 and 11 merely substitute the custom moving gesture to read a PIN spoken in sign language and a custom hand gesture - where the image received (i.e., data gathered) is as recited in claims 8 and 11.  Analysis as presented in claim 1 pertaining to insignificant extra-solution activity is applicable here. 
   The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or that are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. Therefore, the claims 8-11 are directed to an abstract idea. Thus, the claims 7-11 are not patent-eligible.
   Dependent claim 15 (further defining comparisons of data) further defines the abstract idea that is present in independent claim 12, while claims 13 and 14 recite additional elements that are extra-solution activity for which previous arguments under claim 1 are applicable and also recite additional elements as computer components (operating system and server) for which similar arguments under claim 1 are applicable.  
   Dependent claim 16 further describes the additional element – a payment device – and therefore arguments as relates to a payment device in claim 1 are applicable here.
   In summary, dependent claims do not include any additional elements that integrate the abstract idea into a practical application or that are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. Therefore, the claims 13-16 are directed to an abstract idea. Thus, the claims 12-16 are not patent-eligible.
   For the reasons cited above, claims 1-3 and 6-16 are not patent eligible under 35 USC 101.  















Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 2, 3 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Aidasani et al. (U.S. 2012/0330834) in view of Mason (U.S. 2015/0054748) and further in view of Makhotin et al. (U.S. 2015/0088756).
   Re claim 1: Aidasani shows a system for payment authentication, comprising: 
     a payment device comprising:
          a camera to collect a video image of a moving gesture [having a personal identification number (PIN) encoded therein]
(fig 1(102), paras 33, 34, showing a video camera to collect images where those images include capturing a gesture (para 53, where consumer presents identifying information to a camera where identifying information encompasses gesture); also see lines 2-9 of para 60);  para 47 and 49 ( describing gesture as comprising series of motions (moving)); and
          a payment interface to collect payment information 
(paras 35 (point of sale POS),  para 60 (lines 2-9, showing that at POS a consumer’s transaction instrument is also captured), fig 1(104));
          a display to display text and images (para 40); and 
      a computing system coupled to the payment device and comprising: 
an application program interface (API) to:
           request from the camera collection of a [PIN] via the moving gesture
(para 53, showing prompting user to enter identifying information where consumer presents identifying information to a camera where identifying information encompasses gesture); also see lines 2-9 of para 60); paras 47, 49 (describing gesture as comprising series of motions (moving));
   [recognize the moving gesture and the PIN encoded therein using image processing]…
          a processing resource and a non-transitory machine-readable medium storing instructions executable by the processing resource  (para 93, fig 1(106)) to cause the computing system to:
      provide a prompt to a user via the display requesting the moving gesture [having the PIN encoded therein] 
(para 53, showing prompting user to enter identifying information where consumer presents identifying information to a camera where identifying information encompasses gesture); also see lines 2-9 of para 60); paras 47, 49 (describing gesture as comprising series of motions (moving));
      [decode the moving gesture and the PIN]
          receive, from the payment device, [encrypted] payment information, [decoded PIN] and data associated with the [decoded] moving gesture 
(para 53 - (showing payment instrument and identifying information sent from POS (fig 1(104)), identifying information encompasses gesture and further see lines 2-9 of para 60 and para 47 and 49 ( describing gesture as comprising series of motions (moving)); 
 in addition to para 26 showing transmission of encrypted sensitive information (which includes account number) between a customer user and merchant and between a merchant and payment processor); 
     [decrypt the encrypted payment, the decoded PIN, and moving gesture data;]
            compare the [decrypted] payment information, [the decrypted PIN] and the [decrypted] moving gesture data to verified payment, a verified [PIN] and verified moving gesture data
   (para 53, lines 1-4 and 10-15, where consumer presents transaction instrument that is compared with saved information and also presents identifying information (gesture) where para 57 shows where received gesture data is compared to saved identifying information (gesture)); 
              compare the [decrypted] payment information to the [decrypted PIN] and the moving gesture data
(para 51, 55, comparing gesture data to transaction account data that is paired to the user’s likeness); 
             send an [encrypted] payment authentication response to the payment device based on the comparison of the [decrypted] payment information, [the decrypted PIN] and the [decrypted] moving gesture data to the verified payment data, the verified [PIN] and the verified gesture data;  and the comparison of the [decrypted] payment information to the [decrypted PIN] and the [decrypted] gesture data
 (paras 53, 54, based on comparison of received payment and gesture data, authentication response sent to payment device (104)).

   Regarding the following limitations which were included above in brackets  [  ]  for the sake of continuity but were not identified as being addressed by Aidasani) and references in the claim to the PIN being encoded in a gesture: 
     [a camera to collect a video image of ] a moving gesture having a personal identification number (PIN) encoded therein
     an application program interface (API) to:
           …recognize the moving gesture and the PIN encoded therein using image processing;
     (causing computer system to) decode the moving gesture and the PIN,
Aidasani does not expressly show the above recited limitations but Mason shows a moving gesture being collected that has a PIN encoded therein, recognizing (or decoding)  the moving gesture (and necessarily the PIN) (paras 13, 14, wherein a user signs a PIN through gestures in the air,  in conjunction with para 28 and lines 1-2 of para 29, where received motion is converted to signal for processing and transmission). 
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani that shows a process for authenticating a user through gesture and payment data, Mason, that provides additional functionality for users to process transactions quickly (Mason, para 6).     

   Aidasani, from above, shows the limitations as recited – e.g., receive payment and gesture data and compare each to stored data and send a payment authentication based on the comparison.  As regards the limitations that recite encrypting or  decrypting, Aidasani and Mason do not expressly show encrypting or decrypting the received and transmitted data -  i.e, the claim limitations that show encrypted gesture data and payment information, decrypting payment and gesture data or an encrypted payment authentication response (which were also recited within brackets [   ] above for the sake of continuity but were not addressed by the Aidasani reference) . 
    As relates to encrypted payment information and encrypted authentication response (i.e., sending and receiving encrypted information) per above recited steps, Makhotin shows encrypting payment information (that includes security information), decrypting said information in communications sent between entities in an authentication process (paras 12, lines 1-20, 89, showing encryption of payment and security information, decrypting of said information and sending of an encrypted response.)  
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani and Mason that shows a process for authenticating a user through gesture and payment data, Makhotin, that shows such a process with encrypted communications between entities of an authentication process in order to provide additional security.    
   Re claim 2:    Aidasani further shows instructions executable to verify the payment information and the moving gesture data based on the comparisons
 (para 53, lines 1-4 and 10-15, where consumer presents transaction instrument that is compared with saved information and also presents identifying information (gesture) where para 57 shows where received gesture data is compared to saved identifying information (gesture)). As relates to encrypted payment information and encrypted authentication response (i.e., sending and receiving encrypted information) per above recited steps, Makhotin shows encrypting payment information (that includes security information), decrypting said information in communications sent between entities in an authentication process (paras 12, lines 1-20, showing encryption of payment and security information, decrypting of said information and sending of an encrypted response.)  
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have further incorporated into Aidasani and Mason that  shows a process for authenticating a user through gesture and payment data, Makhotin, that shows such a process with encrypted communications between entities of an authentication process in order to provide additional security.     
    Re claim 3: Aidasani further shows wherein the moving gesture is a sign language gesture (para 46, showing moving gestures in form of words). 

   Re claim 16:  Mason further shows wherein the payment device does not have an integrated PIN pad (paras 5, 12, 13, showing using gesture for various functions, without use of device with keypad).
   It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani that shows a process for authenticating a user through gesture and payment data, Mason, that provides additional functionality for users to process transactions quickly through gesture (Mason, para 6).     
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Aidasani in view of Mason and further in view of Makhotin and further in view of Van (U.S. 2014/0100975).
  Re claim 6:  Aidasani in view of Mason and further in view of Makhotin shows the system of claim 1.
  Aidasani, Mason and Makhotin do not expressly show but Van shows wherein the payment device is Payment Card Industry Data Security Standard compliant (para 145 showing credit card details being masked is PCI-DSS compliant).    
     It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani, Mason and Makhotin that utilize a device to transmit credit card information, Van, that shows an industry standard for such activities, in order to provide a secure environment that protects information associated with a user of such a system.
Claims 7-15 are rejected under 35 U.S.C. 103 as being unpatentable over Aidasani and further in view of Mason and further in view of Makhotin and further in view of Avni et al. (U.S. 2014/0281945).                                                       
   Re claim 7:  Aidasani shows a non-transitory machine-readable medium storing instructions executable by a processing resource to cause a computing system to:
     request from a camera coupled to a payment device, collection of a personal
identification number [PIN] via a custom moving gesture
(para 53, showing prompting user to enter identifying information where consumer presents identifying information to a camera where identifying information encompasses gesture); also see lines 2-9 of para 60); paras 47, 49 (describing gesture as comprising series of motions (moving));

     provide a prompt to a user via a display requesting the [custom moving gesture having the PIN encoded therein]        
 (para 53, showing prompting user to enter identifying information where consumer presents identifying information to a camera where identifying information encompasses gesture); also see lines 2-9 of para 60); paras 47, 49 (describing gesture as comprising series of motions (moving));
 
     receive a video image of the custom moving gesture [having the PIN encoded therein] via the camera coupled to a payment device
(fig 1(102), paras 33, 34, showing a video camera to collect images where those images include capturing a gesture (para 53, where consumer presents identifying information to a camera where identifying information encompasses gesture; also see lines 2-9 of para 60);  para 47 and 49 ( describing gesture as comprising series of motions (moving));  
    receive payment information for a transaction via the payment device
(paras 35 (point of sale POS),  para 60 (lines 2-9, showing that at POS a consumer’s transaction instrument is also captured), fig 1(104));

   [decode the video image of the custom moving gesture and the PIN;
   encrypt the decoded video image and the payment information;
   decrypt the encrypted decoded video image and the encrypted payment information in
response to the decoded image and the payment information passing through an operating system;]

     verify the [decrypted] video image and the [decrypted] payment information, the verification comprising:
        match the [decrypted] video image and the [PIN] to an associated known video image of a custom moving gesture [having the PIN encoded therein];     
        match the [decrypted] payment information to known payment information; and 
        match the [decrypted] video image to the [decrypted] payment information
(para 53, lines 1-4 and 10-15, where consumer presents transaction instrument that is compared with saved information and also presents identifying information (gesture) where para 57 shows where received gesture data is compared to saved identifying information (gesture)  and para 51, 55, comparing gesture data to transaction account data that is paired to the user’s likeness); and 
    authenticate payment for the transaction based on the verified [decrypted] video image and the verified [decrypted] payment information 
(paras 53, 54, based on received payment and gesture data, authentication response sent to payment device (104)).

   Re the bracketed language  [  ] in the limitations above regarding PIN encoded in custom gesture, 
      request from a camera coupled to a payment device, collection of a personal
identification number [PIN] via a custom moving gesture
     provide a prompt to a user via a display requesting the [custom moving gesture having the PIN encoded therein]        
     receive a video image of the custom moving gesture [having the PIN encoded therein] via the camera coupled to a payment device,     
Aidasani does not expressly show but Mason shows a moving gesture being collected that has a PIN encoded therein, decoding the moving gesture (and necessarily the PIN) (paras 13, 14, wherein a user signs a PIN through gestures in the air,  in conjunction with para 28 and lines 1-2 of para 29, where received motion is converted to signal for processing and transmission). 
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani that shows a process for authenticating a user through gesture and payment data, Mason, that provides additional functionality for users to process transactions quickly (Mason, para 6).     

   Aidasani, from above, shows the limitation as recited – e.g., receive payment and gesture data and verify each based on known data and a payment authentication based on the verifying, but without specific encrypting and decrypting.  
   Aidasani and Mason do not expressly show the limitations from above, also in brackets [   ], 
     encrypt [the decoded video image] and the payment information;
     decrypt the encrypted [decoded video image] and the encrypted payment information in response to the decoded image and the payment information passing through an operating system. 
      As relates to encrypted payment information per above recited steps, Makhotin shows encrypting payment information (that includes security information) and decrypting said information in communications sent between entities in an authentication process (paras 12, lines 1-20, showing encryption of payment and security information and decrypting of said information.)  
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani and Mason that shows a process for authenticating a user through gesture and payment data, Makhotin, that shows such a process with encrypted communications between entities of an authentication process in order to provide additional security.      

   The combination of references does not expressly show decode the video image of the custom moving gesture and the PIN or decoding a received image.  Avni shows, regarding an authentication from a received image, decoding the image into data code and comparing it to data code in a database for authentication purposes (paras 37 and 40, showing encoding verification actions (e.g. gesture) in an image and subsequent decoding  to verify user identity).
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani, Mason and Makhotin that shows a process for authenticating a user through image and payment data, Avni, that shows a manner of encoding data used as a verification into an image that provides ability to decode the image in order to determine the identity of  a user.     
   Re claim 8: Aidasani in view of Mason and further in view of Makhotin and further in view of Avni shows the machine-readable medium of claim 7.     
    Mason further shows wherein the custom moving gesture having the PIUN encoded therein is a PIN spoken in sign language (para 13). 
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani that describes use of gesture for authentication purposes, Mason, that shows a gesture may provide an identifying piece of information that further provides predictable results enabling authentication of a user.    
   Re claim 9: Avni further shows wherein the instructions are further executed to decode the video image into data code (paras 37, 40).
   It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani, Mason and Makhotin that shows a process for authenticating a user through image and payment data, Avni, that shows a manner of encoding data used as a verification into an image that provides ability to decode the image in order to determine the identity of  a user.     
   Re claim 10:  Aidasani in view of Mason and further in view of Makhotin and further in view of Avni shows the non-transitory machine-readable medium of claim 9.  Avni further shows compare the data code to a database of known data code to verify the decrypted video image (paras 37, 40).
   It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani, Mason and Makhotin that shows a process for authenticating a user through image and payment data, Avni, that shows a manner of encoding data used as a verification into an image that provides ability to decode the image in order to verify the identity of  a user.     
   Re claim 11:  Aidasani further shows wherein the custom moving gesture is a custom hand gesture created by an owner of the payment information (paras 47, 49 (secret hand gesture to user)). 
   Re claim 12:  Aidasani shows a method for payment authentication, comprising:
     requesting from a camera coupled to a payment device, collection of a personal
identification number [PIN] via a custom moving gesture
(para 53, showing prompting user to enter identifying information where consumer presents identifying information to a camera where identifying information encompasses gesture); also see lines 2-9 of para 60); paras 47, 49 (describing gesture as comprising series of motions (moving));

     providing a prompt to a user via a display requesting the [custom moving gesture having the PIN encoded therein]        
 (para 53, showing prompting user to enter identifying information where consumer presents identifying information to a camera where identifying information encompasses gesture); also see lines 2-9 of para 60); paras 47, 49 (describing gesture as comprising series of motions (moving));

      receiving a video image of the custom moving gesture [having the PIN encoded therein] recorded via the camera coupled to a payment device and receiving payment information via the payment device
(fig 1(102), paras 33, 34, showing a video camera to collect images where those images include capturing a gesture (para 53, where consumer presents identifying information to a camera where identifying information encompasses gesture); also see lines 2-9 of para 60);  para 47 and 49 ( describing gesture as comprising series of motions (moving)) and  as regards payment device see paras 35 (point of sale POS),  para 60 (lines 2-9, showing that at POS a consumer’s transaction instrument is also captured), fig 1(104));  

  [decoding the video image of the custom moving gesture and the PIN;
   encrypting the video image of the custom moving gesture, the PIN, and the payment
information;
     sending the encrypted and decoded video image of the custom moving gesture, the  encrypted and decoded PIN, and the encrypted payment information to a secure server;
     decrypting, via the secure server, the encrypted and decoded video image of the custom moving gesture, the encrypted and decoded PIN, and the encrypted payment information;]

           comparing the [decrypted and decoded] video image of the custom moving gesture and the [decrypted and decoded PIN] to a database of video images of custom moving gestures and associated PINs and comparing the [decrypted]  payment information to a database of known payment information 
   (para 53, lines 1-4 and 10-15, where consumer presents transaction instrument that is compared with saved information and also presents identifying information (gesture) where para 57 shows where received gesture data is compared to saved identifying information (gesture and PINs (para 47))); 
          comparing the [decrypted] video image of the custom moving gesture and the [decrypted] PIN  to the payment information 
(para 51, 55, comparing gesture data to transaction account data that is paired to the user’s likeness); 
   sending an [encrypted] payment authentication response to the device based on the comparisons (paras 53, 54, authentication response sent to payment device (104)).

   Regarding the following limitations which were included above in brackets  [  ]  for the sake of continuity but were not identified as being addressed by Aidasani) and references in the claim to the PIN being encoded in a gesture: 
     requesting from a camera coupled to a payment device, collection of a personal
identification number [PIN] via a custom moving gesture
     providing a prompt to a user via a display requesting the [custom moving gesture having the PIN encoded therein]        
       receiving a video image of the custom moving gesture [having the PIN encoded therein] recorded via the camera coupled to a payment device and receiving payment information via the payment device,  
     Aidasani does not expressly show the above recited bracketed [  ] limitations but Mason shows a moving gesture being collected that has a PIN encoded therein (paras 13, 14, wherein a user signs a PIN through gestures in the air). 
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani that shows a process for authenticating a user through gesture and payment data, Mason, that provides additional functionality for users to process transactions quickly (Mason, para 6).    

    Aidasani, from above, shows the limitations as recited – e.g., receive payment and gesture data and compare each to stored data and send a payment authentication based on the comparison.  As regards the limitations that recite encrypting or  decrypting, Aidasani and Mason do not expressly show encrypting or decrypting the received and transmitted data -  i.e, the claim limitations that show encrypted gesture data and payment information, decrypting payment and gesture data or an encrypted payment authentication response (which were also recited within brackets [   ] above for the sake of continuity but were not addressed by the Aidasani  or Mason reference).  Those limitations are 
   encrypting the video image of the custom moving gesture, the PIN, and the payment
information;
     sending the encrypted and decoded video image of the custom moving gesture, the  encrypted and decoded PIN, and the encrypted payment information to a secure server;
     decrypting, via the secure server, the encrypted and decoded video image of the custom moving gesture, the encrypted and decoded PIN, and the encrypted payment information. 

    As relates to encrypted payment information and encrypted authentication response (i.e., sending and receiving encrypted information) per above recited steps, Makhotin shows encrypting payment information (that includes security information), decrypting said information in communications sent between entities in an authentication process (paras 12, lines 1-20, 89, showing encryption of payment and security information, decrypting of said information and sending of an encrypted response.)  
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani and Mason that shows a process for authenticating a user through gesture and payment data, Makhotin, that shows such a process with encrypted communications between entities of an authentication process in order to provide additional security.    
    
     The combination of references does not expressly show decoding a received image.  Avni shows, regarding an authentication from a received image, decoding it into data code and comparing it to data code in a database for authentication purposes (paras 37 and 40, showing encoding verification actions (e.g. gesture) in an image and subsequent decoding  to verify user identity).
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani and, Mason and Makhotin that shows a process for authenticating a user through image and payment data, Avni, that shows a manner of encoding data used as a verification into an image that provides ability to decode the image in order to determine the identity of  a user.     
     Re claim 13: Aidasani further shows sending the [encrypted] video image of the custom moving gesture, the [encrypted PIN] and the [encrypted] payment information over an operating system 
(para 53 - (showing identifying information (gesture) and payment instrument information sent from POS (fig 1(104)) in addition to para 26 showing transmission of encrypted sensitive information (which includes account number) between a customer user and merchant and between a merchant and payment processor).  
   Mason further shows a PIN encoded in a collected moving gesture (paras 13, 14, wherein a user signs a PIN through gestures in the air).
   It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani that shows a process for authenticating a user through gesture and payment data, Mason, that provides additional functionality for users to process transactions quickly (Mason, para 6).
   As relates to encrypted payment information and encrypted authentication response (i.e., sending and receiving encrypted information), Makhotin further shows encrypting payment information (that includes security information), decrypting said information in communications sent between entities in an authentication process (paras 12, lines 1-20, showing encryption of payment and security information, decrypting of said information and sending of an encrypted response.)  
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani and Mason that shows a process for authenticating a user through gesture and payment data, Makhotin, that shows such a process with encrypted communications between entities of an authentication process in order to provide additional security.    
   Re claim 14:  Aidasani in view of Mason and further in view of Makhotin and further in view of Avni shows the method of claim 12. 
    Aidasani shows receive, from the payment device, payment information and data associated with the moving gesture ((para 53 - (showing identifying information (gesture) and payment instrument information sent from POS (fig 1(104)) in addition to para 26 showing transmission of encrypted sensitive information (which includes account number) between a customer user and merchant and between a merchant and payment processor), where the information is indicated as being sent to a single device, where Makhotin further addresses the encryption of information (per claim 1).  
   Regarding the limitation, sending the image of the custom gesture to a first secure server and sending the payment information to a second, different secure server, Makhotin further indicates authentication data sent separately to different computers from payment information (paras 115, 116, fig 1, showing separate authentication and payment computers). 
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have the evaluation of one type of data (image data, in this case) performed by a component separate from the evaluation of a different type of data (payment data) since it has been held that provision of separability involves only routine skill in the art. In re Dulberg, 289 G2.d 522, 523, 129 USPQ 348,349 (CCPA 1961). MPEP 2144(V)(C).
   Re claim 15: Aidasani further shows sending an approved payment authentication response in response to simultaneously:  verifying the payment information during the comparison to the known information; and verifying the video image of the custom moving gesture and [the PIN encoded therein] during the comparison to the database video images of custom moving gestures and associated PINs
 (para 53, lines 1-4 and 10-15, para 54, where consumer presents transaction instrument that is compared with saved information and also presents identifying information (gesture) where para 57 shows where received gesture data is compared to saved identifying information (gesture, PIN(para 47 PIN is also identifying information)), thereby verifying information). 
    Mason further shows the PIN encoded in a gesture (paras 13, 14, wherein a user signs a PIN through gestures in the air). 
    It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have incorporated into Aidasani that shows a process for authenticating a user through gesture and payment data, Mason, that provides additional functionality for users to process transactions quickly (Mason, para 6).     
    
Conclusion
       Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
         Any inquiry concerning this communication or earlier communications from the examiner should be directed to CAROL A SEE whose telephone number is (571)272-9742.  The examiner can normally be reached on M-Th 7:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Namrata Boveja can be reached on 571-272-8105.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CAROL A SEE/Examiner, Art Unit 3696                                                                                                                                                                                                        
/RAJESH KHATTAR/Primary Examiner, Art Unit 3693