Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Acknowledgements
2.	The amendments to claims 1-5, 7, 9, 11-13, 15 and 18-24, filed 06/16/2021 is acknowledged.
3.	Claims 1-24 are pending.
4.	Accordingly, Claims 1-24 are examined.

Response to Amendment/Remarks
35 USC § 101
5.	Claim 1 continues to be directed towards user authentication in a transaction. This is an abstract idea. The computer technology merely automates and implements the abstract idea. The additional elements “a server having a processor and being in communication with a third-party server and a user device of a user”, “a communication module in network communication with a third-party server and a user device of a user”, “a memory storing a program code; and a processor in communication with the memory and the communication module, wherein the program code comprises instructions that, when executed by the processor, cause the processor to perform the steps of”, non-transitory computer readable medium having a computer program stored thereon, the computer program comprising instructions which, when executed by a processor of a 

35 USC § 103
6.	Applicant is of the opinion that neither Banks nor Wong, alone or in combination, discloses or suggests each and every element of the claimed invention. For example, “Wong does not teach presenting, to the user, the identity decisioning result that is determined based on the risk level associated with a transaction, wherein the identity decisioning result is presented via a second application window that is displayed on the user device at least partially overlapping a first application window, the first application window being used by the user to attempt the transaction, as claimed”
Examiner respectfully disagrees. Firstly, in response to applicant's arguments 
against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Secondly, this limitation is taught by the combination of Banks teaching displaying in a second application window in (¶¶ [0409], 
	Applicant further disclose that Wong does not disclose “determining an identity decisioning result based on the risk level associated with the transaction, and presenting the identity decisioning result to the user via the second application window displayed on the user device, as claimed.”
	Examiner respectfully disagrees as Banks still teaches this amended limitation “determining an identity decisioning result based on the risk level associated with the transaction” in (¶¶ [0408]-[0409], [0608]) and Wong teaches “presenting the identity decisioning result to the user via the “...” application window displayed on the user device” in (¶¶ [0009], [0053], [0060], [0065], [0098]).

Claim Rejections - 35 USC § 101
7.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

8.	Claims 1-24 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
, claims 1-17 are directed to a method, claims 18-23 directed to a server and claim 24 directed to a non-transitory computer readable medium. Therefore, these claims fall within the four statutory categories of invention.
	The claim(s) are directed to user authentication in a transaction, which is an abstract idea. Specifically, the claims recite the steps of “receiving a request... to confirm an identity of the user attempting a transaction...”, “displaying on the user... to display a second... window presenting an identity decisioning...”, “determining... a risk level associated with the transaction based on identity verification data...”, “determining... an identity decisioning result based on the...”, “presenting... the identity decisioning result to the user via the second... window”, “determining whether the risk level exceeds a predetermined threshold”, “upon determining that the risk level exceeds the predetermined threshold”, “selecting... at least one identity authentication exam, the user device presenting the at least one identity authentication exam to the user via the second... window”, “determining... an outcome of the at least one identity authentication exam based on a user response thereto”, “ and determining... the identity decisioning result based on the outcome of the at least one authentication exam”, “and upon determining that the risk level does not exceed the predetermined threshold”, “determining... the identity decisioning result based on the risk level associated with the transaction`”, which is grouped within the “Certain methods of organizing human activity” grouping of abstract ideas in prong one of Step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because the claim(s) involve user authentication in a transaction, receiving a request for a transaction, determining the risk involve with the user request, 
10.	This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) of the claim(s) such as  “a server having a processor and being in communication with a third-party server and a user device of a user”, “a communication module in network communication with a third-party server and a user device of a user”, “a memory storing a program code; and a processor in communication with the memory and the communication module, wherein the program code comprises instructions that, when executed by the processor, cause the processor to perform the steps of”, non-transitory computer readable medium having a computer program stored thereon, the computer program comprising instructions which, when executed by a processor of a server in communication with a third-party server and a user device of a user, cause the processor to”, merely reflect the use of a computer as a tool to perform the abstract idea and/or generally link(s) the use of a judicial exception to a particular technological environment.

12.	Dependent claims 2-17 and 19-23 further describe the abstract idea of performs the steps or functions of user authentication in a transaction. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible.  

Claim Rejections - 35 USC § 112

         13.	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):

IN GENERAL-The specification shall contain a written description of the 



	The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:

The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

14.	Claims 1-24 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.

Lack of Algorithm
15.	Claims 1, 18 and 24 recites “displaying on the user device and using the 
processor a second application window . . .”
	The Specification is missing algorithm or flow chart with respect to how a 
device (i.e. processor can display something on second device (i.e. user device) in 
sufficient detail so that one of ordinary skill in the art would understand how the 
inventor intended them to be performed. See MPEP § 2161.01 I, 2163.02 and
 2181, IV. 
	Claims 1, 18 and 24 recites “presenting, using the processor, the identity
decisioning result to the user via the second application window...”
	The Specification is missing algorithm or flow chart with respect to how a 
device (i.e. processor can present an identity decisioning result on second device (i.e. 
user device) in sufficient detail so that one of ordinary skill in the art would 
understand how the inventor intended them to be performed. See MPEP §2161.01 
I, 2163.02 and 2181, IV. 
16.	Dependent claims 2-17 and 19-23 are also rejected since they depend on 
claims 1 and 18, respectively.

Claim Rejections - 35 USC § 112
17.	The following is a quotation of 35 U.S.C. 112(b):
(B) CONCLUSION.-The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

	The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

18.	Claims 1-24, are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-

Unclear Scope
19.	Claims 1, 18 and 24, recite “receiving, at the processor, a request from the third-party server to confirm an identity of the user, the user attempting a transaction through a third-party website...” The scope of the claim is unclear, because actions performed between user and the third party is outside the scope of the invention as claimed. “An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous.  Only in this way can uncertainties of claim scope be removed…” (In re Zletz, 13 USPD2d 1320 (Fed. Cir. 1989)). 
	Claims 1, 18 and 24, recite “the user device presenting the at least one identity authentication exam” The scope of the claim is unclear, because user device is outside the scope of the invention as claimed. “An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous.  Only in this way can uncertainties of claim scope be removed…” (In re Zletz, 13 USPD2d 1320 (Fed. Cir. 1989)).
	Claims 1, 18 and 24, recite “selecting, by the processor, at least one identity authentication exam, the user device presenting the at least one identity authentication exam to the user via the second application window displayed on the user device” the selecting authentication exam is done by the processor, therefore it is unclear the manner processor is determining authentication exam based on user response, because authentication exam was never sent to the user. Therefore, the scope of the claim is unclear. “An essential purpose of patent examination is to In re Zletz, 13 USPD2d 1320 (Fed. Cir. 1989)).
	Claims 1, 18 and 24, recite “determining, using the processor, an identity decisioning result based on the risk level associated with the transaction” and  “determining, by the processor, the identity decisioning result based on the outcome of the at least one authentication exam” it is unclear why determining is performed twice. Therefore, the scope of the claim is unclear. “An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous.  Only in this way can uncertainties of claim scope be removed…” (In re Zletz, 13 USPD2d 1320 (Fed. Cir. 1989)).
20.	Dependent claims 2-17 and 19-23 are also rejected since they depend on 
claims 1 and 18, respectively.

Claim Rejections - 35 USC § 103
21.	In the event the determination of the status of the application as subject to AIA  35
U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


22.	Claims 1-24 are rejected under 35 U.S.C. 103 as being unpatentable over Banks et al., (US 20150066765 A1) in view of Wong et al., (US 20150046339 A1).

23.	With respect to claims 1, 18 and 24, Banks, teaches a method by a server, a system, and a non-transitory computer readable medium (Fig. 3 item 301, ¶¶ [0360])   having a computer program stored thereon, the computer program comprising instructions which, when executed by a processor of a server (Fig. 3 item 300, ¶¶ [0360]) in communication with a third-party server and a user device of a user, cause the processor to: 
receiving, at the processor, a request from the third-party server to confirm an identity of the user, the user attempting a transaction through a third-party website, displayed in a first application window on the user device (Fig. 5 item 500-504, 507, 528, 530-535,  ¶¶ [0374], [0379], [0404], [0406]-[0411], [0413]).
displaying, on the user device and using the processor, a second application window “smartphone application” presenting an identity decisioning application, the second application window at least partially overlapping the first application window 
displayed on the user device (¶¶ [0409], [0413]).

determining, using the processor, an identity decisioning result based on the risk level associated with the transaction (¶¶ [0408]-[0409], [0608]).
with respect to “presenting the identity...”; “selecting by the processor...”;
“...second application window” (¶¶ [0409], [0413]).
Banks does not explicitly disclose:
presenting, using the processor, the identity decisioning result to the user via the second application window displayed on the user device, wherein determining the identity decisioning result comprises:
determining whether the risk level exceeds a predetermined threshold.
upon determining that the risk level exceeds the predetermined threshold:
selecting, by the processor, at least one identity authentication exam, the user device presenting the at least one identity authentication exam to the user via the second application window displayed on the user device, determining, by the processor, an outcome of the at least one identity authentication exam based on a user response thereto, and determining, by the processor, the identity decisioning result based on the outcome of the at least one authentication exam.
and upon determining that the risk level does not exceed the predetermined threshold, determining, by the processor, the identity decisioning result based on the risk level associated with the transaction.
However, Wong discloses

“...” application window displayed on the user device, wherein determining the identity decisioning result (¶¶ [0009], [0053], [0060], [0065], [0098]), comprises:
determining whether the risk level exceeds a predetermined threshold (¶¶ [0009], [0011], [0053]-[0054], [0060], [0065], [0098], [0114]).
upon determining that the risk level exceeds the predetermined threshold:
selecting, by the processor, at least one identity authentication exam, the user device presenting the at least one identity authentication exam to the user via the “...” application window displayed on the user device (¶¶ [0009], [0053], [0060], [0065], [0098]),
determining, by the processor, an outcome of the at least one identity authentication exam based on a user response thereto (¶¶ [0009], [0053], [0060], [0065], [0098]), and 
determining, by the processor, the identity decisioning result based on the outcome of the at least one authentication exam (¶¶ [0009], [0053], [0060], [0065], [0098]), and
upon determining that the risk level does not exceed the predetermined threshold, determining, by the processor, the identity decisioning result based on the risk level associated with the transaction (¶¶ [0009], [0053], [0060], [0065], and [0098]).
Therefore, it would have been obvious for a person of ordinary skill in the art at the time application was filed to simply modify the request to confirm a user identity in a transaction of Banks in view of Wong in order to provide added security to confirming 
the user identity in a transaction.

24. 	With respect to claims 2 and 19, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1.
 Furthermore, Banks discloses further comprising sending, using the processor, the identity decisioning result to the third-party server (Fig. 5F item 530-531, ¶¶ [0406]-[0414]).

25. 	With respect to claims 3 and 20, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. 
Furthermore Wong teaches, wherein determining the identity decisioning result further comprises selecting, by the processor a success result for the identity decisioning result upon determining that the risk level does not exceed the predetermined threshold or the outcome of the at least one authentication exam is a passing outcome, the third-party website enabling the user to complete the transaction if the identity decisioning result is the success result (¶¶ [0005], [0040]-[0042], [0044], [0048]-[0049]).

26. 	With respect to claim 4, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. 
Furthermore Wong teaches, wherein determining the risk level comprises:
selecting, by the processor, the risk level of the transaction from a list comprising two or more of the following: a high risk level, a medium risk level, a low risk level, or 

27. 	With respect to claims 5, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. 
Furthermore Wong teaches, wherein selecting at least one authentication exam comprises selecting, by the processor, the at least one authentication exam from a list of authentication exams based on the risk level of the transaction (¶¶ [0059], [0060]).

28. 	With respect to claim 6, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 5. Furthermore Wong teaches, wherein the list of authentication exams comprises at least one of a knowledge-based authentication exam and a one-time password exam (¶¶ [0053], [0065]).

29. 	With respect to claim 7, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. 
Furthermore Wong teaches, wherein selecting at least one authentication exam comprises selecting, by the processor, at least two authentication exams upon determining that the risk level is a high risk level (¶¶ [0009], [0053], [0060], [0065], and [0098).

claim 8 and 21, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. 
Furthermore Banks teaches, further comprising generating, by the processor, the at least one authentication exam (“PIN”, ¶¶ [0409]).

31. 	With respect to claims 9 and 22, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. 
Furthermore Banks teaches, further comprising providing, using the processor, the at least one authentication exam to the user device, the user device presenting the at least one authentication exam to the user through the identity decisioning application presented on the user device. (“smartphone application”, ¶¶ [0409]).

32. 	With respect to claim 10, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. 
Furthermore Banks teaches, wherein the identity verification data comprises at least one of passive information, login information, and personally identifying information (Fig 5 item 529-530, ¶¶ [0405], [0406]). 
With respect to the limitation “wherein the identity verification data comprises at least one of passive information, login information, and personally identifying information” this is nonfunctional descriptive material as it only describes the data that is contained in the verification data, while the data contained in the verification data is not used to perform any of the recited method steps. Therefore, it has been held the nonfunctional descriptive material will not distinguish the invention from the prior art in 

33. 	With respect to claim 11, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 10. 
Furthermore Wong teaches, wherein the login information comprises a username and password associated with the identity decisioning application, the login information provided to the processor by the user through the identity decisioning application. (¶¶ [0053], [0065]).

34. 	With respect to claim 12, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 10. 
Furthermore Wong teaches, wherein the passive information comprises device identification information associated with the user device, the processor automatically retrieving the device identification information from the user device (¶¶ [0060]).

35. 	With respect to claim 13, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 10. 
Furthermore Banks teaches, wherein the passive information comprises environmental parameters associated with the transaction, the processor automatically retrieving the environmental parameters from the user device, and the environmental 

36. 	With respect to claim 14, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 10. 
Furthermore Wong teaches, wherein the personally identifying information comprises at least one of a full name, an address, and a social security number (¶¶ [0110]).
With respect to the limitation “wherein the personally identifying information comprises at least one of a full name, an address, and a social security number” this is nonfunctional descriptive material as it only describes the data that is contained in the personally identifying information, while the data contained in the personally identifying information is not used to perform any of the recited method steps. Therefore, it has been held the nonfunctional descriptive material will not distinguish the invention from the prior art in term of patentability. (In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP 2111.05), Ex parte Nehls 88 USPQ2d 1883 (BPAI 2008) (precedential).

37. 	With respect to claim 15, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. 
Furthermore Wong teaches, wherein the identity verification data comprises an initial verification data and a secondary verification data, and determining, the risk level associated with the transaction comprises: 

determining, by the processor, a preliminary risk level of the transaction based on the initial verification data (¶¶ [0011]), [0050]-[0055]).  
upon determining that the preliminary risk level exceeds a preliminary threshold:
requesting, using the processor, the secondary verification data from the user through the identity decisioning application presented on the user device (¶¶ [0009], [0053], [0060], [0065], and [0098), and
determining, by the processor, the risk level associated with the transaction based on the secondary verification data (¶¶ [0009], [0053], [0060], [0065], [0098), and
upon determining that the preliminary risk level does not exceed the preliminary threshold, assigning, by the processor, the preliminary risk level as the risk level of the transaction (¶¶ [0009], [0053], [0060], [0065], and [0098).

38. 	With respect to claim 16, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 15. 
Furthermore Wong teaches, wherein the initial verification data comprises at least one of device identification information and login information, and the secondary verification data comprises personally identifying information (¶¶ [0009], [0053], and [0060]).
With respect to the limitation “wherein the initial verification data comprises at least one of device identification information and login information, and the secondary verification data comprises personally identifying information” this is nonfunctional 

39.	With respect to, claim 17, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 15. 
Furthermore Wong teaches, wherein the preliminary threshold is a zero risk level (¶¶ [0009], [0086]).
With respect to the limitation “wherein the preliminary threshold is a zero risk level” this is nonfunctional descriptive material as it only describes the data that is contained in the preliminary threshold, while the data contained in the preliminary threshold is not used to perform any of the recited method steps. Therefore, it has been held the nonfunctional descriptive material will not distinguish the invention from the prior art in term of patentability. (In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP 2111.05), Ex parte Nehls 88 USPQ2d 1883 (BPAI 2008) (precedential).

40.	With respect to claim 23, the combination of Banks in view of Wong teaches all 

Furthermore Banks teaches, wherein the program code further comprises instructions that, when executed by the processor, cause the processor to perform the step of establishing a secure connection with at least one of the third-party server and the user device prior to displaying the second application window on the user device. (¶¶ [0246]).


Conclusion
41.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

42.	The prior art made of record and not relied upon:
1)	(US 20090313134 A1) – Faith et al., Recovery of Transaction Information.


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W. Hayes can be reached on 571-272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair /PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VINCENT I IDIAKE/Examiner, Art Unit 3699                                                                                                                                                                                                        /ZESHAN QAYYUM/Primary Examiner, Art Unit 3685