DETAILED ACTION
Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .    

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03 March 2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Analysis:
Step 1: Claims 1-20 are  all  directed  to  a  statutory  category  (e.g.,  a  process,  machine,  manufacture,  or composition of matter).  Claims 1-8 are directed to a first process (method), Claims 9-15 are directed to a second process YES.
Step 2A:  Claims 1-20 recite three substantially similar methods directed to the abstract idea to acquiring and utilizing biometric feature information of a user to manage risk and settle financial transactions.  Further, in support of this abstract idea, (Spec ¶ [0015]) recites, “the disclosure may describe enhanced authentication processing for high risk transactions. The processing allows merchants to re-submit a transaction request to permit time for an issuer to validate a client by pushing an authentication message to the client, having the client provide an authentication parameter, such as a biometric parameter or password that may be compared to an authentication parameter previously provided to the issuer/authentication authority”.  Thus, transaction fraud prevention and risk management, a particular form of organizing of a human activity, which is a fundamental economic practice.  

Step 2A.1:  In the instant application, relevant to the identification of the abstract idea, Claim 1, as representative, recites, “receiving, a first authentication parameter from a user”, “receiving, a first iteration of a transaction request”, “determining that the merchant identifier is associated with an untrustworthy merchant”, “transmitting a request to re-submit the transaction request”, “transmitting an authentication request . . . associated with the user payment account”, “receiving, a second authentication parameter . . . in response to the authentication determining that the second authentication parameter matches the first authentication parameter”, “receiving, a second iteration of the transaction request . . . in response to the request to re-submit the transaction request” and “approving the second iteration of the transaction request based on the determination that the second authentication parameter matches the first authentication parameter”.  The steps represent a series of data aggregation for identifying and controlling fraudulent transactions.  These steps contribute to “risk management” which is a fundamental economic activity and which falls under the grouping of certain methods of organizing human activity.  Therefore the claims recite an abstract idea.  The answer is YES.

Step 2A.2:  This judicial exception is not integrated into a practical application.  The additional elements recited include a “merchant server” (processor) configured for executing instructions, a “user computing device” (additional processor) configured for executing instructions, and a (memory) for storing transaction data, user data and biometric data.  
The memory is recited at a high level of generality (i.e. memory for storing biometric data). The processor(s) are also recited at a high level of generality (as a general purpose processor that performs generic computer functions of receiving data, capturing image data and performing calculations on data) such that it amounts to no more than mere instructions to apply the exception using a generic computer component.
NO.

Step 2B:  The claim does not include additional elements that amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea.  
The “memory element” and “processor(s)” are recited at a high level of generality and are recited as performing generic computer functions (i.e. inputting data, calculating, storing data) routinely used in computer applications.  Generic computer components recited as performing generic computer functions that amount to no more than implementing the abstract idea with a computerized system.  Thus, taken alone, the additional elements do not amount to significantly more than the above-identified judicial exception (the abstract idea).  Looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. 
The generic computer based limitations of “receiving, a first authentication parameter from a user”, “receiving, a first iteration of a transaction request”, “determining that the merchant identifier is associated with an untrustworthy merchant”, “transmitting a request to re-submit the transaction 
Therefore the additional limitations in the claims do not improve the functioning of the computer itself, or improve any other technology or technical field.  Use of a generic computer does not transform an abstract idea into a patent-eligible invention.  Thus, the claim does not amount to significantly more than the abstract idea itself.  The answer is NO.

          The analysis above applies to all statutory categories of invention.  As such, the presentment of Claims 1, 9 and 15 otherwise styled as a machine or manufacture, for example, are subject to the same analysis.  Furthermore, the dependent claims 2-8, 10-14 and 16-20 do not resolve the issues raised in the independent claims.  Claims 2-8, 10-14 and 16-20 are directed toward additional data exchange details of the independent claim steps.  Accordingly, claims 2-8, 10-14 and 16-20 are rejected as 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: 
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Publication No. 20150019443 A1 to Sheets et al., (hereinafter referred to as Sheets), in view of US PG Publication No. 20110035788 A1 from White et al., (hereinafter referred to as White) and further in view of US PG Publication No. 20130030972 A1 from DiGioacchino, (hereinafter referred to as DiGioacchino).

As per Claim 1, Sheets teaches;
A computer-implemented method comprising: 

receiving a first authentication parameter from a user, the first authentication parameter being associated with a user payment account; (See at least Sheets, ¶¶ [0028], [0038] and [0055]).

receiving a first iteration of a transaction request from a merchant server, the transaction request including an identifier of the user payment account and a merchant identifier; (See at least Sheets, ¶¶ [0027], [0039], [0041] and [0042]).

transmitting a request to re-submit the transaction request to the merchant server; (See at least Sheets, Fig. 5, Item 505, ¶¶ [0033], [0034] and [0037]).

receiving a second authentication parameter from the computing device in response to the authentication request; (See at least Sheets, ¶¶ [0028], [0038] and [0055]).

determining that the second authentication parameter matches the first authentication parameter; (See at least Sheets, Fig. 13, Item 1311, ¶¶ [0053], [0150], [0159] and [0183]).



approving the second iteration of the transaction request based on the determination that the second authentication parameter matches the first authentication parameter; (See at least Sheets, ¶¶ [0154], [0159] and [0183]).

wherein the method is performed using one or more processors; (See at least Sheets, Fig. 2, Item 120(A), ¶¶ [0037], [0039], [0045] and [0047]).

Further, Sheets discloses the details for “securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device comprising a server computer receiving a payment request including encrypted payment information”, (see at least Sheets, ABSTRACT).  However, Sheets does not specifically disclose determining that the merchant identifier is associated with an untrustworthy merchant.  In the same field of endeavor, White teaches; 

determining that the merchant identifier is associated with an untrustworthy merchant; (See at least White, Fig. 5, “Untrustworthy Merchant”, ¶¶ [0078] and [0080]).
	


Further, neither Sheets nor White disclose the details for “transmitting an authentication request associated with an untrustworthy merchant”.  In the same field of endeavor, DiGioacchino teaches; 

in response to determining that the merchant identifier is associated with an untrustworthy merchant, transmitting an authentication request to a computing device associated with the user payment account; (See at least DiGioacchio, ¶¶ [0005] and [0028]).
	
Therefore, it would have been obvious to a person of ordinary skill in the art at the time of the applicant’s invention, to have modified Sheets and White to incorporate the teachings of DiGioacchino which a financial service provider, to coordinate accounts that are issued by an issuer to cardholders requesting transactions with merchants; (see at least DiGioacchino, ABSTRACT; “the merchant sending a transmission to its acquirer including a request for a transaction against one account to which the merchant receives a denial or prior to receiving such a denial”).

As per Claim 2, White teaches;

wherein the first and second authentication parameters are a fingerprint of the user; (See at least White, ¶¶ [0043] and [0084]).

NOTE:  Claims 10 and 19 are substantially similar to Claim 2 and as such, these claim limitations are treated in the same manner with regard to the Claim 2 prior art rejection.

As per Claim 3, White teaches;

wherein the first and second authentication parameters are a facial recognition of the user; (See at least White, ¶¶ [0043] and [0084]).

NOTE:  Claims 11 and 20 are substantially similar to Claim 3 and as such, these claim limitations are treated in the same manner with regard to the Claim 3 prior art rejection.

As per Claim 4, Sheets teaches;

wherein the first and second authentication parameters are a password; (See at least Sheets, ¶ [0173]).

NOTE:  Claim 12 is substantially similar to Claim 4 and as such, these claim limitations are treated in the same manner with regard to the Claim 4 prior art rejection.

As per Claim 5, White teaches;

wherein the authentication request is configured to trigger a notification on the computing device; (See at least White, ¶¶ [0094], [0122], [0132], [0139] and [0147]).

NOTE:  Claim 13 is substantially similar to Claim 5 and as such, these claim limitations are treated in the same manner with regard to the Claim 5 prior art rejection.

As per Claim 6, White teaches;

wherein the authentication request is configured to receive an authentication confirmation from the user; (See at least White, ¶ [0136]).

NOTE:  Claim 14 is substantially similar to Claim 6 and as such, these claim limitations are treated in the same manner with regard to the Claim 6 prior art rejection.

As per Claim 7, Sheets teaches;



NOTE:  Claim 17 is substantially similar to Claim 7 and as such, these claim limitations are treated in the same manner with regard to the Claim 7 prior art rejection.

As per Claim 8, Sheets teaches;

wherein the request to re-submit the transaction request is transmitted using one or more ISO MTI codes; (See at least Sheets, ¶ [0078]).m 2 and as such, these claim limitations are treated in the same manner with regard to the Claim 2 prior art rejection.

NOTE:  Claim 17 is substantially similar to Claim 8 and as such, these claim limitations are treated in the same manner with regard to the Claim 8 prior art rejection.

As per Claim 9, Sheets teaches;
A computer-implemented method comprising:

receiving a first iteration of a transaction request including an identifier of a user payment account; (See at least Sheets, ¶¶ [0027] and [0039]).



determining that the authentication parameter matches an authentication parameter associated with the user payment account; (See at least Sheets, Fig. 13, Item 1311, ¶¶ [0053], [0150], [0159] and [0183]).

in response to the request to re-submit the transaction request, receiving a second iteration of the transaction request; (See at least Sheets, ¶¶ [0027], [0039], [0041] and [0042]).

approving the second iteration of the transaction request based on the determination that the authentication parameter received from the computing device matches the authentication parameter associated with the user payment account; (See at least Sheets, ¶¶ [0154], [0159] and [0183]).

wherein the method is performed using one or more processors; (See at least Sheets, Fig. 2, Item 120(A), ¶¶ [0037], [0039], [0045] and [0047]).

Further, Sheets discloses the details for “securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device comprising a server computer receiving 

determining that the transaction request includes a likelihood of fraud that exceeds a predetermined fraud threshold; (See at least White, ¶ [0108]).

based on the determination that the transaction request includes a likelihood of fraud that exceeds the predetermined fraud threshold, transmitting an authentication request to a computing device associated with the user payment account and transmitting a request to re-submit the transaction request; (See at least White, ¶ [0109]).
	
Therefore, it would have been obvious to a person of ordinary skill in the art at the time of the applicant’s invention, to have modified Sheets to incorporate the teachings of White which provides the determination for transaction risk management; (see at least White, ABSTRACT; “authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known”).

As per Claim 15, Sheets and White teach;



wherein determining that the transaction request includes a likelihood of fraud that exceeds the predetermined fraud threshold includes determining that a merchant associated with the merchant identifier is an untrustworthy merchant; (See at least White, Fig. 5, “Untrustworthy Merchant”, ¶¶ [0078] and [0080]).

As per Claim 16, Sheets teaches;

receiving a first iteration of a transaction request including an identifier of a user payment account from a merchant server; (See at least Sheets, ¶¶ [0027], [0039], [0041] and [0042]).

in response to receiving the first iteration of the transaction request, transmitting an authentication request to a computing device associated with the user payment account and transmitting a request to re-submit the transaction request to the merchant server; (See at least Sheets, Fig. 5, Item 505, ¶¶ [0033], [0034] and [0037]).

receiving an authentication parameter from the computing device in response to the authentication request; (See at least Sheets, ¶¶ [0028], [0038] and [0055]).

determining that the authentication parameter received from the computing device matches an authentication parameter associated with the user payment account; (See at least Sheets, Fig. 13, Item 1311, ¶¶ [0053], [0150], [0159] and [0183]).

receiving a second iteration of the transaction request from the merchant server; (See at least Sheets, ¶¶ [0027], [0039], [0041] and [0042]).

based on the determination that the authentication parameter received from the computing device matches the authentication parameter associated with the user payment account, approving the second iteration of the transaction request; (See at least Sheets, ¶¶ [0154], [0159] and [0183]).

wherein the method is performed using one or more processors; (See at least Sheets, Fig. 2, Item 120(A), ¶¶ [0037], [0039], [0045] and [0047]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Felsher (US 20130159021 A1) discloses a method of controlling access to records stored within databases, each record having associated access rules, a location 
Attfield et al. (US 20160012216 A1) discloses a system for policy-managed, secure authentication and authorization for transactions. The present invention links identification and verification methods and apparatus to a policy-managed system that can control how such devices are utilized under specific scenarios as defined by the policy maker.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PAUL R KLOBERG whose telephone number is (571)272-0474. The examiner can normally be reached Mon-Fri; 8:30 AM to 5:00 PM (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael W. Anderson can be reached on 571-270-0508. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, 





/PAUL R KLOBERG/Examiner, Art Unit 3698                                                                                                                                                                                                        
/HANI M KAZIMI/Primary Examiner, Art Unit 3691