DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendment filed 9/28/2021 has been entered. Claims 1-20 remain pending in the application. Applicant’s amendments to the Claims have overcome each and every 112(b) rejections previously set forth in the Non-Final Office Action mailed 6/29/2021.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. 
The 2019 Revised Patent Subject Matter Eligibility Guideline (MPEP 2106.04(II) and 2106.04(d)) also provides step(s) in determining eligibility under 35 U.S.C. § 101. 
	Under the Step 1, Claims 1-7 are drawn to a system which is within the four statutory categories (i.e. a machine). Claims 8-14 are drawn to a computerized method which is within the four statutory categories (i.e., a process). Claims 15-20 are drawn to a non-transitory computer-readable medium which is within the four statutory categories (i.e., a manufacture).

With respect to claims 1, 8, and 15:
Claims 1, 8, and 15 are drawn to an abstract idea without significantly more. The claims recite receiving a registration message including device-based user authentication data associated with a computing device of the user and an account identifier associated with the payment account by a device authentication validation (DAV) service remote from the computing device, linking the device-based user authentication data with the payment account in a data store of the DAV service based on an authentication data type of the device-based user authentication data matching at least one authentication data type in a set of issuer-approved authentication data types associated with an issuer of the payment account, receiving an authentication request including biometric data captured by the computing device associated with a transaction from the payment account associated with the issuer from the computing device of the user, matching the biometric data with the device-based user 
	Under the Step 2A Prong One, the limitations of receiving a registration message including device-based user authentication data associated with a computing device of the user and an account identifier associated with the payment account by a device authentication validation (DAV) service remote from the computing device, linking the device-based user authentication data with the payment account in a data store of the DAV service based on an authentication data type of the device-based user authentication data matching at least one authentication data type in a set of issuer-approved authentication data types associated with an issuer of the payment account, receiving an authentication request including biometric data captured by the computing device associated with a transaction from the payment account associated with the issuer from the computing device of the user, matching the biometric data with the device-based user authentication data linked with the payment account, and authenticating the identity of the user based on the biometric data of the received authentication request matching the device-based user authentication data linked with the payment account, as stated, are processes that, under its broadest reasonable 
	Under the Step 2A Prong Two, this judicial exception is not integrated into a practical application. In particular, the claim only recites additional elements – processor, memory, computing device, and non-transitory computer readable storage media. The processor, memory, computing device, and non-transitory computer readable storage media are recited at a high-level of generality (i.e., performing generic functions of an interaction) such that it amounts no more than mere instructions to apply the exception using a generic computer component, merely implementing an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea - see MPEP 2106.05(f). The processor and the computing device send or receive message or request for registration and transaction, setting up device-base user authentication and authenticating the identity of user for the transaction by matching the biometric data with the device-based user authentication data, which is surely at a high-level of generality, and the instant invention is not integrated in any 
	Under the Step 2B, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception, reaffirming that the limitations are not indicative of integration into a practical application: Generally linking the use of the judicial exception to a particular technological environment or field of use. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements in the 
With respect to claims 2-7, 9-14, and 16-20:
Dependent claims 2-7, 9-14, and 16-20 include additional limitations, for example, sending an authentication message to the issuer, receiving an authentication response from the issuer, linking the device-based user authentication data with the payment account further based on a challenge result indicating the authentication or validation of an enrollment signature, authenticating the identity of the user further based on validation of the biometric data, authenticating the identity of the user further based on verification of the cryptographic proof, receiving additional authentication requests including additional device-based user authentication data, authenticating the identity of the user based on the additional device-based user authentication data of the received authentication request matching the device-based user authentication data linked with the payment account, the device-based user authentication data including at least one of fingerprint data, facial recognition data, password data, or PIN data, and providing a user interface, on the computing device of the user, to input the 

Therefore, whether taken individually or as an ordered combination, claims 2-7, 9-14, and 16-20 are nonetheless rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-3, 5-6, 8-10, 12, 15-17, and 19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Alger et al. (WO2016053686A1; hereinafter Alger).
With respect to claims 1, 8, and 15:
	Alger teaches 
A system for authenticating an identity of a user based on device-based user authentication data for transactions associated with a payment account, the system comprising: (See at least Alger: Abstract)
at least one processor; and (See at least Alger: page 9, lines 1-7)
at least one memory comprising computer program code, the at least one memory and the computer program code configured, with the at least one processor, to cause the at least one processor to: (See at least Alger: 9/20-31)
A computerized method for authenticating an identity of a user based on device-based user authentication data for transactions associated with a payment account, the method comprising: (See at least Alger: Abstract)
One or more non-transitory computer readable storage media having computer-executable instructions for authenticating an identity of a user based on device-based user authentication data for transactions associated with a payment account that, upon execution by a processor, cause the processor to at least: (See at least Alger: Abstract; 9/20-31)
receive, by a device authentication validation (DAV) service, a registration message including the device-based user authentication data associated with a computing device of the user and an account identifier associated with the payment account, the DAV service being remote from the computing device of the user; (By disclosing, when a user registers with the wallet server 206 using the user/payment device 206, the wallet server 206 may generate a fixed cryptogram and download it to the user/payment device 212 in the form of a cookie that will serve as a device fingerprint. In addition, the user enrollment application program 310 may control the processor 300 to enable the wallet server 206 to handle requests from users to enroll for wallet services provided by the wallet server 206. For example, this may include, at least in part, opening a user account on the wallet server 206 and enrolling a number of the user's payment card accounts for inclusion in the digital wallet 
based on an authentication data type of the device-based user authentication data matching at least one authentication data type in a set of issuer-approved authentication data types associated with an issuer of the payment account, link, by the DAV service, the device-based user authentication data with the payment account in a data store in the at least one memory associated with the DAV service; (As stated above, and by further disclosing, the user enrollment application program 310 may control the processor 300 to enable the wallet server 206 to handle requests from users to enroll for wallet services provided by the wallet server 206. For example, this may include, at least in part, opening a user account on the wallet server 206 and enrolling a number of the user's payment card accounts for inclusion in the digital wallet to be provided for the user on the wallet server 206. See at least Alger: 10/5-18)
receive, by the DAV service, an authentication request associated with a transaction from the payment account associated with the issuer, the authentication request including biometric data captured by from the computing device of the user; (By disclosing, the acquirer computer 108 may operate in a conventional manner to receive an authorization request for the transaction from the POS terminal 106. The acquirer computer 108 the user/payment device (if equipped with a camera) may capture an image of the user's face to generate facial recognition biometric data. In any of these examples, or for other types of biometric data gathering, the user/payment device 212 may transmit raw and/or processed/summarized biometric data to the wallet server 206. See at least Alger: 5/21-29; 3/9-18; 15/14-28)
match, by the DAV service, the biometric data captured by the computing device of the user with the device-based user authentication data linked with the payment account in the data store of the DAV service; and (As stated above, and by further disclosing, (F) The wallet server 206 uses the function (f) to compute a result based on the secret information/biometric data retrieved for the user/user device and also based on the challenge and the session data. (G) The wallet server 206 compares the result it calculated with the result it received from the user device. If the comparison indicates a match, then the user/user device is authenticated, and the wallet server 206 
authenticate, by the DAV service, the identity of the user based on the biometric data captured by the computing device of the user matching the device-based user authentication data linked with the payment account in the data store of the DAV service. (As stated above, see at least Alger: 17/6-28)
With respect to claims 2, 9, and 16:
	Alger teaches the system of claim 1, the computerized method of claim 8, and the one or more non-transitory computer readable storage media of claim 15, as stated above.
	Alger further teaches wherein the at least one memory and the computer program code are configured, with the at least one processor, to further cause the at least one processor to: 
send, by the DAV service, an authentication message to the issuer, the authentication message including at least a portion of the received registration message; and (As stated above with respect to claim 1, see at least Alger: 5/21-29; 3/9-18; 15/14-28)
receive, by the DAV service, an authentication response from the issuer based on the authentication message; and (As stated above with respect to claim 1, see at least Alger: 5/21-29; 3/9-18; 15/14-28)
wherein linking the device-based user authentication data with the payment account in the data store of the DAV service is further based on the authentication response indicating authentication, by the issuer, of the user. (As stated above with respect to claim 1, see at least Alger: 10/5-18)
With respect to claims 3, 10, and 17:
	Alger teaches the system of claim 2, the computerized method of claim 9, and the one or more non-transitory computer readable storage media of claim 16, as stated above.
Alger further teaches wherein the authentication response includes a challenge result associated with the issuer challenging the user to provide additional authentication data; and (By disclosing, the wallet server 206 uses the function (f) to compute a result based on the secret information/biometric data retrieved for the user/user device and also based on the challenge and the session data. See at least Alger: 17/6-28)
wherein linking the device-based user authentication data with the payment account in the data store of the DAV service is further based on the challenge result indicating the authentication, by the issuer, of the user based on provided additional authentication data. (As stated above, see at least Alger: 17/6-28)
With respect to claim 5:
	Alger teaches the system of claim 1, as stated above.
 
wherein authenticating the identity of the user based on the authentication request is further based on validation of the biometric data of the received authentication request. (As stated above with respect to claim 1, see at least Alger: 15/14-28; 17/6-28)
With respect to claims 6, 12, and 19:
	Alger teaches the system of claim 1, the computerized method of claim 8, and the one or more non-transitory computer readable storage media of claim 15, as stated above.
Alger further teaches 
wherein the received authentication request further includes a cryptographic proof generated by an approved entity associated with a wallet application of the user; and (By disclosing, when a user registers with the wallet server 206 using the user/payment device 206, the wallet server 206 may generate a fixed cryptogram (cryptographic proof) and download it to the user/payment device 212 in the form of a cookie that will serve as a device fingerprint. See at least Alger: 14/30-15/4)
wherein authenticating the identity of the user based on the authentication request is further based on verification of the cryptographic proof by the DAV service. (As stated above, and by further disclosing, the wallet server 614 may transmit transmit an authorization request to the acquirer 606 including the card details and the transaction cryptogram. See at least Alger: 27/9-19)

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Alger, as applied to claims 1, 8, and 15, and in view of Sheets et al. (WO 2019094071 A1; hereinafter Sheets).
With respect to claims 4, 11, and 18:
he system of claim 1, the computerized method of claim 8, and the one or more non-transitory computer readable storage media of claim 15, as stated above.
	However, Alger does not teach wherein the registration message includes an enrollment signature indicating the user consented to using the device-based user authentication data with the payment account; and wherein linking the device-based user authentication data with the payment account in the data store of the DAV service is further based on validation of the enrollment signature by the DAV service. 
Sheets, directed to biometric validation process utilizing access device and location determination and thus in the same field of endeavor, further teaches 
wherein the registration message includes an enrollment signature indicating the user consented to using the device-based user authentication data with the payment account; and (By disclosing, "validation" may include the act of checking or affirming that information is legitimate. An example may be the act of checking that a digital signature appended to an electronic record is, in fact, legitimate and was signed by the entity that alleges creation of the digital signature. See at least Sheets: paragraph(s) [0049], [0040] & [0042]-[0043])
wherein linking the device-based user authentication data with the payment account in the data store of the DAV service is further based on validation of the enrollment signature by the DAV service. (As stated above, see at least Sheets: paragraph(s) [0040], [0042]-[0043] & [0049])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method and apparatus for streamlined digital wallet transactions teachings of Alger to incorporate the biometric validation process utilizing access device and location determination teachings of Sheets for the benefit of checking or affirming that information is legitimate. (See at least Sheets: paragraph(s) [0049])
Claims 7, 13-14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Alger, as applied to claims 1, 8, and 15, and in view of Dicker et al. (WO 2016196054 A1; hereinafter Dicker).
With respect to claims 7, 13, and 20:
	Alger teaches the system of claim 1, the computerized method of claim 8, and the one or more non-transitory computer readable storage media of claim 15, wherein the at least one memory and the computer program code are configured, with the at least one processor, to further cause the at least one processor to:, as stated above.
	However, Alger does not teach receive, by the DAV service, additional authentication requests associated with a plurality 
Dicker, directed to user interface for loyalty accounts and private label accounts and thus in the same field of endeavor, teaches 
wherein the at least one memory and the computer program code are configured, with the at least one processor, to further cause the at least one processor to: 
receive, by the DAV service, additional authentication requests associated with a plurality of transactions from the payment account, the additional authentication requests including additional device-based user authentication data from the computing device of the user; and (As stated above with respect to claim 1, and by further disclosing, event handling of user touches on touch-sensitive displays also applies to other forms of user inputs (additional device-based user authentication data) to operate multifunction devices 100 with 
authenticate, by the DAV service, the identity of the user, for each additional authentication request, based on the additional device-based user authentication data of the received authentication request matching the device-based user authentication data linked with the payment account in the data store of the DAV service. (As stated above with respect to claim 1, and by further disclosing, event handling of user touches on touch- sensitive displays also applies to other forms of user inputs to operate multifunction devices 100 with input devices, not all of which are initiated on touch screens. For example, mouse movement and mouse button presses, optionally coordinated with single or multiple keyboard presses or holds; contact movements such as taps, drags, scrolls, etc. on touchpads; pen stylus inputs; movement of the device; oral instructions; detected eye movements; biometric inputs; and/or any combination 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method and apparatus for streamlined digital wallet transactions teachings of Alger to incorporate the user interface for loyalty accounts and private label accounts teachings of Dicker for the benefit of faster, more efficient methods and interfaces for linking accounts to an electronic device. (See at least Dicker: paragraph(s) [0005]-[0007])
With respect to claim 14:
	Alger teaches the computerized method of claim 8, as stated above.
Alger further teaches wherein the device-based user authentication data includes one of fingerprint data, facial recognition data, password data, or PIN data; (See at least Alger: 3/9-22; 15/14-28)
Dicker, in the same field of endeavor, further teaches
the method further comprising: 
providing a user interface, on the computing device of the user, to input the biometric data using a first authenticator and an option to input the biometric data using a second authenticator. (By disclosing, mouse movement and mouse button presses, optionally coordinated with single or multiple keyboard presses or holds; contact movements such as taps, drags, scrolls, etc. on touchpads; pen stylus inputs; movement of the device; oral instructions; detected eye movements; biometric inputs; and/or any combination thereof are optionally utilized as inputs corresponding to sub-events which define an event to be recognized. See at least Dicker: paragraph(s) [0165])

Response to Arguments
Applicant's arguments filed 9/28/2021 have been fully considered but they are not persuasive.
In response to applicant’s argument with respect to the 101 rejections that “the specification and claims are directed to reduce network bandwidth usage associated with an issuer by delegating authentication of the identity of the user using device-based user authentication data to the DAV service by the issuer (see paragraph [0020]), which is remote from the computing device of the user” and “Humans cannot mentally process authentication of user identity based on device-based user authentication data by a DAV service that is remote from user computing device. Further, humans cannot mentally match "the biometric data captured by the computing device of the user 
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of .

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLAY LEE whose telephone number is (571)272-3309.  The examiner can normally be reached on Monday-Friday 8-5pm EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571)270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/C.C.L./Examiner, Art Unit 3685                                                                                                                                                                                                        

                                                                                                                                                                                                        /NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685