DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Broadest Reasonable Interpretation of certain claimed terms
Independent claims 1 and 29 were amended to recite “determining… to bypass the OBO service…”. The specification as filed does not provide a lexicographic definition for the term “bypass”. The customary and ordinary meaning of the term1 to one of ordinary skill is:

    PNG
    media_image1.png
    873
    773
    media_image1.png
    Greyscale



Status of claims
This office action is in response to the amendment received on 10/15/2021.
Claims 1, 29, 35 and 36 were amended.
Claims 2, 3 and 6-22 were canceled.
Claims 1, 4, 5 and 23-37 are pending.
Claims 1, 4, 5 and 23-37 were examined.

Claim Rejections - 35 USC § 101
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

Claims 1, 4, 5 and 23-37 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.

According to MPEP 2106 II, It is essential that the broadest reasonable interpretation (BRI) of the claim be established prior to examining a claim for eligibility. Further, MPEP 2103 I C establishes that the subject matter of a properly construed claim is defined by the terms that limit the scope of the claim when given their broadest which indicates that an additional authentication of the transaction is to be performed on behalf of an issuer of the payment account”; “an authentication response indicating that the additional authentication is to be performed”; “an authentication response indicating that the second transaction is to be performed without an additional authentication.” However, the limitations above refer only to describing the data contents of a message. Claim interpretation can affect the first part of the test (whether the claims are directed to a judicial exception). In an effort to provide compact prosecution, the language identified above in the independent claims was considered as an integral part of the identified abstract idea, however this effort shouldn’t be characterized as providing patentable weight to language that should be granted none. Examiner notes that the analysis of the dependent claims is performed in a similar fashion.
In the instant case, claims 1, 4, 5 and 23-28 are directed to a method, and claims 29-37 are directed to a system. Therefore, these claims fall within the four statutory categories of invention. 
Specifically, the language of the claims directed to an abstract idea are marked in bold below: 
a. “receiving, via a processor, an authentication request of a transaction from a merchant including an account identifier of a payment account”;b. “determining, by the processor, whether to route the authentication request to an issuer domain or an on-behalf of (OBO) service based on a bank identification number (BIN) of the account identifier”;c. “transmitting, via the processor, the authentication request to the OBO service in response to a determination to route the authentication request to the OBO service”;d. “receiving, via the processor, a response message from the OBO service which indicates that an additional authentication of the transaction is to be performed on behalf of an issuer of the payment account”;e. “transmitting, to the merchant, an authentication response indicating that the additional authentication is to be performed;”;f. “receiving, via the processor, a second authentication request of a second transaction from merchant including a second account identifier of a second payment account”;g. “determining, by the processor, to bypass the OBO service with the second transaction based on a BIN of the second account identifier”; andh. “routing, to the second merchant, an authentication response indicating that the second transaction is to be performed without an additional authentication.”
Therefore, the portions highlighted in bold above recite identifying financial data and intermediating data exchange between entities, which is an abstract idea grouped within the certain methods of organizing human activity and mental processes grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)). 

Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).

This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) of the claims include: a processor; storage and the recitation of a service as being an “on-behalf-of” service. Merely using a processor and storage and 

Dependent claims 4, 5, 23-28 and 30-37 further recite the following additional language, in which elements which merely further define the identified abstract idea are marked in bold below:

i) wherein the response message from the OBO service comprises a flag indicating that the additional authentication is to be performed. j) wherein transmitting the authentication response comprises transmitting the authentication response with a flag indicating that the additional authentication is to be performed. k) wherein the additional authentication comprises a biometric authentication. l) wherein the method further comprises loading, via the processor, content into a web browser for performing the additional authentication. m) wherein the loading, via the processor, comprises loading one or more of Hypertext Markup Language (HTML) content, JavaScript content, and i- frame content, into the web browser, for performing a biometric authentication. n) wherein the receiving the authentication request comprises receiving, via the processor, the authentication request from a merchant computer via an application programming interface (API) which provides a connection from the merchant computer to the OBO service. o) wherein the receiving the authentication request comprises receiving, via the processor, the authentication request from a merchant plug-in (MPI) on a consumer device. p) wherein the authentication request comprises an authentication request for an e-commerce card not present (CNP) transaction between a cardholder of the payment account and the merchant. 
With respect to claims 4 and 30, the claims further recite item i) above, which do not introduce additional elements/functions. The additional language merely represents statements directed to non-functional descriptive material by describing what the message "comprises" (i.e. a flag) and what the flag is "indicating". Those statements are insufficient to significantly alter the eligibility analysis.



With respect to claims 23 and 32, the claims further recite item k) above, which do not introduce additional elements/functions. The additional language merely represents statements directed to non-functional descriptive material by describing what the additional authentication - which the claims do not require to perform -"comprises". Those statements are insufficient to significantly alter the eligibility analysis.

With respect to claims 28 and 37, the claims further recite item p) above, which do not introduce additional elements/functions. The additional language merely represents statements directed to non-functional descriptive material by describing what the request "comprises". Those statements are insufficient to significantly alter the eligibility analysis.

Therefore, dependent claims 4, 5, 23, 28, 30, 31, 32, 37, which represent additional language i), j), k), p) do not alter the analysis provided with respect to independent claims 1 and 29. In other words, the claims do not introduce additional elements that would alter the analysis with respect to Steps 2A or 2B above in any meaningful way. Therefore, these dependent claims are also ineligible.


With respect to claims 25 and 34, the claims recite item m) above, which also represent the additional elements/functions of loading content into a web browser. The claims further describe the types of content (i.e. HTML, javascript, i-frame) and the intended use of the “loading” i.e. “for performing a biometric authorization”. Given the broadest reasonable interpretation of these dependent claims, this language further elaborates in the abstract idea of identifying financial data and intermediating data exchange between entities identified above with respect to the independent claims 1 and 29. The additional elements/functions are insufficient to integrate the abstract idea into a practical application because the additional elements/functions do not pertain to an improvement to the functioning of a computer or to another technology. The additional elements/functions do not offer significantly more than the abstract idea, 

With respect to claims 26 and 35, the claims recite item n) above, which represent the additional elements/functions of the claims further detail the "receiving" step by describing from where the request is received (i.e. merchant computer) and further describe details of this entity, which is outside the scope of the claims. Even if weight should be given to the language “via an application programming interface (API) which provides a connection from the merchant computer to the OBO service”, this would merely represent and additional element 
this language further elaborates in the abstract idea of identifying financial data and intermediating data exchange between entities identified above with respect to the independent claims 1 and 29. The additional elements/functions are insufficient to integrate the abstract idea into a practical application because the additional elements/functions do not pertain to an improvement to the functioning of a computer or to another technology. The additional elements/functions do not offer significantly more than the abstract idea, because the additional elements/functions merely further recite additional instructions to implement the abstract idea on a computer. 

With respect to claims 27 and 36, the claims recite item o) above, which represent the additional elements/functions of the claims further detail the "receiving" step by describing from where the request is received (i.e. consumer device) and details of this entity (plug-in), which are outside the scope of the claims.. This language further 

Therefore, while dependent claims 24, 25, 26, 27, 33, 34, 35, 36, which represent additional language l), m), n), o), slightly modify the analysis provided with respect to independent claims 1 and 29, these additional elements/functions are insufficient to render the dependent claims eligible, as detailed above. Therefore, these dependent claims are also ineligible.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 4, 5 and 23-37 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 

Claims 1 and 29 were amended to recite “determining, by the processor, to bypass the OBO service with the second  transaction based on a BIN of the second account identifier; and routing, to the second merchant, an authentication response indicating that the second transaction is to be performed without an additional authentication”. The specification as filed recites, inter alia:
“Further, on-behalf-of services may be made available to all issuers, allowing for an enhanced transaction experience. For example, an issuer may select to utilize risk based decisioning (or "RBD") and an RBD service may be applied to transactions associated with that issuer (or a predetermined subset of accounts associated with the issuer). Pursuant to some embodiments, the authentication network 103 may be configurable for each issuer 112, allowing unique routing per message type and per BIN (or account number) range. For example, some elite cards may be configured to use an on behalf service providing RBD, and all other card types from that issuer may be sent to an ACS for authentication processing...
For example, in some embodiments, a particular issuer may specify that for its top tier account holders, step-up will be performed only for quite large purchases, and when step-up does occur a particular biometric process that is convenient for the account holder will be utilized. In some embodiments, the rules specified by the issuer for the top-tier customer may allow RBD to be by-passed for some or most transactions. The authentication network 103 may determine that a particular issuer-configured rule is applicable to a particular transaction based on the payment account number (or portion thereof, such as the BIN) submitted for the transaction...
In some embodiments, authentication rules may also be subject to configuration by merchants in at least some cases. For example, where the merchant has the customer's account information (and/or payment token) on file and the merchant is well acquainted with the customer (and/or has performed its own risk assessment for the customer with a satisfactory result), the merchant may prefer that RBD/possible step-up by the authentication network 103 be bypassed.
In the scenario of FIG. 8, ID&V is performed without step-up. At block 802 in FIG. 8, the token requestor 202 (FIG. 2) sends an ID&V request to the authentication network 103. Continuing to refer to FIG. 8, at decision block 804, the authentication network 103 (e.g., via directory server 106, FIG. 1), makes a routing determination based on the payment account data (e.g., such as based on the BIN of the payment account). At block 806, the authentication network 103 formulates and sends a message which includes a request for authentication. This message may be sent to an issuer ACS 110 (FIG. 1), with the particular ACS determined and/or the content of the message/request determined at block 804. 
At decision block 808, the issuer ACS 110 selects the desired type of authentication process. At decision block 810, the issuer ACS 110 determines the cardholder's identity and/or determines to what extent there is risk involved in the current authentication request. 
In the illustrative example shown in FIG. 8, the issuer ACS 110 determines that the request is low risk, and transmits (block 812) a response back to the authentication network 103 with the authentication status. Where the authentication is deemed successful, as assumed here, then the response may include a cryptogram or other token such as an "AAV" (account authentication value). 
At block 814, the authentication network 103 may formulate and send a response to the token requestor 202, to indicate the authentication status. Then, at block 816, the token requestor 202 may continue the tokenization process. ” (Emphasis added by Examiner)
Therefore, while the specification recites an "an on behalf service providing RBD" (risk based decision) and that either the issuer or the merchant can set up rules to 

Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1, 4, 5 and 23-37 are rejected under 35 U.S.C. 103 as being unpatentable over Law et al. (US 2015/0134540 A1), in view of Kumnick (US 2015/0112871 A1) and in view of Lanc (US 20080103972 A1).
With respect to claims 1 and 29, Law et al. teach a system, comprising: a storage configured to store program instructions; and a processor coupled to the storage and configured to execute the program instructions (see paragraphs [0087] and [0095]); and a method (Systems and methods for facilitating a transaction using a virtual card on a mobile device) comprising: 

receiving, via a processor, an authentication request of a transaction from a merchant including an account identifier of a payment account (see Fig. 4, block 407 and paragraphs [0084] and [0087]); 
determining, by the processor, whether to route the authentication request to an issuer domain or an on-behalf of (OBO) service (see Fig. 4, determination of virtual card issuer 410 based on some of the virtual card details vs. determining funding card issuer based on a typical process of a merchant sending the funding card details to the merchant acquirer, paragraph [0084]; Fig. 5, payment network determines whether to send transaction to the payment gateway server 506 or directly to the funding card issuer 104, paragraph [0088]; First portion of digits of the PAN refers to the payment gateway server 506 and paragraph [0105]; Fig. 8, 
transmitting, via the processor, the authentication request to the OBO service in response to a determination to route the authentication request to the OBO service (see Fig. 4, step 408, send the virtual card details to the virtual card issuer 401, paragraph [0084]; information routed to the payment gateway server 506. as identified by the first portion of digits of the virtual card's PAN, paragraph [0111]); 
receiving, via the processor, a response message from the OBO service (see the virtual card issuer notifies the merchant acquirer using a corresponding authorization code for the merchant system via the payment network); 
transmitting, to the merchant, an authentication response (see Fig. 8, blocks 807 and 808, authorization response, paragraph [0120]); receiving, via the processor, a second authentication request of a second transaction from merchant including a second account identifier of a second payment account (see Fig. 4, block 407 and paragraphs [0084] and [0087]); routing, to the second merchant, an authentication response (see Fig. 8, blocks 807 and 808, authorization response, paragraph [0120]). 
Although Law et al. disclose declining a payment authorization when an un-expected virtual card data set is received (see paragraph [0113]), and that the routing is performed according to the received BIN (see Fig. 4, determination of virtual card issuer 
While one of ordinary skill in the art could also reasonably convey that the routing determination is inherently disclosed by Law et al., in the interest of compact prosecution Kumnick discloses a method and system (Multi-network token bin routing with defined verification parameters) comprising: 
the determining step is "based on a bank identification number (BIN) of the account identifier" (see paragraphs [0031]-[0033]; "the entity utilizing the table… 
determining, by the processor, to bypass the OBO service with the second  transaction based on a BIN of the second account identifier (see paragraphs [0031]-[0033]; "the entity utilizing the table… can pro grammatically determine which of the payment processing networks are able to process transaction information for different verification schemes" paragraph [0035]; Fig. 1, acquirer computer 106 implementing a transaction routing module 116, paragraph [0048]; acquirer "uses this identified token BIN to determine which (of possibly multiple) 

Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the token BIN "globally" associated with a specific combination of payment processing networks and the BIN translation table as disclosed by Kumnick in the method and system of Law et al., the motivation being to flexibly route the transaction to an eligible network from the set of payment processing networks identified by the entry corresponding to the token's BIN value, in order for acquirers and/or merchants to have the flexibility of choosing between multiple eligible networks (see Kumnick, paragraphs [0006], [0029] and [0031]).


However, Lanc discloses a method and system (Secure authentication and payment system) comprising: 
[the response message from the OBO service] which indicates that an additional authentication of the transaction is to be performed on behalf of an issuer of the payment account (see consumer accounts reviewed when a transaction is made, "hold flag" and paragraph [0113]; user identity validation, paragraph [0114]; checks performed by issuers, appropriate status codes, paragraphs [0145]-[0150]); 
[the authentication response] indicating that the additional authentication is to be performed (see consumer accounts reviewed when a transaction is made, "hold flag" and paragraph [0113]; user identity validation, paragraph [0114]; appropriate status codes, paragraphs [0147]-[0150]); 
[the second authentication response] indicating that the second transaction is to be performed without an additional authentication (see consumer accounts reviewed when a transaction is made, "hold flag" and paragraph [0113]; user 

Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the trusted authentication and payment environment as disclosed by Lanc in the method and system of Law et al. and Kumnick, the motivation being to minimize theft due to misappropriation of financial details (see Lanc, paragraph [0008]).

With respect to claims 4 and 30, the combination of Law et al., Kumnick and Lanc teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. Furthermore, Lanc disclose a method and system wherein the response message from the OBO service comprises a flag indicating that the additional authentication is to be performed (see "hold flag" and paragraphs [0113] and [0114]; transactions that fail issuer validation halted, appropriate status codes, paragraphs [0147]-[0150]). 

With respect to claims 5 and 31, the combination of Law et al., Kumnick and Lanc teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. Furthermore, Lanc disclose a method and system wherein transmitting the authentication response comprises transmitting the authentication response with a flag indicating that the additional authentication is to be performed (see 

With respect to claims 23 and 32, the combination of Law et al., Kumnick and Lanc teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. Furthermore, Lanc disclose a method and system wherein the additional authentication comprises a biometric authentication (see authentication device, paragraph [0115]; Fig. 12, secondary authentication and paragraphs [0116]-[0123]). 

With respect to claims 24 and 33, the combination of Law et al., Kumnick and Lanc teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. Furthermore, Lanc disclose a method and system wherein the method further comprises loading, via the processor, content into a web browser for performing the additional authentication (see authentication in response to on-line transactions/web page and paragraph [0118]). 

With respect to claims 25 and 34, the combination of Law et al., Kumnick and Lanc teaches all the subject matter of the method and system as described above with respect to claims 24 and 33. Furthermore, Lanc disclose a method and system wherein the loading, via the processor, comprises loading one or more of Hypertext Markup Language (HTML) content, JavaScript content), and i- frame content, into the web browser, for performing a biometric authentication (see authentication in response to 

With respect to claims 26 and 35, the combination of Law et al., Kumnick and Lanc teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. Furthermore, Law et al. disclose a method and system wherein the receiving the authentication request comprises receiving, via the processor, the authentication request from a merchant computer via an application programming interface (API) which provides a connection from the merchant computer to the OBO service (see Fig. 30. block 3002, paragraphs [0276] and [0277]). 

With respect to claims 27 and 36, the combination of Law et al., Kumnick and Lanc teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. Furthermore, Law et al. disclose a method and system wherein the receiving the authentication request comprises receiving, via the processor, the authentication request from a merchant plug-in (MPI) on a consumer device (see Fig. 13, e-commerce and internet based transactions, connection 1302 and paragraphs [0177] and [0178]). 

With respect to claims 28 and 37, the combination of Law et al., Kumnick and Lanc teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. Furthermore, Law et al. disclose a method and system wherein the authentication request comprises an authentication request for an e-

Response to Arguments/Amendments
Claim rejections - 35 USC § 101
Applicant’s amendments and arguments (see remarks, pages 6-9, filed on 10/15/2021), with respect to the rejection of claims 1, 4, 5 and 23-37 under 35 USC § 101 as being directed to an abstract idea have been fully considered but are not persuasive. With respect to claim eligibility in claims 1, 4, 5 and 23-37, Applicant asserts “the claims recite additional elements which integrate the claims into a practical application”. Examiner respectfully disagrees. 

It appears the severe disagreement between Applicant and Examiner regarding the broadest reasonable interpretation of the claims still persists. Namely, Applicant asserts: “the claims are directed to a process of determining whether to perform an additional authentication on a payment transaction based on a BIN number of a payment account included in the payment transaction. Thus, the present application determines whether or not to apply an additional authentication to a payment transaction on a transaction-by-transaction basis, using a BIN number of the transaction. This is a new process in the art of payment card processing”. Examiner respectfully disagrees with Applicant’s interpretation of the broadest reasonable interpretation of the claims. It appears that Applicant places undue weight to the claim 
receive an authentication request of a transaction from a merchant including an account identifier of a payment account;
determine whether to route the authentication request to an issuer domain or an on-behalf of (OBO) service based on a bank identification number (BIN) of the account identifier, transmit the authentication request message to the OBO service…
The claims were also further amended to recite:
receive a second authentication request of a second transaction from a second merchant including a second account identifier of a second payment account, 
determine to bypass the OBO service with the second transaction based on a BIN of the second identifier, 
The broadest reasonable interpretation of the claims, however, does not encompass “determining whether to perform an additional authentication on a payment transaction based on a BIN number of a payment account included in the payment transaction”, as this is not recited by the claims. The broadest reasonable interpretation of the claims merely recite receiving a first identifier and routing the message “based on” this identifier. For instance, the claims do not explicitly disclose that this BIN is a generic bin that can be routed to a plurality of distinct entities. The claims merely disclose that a first identifier/BIN is received and the message is routed “based on” the BIN. Therefore, the broadest reasonable interpretation of the claims clearly encompass routing a BIN in a standard way, i.e. receiving a BIN of an OBO service and routing the authentication request accordingly. In this embodiment, the determination of “whether to route” this request to an issuer or OBO service would always resolve to the OBO service, which is the entity the received BIN identifies. Similarly, the claims were always be to “bypass” the OBO service, as since the message was not initially addressed to the OBO service this service will always be “bypassed”.
Applicant further asserts “the BIN number can be used as an indicator for whether or not to route the authentication request to an external authentication service (OBO service) which can invoke an additional authentication (e.g., biometric, etc.) for the payment transaction, or to bypass such service”, which further highlight this disagreement, as Examiner is unpersuaded that the claim language itself reflect this interpretation. The claims do not recite that the BIN is “used as an indicator”, the claims merely recite receiving a BIN and routing a message “based on” this received BIN, and this claim language also encompass the conventional authentication process in which a received BIN is routed according to a routing table.
Applicant further asserts that “the BIN number can be used as an indicator for whether or not to route the authentication request to an external authentication service (OBO service) which can invoke an additional authentication (e.g., biometric, etc.) for the payment transaction, or to bypass such service. In other words, the BIN number 

Further, Applicant asserts “When the system identifies an additional authentication is necessary for the payment transaction, the system can transmit an authentication request to the OBO service…” This language is also not required by the claims. The claims do not require a straightforward connection between the need of “an additional authentication” and routing a message accordingly. The claims merely recite that the routing determination is “based on” the received BIN. Once again Examiner appreciates Applicant’s arguments but is unpersuaded that these arguments can be applied to the claims at issue. In fact, the claims clearly recite that the decision on the need of an additional authentication is provided by the OBO service, after the message is routed (claim language: “receive a response message from the OBO service which indicates that an additional authentication of the transaction is to be performed”.
Applicant further asserts “Some of the benefits of the claimed invention include improving the security of a transaction by providing an additional authentication process 

Applicant further asserts “the present application uses existing payment request message data to perform a new decision and routing process”. Examiner respectfully disagrees, as detailed above, but strongly suggests Applicant to reflect this “new decision and routing process” into the claims at issue. The claims, for instance, need to clearly address this “new decision and routing process” while avoiding encompassing known routing procedures into the broadest reasonable interpretation of the claims. MPEP 2111.01 II quotes “"Though understanding the claim language may be aided by explanations contained in the written description, it is important not to import into a claim limitations that are not part of the claim. For example, a particular embodiment appearing in the written description may not be read into a claim when the claim language is broader than the embodiment." Superguide Corp. v. DirecTV Enterprises, Inc., 358 F.3d 870, 875, 69 USPQ2d 1865, 1868 (Fed. Cir. 2004)”. Examiner once 

Applicant then asserts “In this case, Claim 1 recites the steps taken by a processing device to identify a BIN number from an authentication request, route the authentication request to an OBO service based on a BIN number, and forward additional authentication information to the merchant that is received from the OBO service, for a first transaction. Furthermore, the claims also recite bypassing the OBO service with a second transaction based on a BIN of a second account identifier of the second transaction.”, which is a more representative interpretation of the claim language. However, Applicant further asserts “Thus, the claim recites processing transactions and determining whether an additional authentication is necessary on a transaction-by-transaction basis using a BIN number, which is new in the art.” (Emphasis added by Examiner). Examiner respectfully disagrees with Applicant’s interpretation. Examiner is in the position that one of ordinary skill in the art would also reasonably convey a fairer interpretation of the claims as being directed to routing authentication requests based on a BIN and, when the message includes an identifier of an OBO service, receiving a response indicating that additional authentication is to be performed, while bypassing the OBO service for all other request messages comprising a BIN distinct form the BIN of the OBO service. Examiner also notes that the second authentication request is only required to be routed back to the second merchant from which the request was received. In other words, the broadest reasonable interpretation 

With respect of step 2A, prong one of the analysis, Applicant asserts “Furthermore, the claims also include technical components such as routing a message from a processor to an OBO service, an API, an MPI, and the like. Therefore, even in the broadest reasonable sense, the claims cannot be performed by a human because these features preclude the performance by a human.” Examiner respectfully disagrees with Applicant’s rationale. The rejection clearly identified the abstract idea as being grouped both within “certain methods of organizing human activity” and “mental processes. It appears that Applicant A. overlooks the “certain methods of organizing human activity” grouping and B. incorporates certain additional elements into the abstract idea analysis. MPEP 2016.04(a)(2) II states “The Supreme Court has identified a number of concepts falling within the "certain methods of organizing human activity" grouping as abstract ideas. In particular, in Alice, the Court concluded that the use of a third party to mediate settlement risk is a ‘‘fundamental economic practice’’ and thus an abstract idea. 573 U.S. at 219–20, 110 USPQ2d at 1982. In addition, the Court in Alice described the concept of risk hedging identified as an abstract idea in Bilski as ‘‘a method of organizing human activity’’. Id. Previously, in Bilski, the Court concluded that hedging is a ‘‘fundamental economic practice’’ and therefore an abstract idea. 561 U.S. at 611–612, 95 USPQ2d at 1010. With respect to mental processes, section III of MPEP 2016.04(a)(2) further asserts “Nor do the courts distinguish between claims that recite mental processes performed by humans and claims that recite mental processes 

Lastly, with respect to prong two of step 2A of the analysis, Applicant asserts: “One of the considerations that are indicative that an additional element (or combination of elements) may have integrated the exception into a practical application includes an additional element that reflects an improvement in the functioning of a computer, or an improvement to other technology or technical field. See, Revised Guidance page 55. In this case, the claims are directed towards improving the security of a payment transaction by integrating an enhanced authentication process into an existing payment network that is performed on a "transaction-by-transaction" basis using BIN numbers of the transactions. This is new in the art of payment processing and allows for finely applying authentication such that only certain card transactions have extra processing (and not all). Furthermore, by adding an additional authentication (e.g., biometric, etc.) 



Claim rejections - 35 USC § 112(b)
Applicant’s amendments and arguments (see remarks, page 9, filed on 10/15/2021), with respect to the rejection of claims 29, 35 and 36 under 35 USC § 112(b) have been fully considered. Examiner finds Applicant's arguments persuasive in view of the submitted amendments, therefore the rejections were withdrawn. 

Claim rejections - 35 USC § 103
Applicant’s amendments and arguments (see remarks, pages 9-11, filed on 10/15/2021), with respect to the rejection of claims 1, 4, 5 and 23-37 under 35 USC § 103 have been fully considered but are unpersuasive. Specifically, Applicant recites “Law fails to render obvious the features of Claim 1, because Law fails to describe or suggest, "determining, by the processor, whether to route the authentication request to an issuer domain or an on-behalf of (OBO) service based on a bank identification number (BIN) of the account identifier." Law does not use a BIN to determine whether to route an authentication request for a payment transaction to an OBO service..” As discussed above, there is nothing in the claim language preventing the broadest interpretation of the claims to incorporate the traditional routing of payment transactions “based on” the received BIN. In other words, if the received BIN of the account identifier is the BIN of the OBO service, the traditional determination will be to route to the OBO service. The claims do not require this “BIN” to be a number not tied to the OBO service. Therefore, the distinction argued by Applicant is not made explicit in the claims, and Examiner is unpersuaded that the claim language recites features not disclosed by Law et al.

Applicant further asserts that “Law does not use a BIN number to determine whether to route an authentication request at all, let alone, to determine whether to route an authentication request to an issuer domain or an OBO service. The Office is mischaracterizing the features of Law in an unsuccessful effort to render obvious the claimed feature.” Examiner respectfully disagrees, as one of ordinary skill in the art would reasonably convey that an authorization request in a payment network is routed accorded to the received BIN. Law explicitly recites, in paragraph [0149]:

    PNG
    media_image2.png
    59
    578
    media_image2.png
    Greyscale

Therefore, Examiner is unpersuaded by Applicant’s arguments, as the BIN routing is inherently disclosed by Law et al. However, in the interest of compact prosecution, Examiner provides another reference (Kumnick) which does disclose routing the same BIN to different payment networks, including “bypassing” other networks, which is what Applicant appears to argue. 


Applicant further asserts “Therefore, the "decision" in Law is a decision of whether to route a transaction to one issuer or another.” Examiner agrees with Applicant’s interpretation and this is precisely what the broadest reasonable interpretation of the claims require. Applicant further asserts “However, no authentication is routed. Instead, the reason the funding card details are routed is to perform an account balance check”. Once again, Applicants attempts to differentiate the disclosed steps/functions by their intended use or goal. The question is not whether the routing is performed for one reason or another, the question is whether the reference discloses this routing determination. Applicant agrees that the routing is performed but takes issue with a different reason for routing. Examiner finds this argument unpersuasive as the claims do not require the routing to be performed for a specific reason, but rather merely “based on” a BIN.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Patent Literature
Tieken (US 2009/0070246 A1) discloses electronic financial transaction routing, including determining if one or more network flags are asserted in a network BIN table and then route the transaction according to the network BIN table or according to a least cost network.
Salama et al. (US 2015/0100495 A1) disclose systems and methods for providing tokenized transaction accounts, including use the BIN as a way to route.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDUARDO D CASTILHO whose telephone number is (571)270-1592. The examiner can normally be reached Mon-Fri 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 


/E.C./Examiner, Art Unit 3685                                                                                                                                                                                                        
/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 “Bypass.” Merriam-Webster.com Dictionary, Merriam-Webster, https://www.merriam-webster.com/dictionary/bypass. Accessed 19 Jan. 2022.