NONFINAL REJECTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
Applicant's election with traverse of species B with claims 1-14 in the reply filed on 12/24/2021 is acknowledged.  The traversal is on the ground(s) that there would not be a serious burden on the Examiner if restriction was not required because the alleged species include overlapping elements.  This is not found persuasive because as was previously explained the species outlined comprise different physical structures with different corresponding functions.  Furthermore, for the purpose of compact prosecution, the claims and species would be restricted to prevent multiple divergent concepts and functions.
The requirement is still deemed proper and is therefore made FINAL.
Claim Objections
Claims 13-14 are objected to because of the following informalities:  
Claim 13, line 2, limitation “and the mobility service server” is a duplicate limitation within the same claim.
Claim 14, last line, limitation “toke” should be --token--.
Claim 14 includes the limitation “by the first computer, performing a transaction for the user using a previously stored payment method for the user” which is different from the operating methods/functions as used in claim 1, wherein a transactional server performs transactions.  It appears from the elected species and understanding of the invention of the original disclosure, that the claim 14 should read “by the third computer, performing a transaction for the user using a previously stored payment method for the user” corresponding to a third computer of a transactional server.  The first computer as .
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 5-11 and 14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 5 includes another instance of limitation “an authentication identifier” on line 3, which is a duplication limitation of claim 1.  The limitation should be corrected to clearly claim that either the authentication identifier is the same or that another authentication identifier is being claimed.
Claim 6 is rejected due to its dependency.  Furthermore, claim 6 requires clarification for the limitation “the authentication identifier” if such limitation is to be interpreted as a different instance of the authentication identifier.
Claim 7 includes another instance of limitation “an authentication identifier” on line 3, which is a duplication limitation of claims 1 and 5.  The limitation should be corrected to clearly claim that either the authentication identifier is the same or that another authentication identifier is being claimed.
Dependent claims 8-11 are rejected due to their dependency on claims 5-7.
Claim 14 recites the limitation "biometrics server scanned biometric data" in line 5.  There is insufficient antecedent basis for this limitation in the claim.  This limitation is interpreted 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over YI et al. (US 10501055 B1) in view of JEFFERIES et al. (US 8768565 B2).
Re claim 14. YI discloses (i.e. FIG.5) a method (c.16, ll.59 thru c.18, ll.62), comprising: 
receiving, by a first computer (i.e. mobile user device 540 – includes processor 742 in FIG.7 – with biometric capabilities – c.2, ll.9-16) comprising at least one processor (i.e. servers coupled to at least one memory (i.e. memory 744 in FIG.7), a mobility service request (i.e. (2) ride request) from a user 590; and 
authenticating, by a second computer (i.e. FIG.5 – server 520 – user device 540 generates a secret key, and uses the secret key to encrypt the passenger biometric information, encrypted passenger biometric information may be referred to as a passenger secret, user device 540 may send the passenger secret and a ride request that may include information regarding the requested ride… to operation server 510 which sends (3) dispatch request to server 520) comprising at least one processor coupled to at least one memory (FIG.7 – server 720 includes processor 726 to generate VATs with a memory 729 which stores data), biometrics server scanned biometric data for the user (FIG.5 – operation server 510 transmits data back and forth with security server 520 which includes biometric data encrypted with secret, from user obtained by way of user device 540 for the purpose of authentication); 
generating, by the second computer, a biometrics server authentication token (VAT) after authenticating the user (FIG.5 – security server 520 responds with (4) dispatch response (VAT & expiration) which depends on authenticating data such as (security server authenticates by way of secret management 729 in FIG.7, passenger secrets which include obtained biometric data, if such passenger secrets are valid – c.20, ll.66 – c.21, ll.5); 
upon receiving the biometrics server authentication token (FIG.5 – (5) VAT & expiration), by the first computer (i.e. user device 540),
generating, by a third computer (i.e. FIG.5 – vehicle 530) comprising at least one processor coupled to at least one memory (i.e. vehicle 530, similar to vehicle 730 in FIG.7 – includes at least one processor/controller 732 to perform functions and at least one memory 734), a transactional server authentication token (i.e. FIG.5 – (7) VAT – is generated to be transmitted to user device 540 for the purpose of authentication by way of NFC or RFID protocols – transceiver 738 would be controlled by controller 732 during authentication functions) when the transaction is approved (i.e. car rentals which operate in a similar fashion ; and 
upon receiving both the biometrics server authentication token and the transactional server authentication token (i.e. FIG.5 – both VAT from servers 510/520 and VAT from vehicle 530 are required by user device to proceed with functions), by the first computer, providing access to the mobility service (i.e. after user device authenticates proper VATs the determination is made that proper vehicle is obtained and access functions should continue by way of sending secret key to vehicle – since claim does not explicitly claim that first computer itself provides access to a user into a specific device, such as a vehicle).
(c.16, ll.59 thru c.18, ll.62 are listed below for reference)
(54)    FIG. 5 is a simplified diagram 500 illustrating an example of a system and a method for authenticating autonomous vehicles and passengers according to certain embodiments. An autonomous fleet owner or service provider may maintain a transportation service platform, such as control operation dispatch module 318 described above. The transportation service platform may include an operation server 510 and a security server 520, where operation server 510 and a security server 520 may be in a same integrated system at a same physical location or, in most cases, may be separate systems at a same location or at different locations with secure connections between them, such as using secure wired links or buses through various firewalls and secure agents. Operation server 510 may manage user requests and select (or provide options for users to select) vehicles for providing the requested transportation services. Security server 520 may, together with user device, ensure the safety and security of the system as described in details below. 
(55)    An autonomous vehicle 530 may include a vehicle electronic system as described above with respect to FIG. 4. Autonomous vehicle 530 may communicate wirelessly with security server 520 and/or operation server 510 through secure links. Autonomous vehicle 530 may also include various sensors (e.g., LIDARs and cameras) to collect information regarding the environment, the user devices, and the passengers. A user device 540 may include various sensors, such as cameras, touch sensors, RF sensors, and the like, to collect various passenger biometric information. User device 540 may also execute an app to request transportation service and to perform mutual authentication with autonomous vehicles 530 as described in details below. 
(56)    As illustrated in FIG. 5, user device 540 may collect biometric information of passenger 590, such as fingerprints, iris patterns, voice spectra, facial features, and the like. For example, user device 540 may include cameras that can capture high quality images of the passenger's fingers, eyes, or face. User device 540 may also include a voice recorder to record an utterance by the passenger, such as a particular sentence. User device 540 may also include a touch sensor to capture the fingerprint of the passenger. User device 540 may collect any combination of such biometric information of the passenger. 
(57)    User device 540 may then generate a secret key, and use the secret key to encrypt the passenger biometric information. The encrypted passenger biometric information may be referred to as a passenger secret. User device 540 may send the passenger secret and a ride request that may include information regarding the requested ride, such as the source address, destination address, the desire time frame, and the like, to operation server 510. In some embodiments, user device 540 may set an expiration time for the secret key or passenger secret, and send the expiration time in the ride request as well. User device 540 may invalidate or delete the secret key or the passenger secret after the expiration time. 
operation server may then send the identification of the selected vehicle, information regarding the requested service (e.g., source location, destination location, time of service, etc.), the passenger secret, and other information (e.g., expiration time of the passenger secret or secret key) in a dispatch request to security server 520. 
(59)    Security server 520 may generate a vehicle access token (VAT), determine an expiration time for the VAT in the response to the dispatch request, and send the VAT and the expiration time back to operation server 510. The VAT may be for one-time use only. Security server 520 may also sent the passenger secret, the requested service (e.g., source location, destination location, time of service, etc.), the VAT, and the expiration time of the VAT to autonomous vehicle 530 based on the identification of the selected vehicle. In some embodiments, selected autonomous vehicle 530 may download such information from a secure store. 
(60)    Operation server 510 may send the VAT and the expiration time of the VAT to the user device as a response to the ride request. The response may also include some descriptions of the selected autonomous vehicle, such as the model and make and the license number of the selected autonomous vehicle 530. 
(61)    The selected autonomous vehicle 530 may arrive at the source location within a certain time period (e.g., within the expiration time of the VAT and/or the secret key or the passenger secret). User device 540 may read the VAT from autonomous vehicle 530 using, for example, NFC, RF reader, WiFi, WiMax, Bluetooth, ZigBee, or other communication technologies. User device 540 may then compare the VAT read from autonomous vehicle 530 and the VAT received from operation server 510. If the two VATs match, user device 540 may determine that autonomous vehicle 530 is the one dispatched by operation server 510 and/or security server 520. 
(62)    After autonomous vehicle 530 is authenticated by user device 540, user device 540 may send the secret key that it has generated for the ride request to autonomous vehicle 530. Autonomous vehicle 530 may then collect passenger biometric information (e.g., fingerprints, iris patterns, voice spectra, facial features, and the like), decrypt the passenger secret using the secret key to generate expected passenger biometric information, and compare the collected passenger biometric information and the expected passenger biometric information to determine if the person requesting access to the vehicle is the passenger that has requested the transportation service. If the passenger is authenticated, autonomous vehicle 530 may unlock the door and give the passenger the access to the internal of the vehicle. 
(63)    In some embodiments, the passenger secret may be saved at user device 540 and/or security server 520. Because the passenger secret is the result of an encryption and the passenger secret key is saved in each user device. Even if the passenger secret is leaked, it may not be used by an imposter to access a vehicle because the secret key is in user device 540 (and thus other devices may not have the secret key) and because biometric information is collected on-site to verify the passenger (and thus the biometric information of the imposter may not match the decrypted passenger biometric information of the actual requester even if the user device is lost or stolen or the secret key is leaked). 
(64)    In some embodiments, any one of the secret key, passenger secret, and VAT may have an expiration time and may become invalid after the expiration time. In some embodiments, any one of the secret key, passenger secret, VAT, and biometric information of the passenger may expire immediately or may be removed from the user device, autonomous vehicle, operation server, or security server after the mutual authentication completes. 
(65)    In some embodiments, the VAT and the passenger secret (or the secret key) may be renewed or regenerated if the transaction takes too long to complete, such as when autonomous vehicle 530 is stuck in traffic. For example, when autonomous vehicle 530 arrives after the expiration time, either user device 540 or autonomous vehicle 530 may send a request to renew or restart a mutual authentication process, such as generating a new secret key, a new passenger secret, and/or a new VAT and sending them to user device 540 or autonomous vehicle 530.


	However, YI fails to explicitly disclose:
performing a transaction for the user using a previously stored payment method for the user.
One of ordinary skill in the art understands that before proceeding further into authentication/access functions as those disclosed by YI, a secure payment transaction or function should be performed which allows owner or manager of vehicles as in YI, to receive prior payment of fees.
Furthermore, YI explicitly discloses the function of storing payment data, by operation server 710 (c.20, ll.18-20), which would be interpreted by one of ordinary skill in the art as the need to address payment transaction at some point during the process of authenticating and accessing vehicles for rent (FIG.5).
JEFFERIES teaches (abstract) in a similar field of invention of rental vehicles using authentication and access functions (FIG.9) with wireless communication capabilities, involving at least one server device (FIG.11) and a user device carried by a user (FIG.7), wherein a transaction for the user is performed (c.15, ll.61 thru c.16, ll.25 – cited below), using a previously stored payment method (i.e. remote server(s) verify transaction using a credit card associated with user – which requires previously stored payment data) for the user, before the user gains full access to a vehicle (FIG.7-9).
FIG. 7 is a series of example displays and menus that may be shown on the mobile device by a mobile app used by customers to enter data during a non-reservation vehicle pick up process. The user may select that he is picking up a car, or that he wishes to reserve a car (701, 702). Using the camera of the mobile communication device, such as a mobile phone, the customer scans the barcode or QR code on the window decal to download the vehicle information 703. The rental fee and vehicle specific information may then be displayed for the consumer 704. This information may have been embedded in the QR code, or may have been received from the remote servers (e.g. the QR code may have contained a vehicle ID, which may then be sent to the remote servers, which respond with information about the vehicle, and may put a temporary reservation on the vehicle until the transaction either succeeds, or is cancelled/times out). The customer may then select or customize certain reservation criteria, such as the length of time to rent/use the car 705, accept terms and conditions required by the rental or car share service to use the car 706, be offered insurance 707 with its own terms and conditions 708, etc. This information may then be sent to the remote servers to either confirm or reject the reservation based on this information. To perform this operation, the remote servers may consult with a third party, such as a rental or car share server, to transact the reservation. If the reservation is available, and payment succeeds (e.g. a credit card either type into the app or associated with the customer is verified), then the reservation may be confirmed. The confirmation may be transferred to the mobile device, and may also be sent via text or email to the customer email account. At this point, as with a normal reservation, the doors may be unlocked remotely by commands sent by the remote servers.

	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to try performing a transaction for the user using a previously stored payment method for the user as taught by JEFFERIES in order to provide a proper and secure method to obtain payment for vehicle usage during a rental process similar to that of YI.
Allowable Subject Matter
Claims 1-4 and 12-13 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:
Re claim 1. YI discloses (as applied to claim 14 above) a system, comprising: 
a secure distributed network of servers (FIG.5) comprising: 
a biometrics server (i.e. server 520) configured to authenticate a user using biometric data and an authentication identifier for the user (FIG.5), and generate a biometrics server authentication token when the user is authenticated, the user being authenticated when a mobility service is requested by the user; 
a transactional server (i.e. server 510) configured to perform a transaction upon receiving the biometrics server authentication token and the authentication identifier, the transactional server being further configured to generate a transactional server authentication token when the transaction is approved, the transaction allowing the user to access the mobility service.
YI fails to show:
a mobility service server configured to receive the biometrics server authentication token, the transactional server authentication token, and the authentication identifier and provide access to the mobility service.
	Furthermore, YI operates using different functions and system devices with different capabilities.
These features, in combination with the other features of the claims, are not anticipated by, nor made obvious over, the prior art of record.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLOS E GARCIA whose telephone number is (571)270-1354. The examiner can normally be reached M-Th 9-6pm F 9-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian A Zimmerman can be reached on (571)272-3059. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 

CARLOS E. GARCIA
Primary Examiner
Art Unit 2683


/Carlos Garcia/Primary Examiner, Art Unit 2683                                                                                                                                                                                                        1/27/2022