DETAILED ACTION

Status of Claims

Claims 1-20 are currently pending and have been examined in this application.  This NON-FINAL communication is in response to the amendment submitted on 1/18/22. 
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/18/22 has been entered.
 

Response to Arguments



Applicant's arguments filed regarding 101 have been fully considered but they are not persuasive. 

Issue #1
Applicant: The Claims Do Not Recite A Judicial Exception To Patent-Eligible Subject Matter. First, Applicant submits that the instant claims do not recite a judicial exception to patent- eligible subject matter. In the Response to Arguments, the Office Action asserts that "[t]he claims are still directed to a Certain method of organizing human activity (fundamental economic practice or commercial or legal interaction) of authenticating a transaction option with a code." Office Action at page 4.  Applicant respectfully disagrees and refers to Example 37 of the 2019 Revised Patent Subject Eligibility Guidance (2019 PEG), in which the claim limitation of "determining the amount of use of each icon using a processor that tracks how much memory has been allocated to each application associated with each icon over a predetermined period of time" is considered and it is determined that the limitation "does not recite a mental process because the claim, under its broadest reasonable interpretation, does not cover performance in the mind but for the recitation of generic computer components."  Claim 1, 9, and 15 recite limitations generally directed towards (as recited by claim 1) "initiating a multi-factor authentication procedure to verify an identity of the user." Applicant submits that, like Example 37 Claim 2, a multi-factor authentication procedure (MFA) cannot practically be performed in the human mind, but rather, MFA techniques were developed and 

Examiner:  Examiner is not indicating a mental process in the analysis. The claims are still directed to a Certain method of organizing human activity (fundamental economic practice or commercial or legal interaction) of authenticating a transaction option with a code.  

Issue #2
Applicant:  2. The Claims Integrate Any Underlying Abstract Idea Into A Practical Application. Second, even if claims 1, 9, and 15 were to be found as judicial exceptions in prong 1 (which Applicant does not concede), Applicant submits that the claims are integrated into a practical application as applied to prong 2. In the Response to Arguments, the Office Action asserts that "[i]t would appear that instituting the multi-factor authentication during the transaction would be solving a business problem rather than a technical problem (a business benefit rather than a technological benefit)." Office Action at page 6.  While respectfully disagreeing with the Office Action, Applicant has nevertheless amended the independent claims to further prosecution. For example, amended claim 1 recites (emphasis added) "generating, by the computer system as a part of the multi-factor authentication procedure, a plurality of authentication codes, each authentication code of the plurality corresponding to a respective one of the plurality of transaction options, wherein at least one of the plurality of authentication codes is a trap authentication code with a corresponding unavailable transaction option," and "wherein an order in which the plurality of authentication codes and the respective indications are presented varies between secure transactions," and "in response to determining that the particular authentication code is a trap authentication code, denying the secure transaction." Amended claim 1 describes use of a "trap code" in the multi-factor authentication that "[a]s an extra layer of security for the user... a 'trap authentication code,' or simply a 'trap code,' refers to an invalid authentication code that, if used in place of a valid authentication code, causes the secure transaction to be denied." Paragraph [0026] of the specification. Additionally, "[v]arying the order in which the codes are displayed may provide an increase in protection against spyware, such as keystroke recorders and touch sensor recorders, that may be, unknowingly to the user, executing on client computer system 130." Paragraph 

Examiner:  The claims still do not go beyond generally linking to a particular technological environment relying on multi-factor authentication.  The use of multi-factor authentication whether before or during a transaction would have the same net effect for technological security.  The claim indicates that only one trap code may be used, and from the generated codes, the ordering of said codes changes between transactions. This means, there could be two codes generated, one of which is a trap code.  A hacker could decipher between these two codes/indications which are merely flip-flopped/reordered between each transaction - which does not result in a meaningful improvement to security.  The rejection is maintained.  



Applicant’s arguments, see p. 12 ln 6-10, filed 1/18/22, with respect to independent Claims 1, 9 & 15 have been fully considered and are persuasive.  The 103 rejection has been withdrawn. 






	Claim Rejections - 35 USC § 101

35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
The claims are either directed to a system or method, which is one of the statutory categories of invention.  (Step 1: YES).
The Examiner has identified method Claim 1 as the claim that represents the claimed invention for analysis and is similar to system Claims 9 & 15.  Claim 1 recites the limitations of (additional elements emphasized in bold and are considered to be parsed from the remaining abstract idea): 



in response to a request from a user to complete a secure transaction, initiating a multi-factor authentication procedure to verify an identity of the user; in response to successfully verifying, by comparing submitted user credentials to recorded user credentials stored in a memory circuit, the identity of the user, determining, by a computer system, that a plurality of transaction options is available for completing the secure transaction; generating, by the computer system as a part of the multi-factor authentication procedure, a plurality of authentication codes, each authentication code of the plurality corresponding to a respective one of the plurality of transaction options, wherein at least one of the plurality of authentication codes is a trap authentication code with a corresponding unavailable transaction option; sending, by the computer system to a computing device associated with the user, the plurality of authentication codes and respective indications of the corresponding transaction options, wherein an order in which the plurality of authentication codes and the respective indications are presented varies between secure transactions; and causing, in response to receiving a particular authentication code, a selection of the corresponding transaction option based on the particular authentication code, including, in response to determining that the particular authentication code is a trap authentication code, denying the secure transaction.





which is a process that, under its broadest reasonable interpretation, covers performance of the limitation(s) as a Certain method of organizing human activity (fundamental economic practice or commercial or legal interaction) of authenticating a transaction option with a code.  

If a claim limitation, under its broadest reasonable interpretation (BRI), covers performance of the limitation as a certain method of a fundamental economic practice or commercial or legal interaction, then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas.  


Accordingly, the claim recites an abstract idea. (Step 2A-Prong 1: YES. The claims are abstract)
This judicial exception is not integrated into a practical application. Limitations that are not indicative of integration into a practical application include:  (1) Adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea (MPEP 2106.05.f), (2) Adding insignificant extra-solution activity to the judicial exception (MPEP 2106.05.g), (3) Generally linking the use of the judicial exception to a particular technological computer system, computing device, multi-factor authentication, trap authentication code, and memory circuit in Claim 1 are just using generic computer components (as well as the non-transitory CRM, computer system and multi-factor authentication of Claim 9 and memory, processor, device, device screen, computer system and multi-factor authentication of Claim 15).  The computer hardware is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts to no more than generally linking the use of the judicial exception to a particular technological environment or field of use.  Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Therefore claims 1, 9 & 15 are directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and as an ordered combination, they do not add significantly more (also known as an “inventive concept”) to the exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using computer hardware amounts to no more than no more than generally linking the use of the judicial exception to a particular technological environment or field of use.  Generally linking the use of the judicial exception to a particular technological environment or field of use with the use of generic computer components, cannot provide an inventive concept - rendering the claim patent ineligible. Thus claims 1, 9 & 15 are not patent eligible. (Step 2B: NO. The claims do not provide significantly more)  
The dependent claims further define the abstract idea that is present in their respective independent claims and hence are abstract for at least the reasons presented above.  The dependent claims do not include any additional elements (including Claims 5 & 11 – hashing algorithm – which is a computer tool used to implement the abstract idea) that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.  Therefore, the dependent claims are directed to an abstract idea.  Thus, the aforementioned claims are not patent-eligible.
 
	
Conclusion
The prior art made of record, and not relied upon, considered pertinent to applicant' s disclosure or directed to the state of art is listed on the enclosed PTO-892.  
The following is a brief description for relevant prior art that was cited but not applied:	

Hockey (US 20200106764) provides a system for enabling a user to securely authorize a third-party system to access user account data and initiate transactions related to a user account, without disclosing to the third-party system account credentials.

Weiss (US 8234220) provides a method to allow a user to select any one of a plurality of accounts associated with the user to employ in a financial transaction.)

Alves (US 20200265423) provides an offline end-user token generator and method relating ot secure input into an online platform using the tokens. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULMAJEED AZIZ whose telephone number is (571)270-5046. The examiner can normally be reached M-F 7-4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ryan Donlon can be reached on 571-270-3602. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ABDULMAJEED AZIZ/Primary Examiner, Art Unit 3695