Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Acknowledgements
2.	The amendment to claim 3, filed 12/20/2021 is acknowledged.
3.	Claims 1-24 are pending.
4.	Accordingly, claims 1-24 are examined.

Continued Examination Under 37 CFR 1.114
5.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/20/2021 has been entered. 

Response to Amendment/Remarks
35 USC § 101
6.	The Applicant’s argument/remarks that, the pending claims include additional recitations that render the claims eligible for patentability. In particular, for at least the reasons provided below, Applicant respectfully submits that any alleged abstract idea 
Examiner agrees, as this argument is persuasive, therefore the rejection is hereby withdrawn.

35 USC § 112
7.	Applicant’s remarks and argument regarding the 112 rejections as discussed during the interview on 12/15/2021 are persuasive, therefore the rejections are hereby withdrawn. The claims no longer fails to comply with the written description requirement and no longer indefinite based on the parts of the specification referred to by the Applicant during the interview.

35 USC § 103
8.	Applicant is of the opinion that neither Banks nor Wong, alone or in combination, 
discloses or suggests displaying a second application window that at least partially overlaps the first application window displayed on the user device. Instead, Wong simply teaches providing certain information to the mobile device without specifying how presenting the identity decisioning result to the user via the second application window displayed on the user device, as claimed. 
Examiner respectfully disagrees even though the combination of Banks and Wong discloses these limitations emphasized above, examiner has introduced a third reference Gayal et al., (US 9171331 B1) which teaches displaying a second application window that at least partially overlaps the first application window displayed on the user device (col 7 lines 3-15), and  presenting the identity decisioning result to the user via the second application window displayed on the user device (col 7 lines 3-34).


Claim Rejections - 35 USC § 103
9.	In the event the determination of the status of the application as subject to AIA  35
U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in 

10.	Claims 1-24 are rejected under 35 U.S.C. 103 as being unpatentable over Banks et al., (US 20150066765 A1) in view of Gayal et al., (US 9171331 B1) and further in view of Wong et al., (US 20150046339 A1).

11.	With respect to claims 1, 18 and 24, Banks, teaches a method by a server, a system, and a non-transitory computer readable medium (Fig. 3 item 301, ¶¶ [0360])   having a computer program stored thereon, the computer program comprising instructions which, when executed by a processor of a server (Fig. 3 item 300, ¶¶ [0360]) in communication with a third-party server and a user device of a user, cause the processor to: 
receiving, at the processor, a request from the third-party server to confirm an identity of the user, the user attempting a transaction through a third-party website, displayed in a first application window on the user device (Fig. 5 item 500-504, 507, 528, 530-535,  ¶¶ [0374], [0379], [0404], [0406]-[0411], [0413]).
determining, using the processor, a risk level associated with the transaction based on identity verification data retrieved from the user device via the identity decisioning application (¶¶ [0408]-[0409], [0608]).
determining, using the processor, an identity decisioning result based on the risk level associated with the transaction (¶¶ [0408]-[0409], [0608]).
Banks does not explicitly disclose:

displayed on the user device.
presenting, using the processor, the identity decisioning result to the user via the second application window displayed on the user device, wherein determining the identity decisioning result comprises:
determining whether the risk level exceeds a predetermined threshold.
upon determining that the risk level exceeds the predetermined threshold:
selecting, by the processor, at least one identity authentication exam, the user device presenting the at least one identity authentication exam to the user via the second application window displayed on the user device, determining, by the processor, an outcome of the at least one identity authentication exam based on a user response thereto, and determining, by the processor, the identity decisioning result based on the outcome of the at least one authentication exam.
and upon determining that the risk level does not exceed the predetermined threshold, determining, by the processor, the identity decisioning result based on the risk level associated with the transaction.
However, Gayal discloses
displaying, on the user device and using the processor, a second application window presenting an identity decisioning application, the second application window (pop-up window) at least partially overlapping the first application window displayed on the user device (col 7 lines 3-15).

Therefore, it would have been obvious for a person of ordinary skill in the art at the time application was filed to simply modify the request to confirm a user identity in a transaction of Banks in view of Gayal in order to provide a platform for confirming the user identity in a transaction without leaving the webpage.
The combination of Banks and Gayal does not explicitly disclose
determining whether the risk level exceeds a predetermined threshold.
upon determining that the risk level exceeds the predetermined threshold:
selecting, by the processor, at least one identity authentication exam, the user device presenting the at least one identity authentication exam to the user via the second application window displayed on the user device, determining, by the processor, an outcome of the at least one identity authentication exam based on a user response thereto, and determining, by the processor, the identity decisioning result based on the outcome of the at least one authentication exam.
and upon determining that the risk level does not exceed the predetermined threshold, determining, by the processor, the identity decisioning result based on the risk level associated with the transaction.
However, Wong discloses
determining whether the risk level exceeds a predetermined threshold (¶¶ [0009], [0011], [0053]-[0054], [0060], [0065], [0098], [0114]).
upon determining that the risk level exceeds the predetermined threshold:

determining, by the processor, an outcome of the at least one identity authentication exam based on a user response thereto (¶¶ [0009], [0053], [0060], [0065], [0098]), and 
determining, by the processor, the identity decisioning result based on the outcome of the at least one authentication exam (¶¶ [0009], [0053], [0060], [0065], [0098]), and
upon determining that the risk level does not exceed the predetermined threshold, determining, by the processor, the identity decisioning result based on the risk level associated with the transaction (¶¶ [0009], [0053], [0060], [0065], and [0098]).
Therefore, it would have been obvious for a person of ordinary skill in the art at the time application was filed to simply modify the request to confirm a user identity in a transaction of Banks and the pop-up window of Gayal, in view of Wong in order to provide added security to confirming the user identity in a transaction.

12. 	With respect to claims 2 and 19, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 1.
 Furthermore, Banks discloses further comprising sending, using the processor, the identity decisioning result to the third-party server (Fig. 5F item 530-531, ¶¶ [0406]-[0414]).

13. 	With respect to claims 3 and 20, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 1. 
Furthermore Wong teaches, wherein determining the identity decisioning result further comprises selecting, by the processor a success result for the identity decisioning result upon determining that the risk level does not exceed the predetermined threshold or the outcome of the at least one authentication exam is a passing outcome, the third-party website enabling the user to complete the transaction if the identity decisioning result is the success result (¶¶ [0005], [0040]-[0042], [0044], [0048]-[0049]).

14. 	With respect to claim 4, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 1. 
Furthermore, Wong teaches, wherein determining the risk level comprises:
selecting, by the processor, the risk level of the transaction from a list comprising two or more of the following: a high risk level, a medium risk level, a low risk level, or zero risk level, and setting, by the processor, the predetermined threshold to be the lowest risk level in the list.  (¶¶ [0010]-[0011], [0065]-[0066]).

15. 	With respect to claims 5, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 1. 


16. 	With respect to claim 6, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 5. 
Furthermore, Wong teaches, wherein the list of authentication exams comprises at least one of a knowledge-based authentication exam and a one-time password exam (¶¶ [0053], [0065]).

17. 	With respect to claim 7, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 1. 
Furthermore, Wong teaches, wherein selecting at least one authentication exam comprises selecting, by the processor, at least two authentication exams upon determining that the risk level is a high risk level (¶¶ [0009], [0053], [0060], [0065], and [0098).

18. 	With respect to claim 8 and 21, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 1. 
Furthermore, Banks teaches, further comprising generating, by the processor, the at least one authentication exam (“PIN”, ¶¶ [0409]).

claims 9 and 22, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 1. 
Furthermore, Gayal teaches, further comprising providing, using the processor, the at least one authentication exam to the user device, the user device presenting the at least one authentication exam to the user through the identity decisioning application presented on the user device (col 7 lines 3-34).

20. 	With respect to claim 10, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 1. 
Furthermore, Banks teaches, wherein the identity verification data comprises at least one of passive information, login information, and personally identifying information (Fig 5 item 529-530, ¶¶ [0405], [0406]). 
With respect to the limitation “wherein the identity verification data comprises at least one of passive information, login information, and personally identifying information” this is nonfunctional descriptive material as it only describes the data that is contained in the verification data, while the data contained in the verification data is not used to perform any of the recited method steps. Therefore, it has been held the nonfunctional descriptive material will not distinguish the invention from the prior art in term of patentability. (In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP 2111.05), Ex parte Nehls 88 USPQ2d 1883 (BPAI 2008) (precedential).

claim 11, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 10. 
Furthermore, Wong teaches, wherein the login information comprises a username and password associated with the identity decisioning application, the login information provided to the processor by the user through the identity decisioning application. (¶¶ [0053], [0065]).

22. 	With respect to claim 12, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 10. 
Furthermore, Wong teaches, wherein the passive information comprises device identification information associated with the user device, the processor automatically retrieving the device identification information from the user device (¶¶ [0060]).

23. 	With respect to claim 13, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 10. 
Furthermore, Banks teaches, wherein the passive information comprises environmental parameters associated with the transaction, the processor automatically retrieving the environmental parameters from the user device, and the environmental parameters comprising at least one of a timestamp associated with initiation of the transaction and a location of the user device (¶¶ [0412]).

24. 	With respect to claim 14, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 10. 

With respect to the limitation “wherein the personally identifying information comprises at least one of a full name, an address, and a social security number” this is nonfunctional descriptive material as it only describes the data that is contained in the personally identifying information, while the data contained in the personally identifying information is not used to perform any of the recited method steps. Therefore, it has been held the nonfunctional descriptive material will not distinguish the invention from the prior art in term of patentability. (In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP 2111.05), Ex parte Nehls 88 USPQ2d 1883 (BPAI 2008) (precedential).

25. 	With respect to claim 15, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 1. 
Furthermore, Wong teaches, wherein the identity verification data comprises an initial verification data and a secondary verification data, and determining, the risk level associated with the transaction comprises: 
retrieving, using the processor, the initial verification data from the user device (¶¶ [0011]), [0050]-[0055]).  
determining, by the processor, a preliminary risk level of the transaction based on the initial verification data (¶¶ [0011]), [0050]-[0055]).  
upon determining that the preliminary risk level exceeds a preliminary threshold:

determining, by the processor, the risk level associated with the transaction based on the secondary verification data (¶¶ [0009], [0053], [0060], [0065], [0098), and
upon determining that the preliminary risk level does not exceed the preliminary threshold, assigning, by the processor, the preliminary risk level as the risk level of the transaction (¶¶ [0009], [0053], [0060], [0065], and [0098).

26. 	With respect to claim 16, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 15. 
Furthermore, Wong teaches, wherein the initial verification data comprises at least one of device identification information and login information, and the secondary verification data comprises personally identifying information (¶¶ [0009], [0053], and [0060]).
With respect to the limitation “wherein the initial verification data comprises at least one of device identification information and login information, and the secondary verification data comprises personally identifying information” this is nonfunctional descriptive material as it only describes the data that is contained in the “initial verification data”, and “secondary verification data” while the data contained in the “initial verification data”, and “secondary verification data” are not used to perform any of the recited method steps. Therefore, it has been held the nonfunctional descriptive material will not distinguish the invention from the prior art in term of patentability. (In re 

27.	With respect to, claim 17, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 15. 
Furthermore, Wong teaches, wherein the preliminary threshold is a zero risk level (¶¶ [0009], [0086]).
With respect to the limitation “wherein the preliminary threshold is a zero risk level” this is nonfunctional descriptive material as it only describes the data that is contained in the preliminary threshold, while the data contained in the preliminary threshold is not used to perform any of the recited method steps. Therefore, it has been held the nonfunctional descriptive material will not distinguish the invention from the prior art in term of patentability. (In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP 2111.05), Ex parte Nehls 88 USPQ2d 1883 (BPAI 2008) (precedential).

28.	With respect to claim 23, the combination of Banks and Gayal in view of Wong, teaches all the subject matter as described above with respect to claim 18.
Furthermore, Banks teaches, wherein the program code further comprises instructions that, when executed by the processor, cause the processor to perform the step of establishing a secure connection with at least one of the third-party server and 


Conclusion
29.	The prior art made of record and not relied upon:
1)	(US 20090313134 A1) – Faith et al., Recovery of Transaction Information - relates to a consumer account administered by an issuer, and the consumer historical information includes information relating to previous transactions by the consumer for at least one financial transaction account other than the consumer account.
2)	(US 20190141021 A1) – Isaacson et al., System and Method for Provisioning Simplified in Store Purchases and In-APP Purchases using a Use-Interface-Based Payment APT - relates to applying a browser payment API that manages a payment process between a browser on a user device and a store server to brick and mortar shopping. The store server communicates with the user via a browser on the user mobile device to retrieve identification data for products to be purchased by the user, and the server communicates via the browser API to manage the purchase of the product or products.


 30.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to VINCENT IDIAKE whose telephone number is 
(571)272-1284.  The examiner can normally be reached on Mon-Fri 8:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on 571-272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair /PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the 
/VINCENT I IDIAKE/Examiner, Art Unit 3685                                                                                                                                                                                                        /PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3685