DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Applicant’s Amendment filed March 15, 2022.  Claims 1-2, 4-6, 8-10, 21-22, 24-27, and 29-33 are pending and under examination in this case.  Claims 1, 2, 6, 21, and 26, are currently amended.  Claims 3, 7, 11-20, 23, and 28 were previously canceled.  
Response to Arguments
Applicant's arguments filed March 15, 2022, have been fully considered but they are not persuasive. 
Applicant argues, regarding claims 1-2, 4-6, 8-10, 21-22, 24-27, and 29-33 that the claims recite statutory subject matter.
Examiner respectfully disagrees. 
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional element(s) of using a datastore and transaction terminal to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of authenticating access to an account by verifying the identity of a cardholder by comparing information in a previously generated profile of the cardholder’s characteristics with cardholder characteristics received with the request to access the account. Taking the claim elements separately, the payer device and payee device perform(s) the steps or functions of collecting heartrate information, determining heartrate characteristics, storing a heartrate profile, receiving a request to authenticate access to an account, retrieving a heartrate profile, retrieving an activity profile, determining a mode of transportation, determining an expected range of heartrate values, selectively authenticating access to the account.  These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of requesting and making a payment. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05 (f) & (h)). Therefore, the claim is not patent eligible.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-2, 4-6, 8-10, 21-22, 24-27, and 29-33 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
In the instant case, claims 1-2, 4-6, 8-10, and 31 recite a method, claims 21-22, 24-25, and 32 recite a system, while claims 26-27, 29-30, and 33 recite a nontransitory computer-readable medium.  Therefore, these claims fall within the four statutory categories of invention.
The claims recite authenticating access to an account by verifying the identity of a cardholder by comparing information in a previously generated profile of the cardholder’s characteristics with cardholder characteristics received with the request to access the account. Specifically, the claims recite collecting heartrate information, determining heartrate characteristics, storing a heartrate profile, receiving a request to authenticate access to an account, retrieving a heartrate profile, retrieving an activity profile, determining a mode of transportation, determining an expected range of heartrate values, selectively authenticating access to the account, and rejecting a transaction, which is grouped within the “certain methods of organizing human activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because the claims recite describe a transaction that involves authenticating access to an account by verifying the identity of a cardholder by comparing information in a previously generated profile of the cardholder’s characteristics with cardholder characteristics received with the request to access the account. Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January7, 2019)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) of the claim(s) such as a datastore and a transaction terminal, merely use a computer as a tool to perform an abstract idea and/or generally link the use of a judicial exception to a particular technological environment. Specifically, the transaction terminal and datastore perform the steps or functions of collecting heartrate information, determining heartrate characteristics, storing a heartrate profile, receiving a request to authenticate access to an account, retrieving a heartrate profile, retrieving an activity profile, determining a mode of transportation, determining an expected range of heartrate values, selectively authenticating access to the account, and rejecting the transaction.  The use of a datastore and transaction terminal as a tool to implement the abstract idea and/or generally linking the use of the abstract idea to a particular technological environment does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea.
The additional elements do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply or use the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (Vanda Memo), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional element(s) of using a datastore and transaction terminal to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of authenticating access to an account by verifying the identity of a cardholder by comparing information in a previously generated profile of the cardholder’s characteristics with cardholder characteristics received with the request to access the account. As discussed above, taking the claim elements separately, the payer device and payee device perform(s) the steps or functions of collecting heartrate information, determining heartrate characteristics, storing a heartrate profile, receiving a request to authenticate access to an account, retrieving a heartrate profile, retrieving an activity profile, determining a mode of transportation, determining an expected range of heartrate values, selectively authenticating access to the account and processing the transaction.  These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of requesting and making a payment. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05 (f) & (h)). Therefore, the claim is not patent eligible.
Dependent claims 2, 4-6, 8-10, 22, 24-15, 27, and 29-33 further describe the abstract idea of requesting and making a payment. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible.    
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-2, 4-5, 9-10, 21-22, 24-27, and 29-33 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claims 1, 21, and 26 –
The claims recite, in newly-added language, the limitation of “determining, by the ML model based on the range of heartrate values, that the first client is within the recovery period of the first exertion variance corresponding to the first mode of client transportation, and the recovery period of the first exertion variance applied to the baseline heartrate, an expected range of heartrate values for the first client”. 
We note that the said limitation is vague and unclear, because it is unclear whether the determination that is being made in this step is “that the first client is within the recovery period of the first exertion variance corresponding to the first mode of client transportation,” or whether the determination is “an expected range of heartrate values for the first client” and this expected range is based on the earlier determination “that the first client is within the recovery period of the first exertion variance corresponding to the first mode of client transportation.” 
Claims 2, 4-6, 8-10, 22, 24-15, 27, and 29-33 are rejected on similar grounds since each depends form claim 1, 21, or 26.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-5, 8-10, 21-22, 24-27, and 29-33 are rejected under 35 U.S.C. 103 as being unpatentable over Hong (US 2014/0288390) in view of Buchheim et al (US 2012/0150052), Fithian et al (US 2011/0169603), Breslow et al (US 2016/0374567), and Xing (US 2017/0243195) and further in view of Kohli (US 2017/0223017).
Regarding claims 1, 21, and 26 -
Hong teaches capturing, by a plurality of heartrate monitoring devices, real-time heartrate information for a plurality of clients (par 109, 130, 125-126) of a service provider:
building, by a server in response to receiving the real-time heartrate information from the plurality of heartrate monitoring devices, a heartrate profile for each client, the heartrate profile comprising, for each client, a baseline heartrate and a plurality of exertion variances; (par 130, 430, 375)
wherein the heartrate of the cardholder is captured by at least one of the plurality of heartrate monitoring devices; (par 109, 130, 125-126)
retrieving by the server an activity profile for the first client associated with the account, the activity profile comprising location information over time for the client; (par 109, 124)
determining, by the server, that the heartrate of the cardholder is not within the expected range of heartrate values. (par 124-136, 209-217, 375, 431)  
Hong does not specifically teach each exertion variance comprising a range of heartrate values and a recovery period for the client and the corresponding mode of client transportation, the recovery period corresponding to an amount of time for a client heartrate having the respective exertion variance to return to the associated baseline heartrate following the client engaging in the corresponding mode of client transportation.
Buchheim teaches each exertion variance comprising a range of heartrate values and a recovery period for the client and the corresponding mode of client transportation, the recovery period corresponding to an amount of time for a client heartrate having the respective exertion variance to return to the associated baseline heartrate following the client engaging in the corresponding mode of client transportation. (par 29-30, 39-40).
It would be obvious to one of ordinary skill in the art to combine Hong and Buchheim in order to obtain a more complete client profile.
Hong does not specifically teach determining, by the server a first mode of client transportation of the plurality of modes of client transportation based on the activity profile of the first client and a first exertion variance of the plurality of exertion variances corresponding to the first mode of client transportation based on the heartrate profile of the first client. 
Fithian teaches determining, by the server a first mode of client transportation of the plurality of modes of client transportation based on the activity profile of the first client and a first exertion variance of the plurality of exertion variances corresponding to the first mode of client transportation based on the heartrate profile of the first client. (fig2, par 5, 11, 25, 28-30, 33, 37). 
Hong does not specifically teach determining, by the server, based on respective differences between the exertion variances of each mode of client transportation, that the first client is within the recovery period of the first exertion variance corresponding to the first mode of client transportation.
Fithian teaches determining, by the server, based on respective differences between the exertion variances of each mode of client transportation, that the first client is within the recovery period of the first exertion variance corresponding to the first mode of client transportation. (fig2, par 5, 11, 25, 28-30, 33, 37). 
Hong does not specifically teach determining, by the server based on the range of heartrate values, that the first client is within the recovery period of the first exertion variance corresponding to the first mode of client transportation, and the recovery period of the first exertion variance applied to the baseline heartrate, an expected range of heartrate values.
Fithian teaches determining, by the server based on the range of heartrate values, that the first client is within the recovery period of the first exertion variance corresponding to the first mode of client transportation, and the recovery period of the first exertion variance applied to the baseline heartrate, an expected range of heartrate values. (fig2, par 5, 11, 25, 28-30, 33, 37). 
It would be obvious to one of ordinary skill in the art to combine Hong, Buchheim and Fithian in order to obtain a more complete client profile.
Hong does not specifically teach a machine learning model executing on a server.
Breslow teaches a machine learning model executing on a server. (par 132, 154)
Hong does not specifically teach wherein the ML model is trained based on training data comprising location data and heartrate data for a plurality of users.  
Breslow teaches wherein the ML model is trained based on training data comprising location data and heartrate data for a plurality of users.  (par 103-104, 123-125, 139).
It would be obvious to one of ordinary skill in the art to combine Hong, Buchheim and Fithian with the machine learning of Breslow in order to obtain greater agility in transaction security.
Hong does not specifically teach receiving, by the server from a transaction terminal, a request to authenticate access to an account maintained by the service provider, the request comprising a token and a heartrate of a cardholder issuing the request.
Xing teaches receiving, by the server from a transaction terminal, a request to authenticate access to an account maintained by the service provider, the request comprising a token. (par 62)
Hong, in view of Fithian does not specifically teach rejecting by the server the requested access to the account based on the determination that the heartrate of the cardholder is not within the expected range of heartrate values for the first client.
However, Fithian teaches a determination that the heartrate of the cardholder is not within the expected range of heartrate values for the first client. (fig2, par 5, 11, 25, 28-30, 33, 37).
Xing teaches a heartbeat authentication. (par 7, 11, 53) 
Hong does not specifically teach rejecting, by the server, a transaction for the account based on the rejection of the requested access to the account by the cardholder. 
Xing teaches rejecting, by the server, a transaction for the account based on the rejection of the requested access to the account by the cardholder. (par 62)  
It would be obvious to one of ordinary skill in the art to combine Hong, Buchheim, Fithian, and Breslow with Xing in order to obtain greater transaction security through the addition of multiple layers of authentication.
Hong does not specifically teach receiving, by the server from a transaction terminal, the request comprising a heartrate of a cardholder issuing the request.
Kohli teaches the request comprising a heartrate of a cardholder issuing the request. (par 26, 33, 36-38, 41-44, 47-48)
Hong does not specifically teach retrieving, by the server, a heartrate profile for a client associated with the account.
Kohli teaches retrieving, by the server, a heartrate profile for a client associated with the account. (par 26, 33, 36-38, 41-44, 47-48)
It would be obvious to one of ordinary skill in the art to combine Hong, Buchheim, Fithian, and Breslow, with Xing and Kohli in order to obtain greater transaction security.
Regarding claims 2, 22, and 27 –
Hong teaches that the server rejects the transaction as fraudulent, that each exertion variance is associated with a change in heartrate over a corresponding baseline heartrate. (par 124-136, 209-217, 375, 431), wherein the plurality of heartrate monitoring devices include: (i) one or more smart watches, and (ii) one or more wearable fitness trackers. (abs, par 159)
Fithian teaches each exertion variance associated with one of a plurality of modes of client transportation. (fig2, par 5, 11, 25, 28-30, 33, 37).
Regarding claims 4, 24, and 29 –
Hong teaches that the activity profile of the first client comprises a plurality of location information related to a location of the first client during a corresponding plurality of time intervals. (par 209-217)
Regarding claims 5, 25, and 30 –
Fithian teaches that the mode of transportation includes walking, driving, biking, standing, running or a combination thereof. (fig2).
Regarding claim 9-
Hong teaches analyzing, by the server, the location information to determine variations in a rate of travel of the cardholder; (par 124-136)
attributing, by the server, a plurality of modes of transportation to the cardholder in response to the variations in the rate of travel. (par 124-136)
Fithian teaches associating, by the server, the range of heartrate values of the exertion variance with the mode of travel. (fig2, par 5, 11, 25, 28-30, 33, 37)
Regarding claim 10 -
Xing teaches that the token is provided by a card or a transmitting device, and wherein the token is presented to the transaction terminal by one of insertion of the card, swiping of the card, or by network communication with the transmitting device. (par 62).
Regarding claim 31, 32, and 33 –
Breslow teaches wherein the ML model is trained to associate heartrate values with one or more of the plurality of modes of client transportation based on the training data. (par 103-104, 123-125, 139)
Claims 6 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Hong (US 2014/0288390) in view of Buchheim et al (US 2012/0150052), Fithian et al (US 2011/0169603), Breslow et al (US 2016/0374567), and Xing (US 2017/0243195) and further in view of Kohli (US 2017/0223017) and He et al (US 2017/0220838).
Hong, in view of Buchheim, Fithian, Breslow, Xing, and Kohli, discloses as above.
Regarding claim 6 –
He teaches requesting, by the server based on rejecting the requested authentication, additional authentication from the first client; (par 79)
receiving, by the server, the additional authentication from the first client; (par 79)
authenticating, by the server, the requested access to the account based on the additional authentication; (par 79) and
processing, by the server, the transaction for the account based on the authentication. (par 79)
It would be obvious to one of ordinary skill in the art to combine Hong, Buchheim, Fithian, and Breslow, with Xing, Kohli, and He in order to obtain greater transaction security though multiple layers of authentication while adding the convenience of alternative methods of authentication.
Regarding claim 8 –
Xing teaches denying access to the cardholder by the server (par 48-49)
Kohli teaches a determination that the heartrate of the cardholder is outside the expected range of heartrate values for the first client. (par 26, 33, 36-38)
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CRISTINA OWEN SHERR whose telephone number is (571)272-6711. The examiner can normally be reached Monday-Friday, 8:30 - 5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Mohammad A. Nilforoush/Primary Examiner, Art Unit 3685