DETAILED CORRESPONDENCE
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This non-final office action is in response to the Patent Application filed on 31 May 2019.  Claims 1, 2, 4-7, 11, and 12 are amended and have been carefully considered.  Claims 3 and 8 are cancelled.  Claims 1, 2, 4-7, and 9-12 are pending and considered below.         

Priority
	Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, or 365(c) is acknowledged.  Applicants’ claim of priority to provisional application 62/679697 filed 1 June 2018 and patented application 15/993366 filed 30 May 2018 is recognized, and therefore the instant invention is afforded a priority date of 30 May 2018.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1, 2, 4-7, and 9-12 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.  
The claimed limitations, as per method Claim 1, include the steps of:
A computer-implemented method of isolating personally- identifiable information (PII), comprising: at a server system including one or more processors and memory storing one or more programs for execution by the one or more processors: 
receiving a first set of data that corresponds to a first entity, wherein the first set of data includes PII of a first user associated with the first entity; 
modifying the first set of data by removing the PII of the first user;
training, using a machine learning system, an authentication model for the first entity, including generating a first set of one or more values that correspond to the modified first set of data, wherein the first set of one or more values does not include PII; 
receiving a second set of data that corresponds to a second entity; 
training, using the machine learning system, an authentication model for the second entity, including generating a second set of one or more values that correspond to the second set of data, wherein the second set of one or more values is determined using at least a portion of the first set of one or more values; 
receiving, from a third user, authentication information for a transaction that corresponds to the second entity;
using the second set of one or more values to determine an authentication result that corresponds to the authentication information; and
transmitting the authentication result to a remote device.

Examiner Note: underlined elements indicate additional elements of the claimed invention identified as performing the steps of the claimed invention.

Under Step One of the analysis under the Mayo framework, claims 1, 2, 4-7, 9, and 10 is/are drawn to methods (i.e., a process), claims 12 is/are drawn to a system (i.e., a machine/manufacture), and claim 11 is/are drawn to a storage medium (i.e., a machine/manufacture).  As such, claims 1, 2, 4-7, and 9-12 is/are drawn to one of the statutory categories of invention.

Independent claims 11 and 12 recites/describes identical or nearly identical steps with respect to claim one (and therefore also recite limitations that fall within this subject matter grouping of abstract ideas), and this/these claim(s) is/are therefore determined to recite an abstract idea under the same analysis.

Under Step 2A Prong One of the analysis under the Mayo framework the claim(s) are determined to recite(s) the judicial exception of receiving a first set of data that corresponds to a first entity, wherein the first set of data includes PII of a first user associated with the first entity; modifying the first set of data by removing the PII of the first user; training an authentication model for the first entity, including generating a first set of one or more values that correspond to the modified first set of data, wherein the first set of one or more values does not include PII; receiving a second set of data that corresponds to a second entity; training an authentication model for the second entity, including generating a second set of one or more values that correspond to the second set of data, wherein the second set of one or more values is determined using at least a portion of the first set of one or more values; receiving, from a third user, authentication information for a transaction that corresponds to the second entity; using the second set of one or more values to determine an authentication result that corresponds to the authentication information; and transmitting the authentication result to a remote device.
This judicial exception is similar to abstract ideas related to mental processes including concepts performed in the human mind including an observation, evaluation, judgement, or opinion.

Under Step 2A Prong Two of the analysis under the Mayo Framework, the judicial exception expressed as the steps of the instant claims is not integrated into a practical application because the claims only recite one additional element, the element of using a processor or computing system including a local registry or memory to perform the steps of the claimed abstract idea.  The processor is recited at a high-level of generality (i.e., as a generic processor performing generic computer functions to perform the claimed steps of the invention), and therefore the abstract idea amounts to no more than mere instructions to apply the exception using a generic computer component.  Accordingly, this additional element of performing the inventive steps with a generic computer does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.  Thus the claimed invention is directed to an abstract idea without a practical application.

Under step 2B of the Mayo analysis framework the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional limitations of performing the steps with a computer processor, a display module, and a memory storing machine executable instructions represents insignificant data gathering and data processing steps requiring no more than a generic computer to perform generic computer functions that are well-understood, routine and conventional activities previously known to the industry.  Applicant’s published written description paragraph [22] recites “authentication server 100 typically includes a memory 102, one or more processor(s) 104, a power supply 106, an input/output (I/O) subsystem 108, and a communication bus 110 for interconnecting these components,” written description paragraph [23] recites “processor(s) 104 execute modules, programs, and/or instructions stored in the memory,” written description paragraph [50] recites “Network 130 may be any of a variety of networks, such as a data communications network, the Internet, a local area network, a cellular network, a combination of instances of these types of networks,” written description paragraph [24] recites “memory 102 stores one or more programs (e.g., sets of instructions) and/or data structures, collectively referred to as “modules” herein,”” and written description paragraph [56] recites “Communication systems optionally communicate with networks (e.g., the network 150), such as the Internet, also referred to as the World Wide Web (WWW), an intranet and/or a wireless network, such as a cellular telephone network, a wireless local area network (LAN) and/or a metropolitan area network (MAN), and other devices by wireless communication.”  Thus the claimed inventive steps are performed by generic or general purpose computing systems executing well known and understood instructions and processes which do not comprise significantly more than a known computing system, or comprise improvements to another technological field.
Further, as per MPEP 2106, and TLI Communications LLC v. AV Automotive LLC, 823 F.3d 607, 613, 118 USPQ2d 1744, 1748 (Fed. Cir. 2016) ("It is well-settled that mere recitation of concrete, tangible components is insufficient to confer patent eligibility to an otherwise abstract idea") and as per Intellectual Ventures I LLC v. Capital One Bank (USA), N.A., 792 F.3d 1363, 1366, 115 USPQ2d 1636, 1639 (Fed. Cir. 2015) ("An abstract idea does not become nonabstract by limiting the invention to a particular field of use or technological environment, such as the Internet [or] a computer") simply performing the steps of an abstract idea by a computing apparatus does not make an inventive concept statutorily eligible.  Therefore, it is clear from Applicants’ specification that the elements and modules in the claims require no more than a generic computer (e.g., a general-purpose computing device) to perform generic computer functions (e.g., accessing, transmitting/receiving, sorting, and storing data) that are well-understood, routine and conventional activities previously known in the industry. None of the limitations, considered as a whole and as an ordered combination provide eligibility, because the steps of the claims simply instruct the practitioner to implement the abstract idea with routine, conventional activity.
Viewing the additional limitations in combination also shows that they fail to ensure the claims amount to significantly more than the abstract idea. When considered as an ordered combination, the additional components of the claims add nothing that is not already present when considered separately, and thus simply append the abstract idea with words equivalent to “apply it” on a generic computer and/or mere instructions to implement the abstract idea on a generic computer, generally link the abstract idea to a particular technological environment or field of use, and append the abstract idea with insignificant extra solution activity associated with the implementation of the judicial exception, (e.g., mere data gathering).
Dependent claims 2, 4-7, 9 and 10 are directed to the judicial exception as explained above for Claim 1, and are further directed to limitations detailing a second set of data including personally identifiable information of a second user, authentication information as an image, authentication result is a validation fault, definition of a validation device and remote device, and the encryption of first and second set of data.  These limitations or processes are considered to be executed by the general purpose computing system as explained above, and therefore do not result in the claimed invention being directed to a practical application or comprise significantly more than the identified abstract idea.
Dependent claims 2, 4-7, 9 and 10 do not add more to the abstract idea of independent Claims 1, 16, and 20 and therefore are rejected as ineligible subject matter under 35 U.S.C. 101 based on a rationale similar to the claims from which they depend.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1, 2, 4-7, and 9-12 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Rodriguez (20170286765).

Claims 1, 11, and 12:	Rodriguez discloses a computer-implemented method, storage medium, and system of isolating personally- identifiable information (PII), comprising: 
at a server system including one or more processors and memory storing one or more programs for execution by the one or more processors ([30-37, Fig. 1A]): 
receiving a first set of data that corresponds to a first entity, wherein the first set of data includes PII of a first user associated with the first entity ([5 “scanning or capturing, by an application on a client device, the image of the first physical identification document and transmitting the image to the authentication manager,” 52 “client device can capture an image of a candidate ID and upload the image to an authentication server of the system,”]); 
modifying the first set of data by removing the PII of the first user ([105 “hashing manager 900 can encrypt the parsed PII by applying a cryptographic hash function to the PII. The cryptographic hash function can include secure hash algorithm (SHA) 1, SHA 2, SHA 3, message-digest (MD) 5, MD 6, or other hashing functions,” 106, 107]);
training, using a machine learning system, an authentication model for the first entity, including generating a first set of one or more values that correspond to the modified first set of data, wherein the first set of one or more values does not include PII ([98 “authentication manager can include a machine learning algorithm that is configured to determine whether the extracted characteristics match those extracted from known valid ID documents,” 101 “digest is generated by processing the PII with a hashing function to generate an encrypted hashed key. For any unique PII input into the hashing function, the process generates a unique digest of a predetermined length,”]); 
receiving a second set of data that corresponds to a second entity ([96 “capture an image of the front and back of an ID document….authenticator application 212 can remove the background and other portions of the images from the captured image to leave substantially only the ID document in the captured image,” 111 “first set of characteristics and a second set of characteristics. The first set of characteristics can any of the physical characteristics of the ID document….second set of characteristics can include a name, an address, a social security number, an identification number, banking information, a date of birth, a driver's license number,”]); 
training, using the machine learning system, an authentication model for the second entity, including generating a second set of one or more values that correspond to the second set of data, wherein the second set of one or more values is determined using at least a portion of the first set of one or more values ([97, 98 “authentication manager can include a machine learning algorithm that is configured to determine whether the extracted characteristics match those extracted from known valid ID documents,” 99, 101 “digest is generated by processing the PII with a hashing function to generate an encrypted hashed key. For any unique PII input into the hashing function, the process generates a unique digest of a predetermined length,”]); 
receiving, from a third user, authentication information for a transaction that corresponds to the second entity ([3 “personal identifiable information can be useful in processes such as client enrollment, mobile device management, identification processes, and transaction audits,” 36, 37, 54 “system 200 can also include one or more client devices 102. Each client device 102 executes an instance of the authenticator application 212. Each client device 102 may include a camera 214 for scanning or otherwise reading an ID document 216 (also referred herein as ID cards),” 96-99]);  Examiner Note: Examiner, under a broadest reasonable explanation, considers the disclosures of Rodriguez with respect to scanning and verifying the identifications of multiple user identification information during multiple transactions to include first, second, and third users as claimed.
using the second set of one or more values to determine an authentication result that corresponds to the authentication information ([99 “authenticator application displaying a valid determination after determining a presented ID document is valid. As illustrated, the authenticator application can also display additional information, such as the classification and personal information either determined by the authenticator server or extracted from the barcode on the ID card,”]); and
transmitting the authentication result to a remote device ([35 “server 106A can then present a response to the client's request using a web interface, and communicate directly with the client 102 to provide the client 102 with access to an identified application,” 95 “authenticity determination can be transmitted to a client device for display,” 99]).  

Claim 2:	Rodriguez discloses the method as for Claim 1 above, and Rodriguez further discloses wherein the first set of data includes personally identifiable information of a first user associated with the first entity and the second set of data includes personally identifiable information of a second user associated with the second entity ([102 “authenticator server 201 also includes a database 206 that stores a data structure of priori knowledge sets 208 that are used to analyze IDs,” 103]). 

Claim 4:	Rodriguez discloses the method as for Claim 1 above, and Rodriguez further discloses wherein the authentication information includes an image of an authentication document ([52]).  

Claim 5:	Rodriguez discloses the method as for Claim 1 above, and Rodriguez further discloses wherein the authentication result is a validation fault ([98, 99]).  

Claim 6:	Rodriguez discloses the method as for Claim 1 above, and Rodriguez further discloses wherein: 
the remote device is a validation device ([52 “server can analyze the extracted physical characteristics and compare the extract characteristics against a database of characteristics extracted from known valid ID documents,” 53 “authentication server,”]); 
information that corresponds to the authentication result is output by the validation device with a prompt for validation information ([32 “application output generated by an application remotely executing on a server 106 or other remotely located machine. In these embodiments, the client device 102 can display the application output in an application window, a browser, or other output window. In one embodiment, the application is a desktop, while in other embodiments the application is an application that generates a desktop,”]); and 
the method includes receiving the validation information from the validation device ([32]).  

Claim 7:	Rodriguez discloses the method as for Claim 1 above, and Rodriguez further discloses: 
wherein the remote device is a user device of the third user ([32]); and 
information that corresponds to the authentication result is output by the user device ([30-32]).  

Claim 9:	Rodriguez discloses the method as for Claim 1 above, and Rodriguez further discloses: 
wherein the first set of data is encrypted while the first set of one or more values that correspond to the first set of data is determined ([57 “encryption markers,” 101-106]).  

Claim 10:	Rodriguez discloses the method as for Claim 1 above, and Rodriguez further discloses: 
wherein the second set of data is encrypted while the second set of one or more values that correspond to the first set of data is determined ([57 “encryption markers,” 101-106]).  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Please see attached References Cited form 892
See Huffman et al., (20200403992) for disclosures related to the implementation of a trusted mobile device for identification verification.  See at least paras. [52]-[57].
See Palanichamy (20190034808) for disclosures related to the storage of personally identification information in a data bank and the verification of PII during transactions.  See at least paras. [24]-[29].
See Fishler et al. (20190012609) for disclosures related to coordinating the PII obtained by an on-premises system with PII held in an off premises location for identity verification.  See at least paras. [69]-[83].
See Tussy (20180218139) for disclosures related to enrolling and authenticating users with device cameras and associated biometric information.  See at least paras. [42]-[57].
See Geiman et al. (20180219681) for disclosures related to the storage of personal identification information on a remote system and accessing the stored information for various purposes.  See at least paras. [58]-[64].
See MacDonald (20180089503) for disclosures related to authenticating a user based on captured image data captured with a mobile computing device.  See at least paras. [28]-[34].
See Ramani et al. (20090180698) for disclosures related to the generation of an authentic document by processing an electronic version and determine authentication parameters.  See at least paras. [20]-[27].
Any inquiry concerning this communication or earlier communications from the examiner should be directed to David Stoltenberg whose telephone number is (571) 270-3472. 
The examiner can normally be reached on Monday-Friday 8:30AM to 5:00PM EST.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Waseem Ashraf, can be reached on (571) 270-3948.  The fax phone number for the organization where this application or proceeding is assigned is (571)-273-8300, or the examiner’s direct fax phone number is 571 270 4472.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published application may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center at (866) 217-9197 (toll free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.

/DAVID J STOLTENBERG/Primary Examiner, Art Unit 3682