DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed May 25, 2022 have been fully considered but they are not persuasive.
With respect to claim 5, Applicant argues that White does not at least describe “receiving, at a client device, a request from a user of the client device to perform a particular transaction at a local transaction device” because White does not describe that the request to conduct a transaction, which is inputted into the workstation [alleged client device], is for a transaction with a local transaction device. Rather, according to White, the requested transaction appears to be a network-based transaction with a remote server such as merchant server system 12 or service provider computer (SPC) system 16.
In response Examiner respectfully disagrees and submits that White does teach or suggest the client limitation: “receiving, at a client device, a request from a user of the client device to perform a particular transaction at a local transaction device.” For example White paragraph [0004], discloses that “The method also includes indicating a desire to conduct at least one transaction and inputting information in a workstation.”; Also paragraph [0101], discloses that “It should be appreciated that transactions 62 are considered to be pending when the user indicates a desire to conduct a transaction 62, but does not biometrically authenticate as required to complete the transaction 62.”); Notice that the initial communication and authentication is between the user device 20 and the local workstation 14 prior to any other communication with the remote server such as merchant server system 12 or service provider computer (SPC) system 16. Accordingly White does teach or suggest the claimed limitation and the rejection should be maintained.
Applicant further argues with respect to claim 5, that White does not teach or suggest “performing, via client risk assessment logic of the client device, an assessment of client configuration data to determine a risk level associated with a client device” because the level of risk (alleged risk level) is extracted from a biometric authentication request sent from the server rather than determined based on an assessment of the configuration data of the workstation or communication device (alleged client device)
In response Examiner respectfully disagrees and submits that the biometric information stored on the workstation or communication device (alleged client device) is part of the workstation or communication device configuration data and for this reason the claim requirement is met and the rejection should be maintained.
Applicant further argues with respect to claim 5, that White does not teach or suggest the claim limitation “performing, by the authentication engine at the client device, one or more authentication transactions based on the risk level and the transaction class, to generate an authentication result,…” because in White, the claimed one or more authentication transactions (e.g., generating…, comparing…, ) are performed at the BAC system 18 rather than at the workstation 14 (alleged client device).
In response Examiner respectfully disagrees and submits as a preliminary matter that the claimed limitation “performing, by the authentication engine at the client device, is not supported by either the specification or the respective figures and diagrams and therefore present new matter as rejected below.
In light of the above, it is Examiner’s position that claims 5 and 9-20 are not patentable over the references of record and the rejection should be maintained.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.


Claims 5, and 9-20, are rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor(s), at the time the application was filed, had possession of the claimed invention.
Lack of Algorithm:
Claim 5 recites “performing, by authentication engine at the client device…”
The specification does not describe the manner in which the claimed functions are achieved. Therefore, the specification does not provide a sufficient written description to demonstrate that applicant had possession of the claimed invention (MPEP 2161.01)

New Matter:
Claim 5 recites “performing, by authentication engine at the client device…”
The specification as originally filed contains no support for the above listed limitations in claims 5.
Applicant’s amendments/arguments filed May 25, 2022 have been considered but are deemed without merit since the applicant argues an invention lacking support in the specification and based entirely on new matter. 
Dependent claims 9-20 are also rejected as they depend from the base claim 5 and therefore rejected by virtue of their dependency from their respective base claims.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5, and 9-19, is/are rejected under 35 U.S.C. 103 as being unpatentable over White et al (hereinafter “White”) U.S. Patent Application Publication No. 2011/0035788 A1 in view of Chaudhury et al (hereinafter “Chaudhury”) U.S. Patent No. 8,856,541 B1 and Tisse et al (hereinafter “Tisse”) U.S. Patent Application Publication No. 2004/0101170 A1 and/or further in view of Bhow U.S. Patent Application Publication No. 2014/0090039 A1

As per claim 5, White discloses a method comprising:
receiving, at a client device, a request from a user of the client device to perform a particular transaction at a local transaction device (0004, which discloses that “The method also includes indicating a desire to conduct at least one transaction and inputting information in a workstation.”; 0101, which discloses that “It should be appreciated that transactions 62 are considered to be pending when the user indicates a desire to conduct a transaction 62, but does not biometrically authenticate as required to complete the transaction 62.”); 
Performing, via client risk assessment logic of the client device, an assessment of client configuration data to determine a risk level associated with a client device (0005, which discloses extracting a level of risk from the biometric authentication request, determining a biometric authentication data requirement corresponding to the extracted level of risk by comparing the extracted level of risk against policy levels of risk included in an authentication policy….” );
Identifying, via assurance level calculation logic of the client device, a transaction class for the particular transaction based on variables associated with the particular transaction (0037, which discloses “identify risk factors associated with conducting network-based electronic payment transactions.”);
performing, by the authentication engine at the client device, one or more authentication transactions based on the risk level and the transaction class, to generate an authentication result, the one or more authentication transactions including:
determining a required assurance level based on the risk level and the transaction class;
receiving biometric input from a user on the client device and comparing the received biometric input with user biometric reference data previously received and stored at the client device to generate a similarity score (0005, which discloses that “determining the biometric authentication data requirement to be the biometric authentication data requirement that corresponds to the policy level of risk that matches the extracted level of risk”);
presenting one or more screen layouts to the user; 
capturing a sequence of images which include the user’s eyes as the one or more screen layouts are displayed; (a) performing eye movement detection across the sequence of images to identify a first correlation between motion of the user’s eyes as the one or more screen layouts are presented and an expected motion of the user’s eyes as the one or more screen layouts are presented and/or (b) measuring the eye’s pupil size to identify a second correlation between an effective light intensity of the screen and its effect on the user’s eye pupil size; and 
generating a current assurance level by combining the similarity score with a first score associated with the first correlation and/or a second score associated with the second correlation (0108, which discloses that “The comparison 114 is such that a numerical score, based on the similarity of the comparison match, is determined for at least one biometric comparison match. It should be appreciated that a numerical score based on the similarity of a comparison match, may be determined for each of a plurality of different biometric comparison matches. Thus, a plurality of numerical scores may also be determined. The numerical scores for each comparison match are combined using any desirable mathematical computation to yield a confidence score, and the user is identified as the authorized user associated with the inputted unique user identifier when the confidence score is at least equal to a predetermined threshold value.”); 
comparing the current assurance level with the required assurance level to generate the authentication result (0108, which discloses that “Thus, a plurality of numerical scores may also be determined. The numerical scores for each comparison match are combined using any desirable mathematical computation to yield a confidence score, and the user is identified as the authorized user associated with the inputted unique user identifier when the confidence score is at least equal to a predetermined threshold value.”);
transmitting, via secure communication logic of the client device, the authentication result, but not data related to the biometric input, from the client device to a remote secure transaction service (0118, which discloses that “The user then obtains 140 the biometric data in accordance with the biometric authentication data requirement 72 using the communications device 20, and transmits 140 the obtained biometric data from the communications device 20 to the BAC system 18.”); and
the remote secure transaction service transmitting a signal to the local transaction device to perform one or more operations if the authentication result is sufficient to complete the transaction (0013, which discloses that “Furthermore, the method includes prompting the workstation user to invoke a security application stored in the communications device, transmitting the biometric authentication request to the authentication system, extracting the level of risk from the biometric authentication request, and determining a biometric authentication data requirement corresponding to the extracted level of risk.”; 0103; 0117; 0118).
What White does not explicitly teach is:
presenting one or more screen layouts to the user; 
capturing a sequence of images which include the user’s eyes as the one or more screen layouts are displayed; (a) performing eye movement detection across the sequence of images to identify a first correlation between motion of the user’s eyes as the one or more screen layouts are presented and an expected motion of the user’s eyes as the one or more screen layouts are presented and/or (b) measuring the eye’s pupil size to identify a second correlation between an effective light intensity of the screen and its effect on the user’s eye pupil size;  
Chaudhury discloses the method comprising:
presenting one or more screen layouts to the user (see fig. 5, which discloses receive first and second facial images; detect movements based on facial images); 
capturing a sequence of images which include the user’s eyes as the one or more screen layouts are displayed (see fig. 5, which discloses receive first and second facial images; detect movements based on facial images); 
(a) performing eye movement detection across the sequence of images to identify a first correlation between motion of the user’s eyes as the one or more screen layouts are presented and an expected motion of the user’s eyes as the one or more screen layouts are presented (col. 3, lines 50-col. 4, lines 8, which discloses that “In some examples, the detection and comparison of eye movements may be referred to herein as "gaze tracking." " For instance, the anti-spoofing programs may cause a computing device to display a moving element (such as a dot, icon, etc.) at a graphical user interface (GUI) provided by the computing device. Additionally, the anti-spoofing programs may detect characteristics of the eye movements, and use the characteristics to compare the eye movements to an expected eye movement pattern that is based on the predetermined movement of the moving GUI element; col. 7, lines 36-61) 
Tisse discloses the method comprising: 
(b) measuring the eye’s pupil size to identify a second correlation between an effective light intensity of the screen and its effect on the user’s eye pupil size (0035, which discloses that “dividing the image into blocks of identical dimensions, the size of which is chosen according to the approximate expected size of the pupil to be localized”);  
Alternatively Bhow discloses the method comprising:
transmitting the authentication result, but not data related to the biometric input, from the client device to a remote secure transaction service (0021, which discloses that “In one example, a method for authenticating a user includes receiving a user request to access a secure system, transmitting a biometric user authentication request to a user mobile device, and obtaining a biometric data from the user.  The method further includes authenticating a user identity utilizing the biometric data, and transmitting a response from the mobile device to the secure system indicating the user identity is authenticated.”); and
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the method of White and incorporate a method further comprising: presenting one or more screen layouts to the user; capturing a sequence of images which include the user’s eyes as the one or more screen layouts are displayed; (a) performing eye movement detection across the sequence of images to identify a first correlation between motion of the user’s eyes as the one or more screen layouts are presented and an expected motion of the user’s eyes as the one or more screen layouts are presented and/or (b) measuring the eye’s pupil size to identify a second correlation between an effective light intensity of the screen and its effect on the user’s eye pupil size in view of the teachings of Chaudhury and Tisse and further in view of Bhow in order to enhance security of the transaction

As per claim 9, White further discloses the method further comprising:
establishing a local communication channel between the client device and the local transaction device (see fig. 1; 0052); and
utilizing the local communication channel for one of the one or more authentication transactions (see fig. 1; 0052).

As per claim 10, White further discloses the method wherein the local communication channel comprises a near field communication (NFC) channel, a Bluetooth communication channel, a Wifi communication channel, or any combination thereof (0052).

As per claim 11, White further discloses the method wherein the client device receives first authentication data from the remote secure transaction service and passes the authentication data to the local transaction device over the local communication channel (0047).

As per claim 12, White further discloses the method wherein the first authentication data comprises a code transmitted to the local transaction device over the local communication channel (0045).

As per claim 13, White failed to explicitly disclose the method wherein the local transaction device comprises a automatic teller machine (ATM) and wherein the one or more operations includes dispensing a user-specified amount of cash.
Bhow discloses the method wherein the local transaction device comprises a automatic teller machine (ATM) and wherein the one or more operations includes dispensing a user-specified amount of cash (0005)
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the method of White and incorporate a method wherein the local transaction device comprises a automatic teller machine (ATM) and wherein the one or more operations includes dispensing a user-specified amount of cash in view of the teachings of Bhow in order to enhance security of the transaction

As per claim 14, White further discloses the method wherein the biometric data comprises fingerprint data, facial image data, voice data, or any combination thereof (0084).

As per claim 15, White further discloses the method, further comprises determining an assurance level that the user of the client device is a legitimate user for the transaction, wherein the assurance level is used to generate the current assurance level (0083; 0090; 0096).

As per claim 16, White further discloses the method wherein the assurance level is determined based, at least in part, on results of one or more non-intrusive authentication techniques in which the user is not required to enter biometric or other user data (0096).

As per claim 17, White further discloses the method wherein the one or more non-intrusive authentication techniques include determining a period of time since a last explicit user authentication (0113).

As per claim 18, White further discloses the method wherein the one or more non-intrusive authentication techniques include collecting and analyzing sensor data from one or more sensors on the client device (0043; 0084 fingerprint sensor data).

As per claim 19, White further discloses the method wherein at least one of the sensors comprises a location sensor indicating a current location of the client device (see claim 29).

As per claim 20, White further discloses the method, wherein a presence of the local communication channel between the client device and the local transaction device is used by the remote secure transaction service to determine a current location of the client device (fig. 1 and associated text; 0048; 0049).

 Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Charles C. Agwumezie whose number is (571) 272-6838. The examiner can normally be reached on Monday – Friday 8:00 am – 5:00 pm.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Hayes can be reached on (571) 272 – 6708.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/CHINEDU C AGWUMEZIE/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        May 27, 2022