DETAILED ACTION
This is first office action on the merits in response to the application filed on 08/09/2018. 
Claims 1-20 are currently pending and have been examined. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Objection
The claim recites “association between the first user or the first device and the second user or the second device”. The limitation recites conditional language and does not specifically point out the association between the above 4 entities.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 7 and 14-15 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claims 7 and 14 recites BLUETOOTH. It is improper to have trademark or trade name in a claim. See MPEP 2173.05(u).
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
In the instant case, claims 1-11 are directed to a method, claims 12-17 are directed to a system comprising a memory and a processor, and claims 18-20 are directed to a computer program product. Therefore, these claims fall within the four statutory categories of invention.
The claim(s) recite(s) fundamental economic practice. Specifically, the claims recite “receiving a transaction request associated with a first user from a …. where a combination of the first user and the …. lacks an authentication history; determining that the first user or the …. is associated with a second user or a ….; determining that the second user or the …. has been authenticated; generating an affinity score that is representative of the association between the first user or the …. and the second user or the ….; and selecting an authentication requirement for acceptance of the transaction request based on the affinity score”, which is grouped within the “Certain Methods Of Organizing Human Activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because the claims involve a series of steps for receiving transaction request, searching for user data, generating risk score based on user data and processing transaction according to risk score. Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) of the claim(s) such as the use of processor, first and second device merely use(s) a computer as a tool to perform an abstract idea. Specifically, network, memory, processor, data structure and routing network perform(s) the steps or functions of receiving transaction request, searching for user data, generating risk score based on user data and processing transaction according to risk score. The use of a processor/computer as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. The additional elements do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply or use the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (Vanda Memo), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional element(s) of processor, first and second device to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of fundamental economic practice. As discussed above, taking the claim elements separately, processor, first and second device perform(s) the steps or functions of receiving transaction request, searching for user data, generating risk score based on user data and processing transaction according to risk score. These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of fundamental economic practice. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
Dependent claims 2-9 further recites searching user and/or device data. Claim 10-11 further recites processing transaction by receiving authentication input from user based on the risk score. Claim 12 further recites rejection transaction based on risk score. The dependent claims merely elaborate on the abstract idea identified in the independent claims but do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. In addition, because there are no additional elements in the dependent claims, there is nothing further to consider as an ordered combination with the additional elements in the independent claims above. Therefore, the dependent claims are also not patent eligible. Independent claims 13 and 19 are rejected along with the dependent claims because they have the same scope as claim 1-12.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-2, 10-11, 13, 16-17 and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ho et al. (US 20130081125 A1; "Ho"), and further in view of Jones et al. (US 20130262305 A1; "Jones").
With respect to claim 1, 13 and 19:
Ho teaches: (in italic)
where a combination of the first user and the first device lacks an authentication history. (The method further includes receiving a request, including the user identifier, from a second computing device of the user to access the web-based service; in response to the request, attempting to access the assignment data from the second computing device, and receiving a communication from the second computing device indicating that the attempt is unsuccessful; in response to the receiving the communication, providing the second computing device with a network address of one of the non-home transaction nodes. See at least Paragraph [0005])
determining that the first user or the first device is associated with a second user or a second device. (at the one of the non-home transaction nodes, accessing the associated database of the one of the non-home transaction nodes using the user identifier to determine that the user is assigned to the home transaction node. See at least Paragraph [0004][0005])
determining that the second user or the second device has been authenticated. (and in response to the determining that the user is assigned to the home transaction node, transmitting, to the second computing device, code which is adapted to redirect the second computing device to the home transaction node. See at least Paragraph [0004][0005])
generating an [affinity score] that is representative of the association between the first user or the first device and the second user or the second device. (Transaction node accesses database to determine that the user is already assigned to the transaction node, 704 (e.g., using data in FIG. 8C or 8D). Subsequently, one of two paths is followed. One path includes the steps of: Transaction node logs user in to account, allows user to complete enrollment, and updates database, 706 (FIG. 8D), followed by Transaction node shares updates with other transaction nodes, 710. See at least Paragraph [0111])
Ho does not teach the following limitations, however,
Jones teaches: (in italic)
receiving a transaction request associated with a first user from a first device. (Payment transaction program 104 receives a request for transaction data (step 310). See at least Paragraph [0030])
generating an affinity score that is representative of the association between the first user or the first device and the second user or the second device. (And, the method further includes the step of the one or more processors determining whether one or more values in the profile for the current user are within a range of one or more values in the profile for the first user at a confidence level. See at least Paragraph [0006])
selecting an authentication requirement for acceptance of the transaction request based on the affinity score. (In exemplary embodiments, payment transaction program 104 compares the profile for the current user with the profile for the authorized user by comparing one or more values in the profiles and determining whether the one or more values in the profile for the current user are within ranges of the one or more values in the profile for the authorized user at a confidence level. Payment transaction program 104 requires one or more additional authentication means if the one or more values in the profile for the current user are not within ranges of the one or more values in the profile for the authorized user at the confidence level. See at least Paragraph [0021])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method as disclosed by Ho to generate and utilize a affinity score for process transaction accordingly with the features taught by Jones to mitigate risks.
Claim 13, a system with the same scope as claim 1, is rejected.
Claim 19, a computer program product with the same scope as claim 1, is rejected.
With respect to claim 2:
Ho further teaches wherein determining that the second user or the second device has been authenticated comprises: determining that the second user has been authenticated; and wherein determining that the first user or the first device is associated with the second user or the second device comprises: determining that the first user is associated with the second user. (at the one of the non-home transaction nodes, accessing the associated database of the one of the non-home transaction nodes using the user identifier to determine that the user is assigned to the home transaction node; and in response to the determining that the user is assigned to the home transaction node, transmitting, to the second computing device, code which is adapted to redirect the second computing device to the home transaction node. See at least Paragraph [0004][0005])
With respect to claim 10, 16 and 20:
Jones further teaches receiving authentication input from the first device responsive to selecting the authentication requirement; determining whether the authentication input complies with the authentication requirement; and allowing the transaction to proceed responsive to determining that the authentication input complies with the authentication requirement. (If the one or more values in the profile for the current user are not within ranges of the one or more values in the profile for the authorized user (no branch of decision 360), payment transaction program 104 requests the current user to use additional authentication methods (step 370). Responsive to receiving the data of the additional authentication methods in step 370, payment transaction program 104 determines, based on the data received at step 370, whether the current user is the authorized user (decision 380). If payment transaction program 104 determines that the current user is the authorized user (yes branch of decision 380), payment transaction program 104 sends the payment transaction data from NFC device 110 to payment transaction processing system 140 (step 390). See at least Paragraph [0033][0034], Fig. 3:360-390)
Claim 16, a system with the same scope as claim 10, is rejected.
Claim 20, a computer program product with the same scope as claim 10, is rejected.
With respect to claim 11 and 17:
Jones further teaches:
defining a plurality of affinity score ranges; and associating a plurality of authentication requirements with the plurality of affinity score ranges, respectively. (Payment transaction program 104 then requests data analysis program 103 to provide the profile for the current user. Payment transaction program 104 compares the profile for the current user with the profile for the authorized user. In exemplary embodiments, payment transaction program 104 compares the profile for the current user with the profile for the authorized user by comparing one or more values in the profiles and determining whether the one or more values in the profile for the current user are within ranges of the one or more values in the profile for the authorized user at a confidence level. See at least Paragraph [0021])
wherein selecting the authentication requirement comprises: determining that the affinity score is in a first one of the plurality of affinity score ranges; and selecting one of the plurality of authentication requirements corresponding to the first one of the plurality of affinity score ranges as the authentication requirement, wherein receiving the authentication input responsive to selecting the authentication requirement comprises receiving the authentication input responsive to selecting the one of the plurality of authentication requirements corresponding to the first one of the plurality of affinity score ranges. (If the one or more values in the profile for the current user are not within ranges of the one or more values in the profile for the authorized user (no branch of decision 360), payment transaction program 104 requests the current user to use additional authentication methods (step 370). Responsive to receiving the data of the additional authentication methods in step 370, payment transaction program 104 determines, based on the data received at step 370, whether the current user is the authorized user (decision 380). If payment transaction program 104 determines that the current user is the authorized user (yes branch of decision 380), payment transaction program 104 sends the payment transaction data from NFC device 110 to payment transaction processing system 140 (step 390). See at least Paragraph [0033][0034], Fig. 3:360-390)
Claim 17, a system with the same scope as claim 11, is rejected.
Claim(s) 3-6 and 8-9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ho et al. (US 20130081125 A1; "Ho"), and further in view of Jones et al. (US 20130262305 A1; "Jones") of  Tuukkanen et al. (US 20140344728 A1; "Tuukkanen").
With respect to claim 3:
Ho in view of Jones does not teach wherein determining that the first user is associated with the second user comprises: determining that the first user is associated with the second user based on a direct connection on a social media application, an indirect connection on a social media application, a family relationship, a common address, a common phone number, a beneficiary designation, or an emergency contact designation. However, 
Tuukkanen teaches wherein determining that the first user is associated with the second user comprises: determining that the first user is associated with the second user based on a direct connection on a social media application, an indirect connection on a social media application, a family relationship, a common address, a common phone number, a beneficiary designation, or an emergency contact designation. (In one embodiment, the system 100 determines one or more credentials associated with at least one vehicle (e.g., the vehicle 111), at least one device (e.g., a UE 101), at least one user of the at least one vehicle, one or more other users (e.g., a family member or close friend of the at least one user that shares and/or has access to the at least one vehicle), or a combination thereof. By way of example, the at least one device may refer to a mobile device or a UE 101 associated with the at least one user (e.g., the owner of the at least one vehicle) as well as a mobile device or a UE 101 associated with one or more other users (e.g., a family member or close friend that shares and/or has access to the at least one vehicle). See at least Paragraph [0031])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Ho in view of Jones to determine association between users and devices with the features taught by Tuukkanen to provide convenience to customer as suggested by Tuukkanen in Para. [0001]
With respect to claim 4:
Tuukkanen further teaches wherein determining that the second user or the second device has been authenticated further comprises: determining that the second device has been authenticated. (By way of example, at least one user can register the one or more credentials (e.g., a username and password) associated with at least one vehicle and at least one device (e.g., a mobile phone or a tablet) on a single sign-on service that enables a user to access an email account, various applications and/or services, etc. See at least Paragraph [0031])
With respect to claim 5:
Tuukkanen further teaches wherein the first device and the second device are a same device. (In addition, the at least one user can also register one or more credentials of one or more other users that may also use the at least one vehicle from time to time. See at least Paragraph [0031])
With respect to claim 6:
Tuukkanen further teaches 
wherein determining that the second user or the second device has been authenticated comprises: determining that the second device has been authenticated. (By way of example, at least one user can register the one or more credentials (e.g., a username and password) associated with at least one vehicle and at least one device (e.g., a mobile phone or a tablet) on a single sign-on service that enables a user to access an email account, various applications and/or services, etc. See at least Paragraph [0031])
wherein determining that the first user or the first device is associated with the second user or the second device comprises: determining that the first device is associated with the second device. (By way of example, at least one user can register the one or more credentials (e.g., a username and password) associated with at least one vehicle and at least one device (e.g., a mobile phone or a tablet) on a single sign-on service that enables a user to access an email account, various applications and/or services, etc. and the system 100 can thereafter determine that the at least one vehicle and the at least one device are "paired.". See at least Paragraph [0031])
With respect to claim 8:
Ho further teaches wherein determining that the second user or the second device has been authenticated further comprises: determining that the second user has been authenticated. (at the one of the non-home transaction nodes, accessing the associated database of the one of the non-home transaction nodes using the user identifier to determine that the user is assigned to the home transaction node. See at least Paragraph [0004][0005])
With respect to claim 9:
Ho further teaches wherein the first user and the second user are a same user. (at the one of the non-home transaction nodes, accessing the associated database of the one of the non-home transaction nodes using the user identifier to determine that the user is assigned to the home transaction node. See at least Paragraph [0004][0005])
Claim(s) 7 and 14-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ho et al. (US 20130081125 A1; "Ho"), and further in view of Jones et al. (US 20130262305 A1; "Jones") and Tuukkanen et al. (US 20140344728 A1; "Tuukkanen") and Hefetz (US 20120244885 A1; "Hefetz").
With respect to claim 7 and 14:
Ho in view of Jones and Tuukkanen does not teach wherein determining that the first device is associated with the second device comprises: determining that the first device is associated with the second device based on historical connections to WiFi hotspots common to the first device and the second device, historical connections to entities using BLUETOOTHTM that are common to the first device and the second device, contacts in a contact list that are common to the first device and the second device, or amounts of time each of the first device and the second device spend in a defined geographic region, respectively. However, 
Hefetz teaches wherein determining that the first device is associated with the second device comprises: determining that the first device is associated with the second device based on historical connections to WiFi hotspots common to the first device and the second device, historical connections to entities using BLUETOOTHTM that are common to the first device and the second device, contacts in a contact list that are common to the first device and the second device, or amounts of time each of the first device and the second device spend in a defined geographic region, respectively. (For example, with at least two receivers in the same or at different locations, the information received from a plurality of receivers may identify a friend, family or associate of such owner of such mobile voice device walking together with the owner. See at least Paragraph [0168])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Ho in view of Jones and Tuukkanen to determine association between devices using location data with the features taught by Hefetz to accurately determine association.
With respect to claim 15:
Ho further teaches wherein the operations further comprise: determining that the user has been authenticated. (at the one of the non-home transaction nodes, accessing the associated database of the one of the non-home transaction nodes using the user identifier to determine that the user is assigned to the home transaction node; and in response to the determining that the user is assigned to the home transaction node, transmitting, to the second computing device, code which is adapted to redirect the second computing device to the home transaction node. See at least Paragraph [0004][0005])
Claim(s) 12-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ho et al. (US 20130081125 A1; "Ho"), and further in view of Jones et al. (US 20130262305 A1; "Jones") of  Swift et al. (US 20040245330 A1; "Swift").
With respect to claim 12 and 18:
Ho in view of Jones does not teach defining a plurality of affinity score ranges; and associating a plurality of authentication requirements with the plurality of affinity score ranges, respectively; wherein selecting the authentication requirement comprises: determining that the affinity score is in a first one of the plurality of affinity score ranges; rejecting the transaction request responsive to determining that the affinity score is in the second one of the plurality of affinity score ranges. However, 
Swift teaches defining a plurality of affinity score ranges; and associating a plurality of authentication requirements with the plurality of affinity score ranges, respectively; wherein selecting the authentication requirement comprises: determining that the affinity score is in a first one of the plurality of affinity score ranges; rejecting the transaction request responsive to determining that the affinity score is in the second one of the plurality of affinity score ranges. (The method may further comprise declining financial transactions from customers that have scores above a preset threshold of suspicious behavior or suspicious activity. See at least Paragraph [0031])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Ho in view of Jones to reject transaction when affinity score is within a range with the features taught by Swift to mitigate risks.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZESHENG XIAO whose telephone number is (571)272-6627. The examiner can normally be reached 8:30-5 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Z.X./Examiner, Art Unit 3685                                                                                                                                                                                                        
/PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3685