DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Applicant filed a response dated December 28, 2021 in which claims 1, 2, 3, 7, 8, 9, 10, 14, 15, 16, and 17 have been amended. Therefore, claims 1-20 are currently pending in the application.

Claim Rejections - 35 USC § 101
35 U.S.C. § 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. This rejection is based on the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG).   The claims are directed to a method which is one of the statutory categories of invention (Step 1:  YES). The recitation of the claimed invention is analyzed as follows, in which the abstract elements are boldfaced.
Claim 1 recites the limitations of:
receiving, at a privacy enhanced ordering system, a handle; 
authenticating, by the privacy enhanced ordering system, the handle, wherein the authenticating comprises sending, by the privacy enhanced ordering system, an authentication communication to the user device associated with the handle; 
sending, by the privacy enhanced ordering system, payment authorization data associated with the handle to the merchant.  
The ordered combination of the recited limitations is a method that, under its broadest reasonable interpretation, covers authentication for a financial ordering system, which is a fundamental economic practice.  The limitations fall within the category of a method of organizing human activity because the limitations are directed to a commercial interaction.  Accordingly, the claim recites an abstract idea.  (Step 2A, prong 1:  YES).
Moreover, other than reciting a “ordering system”, nothing in the claim elements preclude the steps from practically being a method for organizing human activity.  For example, but for the “ordering system” language; “receiving”, “authenticating”, and “sending” in the context of this claim encompass collecting, analyzing, and transmitting data for the completion of a commercial interaction.  
Claim 1:  but for the generically recited computer language, receiving, at a privacy enhanced ordering system, a handle, in the context of the claimed invention encompasses one or more people manually sending user information.
but for the generically recited computer language, authenticating, by the privacy enhanced ordering system, the handle, wherein the authenticating comprises sending, by the privacy enhanced ordering system, an authentication communication to the user device associated with the handle, in the context of the claimed invention encompasses one or more people manually authenticating user information.
but for the generically recited computer language, sending, by the privacy enhanced ordering system, payment authorization data associated with the handle to the merchant, in the context of the claimed invention encompasses one or more people manually sending user authentication information.
Claim 2:  but for the generically recited computer language, wherein the authentication communication comprises at least one of a phone call, a fax, a text message, and an in-app notification; and the authentication communication prompts a user of the user device to verify the handle, in the context of the claimed invention encompasses manually notifying a prompting a user to authenticate information.
Claim 3:  but for the generically recited computer language, wherein the authenticating comprises requesting, by the privacy enhanced ordering system, a code generated by a Time-based One-time Password Algorithm to the user device associated with the handle, in the context of the claimed invention encompasses one or more people manually requesting a code.
Claim 4:  but for the generically recited computer language, wherein the authenticating further comprises requesting, by the privacy enhanced ordering system, a secondary indicator of verification to the user device associated with the handle, wherein the secondary indicator is a biometric marker, in the context of the claimed invention encompasses one or more people manually transmitting information and manually requesting an indicator.
Claim 5:  but for the generically recited computer language, wherein the payment authorization data comprises at least one of a onetime use transaction card number and an authorization to perform a cryptocurrency exchange, in the context of the claimed invention encompasses manually authorizing a transaction.
Claim 6:  but for the generically recited computer language, wherein the sending further comprises providing, by the privacy enhanced ordering system, the payment authorization data to a payment acquirer, in the context of the claimed invention encompasses one or more people manually providing payment authorization data.
Claim 7:  but for the generically recited computer language, further comprising sending, by the privacy enhanced ordering system, payment to the merchant, in the context of the claimed invention encompasses one or more people manually sending payment to a merchant.
Claims 8 and 15 are substantially similar to claim 1, thus, they are rejected on similar grounds.
Claims 9 and 16 are substantially similar to claim 2, thus, they are rejected on similar grounds.
Claims 10 and 17 are substantially similar to claim 3, thus, they are rejected on similar grounds.
Claims 11 and 18 are substantially similar to claim 4, thus, they are rejected on similar grounds.
Claims 12 and 19 are substantially similar to claim 5, thus, they are rejected on similar grounds.
Claims 13 and 20 are substantially similar to claim 6, thus, they are rejected on similar grounds.
Claim 14 is substantially similar to claim 7, thus, it is rejected on similar grounds.

This judicial exception is not integrated into a practical application.  In particular, the claim only recites the additional elements – using a “ordering system”, to perform the “receiving”, “authenticating”, and “sending”, in all steps is recited at a high-level of generality such that it amounts to no more than mere instructions to apply the exception using a generic computer component.  Accordingly, these additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.  The claim is directed to an abstract idea.  
The claims, when considered both individually and as an ordered combination, do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a “ordering system”, to perform the “receiving”, “authenticating”, and “sending” amounts to no more than mere instructions to apply the exception using generic computer component. Mere instruction to apply an exception using a generic computer cannot provide an inventive concept. Such additional elements are determined to not contain an inventive concept according to MPEP 2106.05(f). It should be noted that (1) the “recitation of claim limitations that attempt to cover any solution to an identified problem with no restriction on how the result is accomplished and no description of the mechanism for accomplishing the result, does not provide significantly more because this type of recitation is equivalent to the words “apply it”, and (2) “Use of a computer or other machinery in its ordinary capacity for economic or other tasks (e.g., to receive, store, or transmit data) or simply adding a general purpose computer or computer components after the fact to an abstract idea (e.g., a fundamental economic practice or mathematical equation) does not integrate a judicial exception into a practical application or provide significantly more”. (Step 2A prong two: No)
Additional elements that require no more than a generic computer to perform generic computer functions includes transmitting information (Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec) and depositing information (Electronic recordkeeping, Alice Corp. Pty. Ltd. v. CLS Bank Int'l). These generic computer functions are factually determined to be well-understood, routine and conventional activities previously known to the industry as referenced by MPEP 2106.05(d) II according the USPTO Memorandum on Changes in Examination Procedure Pertaining to Subject Matter Eligibility, Recent Subject Matter Eligibility Decision (Berkheimer v. HP, Inc.) dated April 19 2018.  The recited ordered combination of additional elements includes a generically recited computing element non-meaningfully applying the Judicial Exception.  No additional element currently recited renders the claims to be significantly more than the cited Judicial Exception. (Step 2B: No)

Therefore, claims 1-20 are not patent eligible.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. §§ 102 and 103 (or as subject to pre-AIA  35 U.S.C. §§ 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 6-8, 10, 13-15, 17, and 20 are rejected under 35 U.S.C. § 103 as being unpatentable over Kirsch, WIPO Patent Application Publication Number WO 2012/174427; in view of Schropfer, U.S. Patent Application Publication Number 2015/0326550.
As per claim 1, Kirsch explicitly discloses:
receiving, at a privacy enhanced ordering system, a handle; (Kirsch WO 2012/174427 at paras. 412-416) ("Authenticating a party's identity may take various forms. In the example above, a username and password were provided by the party seeking to prove their identity. ")
sending, by the privacy enhanced ordering system, payment authorization data associated with the handle to the merchant.  (Kirsch at paras. 449-453 and 483-485) ("The information comprises any information describing a characteristic of a user, a user system, or any other information that may be useful in a transaction. In one embodiment, the transaction information comprises an account number. In other embodiments, the transaction information can comprise payment methods, an address associated with a user, shipping addresses, billing addresses, usernames, money spent, reward or loyalty numbers, e-mail addresses, contact information, credit card numbers, routing numbers, signed documents, dates, devices involved in the transaction, user permissions, shopping histories, reputations, user ratings, other purchased items, business associations, family members, friends and associates, major cars or appliances owned, subscriptions, prescriptions, frequent purchases, medical histories or information, favorite retailers, or the like. Generally, transaction information can comprise any information that can be associated with a transaction. Therefore, this list of examples is merely exemplary and not meant to be limiting.")

Kirsch does not explicitly teach, however, Schropfer does explicitly teach:
authenticating, by the privacy enhanced ordering system, the handle, wherein the authenticating comprises sending, by the privacy enhanced ordering system, an authentication communication to the user device associated with the handle; (Schropfer 2015/0326550 at paras. 61-63) (Authentication module 500 can perform a number of determinations. Authentication module 500 can determine if the received username comprises a valid handle 510. Put another way, authentication module 500 can determine if the username is a valid AuthenticationSite 110 user account name. Authentication module 500 can determine whether a specific token 512 on mobile device 130 has been used, comprising a token check. Authentication module 500 can determine if the user has been asked if he or she wishes to use a specified username to enter an authentication session in the first place 514.)
Therefore, it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kirsch and Schropfer to provide authenticating, by the privacy enhanced ordering system, the handle, wherein the authenticating comprises sending, by the privacy enhanced ordering system, an authentication communication to the user device associated with the handle because it allows for establishing a secure relationship between a user device (and/or its user) and a third-party server; additionally, gradation levels of a secure relationship can be obtained based on varying levels of trust and/or access permissions.  (Schropfer at Abstract and paras. 1-5 and 51-53).
As per claim 3, Kirsch explicitly discloses:  wherein the authenticating comprises requesting, by the privacy enhanced ordering system, a code generated by a Time-based One-time Password Algorithm to the user device associated with the handle.  (Kirsch at paras. 171-175) (" To enable/disable an OTP device, you use an administrative password. Otherwise an attacker might be able to keystroke log you when you log into a public terminal and may then be able to pose as you which could be problematic. Since enabling and disabling OTP is really rare, an attacker will really never see this. And it should be non phishable since you should only enter your admin password when YOU initiated the action. [0174] So when you want to give someone you trust "what they want", you just give your OnelD name and an OTP value. That authorizes them to get the info from our server. They then queue a request for you to give them the decode keys to the fields they need. The next time you log in, you're prompted for this and can give them access (since only you know how to generate the keys). So the OTP means you aren't annoyed by random info requests, but more")
As per claim 6, Kirsch explicitly discloses:  wherein the sending further comprises providing, by the privacy enhanced ordering system, the payment authorization data to a payment acquirer.  (Kirsch at paras. 470-472) ("In one implementation, three parties interact to use a fully encrypted repository system. First, a software module operating on a user device can generally receive information from a user to be used in transactions. Second, a data repository can store encrypted data associated with the information at a remote location. Third, a remote device, often operated by a merchant, bank, or other similar party, can make a request for the information from the user device. The encrypted data can be decrypted and sent from the data repository, to the user device, and then to the remote device. Each of these three parties and their respective devices will be described in more detail below. Note that in other implementations, other parties may also be involved, and may communicate with each other in different ways that will be clear in light of this disclosure.")
As per claim 7, Kirsch explicitly discloses:  further comprising sending, by the privacy enhanced ordering system, payment to the merchant.  (Kirsch at paras. 225) ("ap OnelD phone with NFC (no PIN needed since you unlocked the phone's app). Bring up OnelD, optionally enter $ limit, click pay button, and a QR code appears. Have your QR code scanned. This generates a statement "pay to bearer up to $20 out of my cash account. This is serial # 12 of my payments to prevent replay. Signed, OnelD Steve." The merchant takes that, adds in the amount, and presents to OnelD for payment OK (that you have the money). Your OnelD account will show your new cash balance. An advantage is that you don't need your wallet, it is super fast to pay, you have transaction history on the phone so no paper receipts, you didn't have to carry an extra smart card, and it is extremely secure.")
Claims 8 and 15 are substantially similar to claim 1, thus, they are rejected on similar grounds.
Claims 10 and 17 are substantially similar to claim 3, thus, they are rejected on similar grounds.
Claims 13 and 20 are substantially similar to claim 6, thus, they are rejected on similar grounds.
Claim 14 is substantially similar to claim 7, thus, it is rejected on similar grounds.

Claims 2, 4-5, 9, 11-12, 16, and 18-19 are rejected under 35 U.S.C. § 103 as being unpatentable over Kirsch, WIPO Patent Application Publication Number WO 2012/174427; in view of Schropfer, U.S. Patent Application Publication Number 2015/0326550; in view of Xie, U.S. Patent Application Publication Number 2019/0043059.
As per claim 2, 
Kirsch does not explicitly teach, however, Schropfer does explicitly teach:  
the authentication communication prompts a user of the user device to verify the handle.  (Schropfer 2015/0326550 at paras. 61-63) (Authentication module 500 can perform a number of determinations. Authentication module 500 can determine if the received username comprises a valid handle 510. Put another way, authentication module 500 can determine if the username is a valid AuthenticationSite 110 user account name. Authentication module 500 can determine whether a specific token 512 on mobile device 130 has been used, comprising a token check. Authentication module 500 can determine if the user has been asked if he or she wishes to use a specified username to enter an authentication session in the first place 514.)
Therefore, it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kirsch and Schropfer to provide the authentication communication prompts a user of the user device to verify the handle because it allows for establishing a secure relationship between a user device (and/or its user) and a third-party server; additionally, gradation levels of a secure relationship can be obtained based on varying levels of trust and/or access permissions.  (Schropfer at Abstract and paras. 1-5 and 51-53).

Kirsch and Schropfer do not explicitly teach, however, Xie does explicitly teach:  
wherein the authentication communication comprises at least one of a phone call, a fax, a text message, and an in-app notification.  (Xie 2019/0043059 at paras. 11-13 and 110-111) ("An authentic or not-authentic indication can be provided in various ways, as appropriate for the supply chain level or payment processing system. An authentication indication may be presented (such by a display or sound) by a device that is performing a reading. Alternately, an authentication indication may be presented in a report, stored in a database, transmitted via text message, email, fax, message on a website, telephone, etc., as implemented by specific systems and optionally also as configured by a user.")
Therefore, it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kirsch, Schropfer, and Xie to provide wherein the authentication communication comprises at least one of a phone call, a fax, a text message, and an in-app notification because it allows for reporting authenticity results to an actor in the payment process to allow that actor to determine whether to complete or cancel the process, which minimizes fraudulent transactions.  (Xie at Abstract).
As per claim 4, Kirsch explicitly teaches:  wherein the authenticating further comprises requesting, by the privacy enhanced ordering system, a secondary indicator of verification to the user device associated with the handle, wherein the secondary indicator is a biometric marker.  (Kirsch at pars. 186-188) (" The main big idea of some embodiments is to tie a physical motion (a button press, touch sensor, motion sensor, proximity sensor, fingerprint reader, etc) to enable a smartchip to perform a single public key signature or authentication (or open a short time window to allow authentications to happen or allow a certain small number of authentications to happen for a limited amount of time). ")
As per claim 5, Kirsch and Schropfer do not explicitly teach, however, Xie does explicitly teach:  wherein the payment authorization data comprises at least one of a onetime use transaction card number and an authorization to perform a cryptocurrency exchange.  (Xie at paras. 12-14 and 101-103) ("Authentication according to specific embodiments is incorporated into a payment processing system in such a way that receiving an authentic indication is necessary to complete a transaction. For example, the positive authentication of an item may be required before credit card sales, other non-cash sales (e.g., other credit, debit, Paypal, Google Wallet, Apple Pay, Bitcoin or other cryptocurrency, etc.) or other transactions can be completed. Also, one or more incentives, such as warranty registration, may be provided to users to authenticate or register an item.")
Therefore, it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kirsch, Schropfer, and Xie to provide an authorization to perform a cryptocurrency exchange because the process of reporting of authenticity results to an actor in the payment process allows that actor to determine whether to complete or cancel the process, which minimizes fraudulent cryptocurrency transactions.  (Xie at Abstract).
Claims 9 and 16 are substantially similar to claim 2, thus, they are rejected on similar grounds.
Claims 11 and 18 are substantially similar to claim 4, thus, they are rejected on similar grounds.
Claims 12 and 19 are substantially similar to claim 5, thus, they are rejected on similar grounds.


Response to Arguments
Applicant’s arguments filed on December 28, 2021 have been fully considered but are not persuasive for the following reasons:
With respect to Applicant’s arguments as to the § 101 rejections for now pending claims 1-20, Examiner notes the following:
Applicant argues that the claims are not directed to an abstract idea.  Also, Applicant makes a conclusory argument that the amended claims are sufficient to overcome the § 101 rejections.  Examiner disagrees, however, and notes that the claims are insufficient to overcome the § 101 rejection as indicated in the instant Office Action and in the Non-final Office Action dated October 1, 2021.  (See pp. 2-5)
Additionally, Applicant argues that the Xie and Kirsch references relate to two different types of authentication systems that are incompatible, “one being for identifying a user, the other for authenticating a product.”  Examiner disagrees and notes that both references relate to the authentication of identifying information to facilitate a financial transaction.  Xie teaches the authentication of identifying information, such as an open key or serial number, to facilitate a financial transaction.  (Xie at paras. 67-68 and 118) Similarly, Kirsch teaches authentication of identifying information, such as public key pairs, to facilitate a financial transaction. (Kirsch at para. 40).  Both references are analogous to Applicant’s invention requiring the authentication of identifying information, “a handle”, to facilitate a financial transaction.  
With respect to Applicant’s arguments as to the § 102 rejections for now pending claims 1-20, Examiner notes that those arguments are moot in light of the withdrawn rejection.
With respect to Applicant’s arguments as to the § 103 rejections for now pending claims 1-20, Examiner notes that those arguments are moot in light of the new grounds for rejection in this Office Action.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure and is available for review on Form PTO-892 Notice of Reference Cited.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MERRITT J HASBROUCK whose telephone number is (571)272-3109.  The examiner can normally be reached on M-F 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHAHID R MERCHANT can be reached on (571) 270-1360.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/MERRITT J HASBROUCK/Examiner, Art Unit 3693              
                                                                                                                                                                                          /Shahid Merchant/Supervisory Patent Examiner, Art Unit 3693