Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Response to Arguments
Applicant’s arguments, see pages 10-11, filed 2 May 2022, with respect to the 112(a) rejections have been fully considered and are persuasive.  The 112(a) rejection of 24 March 2022 has been withdrawn. 
Applicant’s arguments, see page 11, filed 2 May 2022, with respect to the 112(b) rejections of claims 1-20 have been fully considered and are persuasive.  The 112(b) rejection of 24 March 2022 has been withdrawn. 
Applicant's arguments filed pages 11-12 with respect to the 101 rejection have been fully considered but they are not persuasive. 	Applicant argues the Examiner had previously stated a version of the claims would be patent eligible from 10 December 2020. The Examiner does not find this persuasive because the prior statement was made in reference to the claims at that point and the Examiner additionally stated it was in combination with the other claim limitations, which have since been deleted or amended. 
Applicant’s arguments with respect to the 103 rejection of claim(s) 1-20 have been considered but are moot because the new ground of rejection have been applied to address the amendments.



Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-4 and 6-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Prong One of Step 2A: The claim(s) recite(s) providing multi-level mobile banking electronic transaction authentication and access to banking services through the steps of assign a plurality of mobile banking electronic transaction to a plurality of tiers each tier with a level of security based on an amount of risk, receive an indication that the user desires to perform a first mobile banking electronic transaction, determine a tier, prompt the user for the credential, receive at least one of a login credential or attribute from the user, confirm that the login credential or the attribute is valid, and permit the user to access a mobile banking system based on confirmation that the login credential or the attribute is valid. The concept is similar to those in the abstract idea groupings of a certain method of organizing human activity, specifically a fundamental economic practice, a commercial interaction such as a business relation or sales activity, and managing interactions between people like following rules or instructions. See also MPEP 2106.04(a)(2) that also describes generating menus on a computer Apple v Ameranth that the Fed Circuit has identified as a certain method of organizing human activity, managing relationships or transactions between people.	Prong Two of Step 2A: This judicial exception is not integrated into a practical application because the additional limitations are not indicative of integration into a practical application. The additional limitations of a memory storing instructions, one or more processors in communication with a network and configured to execute the stored instructions, via an electronic user interface, via the network, from device associated with a user are similar to mere instructions to implement an abstract idea on a computer or use a computer as a tool to perform an abstract idea (see MPEP 2106.05(f)), and generally linking the use of a judicial exception to a particular technological environment or field of use, see MPEP 2106.05(h). 	Step 2B: The claim(s) do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the limitations of a memory and a processor are generic computer components performing generic computer functions. The additional limitations beyond the abstract idea limitations of in communication with a network and configured to execute the stored instructions, via an electronic user interface, via the network, from device associated with a user are generic computer functions similar to those identified by the courts of receiving or transmitting data over a network, receiving, processing, and storing data, and electronic recordkeeping, see MPEP 2106.05(d). Viewing the limitations as an ordered combination does not add anything further that looking at the limitations individually. When viewed either individually, or as an ordered combination, the additional limitations do not amount to a claim as a whole that is significantly more than the abstract idea. The claim is not patent eligible.
Dependent claims 2-4, 6-9, and 11-18 do not remedy the deficiencies of the independent claims and are rejected accordingly. The dependent claims contain the additional limitations of receiving instruction to configure a first, second, third, and fourth login scenario of respective tiers (an additional aspect of the abstract idea),biometric recognition process comprises facial recognition, login credential is a biometric recognition, validating a predetermined password username, and pattern are additional limitations that are extra solution activities, aspects of the abstract idea (validating a login), and generic computing functions such as receiving the specified login credential that fail to meaningfully limit the abstract idea of the claim. In this case, all claims have been reviewed and are found to be substantially similar and linked to the same abstract idea (see Content Extraction and Transmission LLC  v. Wells Fargo (Fed. Cir. 2014)).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-4 and 6-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Fischer US 2012/0179558 in view of Google Accessibility (hereafter ‘Google’) in further view of Leyvand US 2012/0257797.
As per claim 1:	Fischer discloses a system for providing multi-level mobile banking electronic transaction authentication, comprising: one or more processors in communication with a network 	a memory storing instructions that when executed by the one or more processors cause the one or more processors to: (Abstract, figs 8, 13 and 15):
	assign a plurality of mobile banking electronic transactions to a plurality of tiers, wherein: each tier is associated with a level of security having a corresponding login scenario comprising a credential required to complete each respective mobile banking electronic transaction (Fig 2 describes a non-limiting list of authentication techniques including username, password, PIN, security questions, biometric inputs etc; ¶¶ [0061]-[0063] “relying party” can be a bank which reads on financial service provider, Fig 14A&B ‘min relying party security levels’ are listed for various actions; [0011] & [0016] risk mitigation is the stated purpose of the different levels of security and can be adjusted by the user, merchant, bank, or any participant in the process);
	receive, via the network from a user, an indication to perform a first mobile banking electronic transaction, wherein the user has a physical impairment (Figs 5 &6 show a user attempting to perform an action via the internet, [0043]-[0044]; characteristics of the user are given no patentable weight because the user is not a part of the system or method); 	determine a tier associated with the first mobile banking electronic transaction having a first login scenario (Figs 14A&B shows the required security level, [0037]-[0038]); 	determine based on the tier associated with the first mobile banking electronic transaction, an alternative login scenario (Figs 14A&B shows the required security level, [0037]-[0038], see also Fig 2; the 112(a) rejection and interpretation);	prompt the user, via the electronic user interface, […] for the credential associated with the alternative login scenario user associated with the tier, (Figs 5 &6 show a user attempting to perform an action via the internet and the required security level inputs being requested such as Facebook login or the security questions, [0043]-[0044]; [0039], Fig 6 indicates status of the process); and
	receive, via the electronic user interface in response to prompting the user, at least one of a login credential or attribute from the user (Figs 5 &6 show a user attempting to perform an action via the internet, [0043]-[0044]).	confirm that the login credential or the attribute is valid ([0037]-[0040]); and	permit the user to access a mobile banking system based on confirmation that the login credential or the attribute is valid ([0037]-[0040]).	Fischer fails to explicitly disclose but Google does disclose configure an electronic user interface according to an accessibility configuration corresponding to the alternative login scenario associated with the tier;	the accessibility configuration; (Google discloses the multiple accessibility features available for impaired used including using the Chrome Browser that are easily added and customized based on need, p. 1-2)	It would have been obvious to one of ordinary skill in the art at the time of invention to include accessibility features as taught in Google in Fischer since the claimed invention is merely a combination of old elements, and in combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable. Fischer is intended to use websites that are accessed through conventional browsers such as Google Chrome (every commercial browser includes accessibility features) and is easily turned on or off according to a user’s needs and the combination would be easily obvious to anyone using a web browser, let alone one of ordinary skill in the art.	Fischer fails to explicitly disclose but Leyvand does disclose wherein the [accessibility] configuration further included providing one or more audio cues indicating a status of the user in the alternative login scenario (Abstract, [0025]-[0028]).	It would have been obvious to one of ordinary skill in the art at the time of invention to include accessibility features as taught in Leyvand in Fischer since the claimed invention is merely a combination of old elements, and in combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable. Fischer’s biometric authentication methods such as facial, voice, and motion recognition would all be improved by using audio cues to guide a user to a better or more accurate biometric reading which would further improve the security of the authentication. As per claim 2:	Fischer further discloses the system of claim 1, wherein the instructions further cause the one or more processors to: conduct a risk analysis of a device corresponding to the user (Fig 11, [0049]).As per claim 3:	Fischer further discloses the system of claim 1, wherein the instructions for receiving, via the network, the indication to perform the first mobile banking electronic transaction further cause the one or more processors to: 	receive, from a device associated with a user, a first set of instructions to configure a second login scenario of a first tier, wherein the credential associated with the second login scenario comprises a username (Figs 14A&B shows a user can set the security level for each action or with each institution at the relying party minimum or higher; Fig 2 discloses the username as a primary authentication filter or security level, ¶¶ [0036]-[0040] disclose the authentication means from Fig 2; [0061]-[0063] describe setting the desired security level); 	receive, from the device associated with the user, a second set of instructions to configure a second tier, wherein the credential associated with the third login scenario comprises a security pattern (Figs 14A&B shows a user can set the security level for each action or with each institution at the relying party minimum or higher; Fig 2 discloses the PIN as a secondary authentication filter or security level, ¶¶ [0036]-[0040] disclose the authentication means from Fig 2; [0061]-[0063] describe setting the desired security level; a security PIN is a pattern). As per claim 4:	Fischer further discloses the system of claim 1, wherein the instructions for receiving, via the network, the indication to perform the first mobile banking electronic transaction further cause the one or more processors to: receive, from the device associated with the user, a first set of instructions to configure a third login scenario of a third tier, wherein the credential associated with the third login scenario comprises a password (Figs 14A&B shows a user can set the security level for each action or with each institution at the relying party minimum or higher; Fig 2 discloses the password as a primary authentication filter or security level, ¶¶ [0036]-[0040] disclose the authentication means from Fig 2; [0061]-[0063] describe setting the desired security level; [0065] additionally discloses that each level need not correspond to a different additional action and could involve multiple inputs of the same type, such that a username and password, although both primary authentication means, combined would be a different level of security);	receive, from the device associated with the user, a second set of instructions to configure a fourth login scenario of a fourth tier, wherein the credential associated with the fourth login scenario comprises biometric information (Figs 14A&B shows a user can set the security level for each action or with each institution at the relying party minimum or higher; Fig 2 discloses the facial, voice, and motion recognition as mobile authentication means filter or security level, ¶¶ [0036]-[0040] disclose the authentication means from Fig 2; [0061]-[0063] describe setting the desired security level; facial recognition a biometric input).As per claim 6:	Fischer further discloses the system of claim 3, wherein the instructions further cause the one or more processors to: validate the login credential associated with the third login scenario using the security pattern associated with the third login scenario (¶ [0039] “validating any number of user defined security prompts may be required in a user specified order”; ¶¶ [0067]-[0068], Figs 14A&B shows a user can set the security level for each action or with each institution at the relying party minimum or higher; Fig 2 discloses the PIN as a secondary authentication filter or security level, ¶¶ [0036]-[0040] disclose the authentication means from Fig 2; [0061]-[0063] describe setting the desired security level; a security PIN is a pattern).
As per claim 7:	Fischer further discloses the system of claim 4, wherein the instructions further cause the one or more processors to:  validate the login credential associated with the third login scenario using the password associated with the third login scenario (¶ [0039] “validating any number of user defined security prompts may be required in a user specified order”; ¶¶ [0067]-[0068], Figs 14A&B shows a user can set the security level for each action or with each institution at the relying party minimum or higher; Fig 2 discloses the password as a primary authentication filter or security level, ¶¶ [0036]-[0040] disclose the authentication means from Fig 2; [0061]-[0063] describe setting the desired security level; [0065] additionally discloses that each level need not correspond to a different additional action and could involve multiple inputs of the same type, such that a username and password, although both primary authentication means, combined would be a different level of security).
As per claim 8:	Fischer further discloses the system of claim 4, wherein the instructions further cause the one or more processors to: validate the login credential associated with the fourth login scenario using the biometric information associated with the fourth login scenario (¶ [0039] “validating any number of user defined security prompts may be required in a user specified order”;¶¶ [0067]-[0068], Figs 14A&B shows a user can set the security level for each action or with each institution at the relying party minimum or higher; Fig 2 discloses the facial, voice, and motion recognition as mobile authentication means filter or security level, ¶¶ [0036]-[0040] disclose the authentication means from Fig 2; [0061]-[0063] describe setting the desired security level; facial recognition a biometric input).
As per claim 9:	Fischer further discloses the system of claim 8, wherein validating the login credential associated with the fourth login scenario using the biometric information comprises facial recognition (Fig 2 discloses the facial recognition as mobile authentication means filter or security level, facial recognition is a biometric input).As per claims 10, 19, and 20:	Claims 10, 19, and 20 are rejected under the rationales of claims 1 and 2 because the claims contain substantially similar subject matter but in different statutory classes. 

As per claims 11-18:	Claims 11-18 are rejected under the rationales of claims 2-4 and 6-9 because the claims contain substantially similar subject matter.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 	US 7512254 Volkommer "System and Method for Mobile Biometric Authentication"	Bianchi, "Spinlock: A single-cue Haptic and Audio PIN Input Technique for Authentication", August 2011; Haptic and Audio Interaction Design-6th International Workshop, HAID 2011, Kusatsu, Japan, August 25-26, 2011
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID P SHARVIN whose telephone number is (571)272-9863. The examiner can normally be reached M-F 9 am - 5 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt II can be reached on 571-272-6709. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DAVID P. SHARVIN/
Primary Examiner
Art Unit 3692



/DAVID P SHARVIN/Primary Examiner, Art Unit 3692