DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This communication is in response to the applicant’s amendment received on August 26, 2022 (hereinafter “Amendment”). Instant publication US 20180174150 will be referred to as “Specification” hereinafter.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on August 26, 2022 has been entered.

Claim Status
Claims 1-4, 7, 9, and 16 have been amended.
Claims 17-24 had been withdrawn.
Claims 5, 6, 8, 13-15, and 25 have/had been canceled.
Claim 29 has been newly added.
Claims 1-4, 7, 9-12, 16-24, and 26-29 are pending.




Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-4, 7, 9-12, 16, and 26-29 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 has been amended to recite, in part, “in response to the user directly opening a merchant electronic application on the data processing device, initiate interaction between the merchant electronic application and the user by executing the merchant electronic application in the data processing device; receive a first user input from the user via the merchant electronic application, the first user input indicating addition of at least one item to a shopping cart of the merchant electronic application; receive a second user input from the user via the merchant electronic application, the second user input indicating initiation of a transaction to purchase the at least one item in the shopping cart …” 
First, one of ordinary skill in the art would appreciate that the user directly opening the merchant electronic application to be an initiation of interaction between the merchant electronic application. The claim, however, recites the user interaction with the merchant electronic application, i.e., directly opening the application, a prequalification for initiating interaction between the merchant electronic application and the user.
Second, it is unclear as to whether the subsequent interactions between the merchant electronic application and the user as recited in the claim are “interaction” recited in the “initiate interaction between the merchant electronic application and the user”. 
Third, it is unclear as to whether the user’s action of opening a merchant electronic application on the data processing device is a requirement for the functions recited in the claim. The examiner advises the applicant to amend the claimed limitation of “in response to the user directly opening a merchant electronic application on the data processing device, initiate interaction between the merchant electronic application and the user by executing the merchant electronic application in the data processing device” to “executing a merchant electronic application in the data processing in response to receiving a command from the user” to avoid confusion and potential hybrid claim issues.
The other independent claims, claims 9 and 16, include similar deficiency(s) as in claim 1. As such, they are also rejected.
The dependent claims are rejected as they depend on claim(s) above and do not cure the deficiency(s) as identified above.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 9, 16, and 26-28 is/are rejected under 35 U.S.C. 103 as being obvious over US 20170017958 A1 (“Scott”) in view of US 20130179346 A1 (“Kumnick”) and US 20160071111 A1 (“Wang”).
Per claims 1, 9, 16, and 26-28, Scott teaches a method comprising: 
in response to the user directly opening a merchant electronic application on the data processing device, initiating, by the data processing device, interaction between the merchant electronic application and the user by executing the merchant electronic application in the data processing device (see ¶0144, to initiate a transaction, a user may execute a merchant application on a device and select an item to be purchased; ¶0175, network browser to navigate to a merchant web site, and select one or more items for placement in a virtual shopping cart; ¶0199, merchant shopping application to be provisioned to user request communication devices; ¶0202, a user of a mobile device using the merchant application can shop the merchant website, using the merchant app(s) to assemble a transaction authorization request data set comprising data representing one or more items and/or services to be purchased … checkout process using the merchant application); 
receiving, by the data processing device, a first user input from the user via the merchant electronic application, the first user input indicating addition of at least one item to a shopping cart of the merchant electronic application (see Fig. 16; ¶0124, selecting the items for additional to the merchant application’s virtual shopping cart; ¶0144, to initiate a transaction, a user may execute a merchant application on a device and select an item to be purchased; ¶0175, network browser to navigate to a merchant web site, and select one or more items for placement in a virtual shopping cart; ¶0202, a user of a mobile device using the merchant application can shop the merchant website, using the merchant app(s) to assemble a transaction authorization request data set comprising data representing one or more items and/or services to be purchased … checkout process using the merchant application); 
receiving, by the data processing device, a second user input from the user via the merchant electronic application, the second user input indicating initiation of a transaction to purchase the at least one item in the shopping cart (See Fig. 14A, checkout; Fig. 14B; Fig. 16; ¶0202, a user of a mobile device using the merchant application can shop the merchant website, using the merchant app(s) to assemble a transaction authorization request data set comprising data representing one or more items and/or services to be purchased … checkout process using the merchant application);
generating, by the data processing device, the transaction authorization request, the transaction authorization request including an indication of details of the transaction and the captured image of the user (see ¶0180, to generate a transaction authorization request data set; ¶0196, authorization request comprising for example, a payment (secure) token reference in the form of data representing the designated token(s) (or a reference to an IP address at which the token may be located), and/or other payment source(s) (e.g., payment account identifiers), together with data identifying the merchant account designated for receipt of the payment, any routing or special instructions, etc.; ¶0202, assemble a transaction authorization request comprising data representing one or more items and/or services to be purchased, eased, etc.; ¶0203, For each FI/FSP 120, 160 associated with a designated payment resource, the SDK/API 116 can cause at 1516 information pertaining to the proposed transaction, for example a purchase price, or portion thereof, to be satisfied from the designated payment resource(s) and optionally subtotal purchase prices, applicable taxes, shipping costs, and item identifiers, etc. (e.g., some or all of data included in the generated transaction request data set), to be forward to the corresponding FI or FSP 120, 160, as part of a transaction authorization data set. Alternatively, with respect to a transaction authorization request originating from a trusted request communication device 110′, some or all data items used in generating a transaction authorization request data set may be provided by the FI or FSP 120, 160, using stored data associated with the user 190 and/or designated transaction fund account, as shown at 1518. As a further option, the user 190 and/or user device 110, 110′ may be enabled to provide information to be stored in a user profile associated with the user for future use, and/or update specific data items. As shown at 1520, such automated data population and/or profile update processes can be protected by user login, using password/PIN entry, device tapping, biometric processes, etc.);
transmitting, via the Internet from a network connectivity device of the data processing device to a network connectivity device of a transaction processing server, the transaction authorization request to process the transaction (see ¶0009, CNP transaction over Internet; ¶0038, the trusted device may then be user by a consumer to pay for goods or services through a first Internet connection; ¶0196, the payment gateway may process the transaction; ¶0121, merchant application may also be in communication with the remote servers in or to obtain authorization for a pending transaction initiated by the user on mobile device via Internet connection; ¶0205, verification by the FI/FSP).
Scott further teaches a data processing system comprising: a transaction processing server (see ¶0040, Trusted platforms used to for verification/authorization of identities of individuals and implemented by FSP; ¶0062, authenticating user to the FI(s) administering the user’s payment account, the secure authentication method including fingerprint or other biometric verification); a data processing device for generating a transaction authorization request, the data processing device associated with a user and being one of a smart phone device, a tablet device, and a laptop computer (see Fig. 6-8; mobile device; Fig. 9, Mobile Device 110, 110’, 600; ¶0008, electronic transaction may be initiated by using mobile computer devices; ¶0046, smart phones, tablet computers, wearable devices, laptops, etc.), the data processing device comprising: a computer processor; and a data storage device, the storage device comprising at least one non-transitory medium comprising instructions that, when executed by the computer processor, cause the computer processor (see Fig. 6, CPU 602, Memory 606, Mobile OS 608, RAM 604; Fig. 7-8; Fig. 9, Mobile Device 110, 110’, 600; ¶0033, persistent computer-readable media for storing programming structures and for secure execution).

While Scott teaches generating of the transaction authorization request as described above, Scott does not specifically teach that the transaction authorization request includes biometric data of the user. 
Kumnick, however, teaches generating, by the data processing device, the transaction authorization request, the transaction authorization request including an indication of details of the transaction and biometric data of the user; and transmitting, via the Internet from a network connectivity device of the data processing device to a network connectivity device of a transaction processing server, the transaction authorization request to process the transaction (see Fig. 1; ¶0028, biometric data include digital photograph data; ¶0041, transaction request data may include biometric data of the user and/or PAN to identify a financial account; ¶0047, Internet; ¶0049, transaction request data is sent from the user device to host server; ¶0070-0071, the user chooses the UID payment option and presents biometric and payment card details … this data is routed from the user device to host server computer).
It would have been obvious to one of ordinary skill in the art prior to the effective filing of instant claimed invention to include the teaching of user device including the biometric information in the transaction authorization request along with the transaction details as taught by Kumnick to Scott which would allow the authentication of the user in Scott by the FI/FSP for the particular transaction.

The combination of Scott and Kumnick does not specifically teach in response to receiving the second user input instructing a camera of the data processing device to capture an image of the user; determining that the captured image corresponds to a live human being by monitoring a video sequence of the user and identifying based on the monitoring that an activity has occurred wherein the activity includes one or more blinks of an eye of the user (claims 26 and 27-28); and that the generating is done in response to determining that the captured image corresponds to the live human being.
Wang, however, teaches receiving, by the data processing device, a second user input from the user, the second user input indicating initiation of a transaction to purchase the at least one item in the shopping cart (see Fig. 3, Marketplace 306; Fig. 4(a); ¶0031, user has option to buy the item using an identity verification); in response to receiving the second user input instructing a camera of the data processing device to capture an image of the user; and determining that the captured image corresponds to a live human being by monitoring a video sequence of the user and identifying based on the monitoring that an activity has occurred wherein the activity includes one or more blinks of an eye of the user (see Fig. 3, Marketplace 306; Fig. 4(a); Fig. 4(b); ¶0012, image capturing by a computing device; ¶0013, capture video information of the user such as blinking or actions; ¶0015, camera of a computing device, e.g. smart phone, e-book reader, notebook, etc., is able to capture image; ¶0024, blink; ¶0025, monitoring to determine blinking; ¶0031, selecting the option … asks the user to place his or her face in a particular position with respect to the device such that the face is within a box 424 or region of analysis … video information can be captured …) and allowing an action based on the device in response to the captured in response to determining that the captured image corresponds to the live human being (¶0027, use to gain functionality on the device; ¶0029; ¶0031).
Hence, as the combination of Scott and Kumnick discloses generating of the transaction authorization request purchase of goods or services as described above, it would have been obvious to one of ordinary skill in the art prior to the effective filing of instant claimed invention to include the teaching of the determining whether the captured image corresponds to a live human being and controlling the device functionality as disclosed by Wang to the combination Scott and Kumnick prior to generating of the transaction authorization request as the combination generally improves the overall security of the invention by protecting from occurrence of spoofing (see Wang: ¶0002).

The combination of Scott and Kumnick does not specifically teach that the transaction authorization request includes the captured image. In other word, in Scott and Kumnick, a biometric data of the user is captured by a biometric reader (including digital photograph data) and is sent along with other transaction information as a transaction request data.   
However, as Wang teaches capturing of image of the user and using the image as an authentication information as described above, it would have been obvious to one of ordinary skill in the art to substitute any known authentication information, including the captured image of the user in Wang, as an authentication information in Scott and Kumnick (In re Wolfe, 116 USPQ 443, 444 (CCPA 1961); Ex parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
Note:
The applicant is reminded that the description of what information is included in the transaction authorization request is non-functional descriptive material as the description merely describes stored data.
Claims 2-4, 7, and 10-12 is/are rejected under 35 U.S.C. 103 as being obvious over “Scott”, “Kumnick” and “Wang” as applied in claims 1 and 19 above, in further view of US 20130197968 A1 (“Davis”).
As per claims 2 and 10, while the combination of Scott, Kumnick, and Wang discloses generating authentication information for the user (e.g. image of the user) wherein the transaction authorization request includes the authentication information to process the transaction as described above, the combination of Scott, Kumnick, and Wang does not specifically teach that the transaction authorization request further includes the generated authentication information. In other word, the combination of Scott, Kumnick, and Wang does not teach that the transaction authorization request includes multiple authentication information.
Davis, however, teaches use of combination of biometric such as facial image, a fingerprint, an iris scan, password, passcode, etc. in authenticating a user (see ¶0139-141). 
Hence, as the combination Scott, Kumnick, and Wang discloses generating of authentication information and including authentication information in the transaction authorization request, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the known authentication information, including any combination of facial image, a fingerprint, an iris scan, password, passcode, etc., as authentication information included in the combination of Scott, Kumnick, and Wang. Furthermore, one of ordinary skill in the art would have recognized that by adding more authentication information of the user would improve the security of the combined Scott, Kumnick, and Wang.
As per claims 3 and 11, the combination of Scott, Kumnick, Wang, and Davis further teaches wherein generating the authentication information comprises capturing, in a biometric reader module of the data processing device, biometric data of the user (see Scott: ¶0102, camera, biometric readers) (Kumnick: ¶0040, biometric reader; ¶0041, biometric data).
As per claims 4 and 12, the combination of Scott, Kumnick, Wang, and Davis further teaches wherein generating the authentication information comprises receiving, by the data processing device, an input of authentication information from the user (see Davis: ¶0048, PIN, password, code, etc. from user).
As per claim 7, while Scott teaches computer processor to receive input of a user identifier (i.e., login/password, PIN)(See ¶0192)(Davis also teaches user ID in ¶0048) in authenticating the user, the combination of Scott, Kumnick, Wang, and Davis does not specifically teach wherein the transaction authorization request further includes an indication of the user identifier. 
Davis, however, teaches use of combination of user ID, biometric such as facial image, a fingerprint, an iris scan, password, passcode, etc. in authenticating a user (see ¶0048, user ID).
Hence, as Davis discloses that it is known to use combination of user ID, biometric such as facial image, a fingerprint, an iris scan, password, passcode, etc. in authenticating a user and the combination of Scott, Kumnick, and Wang discloses generating of authentication information and including authentication information in the transaction authorization request, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the known authentication information, including any combination of user ID, facial image, a fingerprint, an iris scan, password, passcode, etc., as authentication information included in the combination of Scott, Kumnick and Wang. Furthermore, one of ordinary skill in the art would have recognized that by adding more authentication information of the user would improve the security of the combined Scott, Kumnick and Wang.

Claim 29 is/are rejected under 35 U.S.C. 103 as being obvious over “Scott”, “Kumnick” and “Wang” as applied in claim 1 above, in further view of US 20160210829 A1 (“Uchida”).
Per claim 29, the combination of Scott, Kumnick, and Wang teaches wherein the transaction processing server comprises a processor and a storage device, the storage device having a transaction request processing component, and a transaction record storage component comprising non-transitory instructions operative by the processor (see Scott: ¶0033, persistent computer-readable media for storing programming structures and for secure execution; ¶0046, desktop, server class, etc.; ¶0328) to:
receive the transaction authorization request from the data processing device (see Scott: ¶0009, CNP transaction over Internet; ¶0038, the trusted device may then be user by a consumer to pay for goods or services through a first Internet connection; ¶0196, the payment gateway may process the transaction; ¶0121, merchant application may also be in communication with the remote servers in or to obtain authorization for a pending transaction initiated by the user on mobile device via Internet connection; ¶0205, verification by the FI/FSP) (see Kunmick: Fig. 1; ¶0028, biometric data include digital photograph data; ¶0041, transaction request data may include biometric data of the user and/or PAN to identify a financial account; ¶0047, Internet; ¶0049, transaction request data is sent from the user device to host server; ¶0070-0071, the user chooses the UID payment option and presents biometric and payment card details … this data is routed from the user device to host server computer) (see Wang: ¶0028, request received);
compare the captured image received in the transaction authorization request to a stored image (see Wang: ¶0023, compared to the actual user’s face; ¶0024, compared to information stored for the user previously performing the action; ¶0029, compared against information stored for the purported user using facial recognition).
The combination of Scott, Kumnick, and Wang and does not specifically teach that the technique of verifying of the image involves comparing the received image to a plurality of stored images associated with fraudulent transactions.
Uchida, an analogous art of image analysis, however teaches a technique in which a captured image is checked against such as a list of persons with previous records on the blacklist to determine whether the customer is a suspicious person or not (see ¶0053).
Hence, as the combination of Scott, Kunmick, and Wang teaches a technique of generating of the authorization based on image analysis of the user by the remote server as described above, it would have been obvious to one of ordinary skill in the art to substitute any known image analysis technique, including comparing the received image to a blacklist as taught by Uchida, as an image analysis technique in verification/authorization of the user/transaction in the combination of Scott, Kunmick, and Wang (In re Wolfe, 116 USPQ 443, 444 (CCPA 1961); Ex parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007))
In reference to “generating a transaction authorization response indicating that the transaction is declined if the captured image matches one of the plurality of stored images”, since the combination of Scott, Kunmick, Wang, and Uchida discloses FI/FSP transaction processing systems receiving the authorization request of credit funding source (see Scott: ¶0255), generation of response message based on verification (see Kunmick: ¶0025; ¶0075-¶0077, authorization response message), and technique of image analysis such as image matching of the suspicious persons (see Uchida: ¶0053), it would have been obvious to include that the transaction is declined in the transaction authorization response message if the captured image matches one of the plurality of stored images in order to protect the FI from potential fraudulent transaction.

Response to Argument
The 112 rejections on claims 16 and 28 in the previous office action have been withdrawn in light of the claim amendment(s). The claim amendments, however, necessitate rejections.
Regarding 103 rejections, the applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.




Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
“Enhancing User Authentication of Online Credit Card Payment using Face Image Comparison with MPEG7-Edge Histogram Descriptor” discloses use of face image comparison with MPEF7-Edge histogram or face matching verification for card present and card not present transactions;
US 20100183199 A1: discloses credit authorization that may be transmitted along with image or pattern data captured from a camera;
US 20160086187 A1: discloses an method for providing transaction security by sending authorization request message and a picture or photograph of a party involved in the transaction that is captured by a camera; and
US 20170171195 A1: discloses a multifactor authentication information inclusion in an authorization request, the information including biometric data, access device or user computer device identification information, user location information, etc.
US 20160132880: discloses a mobile device communicating directly with financial institute in sending authorization request.
US 9881295 B1: The method includes capturing a facial image of a payee using a camera of the mobile device, wherein the payment is due from the user of the mobile device to the payee, retrieving an identifier of the payee based on the facial image, retrieving payment recipient identification information of the payee from a registered payee list based on the identifier, displaying, on the mobile device, a composite image comprising the facial image of the payee and the payment recipient identification information of the payee, receiving an input from the user authorizing the payment from a financial account of the user to the payee, and initiating the payment from the financial account to the payee based on the payment recipient identification information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEVEN S KIM whose telephone number is (571)270-5287.  The examiner can normally be reached on Monday -Friday: 7:00 - 3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on 571-272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/STEVEN S KIM/Primary Examiner, Art Unit 3685