Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application.  This application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid. Applicant's submission filed on 02/07/2022 has been entered.

Status of Claims
Claims 1-5 have been withdrawn.   Claim 6 has been amended.  Claim 11 is newly added. Claims 6-11, as filed 02/07/2022, are examined herein. No new matter has been introduced by the amendments. 

Response to Arguments
Applicant' s arguments and amendments have been carefully considered.
The claim interpretation related to conditional language is withdrawn, in light of Applicant’s amendments. 
Regarding the rejection under 35 USC 101, Applicant argues (pages 7-9  of the Remarks dated 02/07/2022)  that the amended claims are not directed to “mitigating risk in a financial transaction.” This argument is not persuasive.  The instant claims recite a financial transaction: connect client to lookup table; initiate transaction request; intercept transaction request; adjudicate transaction request; and execute the transaction. Even if the instant claims are not directed to “mitigating financial risk”, they are certainly directed to “commercial or legal interactions and/or business relations. This is a method of organizing human behavior, and is therefore considered an abstract idea.  
Regarding the rejection under 35 USC 103, Applicant argues (pages 10-11 of the Remarks) that Ramichandirane teaches that the programmer of the client application must be aware of the Ramichadirane system, and that the present system is “completely transparent to the application code.” This argument is not persuasive. While the instant claim 6 recites “the adjudication is hidden from the requesting client”, the instant claim 6 does not require that the programmer of the client application is not aware of the system. Therefore the instant arguments are moot.

Specification

    PNG
    media_image1.png
    284
    916
    media_image1.png
    Greyscale
The disclosure is objected to because it contains an embedded hyperlink and/or other form of browser-executable code. See paragraph [0003] of the specification as filed 04/06/2017. Applicant is required to delete the embedded hyperlink and/or other form of browser-executable code; references to websites should be limited to the top-level domain name without any prefix such as http:// or other browser-executable code. See MPEP § 608.01.



Claim Rejections - 35 USC § 101
Claim(s) 6-11 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claim 6 is directed to a “method for adjudication of online financial transactions.”
Claims 6 and 11 are directed to the abstract idea of “mitigating risk in a financial transaction” which is grouped under “organizing human activity… fundamental economic practice” in prong one of step 2A (See 2019 Revised Patent Subject Matter Eligibility Guidance). Claim 6 recites “connecting the requesting client to at least one fund resource  including a lookup table, a database reference, and  an explicit financial account number; initiating a transaction request at the requesting client for permission to execute a financial transaction; intercepting said transaction request with an agent that hides the interception from the requesting client; transforming said transaction request into a formatted data transmission as prescribed by a policy-based transaction server, transmitting the formatted data  transmission to the  policy-based transaction server via an encrypted back-channel; retrieving additional parameters from the requesting client needed to adjudicate the transaction request via the agent and the encrypted back-channel that hides the retrieval from the requesting client; adjudicating the transaction request at the policy-based transaction … by evaluating at least one set of policy instructions coupled to the policy-based transaction …, where the adjudication is hidden from the requesting client; and executing the transaction when said transaction decision request so authorizes.” Claim 11 recites storage media having software stored therein, which teaches a similar abstract idea.  Accordingly, the claims recite an abstract idea (See 2019 Revised Patent Subject Matter Eligibility Guidance).
This judicial exception is not integrated into a practical application because, when analyzed under step 2A prong 2 (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of the claims such as “a transaction server, a client, an encrypted back-channel, and a policy enforcement server, ”represent the use of a computer as a tool to perform an abstract idea and/or does no more than generally link the abstract idea to a particular field of use. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to (i.e. automate or implement)  the acts of “mitigating risk in a financial transaction”.  
When analyzed under step 2B (See 2019 Revised Patent Subject Matter Eligibility Guidance), the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception itself. Viewed as a whole, the combination of elements recited in the claims merely describe the concept of “mitigating risk in a financial transaction” using computer technology (e.g. computing servers). Therefore, the use of these additional elements does no more than employ a computer as a tool to automate and/or implement the abstract idea, which cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)).
The dependent claims recite additional elements such as (claim 8) the transaction request containing metadata; and  (claim 9) a “data repository”.  These additional elements of the claim such as represent the use of a computer as a tool to perform an abstract idea and/or does no more than generally link the abstract idea to a particular field of use. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to (i.e. automate or implement) the acts of mitigating risk in a financial transaction.
Dependent claims 7-10 do not remedy the deficiencies of the independent claims and are rejected accordingly.  In this case, all claims have been reviewed and are found to be substantially similar and linked to the same abstract idea (see Content Extraction and Transmission LLC  v. Wells Fargo (Fed. Cir. 2014)). 
Hence,  the claims are not patent eligible. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 6-11 are rejected under 35 U.S.C. 103 as being unpatentable over US 8127982 (Casey) in view of US 20100146582 (Jaber).

Claims 6 and 11: Casey teaches: A method for secure adjudication of online financial transactions of a transaction request from a requesting client, where the adjudication of the transaction is completely hidden from the requesting client, comprising the steps of: 
connecting to one or more fund resources including a lookup table, a database reference, or an explicit financial account number; (abstract; column 10, lines 9-12)
initiating a transaction request at the requesting client for permission to execute a financial transaction; (FIG.6; column 4, lines 54-59)
an encrypted back-channel ([col. 9, lines 51-67)
adjudicating the transaction request at the policy-based transaction server by evaluating at least one set of policy instructions coupled to the policy-based transaction server, where the adjudication is hidden from the requesting client; and executing the transaction when said transaction decision request so authorizes. (Casey column 2 lines 14-24;  Casey FIG. 10 and column 13, 45-59)
machine readable media (col. 30 lines 28-48)
Casey does not appear to explicitly teach, but Jaber does teach:
transforming said transaction request into a formatted data transmission as prescribed by a policy-based transaction server, transmitting the formatted data  transmission to the  policy-based transaction server via an encrypted back-channel; (FIG 1 #125; FIG. 4 #448; FIG. 6 #620; [0070] “binary … encrypted file”)
intercepting said transaction request with an agent that hides the interception from the requesting client; ([0070] “virtual file system … hidden … transparent”)
retrieving additional parameters from the requesting client needed to adjudicate the transaction request via the agent and the encrypted back-channel that hides the retrieval from the requesting client; ([0056] “key is retrieved”)
Further, it would have been obvious, at the time of filing, to combine the rule-based transaction approval of Casey with the hidden decision point and formatted request of Jaber because Jaber explicitly teaches [0002-0003]  the use of information and encryption management systems for the purpose of financial transaction processing. See MPEP 2143.I.G.

Claim 7: Casey in view of  Jaber: The method of claim 6, 
Casey further teaches:
further including the step of executing additional or alternate actions following the evaluation of the set of policy instructions.  (column 2, lines 29-34 “requesting authorization from the primary account holder”)

Claims  8: Casey in view of  Jaber: The system of claim 1 
Casey further teaches:
wherein the fund usage transaction request contains metadata describing the attributes of the transaction request including the amount, the purpose, the time and date, and other contextual descriptors. (FIG. 5 #184, #190; column 15, lines 2-8:)

Claim 9: Casey in view of  Jaber teaches: The method of claim 6, 
Casey further teaches:
further including the step of capturing and storing responses to transaction requests in a data repository.   (col. 11 lines 58-67 “record of purchases”)

Claim 10: Casey in view of  Jaber: The system of claim 1, 
Casey further teaches:
wherein multiple fund access transaction requests are aggregated if when they pertain to a common recipient or vendor and are applied to the same fund resource. (column 15, 39-47 )

	

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 7954144 (Ebrahimi) Claim 14. “…a policy module identifier which identifies a policy module that grants or denies authorization of proxy services to the client computer by acquiring policy enforcement data and attempting to authenticate the client computer to the transparent proxy process in response to the policy enforcement data, and the client computer directs a request for a resource to an origin server and the request is intercepted by the transparent proxy process, which is unknown to the client computer, and used to determine the policy module identifier which identifies the policy module…”
US 8180893 (Spertus) (44) “In this way, the policy enforcement module 240 uses knowledge of specific application 230 behavior to make fine grained decisions in order to prevent violation of the rights policy 312. By sandboxing data access requests, the policy enforcement module 240 enforces the rights policy 312 while allowing the user to have relatively unimpeded access …. As a result of using component-level sandboxing, the policy enforcement module 240 is transparent to the user and consumes relatively few resources of the client 200.
US 8601562 (Milas) Claim 1 “A method for enforcing policies used with a computer client, the method comprising: receiving, at policy decision point (PDP) processor, information from an enterprise single sign-on (ESSO) system indicating an occurrence of an event of interest of a client application running on the computer client; … providing the generated policy check result to a policy enforcement point (PEP), the PEP being the ESSO system configured for policy enforcement at the computer client, wherein the ESSO system forces a shutdown of the client application running on the computer client and the enforcement is transparent to the client application.”
US 20040039803 (Law) [0043] “policy enforcement agent” … “transparent connection”
US 20070174362 (Phan) Claim 26. “The secure data archiving system of claim 25 further comprising a policy enforcement module coupled to said archive data security layer, said policy enforcement module being coupleable to a secure data repository, wherein said policy enforcement module is responsive to predetermined session control data encoded in said archive session header functionally transparent to said data archiving application to determine the selection of a group policy set of encryption keys from said secure data repository….”
US 20080183603 (Kothari) [0050] Finally, in block 512, a report of the enforcement of the policy over the asset is generated. … The automated checking is handled at the connector level, thereby making policy enforcement to assets transparent to the policy module, thereby greatly reducing complexity and difficulty when configuring the policy module and assigning and creating policies.
US 20080263625 (Gomez) [0029] Therefore, the server-side intermediary 21 may be invisible to the outside, in particular to the application 10. [0040]  According to an example embodiment, XACML may be used for describing requests and response as well as policies, wherein the authorization service 23 may include a Policy Enforcement Point (PEP), a Policy Decision Point (PDP), a Policy Information Point (PIP), and a Policy Administration Point (PAP). Accordingly, the PEP receives the request 104 enforces the authorization decision by the PDP.
US 20100030737 (Scheuber-Heinz) [0027] “policy decision point … transparent and unknown to the principle.”
US 20100146582 (Jaber) [0020] “Each computing resource to which a security policy applies (e.g., to access the computing resource) may be one or more classes of data or one or more specific data elements. A class of data may be… financial data...” [0070] “In some embodiments, all encrypted data is stored in a virtual file system enabling all of the policy enforcement functions to be hidden within a single device driver and completely transparent to operating system/applications 420. [0073] “authenticationRequirement property … the use of a fingerprint reader”
US 20130065555 (Baker) [0042] transaction rules [0049] policy decision point
US 20130111457 (Culter) [0037] “Some policies to be considered for the process of updating firmware include: … 4) policy enforcement (what entities are responsible for enforcing various policies); 5) policy visibility (what the visibility of the various policies are to the end user (opaque or transparent or both?)); …”
US 20130117802 (Fendt) [0038] For example, when used in a SOA system, the authorization response 124 use the "Obligations" section of the XACML-based response message to return Obligations that contain one or more redaction directives. [0073] In addition, the techniques described herein do not put any significant burden on application developers, and are generally transparent to the entire application and SOA development process. Further, the techniques described herein tie redaction to the actual authorization policies, and leverage authorization as a service. Further, the techniques due so, in one embodiment, by leveraging existing standards, such as Web Services, XPath and XACML.
US 20130212395 (D’ Souza) [0076] “… In at least some embodiments, the policy is not visible to the members, but is made available to the mediator 430. In other embodiments, the policy that is visible to the mediator 430 consists of subsequent instructions, such as the need to consult with a policy decision point, where those instructions to that policy decision point may not necessarily be visible to the mediator 430.”
US 20140331338 (Serita) [0118] “The decision logic 1002 represents criteria to allow the policy decision module 331 to decide the confidentiality degree of the category with respect to the verification result of a hidden verifying query and a reference as hidden definition information.”
US 5914472 (Foladare) teaches a credit card having parental approval features.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLAIRE A RUTISER whose telephone number is (571)272-1969.  The examiner can normally be reached on 8:00 AM to 5:00 PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin L Hewitt can be reached on 571-272-6709.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


CLAIRE A. RUTISER
Examiner
Art Unit 3692


	/C.A.R./               Examiner, Art Unit 3692                                                                                                                                                                                         

/DANIEL S FELTEN/Primary Examiner, Art Unit 3692