DETAILED ACTION
This office action is in response to Applicant’s communication of 5/17/2021. Claims 1-20 are pending and have been examined.  The rejections are stated below.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 6 and 14 are objected to because of the following informalities:  Claims 6 and 14 recite “biometric API service”.  The acronym API needs to be spelled out as “application program interface” the first time it is recited.  Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claims do fall within at least one of the four categories of patent eligible subject matter because claim 1 is directed to a process, claim 9 is directed to a system and claim 17 is directed to a non-transitory computer-readable medium; Step 1-yes.
Under Step 2A, prong 1, representative claim 1 recites a series of steps for authentication, i.e. mitigating risk, to complete a payment which is a fundamental economic practice and commercial or legal interaction and thus grouped as “Certain Methods of Organizing Human Activity”.  The claim as a whole and the limitations in combination recite this abstract idea.  Specifically, the limitations of representative claim 1, stripped of all additional elements, recite the abstract idea as follows: “…receiving a user identifier; determining, based on the user identifier, that the user is enrolled for biometric authentication; transmitting, to a …[entity] …, a push notification, said push notification causing … to initiate a biometric authentication process; receiving a result of said biometric authentication process; and transmitting authentication data, based on said result, to a [entity]… to trigger completion of the …payment process.” 
	The claimed limitations, identified above, recite a process that, under its broadest reasonable interpretation, covers performance of a fundamental economic practice and commercial or legal interaction, but for the recitation of generic computer components. That is, other than the mere nominal recitation of a “mobile device”, an “authenticator application” and a “transaction initiation system” (claim 1), a “processor” suitably programmed, a “mobile device”, an “authenticator application” and a “transaction initiation system” (claims 9 and 17), there is nothing in the claim element which takes the steps out of the methods of organizing human activity abstract idea grouping.  Thus, the claim recites an abstract idea. Claims 9 and 17 are similarly analyzed. 
Under step 2A, prong 2, this judicial exception is not integrated into a practical application. In particular, the claim only recites using generic, commercially available, off-the-shelf computing devices, i.e. processors suitably programmed to include the mobile device, communicating over a generic network, to perform the steps of receiving, determining, transmitting, receiving, transmitting and trigger. The computer components are recited at a high-level of generality (i.e., as generic processors with memory suitably programmed communicating information over a generic network, see at least paragraphs [0058], [0099] and [0114-0120] of the specification) such that it amounts no more than adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform the abstract idea, see MPEP 2106.05(f) and generally linking the use of the judicial exception to a particular technological environment or field of use, see MPEP 2106.05 (h). Furthermore, the steps of “receiving a user identifier” and “transmitting authentication data” are considered adding insignificant extra-solution activity to the judicial exception, see MPEP 2106.05 (g). Accordingly, the additional elements claimed do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. Claims 9 and 17 are similarly analyzed.
Under step 2B, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of using generic computer processors with memory suitably programmed communicating over a generic network to perform the limitation steps amounts no more than adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform the abstract idea, see MPEP 2106.05(f) and generally linking the use of the judicial exception to a particular technological environment or field of use, see MPEP 2106.05 (h), such as leveraging blockchain technology as it was designed to be used. Furthermore, the steps of “receiving a user identifier” and “transmitting authentication data” are considered adding insignificant extra-solution activity to the judicial exception, see MPEP 2106.05 (g). Mere instructions to apply an exception using generic computer components interacting in a conventional manner cannot provide an inventive concept. The claim is not patent eligible. Claims 9 and 17 are similarly analyzed.
	For instance, in the process of claim 1, the limitation steps, claimed at a high level of generality, recite steps that are considered mere instructions to apply an exception akin to a commonplace business method or mathematical algorithm being applied on a general purpose computer, Alice Corp. Pty. Ltd.; Gottschalk and Versata Dev. Group, Inc.; see MPEP 2106.05(f)(2).  Furthermore, these the insignificant extra-solution activity steps rely on well-understood, routine and conventional computing functionality carried out by a generic processor with memory such as data gathering/transmission over a generic communication network and data storage, akin to receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec,(utilizing an intermediary computer to forward information); TLI Communications LLC (using a telephone for image transmission); OIP Techs., Inc., (sending messages over a network); see MPEP 2106.05(d)(II).
	Applicant has leveraged generic computing elements to perform the abstract idea of authentication, i.e. mitigating risk, without significantly more.
Dependent claims 2-8, 10-16 and 18-20 when analyzed as a whole and in an ordered combination are held to be patent ineligible under 35 U.S.C. 101 because the additional recited limitation(s) fail(s) to establish that the claim(s) is/are not directed to an abstract idea, as detailed below.  The additional recited limitations in the dependent claims only refine the abstract idea.  
For instance, claims 2 and 10 define the checkout process is remote and carried out by a system which is defined in the specification at paragraph [043] as what is known in the field with nothing significantly more.  As such, this is merely applying the abstract idea on generic computing elements as designed.  Claims 3, 4, 11, 12, 18 and 19 recite the organization/association and storage of data/information.  The facial recognition system is defined as a database in at least paragraph [021] of the specification.  Storing associated information in a database is an insignificant extra-solution activity and is well-understood, routine and conventional akin to storing and retrieving information in memory, Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93; see MPEP 2106.05(d)(II).  The type and specificity of the information does not change this.  Claims 5, 13 and 20 recite obtaining data, generating a template and matching the template against known, stored information.  The sensors are disclosed as cameras in paragraph [040] and the capturing of a picture to be used in the abstract idea.  This is claimed at a very high level of generality such that there is no technical detail other than how each generic component interacts together. Furthermore, a human can capture data, build a template and compare the captured data to stored data to determine if the person is a member of the system.  Claims 6 and 14 recite that an API service at least partially generates the authentication data.  There is no technical details underlying this claim such that application program interfaces are well-known in the art and are used for software to connect/interface with other software as one of ordinary skill in the art would recognize.   Claims 7 and 15 recite that the authentication data is stored or obtained which is an insignificant extra-solution activity akin to storing and retrieving information in memory, Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93; see MPEP 2106.05(d)(II).  Claims 8 and 16 recite that the authentication data contains other data in the form of WebAuthn keys.  This is interpreted to be encoding of data claimed at a high level of generality such that it is akin to the encoding/decoding of information, at best, found abstract in Recognicorp v. Nintedo.      
	Clearly, the additional recited limitations in the dependent claim only refines the abstract idea further. Further refinement of an abstract idea does not convert an abstract idea into something concrete. 
The claims merely amount to the application or instructions to apply the abstract idea (i.e. a series of steps for authentication, i.e. mitigating risk) on one or more computers, and are considered to amount to nothing more than requiring a generic computer system (e.g. processors suitably programmed, databases all communicating over a network) to merely carry out the abstract idea itself.   As such, the claims, when considered as a whole, are nothing more than the instruction to implement the abstract idea (i.e. a series of steps for authentication, i.e. mitigating risk) in a particular, albeit well-understood, routine and conventional technological environment.
Accordingly, the Examiner concludes that there are no meaningful limitations in the claims that transform the judicial exception into a patent eligible application such that the claims amount to significantly more than the judicial exception itself or integrate the judicial exception into a practical application.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Tussy (US 10,698,995)

Regarding claims 1, 9 and 17, Tussy discloses a method, system and non-transitory computer-readable medium for validation of identity of a user during (at least Abstract, at least FIG.3) a digital payment process, comprising:
receiving a user identifier; (at least col.2, lines 54-56, at least col.19, lines 5-23 and lines 39-49, col.20, lines 22-27)  
determining, based on the user identifier, that the user is enrolled for biometric authentication; (at least col.19, lines 50-53 and lines 64-67, at least col.20, lines 22-27, at least col.21, lines 26-40) 
transmitting, to a mobile device associated with the user identifier, a push notification, said push notification causing an authenticator application executing on the mobile device to initiate a biometric authentication process; receiving a result of said biometric authentication process; and transmitting authentication data, based on said result, to a transaction initiation system to trigger completion of the digital payment process; (at least col.41, lines 16-60).  

Regarding claims 2 and 10, Tussy further discloses wherein:
the digital payment process is a secure remote commerce (SRC) checkout process, and wherein the transaction initiation system is an SRC initiator; (at least col.41, lines 7-60).  

Regarding claims 3, 11 and 18, Tussy further discloses wherein:
the user identifier is a tokenized user identifier; (at least FIG.5, element 528, at least col.2, lines 54-56, at least col.17, lines 10-26, at least col.18 lines 18-40, at least col.21, lines 26-40, at least col.51, lines 38-46, at least col.52, lines 38-49.  Examiner notes that the biometric data is associated with a myriad of identifiers which reads on “tokenized” and the process of tokenization as found in claims 5, 13 and 20 below).   

Regarding claims 4, 12 and 19, Tussy further discloses wherein:
the tokenized user identifier is stored at a facial recognition system in association with biometric data of the user; (at least FIGs.4 and 5, at least col.2, lines 20-56, at least col.4, lines 40-46, at least col.18, lines 18-22 and lines 61-64).  

Regarding claims 5, 13 and 20, Tussy further discloses wherein the tokenized user identifier is determined by:
obtaining sensor data from at least one sensor; based on the sensor data, generating a biometric template; and matching the biometric template against a database of biometric templates, each biometric template of the database being associated with a tokenized user identifier of a registered user; (at least col.8, lines 35-67 and col.9, lines 1-20, at least col.46 lines 49-67, at least col.47, lines 1-14, at least col.49, lines 22-35.  Examiner notes that the prior art discloses a myriad of biometric templates created from sensors capturing biometric use data and subsequently matching the templates to a unique user for authentication.   

Regarding claims 6 and 14, Tussy further discloses wherein:
the authentication data are at least partially generated by a biometric API service; (at least FIG.18, element 1801, the downloading of an application reads on “API service”, at least col.12, lines 24-45, at least col.48, lines 55-67).   

Regarding claims 7 and 15, Tussy further discloses wherein:
at least part of the authentication data is stored at, or obtained by, the biometric API service; (at least col.48, lines 55-67).  
Regarding claims 8 and 16, Tussy further discloses wherein:
the authentication data comprises one or more WebAuthn keys; (at least col.9, lines 5-20, encryption and private keys read on “WebAuthn keys”, at least col.52, lines 1-26 and lines 50-67 and col.53, lines 1-5).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure are listed on the enclosed PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER J BRIDGES whose telephone number is (571)270-5451. The examiner can normally be reached 7:00am-3:30pm M-F EDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ryan Donlon can be reached on 571-270-3602. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER BRIDGES/Primary Examiner, Art Unit 3695                                                                                                                                                                                                        9/10/2022