DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Related Application(s) – Prior Art of Record 
2.  The instant application is a continuation application (CON) of parent application 16/697,116 (now USPN 11,023,871).  In accordance with MPEP §609.02 A.2 and §2001.06(b) (last paragraph), the prior art cited in the above parent application has been considered, and all documents cited or considered ‘of record’ in that application are now considered cited or ‘of record’ in this application. 

Status
3.  Pending claims 1-20 are rejected for the reasons given below. 

Claim Rejections – Double Patenting – (Anticipatory-type, Issued Patent)

4.  Claims 1, 3, 5, 7, 8, 10, 12, 14, 15, 17 and 19-20 of the instant application are rejected on the ground of anticipatory non-statutory double patenting, as being unpatentable over claims 1-20 of USPN 11,023,871 (the ‘871 patent) issuing from the parent ‘116 application of the instant application noted above. 
The instant claims are not identical to the issued claims, but they are not patentably distinct from the issued claims.  Independent claims 1, 8 and 15 of the instant application are anticipated by independent claims 1, 11 and 19 of the ‘871 patent.  Claims 1, 11 and 19 of the ‘871 patent are directed to a method or process for providing a token having a sufficient token level for user-requested first and second actions involving an ATM.  These claims include subject matter that is in essence a narrower “species” of the generic invention which is the subject matter of the instant application claims 1, 8 and 15 since the instant claims include less than all of the limitations and/or subject matter than that of the issued independent claims of the ‘871 patent. 
It has been held that a generic invention (i.e., an invention having broader claims that essentially include common recited features, but not all, of the narrower issued claims) is “anticipated” by the “species” of the generic invention that is within the scope of the generic invention. (See In re Goodman, 29 USPQ2d 2010 (Fed. Cir. 1993))  Here, the subject matter of the independent claims of the instant application is broader than that of the independent claims of the issued patent since the independent claims of the instant application simply include less than all the claimed features of the issued independent claims.  Therefore, independent claims 1, 8 and 15 of the instant application are anticipated by independent claims 1, 11 and 19 of the ‘871 patent. 
Dependent claims 3, 5, 7, 10, 12, 14, 17 and 19 of the instant application include the substantially same subject matter found in claims 1-20 of the ‘871 patent. 
A timely filed terminal disclaimer in compliance with 37 CFR §1.321(c) or §1.321(d) may be used here to overcome a rejection based on a non-statutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. (See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159; See also, MPEP §§706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA ) 
A terminal disclaimer must be signed in compliance with 37 CFR §1.321(b).  The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/forms/.  The filing date of the application determines which form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens.  An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/ guidance/eTD-info-I.jsp. 

Claim Rejections - 35 USC §101
5. 35 U.S.C. §101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 

6.  Claims 1-20 are rejected under 35 U.S.C. §101 because the claimed invention is directed to non-statutory patent ineligible subject matter. (See, Alice) 
In sum, claims 1-20 are rejected under 35 U.S.C. §101 because the claimed invention recites and is directed to a judicial exception to patentability (i.e., an abstract idea) and does not provide an integration of the recited abstract idea into a practical application nor include an inventive concept that is “significantly more” than the recited abstract idea to which the claim is directed. (MPEP §2106) 
In determining subject matter eligibility in an Alice rejection under 35 U.S.C. §101, it is first determined as Step 1 whether the claims are directed to one of the four statutory categories of an invention (i.e., a process, a machine, a manufacture, or a composition of matter).  Here, the claims are directed to the statutory category of a process (claims 1-7), a machine (claims 8-14) and a manufacture (claims 15-20). (MPEP §2106)  Therefore, we proceed to Step 2A, Prong 1. 
Under a Step 2A, Prong 1 analysis (MPEP §2106.04), it must be determined whether the claims recite an abstract idea that falls within one or more enumerated categories of patent ineligible subject matter (i.e., certain methods of organizing human activity, one or more mathematical concepts, and/or one or more mental processes) that amounts to a judicial exception to patentability.  Here, the independent claims at their core recite the abstract idea of: 
authenticating, … , a user … with an authentication method based on a token level that an action requested by the user requires;
sending, … , an authorization token to the (user) … , the authorization token associating the (user) … with the token level; 
receiving, … , a second request from the (user) … to perform a second action that invokes a service, wherein the second request comprises the authorization token and an identifier associated with an automated teller machine (ATM), and wherein the identifier is encoded in a matrixed identifier displayed on the ATM that the (user) … ; and 
causing, … , the service to verify that the token level in the authorization token is sufficient to perform the second action and issue instructions to the ATM to cause the ATM to complete the second action and … to display (to the user) a confirmation screen indicating that the ATM completed the second action. 
Here, the recited abstract idea falls within one or more of the three enumerated categories of patent ineligible subject matter (MPEP §2106), to wit: certain methods of organizing human activity, which includes fundamental economic practices or principles and/or commercial interactions (e.g., processing/facilitating an action between a user and an ATM to facilitate actions and mitigate against fraud (risk mitigation), including facilitating funds transfers and other financial transactions (see e.g., Spec. ¶¶ 002-003, 013-014 and 018), and including authentication of the user and including other recited steps indicated above as the abstract idea of the claims). 
The identified recited abstract idea to which the independent claim(s) is/are directed does not include limitations or additional elements that integrate the abstract idea into a practical application, since the recited features of the abstract idea are being applied/performed on an additional element such as a computer or other computing device or a network or on an interface, or are being performed via software programming, where these additional elements are recited at a high degree of generality and are simply being used as a tool (“apply it”) to implement the recited abstract idea. (MPEP §§2106.04(d) I; 2106.05(f)) 
Under Step 2A, Prong 2 (MPEP §2106.04) the recited additional elements are evaluated to determine whether they provide an integration of the recited abstract idea into a practical application. (i.e., whether they provide a technological solution).  Here, the recited additional elements, such as:  a “system,” one or more “processor,” a “mobile application” operating on a user “mobile device,” an “ATM,” and a “memory” or a “computer-readable device” storing executable instructions to accomplish various functions, do not amount to an inventive concept since the claims are simply using these additional elements as a tool to carry out the abstract idea (i.e., “apply it”) on a computer, a data or communication network, or another computing device, and/or via software programming. (MPEP §2106.05(f))  The additional elements are specified at a high level of generality as simply facilitating and/or performing generic computer data receipt and processing/analysis steps, data storage and communication, and outputting/displaying steps such as those typically used in a general purpose computer, a computing system, and a computer network, where the additional elements are being used in the claims to simply implement the abstract idea without themselves being technologically improved.  Thus, the claims do not provide an integration into a practical application. 
Under the Step 2B analysis (MPEP §2106.05), it is determined whether the recited additional elements amount to something “significantly more” than the recited abstract idea to which the claims are directed. (i.e., provide an inventive concept).  Here, the recited additional elements, identified above in the Step 2A, Prong 2 analysis, do not amount to an inventive concept since, as stated above in the Step 2A, Prong 2 analysis, the claims are simply using the additional elements as a tool to carry out the abstract idea (i.e., “apply it”) on a computer, a data or communication network, or another computing device, and/or via software programming, where the additional elements are specified at a high level of generality as simply facilitating and/or performing generic computer data receipt and processing/analysis steps, data storage and communication, and outputting/displaying steps such as those typically used in a general purpose computer, a computing system, and a computer network, where the additional elements are being used in the claims to simply implement the abstract idea and are not themselves being technologically improved, and therefore do not provide something “significantly more.” (See e.g., MPEP §2106.05 I.A.)
The dependent claims simply further refine and limit the abstract idea recited by the independent claims, from which these claims respectively directly or indirectly depend, where the abstract idea is described above. 
Claims 2, 9 and 16 simply further refine the abstract idea by requiring further risk mitigation by determining a risk tier for an action with the ATM and comparing the risk tier to a token level, which steps are simply a risk mitigation determination and comparing risk data, and these claims do not add any element or feature that provides an integration into a practical application technological solution to a technological problem or that technologically improves any element used to carry out the abstract idea (i.e., there is no provision of an integration of the recited abstract idea into a practical application for Step 2B) or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B).  (See MPEP § 2106.05) 
Claims 3, 10 and 17 simply further refine the abstract idea by requiring calculating a value of prior withdrawals and a velocity value for the prior withdrawals and then determining an associated risk tier based on the calculations, which steps are simply risk mitigation determinations, and these claims do not add any element or feature that provides an integration into a practical application technological solution to a technological problem or that technologically improves any element used to carry out the abstract idea (i.e., there is no provision of an integration of the recited abstract idea into a practical application for Step 2B) or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B).  (See MPEP § 2106.05) 
Claims 4, 11 and 18 simply further refine the abstract idea by requiring determination that a risk level/token level is not sufficient for a requested action with the ATM which requires a risk mitigation step of an additional user authentication step and then creating a new token having an elevated level based on the risk mitigation determination, which steps are simply risk mitigation determinations and authentication for actions/transaction based on the risk mitigation determinations, and these claims do not add any element or feature that provides an integration into a practical application technological solution to a technological problem or that technologically improves any element used to carry out the abstract idea (i.e., there is no provision of an integration of the recited abstract idea into a practical application for Step 2B) or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B).  (See MPEP § 2106.05) 
Claims 5, 12 and 19 simply further refine the abstract idea by requiring that a certain login procedure be used, which is simply comparing various user entered data to stored data to authenticate the user, and these claims do not add any element or feature that provides an integration into a practical application technological solution to a technological problem or that technologically improves any element used to carry out the abstract idea (i.e., there is no provision of an integration of the recited abstract idea into a practical application for Step 2B) or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B).  (See MPEP § 2106.05) 
Claims 6, 13 and 20 simply further refine the abstract idea by requiring that the token used for the user to interact with the ATM be certain type of token, which is simply used to mitigate risk and to authenticate the user, and these claims do not add any element or feature that provides an integration into a practical application technological solution to a technological problem or that technologically improves any element used to carry out the abstract idea (i.e., there is no provision of an integration of the recited abstract idea into a practical application for Step 2B) or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B).  (See MPEP § 2106.05) 
Claims 7 and 14 simply further refine the abstract idea by requiring that the token used in risk mitigation to authorize the user to perform an action with the ATM includes a timestamp that is used to allow the token to be active for certain amount of time, which is simply providing additional data (timestamp data) that is used to mitigate risk and to authenticate the user by having the authentication token valid only for a certain period of time, and these claims do not add any element or feature that provides an integration into a practical application technological solution to a technological problem or that technologically improves any element used to carry out the abstract idea (i.e., there is no provision of an integration of the recited abstract idea into a practical application for Step 2B) or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B).  (See MPEP § 2106.05) 
Thus, neither the independent claims nor the dependent claims, viewed individually and as a whole, including the limitations of each claim viewed individually and in combination, do not add any additional element or other subject matter that provides a technological improvement (i.e., an integration into a practical application) that results in the claims being directed to patent eligible subject matter nor do the claims provide something significantly more than the recited abstract idea. 

Claim Rejections - 35 USC § 103
7.  In the event the determination of the status of the application as subject to AIA  35 U.S.C. §102 and §103 (or as subject to pre-AIA  35 U.S.C. §102 and §103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. §103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

8.  Claims 1, 5, 8, 12, 15 and 19 are rejected under 35 U.S.C. §103 as being unpatentable over Zhang et al. (from applicant’s IDS - US Patent Publication 2015/0334099 A1, hereinafter Zhang) in view of Jamkhedkar et al. (from applicant’s IDS - US Patent Publication 2019/0073663 A1, hereinafter Jamkhedkar), and in further view of Ferreira da Silva (US Patent Publication 2010/0280926 A1, hereinafter Da Silva). 
	Regarding claim 1, Zhang discloses: 
A computer implemented method, comprising: authenticating, by one or more processors, a user of a mobile application on a mobile device with an authentication method based on a token level that an action requested by the user requires; and sending, by the one or more processors, an authorization token to the mobile device, the authorization token associating the mobile device with the token level  [a system (comprising: server(s), processor(s), a memory, one or more computer-readable medium having stored instructions to cause various actions to be performed) which receives a service request from a user mobile device to perform one or more actions, via a mobile app, and determines if a required level of authentication for a user mobile device, based on the token level, has been achieved (user authenticated), where a token is created having a stepped-up level for the requested service, and where an appropriate level token is generated and sent to user device for use – see e.g., at least Figs 1-4 and 9 (including associated text) and including at least the abstract and ¶¶ 011, 015, 037, 059-060, 065, 068-069, 071, 081 (info regarding mobile device application(s) used), ¶ 092] 
receiving, by the one or more processors, a second request from the mobile application to perform a second action that invokes a service, wherein the second request comprises the authorization token and an identifier associated with an automated teller machine (ATM)  [a subsequent service request(s) (second request, etc.) is received by the system, which request may include the token, for performing a subsequent action (e.g., for access to a requested resource, including accessing an ATM), where the request causes a service application (service invoked) to be used to ensure the requesting customer is authenticated for servicing the request, and where the request may also include ATM PIN information (identifier associated with the ATM) – see e.g., at least ¶¶ 079, 077, 066] 
causing, by the one or more processors, the service to verify that the token level in the authorization token is sufficient to perform the second action and issue instructions to the ATM to cause the ATM to complete the second action  [received subsequent service request(s) (second request, etc.) for performing an action are performed by the system when such request(s) have an associated token having a required authentication level for the requested action(s) – see e.g., at least ¶¶ 076, 071] 
Zhang substantially discloses the invention, but appears to not explicitly disclose that the identifier is encoded in a matrixed identifier displayed on the ATM that the mobile device scans; and causing, by the one or more processors, the mobile application to display a confirmation screen indicating that the ATM completed the second action.  However, Jamkhedkar discloses a system and various methods for processing various transactions/actions between an ATM and a user having a mobile device, including causing the system to display on the ATM a QR code (matrix identifier) that is scanned by the user device to cause a financial action for the user. [Jamkhedkar, see e.g., at least Figs. 1C, 2A, 5 and 7 (including associated text) and including at least the abstract and ¶¶ 013, 018 and 040-043] 
Da Silva discloses a system and various methods of processing user-requested transactions at an ATM machine, including causing the ATM to display a confirmation screen to confirm that a user-requested transaction/action has been completed. [Da Silva, see e.g., at least Figs. 1-3 and 4B (including associated text) and including at least the abstract and ¶ 051]  It would have been obvious to one of ordinary skill in the art at the time the application was filed to have included with the token level generation and usage system and method of Zhang, the use of an ATM-presented identifier QR code for scanning by a user as taught by Jamkhedkar, and the displaying of an ATM transaction/action completed confirmation screen as taught by Da Siva, since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable and usable to accomplish the invention.  (See, KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398 (2007), and MPEP §2143 I. A.) 

Since claims 8 and 15 are substantially directed to the features and subject matter of claim 1, these claims are rejected for the grounds and rationale used to reject claim 1. 

	Regarding claims 5, 12 and 19, Zhang discloses that the action is a login and the authentication method compares a login and a password received from the mobile device.  [during user login action the entered password is compared to an expected password for a given level – See e.g., at least Fig 7 (610 &710); ¶¶ 040-041, 062-064, 066] 

9.  Claims 6, 13 and 20 are rejected under 35 U.S.C. §103 as being unpatentable over Zhang in view of Jamkhedkar and Da Silva, and in further view of Frederick et al. (US Patent Publication 2020/0280846 A1, hereinafter Frederick). 
	Regarding claims 6, 13 and 20, Zhang in view of Jamkhedkar and Da Silva substantially discloses the invention, but appears to not explicitly disclose that the authorization token is an OAuth 2.0 access token.  However, Frederick discloses a system and various methods for providing tokens having various protocols and levels of permissions and trust levels for use in financial transactions for risk mitigation purposes, including the use of OAuth 2.0 tokens and servers for authentication and permissions in those transactions. [Frederick, see e.g., at least Figs. 1 and 4 (including associated text) and including at least the abstract and ¶¶ 009, 024-026 and 039]  It would have been obvious to one of ordinary skill in the art at the time the application was filed to have included with the token level generation and usage system and method of Zhang, the use of an ATM-presented identifier QR code for scanning by a user as taught by Jamkhedkar, the displaying of an ATM transaction/action completed confirmation screen as taught by Da Siva, and the use of an OAuth 2.0 token (access token) in the scheme of Zhang to provide additional transaction risk mitigation, since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable and usable to accomplish the invention.  (See, KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398 (2007), and MPEP §2143 I. A.) 

10.  Claims 7 and 14 are rejected under 35 U.S.C. §103 as being unpatentable over Zhang in view of Jamkhedkar and Da Silva, and in further view of Miri et al. (US Patent Publication 2018/0061179 A1, hereinafter Miri) and Tsukamura (US Patent Publication 2005/0182925 A1, hereinafter Tsukamura). 
	Regarding claims 7 and 14, Zhang in view of Jamkhedkar and Da Silva substantially discloses the invention, but appears to not explicitly disclose that the authorization token comprises a timestamp that indicates an expiration of the authorization token, and wherein the authorization token remains in effect for a certain amount of time that varies based on the token level.  However, Miri discloses a system and various methods for performing financial transactions, including transferring funds, from one financial account to another using risk mitigation techniques such as a time-based authorization token having an associated level of security, where the token expires after a designated time period and includes an associated timestamp used by the system to indicate when the token will expire. [Miri, see e.g., at least Figs. 1-2 (including associated text) and including at least the abstract and ¶¶ 038, 076, and 080-081] 
	Tsukamura discloses a system and various methods for providing a multi-mode token for providing authorization/authentication of a user, including use of the token for a user login procedure, and teaches that the token has an expiration time period that varies depending on the desired security level of the token. [Tsukamura, see e.g., at least Figs. 3-4 and 7 (including associated text) and including at least the abstract and Claims 1 and 2]  It would have been obvious to one of ordinary skill in the art at the time the application was filed to have included with the token level generation and usage system and method of Zhang, the use of an ATM-presented identifier QR code for scanning by a user as taught by Jamkhedkar, the displaying of an ATM transaction/action completed confirmation screen as taught by Da Siva, and the use of an authorization/authentication token for a financial transaction (e.g., funds transfer) that has an associated timestamp to indicate an expiration of the token, where the token expiration time period varies depending on the security/risk level of the token, as taught by Miri and Tsukamura, which would provide additional transaction risk mitigation in the scheme of Zhang, since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable and usable to accomplish the invention.  (See, KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398 (2007), and MPEP §2143 I. A.) 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Joseph W. King whose telephone number is (571) 270-5776.  The examiner can normally be reached Mon - Fri 8 AM - 4 PM EST.  If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Namrata Boveja, can be reached at (571) 272-8105.  The examiner’s fax phone number is (571) 270-6776, and the fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300. 
Examiner interviews are available via telephone, or via video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview applicant may call the Examiner or use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  If you have questions about accessing the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (USA or CANADA) or (571) 272-1000. 

/JOSEPH W. KING/Primary Examiner, Art Unit 3696