DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/28/2022 has been entered.


Status of claims
This office action is in response to the amendment received on 03/28/2022.
Claims 1, 4, 25, 29-31 and 34 were amended.
Claims 2-3, 6-24, and 32-33 were canceled.
Claims 1, 4, 5, 25-31 and 34-37 are pending.
Claims 1, 4, 5, 25-31 and 34-37 were examined.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 4, 5, 25-31 and 34-37 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claims 1, 4, 26, 29, 30 and 35 recite the language “the OBO service” in multiple lines. There is insufficient antecedent basis for this language in the claims. Examiner notes that the previously recited "an on-behalf of (OBO) service" was amended to recite "an on-behalf of (OBO) web service". Examiner suggests adopting consistent terminology throughout the claims or re-introducing "an on-behalf of (OBO) web service" in addition to "an on-behalf of (OBO) web service".  Dependent claims 4, 5, 25-28, 30, 31 and 34-37 are also rejected since they depend on claims 1 and 29, respectively.


Claims 1 and 29 recite: “determining, by the processor, / determine whether to route the authentication request directly to an issuer of the payment account for authentication or indirectly to the issuer via an on- behalf of (OBO) web service for additional biometric authentication of the user based on a bank identification number (BIN) of the account identifier”. It is unclear by the claim language whether the language “based on a bank identification number (BIN) of the account identifier” refers to “determining, by the processor, / determine” (i.e. “determining, by the processor, / determine whether to route the authentication… based on a bank identification number (BIN) of the account identifier”), or whether it refers to “for additional biometric authentication of the user” (i.e. “for additional biometric authentication of the user based on a bank identification number (BIN) of the account identifier”). For purposes of Examination the interpretation of the term as tied to the determining/determine is adopted.. This duality renders the scope of the claims unclear. Dependent claims 4, 5, 25-28, 30, 31 and 34-37 are also rejected since they depend on claims 1 and 29, respectively.

Claims 1 and 29 recite: “in response to a determination to route the authentication request indirectly to the issuer, load web content into at least one of a page and a web browser displayed on a user device of the user with content for executing the additional biometric information, ”. It is unclear by the claim language whether the language “with content for executing the additional biometric information” refers to “at least one of a page and at least one of a web browser” (i.e. “load web content into at least one of a page [with content for executing the additional biometric information]and a web browser displayed on a user device of the user with content for executing the additional biometric information”), or whether it refers to “the at least one of a web browser only” (i.e. “load web content into at least one of A. a page and B. a web browser displayed on a user device of the user with content for executing the additional biometric information”). Examiner notes that the construction "at least one of a A. and B." is being interpreted as meaning “at least one of each desired criterion" (i.e. at least one page AND at least one web browser). See "The phrase “at least one of” precedes a series of categories of criteria, and the patentee used the term “and” to separate the categories of criteria, which connotes a conjunctive list.  A common treatise on grammar teaches that “an article of a preposition applying to all the members of the series must either be used only before the first term or else be repeated before each term.”  Willaim Strunk, Jr. & E. B. White, The Elements of Style 27 (4th ed. 2000)" in "Superguide Corp. v. Direct TV Enterprises, Inc., 358 F.3d 870, 69 USPQ2d 1865 (Fed. Cir. 2004) 2111.01. This duality renders the scope of the claims unclear. Dependent claims 4, 5, 25-28, 30, 31 and 34-37 are also rejected since they depend on claims 1 and 29, respectively.

Claims 4, 5, 30 and 31 recite the language “the additional authentication” in lines 2, 3, 2 and 2, respectively. There is insufficient antecedent basis for this language in the claims.

Claims 25 and 34 recite the language “the biometric authentication” in lines 3 and 3, respectively. There is insufficient antecedent basis for this language in the claims.

Claims 35 and 36 recite the language “the communication device” in lines 2 and 1, respectively. There is insufficient antecedent basis for this language in the claims.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

Claims 1, 4, 5, 25, 27-31, 34, 36 and 37are rejected under 35 U.S.C. 103 as being unpatentable over Pereira et al. (US 2014/0229388 A1) in view of Kumnick'871 (US 2015/0112871 A1).

With respect to claims 1 and 29, Pereira et al. teach a  system, comprising: a storage configured to store program instructions; and a processor coupled to the storage and configured to execute the program instructions; and a method (System and method for data and identity verification and authentication) comprising:  
receiving, via a processor, an authentication request of a transaction from a merchant including an account identifier of a payment account of a user (see Fig. 1, step 5 (18), paragraph [0032] "The vendor then sends a request for validation (Step 5) 18 to the system payment server 6, the request including, but not limited to, transaction information ( e.g., amount of the transaction, shipping address, last four digits of credit card, type of credit card) and the transaction token."; Fig. 6, online or call center purchase transaction, paragraphs [0040]-[0042]); determining, by the processor, … to route the authentication request… indirectly to the issuer via an on- behalf of (OBO) web service for additional biometric authentication of the user  (see Fig. 1, step 6 (20), paragraph [0032]:  "The payment server 6 forwards the transaction token and transaction information (Step 6) 20 to the system application server 8 for validation. The application server validates the information provided, and returns a data validation (Step 7) 22 comprising an identifier for the payment source that allows the payment server to retrieve the entire payment source information (e.g., full credit card number)" Examiner notes that a full credit card number comprises a BIN (the first 4-6 numbers on a payment card that identifies the card issuer)); 
in response to a determination to route the authentication request indirectly to the issuer, loading, by the processor, web content into at least one of a page and a web browser displayed on a user device of the user with content for executing the additional biometric information (see Fig. 1, step 11 (32_, paragraph [0033] "The application server then sends a message (Step 11) 32 containing the transaction information to the user's computing device 4 with the application program used to generate the transaction token, asking the user to confirm the transaction. For example, the message presented to the user may state: "Do you confirm the purchase at Vendor X in the amount of $X using your credit card xxxx-xxxx-xxxx-NNNN to be shipped to X address?" To confirm, the user selects "yes" or "confirm." In one embodiment, the user is then prompted to enter their PIN... In an alternative embodiment, the user may be prompted to confirm the transaction with biometric information instead of, or in addition to, entry of a PIN." browser or browser enabled application, paragraph [0063]); 
transmitting, via the processor, an authentication response of the user from the web browser to the OBO service in response to a determination to route the authentication request to the OBO service (see Fig. 1, step 12 (34), paragraph [0033] "The confirmation and PIN are sent back (Step 12) 34 to the application server, which validates the PIN. If the PIN is incorrect, the user may be prompted to re-enter the PIN (in one embodiment, the user is given three chances to enter the correct PIN, after which the transaction is automatically canceled). Likewise, if the user declines to confirm, the transaction is canceled. In an alternative embodiment, the user may be prompted to confirm the transaction with biometric information instead of, or in addition to, entry of a PIN"); 
receiving, via the processor, a response message from the OBO service which indicates that the additional biometric authentication has been performed successfully (see Fig. 1, step 13 (36), paragraph [0034] "After the application server validates the confirmation, it confirms (Step 13) 36 the transaction with the payment server, which proceeds to complete the transaction according to the transaction capture methods known in the art."); and 
transmitting, via the processor to the merchant, an authentication response indicating the additional biometric authentication is successful (see Fig. 1, "The vendor is notified of the confirmation and completion, and the transaction completed."). 
Although Pereira et al. disclose an alternative embodiment in which system 330 seeks authorization from the credit provider or financial institution 340 (see Fig. 5, steps 6, 7, paragraph [0039]), Pereira et al. do not explicitly disclose a method and system comprising:  determining… whether to route the authentication request directly to an issuer of the payment account for authentication… based on a bank identification number (BIN) of the account identifier;  

However, Kumnick'871 discloses a method and system (Multi-network token bin routing with defined verification parameters) comprising:  
determining… whether to route the authentication request directly to an issuer of the payment account for authentication… based on a bank identification number (BIN) of the account identifier (see paragraphs [0031]-[0033]; "the entity utilizing the table… can programmatically determine which of the payment processing networks are able to process transaction information for different verification schemes" paragraph [0035]; Fig. 1, acquirer computer 106 implementing a transaction routing module 116, paragraph [0048]; acquirer "uses this identified token BIN to determine which (of possibly multiple) payment processing networks to route the transaction information 156 through." paragraph [0060]; "the transaction routing module 116 is able to determine which of the payment processing networks 110A-110N to route the transaction information 156 to... Determining such logic for selecting between the identified eligible payment processing networks… is thus highly configurable based upon the preferences of the particular acquirer, and is easy to implement because of the large amount of information explicitly provided via the identified token BIN translation table 108 entry. Thus, the particular logic used is allowed to be tremendously flexible and may be implemented according to the desires of the particular acquirer 106 by one of ordinary skill in the art.", paragraph [0061]; For instance, Fig. 2, token BIN 412345 routed to network 110A).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the token BIN "globally" associated with a specific combination of payment processing networks and the BIN translation table as disclosed by Kumnick'871 in the method and system of Pereira et al., the motivation being to flexibly route the transaction to an eligible network from the set of payment processing networks identified by the entry corresponding to the token's BIN value, in order for acquirers and/or merchants to have the flexibility of choosing between multiple eligible networks (see Kumnick'871, paragraphs [0006], [0029] and [0031]).

With respect to claims 4 and 30, the combination of Pereira et al. and Kumnick'871 teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. Furthermore, Pereira et al. disclose a method and system wherein the response message from the OBO service comprises a flag indicating the additional authentication (see paragraph [0042], "second single-use, time sensitive transaction token containing information, including but not limited to, whether the transaction is confirmed or denied", user prompted to provide biometric confirmation or input (e.g. fingerprint)). 
With respect to claims 5 and 31, the combination of Pereira et al. and Kumnick'871 teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. Furthermore, Pereira et al. disclose a method and system wherein the transmitting the authentication response comprises transmitting the authentication response with a flag indicating that the additional authentication (see paragraph [0042], "second single-use, time sensitive transaction token containing information, including but not limited to, whether the transaction is confirmed or denied", user prompted to provide biometric confirmation or input (e.g. fingerprint)). 

With respect to claims 25 and 34, the combination of Pereira et al. and Kumnick'871 teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. Furthermore, Pereira et al. disclose a method and system wherein the loading, via the processor, comprises loading one or more of Hypertext Markup Language (HTML) content, JavaScript content), and i-frame content, into the web browser, for performing the biometric authentication (see paragraph [0038] "The user inputs the token into the website, and enters his or her PIN (and/or biometric information) as well 220. The website then sends a request to the system server to confirm that the token is from a registered user of that website 230. The system server determines whether the token was received from a registered member of the website and communicates the answer to the website"). 

With respect to claims 27 and 36, the combination of Pereira et al. and Kumnick'871 teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. Furthermore, Pereira et al. disclose a method and system wherein the receiving the authentication request comprises receiving, via the processor, the authentication request from a merchant plug-in (MPI) on a consumer device (see Fig. 1, vendor website, paragraph [0028] "When the user is ready to check-out or otherwise complete the transaction, the vendor website presents the user (such as through an icon) the option to complete the transaction using the system of the present invention"). 

With respect to claims 28 and 37, the combination of Pereira et al. and Kumnick'871 teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. Furthermore, Pereira et al. disclose a method and system wherein the authentication request comprises an authentication request for an e-commerce card not present (CNP) transaction between a cardholder of the payment account and the merchant (see Fig. 6, online or call center purchase transaction, paragraphs [0040]-[0042]). 


Claims 26 and 35 are rejected under 35 U.S.C. 103 as being unpatentable over Pereira et al. (US 2014/0229388 A1), in view of Kumnick'871 (US 2015/0112871 A1), in view of Kumnick'468 (US 2012/0221468 A1).
With respect to claims 26 and 35, the combination of Pereira et al. and Kumnick'871 teaches all the subject matter of the method and system as described above with respect to claims 1 and 29. The combination of Pereira et al. and Kumnick'871 does not  explicitly teach  a method and system wherein the receiving the authentication request comprises receiving, via the processor, the authentication request from a merchant computer via an application programming interface (API) which provides a connection from the merchant computer to the OBO service. 
However, Kumnick'468 discloses a method and system (Direct connection systems and methods) wherein the receiving the authentication request comprises receiving, via the processor, the authentication request from a merchant computer via an application programming interface (API) which provides a connection from the merchant computer to the OBO service (see Fig. 6, API 112A, paragraph [0105]; paragraph [0265]: "In embodiments of the invention, the merchant can connect to the payment processing network (e.g. VisaNet) via an application programming interface (API) in order to receive merchant services"). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the application programming interface as disclosed by Kumnick'468 in the method and system of Pereira et al. and Kumnick'871, the motivation being to eliminate the need for the merchant access device or merchant computer to connect to each individual acquirer (see Kumnick'468, paragraph [0265]).



Response to Arguments/Amendments
Claim rejections - 35 USC § 101
Applicant’s amendments and arguments (see remarks, pages 6-8, filed on 03/28/2022), with respect to the rejection of claims 1, 4, 5, 25-31 and 34-37 under 35 USC § 101 as being directed to an abstract idea have been fully considered. Examiner finds Applicant's arguments persuasive in view of the submitted amendments, therefore the rejection was withdrawn.  The rejection under 35 USC § 101 has been withdrawn in view of the claim amendments.

Claim rejections - 35 USC § 112(b)
Applicant’s amendments and arguments (see remarks, page 9, filed on 03/28/2022), with respect to the rejection of claims 1, 4, 5, 25-31 and 34-37 under 35 USC § 112(b) have been fully considered. Examiner finds Applicant's arguments persuasive in view of the submitted amendments, therefore the rejection was withdrawn.  However, upon further consideration, new grounds of rejection under 35 USC § 112(b) were made for claims 1, 4, 5, 25-31 and 34-37 in view of the amended language.

Claim rejections - 35 USC § 103
Applicant’s amendments and arguments (see remarks, pages 9-12, filed on 03/28/2022), with respect to the rejection of claims 1, 4, 5, 25-31 and 34-37 under 35 USC § 103 have been fully considered but are moot because the arguments do not apply to the combination of references being used in the current rejection of the amended claims.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:

Patent Literature
Evans et al. (US 2014/0279474 A1) disclose multi-purse one card transaction apparatuses, methods and systems, including determining how to route a transaction to the appropriate issuer for authorization of the transaction.
Andersson (US 2012/0116918 A1) discloses secure payment mechanism, including acquiring biometric data from a user, provide a claim to the payment server that a payment should be executed, receive a request form from the payment server, forward the request form together with identification data including biometric data acquired from the user to an IdP server, receive a reply form the IdP server and forward the reply form to the payment server.
Siegal et al. (US 2007/0198435 A1) disclose method and system for providing online authentication utilizing biometric data, including obtaining a sample biometric template (and/or new biometric image data) based on a finger scan of the user, which may then be ultimately transmitted (in either template or raw image form) to a server to enable conducting payment transactions as an authenticated user.
Fiske (WO 2013044192 A2) discloses securing transactions against cyberattacks, including a secure device that produces unique passcodes from biometric prints that can be used as one-time password.
Neuwirth (CA 2,884,416 A1) discloses obtaining a signature from a remote user, including receiving a user signature and authentication user interface for authenticating a user within a standard web browser. In other words, these user  interfaces can be browser based such that no additional hardware or software is required to be installed on client computing device 103 to provide a signature remotely.
Atherton et al. (WO 2013134832 A1) disclose method for completing e.g. financial transaction over e.g. internet for enabling consumer to make e.g. online purchase of consumer product, involves receiving confirmation regarding transaction from transaction approval center, including making purchases using a credit card, which ensures an opportunity to dispense with credit cards and instead biometrically identify the consumer as an originator of a product purchase to augment a security of credit card based transactions.

Non-Patent Literature
M. M. Mohammed and M. Elsadig (NPL 2013, listed in PTO-892 as reference "U", page 1) discloses "A multi-layer of multi factors authentication model for online banking services", including two sub-systems authentication: bank account information (Account passwords) and biometric information (face recognition).
C. Vivaracho-Pascual and J. Pascual-Gaspar (NPL 2012, listed in PTO-892 as reference "V", page 1) discloses "On the Use of Mobile Phones and Biometrics for Accessing Restricted Web Services", including a mobile-phone-application architecture to capture and send the biometric to the web server based on the use of an embedded web browser, presenting a general proposal to capture biometrics by means of a mobile phone during a standard web session.
L. Olejnik and C. Castelluccia (NPL 2013, listed in PTO-892 as reference "W", page 1) discloses "Towards Web-Based Biometric Systems Using Personal Browsing Interests", including a biometric method for the Web by treating Web browser habits as behavioral biometric traits.
Anonymous (NPL 2010, listed in PTO-892 as reference "X", page 1) discloses "Biometric Component for Portal Systems and Web Applications", including a web-based biometric component integrated as a plug-in within web applications.
C. Castro et al. (NPL 2013, listed in PTO-892 as reference "U", page 2) disclose "Runtime adaptive multi-factor authentication for mobile devices", including using a FeatureReader, in which a biometric authentication method stores feature vectors in a custom HTTP header. During the negotiation protocol, the server can receive a request with the feature vectors and use the FeatureReader to extract the vectors from the custom HTTP header.
Z. Z. Hosseini and E. Barkhordari (NPL 2013, listed in PTO-892 as reference "V", page 2) discloses "Enhancement of security with the help of real time authentication and one time password in e-commerce transactions", including a biometric authentication system.
S. Gupta and R. Johari (NPL 2011, listed in PTO-892 as reference "W", page 2) discloses "A New Framework for Credit Card Transactions Involving Mutual Authentication between Cardholder and Merchant", including integrating other verification systems such as voice or iris biometric authentication.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDUARDO D CASTILHO whose telephone number is (571)270-1592. The examiner can normally be reached Mon-Fri 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/E.C./Examiner, Art Unit 3685                                                                                                                                                                                                        
/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685