DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 11/07/2022. Claims 1, 19, 20 are amended. Claim 18 is cancelled. Claims 1-17, and 19-22 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/580,863.
    					Examiner notes

Applicant is encouraged to schedule an interview with the examiner prior to the next communication to compact prosecution of the case.
Response to Arguments
Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).  

Applicant's arguments filed 11/07/2022 have been fully considered but they are not persuasive:


Applicant respectfully submits on page 9 of remarks on 11/07/2022 that Independent claims 1, 19, and 20 are amended to clarify, "causing, by the server system, based on the configured access to the external electronic claim verification service, the  client device to be directed to the external electronic claim verification service via a redirect to verify the set of claims for the user, the external electronic claim verification service causing the user to perform a set of actions to verify the set of claims for the user." For similar subject matter, the Office action points to Schwarz' discussion of a merchant verifying information initially provided by a consumer. See e.g., Schwarz, FIG. 4. However, this discussion of Schwartz requires the merchant to initially handle sensitive information of the user and broker, firsthand, a verification. This is distinguished from the claims as clarified by amendment, where the server system (which is analogized to Schwartz' merchant) does not broker a verification, and instead redirects the client device to directly interact with the external electronic claim verification service. The remaining references do not cure the deficiencies of Schwarz.


Examiner respectfully disagrees with applicant argument for claims 1, 19 and 20 filed on 11/07/2022on page 9 of remarks.

Schwarz disclose the limitation ; receiving from client device of user by the server system…causing by the server system…client device to be directed to the external electronic claim verification service via a redirect… receiving by the server system…providing by the server system… [¶13,  As shown in FIG. 1, the network environment 100 may include a user system (e.g., a system associated with a consumer or a merchant) 110 and a network-based transaction facility 120. The user system 110 may run a browser application 112 and may have access to the network-based transaction facility 120(equated to a server) via a communications network 130. The communications network 130 may be a public network (e.g., the Internet, a wireless network, etc.) or a private network (e.g., LAN, WAN, Intranet, etc.)], and [¶14, A user may utilize the browser 112 running on the user system 110 to access services provided by the network-based transaction facility 120 (redirecting user). One of the services provided by the network-based transaction facility 120 is an identity verification system 122 (directing user for this service). The identity verification system 122 may be configured to receive a billing telephone number and a personal data segment associated with a user and, based on this information, determine whether the user can be successfully authenticated. The facility 120 may also host a system to provide to users (e.g., to merchants) a payment method verification service (not shown) that may be utilized in conjunction with the identity verification system 122, as described further below with reference to FIG. 4. The identity verification system 122 may be configured to utilize services that are located remotely with respect to the network-based transaction facility 120. Such external services may include, for example, a street address service 142 that may be hosted by a third-party provider system 140, and a personal data matching service 152 that may be hosted by a third-party provider system 150. An example identity verification system may be described with reference to FIG. 2].

Examiner Note: It would be obvious to indicate that the user can send request to the network-based transaction facility (Server) to access a service and be directed to one of the many services provided by this facility such as identity verification system.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-15, and 19-22 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US2008/ 0175360) issued to Schwarz (cited in IDS filed on 10/26/2020) and in view of US Patent No. (US8, 095,972) issued to Floyd (cited in IDS filed on 10/26/2020 and further in view of WO2016/076904 issued to Carrol Ashley.
Regarding claim 1, Schwarz discloses, a method comprising: configuring, by a hardware processor, access to an external electronic claim verification service [¶15, FIG. 2 is a block diagram of an example identity verification system 200, in accordance with one example embodiment. The example identity verification system 200 may include a communications module 210, an address detector 220, a private data processor 230, a matching module 240, a business rules engine 250, and an authentication response generator 260]; and
 receiving, from a client device, a request for verifying a set of claims for a user that are input by the user into a field of an electronic document, a claim of the set of claims comprising an asserted data value regarding the user for a government registered identification value that is to be verified by the external electronic claim verification service 
[Abstract, A method and system to verify the identity of a user are described. The system may include a communications module to receive a telephone number and a plurality of digits; an address detector to obtain a geographical address associated with a user, based on the telephone number; and a business rules engine to determine whether the plurality of digits correspond to at least a portion of the social security number( government registered identification) of the user, utilizing the obtained geographical address and the received plurality of digits], and [¶11, The method to verify the identity of a user (or to authenticate a user) and an identity verification system (IVS) are described… In one example embodiment, user's identity is be verified using self-reported data elements that include personal data associated with the user that is not publicly available, e.g., the last four or all nine digits of the user's social security number (SSN), an eight digit date of birth, a portion of the user's driver's license number], and [¶16, The communications module 210 may be configured to receive, from a client (e.g., a merchant requesting the identity verification system 200 to verify the identity of a user) a billing telephone number and a private data segment associated with a user who is the subject of an identity verification request…A private data segment may include, for example, some or all of the digits of the social security number of a user, short message service (SMS) information, customer code, out of wallet type questions (e.g., the user's date of birth, the user's driver's license number, etc.), voice capture, electronic Letter of Agency (eLOA), a certified email, and an association of the user's Internet protocol (IP) address with the user's street address.]; and
Examiner Note: Floyd also discloses the input of the user as: [Col.1 lines 11-21, Authentication and authorization are two basic computer security concepts. In general, authentication refers to verifying the identity … authentication may be performed using cleartext password methods, hashed password methods, challenge-response methods, or any of many other types of methods]., and [ Col. 2 lines 38-40, many networked applications require users to be authenticated, e.g. by entering a username and password on a login screen].
 a claim of the set of claims comprising an asserted data value regarding the user that is to be verified by the external electronic claim verification service [¶23, the identity verification system 122 may be configured to utilize services that are located remotely with respect to the network-based transaction facility 120. Such external services may include, for example, a street address service 142 that may be hosted by a third party provider system 140, and a personal data matching service 152 that may be hosted by a third party provider system 150, para 0014, the street address may be provided to the identity verification system 200 via the communications module 210, e.g., from a merchant requesting to verify the identity of the user], and [Abstract, ¶16]; and
 receiving, from the external electronic claim verification service, a first response relating to verification of the set of claims [¶24, the match result generated by the matching module 240 may be utilized by the authentication response generator 260 to generate an authentication message based on the match result, para 0019, the matching module 240 compares the identification records obtained from the personal data matching service 152 with the data segment associated with the user in order to generate a match result. If it is determined, at operation 310, that the generated match result corresponds to a positive authentication of the user (the match result is acceptable), the authentication response generator generates an authentication message including an indication of a positive authentication of the user (first response), at operation 312. If it is determined, at operation 310, that the generated match result corresponds for a negative or a failed authentication of the user (the match result is not acceptable), the authentication response generator generates an authentication message including an indication of a negative authentication of the user, at operation 314, At operation 316, the authentication message is communicated to a merchant who is the source of the initial authentication request].
Schwarz disclose the limitation ; receiving from client device of user by the server system…causing by the server system…client device to be directed to the external electronic claim verification service via a redirect… receiving by the server system…providing by the server system… [¶13,  As shown in FIG. 1, the network environment 100 may include a user system (e.g., a system associated with a consumer or a merchant) 110 and a network-based transaction facility 120. The user system 110 may run a browser application 112 and may have access to the network-based transaction facility 120(equated to a server) via a communications network 130. The communications network 130 may be a public network (e.g., the Internet, a wireless network, etc.) or a private network (e.g., LAN, WAN, Intranet, etc.], and [¶14, A user may utilize the browser 112 running on the user system 110 to access services provided by the network-based transaction facility 120 (redirecting user). One of the services provided by the network-based transaction facility 120 is an identity verification system 122 (directing user for this service). The identity verification system 122 may be configured to receive a billing telephone number and a personal data segment associated with a user and, based on this information, determine whether the user can be successfully authenticated. The facility 120 may also host a system to provide to users (e.g., to merchants) a payment method verification service (not shown) that may be utilized in conjunction with the identity verification system 122, as described further below with reference to FIG. 4. The identity verification system 122 may be configured to utilize services that are located remotely with respect to the network-based transaction facility 120. Such external services may include, for example, a street address service 142 that may be hosted by a third-party provider system 140, and a personal data matching service 152 that may be hosted by a third-party provider system 150. An example identity verification system may be described with reference to FIG. 2].
Examiner Note: It would be obvious to indicate that the user can send request to the network-based transaction facility (Server) to access a service and be directed to one of the many services provided by this facility such as identity verification system.
in response to the request: causing, by the server system, based on the configured access to the external electronic claim verification service, the client device to be directed to the external electronic claim verification service vid a redirect to verify the set of claims for the user
Schwarz disclose the limitation ; receiving from client device of user by the server system…causing by the server system…client device to be directed to the external electronic claim verification service via a redirect… receiving by the server system…providing by the server system… [¶13,  As shown in FIG. 1, the network environment 100 may include a user system (e.g., a system associated with a consumer or a merchant) 110 and a network-based transaction facility 120. The user system 110 may run a browser application 112 and may have access to the network-based transaction facility 120(equated to a server) via a communications network 130. The communications network 130 may be a public network (e.g., the Internet, a wireless network, etc.) or a private network (e.g., LAN, WAN, Intranet, etc.).
[0014] A user may utilize the browser 112 running on the user system 110 to access services provided by the network-based transaction facility 120 (redirecting user). One of the services provided by the network-based transaction facility 120 is an identity verification system 122 (directing user for this service). The identity verification system 122 may be configured to receive a billing telephone number and a personal data segment associated with a user and, based on this information, determine whether the user can be successfully authenticated. The facility 120 may also host a system to provide to users (e.g., to merchants) a payment method verification service (not shown) that may be utilized in conjunction with the identity verification system 122, as described further below with reference to FIG. 4. The identity verification system 122 may be configured to utilize services that are located remotely with respect to the network-based transaction facility 120. Such external services may include, for example, a street address service 142 that may be hosted by a third-party provider system 140, and a personal data matching service 152 that may be hosted by a third-party provider system 150. An example identity verification system may be described with reference to FIG. 2.
Examiner Note: It would be obvious to indicate that the user can send request to the network-based transaction facility (Server) to access a service and be directed to one of the many services provided by this facility such as identity verification system.
 	And furthermore, Floyd discloses [Col 3 lines 10-24, facilitating user authentication for accessing an application hosted on an external web site by users in an enterprise network. In the method, a request is received from a user to access the application on the external web site. The user is redirected to a secure web page on an enterprise server to log in to the enterprise server. Authentication information for the user is formatted in compliance with a login specification for the application hosted on the external web site]; and
the external electronic claim verification service causing the user to perform a set of actions to verify the set of claims for the user, the set of actions referencing the government registered value [Abstract, the user is redirected to a secure web page on an enterprise server to log in to the enterprise server]; and 
 and providing, by the server system, to the client device, a second response based on the first response [ Abstract, the user is redirected to a secure web page on an enterprise server to log in to the enterprise server], and [Col. 2 lines 1-6, in the Kerberos approach, a user provides authentication information to a Kerberos server. In response, the Kerberos server grants the user a ticket-granting ticket. The user may then present this ticket-granting ticket to a ticket-granting server in order to get a server ticket. This server ticket may then be used to access resources such as applications], and [Abstract].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Schwarz with the teaching of Floyd in order for facilitating user authentication for accessing an application hosted on an external web site , wherein authentication of the user comprises verifying that a user's password provided during login satisfies a password strength level requirement established for applications running on an enterprise web server[ Floyd, see claim 1, Abstract].
Schwarz and Floyd do not explicitly disclose, however, WO2016/076904(Ashley) discloses verification of the claim being a prerequisite to the user to electronically sign the electronic document; wherein the user is enabled to electronically sign the electronic document based on the second response [¶54, FIGURE 3B illustrates an example electronic signature service interface 320. The interface 320 is an embodiment of interface 310, but showing an authentication mechanism control 322 for the selected user (i.e., the recipient or signer). The authentication mechanisms control 322 includes a list of different authentication mechanisms that the selected user must perform before the document is electronically signed or for the electronically signed document to be validly signed by an authentic user. The illustrated mechanisms include none (e.g., no additional verification required), access-code verification (e.g., signer must provide an access code provided by the sender, the electronic signature service, or other source), short message verification (e.g., signer must provide access code sent by the electronic signature service via SMS to the signer's phone), knowledge-based authentication (e.g., mother's maiden name). These authentication mechanisms provide additional degrees of protection to verify the identity of a user. Such identity verification could include references from verified parties of the electronic signature service who have previously completed transactions with the electronic signature service. Similarly, other identity verification can be conducted, such as, for example, matching the user's name to the name on a credit card on file, allowing users to take a photo or scan government provided identification, asking knowledge-based questions (e.g., mother's maiden name, name of school attended), linking to social network accounts, providing access codes or passwords, or the like].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Schwarz, Floyd with the teaching of Ashley in order
Regarding claim 2, Schwarz does not explicitly disclose, however, Floyd discloses wherein the set of actions performed by the user comprises: causing the user to authenticate with the external electronic claim verification service based on a set of user credentials provided by the user [Abstract, A method and system to verify the identity of a user are described. The system may include a communications module to receive a telephone number and a plurality of digits; an address detector to obtain a geographical address associated with a user, based on the telephone number; and a business rules engine to determine whether the plurality of digits correspond to at least a portion of the social security number of the user, utilizing the obtained geographical address and the received plurality of digits], and [¶16, The communications module 210 may be configured to receive, from a client (e.g., a merchant requesting the identity verification system 200 to verify the identity of a user) a billing telephone number and a private data segment associated with a user who is the subject of an identity verification request…A private data segment may include, for example, some or all of the digits of the social security number of a user, short message service (SMS) information, customer code, out of wallet type questions (e.g., the user's date of birth, the user's driver's license number, etc.), voice capture, electronic Letter of Agency (eLOA), a certified email, and an association of the user's Internet protocol (IP) address with the user's street address.]; and
Examiner Note: Floyd discloses this limitation as: [Col. 2 lines 38-40, many networked applications require users to be authenticated, e.g. by entering a username and password on a login screen], and [ Col. 1 lines 22-28, one common denominator of authentication methods is that they require the user to provide some type of information or perform some action. For example, a user may be required to provide a password, provide biological data such as a retinal scan, provide personal data such as a handwriting sample, provide a number computed based on a synchronized clock in the user's possession, etc].
Regarding claim 3, Schwarz discloses wherein the first response comprises a claim verification value that indicates whether the asserted data value has been verified[ ¶11, user's identity is be verified using self-reported data elements that include personal data associated with the user that is not publicly available, e.g., the last four or all nine digits of the user's social security number (SSN), an eight digit date of birth, a portion of the user's driver's license number, a certified electronic mail (email) address, etc].
Examiner Note: Floyd discloses this limitation as: [Col. 1 lines 22-28, one common denominator of authentication methods is that they require the user to provide some type of information or perform some action. For example, a user may be required to provide a password, provide biological data such as a retinal scan, provide personal data such as a handwriting sample, provide a number computed based on a synchronized clock in the user's possession, etc].
Regarding claim 4, Schwarz disclose, wherein the asserted data value comprises information associated with identifying the user[ ¶11, user's identity is be verified using self-reported data elements that include personal data associated with the user that is not publicly available, e.g., the last four or all nine digits of the user's social security number (SSN), an eight digit date of birth, a portion of the user's driver's license number, a certified electronic mail (email) address, etc].
Examiner Note: Floyd discloses this limitation as: [Col. 1 lines 22-28, one common denominator of authentication methods is that they require the user to provide some type of information or perform some action. For example, a user may be required to provide a password, provide biological data such as a retinal scan, provide personal data such as a handwriting sample, provide a number computed based on a synchronized clock in the user's possession, etc].
Regarding claim 5, Schwarz discloses  wherein the first response comprises a claim verification value for at least one claim in the set of claims (¶24, the match result generated by the matching module 240 may be utilized by the authentication response generator 260 to generate an authentication message based on the match result, para 0019, the matching module 240 compares the identification records obtained from the personal data matching service 152 with the data segment associated with the user in order to generate a match result. If it is determined, at operation 310, that the generated match result corresponds to a positive authentication of the user (the match result is acceptable), the authentication response generator generates an authentication message including an indication of a positive authentication of the user (first response), at operation 312. If it is determined, at operation 310, that the generated match result corresponds for a negative or a failed authentication of the user (the match result is not acceptable), the authentication response generator generates an authentication message including an indication of a negative authentication of the user, at operation 314, At operation 316, the authentication message is communicated to a merchant who is the source of the initial authentication request], and [0016] The communications module 210 may be configured to receive, from a client (e.g., a merchant requesting the identity verification system 200 to verify the identity of a user) a billing telephone number and a private data segment associated with a user who is the subject of an identity verification request].
Schwarz and Ashley do not explicitly disclose; however, Floyd discloses, and the second response comprises the claim verification value for the at least one claim in the set of claims [ Col. 1 lines 22-28, one common denominator of authentication methods is that they require the user to provide some type of information or perform some action. For example, a user may be required to provide a password, provide biological data such as a retinal scan, provide personal data such as a handwriting sample, provide a number computed based on a synchronized clock in the user's possession, etc].
Regarding claim 6, Schwarz and Ashley do not explicitly disclose, however, Floyd discloses, wherein at least one of the first response or the second response is digitally signed [Col. 5 lines 59-61, the user's authentication is then encrypted based on the external application's specifications].
Regarding claim 7, Schwarz discloses, wherein the first response comprises a result of the user authenticating with the external electronic claim verification service [¶24, the match result generated by the matching module 240 may be utilized by the authentication response generator 260 to generate an authentication message based on the match result, para 0019, the matching module 240 compares the identification records obtained from the personal data matching service 152 with the data segment associated with the user in order to generate a match result. If it is determined, at operation 310, that the generated match result corresponds to a positive authentication of the user (the match result is acceptable), the authentication response generator generates an authentication message including an indication of a positive authentication of the user (first response), at operation 312. If it is determined, at operation 310, that the generated match result corresponds for a negative or a failed authentication of the user (the match result is not acceptable), the authentication response generator generates an authentication message including an indication of a negative authentication of the user, at operation 314, At operation 316, the authentication message is communicated to a merchant who is the source of the initial authentication request].
Regarding claim 8, Schwarz, Ashley do not explicitly disclose, however, Floyd discloses, wherein the causing the user to be directed to the external electronic claim verification service to verify the set of claims for the user comprises: using a universal resource locator-based redirection to the external electronic claim verification service[ Col.5 lines 50-55, as illustrated in FIG. 2, user 200 logs in using Web Authentication with username and password and wants to go to an externally hosted application on web site 236. The user is taken to the Hosted Redirect page 204 that is hosted on the enterprise secure web site (e.g., https://WebAuthentication.Enterprise.com)].
Regarding claim 9, Schwarz, and Ashley do not explicitly disclose, however, Floyd discloses, wherein the causing the user to be directed to the external electronic claim verification service to verify the set of claims for the user comprises: providing the external electronic claim verification service with the set of claims to be verified for the user[ Col.5 lines 50-55, as illustrated in FIG. 2, user 200 logs in using Web Authentication with username and password and wants to go to an externally hosted application on web site 236. The user is taken to the Hosted Redirect page 204 that is hosted on the enterprise secure web site (e.g., https://WebAuthentication.Enterprise.com)], and [Col.1 lines 22-28, one common denominator of authentication methods is that they require the user to provide some type of information or perform some action. For example, a user may be required to provide a password, provide biological data such as a retinal scan, provide personal data such as a handwriting sample, provide a number computed based on a synchronized clock in the user's possession, etc].
Regarding claim 10, Schwarz, Ashley do not explicitly disclose, however, Floyd discloses, wherein the request from the client device is associated with at least one an electronic signature workflow or a digital certificate workflow for the user to electronically sign a document [Col.4 lines 43-44, the login site could have a security certificate set to only allow 128-bit encrypted communication with the site.].
Regarding claim 11, Schwarz, and Ashley do not explicitly disclose, however, Floyd discloses, wherein the first response comprises an authentication token embedded with a claim verification value for at least one claim in the set of claims [Col.4 lines9-10, a single web authentication token which uniquely identifies a user], and [Col. 4 lines 32-35, once authenticated, a security token representing the user's identity is stored in the browser session. The security token identifies the user as a valid user during his visit to the website]. 
Regarding claim 12, Schwarz, Ashley do not explicitly disclose, however, Floyd discloses, wherein the second response comprises an authentication token embedded with a claim verification value for at least one claim in the set of claims [Col. 4 lines 32-44, once authenticated, a security token representing the user's identity is stored in the browser session. The security token identifies the user as a valid user during his visit to the website. The encryption and expiration of that token is centrally managed by the Web Authentication tool which knows how to check the values. All applications use this common form of identity. The token itself can contain an Active Directory or any qualifying system identity and is not limited to any specific type. The security token will be set to expire after a fixed period, e.g., 8 hours. After this period, an attempt to reuse the token will cause the user to be redirected to the login page. The login site could have a security certificate set to only allow 128-bit encrypted communication with the site].
Regarding claim 13, Schwarz, and Ashley do not explicitly disclose, however, Floyd discloses, wherein the authentication token of the second response is configured to authenticate the user at the client device [Col. 4 lines 32-44, once authenticated, a security token representing the user's identity is stored in the browser session. The security token identifies the user as a valid user during his visit to the website. The encryption and expiration of that token is centrally managed by the Web Authentication tool which knows how to check the values. All applications use this common form of identity. The token itself can contain an Active Directory or any qualifying system identity and is not limited to any specific type. The security token will be set to expire after a fixed period, e.g., 8 hours. After this period, an attempt to reuse the token will cause the user to be redirected to the login page. The login site could have a security certificate set to only allow 128-bit encrypted communication with the site].
Regarding claim 14, Schwarz discloses, generating a transaction identifier associated with the request; and logging, in a data structure, information regarding a set of operations performed in response to the request, the logged information comprising the transaction identifier [¶44, “REQUEST_TRANSACTION.ACCT_ID" field 502 is used to represent account identification information associated with the client (e.g., a merchant or a consumer). "REQUEST_TRANSACTION.CLIENT_ID" field 504 is used to represent an identification number assigned to the client by the identity verification service. "REQUEST_TRANSACTION.BTN" field 506 is used to represent the billing telephone number provided by the client. "REQUEST_TRANSACTION.BTN_VAL" field 508 is used to indicate whether the subscriber line associated with the billing telephone number is to be validated in addition to validation the identity of a user. "REQUEST_TRANSACTION.L4SSN" field 510 is used to represent the last four digits of the user's social security number. "REQUEST_TRANSACTION.ADDR_RULE" field 512 is used to indicate a rule to be utilized for street address detection
Regarding claim 15, Schwarz discloses, wherein the logged information comprises a requester client identifier associated with the client device and an external claim verification service identifier associated with the external claim verification service identifier [¶44, "REQUEST_TRANSACTION.ACCT_ID" field 502 is used to represent account identification information associated with the client (e.g., a merchant or a consumer). "REQUEST_TRANSACTION.CLIENT_ID" field 504 is used to represent an identification number assigned to the client by the identity verification service. "REQUEST_TRANSACTION.BTN" field 506 is used to represent the billing telephone number provided by the client. "REQUEST_TRANSACTION.BTN_VAL" field 508 is used to indicate whether the subscriber line associated with the billing telephone number is to be validated in addition to validation the identity of a user. "REQUEST_TRANSACTION.L4SSN" field 510 is used to represent the last four digits of the user's social security number. "REQUEST_TRANSACTION.ADDR_RULE" field 512 is used to indicate a rule to be utilized for street address detection
Regarding claims 19 and 20, these claims are interpreted and rejected for the same rational set forth in claim 1.
Regarding claim 21,  Schwarz discloses  wherein the claim is determined to be verified by the external electronic claim verification service based on a workflow associated with the electronic document[¶¶3, 11 , 14,16,  Method for verifying identity of a user in an electronic commerce (e-commerce) marketplace by a service provider or vendor providing sale of digital goods or service, by using an identity verification system (IVS) (claimed) connected to a communications network such as public network e.g. Internet and wireless network, or private network e.g. local area network (LAN), wide area network (WAN) and Intranet].
Regarding claim 22, Schwarz discloses , wherein the external electronic claim verification service is selected from a plurality of external electronic claim verification services based on a workflow associated with the electronic document[¶¶3, 11 , 14,16,  Method for verifying identity of a user in an electronic commerce (e-commerce) marketplace by a service provider or vendor providing sale of digital goods or service, by using an identity verification system (IVS) (claimed) connected to a communications network such as public network e.g. Internet and wireless network, or private network e.g. local area network (LAN), wide area network (WAN) and Intranet].

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US2008/) 0175360 issued to Schwarz (cited in IDS filed on 10/26/2020 and in view of US Patent No. (US8, 095,972) issued to Floyd (cited in IDS filed on 10/26/2020 and further in view of WO2016/076904 issued to Carrol Ashley and further in view of US Patent No. (US10, 943,003) issued to Bingham.
Regarding claim 16, in response to the request: requesting consent from the user to access the external electronic claim verification service in connection with verifying the set of claims for the user 
Even though Schwarz discloses this limitation as: [¶21, as shown in FIG. 3, at operation 302, the communications module 210 of the identity verification system 200 receives a billing telephone number and a private data segment associated with a user. The billing telephone number is forwarded to a third-party provider in order for the address detector 220 to obtain, at operation 304, a street address associated with the billing telephone number. The private data processor 230 forwards the obtained street address to another third-party provider hosting a personal data matching service (e.g., the personal data matching service 152 of FIG. 1) in order to obtain, at operation 306, one or more identification records. In one example embodiment, the identity verification system 200 may be configured to permit a predetermined maximum number of identification records to be received by private data processor 230 from the personal data matching service 152. Each of the received identification records may be associated with the street address obtained by the address detector 220], and [¶22, If the address detector 220 fails to obtain the street address associated with the billing telephone number, a message may be sent back to the business rules engine 250 to automatically initiate another, alternative, identity verification method, e.g., via initiating a telephone call to the user or via receiving a telephone call from the user.
However, Schwarz, Floyd, and Ashley do not explicitly disclose this limitation and Bingham discloses [see claim 8. A method, comprising: in response to a biometric sample of a user being a match to a pre-recorded biometric sample, identifying, via an authentication server, a consent of the user stored on a blockchain, where the consent authorizes sharing of data of the user previously collected by an external service provider, and accessing, by the authentication server, shared data of the user based on the consent; presenting, by the authentication server, a question based on the shared data; receiving, by the authentication server, an answer to the question from the user; and authenticating, by the authentication server, the user based on the answer to the question and the shared data].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Schwarz, Floyd, and Ashley with the teaching of Bingham in order to implementing user authentication based on consented data and biometrics [ Bingham, Abstract, Col. 1 lines 5-7].

Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US2008/) 0175360 issued to Schwarz (cited in IDS filed on 10/26/2020 and in view of US Patent No. (US8, 095,972) issued to Floyd (cited in IDS filed on 10/26/2020 and further in view of WO2016/076904 issued to Carrol Ashley and further in view of US Patent No. (US202000134165) issued to Boodaei.
Regarding claim 17, Schwarz, Floyd, and Ashley do not explicitly disclose, however, Boodaei discloses after receiving the first response from the external electronic claim verification service: determining whether the first response indicates that the user failed to access the external electronic claim verification service; in response to determining that the first response indicates that the user failed to access the external electronic claim verification service: determining whether the user transgressed a lockout threshold for accessing the external electronic claim verification service; and in response to the user transgressing the lockout threshold, enabling a lockout status for the request [ see FIG. 1 and corresponding text for more details( ¶¶80-82, ¶¶93-99, ¶37,  in case of failure the authentication fails and the user may be denied access to the secure service; ¶41, Following each failed access attempt, the updated authentication session score may be compared to value(s) of one or more predefined thresholds, for example, an indication threshold, a lockout threshold and/or the like. The predefined thresholds' values may be extracted from the security policy of the secure service. In case the authentication session score exceeds one of the predefined threshold value one or more actions may be initiated, for example, instruct lockout of the secure service for the user…].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Schwarz, Floyd, and Ashley with the teaching of Booddaei in order to t classifying failed access attempts as a password guessing attack according to a risk-based assessment of incorrect credentials provided in the failed access attempts [Boodaei, ¶¶1, 41].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
TW201710945A (A system and method for electronic signature validation is provided. Embodiments may include analyzing at least one government identification document, wherein analyzing includes authenticating the at least one government identification document. Embodiments may further include extracting personally identifiable information pertaining to a user from the at least one government identification document and displaying a digital copy of a document to be signed to the user. Embodiments may also include capturing an electronic signature of the document by the user and receiving personally identifiable information, wherein the personally identifiable information pertains to the user and enables the user to be uniquely identified. Embodiments may further transmit a document signing transaction session].
Leake (US2006/0259440) [ A method for electronically signing a document includes the steps of accessing over a network a product page provided by a product application server, providing identification information to the product application server unique to an individual who is to sign the document, communicating information identifying a document to be electronically signed from the product application server to an electronic signature application server, verifying the individual's identity, acquiring a template of the document and populating the template with data pertaining to the individual to form a completed document and displaying the completed document on a page generated by the electronic signature application server and accessible over a network by the individual, and adding an electronic signature to the completed document to form a signed document. The signed document may be printed by the individual and may be stored as a .pdf image and also may be stored in a file that is time-stamped and hashed in a form that includes the template, signature and merged data used to populate the template.
Brown (US2004/0139327) [System and Method for Document-driven Processing of Digitally-signed Electronic Documents].
Bugbee (US2007/00443949) [Method and System for Certifying the Authority of a Signer of An Electronic Document].
Wood (US7,047,204) [ Methods for registering individuals with government programs to eliminate fraud are described herein. The method includes registering a first person with a government entity having a governmental program and issuing an individual identification code (IIC) to the first person, entering the individual identification code (IIC) into an electronic retrieval system and obtaining first data on the first person at a first point in time. The first data can include first biometric data, a first personal identification code, a first electronic signature, and combinations thereof. The method further includes linking the first data to the individual identification code (IIC), and reading second data at a second point in time, wherein the second data can include second biometric data, a second personal identification code, a second electronic signature and combinations thereof, of a second person, and wherein the second point of time is later than the first point of time. The method further includes comparing the second data with the first data to form compared data, determining from the compared data whether the second person is the first person to obtain a verified identity, and making a first transmission of the verified identity to the government entity. The first transmission includes the individual identification code (IIC) and a first query for personal information on the first person. The method further includes making a second transmission from the government entity providing the information requested in the first query and making a third transmission providing updated personal information to the government entity].
Carmichael (US20200058086) [ A consent application allows a user to obtain the users consent to some action, to verify identities of one or both users to the action, to find a proper form to obtain the consent, and finally to record the users' consent along with the biometric obtained at the time of the content. The consent can be given by one or both parties to the transaction].
Gosner (US20130019289) [0034] FIG. 2E illustrates authentication mechanisms provided by one embodiment. In particular, FIG. 2E illustrates three distinct selection scenarios 240, 243, and 246 in which one or more authentication mechanisms are selected for association with a document and/or electronic identity card provided by an example embodiment. For example, a sender may select and associate one or more authentication mechanisms with a document that is to be signed by one or more signers. Similarly, one or more of the illustrated authentication mechanisms may be used by a signer (prerequisite) to verify their identity when signing a document and/or creating an electronic identity card], and [Abstract see FIG 2e and correspond text for more details, ¶¶35-39].
Buelloni ( US20140379585) [ A method according to any one of the preceding claims, wherein said authentication step includes: a user's request to sign an electronic document towards said electronic signature Authority, sent via a first computer network, the signing user is requested to perform a transaction by means of a credit/debit/prepaid card by means of a dedicated device (POS) and/or a phone call to a predetermined phone number; optional acquisition of a user's biometric information via a dedicated device (POS), acquiring said unique ID associated to the bank card or associated to the transaction authorized/ordered via the bank card itself, and/or associated to said mobile phone line entering said unique ID in said set of signature data], and [0044] According to a preferred variant of the invention, the signature is authorized when a phone call is made/received by means of the mobile phone number associated to the user to verify the identity of the user not only by means of his/her own phone number, but also by entering a personal PIN and/or a one-time password sent through the Internet], and  [0091] The method also allows a further increase in the level of security in the paradigms of electronic signature, in which, to each user a qualified certificate is associated. In addition, if a copy of the electronically signed document in advanced mode is suitably stored in a storage server, for example, of a third-party, it is possible at any time to uniquely and safely find the identity of the subject who has signed the document by means of a shared certificated, for example, with a corporate level].
CN 106022035 A[ In yet another preferred embodiment of the present invention, the electronic signature module 2033 to execute the electronic signing operation, comprising: according to the document order, operation in the electronic signature of each document before the user finger vein authentication, the user finger vein authentication is successful, the server completes the document electronic signature operation, electronic signature after the user obtains document electronic signing operation has been completed under the specified directory, the security device is disconnected. the electronic signature module 2033 is further configured to: when the finger vein identity authentication is unsuccessful, to safety device for collecting the user finger vein information, acquisition time with 1, the acquisition times reaches set threshold is still not the authentication is successful, the server skips the document, the electronic signature of the next file operation, until all the document after executing the electronic signing operation.].
Entschew (US2013/0318354[ [¶255] An ID token 106 shown by way of example in FIG. 5a is an electronic identification card having an additional signing function, and a further ID token illustrated to the right-hand side of FIG. 5a is a signature card 106', commercially available specifically for the signing of electronic documents, to which the user must authenticate himself before using the signing function. The user 102 may thus have one or more further ID tokens, which are structured identically in principle, such as an ID token 106, which acts as an identification card having an additional signature function, and an ID token 106', which is a card purchased commercially primarily for signature purposes].
CN 101127107 A[ An electronic document automatic signing system and method, this method comprises the following steps: to generate electronic document for electronic signing; to transmit signing information to user side computer; to inform user to perform electronic signing; to determine this electronic signing operation by user; to obtain digital certification of user according to this digital certification; to generate summary of said electronic document after user passes identification validating; to encrypt summery of this electronic document according to private key of said digital certification to obtain electronic signing of said electronic document; this invention can validate identification of signing person before electronic signing, which can effectively prevent electronic signing being falsified].
Reuss (US2019/0036864) [ [0077] Although FIGS. 2A-2B depict the social networking system 102 as verifying an identity of the user 122a after providing a newsfeed and a messaging thread for the user 122a, in some embodiments, the social networking system 102 verifies an identity of the user 122a at any point before adding a digital signature to the digital document. For example, in some embodiments, the social networking system 102 verifies an identity of the user 122a when the client device 116a launches the social networking application 118a or the messaging application 120a].
JP 2016004492 A [The mobile phone 502 performs a display that allows the user to select whether or not to agree to obtain the access right (F709), and upon receiving a selection operation indicating consent from the user, the access right is exchanged with the external server 103].
Allio (US2010/0106578] [¶20, Shareholder system 120 has access to a remote server 126. As will described in more detail later, shareholder system 120 has the ability to store user information (e.g., personal information, account information, etc.), but may rely in part (or completely) on remote server 126 to access information (at the consent of the owner) associated with the user and conduct financial transactions. By way of example only, remote server 126 may be affiliated with an account associated with a user such as, but not limited to, a brokerage account, a bank account, a credit card account, a loyalty program account, and the like. Remote server 126, when used to conduct a financial transaction, may include an Automated Clearing House (ACH) network, a credit card processing network (e.g., VISA network, MasterCard network, etc.), or any other payment network known in the art. Remote server 126 may also represent a server at a company (also referred to herein as an "issuer") or a third-party vendor].
Durinovic-Johri (US5, 699,514) [user failed, lockout threshold].
Girdhar (US2020/0110870) [user failed, lockout threshold].
Kumar (US2020/0250664) [ authorization services, consent, lockout, receive response, verification service].                                                                                                                                                                                        
  Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496