DETAILED ACTION
Status of Claims
The present application is being examined under the AIA  first to file provisions.
This action is in reply to the amendment filed on 10/11/2022.
Claims 1-3, 5, 23, 27, 29-36 have been amended and are hereby entered.
Claims 10-22, 24-26, and 28 have been canceled.
Claims 1-9, 23, 27, and 29-36 are currently pending and have been examined.
The previous 112 and 101 software per se rejections have hereby been withdrawn due to amendments to the claims. 
This action is FINAL.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1-9, 23, 27, and 29-36 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant's arguments filed 10/11/2022 with respect the claims as being rejected under 35 U.S.C. 101 for being directed towards an abstract idea have been fully considered but they are not persuasive.
Applicant argues #1:
The Non-Final Office Action, beginning on page 5, applies the framework for patent eligibility described in Alice Corp., 573 U.S. 208 (2014), 110 USPQ2d at 1980 ("Alice"); and Mayo Collaborative Servs. v. Prometheus Labs., Inc., 566 U.S. 66, 71, 101 USPQ2d 1961 ("Mayo"), 1965 (2012). On page 6, the Non-Final Office Action asserts that the limitations of claim 1 recite "commercial or legal interactions ... but for the recitation of generic computing components." As described in detail below, Applicant respectfully disagrees with this characterization of claim 1, as amended herein, and instead submits that the claimed invention recites patent eligible subject matter, particularly in light of MPEP @ 2106; DDR Holdings, LL C v. Hotels.com, L.P., 773 F.3d 1245 (Fed. Cir. 2014) ("DDR Holdings"), Enfish, LL C v. Microsoft Corp., 822 F.3d 1327 (Fed. Cir. 2016) ("Enfish").
The Supreme Court has long recognized that all inventions, at some level, embody or 
apply laws of nature, natural phenomena, and abstract ideas. Mayo, 566 U.S., at op. at2). As noted in Mayo "we tread carefully in construing this exclusionary principle lest it swallowall of patent law." Id. At some level, "all inveen  ons . . . embody, use, reflect, rest upon, or applylaws of nature, natural phenomena, or abstract ideas." Id. Alice/Mayo Framework, Step 2A, Prong One: 


Examiners response:
The Examiner respectfully disagrees, the claims here are not like those the Court found patent eligible in DDR, in which the inventive concept was in the modification of conventional mechanics behind website display to produce a dual-source integrated hybrid display because applicant’s claims here do not address problems unique to the Internet or require an arguably inventive device or technique for displaying information.  With regards to Enfish, the courts applied the distinction to reject the § 101 challenge at stage one because the claims in Enfish focused not on asserted advances in uses to which existing computer capabilities could be put, but on a specific improvement — a particular database technique — in how computers could carry out one of their basic functions of storage and retrieval of data. Enfish, 822 F.3d at 1335-36; see Bascom, 827 F.3d at 1348-49, 2016 WL 3514158, at *5; cf. Alice, 134 S.Ct. at 2360 (noting basic storage function of generic computer). The present case is different: the focus of the claims is not on such an improvement in computers as tools, but on certain independently abstract ideas that use computers as tools.
Applicant argues #2:
On page 6, the Non-Final Office Action asserts that claim 1, "other than reciting that the apparatus comprises a processor, and memory nothing in the claim elements are directed towards anything other than commercial or legal interactions." While claim 1 does recite "a transaction" and "a transaction request," alleging that claim 1 is purely directed to a commercial interaction but for the recitation of generic computing components would be a mischaracterization of the language of claim 1, as amended herein. Instead, Applicant respectfully submits that claim 1 is directed to security techniques for ensuring secure user authentication over a network. Applicant notes although claim 1 integrates the various security techniques into a particular application (e.g., entering into a transaction), the various security techniques recited in claim 1 could instead be used in other contexts, such as entry into secure areas or to gain access to a particular online domain.
Claim 1 recites that a user employs a "terminal device" to capture "biometric characteristic information of a user with at least one of a camera and fingerprint collector of the terminal device." This alone is not a traditional feature of a commercial transaction and even assuming, arguendo, that biometric information is known in certain contexts, these specific recitations of claim 1 are not a part of any traditional commercial interaction. Further, Applicant respectfully notes that the "biometric characteristic information" is used not simply to verify a transaction directly with a card issuer or financial institution (i.e., to verify the user's account), but is instead transmitted "to a target biometric information server" to retrieve "card information ... determined by the target biometric information server based on the biometric characteristic information." This enables the user to obtain card information that the user may otherwise not have access to without requiring a physical card or token and while ensuring that the user is properly authorized to receive the card information.
The card information and biometric characteristic information are then recited as being sent to an authorization server that is separate from the target biometric information server. The authorization server performs a separate authorization using the transmitted biometric characteristic information and "registered biometric characteristic information corresponding to the card information from the target biometric information server." Notably, the authorization server is not required to store any biometric information using the techniques recited in claim 1. Additionally, at least two stages of user identity verification are described, first a user uses the terminal device to capture the biometric characteristic information and then retrieves card information using the biometric characteristic information. Then the authorization server uses the card information (as retrieved in the first stage) to determine the registered biometric information (from the target biometric information server) and compares the biometric characteristic information included in the transaction request to that registered biometric information.
Applicant respectfully submits that these techniques recited in claim 1, as amended herein, are directed to providing online security and user authentication using biometric characteristic information. Accordingly, Applicant respectfully submits that, with the amendments made herein, claim 1 is not directed to the alleged "commercial interaction" (Non-Final Office Action at page 6) even if the security techniques recited in claim 1 are ultimately used in that context. In addition, Applicant notes that the independent claims 1 and 23 have been amended to recite various hardware that perform specialized functionality defined by the language of the claims.


Examiners response:
The Examiner respectfully disagrees, the claims do not recite using the biometric and card information in other contexts, such as entry into secure areas or to gain access to a particular online domain, therefor this argument is moot.   With regards to capturing the biometric information using the camera or fingerprint collector, this is using the terminal device as tools, and part of the technical environment in which the idea for looking up someone’s card information and verifying their identity is being limited to, akin to  Gathering and analyzing information using conventional techniques and displaying the result, TLI Communications, 823 F.3d at 612-13, 118 USPQ2d at 1747-48;, and  collecting and comparing known information (claim 1), which are steps that can be practically performed in the human mind, Classen Immunotherapies, Inc. v. Biogen IDEC, 659 F.3d 1057, 1067, 100 USPQ2d 1492, 1500 (Fed. Cir. 2011);
Applicant argues #3:
Alice/Mayo Framework, Step 2A, Prong Two: 
Even assuming arguendo that claim 1 is deemed to recite a commercial interaction under Step 2A, Prong One, Applicant respectfully submits that the recitations of claim 1 are integrated into a practical application and are thus not directed to the alleged abstract idea of a commercial interaction on that basis. 
As noted in MPEP § 2106.04(d)(1), "[a] claim reciting a judicial exception is not directed to the judicial exception if it also recites additional elements demonstrating that the claim as a whole integrates the exception into a practical application. One way to demonstrate such integration is when the claimed invention improves the functioning of a computer or improves another technology or technical field." Additionally, MPEP § 2106.04(d)(1) describes that:
The courts have not provided an explicit test for this consideration, but have instead illustrated how it is evaluated in numerous decisions. These decisions, and a detailed explanation of how examiners should evaluate this consideration are  provided in MPEP 2106.05(a). In short, first the specification should be evaluated to determine if the disclosure provides sufficient details such that one of ordinary skill in the art would recognize the claimed invention as providing an improvement. The specification need not explicitly set forth the improvement, but it must describe the invention such that the improvement would be apparent to one of ordinary skill in the art... [s]econd, if the specification sets forth an improvement in technology, the claim must be evaluated to ensure that the claim itself reflects the disclosed improvement. That is, the claim includes the components or steps of the invention that provide the improvement described in the specification. The claim itself does not need to explicitly recite the improvement described in the specification (e.g., "thereby increasing the bandwidth of the channel"). 
In claim 1, after retrieving the card information using the biometric characteristic information transmitted to the target biometric information server, the card information is then sent to an authorization server along with the biometric characteristic information (captured by the terminal device). The authorization server performs authorization verification "based on the biometric characteristic information included in the transaction request and registered biometric characteristic information corresponding to the card information from the target biometric information server" (claim 1, emphasis added). In this recitation, the card information is used to find the registered biometric characteristic information that is stored at the target biometric information server. In this way, the "biometric characteristic information included in the transaction request" need only be compared against that registered biometric characteristic information that is associated with the card information, and not against a large database of biometric information stored by the target biometric information server. This reduces latency and the number of computations needed for the online authorization processing.
This technical improvement is described in the specification at, for example, paragraph [0065] which states, in part, "thus there is no need to use the biometric characteristic information to be matched with multiple pre-registered biometric characteristic information one by one, which can increase speed of determination of the card information, thereby improving transaction processing efficiency." Accordingly, not only does the specification describe improvements to existing technology, but these improvements are embodied in claim 1. For these additional reasons, Applicant respectfully submits that claim 1 is integrated into a practical application and thus requests withdrawal of the 35 U.S.C. § 101 rejection of claim 1.

Examiners response:
Furthermore, with regards to the argument that the claims provide “thus there is no need to use the biometric characteristic information to be matched with multiple pre-registered biometric characteristic information one by one, which can increase speed of determination of the card information, thereby improving transaction processing efficiency”, the Federal Circuit has also indicated that mere automation of manual processes or increasing the speed of a process where these purported improvements come solely from the capabilities of a general-purpose computer are not sufficient to show an improvement in computer-functionality. FairWarning IP, LLC v. Iatric Sys., 839 F.3d 1089, 1095, 120 USPQ2d 1293, 1296 (Fed. Cir. 2016); Credit Acceptance Corp. v. Westlake Services, 859 F.3d 1044, 1055, 123 USPQ2d 1100, 1108-09 (Fed. Cir. 2017). Similarly, the Federal Circuit has indicated that a claim must include more than conventional implementation on generic components or machinery to qualify as an improvement to an existing technology (see MPEP 2106.04(a)).  Therefore this argument is not persuasive.  Further with regards to the information being collected and sent between the servers and terminal device, this is akin to Alice Corp. and ineligible for the same reasons, in which the Court walked through the test and found:
The Court identified the additional elements in the claim, e.g., by noting that the method claims recited steps of using a computer to "create electronic records, track multiple transactions, and issue simultaneous instructions", and that the product claims recited hardware such as a "data processing system" with a "communications controller" and a "data storage unit" (573 U.S. at 224-26, 110 USPQ2d at 1984-85); 
    PNG
    media_image1.png
    18
    19
    media_image1.png
    Greyscale

The Court considered the additional elements individually, noting that all the computer functions were "‘well-understood, routine, conventional activit[ies]’ previously known to the industry," each step "does no more than require a generic computer to perform generic computer functions", and the recited hardware was "purely functional and generic" (573 U.S. at 225-26, 110 USPQ2d at 1984-85); and
	
	
Applicant argues #4:
Alice/Mayo Framework, Step 2B: 
Applicant respectfully submits that the recitations of claim 1, when considered as a whole, amount to significantly more than any alleged abstract idea (such as the "commercial interaction" identified on page 6 of the Non-Final Office Action) and is thus patent eligible for this additional reason. 
Consider, for example, Example 35 of the Subject Matter Eligibility Examples promulgated by the USPTO (hereinafter the "PEG"). Example 35 of the PEG evaluates the following claim: 
3. A method of conducting a secure automated teller transaction with a financial institution by authenticating a customer's identity, comprising the steps of: 
obtaining customer-specific information from a bank card,
comparing, by a processor, the obtained customer-specific information with customer information from the financial institution to verify the customer's identity, by generating a random code and visibly displaying it on a customer interface of the automated teller machine, 
obtaining, by the automated teller machine, a customer confirmation code from the customer's mobile communication device that is generated in response to the random code, and  determining whether the customer confirmation code matches the random code, and 
automatically sending a control signal to an input for the automated teller machine to provide access to a keypad when a match from the analysis verifies the authenticity of the customer's identity, and to deny access to a keypad so that the transaction is terminated when the comparison results in no match.
Claim 3 of Example 35 describes providing security for automated teller machine (ATM) transactions by causing a code to be displayed on a user's phone and then requiring that this code be entered into the ATM to prevent a stolen card being improperly used. However, the PEG finds claim 3 to be patent eligible, stating:
However, the combination of the steps (e.g., the ATM's provision of the random code, the mobile communication device's generation of the customer confirmation code in response to the random code, the ATM's analysis of the customer confirmation code, and the ATM's subsequent sending of a control signal to provide or prevent access to the keypad of the ATM and thus allow or prevent a transaction based on the analysis of the code data sets) operates in a  non-conventional and non- generic way to ensure that the customer's identity is verified in a secure manner that is more than the conventional verification process employed by an ATM alone. In combination, these steps do not represent merely gathering data for comparison or security purposes, but instead set up a sequence of events that address unique problems associated with bank cards and ATMs (e.g., the use of stolen or "skimmed" bank cards and/or customer information to perform unauthorized transactions). Thus, like in BASCOM, the claimed combination of additional elements presents a specific, discrete implementation of the abstract idea. Further, the combination of obtaining information from the mobile communication device (instead of the ATM keypad) and using the customer confirmation code (instead of a PIN) to verify the customer's identity does not merely select information by content or source, in contrast to Electric Power, but instead describes a process that differs from the routine and conventional sequence of events normally conducted by ATM verification, such as entering a PIN, similar to the unconventional sequence of events in DDR. The additional elements in claim 3 thus represent significantly more (i.e., provide an inventive concept) because they are a practical implementation of the abstract idea of fraud prevention that performs identity verification in a non- conventional and non-generic way, even though the steps use a combination of well-known components (an ATM and mobile communication device). Claim 3 is eligible.
Similarly, the claimed combination of steps in claim 1, as amended herein, do not merely recite generic steps of gathering data for comparison or security purposes, but instead set up a unique sequence of events that prevent unauthorized electronic transactions. Similar to claim 3 in Example 35 of the PEG, Claim 1 does not merely recite conventional data comparison steps, but instead recites specific steps to perform both card information retrieval and identity verification using at least three separate devices (e.g., the terminal device, target biometric information server, and authorization server). For example, after retrieving the card information using the biometric characteristic information captured using the terminal device, the card information is sent with the biometric characteristic information to a different device - the authorization server. The authorization server uses the card information to compare the biometric characteristic information with registered biometric characteristic information corresponding to the card information from the target biometric information server. Applicant respectfully submits that the specific combination of recitations included in claim 1 recite fraud prevention in electronic transactions in a non-conventional and non-generic way and that the recitations of claim 1, as amended herein, thus amount to significantly more than any alleged abstract idea. 
In view of the above, Applicant respectfully submits that claim 1 recites patent eligible subject matter under the tests laid out by the U.S. Supreme Court in Alice Corp., 573 U.S. at 216, 110 USPQ2d at 1980 ("Alice"); and Mayo Collaborative Servs. v. Prometheus Labs., Inc., 566 U.S. 66, 71, 101 USPQ2d 1961 ("Mayo"), 1965 (2012). Withdrawal of the 35 U.S.C. § 101 rejection of claim 1 is respectfully requested.
Claims 2-9 and 27 depend from claim 1, directly or indirectly, and thus incorporate all of the recitations of claim 1. As such, these claims are patent eligible for at least the same reasons as described above in reference to claim 1, as well as for the specific recitations included in these dependent claims. Withdrawal of the 35 U.S.C. § 101 rejections of claims 2-9 and 27 is earnestly solicited. 
Similarly, although the recitations of claim 23 are not identical to those of claim 1, the patent eligibility of claim 23 will be apparent in light of the discussion above in reference to claim 1. Withdrawal of the 35 U.S.C. § 101 rejection of claim 23 is respectfully solicited. Claims 29-36 depend from claim 23, directly or indirectly, and thus incorporate all of the recitations of claim 23. As such, these claims are patent eligible for at least the same reasons as described above in reference to claim 23, as well as for the specific recitations included in these dependent claims. Withdrawal of the 35 U.S.C. § 101 rejections of claims 29-36 is earnestly solicited.


Examiners response:
The Examiner respectfully disagrees, the focus of the claims of the instant application is on the terminal device to send and receive biometric information needed to lookup the user’s card information and perform the transaction, the servers of the instant application are not positively recited as performing any steps, other than the terminal device receives information from the servers need to complete the transaction.  In Example 35 the claims were directly addressing a problem to prevent card skimming, and recited combination of the steps and additional elements (e.g., the ATM's provision of the random code, the mobile communication device's generation of the customer confirmation code in response to the random code, the ATM's analysis of the customer confirmation code, and the ATM's subsequent sending of a control signal to provide or prevent access to the keypad of the ATM and thus allow or prevent a transaction based on the analysis of the code data sets), which in the Example was found to be eligible.  The combination of steps of the instant application amount limiting the judicial exception to a particular environment for sending and receiving information needed to complete a transaction with the terminal device being the only device positively recited as performing sending and receiving information between the servers to complete the transaction, akin to someone forgetting their credit card and using their social security number or some other sort personal information to call customer service and lookup and use their account.
For the reasons above, the 101 rejection is hereby maintained.
	
	
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-9, 23, 27, and 29-36 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more, and fails step 2 of the analysis because the focus of the claims is not on the devices themselves or a practical application but rather directed towards an abstract idea, the analysis is provided below.
Step 1 (Statutory Categories) – Asides from claim 27 (as noted above, which is directed towards non-statutory software per se), the claims pass step 1 of the subject matter eligibility test (see MPEP 2106(III)) as the remaining claims are directed towards a method and apparatus (assuming dependent claims 29-36 depend on 23 rather than cancelled claim 10). 
Step 2A – Prong One (Do the claims recite an abstract idea?) -  The idea is recited in the claims, in part, by:
capturing biometric characteristic information of a user;
transmitting the biometric characteristic information;
receiving card information of the user fed back, wherein the card information is determined based on the biometric characteristic information;
transmitting a transaction request corresponding to the card information, wherein the transaction request includes the card information and the biometric characteristic information;
receiving a transaction authorization verification result fed back, wherein the transaction authorization verification result is obtained through an authorization verification on a transaction corresponding to the transaction request, the authorization verification is performed based on the biometric characteristic information included in the transaction request and registered biometric characteristic information corresponding to the card information; and
performing the transaction according to the transaction authorization verification result.
The steps recited above under Step 2A Prong 1 of the analysis under the broadest reasonable interpretation covers commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations) but for the recitation of generic computer components.   That is other than reciting the terminal device with at least one of a camera and fingerprint collector, a target biometric information server, an authorization server, a transaction processing apparatus (in the terminal device) comprising a processor, and memory nothing in the claim elements are directed towards anything other than commercial or legal interactions.  If a claim limitation, under its broadest reasonable interpretation, covers commercial or legal interactions, then it falls within the “Certain Methods of Organizing Human Activities” groupings of abstract ideas.  Accordingly, the claims recite an abstract idea.  
Step 2A – Prong Two (Does the claim recite additional elements that integrate the judicial exception into a practical application?) - This judicial exception is not integrated into a practical application.  In particular, the claims only recite the additional elements of the terminal device with at least one of a camera and fingerprint collector, a target biometric information server, an authorization server, a transaction processing (in the terminal device) comprising a processor, and memory.  The additional elements are recited at a high level of generality such that it amounts to no more than mere instructions to apply the exception using generic computer components and limits the judicial to the computer environment.  Mere instructions to apply the judicial exception using generic computer components and limiting the judicial exception to a particular environment are not indicative of a practical application (see MPEP 20106.05(f) and MPEP 20106.05(h)).    The specification does not provide any indication that the additional elements are other than generic computer components.  Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.  The claims are directed towards an abstract idea.
Step 2B (Does the claim recite additional elements that amount to significantly more than the judicial exception?) - The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, as discussed above, with respect to integration of the abstract idea into a practical application, the additional elements of using the terminal device with at least one of a camera and fingerprint collector, a target biometric information server, an authorization server, a transaction processing (in the terminal device) comprising a processor, and memory to perform the steps recited above in Step 2A Prong 1 of the analysis amounts to no more than mere instructions to apply the exception using generic computer components and limits the judicial exception to the computer environment.  Mere instructions to apply an exception using a generic computer components and limiting a judicial exception to a particular environment does provide an inventive concept.  The additional elements have been considered separately, and as an ordered combination, and do not add significantly more (also known as an “inventive concept”) to the judicial exception.  Further, MPEP 2106.05(d)(ii) provides that receiving and transmitting data over a network (see buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network), and Electronic recordkeeping, Alice Corp. Pty. Ltd. v. CLS Bank Int'l, 573 U.S. 208, 225, 110 USPQ2d 1984 (2014) (creating and maintaining "shadow accounts"); Ultramercial, 772 F.3d at 716, 112 USPQ2d at 1755 (updating an activity log); are well-understood routine and conventional, similar to the instant application claims which recites and sending and receiving biometric and card data over network to perform a transaction. This is akin to someone forgetting their credit card and using their social security number or some other sort personal information to contact customer service and lookup and use their account.  The claims are not patent eligible.
The dependent claims have been given the full analysis including analyzing the additional limitations both individually and in combination as a whole.  For instance, claims 2-9, 27, and 29-36 are all steps that fall within the “Certain Methods of Organizing Human Activities” groupings of abstract ideas further the defining the abstract idea and what information is sent over the network.  The Dependent claims when analyzed both individually and in combination are also held to be patent ineligible under 35 U.S.C. 101 for the same reasoning as above and the additional recited limitations fail to establish that the claims are not directed to an abstract idea.  The additional limitations of the dependent claims when considered individually and as an ordered combination do not amount to significantly more than the abstract idea.
 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3-6, 9, 23, 27, 30-33, and 36 are rejected under 35 U.S.C. 103 as being unpatentable over Bigioi (US Patent Application Publication 20180189767), “Bigioi” in view of Zoka, et al. (US Patent Application Publication 20020062291), “Zoka”.
As per claim 1, Bigioi discloses:
A transaction processing method performed at a terminal device, the method comprising: [0006]
capturing biometric characteristic information of a user with at least one of a camera and fingerprint collector of the terminal device;  [0038-0039], [0056] In many embodiments, biometric authentication of a user can include any or all of: capturing biometric information using one or more biometric sensors and an application processor on the portable device, sending the biometric information to a secure biometric processor on the portable device… In some embodiments, biometric information is collected from one or more biometric sensors 104 by application processor 106 and provided to the secure biometric processor 102. In other embodiments, the secure biometric processor 102 obtains biometric information from the biometric sensors 104 without involving the application processor 106. Biometric sensors 104 may include, but are not limited to, a Near Infrared Reflectance (NIR) camera configured to receive NIR-type data, a Visibility (VIS) camera configured to receive VIS-type data, such as RGB data, a Serial Peripheral Interface (SPI) 206 configured to receive data, a Serial Peripheral Interface for Inter Integrated Circuit Communications (SPI/I2C) configured to receive data, such as for example, fingerprint data, a Virtual Channel Output Interface, and/or a MIPI Appliance interface.
transmitting the biometric characteristic information to a target biometric information server; [0056-0060], [0067] In many embodiments of the invention, a portable device with a secure biometric processor may be presented in place of a physical payment card for a payment transaction. The portable device may retrieve stored payment card information from the secure biometric processor and provide it to a point of sale device, such as a payment terminal… The process 400 includes sending (412) a request for payment card information from a portable device to a payment card provider server. The request can be made, for example, by an application on a portable device, such as a mobile application. The request may be sent to a uniform resource locator (URL) address, for example, of a payment card provider server. In addition, the request may be sent using Secure Sockets Layer (SSL) or other public key encryption scheme. In many embodiments, the request includes authentication credentials and/or biometric data of a user. In some embodiments, the request includes a user identifier of the user associated with the authentication credentials and/or biometric data
receiving card information of the user fed back by the target biometric information server, wherein the card information is determined by the target biometric information server based on the biometric characteristic information; [0068-0069] A payment card provider server receives the request for payment card information, extracts the authentication credentials and/or biometric data from the request, and verifies (414) the received authentication credentials and/or biometric data … A payment card is identified (418) using the user identifier, authentication credentials, and/or payment card identifier. Payment card information of the identified payment card is retrieved and sent to the portable device for storage on the secure biometric processor. In many embodiments, the payment card information is encrypted.
Bigioi does not expressly disclose the following, Zoka, however discloses:
transmitting a transaction request to an authorization server corresponding to the card information wherein the transaction request includes the card information and the biometric characteristic information;   [0123] Referring to FIG. 9, the e-commerce user (12) initiates a purchase transaction(94) with an online vendor/merchant (24) by inputting credit card information (96). The user (12) also scans their fingerprints (98) which are encrypted (100) and transmits this information (102) to the online vendor/merchant (24). The online vendor/merchant (24) process the query (104) to verify that the credit card user is authorized and that funds are available. The online vendor/merchant (24) either rejects (106) or accepts the transaction (110) which is transmitted (112) to the user.
receiving a transaction authorization verification result fed back by the authorization server, wherein the transaction authorization verification result is obtained through an authorization verification by the authorization server on a transaction corresponding to the transaction request, the authorization verification is performed based on the biometric characteristic information included in the transaction request and registered biometric characteristic information corresponding to the card information from the target biometric information server; and  [0116], [0123] Referring to FIG. 9, the e-commerce user (12) initiates a purchase transaction(94) with an online vendor/merchant (24) by inputting credit card information (96). The user (12) also scans their fingerprints (98) which are encrypted (100) and transmits this information (102) to the online vendor/merchant (24). The online vendor/merchant (24) process the query (104) to verify that the credit card user is authorized and that funds are available. The online vendor/merchant (24) either rejects (106) or accepts the transaction (110) which is transmitted (112) to the user…Touch Scan (30) verifies use of a credit card by comparing submitted biometric information with biometric data previously supplied by the credit card holder. In addition to providing verification identification services for the online/vendor merchant, Touch Scan will verify, using a secure connection (48), the availibility of funds with the credit card provider (32). This information will be transmitted to the online/vendor merchant (24) by secure conection (48). The online/vendor merchant (24) will communicate by secure connection (50) with the e-commerce user as to the whether the transaction is approved or rejected.
performing the transaction according to the transaction authorization verification result. [0123] Referring to FIG. 9, the e-commerce user (12) initiates a purchase transaction(94) with an online vendor/merchant (24) by inputting credit card information (96). The user (12) also scans their fingerprints (98) which are encrypted (100) and transmits this information (102) to the online vendor/merchant (24). The online vendor/merchant (24) process the query (104) to verify that the credit card user is authorized and that funds are available. The online vendor/merchant (24) either rejects (106) or accepts the transaction (110) which is transmitted (112) to the user.
It would have been obvious to one having ordinary skill in the art at the time the invention was filed to modify Bigioi with the ability to further use the credit card and fingerprint information to verify the credit card user is an authorized user as taught by Zoka, doing provides another level of security for reducing fraudulent transactions [0043-0044]. Further, since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.

As per claims 3, and 30, Bigioi discloses:
wherein the method further comprises: transmitting identification information of the user to the target biometric information server, wherein the card information is determined by the target biometric information server based on retrieved registered biometric characteristic information corresponding to the identification information when the received biometric characteristic information captured by the terminal device and the retrieved registered biometric characteristic information refer to the same user. [0056-0060], [0067] In many embodiments, the request includes authentication credentials and/or biometric data of a user. In some embodiments, the request includes a user identifier of the user associated with the authentication credentials and/or biometric data... In many embodiments of the invention, a portable device with a secure biometric processor may be presented in place of a physical payment card for a payment transaction. The portable device may retrieve stored payment card information from the secure biometric processor and provide it to a point of sale device, such as a payment terminal. In many embodiments, a biometric authentication is performed on the user before providing payment card information... sending the biometric information to a secure biometric processor on the portable device, performing a match using the captured biometric information and previously stored biometric information on the secure biometric processor, and receiving confirmation from the secure biometric processor whether any of the captured biometric information matches any of the stored biometric information (or to what degree there is a match)… The process 300 includes determining (314) a set of payment cards that are available to the user.

As per claims 4, and 31, Bigioi discloses:
wherein the card information comprises: original card information that has not been subject to a tokenization processing, or card tokenization Token information that has been subject to the tokenization processing. [0063] The payment terminal can decrypt the payment card information and use the decrypted payment card information to request a transaction with the associated payment card processor. In other embodiments, payment card information is encrypted and only the payment card processor has decryption key(s) or cryptographic information that is capable of decrypting the payment card information. The payment terminal can send a request for a transaction including the encrypted payment card information to the associated payment card processor and the payment card processor can decrypt the payment card information in the process of approving the transaction. In several embodiments, payment card information is transmitted from the portable device without using the application processor.

As per claim 5, Bigioi discloses:
wherein the transmitting the biometric characteristic information to the target biometric information server comprises: transmitting the biometric characteristic information to an intermediate biometric information server, wherein the card information is determined based on identity information from the intermediate biometric information server, the identity information corresponding to retrieved registered biometric characteristic information matching the biometric characteristic information.  [0029] Biometric identification data of a user may be captured by a portable device using any of a variety of techniques for capturing and storing biometric data on a secure biometric processor implemented in the device. Once the biometric information is stored on the secure biometric processor, the portable device may provide the biometric identification data to a credit card service to authenticate the user to a payment card service. The portable device may also use the biometric identification data when the user attempts to use the portable device to conduct a financial transaction using the payment card information from the secure biometric processor.

As per claims 6, and 33, Bigioi discloses:
wherein the transmitting the transaction request to the authorization server corresponding to the card information comprises: transmitting the transaction request to the authorization server corresponding to card information selected by the user from the card information fed back from the target biometric information server. [0044], [0063] An interface may display names of one or more payments cards for which encrypted information is stored on secure biometric processor 102 of portable device 100. The display may be arranged as a menu, a set of icons or any other graphical form. The interface may receive input from a user indicating selection of one or the payment cards to be used and the selection communicated to secure biometric processor 102. In some embodiments, the display of the user interface is generated by the application processor 106. In several embodiments, the application processor 106 may request a listing of payment cards from the secure biometric processor 102, for example, using an application program interface (API)… The payment terminal can send a request for a transaction including the encrypted payment card information to the associated payment card processor and the payment card processor can decrypt the payment card information in the process of approving the transaction. In several embodiments, payment card information is transmitted from the portable device without using the application processor.

As per claims 9, and 36, Bigioi discloses:
wherein the biometric characteristic information comprises one or more of the following items: facial information, fingerprint information, voiceprint information, iris information and palmprint information. [0007] In a further embodiment, the set of biometric information includes a fingerprint scan.

As per claims 23, claim 23 recite substantially similar limitations to those found in claim 1, respectively.  Therefor claim 23 is rejected under the same art and rationale as claim 1.  Furthermore, Bigioi discloses an apparatus comprising a processer and computer program stored on a memory [0038-0039].
As per claims 27, claim 27 recite substantially similar limitations to those found in claim 1, respectively.  Therefor claim 27is rejected under the same art and rationale as claim 1.  Furthermore, Bigioi discloses a computer readable storage medium [0038-0039, 0042].

Claims 8, and 35 are rejected under 35 U.S.C. 103 as being unpatentable over Bigioi in view of Zoka in view of  Maheshwari, et al. (US Patent Application Publication 20190057390), “Maheshwari”
As per claims 8 and 35, Bigioi does not expressly disclose the following, Maheshwari, however discloses:
wherein the transaction request comprises a transaction authorization verification mode selected by the user. [0014-0015], [0173], [0182-184]  Since the person conducting the transaction needs to correctly select which biometric authentication method to use with the transmitted key (e.g., correctly choose from among 10 possible fingerprints, or select iris scanning or facial recognition as the mode of authentication), an additional layer of security is added to the cardholder verification process, thereby reducing the risk of fraudulent transactions… receiving a payment request from the payment terminal, the request including cardholder data and a biometric authentication request… At step 518, the payment terminal 12 receives data representing biometric input from a purchaser and sends message data to the biometric system 18. In the embodiment with multiple biometric sensors, the message data sent to the biometric system 18 further includes the type of biometric input, e.g., fingerprint scan or retina scan… If the data representing biometric input from the purchaser matches with the reference biometric template associated with the key, then the biometric system 18, at step 526, authenticates the request. The biometric system 18 then performs the authentication step 527 of: [0183] (a) generating payment authorization request message data including an indication that the biometric input from the purchaser matches with the reference biometric template associated with the key;
It would have been obvious to one having ordinary skill in the art at the time the invention was filed to modify Bigioi with the ability to require the user to correctly choose the correct biometric authentication method and send data representing the biometric input to authenticate a transaction request as taught by Maheshwari doing so an additional layer of security is added to the cardholder verification process, thereby reducing the risk of fraudulent transactions [0014-0015].

Claims 2 and 29 are rejected under 35 U.S.C. 103 as being unpatentable over Bigioi in view of Zoka in view of Goenka, et al. (US Patent Application Publication 20190166120), “Goenka”.
As per claims 2 and 29, Bigioi does not expressly disclose the following, Goenka, however discloses:
wherein the method further comprises: transmitting transaction verification capability supported by the terminal device to the target biometric information server, wherein the card information is determined based on the transaction verification capability and a transaction authorization verification mode required by the authorization server.  [0001], [0035-0037], [0048] The authentication entity and the remote device 504 may exchange various information such as a username of an email account with which the user has with the email service, a format with which messages are to be communicated back and forth, a communication protocol to use for communication, acceptable types of authentication that the authentication entity can use, authentication capabilities of the computing device 502, etc…The authentication relationship may be established in various ways, such as through a handshake exchange of a username of a user for which the authentication entity is to authenticate for access to a service provided by the remote device, such as to an email account provided by an email service hosted by the remote device. The authentication relationship may be stored by the authentication entity within a data structure comprising the username and/or other information such as acceptable or referred authentication techniques requested by the remote device, user login credentials of the user with the service, communication information of the remote device (e.g., an IP address, a communication protocol, and/or other information used to transmit information to the remote device), security information (e.g., encryption keys) used to securely communicate information between the authentication entity and the remote device, etc. In this way, the authentication entity may create authentication relationships with any number of remote devices hosting a variety of services…In another example, the user may have an online bank account with a banking service in order to view account balance information and perform fund transfers. In this way, the user may have a hundred or more accounts with different services. To provide security and privacy for the user, services may require that the user authenticate with the service before granting the user access to an account. For example, the user can create a username and password with a service.
It would have been obvious to one having ordinary skill in the art at the time the invention was filed to modify Bigioi with the ability to detect the acceptable types of authentication method supported by the terminals as taught by Goenka, doing so allows the user to establish authentication relationships to access their accounts based on the authentication capabilities of their device [0001, 0048].

Claims 7 and 34 are rejected under 35 U.S.C. 103 as being unpatentable over Bigioi in view of Zoka in view of Gerard, et al. (US Patent Application Publication 20190065874), “Gerard”.
As per claims 7 and 34, Bigioi discloses:
wherein the method further comprises: performing bioassay on the user; [0058-0059] In some embodiments, one or more biometrics of the user are authenticated (312). In many embodiments, biometric authentication of a user can include any or all of: capturing biometric information using one or more biometric sensors and an application processor on the portable device, sending the biometric information to a secure biometric processor on the portable device, performing a match using the captured biometric information and previously stored biometric information on the secure biometric processor, and receiving confirmation from the secure biometric processor whether any of the captured biometric information matches any of the stored biometric information (or to what degree there is a match). In further embodiments, a biometric authentication is required only when the payment amount is over a predetermined number. A biometric match token may be passed to the payment terminal to evidence that biometric(s) were validated…With a liveness check, a biometric sensor or other component of the portable device performs an action to obtain dynamic information (e.g., a physical response) from the user to verify that static information cannot be used to give a false positive. For example, a biometric sensor configured to capture an image or characteristics of a user's iris or face could be tricked by using a photo of the user's iris or face. A liveness check could include (but is not limited to) flashing a light to provoke contraction of the iris or blinking of the eye.
Bigioi does not expressly disclose the following, Gerard, however discloses:
wherein the transaction request comprises results of the bioassay. [0069] For example, authentication token 238 may be generated by associating the facial signature 234 with the card signature 236 to authenticate the user. Authentication token 238 may also be generated by combining each of the facial signature 234 (e.g. determined in step 924), card signature 236 (e.g. determined in step 922) and the results of step 926 identifying that the user is a live user. Authentication token 238 may then be used to initiate transaction approval request 144. For example, in embodiments, authentication token 238 is transmitted, as at least a part of device transaction approval request 144, from device 106 to card manager 108 and subsequently used by authenticator 118 to authenticate the transaction between user 102 and merchant 110.
It would have been obvious to one having ordinary skill in the art at the time the invention was filed to modify Bigioi with the ability to include the authentication token including the results that the user was identified as a live user as taught Gerard, doing further allows the results of the liveness test to subsequently be used to authenticate the transaction by including the results in the request message [0069].


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY S CUNNINGHAM II whose telephone number is (313)446-6564. The examiner can normally be reached Mon-Fri 8:30am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bennett Sigmond can be reached on 303-297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

GREGORY S. CUNNINGHAM II
Primary Examiner
Art Unit 3694



/GREGORY S CUNNINGHAM II/Primary Examiner, Art Unit 3694