DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Arguments/Remarks (11/23/2022) amended claims 1-4, 15-19, 22 and 23.    
Amended claim 17 (re duplicative “the”) overcomes prior rejection under 35 USC 112, which is hereby withdrawn.   
Examiner acknowledges Applicant summary of interview conducted on 11/10/2022.         
Claims 1-4, 6, and 9-23 are currently pending in this final office action.

Response to Arguments
Applicant arguments (pgs 13-16) relative to the rejection of claims 1-4, 6 and 9-23 under 35 USC 101 have been considered and not found persuasive as follows: 
    Applicant asserts (pgs 14-16) the analysis fails to consider claimed improvements to the functioning of computer systems…
Response:   Initially, the Office notes that features or functionality that supposedly brings about a technological improvement must be identified in the specification and claimed in order for the claims to arguably be directed to that technological improvement (See e.g. Berkheimer v HP Inc (CAFC 2018-2-8), Slip opinion at 15-16).  
     Regarding improved computer functioning, Applicant emphasizes the amended limitations that generate a biometric authentication challenge based on a client device capability in response to a transaction qualifying for a delegation exemption. These limitations are more steps performed as a part of the risk mitigation process (see below), a part of the abstract idea. The limitations in question merely recite that a request for additional information (that happens to be biometric) is generated and sent to a client device that then sends a response.  The authentication challenge, per the claim language, is based in part on hardware capability of the client device, indicating that this capability is somehow already known.   In light of the specification (para 95 specifically), this capability is ascertained by a payment handling service.  This language reads on nothing more than, for example, having that information in a table that shows an account and a functional description of devices associated with the account.  Neither the claim or the specification provides any indication of a technical or technological improvement to the functioning of a computer as asserted by applicant. The requirement for additional information may add to the security of the authentication process itself, which is more of a business process improvement as opposed to any improvement in technical functioning of a computer.  
    Accordingly, rejection of the claims under 35 USC 101 is maintained. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-4, 6 and 9-23 are rejected under 35 U.S.C. 101 because the claimed
invention is directed to a judicial exception (i.e., an abstract idea) without significantly more. 

Step 1
Claims 1-3 and 21 recite a non-transitory computer-readable medium, which is a statutory category of invention. Claims 4, 6, 9-16, 22 and 23 recite a system comprising at least one computer device. Claims 17-20 recite a method.  All are statutory categories of invention. (Step 1: Yes)

Step 2A Prong 1
Under the 2019 PEG step 2A, Prong 1 analysis, it must be determined whether
the claims recite an abstract idea that falls within one or more designated categories of
patent ineligible subject matter (i.e., organizing human activity, mathematical concepts,
and mental processes) that amount to a judicial exception to patentability. Here, independent claim 1 at its core recites the abstract idea of:
     train an exemption success…model on an exemption success history of a plurality of different exemptions from a payment issuer authentication challenge performed by a payment issuer for a plurality of transactions, the exemption success…model being trained on the exemption success history being in correlation with one or more user characteristics and one or more transaction characteristics, the exemption success history indicating either an approval or a denial;
    determine a corresponding likelihood of success for respective ones of the
plurality of different exemptions based at least in part on the exemption success…model; 
    determine a ranking of the plurality of different exemptions based at least in part on the corresponding likelihood of success for the respective ones of the plurality of different exemptions;
      receive a payment transaction for a user account using a payment instrument from the payment issuer;
     determine, for the plurality of different exemptions, whether the payment transaction qualifies for the respective ones of the plurality of different exemptions;
      identify a delegation exemption for the payment transaction from a subset of the plurality of different exemptions for which the payment transaction qualifies that has the highest ranked corresponding likelihood of success to avoid the payment issuer authentication challenge performed by the payment issuer according to the ranking;
    in response to identifying the delegation exemption, generate a biometric authentication challenge based at least in part on at least one hardware capability of a
client device associated with the user account, the at least one hardware capability
comprising at least one of a fingerprint scan capability, a facial scan capability, or a
voice sampling capability; 
   provide the biometric authentication challenge…;
   verify a response to the biometric authentication challenge…;
    submit the payment transaction for processing by the payment issuer with the delegation exemption requested;
      determine that the delegation exemption has been approved by the payment issuer;
      update the exemption success history to include the approval of the delegation exemption; and 
      update the exemption success machine learning model based at least in
part on the updated exemption success history. 

   Here, the recited abstract idea falls within one or more of the three enumerated
2019 PEG categories of patent ineligible subject matter, to wit: fundamental economic principles, as the claim limitations describe mitigating risk as relates to authentication requirements for transactions (e.g., determining whether a requested payment transaction qualifies for an authentication exemption, based on a model (including training and updating) used to predict and rank likelihood of successful exemptions, and determining qualification of a requested payment transaction for a specific exemption, requesting and verifying additional authentication required for that exemption, approving the exemption and updating the model).  The recited computing device and client device do not necessarily preclude the claim from reciting an abstract idea.  Thus, the claim recites an abstract idea. (Step 2A Prong 1: Yes)

Step 2A, Prong 2
   The judicial exception is not integrated into a practical application.  The claim recites additional elements- non-transitory computer readable medium, computing device (with exemption selection engine, interpreted as software/programming), client device. The additional computing elements are recited at a high-level of generality (e.g., see specification, paragraphs 19 and 35 (client device), 19, 20, 35 (computing device); paras 127,128 (non-transitory computer readable medium)) such that the devices and software are generic components merely being used as tools (“apply it”) to perform the abstract idea (MPEP 2106.05(f)). The claim recites an additional element – machine learning – which merely recites programming of a computer to perform the claimed data analysis used to facilitate the abstract idea. (See, e.g., MPEP 2106.05(f)).  
    
Step 2B
   The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and as an ordered combination, they do not add significantly more (also known as an “inventive concept”) to the exception. For similar reasons as discussed above with respect to integration of the abstract idea into a practical application, the additional elements further fail to provide an inventive concept.  Accordingly, these additional elements, when considered separately and as an ordered combination, do not provide significantly more than the abstract idea because they do not impose any meaningful limits on practicing the abstract idea. Thus the claim is not patent eligible. (Step 2B – No). 

Dependent claims 2-3 and 21 are rejected under 35 USC 101. 
   Dependent claims 2 and 3 further define the abstract idea that is present in independent claim 1.  Claim 21 further describes the additional element – machine learning model – by describing its specificity to an issuer.  These dependent claims – 2, 3 and 21- do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.

Regarding independent claim 4:  the claim at its core recites the abstract idea of:
      train an exemption success…model on an exemption success history of a plurality of different exemptions from a payment issuer authentication challenge performed by a payment issuer for a plurality of transactions, the exemption success…model being trained on the exemption success history being in correlation with one or more user characteristics and one or more transaction characteristics, the exemption success history indicating either an approval or a denial;
     receive a payment transaction for a user account using a payment
instrument from the payment issuer;
    determine, for the plurality of different exemptions, whether the payment
transaction qualifies for respective ones of the plurality of different exemptions;
and
    identify a delegation exemption for the payment transaction from a subset of the plurality of different exemptions for which the payment transaction qualifies based at least in part on a corresponding likelihood of success for respective ones of the subset of the plurality of different exemptions based at least in part on the exemption success…model;
    in response to identifying the delegation exemption, generate a biometric authentication challenge based at least in part on at least one hardware capability of a
client device associated with the user account, the at least one hardware capability
comprising at least one of a fingerprint scan capability, a facial scan capability, or a
voice sampling capability; 
    provide the biometric authentication challenge…;
    verify a response to the biometric authentication challenge…;
    submit the payment transaction for processing by the payment issuer without the payment issuer authentication challenge performed by the payment issuer by applying the delegation exemption;
     determine an outcome of applying the delegation exemption for the payment transaction, the outcome indicating the approval or the denial of the delegation exemption;
     update the exemption success history to indicate the outcome; and
    update the exemption success…model based at least in part on the updated exemption success history.
     Here, the recited abstract idea falls within one or more of the three enumerated
2019 PEG categories of patent ineligible subject matter, to wit: fundamental economic principles, as the claim limitations describe mitigating risk as relates to authentication requirements for transactions (e.g., (e.g., determining whether a requested payment transaction qualifies for authentication exemptions based on an exemption success  model (including training and updating), requesting and verifying additional authentication required for that exemption, managing a requested payment transaction (i.e., approving or denying the exemption), and update the model). The recited computing device does not necessarily preclude the claim from reciting an abstract idea.  Thus, the claim recites an abstract idea. (Step 2A Prong 1: Yes)
   The judicial exception is not integrated into a practical application.  The claim recites additional elements- computing device, exemption selection engine (software). The additional computing elements are recited at a high-level of generality (e.g., see specification, paragraphs 19, 20, 35 (computing device; para 22, fig 1(exemption selection engine)) such that the devices and software are merely being used as tools (“apply it”) to perform the abstract idea (MPEP 2106.05(f)). The claim recites an additional element – machine learning – which merely recites programming of a computer to perform the claimed data analysis used to facilitate the abstract idea. (MPEP 2106.05(f))   Re step 2B, similar arguments as presented for claim 1 are applicable. 
Dependent claims 6, 9-16, 22 and 23 are also rejected under 35 USC 101.    
   Dependent claims 6 and 16 further define the abstract idea by describing further exemptions and transactions based on the exemptions – i.e., ranking exemptions (claim 6), reporting an exemption (claim 16), presenting of an authentication challenge when an exemption is denied (clm 22); action (that does not occur) because an exemption is approved (clm 23).  The claims - 6, 16, 22, 23 - recite additional elements – computing device (exemption selection engine, payment handling service executable on the device), client device, machine learning (clm 6) – for which arguments related to the additional elements, computing device, client device and machine learning, from claim 1 are applicable. These dependent claims do not include any additional elements that integrate the abstract idea into a practical application or that are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.
   Dependent claims 9 and 10 further define the abstract idea by describing (claim 9) and requesting an exemption (claim 10).  The claims recite additional elements – plugins executable in the computing device.  Such recitation is of software that adds new functions to a host program (e.g., see specification, para 29).  As such, arguments are similar to claim 4 as relates to software (e.g., the engine of claim 4) functioning on the computing device.  These dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.  
   Dependent claims 11-15 further define the abstract idea by describing different exemptions – i.e., designated payee (11), recurring payment (12), payee initiated transaction (13), transaction value below threshold (14), authentication challenge performed by payee (15).   
    These dependent claims - 6, 9-16, 22 and 23 - do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.

Regarding independent method claim 17:  the claim at its core recites the abstract idea of:
     training…, an exemption success…model on an exemption success history of a plurality of different exemptions from a payment issuer authentication challenge performed by a payment issuer for a plurality of transactions, the exemption success…model being trained on the exemption success history being in correlation with one or more user characteristics and one or more transaction characteristics, the exemption success history indicating either an approval or a denial;
     receiving,…, a payment transaction for a user account using a payment instrument from the payment issuer;
     determining,…, for the plurality of different exemptions, whether the payment transaction qualifies for respective ones of the plurality of different exemptions;
     identifying,…, a delegation exemption for the payment transaction from a subset of the plurality of different exemptions for which the payment transaction qualifies, the delegation exemption being identified based at least in part on having a highest ranked likelihood of success to avoid the payment issuer authentication challenge performed by the payment issuer according to the exemption success…model; 
    in response to identifying the delegation exemption, generating,…, a biometric authentication challenge based at least in part on at least one hardware capability of a
client device associated with the user account, the at least one hardware capability
comprising at least one of a fingerprint scan capability, a facial scan capability, or a
voice sampling capability; 
    providing,…, the biometric authentication challenge…;
    verifying,…, a response to the biometric authentication challenge…;
    submitting,…, the payment transaction for processing by the payment issuer with the delegation exemption requested;    
     determining, …, an outcome of the delegation exemption, the outcome comprising the approval or the denial; 
    updating,…, the exemption success history to indicate the outcome of the delegation exemption; and
    updating,…, the exemption success machine learning model based at least in part on the updated exemption success history.
 
    Here, the recited abstract idea falls within one or more of the three enumerated
2019 PEG categories of patent ineligible subject matter, to wit: fundamental economic principles, as the claim limitations describe mitigating risk as relates to authentication requirements for transactions (e.g., determining whether a requested payment transaction qualifies for an authentication exemption, based on using a model (including training and updating) to predict and rank likelihood of successful exemptions, and managing a requested payment transaction (i.e., determining qualification of a requested payment transaction for a specific exemption, requesting and verifying additional authentication required for that exemption, approving or denying the exemption) and updating the model.  The recited one or more computing devices do not necessarily preclude the claim from reciting an abstract idea.  Thus, the claim recites an abstract idea. (Step 2A Prong 1: Yes) 

Dependent claims 18-20 further define the abstract idea recited in claim 17 from which they depend - i.e., claims 18 and 19 further describe a denied exemption and an approved exemption.  Claim 20 further describes ranking of the exemptions. Claims 19 and 20 also recite additional element – computing device, client device – for which arguments from claim 1 to similar element are applicable. Claim 20 recites additional element - machine learning– for which arguments similar to arguments from claim 1 are applicable. These dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.
   Therefore, claims 1-4, 6 and 9-23 are not patent eligible under 35 USC 101. 

                                          Cited Prior Art
The prior art made of record and not relied upon, yet considered pertinent to applicant's disclosure is listed in attached form PTO-892:
Hubbard et al. (U.S. 2017/0109752) – shows utilizing an enhanced cardholder authentication token or indicator for card not present or online transactions 
Subramanian et al. (U.S. 2015/0269578) – shows a method of processing a commerce authentication request through a non-linear analytical model to generate a risk score

Conclusion
        THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CAROL A SEE whose telephone number is (571)272-9742.  The examiner can normally be reached on M-Th 7:00 am - 5:00 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Namrata Boveja can be reached on 571-272-8105.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CAROL A SEE/Examiner, Art Unit 3696 

/JOSEPH W. KING/Primary Examiner, Art Unit 3696