Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This communication is a Non-Final Office Action rejection on the merits. Claims 1-24 are currently pending and have been addressed below.

Examiner’s Comments
	Intended Use
The recitation of the intended use of the claimed invention does not serve to differentiate the claim from the prior art.  See MPEP 2103 I C, “… Language that suggests or makes a feature or step optional but does not require that feature or step does not limit the scope of a claim under the broadest reasonable claim interpretation. The following types of claim language may raise a question as to its limiting effect: (A) statements of intended use or field of use...”
Claims 1, 18 and 24, recites “...for presentation to the user via the second application window”
Claims 9 and 22, recites “...for presentation to the user through the identity decisioning application”
Claim 11, recites “...the login information being provided by the user through the identity decisioning application”
Claims 12 and 13, recites “...automatically retrieved from the user device”
Claim 18, recites “...configured to execute…”

Non-Functional Descriptive Material
4.	The following claims are directed toward conveying a message or meaning to a human reader independent of the intended computer system; and/or the non-transitory computer-readable medium merely serves as a support for information or data. (MPEP 2111.05 I-II) They do not play a role or perform some function with respect to the computer. Thus, this descriptive material will not distinguish the claimed invention from the prior art in terms of patentability, see In re Ngai, 367 F.3d 1336, 70 USPQ2d 1862 (Fed. Cir. 2004); Ex parte Nehls, 88 USPQ2d 1883, 1888-1889 (BPAI 2008); Cf. In re Gulack, 03 F.2d 1381, 1385, 217 USPQ 401, 403-04 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 1583-84, 32 USPQ2d 1031, 1035 (Fed. Cir. 1994).
	Claims 1, 18 and 24 recite “...the second application window at least partially overlapping the first application window”
	Claim 4 recites “wherein the risk level of the transaction is selected from a list...”
	Claim 10 recites “wherein the identity verification data comprises at least one of...”
Claim 11 recite “wherein the login information comprises a username and password associated with the identity decisioning application...” 
Claim 12 recites “wherein the passive information comprises device identification information associated with the user device”
Claim 13 recites “wherein the passive information comprises environmental parameters associated with the transaction and . . . the environmental parameters comprising at least one of a timestamp associated with initiation of the transaction and a location of the user device”
Claim 14 recites “wherein the personally identifying information comprises at least one of...”
Claim 16 recites “wherein the initial verification data comprises at least one of...”
Claim 17 recites “wherein the preliminary threshold is a zero risk level”

Conditional Language / Contingent Limitations
5.	The broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent are not met. The broadest reasonable interpretations of a system (or apparatus or product) claim having structure that performs a functions, which only needs to occur if a condition precedent is met, requires structure for performing the function should the condition occur. Accordingly, once the positively recited steps are satisfied, the method as a whole is satisfied -- regardless of whether or not other steps are conditionally performed under certain other hypothetical scenarios. (In re Johnston, 77 USPQ2d 1788 (CA FC 2006); Intel Corp. v. Int'l Trade Comm'n, 20 USPQ2d 1161 (Fed. Cir. 1991); MPEP § 2103 I C).
	Claim 1 recites “if the risk level exceeds a predetermined threshold: selecting...  determining... and determining an identity decisioning result...”; “if the risk level does not exceed the predetermined threshold, determining... and presenting the identity decisioning result...”
	Claim 3 recites “the identity decisioning result is a success result if the risk level does not exceed the predetermined threshold or if the outcome of the at least one authentication exam is a passing outcome” and “the third-party website permitting the user to complete the transaction if the identity decisioning result is the success result”
	Claim 7 recites “wherein selecting at least one authentication exam comprises... if the risk level is a high risk level”
	Claim 15 recites “if the preliminary risk level exceeds a preliminary threshold, requesting…” “if the preliminary risk level does not exceed the preliminary threshold, using…”

Claim Rejections - 35 USC § 101
6.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

7.	Claims 1-24 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
, claims 1-17 are directed to a method, claims 18-23 directed to a server and claim 24 directed to a non-transitory computer readable medium. Therefore, these claims fall within the four statutory categories of invention.
	The claim(s) are directed to user authentication in a transaction, which is an abstract idea. Specifically, the claims recite the steps of “receiving a request... to confirm an identity of a user attempting a transaction...”, “causing the user... to display a second... window for presenting an identity decisioning...”, “assessing... a risk level associated with the transaction based on identity verification data...”, “selecting... at least one identity authentication exam for presentation to the user via the second... window,...”, “determining... an outcome of the at least one identity authentication exam based on a user response thereto”, “and determining an identity decisioning result based on the outcome of the at least one authentication exam...”, “determining the identity decisioning result based on the risk level associated with the transaction”, “and presenting the identity decisioning result to the user via the second... window”, which is grouped within the “Certain methods of organizing human activity” grouping of abstract ideas in prong one of Step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because the claim(s) involve user authentication in a transaction, receiving a request for a transaction, determining the risk involve with the user request, if the risk is within a threshold then provision the user of the device, if not, then send additional verification exam to the user via a separate channel, make a decision based on the additional exam and display the decision via the second channel, which is a form of commercial and legal activities. Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice 
9.	This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) of the claim(s) such as  “a third-party server”, “user device”, application window”, “non-transitory computer readable medium comprising computer instructions embodied thereon to cause a processor to”, “a server in network communication with a third-party server and a user device, the server comprising: a memory configured to store a program code, and a processor in communication with the memory and configured to execute the program code, the program code for”, merely reflect the use of a computer as a tool to perform the abstract idea and/or generally link(s) the use of a judicial exception to a particular technological environment.
10.	The claim(s) does not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional element(s) of “a third-party server”, “user device”, application window”, “non-transitory computer readable medium comprising computer instructions embodied thereon to cause a processor to”, “a server in network communication with a third-party server and a user device, the server comprising: a memory configured to store a program code, and a processor in communication with the memory and configured to execute the program code, the 
11.	Dependent claims 2-17 and 19-23 further describe the abstract idea of performs the steps or functions of user authentication in a transaction. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible.  

Claim Rejections - 35 USC § 112

         12.	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):

IN GENERAL-The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.



	The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:

The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-24 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.

Lack of Algorithm
14.	Claims 1, 18, 23 and 24 recites “causing the user device to display . . .”
	Claims 3 and 20 recites “… the third-party website permitting the user to complete...”		
	The Specification does not provide the algorithm or steps/procedure for
performing these function “causing”, “permitting” in sufficient detail so that one of 
ordinary skill in the art would understand how the inventor intended them to be
performed. See MPEP § 2161.01 I, 2163.02 and 2181, IV. 
15.	Dependent claims 2-17 and 19-23 are also rejected since they depend on 
claims 1 and 18, respectively.

Broader than the Specification
16.	The following claim recites limitation wherein the Specification does not provide support for the full breadth of the claims.  (MPEP 2163 (II) (A) (3) (a) (ii); LizardTech v. Earth Resource Mapping, Inc., 424 F.3d 1336, 1346, 76 USPQ2d 1731, 1733 (Fed. Cir. 2005))
Claim 1 recite “a method in a server, the method comprising: “assessing...” 
“Selecting...”; “determining by...”; “determining an...”; “...determining the identity...”
“presenting...” Although the preamble recites “a method in a server,” it does not recite the method steps is performed by the server. The claims are silent what executes the method steps.
17.	Dependent Claims 2-17 are also rejected since they depend on claim 1.

Claim Rejections - 35 USC § 112
18.	The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.-The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

	The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

19.	Claims 1-24 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Hybrid
Katz
20.	Claims 18 and 20 are directed to “a server in network communication with a 
the server comprising...” However, claims 18 and 20 also recite acts by a user or entity that is not part of the device (e.g. “...user attempting a transaction...”; “...the third-party website being displayed in a first application window on the user device of the user”; “...retrieved from the user device” claim 18, “the third party-website permitting the user to complete the transaction...” claim 20).
Therefore, the claims are indefinite under 112(b) because it is unclear whether infringement occurs when one possesses the claimed structure (e.g. the server), or when the entity performs the recited act (e.g. “user attempting”, “displayed in a first application window on the user device of the user”, etc.) See MPEP 2173.05(p) II; In re Katz Interactive Call Processing Patent Litigation, 639 F.3d 1303, 97 USPQ2d 1737 (Fed. Cir. 2011).
	Similarly, claim 24 is directed to “a non-transitory computer readable medium comprising computer instructions embodied thereon to cause a processor to” However, the claim also recite acts by a user or entity that is not part of the device (e.g. “...user attempting a transaction...”; “...the third-party website being displayed in a first application window on the user device of the user”; “...retrieved from the user device”).
Therefore, the claim is indefinite under 112(b) because it is unclear whether infringement occurs when one possesses the claimed structure (e.g. the computer instructions embodied thereon to cause a processor), or when the entity performs the recited act (e.g. “user attempting”, “displayed in a first application window on the In re Katz Interactive Call Processing Patent Litigation, 639 F.3d 1303, 97 USPQ2d 1737 (Fed. Cir. 2011).
21.	Dependent claims 19-23 are also rejected since they depend on claim 18.

Unclear Scope
22.	Claim 1 recites the method is “in a server,” but recites that several steps, such as “assessing...”; “selecting...”; “determining by...”; “determining an...”; “...determining the identity...”; “presenting...” are performed by a “processor.” The claim does not recite that the processor is part of the server. It is unclear whether the method is performed by a server or a processor. This renders the claims indefinite, as it is unclear whether the metes and bounds defined by the claim language are limited to the server or the processor. (“An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous.  Only in this way can uncertainties of claim scope be removed…” (In re Zletz, 13 USPD2d 1320 (Fed. Cir. 1989))).
	Claims 1, 18 and 24 recites “the third-party website being displayed in a first application window on a user device of the user” This describes the third-party website and the user device which are not part of the claimed structure “a server” that claims 1, 18 and 24 are directed to. Therefore, the scope is unclear (“An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous.  Only in this way can uncertainties of claim scope be removed…” (In re Zletz, 13 USPD2d 1320 (Fed. Cir. 1989))). 
Also claims 1, 18, and 24 recites the unclear language of “identity verification data retrieved from the user device” The claim does not include any step that involves In re Zletz, 13 USPD2d 1320 (Fed. Cir. 1989))).
	Claims 18 and 24 recite “...for presentation to the user via the second application window,” and “presenting . . . via the second application window.” The second application window is on the user device, while claim 18 is directed to a server and claim 24 is directed to a non-transitory computer readable medium that causes a processor to perform acts. Therefore, the scope is unclear (“An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous.  Only in this way can uncertainties of claim scope be removed…” (In re Zletz, 13 USPD2d 1320 (Fed. Cir. 1989))).
	Claims 3 and 20 recite “...the third-party website permitting the user to complete the transaction if the identity decisioning result is the success result...” This describes the third-party website which is not part of the claimed structure of “a server” from which claims 3 and 20 depend, therefore, the scope is unclear (“An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous.  Only in this way can uncertainties of claim scope be removed…” (In re Zletz, 13 USPD2d 1320 (Fed. Cir. 1989))).
	Claim 11 recites “...the login information being provided by the user through the identity decisioning application...” This describes the user performing an act  which is not part of the claimed structure of “a server” from which claims 11 depends, therefore, In re Zletz, 13 USPD2d 1320 (Fed. Cir. 1989))).
23.	Dependent claims 2-17 and 19-23 are also rejected since they depend on claim 1 and 18, respectively. 

Claim Rejections - 35 USC § 102
24.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


25.	Claims 18-24 are rejected under pre-AIA  35 U.S.C. 102 (a) (1) as being anticipated by Banks et al., (US 20150066765 A1).
26.	Claim 18, is directed to “a server... a memory... and a processor... configured to 
execute the program code, the program code for: receiving...; causing...; assessing...; 
selecting...; determining by...; determining an...; ...determining the identity...; 
presenting...;” is intended use. However, the purpose of the computer code, in this 
case “the program code for.” is intended use. The remaining limitation of the claim are
therefore, directed to intended use (see MPEP 2103 (I) (C), 2114 (IV)), intended use
will not differentiate the claims from the prior art. Prior art only needs to teach a 

	Claim 24, is directed to “a non-transitory computer readable medium comprising computer instructions embodied thereon to cause a processor to: receiving...; causing...; assessing...; selecting...; determining by...; determining an...; ...determining the identity...; presenting...;” is intended use. However, the purpose of the “processor” is intended use. The remaining limitation of the claim are therefore, directed to intended use (see MPEP 2103 (I) (C), 2114 (IV)), intended use will not differentiate the claims from the prior art. Prior art only needs to teach a server. Because Banks discloses a server... a memory... and a processor in communication with the memory and configured to execute the program code, the program code for (Fig. 3 item 300, 301, ¶¶ [0360]), it is sufficient in terms of art.  
27.	Dependent claims 19-23 are also rejected as they further describe the intended 
use language of claim18.

Claim Rejections - 35 USC § 103
28.	In the event the determination of the status of the application as subject to AIA  35
U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

29.	Claims 1-24 are rejected under 35 U.S.C. 103 as being unpatentable over Banks et al., (US 20150066765 A1) in view of Wong et al., (US 20150046339 A1).

30.	With respect to claims 1, 18 and 24, Banks, teaches a method, server and a non-transitory computer readable medium in network communication with a third-party server and a user device, the server comprising: 
a memory configured to store a program code (Fig. 3 item 301, ¶¶ [0360]).   
and a processor in communication with the memory and configured to execute the program code, the program code for (Fig. 3 item 300, ¶¶ [0360]).   
receiving a request, from a third-party server, to confirm an identity of a user attempting a transaction through a third-party website, the third-party website being displayed in a first application window on a user device of the user (Fig. 5 item 500-504, 507, 528, 530-535,  ¶¶ [0374], [0379], [0404], [0406]-[0411], [0413]).
causing the user device to display a second application window “smartphone application” for presenting an identity decisioning application, the second application window at least partially overlapping the first application window (¶¶ [0409], [0413]). 

if the risk level exceeds a predetermined threshold: 
with respect to “selecting by the processor...”; “presenting the identity...”
“...second application window” (¶¶ [0409], [0413]).
Banks did not explicitly disclose:
if the risk level exceeds a predetermined threshold:
selecting, by the processor, at least one identity authentication exam for presentation to the user via the “...” application window,
determining, by the processor, an outcome of the at least one identity authentication exam based on a user response thereto, and 
determining an identity decisioning result based on the outcome of the at least one authentication exam.
if the risk level does not exceed the predetermined threshold, determining the identity decisioning result based on the risk level associated with the transaction, and 
presenting the identity decisioning result to the user via the “...” application window
However, Wong discloses if the risk level exceeds a predetermined threshold: 
selecting, by the processor, at least one identity authentication exam for presentation to the user via the “...” application window (¶¶ [0009], [0053], [0060], [0065], [0098]),

determining an identity decisioning result based on the outcome of the at least one authentication exam (¶¶ [0009], [0053], [0060], [0065], [0098]).
if the risk level does not exceed the predetermined threshold, determining the identity decisioning result based on the risk level associated with the transaction (¶¶ [0009], [0060], [0065], [0098]), and 
presenting the identity decisioning result to the user via the “...” application window (“via a separate channel”, ¶¶ [0009], [0053], [0060]).
Therefore, it would have been obvious for a person of ordinary skill in the art to simply modify the request to confirm a user identity in a transaction (¶¶ [0406]-[0411], [0413], [0608]) of Banks in view of Wong in order to provide added security to confirming the user identity in a transaction (¶¶ [0009], [0060], [0065], [0098]).

31. 	With respect to claims 2 and 19, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. Furthermore, Banks discloses further comprising reporting the identity decisioning result to the third-party server (Fig. 5F item 530-531, ¶¶ [0406]-[0414]).

32. 	With respect to claims 3 and 20, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. Furthermore Wong teaches, wherein the identity decisioning result is a success result if the risk level 

33. 	With respect to claim 4, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. Furthermore Wong teaches, wherein the risk level of the transaction is selected from a list comprising two or more of the following: a high risk level, a medium risk level, a low risk level, or zero risk level, and the predetermined threshold is the lowest risk level in the list (¶¶ [0010]-[0011], [0065]-[0066]).

34. 	With respect to claims 5, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. Furthermore Wong teaches, wherein selecting at least one authentication exam comprises selecting the at least one authentication exam from a list of authentication exams based on the risk level of the transaction (¶¶ [0059], [0060]).

35. 	With respect to claim 6, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 5. Furthermore Wong teaches, wherein the list of authentication exams comprises at least one of a knowledge-based authentication exam and a one-time password exam (¶¶ [0053], [0065]).

36. 	With respect to claim 7, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. Furthermore Wong teaches, wherein selecting at least one authentication exam comprises selecting at least two authentication exams for the at least one authentication exam if the risk level is a high risk level (¶¶ [0009], [0053], [0060], [0065], [0098).

37. 	With respect to claim 8 and 21, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. Furthermore Banks teaches, further comprising generating, by the processor, the at least one authentication exam (“PIN”, ¶¶ [0409]).

38. 	With respect to claims 9 and 22, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. Furthermore Banks teaches, further comprising providing the at least one authentication exam to the user device for presentation to the user through the identity decisioning application (“smartphone application”, ¶¶ [0409]).

39. 	With respect to claim 10, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. Furthermore Banks teaches, wherein the identity verification data comprises at least one of passive information, login information, and personally identifying information (Fig 5 item 529-530, ¶¶ [0405], [0406]).

40. 	With respect to claim 11, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 10. Furthermore Wong teaches, wherein the login information comprises a username and password associated with the identity decisioning application, the login information being provided by the user through the identity decisioning application (¶¶ [0053], [0065]).

41. 	With respect to claim 12, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 10. Furthermore Wong teaches, wherein the passive information comprises device identification information associated with the user device and automatically retrieved from the user device (¶¶ [0060]).

42. 	With respect to claim 13, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 10. Furthermore Banks teaches, wherein the passive information comprises environmental parameters associated with the transaction and automatically retrieved from the user device, the environmental parameters comprising at least one of a timestamp associated with initiation of the transaction and a location of the user device (¶¶ [0412]).

43. 	With respect to claim 14, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 10. Furthermore Wong 

44. 	With respect to claim 15, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 1. Furthermore Wong teaches, wherein the identity verification data comprises an initial verification data and a secondary verification data, and assessing, by the processor, a risk level associated with the transaction comprises: 
retrieving the initial verification data from the user device (¶¶ [0011]), [0050]-[0055]).  
assessing, by the processor, a preliminary risk level of the transaction based on the initial verification data (¶¶ [0011]), [0050]-[0055]).  
if the preliminary risk level exceeds a preliminary threshold, requesting the secondary verification data from the user through the identity decisioning application (¶¶ [0009], [0053], [0060], [0065], and [0098).
determining, by the processor, the risk level associated with the transaction based on the secondary verification data (¶¶ [0009], [0053], [0060], [0065], [0098), and
if the preliminary risk level does not exceed the preliminary threshold, using the preliminary risk level as the risk level of the transaction (¶¶ [0009], [0053], [0060], [0065], and [0098).

45. 	With respect to claim 16, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 15. Furthermore Wong 

46.	With respect to, claim 17, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 15. Furthermore Wong teaches, wherein the preliminary threshold is a zero risk level (¶¶ [0009], [0086]).

47.	With respect to claim 23, the combination of Banks in view of Wong teaches all the subject matter as described above with respect to claim 18. Furthermore Banks teaches, wherein the program code is further for: 
	establishing a secure connection with at least one of the third-party server and the user device prior to causing the user device to display the second application window (¶¶ [0246]).


Conclusion
48.	The prior art made of record and not relied upon:
1)	(US 20090313134 A1) – Faith et al., Recovery of Transaction Information.

49. 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to VINCENT IDIAKE whose telephone number is (571)272-1284.  The examiner can normally be reached on Mon-Fri 8:00 - 5:00.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin L Hewitt II can be reached on 571-272-6709.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair /PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VINCENT I IDIAKE/Examiner, Art Unit 3685                                                                                                                                                                                                        
/Mohammad A. Nilforoush/Primary Examiner, Art Unit 3685