Detailed Action

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This action is in reply to the Response filed on 12 November 2020. In the Response, claims 1-3 were amended, claims 10 and 11 were added, and no claims were cancelled.
Accordingly, claims 1-11 are currently pending, claims 3-9 are withdrawn in view of the restriction requirement, and claims 1, 2, 10 and 11 have been examined. 

Claim Objections
Claim 1 is objected to because of the following informalities:
- Claim 1 recites "extracting unique user identifier (UUID) of an application …." This is not grammatical due to lack of the indefinite article. This should be changed to "extracting a unique user identifier (UUID) of an application …."
Appropriate correction is required. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 10 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Paul (U.S. Patent Application Publication Number 2006/0002556 A1) in view of Sherlock et al. (U.S. Patent Application Publication Number 2009/0328144 A1), hereafter Sherlock, and further in view of Bhansali et al. (U.S. Patent Application Publication Number 2012/0254602 A1), hereafter Bhansali. 

(Note: where a figure or an element in a figure is cited below, the Applicant is also directed to the associated portions of the text, not all of which are necessarily cited.)

Regarding Claim 1
Paul teaches:
(step A) extracting a phone number of the portable device;  (0031 when the device client of the mobile device is started, the mobile device checks the personal certification store of the user for a valid certificate, and the certificate may include the phone number, mobile operator, other identifying information, hence extracts phone number; 0032 if valid certificate is not found, the client application may prompt user for phone number, or other identifying information, e.g., SIM information can be entered automatically, etc., for user verification, hence extracts phone number; see also 0024 user extracts phone number)
(step B) transmitting membership information including the phone number to an authentication server; (0033 authorization token request, including device's phone number, mobile operator identifier, other identifying information (membership information), is sent (transmitted) by calling certificate management web service)
(step C) receiving a self-verification number, which is a result of performing self-verification with the membership information, from the authentication server; (0033, 0034 in response to authorization token request, client mobile device receives from server an SMS message including authorization token (self-verification number) generated by server)
(step D) extracting unique user identifier (UUID) of an application (app) installed on the portable device, the UUID being stored [not in the app but in an operating system (OS) of] the portable device; (0035 after receiving the authorization token, the mobile device generates certificate request using cryptographic API call, where the subject property of the certificate includes the mobile operator identifier, phone number, and received authorization token value (e.g., GUID); the GUID content of the generated extracted UUID (note a GUID is a UUID), note the certificate request is associated with (of) the apps 226 installed on the mobile device (see 0018 re apps 226), and the apps 226 are deemed to collectively teach the recited app installed on the portable device, hence Paul teaches the recited UUID of an application (app) installed on the portable device; alternatively, Sherlock teaches "UUID of an app installed on the portable device": see citations to Sherlock below; per Sherlock 0041, UUID can be as described in RFC 4122, and per RFC 4122, p. 15, sec. 5, UUID can be of an application (e.g., of an application such as the Mozilla browser) (RFC 4122 is listed on attached NRC, Form PTO-892); the language in square brackets is taught by Bhansali, as explained below)
(step E) transmitting the extracted UUID of the app, the extracted phone number, and the received self-verification number to a service server; and (Further to step D, immediately above, 0036 the mobile device sends (transmits) the certificate request (extracted UUID of the app), the authorization token (received self-verification number), and the phone number (extracted phone number), or other identifying information, to the web service)
(step F) receiving a self-verification number checking result, which is obtained by transmitting the self-verification number and the phone number received by the service server to the authentication server, from the service server, wherein the membership information including the UUID is registered with the service server; (0037 web service processes received certificate request by attempting to match the received information so as to perform authentication, if matching is successful then web service generates certificate (including phone number, identifying information, mobile operator identifier) and sends the certificate (self-verification number checking result) to the mobile device; Fig. 3, 0025, 0026 the certification request is sent from the mobile device via (to) the web services server 322, via (then to) the MDS server 344, (then) to the certificate authority server 352, which validates the association between authentication token and identification information, i.e., ultimately performs the authentication, in other words, the authentication result, i.e., the generated certificate (self-verification number checking result), is obtained by transmission of the certificate request (including authorization token (self-verification number) and phone number, as per step E above) from a service server to an authentication server (i.e., from web services server 322 (service server) to MDS server 344 (authentication server) or certificate authority server 352 (authentication server), or alternatively from MDS server 344 service server) to certificate authority server 352 (authentication server)) and then the transmission of the authentication result back from the authentication server to the service server (which is obtained by transmitting the self-verification number and the phone number received by the service server to the authentication server); 0025, 0037 the issuance of the certificate by the certificate authority indicates that the certificate content is registered (stored, recorded) with the involved entities/servers (wherein the membership information including the UUID is registered with the service server))
Paul does not explicitly disclose but, in analogous art, Bhansali teaches the language indicated above in square brackets:
(step D) … not in the app but in an operating system (OS) of …; (E.g., 0126 security/authentication information/credentials are stored in OS, not in application)
It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified Paul's systems and methods for authenticating a mobile device with a server, by incorporating therein these teachings of Bhansali regarding storing security/ authentication information/credentials in the OS, in order to 
Paul does not explicitly disclose but, in analogous art, Sherlock teaches:
(step G) upon executing the app, extracting the UUID via the OS and transmitting the extracted UUID to the service server to authenticate a transaction by the app; and (0055 In the case of an app for mobile payments, after registration of the app on the mobile device, the mobile device can use a UUID for executing payments via the app, i.e., send the UUID to the application server for use by the server to authenticate the mobile device for making a payment)
(step H) performing the transaction based on a determination by the service server that there is a match between the UUID included in the membership information registered with the service server and the UUID extracted upon executing the app. (As per step G, immediately above)
It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified Paul's systems and methods for authenticating a mobile device with a server, by incorporating therein these teachings of Sherlock regarding using a UUID in communications between user equipment and an application server for handling and verifying payments, because these teachings of 

Regarding Claim 10
Paul in view of Sherlock and Bhansali teaches base claim 1. 
Paul further teaches:
wherein the receiving the self-verification number checking result comprises: receiving, from the service server, a serial number of the app and storing the serial number in the portable device, the serial number being generated based on the UUID of the app and the self-verification number and included in the membership information. (0037-0038 Further to claim 1, step F, in response to mobile device's sending of certificate request, authorization token and phone number (claim 1, step F), the web service processes the request and (upon successful matching of information) generates a certificate and sends it to mobile device, which receives it and installs (stores) it in certificate store of mobile device (receiving, from service server, serial number of app and storing it in portable device, serial number being generated based on UUID of app and self-verification number and included in membership information); note the content of the generated serial number of the app, inasmuch as the serial number of the app is a random character string associated with the app, and the content of the generated certificate includes such random number content (e.g., GUID, mobile phone number, etc.) and is associated with apps 226 (see claim 1, step D); note that content of generated certificate (serial number) is (1) generated based on (content of) certificate request (UUID of app) and accompanying authorization token (self-verification number) and phone number (which were received, as explained at claim 1, step F), and (2) recorded/stored in pertinent entities (as explained at claim 1, step F) in association with user's information (serial number is included in membership information))

Regarding Claim 11
Paul in view of Sherlock and Bhansali teaches base claim 1. 
Paul further teaches:
upon executing the app, extracting the serial number of the app and transmitting the serial number of the app to the service server, and wherein the performing the transaction is further based on a determination by the service server that there is a match between the serial number of the app extracted upon executing the app and the serial number of the app included in the membership information. (0038-0039 Further to claim 10, when the apps 226 are executed, e.g., for sending a web service request to an MDS service, the mobile device signs the request with the certificate installed in its certificate store, i.e., transmitting the certificate content (serial number of the app) to the web service, in order to obtain service from the web service (performing the transaction), contingent (based) upon the transmitted request signed with the certificate (i.e., the transmitted certificate content) (serial number of the app) being determined by the web service to match the corresponding information previously (received from the mobile device and) recorded/stored by the web service (serial number of the app included in the membership information))

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Paul (U.S. Patent Application Publication Number 2006/0002556 A1) in view of Sherlock et al. (U.S. Patent Application Publication Number 2009/0328144 A1), hereafter Sherlock, and further in view of Bhansali et al. (U.S. Patent Application Publication Number 2012/0254602 A1), hereafter Bhansali, and further in view of Bengtsson (U.S. Patent Application Publication Number 2009/0100181 A1). 

Regarding Claim 2
Paul in view of Sherlock and Bhansali teaches base claim 1. 
Paul, Sherlock and Bhansali do not explicitly disclose the following limitations in their entirety but, in analogous art, Bengtsson teaches:
(step A) transmitting a short message service (SMS) message including a server authentication number, which is generated by [the app] to authenticate the portable device, to an SMS server; (Fig. 8, 0071 User A to sends SMS with random ID (server authentication number) to Short Message Service Center (SMSC) (SMS server); Fig. 8 illustrates and 0071 describes a process of initial authentication of a primary entity, such as a mobile phone, to a server (which is generated by [the app] to authenticate the portable device); the language in square brackets is taught by Sherlock, as explained below)
(step B) requesting the phone number of the portable device by transmitting the server authentication number stored in the portable device to the service server, the service server being configured to receive the phone number of the portable device and the server authentication number from the SMS server and store the received phone number and server authentication number; and (Fig. 8, 0071 SMSC transmits (SMS server) the SMS with the random ID (server authentication number) to server (service server), which checks the random id service server) stores the random id (server authentication number); the server determines the MSISDN from the SMS, the MSISDN is the phone number of the portable user device (see "MSISDN - Computer Definition," cited on attached Form PTO-892, Notice of References Cited), thus the server (service server) receives and stores the phone number of the portable user device)
(step C) receiving the phone number from the service server. (Fig. 8, 0071 server (service server) provides MSISDN (phone number) to User A's mobile phone)
It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified Paul's systems and methods for authenticating a mobile device with a server, by incorporating therein these teachings of Bengtsson regarding authenticating a mobile device with a server by means of sending an SMS with an authentication token and a phone number, (1) because these teachings constitute a known means of authentication of a mobile phone with a server, and (2) in order to provide the phone number to the mobile phone so that the phone can store the phone number, if not already known by the phone. See, Bengtsson, 0071.
Sherlock further teaches the language indicated above in square brackets:
(step A) … the app …; (0037 SMS message to be sent to application server to register application is generated by the application; the ellipses indicate language taught by Bengtsson, as explained above)

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 2, 10 and 11 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-3, 9, 10, 13 and 14 of copending Application No. 16/096,943 in view of Paul and Sherlock. Paul and Sherlock teach the subject matter of claims 1, 2, 10 and 11 that is not present in the claims of copending Application No. 16/096,943. 
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Response to Arguments
Regarding the claim objections and the rejections under 35 U.S.C. 112
The Examiner thanks the Applicant for addressing the claim objections and the rejections under 35 U.S.C. 112. Applicant's attention is directed to the instant claim objections.

Regarding Applicant's arguments with respect to the rejections under 35 U.S.C. 103
Applicant's arguments filed on 12 November 2020 have been considered but are moot and/or not persuasive in view of the new combination of prior art being applied against the instant claims, involving newly cited prior art references, newly cited portions of the previously cited prior art references, and new 

Conclusion
The prior art made of record and not relied upon, as set forth in the accompanying Notice of References Cited (PTO-892), is considered pertinent to applicant's disclosure.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DOUGLAS W PINSKY whose telephone number is (571)272-4131.  The examiner can normally be reached on 8:30 am – 5:30 pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt II, can be reached on (571) 272-6709.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or 


/DWP/
Examiner, Art Unit 3692

/ERIC T WONG/Primary Examiner, Art Unit 3692                                                                                                                                                                                                        
March 11, 2021