DETAILED ACTION
Continued Examination
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/17/2020 has been entered.

Response to Arguments 
Applicant's arguments with respect to claims 1, 11, 22 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.
The new reference Brown et al (US 2009/0165125 A1) teaches the first security level comprises device authentication, the second security level comprises user authentication, and the third security level comprises re-authentication that requires of the user prior to processing of the instruction even if the user has previously been authenticated, wherein a user id and password are the same for both the authentication and the re-authentication.

Claim Rejections - 35 USC § 103 
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action: 


Claims 1-2, 5-12, 15-23, 25-34 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Al-Harbi (US 2007/0167178 A1) in view of Brown et al (US 2009/0165125 A1) in view of Bemmel et al (US 2008/0097851 A1) in view of Keresman, III et al (US 2003/0233327 A1).

Consider claim 1
Al-Harbi teaches a method comprising: receiving a first instruction from an SMS gateway in a first SMS message (Al-Harbi fig 3, fig 6 step 605 par 0055 discusses the SMS parser (10) receives an SMS via the SMS gateway (310) from the mobile device (11)), a second instruction from the SMS gateway in a second SMS message (the same method can be used for a second SMS message), a third instruction from the SMS gateway in a third SMS message (the same method can be used for a third SMS message), wherein the first, second, and third SMS messages originate from a client device (Al-Harbi fig 6 the SMS message from mobile device (11)); parsing the first instruction to obtain a first transaction (Al-Harbi fig 6 step 610 par 0055-0056 discusses the SMS parser parses the received message to obtain the command) and a first security level corresponding to the first instruction (Al-Harbi fig 6 steps 610-620 par 0056 discusses the SMS parser determines the security level of the command based on determining which type of backend system the command is meant to be sent.  Al-Harbi par 0016 discusses two types of backend systems:  a public system for which no authentication is needed and a secured system for which authentication is required), parsing a second instruction to obtain a second transaction and a second security level corresponding to the second instruction (The same parsing and determining method can be used for the second instruction), parsing a third instruction to obtain a third transaction and a third security level corresponding to the third instruction (The same parsing and determining method can be used for the third instruction), wherein the first security level comprises device authentication (Al-Harbi par 0056 verify telephone number of mobile device {device authentication} before sending command to secure system), calling, in response to a successful performance of the authentication, a function via an application programming interface, wherein the function is configured to directly interface with a transaction system and to associated calls made via the application programming interface with corresponding functionality of the transaction system configured to perform the transaction (Al-Harbi fig 6 steps 645, 660 par 0056 discusses on successful authentication, the SMS parser sends the command request to the backend systems. Al-Harbi fig 3 par 0051 discusses the backend systems include the BI server or flight reservation system as commercial transaction systems); receiving a response from the commercial transaction system and transmitting the response to the client device in a response SMS message (Al-Harbi fig 8 par 0059 discusses the SMS parser receiving a response from the backend system and returning the response to the mobile device in an SMS message).
(Brown par 0047 authentication factor for access includes data contained in SIM card or security token), the second security level comprises user authentication (Brown par 0047 authentication factor for access includes auser authentication by user name and password), and the third security level comprises re-authentication that requires of the user prior to processing of the instruction even if the user has previously been authenticated (Brown par 0098-0100 authentication factor for access includes re-authentication of the user previously authenticated. Each authentication factor is associated with an access right {security level}), wherein a user id and password are the same for both the authentication and the re-authentication (Brown par 0047 authentication factor for access includes using user name and password.  Brown par 0098 discusses re-authentication of a user previously authenticated. It is obvious to use the same user name and password to re-authenticate a previously authenticated user); performing an authentication according to the security level associated with each of the instructions (Brown par 0053 verifying authentication data associated with different authentication factors). At the time of the invention, it would have been obvious 
However, Al-Harbi does not specifically discuss performing authentication based on the capability of the device; establishing a session with the client device and transmitting a response using the established session.  Bemmel discloses performing authentication (Bemmel fig 2 step 212 and fig 4 step 410) based on the capabilities of the client device (Bemmel fig 6 steps 606-608 par 0034, par 0056-0057 discusses the mobile controller (158) transmits either a WAP push or SMS message, the message type based on the capability of the mobile device, containing a URL redirecting the user to the MIMS controller (130) for authentication (fig 6 step 626)); establishing a session with the client device using an identifier that uniquely identifies the client device (Bemmel fig 7 par 0065-0066 discusses the mobile incentive service identifies the mobile device by device identifier (step 706) and establishes a session with the mobile device by transmitting an access URL to enable the mobile device for the mobile device to retrieve mobile incentives at the URL (steps 722-730); transmitting a response using the established session (Bemmel fig 7 par 0066 discusses the mobile incentive service using the established session to transmit the mobile incentive to the mobile device (steps 738-740)). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown with Bemmel by adding to parser system of Al-Harbi the method of performing the authentication based on the capability of the device, and establishing a session with the client to submit and receive responses as discussed by Bemmel.  The motivation to combine Al-Harbi in view of Brown and Bemmel is to format the message for delivery to the mobile device in accordance with the capability of the mobile device to process the message as discussed by Bemmel.  
However, Al-Harbi does not specifically disclose a plug-in. Keresman III discloses a plug-in (Keresman III fig 3 par 0034 discusses the MAPS plug-in architecture comprising a direct connector exposing the appropriate Java interfaces to be used by the merchant server; Keresman III fig 3 par 0038 discusses the specific plug-in such as the VISA or Mastercard plug-ins, each provide a specific transaction service).  At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown in view of Bemmel with Keresman III by adding to the SMS parser software architecture the provider specific plug-in for directly interface with a transaction system as taught by Keresman III.  The motivation to combine Al-Harbi in view of Brown in view of Bemmel and Keresman III is to enable flexible interface with third party systems as discussed by Keresman III.

Consider claim 11
Al-Harbi teaches an interface comprising: a network interface configured to communicate with an SMS gateway (Al-Harbi par 0055 SMS parser receives SMS message from mobile device; hence SMS parser has a network interface for communication with the SMS gateway); and one or more processors and communicatively coupled to the network interface, the one or more processors being configured to: receive a first instruction from the SMS gateway in a first SMS message (Al-Harbi fig 3, fig 6 step 605 par 0055 discusses the SMS parser (10) receives an SMS via the SMS gateway (310) from the mobile device (11)), a second instruction from the SMS gateway in a second SMS message (the same method can be used for a second SMS message), a third instruction from the SMS gateway in a third SMS message (the same method can be used for a third SMS message), wherein the first, second, and third SMS messages originate from a client device (Al-Harbi fig 6 the SMS message from mobile device (11)); parse the first instruction to obtain a first transaction (Al-Harbi fig 6 step 610 par 0055-0056 discusses the SMS parser parses the received message to obtain the command) and a first security level corresponding to the first instruction (Al-Harbi fig 6 steps 610-620 par 0056 discusses the SMS parser determines the security level of the command based on determining which type of backend system the command is meant to be sent.  Al-Harbi par 0016 discusses two types of backend systems:  a public system for which no authentication is needed and a secured system for which authentication is required), parsing the (The same parsing and determining method can be used for the second instruction), parsing a third instruction to obtain a third transaction and a third security level corresponding to the third instruction (The same parsing and determining method can be used for the third instruction), wherein the first security level comprises device authentication (Al-Harbi par 0056 verify telephone number of mobile device {device authentication} before sending command to secure system), call, in response to a successful performance of the authentication, a function via an application programming interface, wherein the function is configured to directly interface with a transaction system and to associated calls made via the application programming interface with corresponding functionality of the transaction system configured to perform the transaction (Al-Harbi fig 6 steps 645, 660 par 0056 discusses on successful authentication, the SMS parser sends the command request to the backend systems. Al-Harbi fig 3 par 0051 discusses the backend systems include the BI server or flight reservation system as commercial transaction systems); receive a response from the commercial transaction system and transmit the response to the client device in a response SMS message (Al-Harbi fig 8 par 0059 discusses the SMS parser receiving a response from the backend system and returning the response to the mobile device in an SMS message).
However, Al-Harbi does not specifically teach the second security level comprises user authentication, and the third security level comprises re-(Brown par 0047 authentication factor for access includes data contained in SIM card or security token), the second security level comprises user authentication (Brown par 0047 authentication factor for access includes auser authentication by user name and password), and the third security level comprises re-authentication that requires of the user prior to processing of the instruction even if the user has previously been authenticated (Brown par 0098-0100 authentication factor for access includes re-authentication of the user previously authenticated. Each authentication factor is associated with an access right {security level}), wherein a user id and password are the same for both the authentication and the re-authentication (Brown par 0047 authentication factor for access includes using user name and password.  Brown par 0098 discusses re-authentication of a user previously authenticated. It is obvious to use the same user name and password to re-authenticate a previously authenticated user); performing an authentication according to the security level associated with each of the instructions (Brown par 0053 verifying authentication data associated with different authentication factors). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi with Brown by adding to the authentication mechanism of Al-Harbi the method of 
However, Al-Harbi does not specifically discuss performing authentication based on the capability of the device; establishing a session with the client device and transmitting a response using the established session.  Bemmel discloses performing authentication (Bemmel fig 2 step 212 and fig 4 step 410) based on the capabilities of the client device (Bemmel fig 6 steps 606-608 par 0034, par 0056-0057 discusses the mobile controller (158) transmits either a WAP push or SMS message, the message type based on the capability of the mobile device, containing a URL redirecting the user to the MIMS controller (130) for authentication (fig 6 step 626)); establishing a session with the client device using an identifier that uniquely identifies the client device (Bemmel fig 7 par 0065-0066 discusses the mobile incentive service identifies the mobile device by device identifier (step 706) and establishes a session with the mobile device by transmitting an access URL to enable the mobile device for the mobile device to retrieve mobile incentives at the URL (steps 722-730); transmitting a response using the established session (Bemmel fig 7 par 0066 discusses the mobile incentive service using the established session to transmit the mobile incentive to the mobile device (steps 738-740)). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown with Bemmel by adding to parser system of Al-Harbi the method of performing the authentication based on the capability of the device, and establishing a session with the client to submit and receive responses as discussed by Bemmel.  The motivation to combine Al-Harbi in view of Brown and Bemmel is to format the message for delivery to the mobile device in accordance with the capability of the mobile device to process the message as discussed by Bemmel.  
However, Al-Harbi does not specifically disclose a plug-in. Keresman III discloses a plug-in (Keresman III fig 3 par 0034 discusses the MAPS plug-in architecture comprising a direct connector exposing the appropriate Java interfaces to be used by the merchant server; Keresman III fig 3 par 0038 discusses the specific plug-in such as the VISA or Mastercard plug-ins, each provide a specific transaction service).  At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown in view of Bemmel with Keresman III by adding to the SMS parser software architecture the provider specific plug-in for directly interface with a transaction system as taught by Keresman III.  The motivation to combine Al-Harbi in view of Brown in view of Bemmel and Keresman III is to enable flexible interface with third party systems as discussed by Keresman III.

Consider claim 22
(Al-Harbi fig 3, fig 6 step 605 par 0055 discusses the SMS parser (10) receives an SMS via the SMS gateway (310) from the mobile device (11)), a second instruction from the SMS gateway in a second SMS message (the same method can be used for a second SMS message), a third instruction from the SMS gateway in a third SMS message (the same method can be used for a third SMS message), wherein the first, second, and third SMS messages originate from a client device (Al-Harbi fig 6 the SMS message from mobile device (11)); parsing the first instruction to obtain a first transaction (Al-Harbi fig 6 step 610 par 0055-0056 discusses the SMS parser parses the received message to obtain the command) and a first security level corresponding to the first instruction (Al-Harbi fig 6 steps 610-620 par 0056 discusses the SMS parser determines the security level of the command based on determining which type of backend system the command is meant to be sent.  Al-Harbi par 0016 discusses two types of backend systems:  a public system for which no authentication is needed and a secured system for which authentication is required), parsing the second instruction to obtain a second transaction and a second security level corresponding to the second instruction (The same parsing and determining method can be used for the second instruction), parsing a third instruction to obtain a third transaction and a third security level corresponding to the third (The same parsing and determining method can be used for the third instruction), wherein the first security level comprises device authentication (Al-Harbi par 0056 verify telephone number of mobile device {device authentication} before sending command to secure system), calling, in response to a successful performance of the authentication, a function via an application programming interface, wherein the function is configured to directly interface with a transaction system and to associated calls made via the application programming interface with corresponding functionality of the transaction system configured to perform the transaction (Al-Harbi fig 6 steps 645, 660 par 0056 discusses on successful authentication, the SMS parser sends the command request to the backend systems. Al-Harbi fig 3 par 0051 discusses the backend systems include the BI server or flight reservation system as commercial transaction systems); receiving a response from the commercial transaction system and transmitting the response to the client device in a response SMS message (Al-Harbi fig 8 par 0059 discusses the SMS parser receiving a response from the backend system and returning the response to the mobile device in an SMS message).
However, Al-Harbi does not specifically teach the second security level comprises user authentication, and the third security level comprises re-authentication that requires of the user prior to processing of the instruction even if the user has previously been authenticated, wherein a user id and password are the same for both the authentication and the re-authentication. Brown discloses the first security level comprises device authentication (Brown par 0047 authentication factor for access includes data contained in SIM card or security token), the second security level comprises user authentication (Brown par 0047 authentication factor for access includes auser authentication by user name and password), and the third security level comprises re-authentication that requires of the user prior to processing of the instruction even if the user has previously been authenticated (Brown par 0098-0100 authentication factor for access includes re-authentication of the user previously authenticated. Each authentication factor is associated with an access right {security level}), wherein a user id and password are the same for both the authentication and the re-authentication (Brown par 0047 authentication factor for access includes using user name and password.  Brown par 0098 discusses re-authentication of a user previously authenticated. It is obvious to use the same user name and password to re-authenticate a previously authenticated user); performing an authentication according to the security level associated with each of the instructions (Brown par 0053 verifying authentication data associated with different authentication factors). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi with Brown by adding to the authentication mechanism of Al-Harbi the method of authenticating by at least one of device authentication, user authentication, and re-authentication and associating the different authentication types with access levels as taught by Brown where the device authentication is the device authentication of Al-Harbi. The motivation to combine Al-Harbi and Brown is to 
However, Al-Harbi does not specifically discuss performing authentication based on the capability of the device; establishing a session with the client device and transmitting a response using the established session.  Bemmel discloses performing authentication (Bemmel fig 2 step 212 and fig 4 step 410) based on the capabilities of the client device (Bemmel fig 6 steps 606-608 par 0034, par 0056-0057 discusses the mobile controller (158) transmits either a WAP push or SMS message, the message type based on the capability of the mobile device, containing a URL redirecting the user to the MIMS controller (130) for authentication (fig 6 step 626)); establishing a session with the client device using an identifier that uniquely identifies the client device (Bemmel fig 7 par 0065-0066 discusses the mobile incentive service identifies the mobile device by device identifier (step 706) and establishes a session with the mobile device by transmitting an access URL to enable the mobile device for the mobile device to retrieve mobile incentives at the URL (steps 722-730); transmitting a response using the established session (Bemmel fig 7 par 0066 discusses the mobile incentive service using the established session to transmit the mobile incentive to the mobile device (steps 738-740)). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown with Bemmel by adding to parser system of Al-Harbi the method of performing the authentication based on the capability of the device, and establishing a 
However, Al-Harbi does not specifically disclose a plug-in. Keresman III discloses a plug-in (Keresman III fig 3 par 0034 discusses the MAPS plug-in architecture comprising a direct connector exposing the appropriate Java interfaces to be used by the merchant server; Keresman III fig 3 par 0038 discusses the specific plug-in such as the VISA or Mastercard plug-ins, each provide a specific transaction service).  At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown in view of Bemmel with Keresman III by adding to the SMS parser software architecture the provider specific plug-in for directly interface with a transaction system as taught by Keresman III.  The motivation to combine Al-Harbi in view of Brown in view of Bemmel and Keresman III is to enable flexible interface with third party systems as discussed by Keresman III.

Consider claims 2, 23
Al-Harbi in view of Brown in view of Bemmel in view of Keresman III teaches the limitations of claim 1, 22 further comprising: determining whether authentication is needed to perform the transaction based on the corresponding security level (Al-Harbi par 0056 the SMS parser determines whether authentication is needed based on whether the command is to be sent to a secure system). 

Consider claims 5, 15, 26 
Al-Harbi in view of Brown in view of Bemmel in view of Keresman III teaches the limitations of claims 1, 11, 25, wherein the step of authenticating the user device comprises: authenticating the user device by comparing a unique property of the user device to a registered value for the unique property (Al-Harbi par 0056 comparing the telephone number of the mobile device with a registered telephone number). 

Consider claims 6, 16, 27 
Al-Harbi in view of Brown in view of Bemmel in view of Keresman III teaches the limitations of claims 5, 15, 26, wherein the user device is a phone (Al-Harbi par 0056 mobile device is a phone), and further wherein the unique property is a phone number for the phone (Al-Harbi par 0056 comparing the telephone number of the mobile device with a registered telephone number). 

Consider claims 7, 17, 28 
Al-Harbi in view of Brown in view of Bemmel in view of Keresman III teaches the limitations of claims 2, 12, 23 further comprising: authenticating the user of the user device if authentication is needed (Brown par 0053 authenticating by user name, password to grant access rights to restricted resources. The motivation to combine with Brown is to provide flexibility in governing the access to network resources as discussed by Brown). 

Consider claims 8, 18, 29
Al-Harbi in view of Brown in view of Bemmel in view of Keresman III teaches the limitations of claims 7, 17, 28, wherein authenticating the user of the client device comprises: sending a WAP Push message to the client device, the WAP Push message comprising a URL for a user authentication page (Bemmel par 0034, par 0057 discusses the mobile controller (158) transmits a WAP push containing a URL that would redirect the user to the MIMS controller (130) for authentication. The motivation to combine with Bemmel is to format the message for delivery to the mobile device in accordance with the capability of the mobile device to process the message as discussed by Bemmel).

Consider claims 9, 19, 30 
Al-Harbi in view of Brown in view of Bemmel in view of Keresman III teaches the limitations of claims 7, 17, 28, wherein authenticating the user of the client device comprises: sending a URL for a user authentication page to the client device (Bemmel par 0034, par 0057 discusses the mobile controller (158) transmits a WAP push containing a URL that would redirect the user to the MIMS controller (130) for authentication. The motivation to combine with Bemmel is to format the message for delivery to the mobile device in accordance with the capability of the mobile device to process the message as discussed by Bemmel).

Consider claims 10, 20, 31 
(Al-Harbi par 0055 discusses comparing the command in the SMS message with known commands in the command table); and generating the corresponding transaction according to the command (Al-Harbi fig 6.645-6.660, par 0056 discusses the SMS parser either execute command as an internal command or send it to the backend system).

Consider claim 12
Al-Harbi in view of Brown in view of Bemmel in view of Keresman III teaches the limitations of claim 11, wherein the one or more processors are further configured to determine whether authentication is needed to perform a transaction (Al-Harbi par 0056 determines that authentication is needed when the command is to be sent to a secured system) and authenticate the client device or user if authentication is needed (Al-Harbi par 0056 performs authentication using telephone number when authentication is needed). 

Consider claim 21 
Al-Harbi in view of Brown in view of Bemmel in view of Keresman III teaches the interface of claim 11, wherein the parsing module is further configured to permit definition of new commands (Al-Harbi par 0061 discusses the SMS parser manager providing the user the capability to add, delete, and modify commands). 

Consider claim 25
Al-Harbi in view of Brown in view of Bemmel in view of Keresman III teaches the limitations of claim 23, authenticate the client device if authentication is needed (Al-Harbi par 0056 performs authentication using telephone number when authentication is needed). 

Consider claim 32 
Al-Harbi in view of Brown in view of Bemmel in view of Keresman III teaches the method of claim 1, wherein determining a kind of authentication comprises determining whether the client device supports a kind of message (Bemmel par 0034, par 0057 discusses the mobile controller (158) transmits either a WAP push or SMS message, the message type based on the capabilities of the mobile device. The motivation to combine with Bemmel is to format the message for delivery to the mobile device in accordance with the capability of the mobile device to process the message as discussed by Bemmel). 

Consider claim 33
Al-Harbi in view of Brown in view of Bemmel in view of Keresman III teaches the method of claim 1, further comprising: performing a re-authentication after performing the authentication (Brown par 0100 re-authentication after previous authentication. The motivation to combine with Brown is to provide flexibility in governing the access to network resources as discussed by Brown). 

Consider claim 34
(Al-Harbi par 0056 using the telephone number of the mobile device as unique identifier for use in authentication). 



Claims 35-36 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Al-Harbi (US 2007/0167178 A1) in view of Brown et al (US 2009/0165125 A1) in view of Bemmel et al (US 2008/0097851 A1) in view of Keresman, III et al (US 2003/0233327 A1) as applied to claim 1 above further in view of Fleishman (US 2004/0148252 A1).

Consider claim 35, 36
Al-Harbi in view of Brown in view of Bemmel in view of Keresman III teaches the method of claim 1.
However, Al-Harbi in view of Brown in view of Bemmel in view of Keresman III does not specifically teach the third transaction comprises a financial transaction, wherein the financial transaction comprises an automated clearing house (ACH) transaction. Fleishman discloses the third transaction comprises a financial transaction, wherein the financial transaction comprises an automated clearing house (ACH) transaction (Fleishman par 0069 for a financial transaction involving credit an account at another institution, the user be re-authenticated). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown in view of Bemmel in view of Keresman III with Fleishman by adding to the re-authentication mechanism the method of forcing a re-authentication when the command involve an ACH transaction as taught by Fleishman. The motivation to combine Al-Harbi in view of Brown in view of Bemmel in view of Keresman III and Fleishman is to protect against risk of fraud as discussed by Fleishman.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUNG K DU whose telephone number is (571)270-1810.  The examiner can normally be reached on M-F 8:00-6:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yuwen Pan can be reached on (571) 272-7855.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.



/HUNG DU/
Examiner, Art Unit 2645

/YUWEN PAN/Supervisory Patent Examiner, Art Unit 2649