Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Stephan Filipek on 3/18/2021.
The application has been amended as follows: 
1.	(currently amended)	A method for upgrading an untrusted channel to a trusted channel that complies with the General Data Protection Regulation (GDPR), comprising:
receiving, by a verifier server from a first service component, a request to verify an untrusted channel address comprising a consumer identifier;
retrieving, by the verifier server from a verifier database, the trusted channel address of the consumer associated with the consumer identifier;
generating, by the verifier server, a one-time password witness value containing at least six and a maximum of eight alphanumeric characters; 
splitting, by the verifier server, the one-time password witness value into a first portion comprising at least the two leftmost alphanumeric characters and a second portion comprising at least the two rightmost alphanumeric characters; 
transmitting, by the verifier server to the first service component, the first portion of the one-time password witness value;

receiving, by the verifier server from the first service component, a recomposed value generated by a consumer’s client, the recomposed value including the two leftmost alphanumeric characters;
splitting, by the verifier server, the recomposed value into a first recomposed value and a second recomposed value;
generating, by the verifier server, a reverted one-time password value based on the first and second recomposed values;
determining, by the verifier server, that the reverted one-time password value equals the one-time password witness value; 
transmitting, by the verifier server to the first service component, an authentication message confirming authentication of the consumer and enabling upgrading of the untrusted channel to a trusted channel;
receiving, by the verifier server from the first service component, a registration request comprising a request to store the untrusted channel address as a trusted channel address;
determining, by the verifier server, that on behalf of processing of one-time password authentication has been granted by the first service component; and
storing, by the verifier server in the verifier database, the untrusted channel address with a trusted channel designation.

2.	(canceled)	

1, wherein the registration request further comprises a consumer identifier, and further comprising storing, by the verifier server in a verifier database, the consumer identifier with the untrusted channel address with a trusted channel designation.

4.-5.	(canceled) 	

6.	(currently amended)	A verifier computer apparatus for upgrading an untrusted channel to a trusted channel in a manner compliant with the General Data Protection Regulation (GDPR), comprising:
a verifier processor; 
a communication device operably connected to the verifier processor; and 
a storage device operably connected to the verifier processor and storing instructions causing the verifier processor to:
receive a request from a first service component to verify an untrusted channel address associated with a consumer identifier;
retrieve the trusted channel address of the consumer associated with the consumer identifier from a verifier database;
generate a one-time password witness value containing at least six and a maximum of eight alphanumeric characters;
split the one-time password witness value into a first portion comprising at least the two leftmost alphanumeric characters and a second portion comprising at least the two rightmost alphanumeric characters; 

transmit the second portion of the one-time password witness value and the trusted channel address to a second service component;
receive a recomposed value generated by a consumer’s client from the first service component, the recomposed value including the two leftmost alphanumeric characters;
split the recomposed value into a first recomposed value and a second recomposed value;
generate a reverted one-time password value based on the first and second recomposed values;
determine that the reverted one-time password value equals the one-time password witness value;
transmit an authentication message to the first service component confirming authentication of the consumer and enabling upgrading of the untrusted channel to a trusted channel;
receive a registration request from the first service component comprising a request to store the untrusted channel address as a trusted channel address;
determine that on behalf of processing of one-time password authentication has been granted by the first service component; and
store the untrusted channel address with a trusted channel designation in the verifier database.



8.	(currently amended) 	The apparatus of claim 6[[7]], wherein the instructions for receiving a registration request further comprises instructions causing the verifier processor to receive a consumer identifier, and wherein the storage device stores further instructions causing the verifier processor to:
store the consumer identifier with the untrusted channel address in the verifier database with a trusted channel designation.

9.	(canceled) 	

10.	(currently amended) 	A system for upgrading an untrusted channel to a trusted channel in a manner compliant with the General Data Protection Regulation (GDPR), comprising:
a verifier server computer comprising a verifier processor, a communication device operably connected to the verifier processor, a first service component and a second service component, and a storage device operably connected to the verifier processor; 
a verifier database operably connected to the verifier server computer; and
a user device operably connected to the verifier server computer;
wherein the storage device of the verifier server computer stores instructions causing the verifier processor to:
receive a request from the first service component to verify an untrusted channel address associated with a consumer identifier;

generate a one-time password witness value containing at least six and a maximum of eight alphanumeric characters;
split the one-time password witness value into a first portion comprising at least the two leftmost alphanumeric characters and a second portion comprising at least the two rightmost alphanumeric characters; 
transmit the first portion of the one-time password witness value to the first service component;
transmit the second portion of the one-time password witness value and the trusted channel address to the second service component;
receive a recomposed value from the first service component, the recomposed value generated by a consumer’s client running on the user device and including the two leftmost alphanumeric characters;
split the recomposed value into a first recomposed value and a second recomposed value;
generate a reverted one-time password value based on the first and second recomposed values;
determine that the reverted one-time password value equals the one-time password witness value; 

receive a registration request from the first service component comprising a request to store the untrusted channel address as a trusted channel address;
determine that on behalf of processing of one-time password authentication has been granted by the first service component; and
store the untrusted channel address with a trusted channel designation in the verifier database. 

11.	(canceled)	
	
12.	(currently amended) 	The system of claim 10 [[11]], wherein the instructions for receiving a registration request stored in the storage device of the verifier server computer further comprises instructions causing the verifier processor to receive a consumer identifier, and wherein the storage device of the verifier server computer stores further instructions causing the verifier processor to:
 store the consumer identifier with the untrusted channel address in the verifier database with a trusted channel designation.

13.	(canceled)


Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
The closest prior arts of record are Jones et al. (US Publication Number: 20080270301 A1) and  Muratov et al. (US Publication Number: 20030097596 A1). Jones et al. teach a method which enables a merchant to obtain payment for a purchase from a customer who uses a mobile communication device to make the purchase, including uploading an application program to the customer's mobile communication device, and receiving a request for payment from a merchant terminal.
Muratov et al. teach a system and method for protecting data within a portable electronic device to prevent unauthorized access to that data.
Regarding claim 1, the closest prior arts of record when taken individually or in combination
with other prior arts do not teach or disclose the subject matter of receiving, by a verifier server from a first service component, a request to verify an untrusted channel address comprising a consumer identifier;  retrieving, by the verifier server from a verifier database, the trusted channel address of the consumer associated with the consumer identifier;  generating, by the verifier server, a one-time password witness value containing at least six and a maximum of eight alphanumeric characters; 
splitting, by the verifier server, the one-time password witness value into a first portion comprising at least the two leftmost alphanumeric characters and a second portion comprising at least the two rightmost alphanumeric characters;  transmitting, by the verifier server to the first service component, the first portion of the one-time password witness value;  transmitting, by the verifier server to a second service component, the second portion of the one-time password witness value and the trusted channel address;  receiving, by the verifier server from the first service component, a recomposed value generated by a consumer’s client, the recomposed value including the two leftmost alphanumeric 
Regarding claim 6, the closest prior arts of record when taken individually or in combination with other prior arts do not teach or disclose the subject matter of a verifier processor;  a communication device operably connected to the verifier processor; and a storage device operably connected to the verifier processor and storing instructions causing the verifier processor to:  receive a request from a first service component to verify an untrusted channel address associated with a consumer identifier;  retrieve the trusted channel address of the consumer associated with the consumer identifier from a verifier database;  generate a one-time password witness value containing at least six and a maximum of eight alphanumeric characters;  split the one-time password witness value into a first portion comprising at least the two leftmost alphanumeric characters and a second portion comprising at least the two rightmost alphanumeric characters; transmit the first portion of the one-time password witness value to the first service component;  transmit the second portion of the one-time password witness value and the trusted channel address to a second service component;  receive a recomposed value generated by a consumer’s client from the first service component, the recomposed 
Regarding claim 10, the closest prior arts of record when taken individually or in combination with other prior arts do not teach or disclose the subject matter of manner compliant with the General Data Protection Regulation (GDPR), comprising:  a verifier server computer comprising a verifier processor, a communication device operably connected to the verifier processor, a first service component and a second service component, and a storage device operably connected to the verifier processor; a verifier database operably connected to the verifier server computer; and  a user device operably connected to the verifier server computer;  wherein the storage device of the verifier server computer stores instructions causing the verifier processor to:  receive a request from the first service component to verify an untrusted channel address associated with a consumer identifier;  retrieve the trusted channel address of the consumer associated with the consumer identifier from the verifier database;  generate a one-time password witness value containing at least six and a maximum of eight alphanumeric characters;  split the one-time password witness value into a first portion comprising at least the two leftmost alphanumeric characters and a second portion comprising at least the two rightmost alphanumeric characters;  transmit the first portion of the one-time password witness value to the first service component;  transmit the second portion of the one-time password witness value and the trusted channel address to the second service component;  receive a recomposed value from the first service component, the recomposed value generated by a consumer’s client running on the user device and including the two leftmost alphanumeric characters;  split the recomposed value into a first recomposed value and a second recomposed value;  generate a reverted one-time password value based on the first and second recomposed values;  determine that the reverted one-time password value equals the one-time password witness value; transmit an authentication message to the first service component confirming authentication of the consumer and enabling upgrading of the untrusted channel to a trusted channel;  receive a registration request from the first service component comprising a request to store the untrusted channel address as a trusted channel address;  determine that on behalf of processing of one-time password authentication has been granted by the first service component; and  store the untrusted channel address with a trusted channel designation in the verifier database. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to I JUNG LIU whose telephone number is (571)270-1370.  The examiner can normally be reached on Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


I JUNG LIU
Examiner
Art Unit 3697



/I JUNG LIU/Primary Examiner, Art Unit 3697