NOTICE OF ALLOWANCE

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Claims

Claims 1-16 and 21-24 are presented for examination. Applicant filed an after final amendment on 03/08/2021. In light of Applicant’s after final amendment and examiner’s amendment below, Examiner withdraws the previous § 101 rejection and finds claims 1-16 and 21-24 allowable. Therefore, claims 1-16 and 21-24 are ALLOWED. 

Examiner’s Amendment

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR § 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. Authorization for this examiner’s amendment was given in a telephone interview with Attorney Greg Meyer on March 18, 2021.

IN THE CLAIMS:

1.	(Currently Amended) A system for use in authenticating users to accounts in connection with network transactions, the system comprising:
a payment network, wherein the payment network is separate from a merchant, an acquirer associated with the merchant, and an issuer of a payment account;
a directory server (DS) included in the payment network and coupled in communication with an access control server (ACS) and a digital service server (DSS); 
the ACS associated with the issuer and coupled in communication with the DS; and 
the DSS coupled in communication with the DS, wherein the DSS is separate from the merchant, the acquirer, and the issuer;
wherein the DS is configured to:
receive an authentication request for a transaction directed to the merchant from a merchant server plug-in (MPI) associated with the merchant, the transaction involving the payment account, the payment account associated with an account number, and the authentication request including at least one of a token associated with the payment account and the account number; and 
transmit the at least one of the token and the account number to the DSS; 
wherein, in response to receiving the at least one of the token and the account number, the DSS is configured to:
generate a directory server nonce (DSN) for the authentication request; and 
transmit the DSN and the account number for the payment account to the DS;
wherein, in response to receiving the DSN and the account number, the DS is configured to transmit the DSN and the account number to the ACS; 
wherein, in response to receiving the DSN and the account number, the ACS is configured to:
generate an issuer authentication value (IAV); and
transmit the IAV to the DS; 
wherein, in response to receiving the IAV from the ACS, the DS is configured to:

transmit the AAV to the MPI;
wherein the payment network is configured to:
receive an authorization request for the transaction from the MPI, the authorization request including the AAV;  
validate the AAV; and
based on validation of the AAV, transmit the authorization request to the issuer; and 
wherein the issuer is configured to validate the IAV[[,]] prior to approving or declining the transaction.  

2.	(Currently Amended) The system of claim 1, wherein the authentication request includes the token for the payment account; and 
wherein the DSS is further configured to map the token to the account number for the payment account[[,]] prior to transmitting the account number to the DS.

3.	(Previously Presented) The system of claim 1, wherein the authentication request includes a cryptogram; and 
wherein the DSS is configured to validate the cryptogram prior to transmitting the DSN to the DS.

4.	(Currently Amended) The system of claim 1, wherein the authentication request includes a cryptogram; and 
wherein the DSS is configured to:
store the cryptogram in a memory prior to transmitting the DSN to the DS; 
locate the cryptogram in the memory based on the DSN; and 
validate the cryptogram in response to [[an]] the authorization request including the AAV. 


wherein the AAV further includes a merchant ID.  

6.	(Currently Amended) The system of claim 1, wherein the DS is further configured to generate a message authentication code (MAC) based on at least the DSN, the AAV including the MAC; [[and]]  
wherein the payment network is configured, in connection with validating the AAV, to validate the MAC based on a shared key with the directory server; and 
wherein the payment network is further configured to transmit the authorization request, or part thereof, to the DSS.  

7.	(Original) The system of claim 6, wherein the DSS is further configured to validate a digital secure remote payment (DSRP) cryptogram included in the authentication request and to provide a validation result for the DSRP cryptogram to the payment network; and 
wherein the payment network is configured to transmit the authorization request, including the validation result, to the issuer of the payment account.
8.	(Original) The system of claim 1, wherein the DSN includes at least an application transaction count (ATC) and a randomly generated value.

9.	(Previously Presented) The system of claim 1, wherein the amount of the transaction includes a logarithmic amount of the transaction; and
wherein the AAV includes the IAV, the DSN, the logarithmic amount, a truncated hash of a merchant ID for the merchant, a currency code, a key ID for a shared key and a MAC generated by the shared key.  

10.	(Currently Amended) A computer-implemented method for use in authenticating a user to a payment account in connection with a transaction, the method comprising:
receiving, by a directory server (DS), an authentication request for a transaction directed to a merchant and associated with a payment account, the authentication request including a token associated with the payment account and a cryptogram, wherein the DS is included in a 
transmitting, by the DS, the token and the cryptogram to a digital service server (DSS), the DSS separate from 
mapping, by the DSS, the token to a primary account number (PAN) for the payment account;
validating, by the DSS, the cryptogram;
in response to validating the cryptogram, generating, by the DSS, a directory server nonce (DSN) for the authentication request;
transmitting, by the DSS, the DSN and the PAN to the DS;
in response to receiving the DSN and the PAN, transmitting, by the DS, the DSN and the PAN to an access control server (ACS) associated with the issuer of the payment account; 
generating, by the ACS, an issuer authentication value (IAV);
transmitting, by the ACS, the IAV 
in response to receiving the IAV from the ACS, compiling, by the, an accountholder authentication value (AAV) as evidence of completed authentication, the AAV including the IAV, the DSN, and an amount of the transaction; 
transmitting, by the DS, the AAV to one of the merchant and a merchant server plug-in (MPI) associated with the merchant;
receiving, by the payment network, an authorization request for the transaction including the AAV from one of the merchant and the MPI;
validating, by the payment network, the AAV; 
based on validating the AAV, transmitting, by the payment network, the authorization request to the issuer of the payment account; and 
validating, by the issuer, the IAV prior to approving or declining the transaction.  

11.	(Original) The computer-implemented method of claim 10, wherein the DSN includes at least an application transaction count (ATC) and a randomly generated value.

12.	(Currently Amended) The computer-implemented method of claim 10, further comprising: 
the amount of the transaction and a merchant ID associated with the merchant; 
transmitting, by the DS, the compressed at least one of the amount of the transaction and the merchant ID to the ACS; and 
wherein the AAV includes the compressed at least one of the amount of the transaction and the merchant ID.

13.	(Currently Amended) The computer-implemented method of claim 10, further comprising: 
generating, by the DS, a message authentication code (MAC), the AAV including the MAC; and 
wherein validating the AAV includes validating the MAC in response to [[an]] the authorization request including the AAV. 

14.	(Currently Amended) The computer-implemented method of claim 13, further comprising: 
mapping, by the payment network, the token to the PAN after validating the MAC;[[,]] and 
transmitting, by the payment network, the authorization request with the PAN and a validation result to the issuer of the payment account prior to the issuer validating the IAV. 

15.	(Currently Amended) The computer-implemented method of claim 14, wherein the AAV includes the IAV, the DSN, a logarithmic value of [[an]] the amount of the transaction, a truncated hash of a merchant ID for the merchant, a currency code, a key ID for a shared key used to generate the MAC, and the MAC.  

16.	(Previously Presented) The computer-implemented method of claim 15, further comprising:
generating, by the ACS, the IAV based on a key and at least the PAN and the DSN; and 
wherein validating the IAV includes validating the IAV based on the shared key and at least the PAN and the DSN.  

17. – 20.  (Cancelled). 

21.	(Currently Amended) The system of claim 1, wherein the DS is further configured to:
calculate a logarithm of [[an]] the amount of the transaction;
calculate a truncated hash of a merchant ID of the merchant; and 
transmit the logarithm of the amount of the transaction and the truncated hash of the merchant ID, along with the DSN and the account number, to the ACS.

22.	(Previously Presented) The system of claim 1, wherein the authentication request includes a cryptogram; and
wherein the DSS is configured to map the token to the account number and to validate the cryptogram prior to transmitting the DSN to the DS.   

23.	(New) The computer-implemented method of claim 10, further comprising: 
calculating, by the DS, a logarithm of the amount of the transaction;
calculating, by the DS, a truncated hash of a merchant ID of the merchant; and 
transmitting, by the DS, the logarithm of the amount of the transaction and the truncated hash of the merchant ID, along with the DSN and the account number, to the ACS.

24.	(New) The computer-implemented method of claim 10, wherein the authentication request includes a cryptogram; and wherein the method further comprises: 
mapping, by the DSS, the token to the account number; and 
validating, by the DSS, the cryptogram prior to transmitting the DSN to the DS.   

Allowable Subject Matter

Claims 1-16 and 21-24 are allowed. The following is a statement of reasons for the indication of allowable subject matter:  

The claimed invention is directed to systems and methods for use in authenticating users to accounts in connection with network transactions.

35 USC § 101: The newly amended claims 1-16 and 21-24 overcome the previous § 101 rejection under the Federal Circuit Court’s Bascom decision because similarly to the claims in Bascom, non-conventional and non-generic arrangement of the additional elements is present in independent claims 1 and 10. Therefore, independent claims 1 and 10 are patent eligible under § 101. Dependent claims 2-9, 11-16, and 21-24 are patent eligible based on their dependency. Therefore, claims 1-16 and 21-24 are patent eligible under § 101.

35 USC § 102 and § 103: The prior art Bennett (WO 02/071176 A2) relate generally to the field of financial transaction and teaches specifically similar configuration of additional elements as the instant application. The prior art, however, fails to teach: “A digital service server (DSS) coupled in communication with a directory server (DS), wherein the DSS is separate from the merchant, the acquirer, and the issuer, wherein, in response to receiving the at least one of the token and the account number, the DSS is configured to: generate a directory server nonce (DSN) for the authentication request.” These limitations appear in the independent claims 1 and 10. Independent claims 1 and 10 are thus novel and unobvious under § 102 and § 103. Dependent claims 2-9, 11-16, and 21-24 are novel and unobvious based on their dependency. Therefore, claims 1-16 and 21-24 are novel and unobvious under § 102 and § 103.
Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Poon (2016/0180343 A1) discloses: See Fig. 1.

Plateaux (2014/0108262 A1) discloses: See Fig. 1.

Yu (2015/0081551 A1) discloses: See Fig. 1 and Fig. 2.

Hammad (2012/0284187 A1) discloses: See Fig. 3.

Kohli (2017/0330187 A1) discloses: See Fig. 1.

Barta (2017/0069003 A1) discloses: See Fig. 1.

Zhang (2018/0007035 A1) discloses: See Fig. 1.

Dominguez (2011/0196791 A1) discloses: See Fig. 1.

Qi Xie, Jun Zhan, and Na Dong. Robust Anonymous Authentication Scheme for Telecare
Medical Information Systems. J Med Syst (2013) 37:9911.






Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRPI H. KANERVO whose telephone number is 571-272-9818. The examiner can normally be reached on Monday – Friday, 10 am – 6 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander G. Kalinowski can be reached on 571-272-6771. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRPI H KANERVO/Primary Examiner, Art Unit 3691