EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Andrew Cohn (Reg. No. 69739) on 04/23/2021.

The application has been amended as follows: Please enter the amendments filed 02/16/2021 and include the following amendments:

1. (Previously presented) A method comprising: 
receiving, by a service provider server, a first transaction processing request for a transaction between a user and a merchant, wherein the first transaction processing request comprises transaction information for the transaction and user information for the user;
establishing, by the service provider server, a secure communication channel with a first communication device of the user; 
determining, by the service provider server using the user information, that the user does not have an account with the service provider server;
automatically generating, by the service provider server, the account for the user using at least the user information, wherein the account is automatically generated to be accessible via a password;

generating, by the service provider server, a first hash value of the first device information using a hashing function; 
generating, by the service provider server using at least the first hash value, a first token for authentication by the service provider server of the account;
communicating, by the service provider server, the first token to the first communication device of the user through the secure communication channel; 
providing, by the service provider server on a plurality of merchant websites, a checkout process that automatically authenticates the first communication device using the first token;
requesting, by the service provider server, the first token from the first communication device via the checkout process on one of the plurality of merchant websites; 
automatically receiving, by the service provider server without user input from the first communication device, the first token via the checkout process from the one of the plurality of merchant websites;
authenticating, by the service provider server, the first communication device for the account with the checkout process on the one of the plurality of merchant websites; 
receiving, by the service provider server from a second communication device different from the first communication device, a second transaction processing request comprising the user information for the user and second device information for the second communication device, wherein the second transaction processing request is received without the first token from the checkout process; 
determining, by the service provider server, the account using the user information;

receiving, by the service provider server, the user identification information from the second communication device with the second transaction processing request; and 
issuing, by the service provider server, a second token to the second communication device based on a second hash value of the second device information using the hashing function.

2. (Previously presented) The method of claim 1, wherein the first transaction processing request is received from one of a merchant device for the merchant in the transaction or the first communication device for the user in the transaction, and wherein the first transaction processing request is received during a guest checkout for transaction processing of the transaction without having previously established the account for the user.

3. (Previously presented) The method of claim 1, wherein the password is one of a randomly generated password or a null password having the password set to null.

4. (Canceled)

5. (Previously presented) The method of claim 1, wherein the first transaction processing request is received during the checkout process for the transaction between the user and the merchant.

6. (Previously presented) The method of claim 1, wherein the first transaction processing request is entered to a checkout interface of the merchant, wherein the checkout interface comprises at least one field for entry of the user information.

7. (Previously presented) The method of claim 1, further comprising:
receiving, by the service provider server, a password reset request from the user;
requesting, by the service provider server, at least a portion of the user information from the user;
authenticating, by the service provider server, the user for the account using the at least the portion; and 
providing, by the service provider server, a password establishment interface to the user, wherein the password establishment interface comprises a process to enter a new password set by the user for the account.

8. (Previously presented) The method of claim 7, wherein the password establishment interface is provided through an email communicated to an email account of the user from the user information.

9. (Previously presented) The method of claim 7, further comprising: 
receiving, by the service provider server, the new password from the user; 
establishing, by the service provider server, the new password for the account to authenticate a use of the account; and 
providing, by the service provider server, account access and services for the account associated with establishing the new password.

10. (Previously presented) The method of claim 1, further comprising: processing, by the service provider server, the transaction using the transaction information and the account of the user.

11-20. (Canceled)

21. (Previously presented) A system comprising: 
a non-transitory memory; and 
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the one or more hardware processors to perform operations comprising: 
receiving a first transaction processing request for a transaction between a user and a merchant from a first communication device of the user, wherein the first transaction processing request comprises transaction information for the transaction and user information for the user;
determining, using the user information, that the user does not have an account with a service provider;
automatically generating the account for the user using at least the user information, wherein the account is automatically generated to be accessible via a password;
receiving first device information for the first communication device of the user via a secure communication channel; 
generating a first hash value of the first device information using a hashing function;
generating, using at least the first hash value, a first token for authentication by the service provider of the account;
communicating the first token to the first communication device of the user through the secure communication channel; 
providing, on a plurality of merchant websites, a checkout process that automatically authenticates the first communication device using the first token; 
requesting the first token from the first communication device via the checkout process on one of the plurality of merchant websites;
automatically receiving, without user input from the first communication device, the first token via the checkout process from the one of the plurality of merchant websites; 
authenticating the first communication device for the account with the checkout process on the one of the plurality of merchant websites; 
receiving, from a second communication device different from the first communication device, a second transaction processing request comprising the user information for the user and second device information for the second communication device, wherein the second transaction processing request is received without the first token from the checkout process; 
determining the account using the user information; 
requesting user identification information for the user based on the receiving the second transaction processing request without the first token; 
receiving the user identification information from the second communication device with the second transaction processing request; and 
issuing a second token to the second communication device based on a second hash value of the second device information using the hashing function.

22. (Previously presented) The system of claim 21, wherein the password comprises one of a null password or a random password for the account.

23. (Previously presented) The system of claim 21, wherein the secure communication channel comprises an encrypted communication channel with the first communication device.

24. (Previously presented) The system of claim 21, wherein the first token is at least one of a device-specific token for only the first communication device or a browser-specific token for a web browser on the first communication device.

25. (Previously presented) The system of claim 21, wherein the operations further comprise:
receiving an opt-in acceptance for a passwordless authentication of the account from the first communication device.

26. (Previously presented) The system of claim 21, wherein the first token is associated with a biometric of the user for access to the first token.

27-34. (Canceled)

35. (Previously presented) The method of claim 1, wherein the automatically receiving, the first token from the first communication device during the checkout process is based on a one-touch checkout opt-in by the first communication device.

36. (New) A non-transitory machine-readable medium having stored thereon machine-readable instructions executable by at least one hardware processor to cause the at least one hardware processor to perform operations comprising:
receiving a first transaction processing request for a transaction between a user and a merchant from a first communication device of the user, wherein the first transaction processing request comprises transaction information for the transaction and user information for the user;
determining, using the user information, that the user does not have an account with a service provider;
automatically generating the account for the user using at least the user information, wherein the account is automatically generated to be accessible via a password;
receiving first device information for the first communication device of the user via a secure communication channel; 
generating a first hash value of the first device information using a hashing function;
generating, using at least the first hash value, a first token for authentication by the service provider of the account;
communicating the first token to the first communication device of the user through the secure communication channel; 
providing, on a plurality of merchant websites, a checkout process that automatically authenticates the first communication device using the first token; 
requesting the first token from the first communication device via the checkout process on one of the plurality of merchant websites;
automatically receiving, without user input from the first communication device, the first token via the checkout process from the one of the plurality of merchant websites; 
authenticating the first communication device for the account with the checkout process on the one of the plurality of merchant websites; 
receiving, from a second communication device different from the first communication device, a second transaction processing request comprising the user information for the user and second device information for the second communication device, wherein the second transaction processing request is received without the first token from the checkout process; 
determining the account using the user information; 
requesting user identification information for the user based on the receiving the second transaction processing request without the first token; 
receiving the user identification information from the second communication device with the second transaction processing request; and 
issuing a second token to the second communication device based on a second hash value of the second device information using the hashing function.

37. (New) The non-transitory machine-readable medium of claim 36, wherein the first transaction processing request is received from one of a merchant device for the merchant in the transaction or the first communication device for the user in the transaction, and wherein the first transaction processing request is received during a guest checkout for transaction processing of the transaction without having previously established the account for the user.

38. (New) The non-transitory machine-readable medium of claim 36, wherein the password is one of a randomly generated password or a null password having the password set to null.

39. (New) The non-transitory machine-readable medium of claim 36, wherein the first transaction processing request is received during the checkout process for the transaction between the user and the merchant.
Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
The present claims 1-3, 5-10, 21-26, and 35-39 disclose a system, non-transitory machine-readable medium, and method comprising receiving, by a service provider server, a first transaction processing request for a transaction between a user and a merchant, wherein the first transaction processing request comprises transaction information for the transaction and user information for the user; establishing, by the service provider server, a secure communication channel with a first communication device of the user; determining, by the service provider server using the user information, that the user does not have an account with the service provider server; automatically generating, by the service provider server, the account for the user using at least the user information, wherein the account is automatically generated to be accessible via a password; receiving, by the service provider server, first device information for the first communication device of the user via the secure communication channel; generating, by the service provider server, a first hash value of the first device information using a hashing function; generating, by the service provider server using at least the first hash value, a first token for authentication by the service provider server of the account; communicating, by the service provider server, the first token to the first communication device of the user through the secure communication channel; providing, by the service provider server on a plurality of merchant websites, a checkout process that automatically authenticates the first communication device using the first token; requesting, by the service provider server, the first token from the first communication device via the checkout process on one of the plurality of merchant websites; automatically receiving, by the service provider server without user input from the first communication device, the first token via the checkout process from the one of the plurality of merchant websites; authenticating, by the service provider server, the first communication device for the account with the checkout process on the one of the plurality of merchant websites; receiving, by the service provider server from a second communication device different from the first communication device, a second transaction processing request comprising the user information for the user and second device information for the second communication device, wherein the second transaction processing request is received without the first token from the checkout process; determining, by the service provider server, the account using the user information; requesting, by the service provider server, user identification information for the user based on the receiving the second transaction processing request without the first token; receiving, by the service provider server, the user identification information from the second communication device with the second transaction processing request; and issuing, by the service provider server, a second token to the second communication device based on a second hash value of the second device information using the hashing function.
The closest prior art of Ansari (US 2012/0317028) discloses establishing, by the service provider server, a secure communication channel with a first communication device of the user (Fig. 3, 0014, 0056); determining, by the service provider server, that the user does not have an account with the service provider server using the user information (Fig. 2, 0013, 0054); automatically generating, by the service provider server, the account for the user using at least the user information (Fig. 2, 0013, 0054); generating, by the service provider server, a first token for authentication by the service provider server of the account (Fig. 2, 0015, 0025, 0034-0035, 0054-0055); communicating, by the service provider server, the first token to the first communication device for the user through the secure communication channel (Fig. 2-3, 0014, 0034, 0056); receiving, by the service provider server from a second communication device different from the first communication device, a second transaction processing request comprising the user information for the user and second device information for the second communication device, wherein the second transaction processing request is received without the first token (Fig. 2, 0034-0035, 0054-0055); determining, by the service provider server, the account using the user information (Fig. 2, 0034-0035, 0054-0055); receiving, by the service provider server, the user identification information from the second communication device with the second transaction processing request (Fig. 2, 0034-0035, 0054-0055); and issuing, by the service provider server, a second token to the second communication device (Fig. 2, 0034-0035, 0054-0055).
Wardman (US 2015/0371221) discloses receiving, by a service provider server, a first transaction processing request for a transaction between a user and a merchant (0036-0038, 0041-0042, 0044, 0047-0049), wherein the first transaction processing request comprises transaction information for the transaction and user information for the user (0038, 0041).
Janacek (USP 6684248) discloses wherein the account is automatically generated with a password set by the service provider server (Col 4 line 60-64, Col 6 line 47-59).
Nair (US 2011/0302630) discloses receiving, by the service provider server, first device information for the first communication device of the user via the secure communication channel (Fig. 3, 0011-0012, 0070, 0072, 0075); generating, by the service provider server, a first hash value of the first device information using a hashing function (Fig. 3, 0011-0012, 0070, 0072, 0075); generating, by the service provider server, a first token for authentication by the service provider server of the account using at least the first hash value (Fig. 3, 0011-0012, 0070, 0072, 0075); and issuing, by the service provider server, a second token to the second communication device based on a second hash value of the second device information using the hashing function (Fig. 3, 0011-0012, 0070, 0072, 0075).
Bartoli (USP 6047268) discloses receiving, by the service provider server from a second communication device different from the first communication device, a second transaction processing request comprising the user information for the user and second device information for the second communication device, wherein the second transaction processing request is received without the first token (Col 6 line 7-32); determining, by the service provider server, the account using the user information (Col 6 line 7-32); requesting, by the service provider server, user identification information for the user based on the receiving the second transaction processing request without the first token (Col 6 line 7-32); receiving, by the service provider server, the user identification information from the second communication device with the second transaction processing request (Col 6 line 7-32); and issuing, by the service provider server, a second token to the second communication device (Col 6 line 7-32).
However, the prior art does not disclose, neither singly nor in combination, for claims  1-3, 5-10, 21-26, and 35-39: automatically generating, by the service provider server, the account for the user using at least the user information, wherein the account is automatically generated to be accessible via a password; receiving, by the service provider server, first device information for the first communication device of the user via the secure communication channel; generating, by the service provider server, a first hash value of the first device information using a hashing function; generating, by the service provider server using at least the first hash value, a first token for authentication by the service provider server of the account; communicating, by the service provider server, the first token to the first communication device of the user through the secure communication channel; providing, by the service provider server on a plurality of merchant websites, a checkout process that automatically authenticates the first communication device using the first token; requesting, by the service provider server, the first token from the first communication device via the checkout process on one of the plurality of merchant websites; automatically receiving, by the service provider server without user input from the first communication device, the first token via the checkout process from the one of the plurality of merchant websites; authenticating, by the service provider server, the first communication device for the account with the checkout process on the one of the plurality of merchant websites; receiving, by the service provider server from a second communication device different from the first communication device, a second transaction processing request comprising the user information for the user and second device information for the second communication device, wherein the second transaction processing request is received without the first token from the checkout process; determining, by the service provider server, the account using the user information; requesting, by the service provider server, user identification information for the user based on the receiving the second transaction processing request without the first token; receiving, by the service provider server, the user identification information from the second communication device with the second transaction processing request; and issuing, by the service provider server, a second token to the second communication device based on a second hash value of the second device information using the hashing function.
	Examiner additionally notes that the submitted amendments to claims 1-3, 5-10, 21-26, and 35-39 overcome the prior rejections under 35 USC 112(a), 35 USC 112(b), and 35 USC 101.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAYLOR RAK whose telephone number is (571)270-1575.  The examiner can normally be reached on Monday-Friday 9:30-5:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on (571)-272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/T.R./Examiner, Art Unit 3685

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685