DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Claims
The office action is being examined in response to the amendments filed by the applicant on February 16, 2021.  
Claims 1, 10, and 19 have been amended and are hereby entered.
Claims 1-20 are pending and have been examined. 
This action is made FINAL.

Response to Arguments
Applicant's arguments filed February 16, 2021 have been fully considered but they are not persuasive.
The 112 rejection(s) have been withdrawn due to applicant’s amendments.  
With regard to the limitations of claims 1-20, Applicant argues that the claims are patent eligible under 35 USC 101 because they meet the analysis set forth by the Supreme Court. The examiner respectfully disagrees.  The claims were analyzed using the 2019 PEG guidelines and are still considered ineligible under U.S.C. 101.  The claims are not eligible under 35 USC 101 because they do not meet the requirements of the test set forth by the Supreme Court. Step 1 is met because the claims are directed towards one of the four statutory categories. Part 2A-Prong1 of the test is trying to evaluate if the claims recite a judicial exception (an abstract idea enumerated in the 2019 PEG, then Part 2A-Prong 2 is to evaluate whether the claims recite additional elements that integrate the exception into a practical application, then Part 2B checks whether they are applied.  
With respect to Applicant’s arguments, it is not that the claim as a whole is to such an abstract idea that would be the ultimate conclusion under both parts of the analysis. The claims are directed towards the abstract idea of a computer system that recites the steps of …creating….a payment account first identifier…, …causing…the single-use account token to be loaded into a wallet application…, … preventing the valid primary account identifier…, …receiving…the authorization request…, …determining…the payment account first identifier is the valid primary account identifier..., …prohibiting…the authorization request…, …sending…a decline response…, (…constructing…a query having a search condition.., …running…the query.., …retrieving…payment account information…) (Claim 4), …parsing…the authorization request…(Claim 5), and …associating…a transaction block indicator…(Claim 7), as drafted, is a process that, under its broadest reasonable interpretation, reducing fraud risk for a valid primary transaction account which is method of organizing human activity, such as a fundamental economic concept and/or managing commercial interactions between people.  Accordingly, the claim(s) recite an abstract idea.  The claim as a whole is not more than a drafting effort designed to monopolize the exception.  The additional limitations when taken individually and in combination are not sufficient to amount to significantly more that the judicial exception because the claims do not provide improvements to another technology or technical field, improvements to the function of the computer itself, and do not provide meaningful limitations beyond general linking the use of an abstract idea to a particular technological environment.  Accordingly, the claim(s) recite an abstract idea.    
The claims recite the additional elements of: authorization system (including processor and memory), database, and merchant system.  The computer hardware/software is/are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer component.  Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, claims 1, 10, and 19 are directed to an abstract idea without a practical application.  
Additionally, the claims when taken individually or in combination, do not amount to significantly more than the abstract idea itself.  The claims contain the additional limitations of an authorization system (including processor and memory), database, and merchant system.  The additional limitations when considered both individually and in combination do not amount to significantly more because the claims do not affect an improvement to another technology or technical field; the claims do not amount to an In addition, the applicant’s specification, states, “conventional data networking, application development and other functional aspects of the systems (and components of the individual operating components of the systems) may not be described in detail herein. “ [0051]; “various conventional support software and drivers typically associated with computers.” [0055]; “general purpose digital computers or similar devices..” [0056]; “The removable storage drive reads from and/or writes to a removable storage unit in a well-known manner” [0058]; and “various conventional support software and drivers typically associated with computers” [0067]. The dependent claims have been given the full two part analysis including analyzing the additional limitations both individually and in combination.  The Dependent claim(s) when analyzed both individually and in combination are also held to be patent ineligible under 35 U.S.C. 101 because for the same reasoning as above and the additional recited limitation(s) fail(s) to establish that the claim(s) is/are not directed to an abstract idea.  The additional limitations of the dependent claim(s) when considered individually and as an ordered combination do not amount to significantly more than the abstract idea.  Therefore, the claims are rejected under 35 U.S.C. 101 and not patent eligible. 
With regard to the applicant’s arguments, on page 10, that the claims are directed to the specification at [0013], [0025], and [0035] are a practical application, the examiner respectfully disagrees.  These are merely part of the abstract idea being applied to a computer.  In addition, the solution to the problem is merely a business solution to a business problem versus a technological solution to a technological problem.
Regarding the applicant’s argument, on page 13 applicant’s arguments, that the claims of the instant application are patent eligible for the same reasons as Example 35 claim 2.  The applicant argues that the hypothetical example, much like the instant application’s claims, are significantly more because when examining in combination the claims include additional elements.  The examiner respectfully disagrees.  Example 35 is merely a hypothetical example.  The claims in the instant application are not ‐specific information, comparing the obtained customer‐specific information with customer information from the financial institution to authenticate the customer’s identity, and determining whether the transaction should proceed when a match from the analysis verifies the authenticity of the customer’s identity. Like the steps of obtaining and comparing customer information in claim 1, these steps in claim 2 describe a method of fraud prevention by identity verification before proceeding with a banking transaction, which as explained above is a fundamental business practice and is similar to ideas found abstract by the courts. Therefore, claim 2 is directed to an abstract idea just like the instant application.  In addition to the steps that describe the abstract idea of preventing fraud through identity verification, the claim recites the additional limitations of obtaining customer‐specific information from a bank card, a processor comparing data, generating a random code and transmitting it to the customer’s mobile communication device, and the processor reading an image that was generated by the customer’s mobile communication device in response to receipt of the random code, where the image includes encrypted code data. The encrypted code data from the image is then used by the processor to verify the customer’s identity by decrypting the code data and analyzing the decrypted code data. Considered individually, the steps of obtaining information from a bank card and the comparing data do not provide significantly more for the same reasons as in claim 1.For the same reasons, the instant application is not significantly more. Similarly, the processor and the mobile communication device are recited at a high level of generality and perform programmed functions that represent conventional and generic operations for these devices, including reading data, generating random codes, and analyzing data. However, the combination of the steps (e.g., the ATM providing a random code, the mobile communication device’s generation of the image having encrypted code data in response to the random code, the ATM’s decryption and analysis of the code data, and the subsequent determination of whether the transaction should proceed based on the analysis of the code data) operates in a non‐ conventional and non‐generic way to ensure that the customer’s identity is verified in a secure manner that is more than the conventional verification process employed by an ATM alone. In combination, these steps do not represent merely gathering data for comparison or security purposes, but instead set up a sequence of events that address unique problems associated with bank cards and ATMs (e.g., the use of stolen or “skimmed” bank cards and/or customer information to perform unauthorized transactions). Thus, like in ‐conventional and non‐generic way, even though the steps use well‐known components (a processor and mobile communication device). Claim 2 is eligible in the hypothetical example.  This is where the example and instant application differ. The elements of the hardware and steps are recited at a high level of generality and perform programmed functions that represent conventional and generic operations for these devices —even when considered in combination.   In the instant application, it is merely reducing fraud risk for a valid primary transaction account.   For the reasons explained above applicant’s arguments are not persuasive.  
For the reasons explained above applicant’s arguments are not persuasive.  
Applicant's art arguments are considered moot due to new grounds of rejection.  
 For the reasons explained above applicant’s arguments are not persuasive.  


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
Claims 1-20 are directed to a system, method, or method, which are/is one of the statutory categories of invention.  (Step 1: YES).
…creating….a payment account first identifier…, …causing…the single-use account token to be loaded into a wallet application…, … preventing the valid primary account identifier from being used…, …receiving…the authorization request…, …determining…the payment account first identifier is the valid primary account identifier..., …prohibiting…the authorization request…, …sending…a decline response…, (…sending…the single-use account token as an email attachment…, …causing the single-use account token to be loaded into the wallet…(claim 2), (…constructing…a query having a search condition.., …running…the query.., …retrieving…payment account information…) (Claim 4), …parsing…the authorization request…(Claim 5), and …associating…a transaction block indicator…(Claim 7). 
These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity.  Reducing fraud risk for a valid primary transaction account recites a fundamental economic practice as well as commercial interaction.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic practice as well as commercial interaction, then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.  The authorization system (including processor and memory), database, and merchant system in Claim 1 is just applying generic computer components to the recited abstract limitations.  The recitation of generic computer components in a claim does not necessarily preclude that claim from reciting an abstract idea. Claims 10 and 19 are also abstract for similar reasons. (Step 2A-Prong 1: YES. The claims recite an abstract idea)
This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of: authorization system (including processor and memory), database, and merchant system.  The computer hardware/software is/are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer component.  Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and as an ordered combination, they do not add significantly more (also known as an “inventive concept”) to the exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a computer hardware amounts to no more than mere instructions to apply the exception using a generic computer component.  Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.  In addition, the applicant’s specification, states, “conventional data networking, application development and other functional aspects of the systems (and components of the individual operating components of the systems) may not be described in detail herein. “ [0051]; “various conventional support software and drivers typically associated with computers.” [0055]; “general purpose digital computers or similar devices..” [0056]; “The removable storage drive reads from and/or writes to a removable storage unit in a well-known manner” [0058]; and “various conventional support software and drivers typically associated with computers” [0067].  Accordingly, these additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination.  Thus, claims 1, 10, and 19 are not patent eligible. (Step 2B: NO. The claims do not provide significantly more)  
Dependent claims further define the abstract idea that is present in their respective independent claims 1, 10, and 19 and thus correspond to Certain Methods of Organizing Human Activity and hence are abstract for the reasons presented above.  The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.  Therefore, the dependent claims are directed to an abstract idea.  Thus, the claims 1-20 are not patent-eligible.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1 and 3-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Dill (U.S. Pub. No. US 20150032627 A1) in view of Jodoin (US Pub. No. 20160086169 A1) in view of Barbour (US 20040133507).
Regarding claims 1 and 10:
Dill teaches:
a processor (Fig. 12 element 1216; “central processor 1216” [0293])
non-transitory memory configured to communicate with the processor, the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising:
creating, by the processor, a single-use account token for a valid primary account identifier;   (Fig. 8 elements 204, 802, 806, 812 and 804; Fig. 4; “a token may have a random association with a particular real PAN so that the real PAN…” [0050]; [0069] where the PAN is the valid primary account identifier; “single-use or multiple-use. A single-use token” [0060])
causing, by the processor, the single-use account token to be loaded into a wallet application of a user device;(“ account or card registration, token generation, and verification and authentication may be performed as part of a single token request process.” [0157]; abstract; “ token registry …mobile devices (e.g., wallet application,” [0141]; [0175]; [0209])
receiving, by the authorization system and from a merchant system, an authorization request including a payment account first identifier; (“token requestor identifier field 702D may include an identifier 706D for the registered entity that initiated the tokenization request such as a wallet provider, a payment enabler, etc. The token requestor identifier may be provided by any entity associated with the authorization request message. For example, in some embodiments, a payment enabler (e.g., a digital wallet provider) can orchestrate the population of the token requestor identifier 706D into the authorization request message before passing it to the merchant computer 140 when acting as a payment enabler.” [0208]; Fig. 7 element 706 and everything under that column; abstract; Fig. 1)
sending, by the authorization system and to the merchant system, a decline response. (“declined” [0061]; [0134]; [0175]; [0179]; “decline” [0182]; [0211]; [0237]; [0241]; [0245]; [0264]; Fig. 10 element 1002G); “the acquirer computer 150 may forward the authorization response message to the merchant computer 1002G which may include the authorization decision for the transaction.” [0272]) 
determining, by the processor, that the payment account first identifier is the valid primary account identifier and not the single-use account token; and (“pertains to a valid token requestor ID and pertains to a known PAN” [0023]; “After the first-use of the single-use token, any subsequent use for initiating a transaction can be deemed invalid and a subsequent transaction may be denied.” [0060])
Dill teaches declining authorization requests in [0061]; [0134]; [0175]; [0179]; [0182]; [0211]; [0237]; [0241]; [0245]; [0264].  Dill also teaches, “assurance level indicator” in Table 1.  Dill also teaches “a frequency of use may indicate how many times a token may successfully be used in a payment transaction. For example, a token may include a frequency of use of single-use or multiple-use. A single-use token may be used to generate one transaction. After the first-use of the single-use token, any subsequent use for initiating a transaction can be deemed invalid and a subsequent transaction may be denied. A multi-use token can be used to initiate multiple transactions. “ [0060]. Prohibiting is taught by Dill teaching, “real PAN can be deactivated” [0045].  
Dill does not teach declining the valid primary account identifier being authorized, however, Jodoin does teach: 
declining, by the authorization system, the authorization request in response to determining that the payment account first identifier is the valid primary account identifier and not the single- use account token; and; (“decline payment using the PAN” [0041]; Fig. 2 b and c; [0012]; 
It would have been obvious to one of ordinary skill in the art at the time of filing to have modified Dill to include the teachings as taught by Jodoin so that “the risk of exposure of consumer card data is greatly reduced” Jodoin, [0020].  
The combination of Dill, Jodoin, and Barbour  does not teach but Barbour does teach:
preventing the valid primary account identifier from being used by the authorization system to authorize a transaction in response to the single-use account token being created; (This has deactivation after a condition. “having an account associated with a permanent account number, where the permanent account number is deactivated for financial transactions over a communication path. A single use number associated with the permanent account number is issued,… The single use number is then activated in response to a request for activation made by the account holder to activate the single use number.” Abstract; “provide for deactivation of the permanent credit card number for on-line or telephone purchases. Furthermore, only one single use number is issued at any one time in the foregoing systems, 
It would have been obvious to one of ordinary skill in the art at the time of filing to have modified The combination of Dill, Jodoin, and Barbour  to include the teachings as taught by Barbour because “credit-card numbers might be stolen by on-line hackers. Accordingly, consumers are worried that their credit-card numbers will be used by unauthorized persons. They are also concerned about the fact that a thief may use a consumer's name, credit-card number, and other identifiers to create a new identity associated with the consumer. Thieves may use this new identity to open accounts in the consumer's name, charging the stolen credit card and leaving the consumer to pay the bills. The Web is a particularly attractive source of credit card numbers for hackers. Since thousands of credit card numbers are typically stored in a merchant's database, breaking into the database gives a hacker the opportunity for credit-card and identity theft on a large scale.” Barbour, [0002].  

Regarding claim 3:
The combination of Dill, Jodoin, and Barbour , as shown in the rejection above, discloses the limitations of claim 1.
Dill further teaches:
wherein the authorization request is a settlement request or a payment authorization request. (“request authorization and settlement” [0120]; [0164]) 

Regarding claims 4, 13, and 20:
The combination of Dill, Jodoin, and Barbour , as shown in the rejection above, discloses the limitations of claims 1, 10, and 19, respectively.
Dill further teaches:
constructing, by the authorization system, a query having a search condition, wherein the search condition is the payment account first identifier; running, by the authorization system, the query against a database; and retrieving, by the authorization system, payment account information including the valid primary account identifier from the database in response to the payment account information including the search condition. (“the token registry database 202A may be configured to store the PAN and token mapping” [0116]; “validate the PAN/token mapping”  [0158]; fig. 3. Element 314; Table 2; Fig. 4 shows the mapping element 402 and 404; Fig. 6)

Regarding claims 5 and 14:
The combination of Dill, Jodoin, and Barbour , as shown in the rejection above, discloses the limitations of claims 1 and 10, respectively.
Dill further teaches:
parsing, by the authorization system, the authorization request to identify the payment account first identifier. (“the token registry database 202A may be configured to store the PAN and token mapping” [0116]; “validate the PAN/token mapping”  [0158]; fig. 3. Element 314; Table 2; Fig. 4 shows the mapping element 402 and 404; Fig. 6; “parse the relevant information for validation by the network token system and may provide the relevant information (e.g., token, token presentment mode, merchant information (e.g., merchant category code), token requestor identifier, etc.)” [0235])

Regarding claims 6 and 15:
The combination of Dill, Jodoin, and Barbour , as shown in the rejection above, discloses the limitations of claims 4 and 13, respectively.
Dill further teaches:
wherein the database comprises at least one of a relational database management system or a data file. (“the token registry database 202A may be configured to store the PAN and token mapping” [0116]; “validate the PAN/token mapping”  [0158]; fig. 3. Element 314; Table 2; Fig. 4 shows the mapping element 402 and 404; Fig. 6)
Even though the Dill reference teaches the limitation.  If the applicant argues the Dill reference, Jodoin teaches “relational database” [0023].  
Dill to include the teachings as taught by Jodoin so that “the risk of exposure of consumer card data is greatly reduced” Jodoin , [0020].  

Regarding claims 7 and 16:
The combination of Dill, Jodoin, and Barbour , as shown in the rejection above, discloses the limitations of claims 1 and 10, respectively.
Dill further teaches:
further comprising associating, by the authorization system, a transaction block indicator with the valid primary account identifier. (“assurance level indicator” Table 1)

Regarding claims 8 and 17:
The combination of Dill, Jodoin, and Barbour , as shown in the rejection above, discloses the limitations of claims 1 and 10, respectively.
Dill further teaches:
basing, by the authorization system, the decline response on additional factors (“If a transaction is initiated after a token's expiration date, the token can be deemed as invalid and the transaction initiated with the corresponding token can be declined.”  [0061]; “type of token, frequency of use, token expiration date and time, number of tokens, transaction life-cycle expiration period,” [0041]).  


Regarding claims 9 and 18:
The combination of Dill, Jodoin, and Barbour , as shown in the rejection above, discloses the limitations of claims 1 and 10, respectively.
Dill further teaches:
wherein the decline response is not sent in response to the primary account identifier lacking a transaction block indicator. (“the issuer computer 170 may determine if the 

Regarding claim 11:
The combination of Dill, Jodoin, and Barbour , as shown in the rejection above, discloses the limitations of claim 1.
Dill further teaches:
further comprising determining, by the authorization system, that transaction information associated with the authorization request satisfies use parameters. (“minimum and maximum account ranges for the PAN and the associated token ranges.” [0147]; “limited by time, amount threshold (aggregated amount or single-transaction amount), or by number of uses). As such, dynamic tokens can be generated and delivered on a per-transaction or on an as needed basis to the end user to initiate a payment transaction through a registered and authenticated device and/or channel. For example, a one-time use dynamic token” [0058])

Regarding claim 12:
The combination of Dill, Jodoin, and Barbour , as shown in the rejection above, discloses the limitations of claim 1.
Dill further teaches:
wherein the payment account first identifier is associated with an associate account holder (“authorized agent of the accountholder” [0240])

Regarding claim 19:
Dill 
receiving, by a merchant system, a payment account first identifier, (Fig. 8; “provide the token 804 to the merchant computer” [0231])
transmitting, by the merchant system and to the authorization system, the authorization request including the payment account first identifier, (“token requestor identifier field 702D may include an identifier 706D for the registered entity that initiated the tokenization request such as a wallet provider, a payment enabler, etc. The token requestor identifier may be provided by any entity associated with the authorization request message. For example, in some embodiments, a payment enabler (e.g., a digital wallet provider) can orchestrate the population of the token requestor identifier 706D into the authorization request message before passing it to the merchant computer 140 when acting as a payment enabler.” [0208]; Fig. 7 element 706 and everything under that column; abstract)
receiving, at the merchant system, a decline response in response to the authorization system determining that the payment account first identifier is the valid primary account identifier and not the single-use account token.  (“declined” [0061]; [0134]; [0175]; [0179]; “decline” [0182]; [0211]; [0237]; [0241]; [0245]; [0264]; Fig. 10 element 1002G); “the acquirer computer 150 may forward the authorization response message to the merchant computer 1002G which may include the authorization decision for the transaction.” [0272]; “pertains to a valid token requestor ID and pertains to a known PAN” [0023]; “After the first-use of the single-use token, any subsequent use for initiating a transaction can be deemed invalid and a subsequent transaction may be denied.” [0060]) 
Dill teaches declining authorization requests in [0061]; [0134]; [0175]; [0179]; [0182]; [0211]; [0237]; [0241]; [0245]; [0264].  Dill does not teach preventing the valid primary account identifier being authorized, however, Jodoin does teach: 
wherein an authorization system prevents a valid primary account identifier from being authorized in an authorization request from the merchant system in response to a single-use account token being created for the valid primary account identifier; (“decline payment using the PAN” [0041]; Fig. 2 b and c; [0012]) 
Dill to include the teachings as taught by Jodoin so that “the risk of exposure of consumer card data is greatly reduced” Jodoin , [0020].  

Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over Dill (U.S. Pub. No. US 20150032627 A1) in view of Jodoin (US Pub. No. 20160086169 A1) in view of Barbour (US 20040133507) in further view DUA (US20150339667).

Regarding claim 2:
The combination of Dill, Jodoin, and Barbour , as shown in the rejection above, discloses the limitations of claim 1.
Dill further teaches email [0055].  :
sending, by the authorization system, the single-use account token as an email attachment to an email address of an associate account holder; and causing the single-use account token to be loaded into the wallet application further comprises causing the single-use account token to be loaded from the email attachment into the wallet application. (“WCM 510 may initiate communication with a wallet application on Bob's wireless device 500 through a SIP proxy server on MobileCo's network that also handles voice, instant messaging, and other services. WCM 510 initiates a “call” to Bob using his SIP identity, a type of Uniform Resource Identifier (URI) called a SIP URI. URIs are defined in Section 19.1 of RFC 3261. The URI corresponding to Bob's wallet application was obtained from the NAPTR record that resulted from the ENUM query performed by WCM 510 on Bob's mobile phone number. It has a similar form to an email address, typically containing a username and a host name. In this case, it is sips:bob@wallet.mobileco.com, where mobileco.com is the domain of Bob's SIP service provider. The Sample Bank WCM 510 has a SIP URI of sips:wcm.samplebank.com. A call made to a ‘SIPS’ URI guarantees that secure, encrypted transport (namely TLS) is used to carry all SIP messages from the caller to the domain of the callee. From there, the request is sent securely to the callee, but with security mechanisms that 510 sending an INVITE request addressed to Bob's SIPS URI. The INVITE request contains a number of header fields. Header fields are named attributes that provide additional information about a message. The ones present in an INVITE include a unique identifier for the call, the destination address, the WCM address, and information about the type of session that WCM 510 wishes to establish with Bob.” [0120-3])
It would have been obvious to one of ordinary skill in the art at the time of filing to have modified the combination of Dill, Jodoin, and Barbour  to include the teachings as taught by DUA so that the “request is sent securely to the callee” DUA, [0122].  

CONCLUSION
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Song (U.S. Pub. No. 20100250410 A1) is pertinent because it uses fraud checks against a blacklist and token devices.    
Ciurea (US Pub. No. 20140058949 A1) is pertinent because it authentication and risk analysis processes using search engine technology.
Song (US Pub. No. 20130103482 B1) is pertinent because it uses fraud checks against a blacklist and token devices.
Song (US Pub. No. 20150278819 A1) is pertinent because it uses fraud checks against a blacklist and token devices.
Justice (US Pat. No. 6516056B1) is pertinent because it uses fraud indicators and examining past transactions and/or a pending transaction associated with the account for the presence of the fraud indicators. 
Law (US Pub. No. 20150134540A1) 
Ngo (US Pub. No. 20150178724A1) is pertinent because it uses Limited-use keys and cryptograms.
Weber (U.S. Pub. No. 2014/0250011A1) is pertinent because it uses blacklisting of accounts.
May (U.S. Pub. No. 20090265211 A1) is pertinent because it uses a system and method for detecting fraud when facilitating a payment transaction.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W ANDERSON whose telephone number is (571)270-0508.  The examiner can normally be reached on Monday - Thursday 9am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bennett Sigmond can be reached on (303) 297-4411.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact 


Mike Anderson
Primary Patent Examiner
Art Unit 3694



/Mike Anderson/Primary Patent Examiner, Art Unit 3694