EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Andrew Cohn (Reg. No. 69,739) on 05/20/2021.

The application has been amended as follows: Please enter the amendments filed 03/17/2021 and include the following amendments:

1. (Currently amended) A system comprising: 
a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory, the non- transitory memory storing computer readable instructions, that when executed cause the one or more hardware processors to perform operations comprising:
receiving credentials from a first application on a computing device in communication with the system, wherein the credentials comprise a username and a password; 
authenticating a user associated with the computing device based on the credentials, wherein the authenticating comprises:
	verifying the received username and password, 
providing a first access token to the first application, 

linking the public key and an authentication code to an account corresponding to the user, 
providing the authentication code to the first application;
receiving a signed verifier and the authentication code from a second application on the computing device; 
validating the authentication code and the signed verifier received from the second application; and 
providing a device token associated with the computing device to the second application based on the validating, wherein the device token comprises data exchangeable by the second application for making payment calls from the second application.

2. (Canceled)

3. (Previously presented) The system of claim 1, wherein the authentication code and the signed verifier are validated using the public key received from the first application.

4. (Previously presented) The system of claim 3, wherein the public key is received from a secure element of the computing device based on a request by the second application.

5. (Currently amended) The system of claim 4, wherein the device token is provided to the second application for storage by the second application in the secure element 
6. (Previously presented) The system of claim 5, wherein the operations further comprise:
receiving from the second application a second signed verifier and the device token stored by the secure element; 
validating the second signed verifier and the device token received from the second application; and 
providing a second access token to the second application, wherein the second access token comprises data for making the payment calls from the second application.

7. (Previously presented) The system of claim 6, wherein the operations further comprise:
receiving from the second application a payment call with the second access token;
verifying the second access token; and
providing a payment confirmation in response to the payment call.

8. (Original) The system of claim 1, wherein the first application is associated with a first organization and the second application is associated with a second organization different from the first organization.

9. (Original) The system of claim 8, wherein the first organization is a third-party payment service and the second organization is a merchant.

10. (Original) The system of claim 9, wherein the first application is a browser and the second application is a native application of the merchant.

11-17. (Canceled)

18. (Previously presented) A method comprising: 
receiving, by a network-based system, a username and a password associated with a user from a first application; 
verifying, by the network-based system, the received username and password; 
providing, by the network-based system, a first access token to the first application in response to verifying the received username and password for the user; 
receiving, by the network-based system, the first access token and a public key associated with the user from the first application; 
linking, by the network-based system, the public key and an authentication code to an account corresponding to the user; 
providing, by the network-based system, the authentication code to the first application;
receiving, by the network-based system, a signed verifier and the authentication code from a second application on the computing device; 
validating, by the network-based system, the authentication code and the signed verifier received from the second application using the public key; and
providing, by the network-based system, a device token associated with the computing device to the second application based on the validating, wherein the device token comprises data exchangeable by the second application for making payment calls from the second application.

19. (Previously presented) The method of claim 18, further comprising: 
receiving, by the network-based system, from the second application a second signed verifier and the device token stored by a secure element of the computing device; 
validating, by the network-based system, the second signed verifier and the device token received from the second application; 
providing, by the network-based system, a second access token to the second application;
receiving, by the network-based system, from the second application a payment call with the second access token; 
verifying, by the network-based system, the second access token; and 
providing, by the network-based system, a payment confirmation in response to the payment call.

20. (Original) The method of claim 18, wherein the first application is associated with a first organization and the second application is associated with a second organization different from the first organization, and wherein the first organization is a third-party payment service and the second organization is a merchant.

21. (Currently amended) A non-transitory machine-readable medium having stored thereon machine-readable instructions executable by at least one processor to cause performance of operations comprising: 
receiving credentials from a first application on a computing device in communication with the at least one processor 
authenticating a user associated with the computing device based on the credentials, wherein the authenticating comprises: 
verifying the received username and password, 
providing a first access token to the first application, 
receiving the first access token and a public key associated with the user from the first application, and 
linking the public key and an authentication code to an account corresponding to the user, 
providing the authentication code to the first application; 
receiving a signed verifier and the authentication code from a second application on the computing device; 
validating the authentication code and the signed verifier received from the second application; and 
providing a device token associated with the computing device to the second application based on the validating, wherein the device token comprises data exchangeable by the second application for making payment calls from the second application.

22 (Previously presented) The non-transitory machine-readable medium of claim 21, wherein the authentication code and the signed verifier are validated using the public key received from the first application.

23. (Previously presented) The non-transitory machine-readable medium of claim 22, wherein the public key is received from a secure element of the computing device based on a request by the second application.

24. (Currently amended) The non-transitory machine-readable medium of claim 23, wherein the device token is provided to the second application for storage by the second application in the secure element.

25. (Previously presented) The non-transitory machine-readable medium of claim 24, wherein the operations further comprise:
	receiving from the second application a second signed verifier and the device token stored by the secure element;
validating the second signed verifier and the device token received from the second application; and 
providing a second access token to the second application, wherein the second access token comprises data for making the payment calls from the second application.

26. (Previously presented) The non-transitory machine-readable medium of claim 25, wherein the operations further comprise: 
receiving from the second application a payment call with the second access token;
verifying the second access token; and 
providing a payment confirmation in response to the payment call.

27. (Previously presented) The non-transitory machine-readable medium of claim 21, wherein the first application is associated with a first organization and the second application is associated with a second organization different from the first organization.

28. (Previously presented) The non-transitory machine-readable medium of claim 27, wherein the first organization is a third-party payment service and the second organization is a merchant.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
The present claims 1, 3-10, and 18-28 disclose a system, non-transitory machine-readable medium, and method comprising receiving, by a network-based system, a username and a password associated with a user from a first application; verifying, by the network-based system, the received username and password; providing, by the network-based system, a first access token to the first application in response to verifying the received username and password for the user; receiving, by the network-based system, the first access token and a public key associated with the user from the first application; linking, by the network-based system, the public key and an authentication code to an account corresponding to the user; providing, by the network-based system, the authentication code to the first application; receiving, by the network-based system, a signed verifier and the authentication code from a second application on the computing device; validating, by the network-based system, the authentication code and the signed verifier received from the second application using the public key; and providing, by the network-based system, a device token associated with the computing device to the second application based on the validating, wherein the device token comprises data exchangeable by the second application for making payment calls from the second application.
The closest prior art of Mandyam (US 2017/0289197) discloses establishing secure communication sessions between a server and client using access tokens (see Fig. 6, 0044, 0052, 0074-0075, and 0080-0082).
Trammel (US 2014/0075513) discloses persistent authentication across shared applications using device and access tokens (see Fig. 2, Fig. 7, 0067, 0074).
Ortiz (US 2017/0330181) discloses processing electronic transactions for a merchant application through a payment management application using merchant tokens (see Fig. 1-3, 0038, 0126-0127).
Gifford (USP 6205437) discloses processing electronic transactions using signed authentication codes.
However, the prior art does not disclose, neither singly nor in combination, for claims 1, 3-10, and 18-28: receiving, by a network-based system, a username and a password associated with a user from a first application; verifying, by the network-based system, the received username and password; providing, by the network-based system, a first access token to the first application in response to verifying the received username and password for the user; receiving, by the network-based system, the first access token and a public key associated with the user from the first application; linking, by the network-based system, the public key and an authentication code to an account corresponding to the user; providing, by the network-based system, the authentication code to the first application; receiving, by the network-based system, a signed verifier and the authentication code from a second application on the computing device; validating, by the network-based system, the authentication code and the signed verifier received from the second application using the public key; and providing, by the network-based system, a device token associated with the computing device to the second application based on the validating, wherein the device token comprises data exchangeable by the second application for making payment calls from the second application.
Examiner additionally notes that the submitted amendments to claims 1, 3-10, and 18-28 overcome the prior rejections under 35 USC 112(a) and 35 USC 112(b).
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAYLOR RAK whose telephone number is (571)270-1575.  The examiner can normally be reached on Monday-Friday 9:30-5:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on (571)-272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/T.R./Examiner, Art Unit 3685   

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685