DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgements
In view of Applicant response filed on March 11, 2021, the Non-Final Office Action mailed on December 11, 2020 is hereby Withdrawn and replaced with the current Non-Final Office Action. Accordingly claims 1-25 remain pending and have been examined.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  
Claim 1 recites: authenticating the first dynamic authentication credential and further authenticating, based on the dynamic authentication rules and associated authentication parameters, one or more of the one or more additional dynamic authentication credentials by one or more processing devices having access to at least a portion of the data. Claim 1 further recites that “…. and the mobile-related internet transaction being authorized or denied based upon that authentication result, where the transaction being authorized always requires a successful result of the authentication of the first dynamic authentication credential. Accordingly it is unclear whether the transaction is authorized only based on the first authentication credentials or also the additional authentication credentials. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Burke et al (hereinafter “Burke”) U.S. Patent Application Publication No. 2009/0282258 A1 in view of Yang U.S. Patent Application Publication No. 2014/0129445 A1.

As per claim 1, Yang discloses a method associated with one or more providers of authentication services for internet transactions in connection with the use of a mobile device that generates dynamic authentication credentials and a transaction terminal that transmits at least part of the dynamic authentication credentials, the method comprising:
electronically storing in one or more memories data capable of linking the mobile device to one or more authentication services for internet transactions, the data including authentication parameters associated to dynamic authentication rules of dynamic credentials and one or more identifiers related to the user and the one or more authentication services (0080, which discloses that “Accordingly, the buyer may choose to input one of a personal account number associated with the payment card 12 ("X card account number"), a combination of a phone number of the buyer-end electronic device 10 and a security code, and the authentication code (that includes the candidate codes and the dynamic password).  Once the seller acknowledges the selection made by the buyer, the seller can operate the API to make an associated request.”),
receiving from the transaction terminal a first dynamic authentication credential generated by the mobile device using as input data a user's Personal Identification Number, one or more additional dynamic authentication credentials, each one calculated by the mobile device upon a different input data, and at least one identifier related to the user and to the authentication service the dynamic authentication credentials refers to (see fig. 3; 0059, which discloses that “When one of the ways is selected (for example, the buyer opts to make the payment using cash transfer), in sub-step S073, the display module 13 displays a PIN input interface that instructs the buyer to input a PIN (as shown in FIG. 6).  The control module 14 of the buyer-end electronic device 10 is then operable to determine whether the PIN is correct (i.e., conforms with the PIN stored in the payment card 12) in sub-step S074.”),
authenticating the first dynamic authentication credential and further authenticating, based on the dynamic authentication rules and associated authentication parameters, one or more of the one or more additional dynamic authentication credentials by one or more processing devices having access to at least a portion of the data (0060, which discloses that “When the PIN received in sub-step S073 is correct, the flow proceeds to sub-step S075, in which the control module 14 requests the validating code from the transaction platform 30 through the signal transceiving module 11.  In response to the request, the transaction platform 30 generates the validating code and transmits the same back to the buyer-end electronic device 10 in sub-step S076.”), and
sending the result of the authentication of the first dynamic authentication credential and the one or more of the one or more additional dynamic authentication credentials, and the mobile-related internet transaction being authorized or denied based upon that authentication result, where the transaction being authorized always requires a successful result of the authentication of the first dynamic authentication credential (0061, which discloses that “As shown in FIG. 7, the confirmation interface includes the payment information, and requires the buyer to input the validating code that is received from the transaction platform 30 for confirming the payment.  In this embodiment, when the validating code is unreadable to the buyer, the confirmation interface is provided with an option to regenerate the validating code (the flow thus goes back to sub-step S075).”; 0062; 0063).
Alternatively Burke discloses a method comprising:
authenticating the first dynamic authentication credential and further authenticating, based on the dynamic authentication rules and associated authentication parameters, one or more of the one or more additional dynamic authentication credentials by one or more processing devices having access to at least a portion of the data (0105, which discloses that “The system 100 in FIG. 1 has been described for the case in which the controller/password generator 107 generates a password using the current time as the input value to the encryption process.  It is noted that this is merely one arrangement, and other input values such as a simple counter value or a random number may be used as with the event-synchronous tokens and the asynchronous challenge/response tokens, respectively, described above.”; 0106; 0192, which discloses that “A subsequent testing step 1206 checks whether the comparison in the step 1205 yields the desired authentication.  If the biometric signature matching is authenticated, then the method 1200 is directed in accordance with a YES arrow to a step 1207.  At step 1207, the processor 1005 generates a second dynamic password, using the RSA encryption algorithm with the current time being used as the input value to the encryption process, as described above.  The dynamic password is displayed on the LCD 802…. Again, the second dynamic password is a time-dependent password.  Alternatively, the second password may be an event-synchronous password.”; 0193)
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the method of Walker and incorporate a method comprising authenticating the first dynamic authentication credential and further authenticating, based on the dynamic authentication rules and associated authentication parameters, one or more of the one or more additional dynamic authentication credentials by one or more processing devices having access to at least a portion of the data in view of the teachings of Burke in order to facilitate authentication and security associated with the transaction. 

As per claim 2, Yang further discloses a method, wherein the dynamic authentication rules and related authentication parameters associated to the least one identifier related to the user and to the authentication service the dynamic authentication credentials relates to, comprises at least one authentication parameter associated to the first dynamic authentication credential (0080).

As per claim 3, Yang further discloses a method, wherein the dynamic authentication rules and related authentication parameters associated to the least one identifier related to the user and to the authentication service the dynamic authentication credentials relates to, comprises at least one authentication parameter associated to at least one additional dynamic authentication credential (0080)

As per claim 4, Yang further discloses a method, wherein the dynamic authentication rules and related authentication parameters associated to the least one identifier related to the user and to the authentication service the dynamic authentication credentials relates to, comprises at least one authentication parameter associated to each additional dynamic authentication credential (0080; 0082).

As per claim 5, Yang further discloses a method, wherein the data stored in the one or more memories related to a first authentication service is stored in a first memory or set of memories of a first provider of authentication services for mobile-related internet transactions and the data stored in the one or more memories related to a second authentication service is stored in a second memory or set of memories of a second provider of authentication services for mobile-related internet transactions (0080; 0082).

As per claim 6, Yang further discloses a method, wherein the one or more processing devices include a first processing device associated with a first provider of authentication services for mobile-related internet transactions and a second processing device associated with a second provider of authentication services for mobile-related internet transactions (0080; 0082).

As per claim 7, Yang further discloses a method, wherein the one or more memories and the one or more processing devices reside in one or more servers of the one or more providers of authentication services for mobile-related internet transactions (0043; 0082).

As per claim 8, Yang further discloses a method, wherein the entity authorizing or denying the mobile-related internet transaction is the same entity than one of the one or more providers of authentication services (0082).

As per claim 9, Yang further discloses a method, wherein the PIN is inserted by the user in the mobile device for the mobile device calculating the first dynamic authentication credential (see fig. 4).

As per claim 10, Yang further discloses a method, wherein the PIN is a biometric-PIN that is stored in a memory associated to the mobile device, and the mobile device using it as input data to calculate the first dynamic authentication credential requires a previous successful verification by the mobile device of user's fingerprint data captured by the mobile device (see figs. 4 and 6).

As per claim 11, Yang further discloses a method, wherein the input data used to calculate an additional dynamic authentication credential is one of, or a derivative of one of, a transaction amount or a transaction related value, a time stamp, a device ID, geographic coordinates, a hard-coded key, a token, a wireless device ID, an identifier associated to an aggrupation of one or more wireless devices, an MSISDN, an email, an IBAN or an account number (0051).

As per claim 12, Yang further discloses a method, wherein the input data used to calculate an additional dynamic authentication credential, or a derivative of the input data, is made available for a limited period of time and has been previously sent by the one or more providers of authentication services and received by the mobile device for storage (see fig. 6).

As per claim 13, Yang further discloses a method, wherein an input data based derivative of a dynamic authentication credential that is made available for a limited period of time has been calculated by the one or more providers of authentication services and it is sent to the mobile device, and the mobile device generates the dynamic authentication credential using the input data (see fig. 6).

As per claim 14, Yang further discloses a method, wherein the transaction terminal that transmits the dynamic authentication credentials is the mobile device that generates the dynamic authentication credentials (see fig. 3).

As per claim 15, Yang further discloses a method, wherein part of the one or more additional dynamic authentication credentials generated by the mobile device are not received from the transaction terminal, and the result of the authentication is based upon the result of the authentication of the first dynamic authentication credential and, according to the authentication rules and associated authentication parameters, the result of the authentication of at least part of the one or more additional dynamic authentication credentials received (0080).

As per claim 16, Yang further discloses a method, wherein in connection to a first mobile-related internet transaction associated to a given authentication service none of the one or more additional dynamic authentication credentials generated by the mobile device are received from the transaction terminal, and in connection to a second mobile-related internet transaction associated to said authentication service the one or more additional dynamic authentication credentials generated by the mobile device are received from the same or another transaction terminal, and the authentication parameters and dynamic authentication and rules permits that the result of the authentication of the first mobile-related internet transaction being based upon the result of the authentication of the first dynamic authentication credential, while the result of the authentication of the second mobile-related internet transaction being based upon the result of the authentication of the first dynamic authentication credential and one or more of the one or more additional dynamic authentication credentials (see fig. 5 and associated text).

As per claim 17, Yang further discloses a method, wherein some mobile-related internet transactions associated to a given authentication service are authorized or denied based on the result of authenticating a first set of mobile device generated dynamic authentication credentials while other mobile-related internet transactions associated to the same authentication service are authorized or denied based on the result of authenticating a different set of mobile device generated dynamic authentication credentials, depending on the authentication parameters and the associated dynamic authentication rules, and also depending on the additional dynamic authentication credentials received (0075; 0080).

As per claim 18, Yang further discloses a method, wherein the mobile-related internet transaction is authorized even when the authentication of the one or more additional dynamic authentication credentials received results in one or more authentication failures, and a notification is sent to the user's mobile device (0059).

As per claim 19, Yang further discloses a method, wherein the set of one or more additional dynamic authentication credentials received from a transaction terminal in connection to a first mobile-related internet transaction associated to a first authentication service is different than the set of one or more additional dynamic authentication credentials received from the same or from another transaction terminal in connection to a second mobile-related internet transaction associated to a second authentication service, and the one or more providers of authentication services authenticate one or more additional dynamic authentication credentials of the first set based upon dynamic authentication rules and related authentication parameters associated to the first authentication service and authenticate one or more additional dynamic authentication credentials of the second set based upon dynamic authentication rules and related authentication parameters associated to the second authentication service (0075; 0080).

As per claim 20, Yang further discloses a method, wherein the set of one or more additional dynamic authentication credentials, generated in a first mobile device with a first personalization and/or configuration and received from a transaction terminal in connection to a first mobile-related internet transaction associated to a first authentication service is different than the set of one or more additional dynamic authentication credentials, generated in a second mobile device with a second personalization and/or configuration and received from a transaction terminal in connection to a second mobile-related internet transaction associated to the first authentication service, and the one or more providers of authentication services authenticate in connection to the first mobile-related internet transaction one or more additional dynamic authentication credentials of the first set based upon dynamic authentication rules associated to the first mobile device personalization and/or configuration for the first authentication service and authenticate in connection to the second mobile-related internet transaction one or more additional dynamic authentication credentials of the second set based upon dynamic authentication rules associated to the second mobile device personalization and/or configuration for the first authentication service (0075; 0080).

As per claim 21, Walker further discloses a method, wherein some mobile-related internet transactions associated to a given authentication service and to a first mobile device are authorized or denied based on the result of authenticating a first set of mobile device generated dynamic authentication credentials while other mobile-related internet transactions associated to the same authentication service and to a second mobile device are authorized or denied based on the result of authenticating a different set of mobile device generated dynamic authentication credentials, depending on the authentication parameters and the associated dynamic authentication rules, and also depending on the personalization and/or configuration of the first and second mobile device respectively (0075; 0080).

As per claim 22, Yang further discloses a method, wherein the one or more providers of authentication services for internet transactions sends a notification to the user's mobile device to inform that more additional dynamic authentication credentials associated to a given authentication service could be generated by the mobile device, the notification related to modifying the personalization and/or configuration of the mobile device for the mobile device to generate said more additional dynamic authentication credentials, each one calculated by the mobile device upon different input data, in successive mobile-related internet transactions (0075; 0080).

As per claim 23, Yang further discloses a method, wherein the authorization or denial relates to a first part of the internet transaction and completion of the internet transaction authorization or denial process requires further processing by one or more entities acquiring the transaction (0080).

As per claim 24, Yang further discloses a method, wherein the authentication of each authenticated dynamic authentication credential is used to validate the corresponding input data (0075; 0080).

As per claim 25, Yang further discloses a method, wherein part of the authentication process is performed by a first provider of authentication services and another part of the authentication process is performed by a second provider of authentication services (0075).

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Charles C. Agwumezie whose number is (571) 272-6838. The examiner can normally be reached on Monday – Friday 8:00 am – 5:00 pm.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt can be reached on (571) 272 – 6709.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHINEDU C AGWUMEZIE/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        May 20, 2021