DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Status

This action is in response to the amendment filed 05/26/2021. Claims 1, 11, 22 have been amended.  Claims 3, 4, 13, 14, 24, 33 have been cancelled. Claim 37 have been added. Claims 1-31 are presented for examination. Claims 1, 11, 22 are independent claims. 

Response to Arguments 
Applicant's arguments filed 05/26/2021 have been fully considered but they are not persuasive.
Applicant amended claims 1, 11, 22 to further recite “wherein the first instruction, second instruction, and third instruction are all different instructions” and “the third security level comprises re-authentication even if a session for the user based on a previous authentication has not yet expired”. The reference Brown et al (US 2009/0165125 A1) still teaches the amended limitation. Brown par 0046, 0061 teaches at least three different instructions. The first instruction is to execute an application, the second instruction is to access a corporate network resource, and third instruction is to access a highly confidential corporate network resource. Brown 0099 teaches “during a user’s session”, i.e. a regular 
The new reference Singh et al (US 2008/0271109 A1) teaches “a user id and password are the same for both the user authentication and the re-authentication”.

Claim Rejections - 35 USC § 112 
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
 (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-2, 5-12, 15-23, 25-37 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the 
The independent claims 1, 11, 22 recite “a user id and password are the same for both the user authentication and the re-authentication” where the second instruction is different from the third instruction, the second instruction is associated with a second security level and the third instruction is associated with a third security level, and where the second security level comprises user authentication, and the third security level comprises re-authentication that requires re-authentication of the user prior to processing of the instruction even if a session for the user based on a previous authentication has not yet expired. Neither the specification nor drawings specifically discloses that the user id and password used for user authentication and re-authentication are the same when the command triggering the user authentication is different from the command triggering the re-authentication that requires re-authentication of the user prior to processing of the instruction even if a session for the user based on a previous authentication has not yet expired. The specification fig 10 table 1000 par 0070-0072 discloses the different security levels (1002 – no authentication, 1004 – device authentication, 1006 – user authentication, 1008 – re-authentication even if the user has previously been authenticated). The second instruction is associated with the user authentication security level 1006 and the third instruction is associated with the re-authentication security level 1008. Since the second and third instructions are at different security levels and the re-authentication associated with the third instruction is triggered by request to 

Claim Rejections - 35 USC § 103 
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action: 
 (a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-2, 5-12, 15-23, 25-34, 37 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Al-Harbi (US 2007/0167178 A1) in view of Brown et al (US 2009/0165125 A1) in view of Singh et al (US 2008/0271109 A1) in view of Bemmel et al (US 2008/0097851 A1) in view of Keresman, III et al (US 2003/0233327 A1).

Consider claim 1
Al-Harbi teaches a method comprising: receiving a first instruction from an SMS gateway in a first SMS message (Al-Harbi fig 3, fig 6 step 605 par 0055 discusses the SMS parser (10) receives an SMS via the SMS gateway (310) from the mobile device (11)), a second instruction from the SMS gateway in a second SMS message (the same method can be used for a second SMS message), a third instruction from the SMS gateway in a third SMS message (the same method can be used for a third SMS message), wherein the first, second, and third SMS messages originate from a client device (Al-Harbi fig 6 the SMS message from mobile device (11)); parsing the first instruction to obtain a first transaction (Al-Harbi fig 6 step 610 par 0055-0056 discusses the SMS parser parses the received message to obtain the command) and a first security level corresponding to the first instruction (Al-Harbi fig 6 steps 610-620 par 0056 discusses the SMS parser determines the security level of the command based on determining which type of backend system the command is meant to be sent.  Al-Harbi par 0016 discusses two types of backend systems:  a public system for which no authentication is needed and a secured system for which authentication is required), parsing a second instruction to obtain a second transaction and a second security level corresponding to the second instruction (The same parsing and determining method can be used for the second instruction), parsing a third instruction to obtain a third transaction and a third security level corresponding to the third instruction (The same parsing and determining method can be used for the third instruction), wherein the first security level comprises device authentication (Al-Harbi par 0056 verify telephone number of mobile device {device authentication} before sending command to secure system), calling, in response to a successful performance of the authentication, a function via an application programming interface, wherein the function is configured to directly interface with a transaction system and to associated calls made via the application programming interface with corresponding functionality of the (Al-Harbi fig 6 steps 645, 660 par 0056 discusses on successful authentication, the SMS parser sends the command request to the backend systems. Al-Harbi fig 3 par 0051 discusses the backend systems include the BI server or flight reservation system as commercial transaction systems); receiving a response from the commercial transaction system and transmitting the response to the client device in a response SMS message (Al-Harbi fig 8 par 0059 discusses the SMS parser receiving a response from the backend system and returning the response to the mobile device in an SMS message).
However, Al-Harbi does not specifically teach the second security level comprises user authentication, and the third security level comprises re-authentication that requires of the user prior to processing of the instruction even if the user has previously been authenticated, wherein a user id and password are the same for both the authentication and the re-authentication. Brown discloses wherein the first instruction (Brown par 0046, 0061 command to execute an application), second instruction (Brown par 0046, 0061 command to access a corporate network resource), and third instruction are all different instructions (Brown par 0046, 0061 command to access a highly confidential corporate network resource), wherein the first security level comprises device authentication (Brown par 0047 authentication factor for access includes data contained in SIM card or security token), the second security level comprises user authentication (Brown par 0047 authentication factor for access includes user authentication by user name and password), and the  (Brown par 0047 authentication can be by user name and password. Brown par 0099 “during a user’s session” {a session for the user-based previous authentication has not yet expired, “allow the user to request additional access”, e.g. access to highly confidential network resource, user need to provide the security token necessary to obtain the request access during the user’s session, e.g. re-authenticate even if the current access limited session has not expired); performing authentication according to the security level associated with each of the instructions (Brown par 0053 verifying authentication data associated with different authentication factors). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi with Brown by adding to the authentication mechanism of Al-Harbi the method of authenticating by at least one of device authentication, user authentication, and re-authentication and associating the different authentication types with access levels as taught by Brown where the device authentication is the device authentication of Al-Harbi. The motivation to combine Al-Harbi and Brown is to provide flexibility in governing access to network resources as discussed by Brown.
However, Al-Harbi in view of Brown does not specifically teach wherein a user id and password are the same for both the user authentication and the re-authentication. Singh discloses wherein a user id and password are the same for (Singh fig 8 step 818 par 0071 re-authenticate using same username and password). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown with Singh by adding to the authentication mechanism of Al-Harbi in view of Brown the method of using the same user id and password for re-authentication that was used for authentication as taught by Singh. The motivation to combine Al-Harbi in view of Brown and Singh is to provide flexibility for user selection of user name and password and ease of authentication by the system.
However, Al-Harbi does not specifically discuss performing authentication based on the capability of the device; establishing a session with the client device and transmitting a response using the established session. Bemmel discloses performing authentication (Bemmel fig 2 step 212 and fig 4 step 410) based on the capabilities of the client device (Bemmel fig 6 steps 606-608 par 0034, par 0056-0057 discusses the mobile controller (158) transmits either a WAP push or SMS message, the message type based on the capability of the mobile device, containing a URL redirecting the user to the MIMS controller (130) for authentication (fig 6 step 626)); establishing a session with the client device using an identifier that uniquely identifies the client device (Bemmel fig 7 par 0065-0066 discusses the mobile incentive service identifies the mobile device by device identifier (step 706) and establishes a session with the mobile device by transmitting an access URL to enable the mobile device for the mobile device to retrieve mobile incentives at the URL (steps 722-730); transmitting a response using the established session (Bemmel fig 7 par 0066 discusses the mobile incentive service using the established session to transmit the mobile incentive to the mobile device (steps 738-740)). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown in view of Singh with Bemmel by adding to parser system of Al-Harbi the method of performing the authentication based on the capability of the device, and establishing a session with the client to submit and receive responses as discussed by Bemmel. The motivation to combine Al-Harbi in view of Brown in view of Singh and Bemmel is to format the message for delivery to the mobile device in accordance with the capability of the mobile device to process the message as discussed by Bemmel.  
However, Al-Harbi does not specifically disclose a plug-in. Keresman III discloses a plug-in (Keresman III fig 3 par 0034 discusses the MAPS plug-in architecture comprising a direct connector exposing the appropriate Java interfaces to be used by the merchant server; Keresman III fig 3 par 0038 discusses the specific plug-in such as the VISA or Mastercard plug-ins, each provide a specific transaction service).  At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown in view of Singh in view of Bemmel with Keresman III by adding to the SMS parser software architecture the provider specific plug-in for directly interface with a transaction system as taught by Keresman III.  The motivation to combine Al-Harbi in view of Brown in view of 

Consider claim 11
Al-Harbi teaches an interface comprising: a network interface configured to communicate with an SMS gateway (Al-Harbi par 0055 SMS parser receives SMS message from mobile device; hence SMS parser has a network interface for communication with the SMS gateway); and one or more processors and communicatively coupled to the network interface, the one or more processors being configured to: receive a first instruction from the SMS gateway in a first SMS message (Al-Harbi fig 3, fig 6 step 605 par 0055 discusses the SMS parser (10) receives an SMS via the SMS gateway (310) from the mobile device (11)), a second instruction from the SMS gateway in a second SMS message (the same method can be used for a second SMS message), a third instruction from the SMS gateway in a third SMS message (the same method can be used for a third SMS message), wherein the first, second, and third SMS messages originate from a client device (Al-Harbi fig 6 the SMS message from mobile device (11)); parse the first instruction to obtain a first transaction (Al-Harbi fig 6 step 610 par 0055-0056 discusses the SMS parser parses the received message to obtain the command) and a first security level corresponding to the first instruction (Al-Harbi fig 6 steps 610-620 par 0056 discusses the SMS parser determines the security level of the command based on determining which type of backend system the command is meant to be sent.  Al-Harbi par 0016 discusses two types of backend systems:  a public system for which no authentication is needed and a secured system for which authentication is required), parsing the second instruction to obtain a second transaction and a second security level corresponding to the second instruction (The same parsing and determining method can be used for the second instruction), parsing a third instruction to obtain a third transaction and a third security level corresponding to the third instruction (The same parsing and determining method can be used for the third instruction), wherein the first security level comprises device authentication (Al-Harbi par 0056 verify telephone number of mobile device {device authentication} before sending command to secure system), call, in response to a successful performance of the authentication, a function via an application programming interface, wherein the function is configured to directly interface with a transaction system and to associated calls made via the application programming interface with corresponding functionality of the transaction system configured to perform the transaction (Al-Harbi fig 6 steps 645, 660 par 0056 discusses on successful authentication, the SMS parser sends the command request to the backend systems. Al-Harbi fig 3 par 0051 discusses the backend systems include the BI server or flight reservation system as commercial transaction systems); receive a response from the commercial transaction system and transmit the response to the client device in a response SMS message (Al-Harbi fig 8 par 0059 discusses the SMS parser receiving a response from the backend system and returning the response to the mobile device in an SMS message).
(Brown par 0046, 0061 command to execute an application), second instruction (Brown par 0046, 0061 command to access a corporate network resource), and third instruction are all different instructions (Brown par 0046, 0061 command to access a highly confidential corporate network resource), wherein the first security level comprises device authentication (Brown par 0047 authentication factor for access includes data contained in SIM card or security token), the second security level comprises user authentication (Brown par 0047 authentication factor for access includes user authentication by user name and password), and the third security level comprises re-authentication that requires re-authentication of the user prior to processing of the instruction even if a session for the user based on a previous authentication has not yet expired (Brown par 0047 authentication can be by user name and password. Brown par 0099 “during a user’s session” {a session for the user-based previous authentication has not yet expired, “allow the user to request additional access”, e.g. access to highly confidential network resource, user need to provide the security token necessary to obtain the request access during the user’s session, e.g. re-authenticate even if the current access limited session has not expired); performing authentication according to the security level associated with each of the instructions (Brown par 0053 verifying authentication data associated with different authentication factors). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi with Brown by adding to the authentication mechanism of Al-Harbi the method of authenticating by at least one of device authentication, user authentication, and re-authentication and associating the different authentication types with access levels as taught by Brown where the device authentication is the device authentication of Al-Harbi. The motivation to combine Al-Harbi and Brown is to provide flexibility in governing access to network resources as discussed by Brown.
However, Al-Harbi in view of Brown does not specifically teach wherein a user id and password are the same for both the user authentication and the re-authentication. Singh discloses wherein a user id and password are the same for both the user authentication and the re-authentication (Singh fig 8 step 818 par 0071 re-authenticate using same username and password). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown with Singh by adding to the authentication mechanism of Al-Harbi in view of Brown the method of using the same user id and password for re-authentication that was used for authentication as taught by Singh. The motivation to combine Al-Harbi in view of Brown and Singh is to provide flexibility for user selection of user name and password and ease of authentication by the system.
(Bemmel fig 2 step 212 and fig 4 step 410) based on the capabilities of the client device (Bemmel fig 6 steps 606-608 par 0034, par 0056-0057 discusses the mobile controller (158) transmits either a WAP push or SMS message, the message type based on the capability of the mobile device, containing a URL redirecting the user to the MIMS controller (130) for authentication (fig 6 step 626)); establishing a session with the client device using an identifier that uniquely identifies the client device (Bemmel fig 7 par 0065-0066 discusses the mobile incentive service identifies the mobile device by device identifier (step 706) and establishes a session with the mobile device by transmitting an access URL to enable the mobile device for the mobile device to retrieve mobile incentives at the URL (steps 722-730); transmitting a response using the established session (Bemmel fig 7 par 0066 discusses the mobile incentive service using the established session to transmit the mobile incentive to the mobile device (steps 738-740)). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown in view of Singh with Bemmel by adding to parser system of Al-Harbi the method of performing the authentication based on the capability of the device, and establishing a session with the client to submit and receive responses as discussed by Bemmel. The motivation to combine Al-Harbi in view of Brown in 
However, Al-Harbi does not specifically disclose a plug-in. Keresman III discloses a plug-in (Keresman III fig 3 par 0034 discusses the MAPS plug-in architecture comprising a direct connector exposing the appropriate Java interfaces to be used by the merchant server; Keresman III fig 3 par 0038 discusses the specific plug-in such as the VISA or Mastercard plug-ins, each provide a specific transaction service).  At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown in view of Singh in view of Bemmel with Keresman III by adding to the SMS parser software architecture the provider specific plug-in for directly interface with a transaction system as taught by Keresman III.  The motivation to combine Al-Harbi in view of Brown in view of Singh in view of Bemmel and Keresman III is to enable flexible interface with third party systems as discussed by Keresman III.

Consider claim 22
Al-Harbi teaches a computer-readable storage device having instructions stored thereon execution of which, by a computing device, causes the computing device to perform operations comprising: receiving a first instruction from the SMS gateway in a first SMS message (Al-Harbi fig 3, fig 6 step 605 par 0055 discusses the SMS parser (10) receives an SMS via the SMS gateway (310) from the mobile device (11)), a second instruction from the SMS gateway in a (the same method can be used for a second SMS message), a third instruction from the SMS gateway in a third SMS message (the same method can be used for a third SMS message), wherein the first, second, and third SMS messages originate from a client device (Al-Harbi fig 6 the SMS message from mobile device (11)); parsing the first instruction to obtain a first transaction (Al-Harbi fig 6 step 610 par 0055-0056 discusses the SMS parser parses the received message to obtain the command) and a first security level corresponding to the first instruction (Al-Harbi fig 6 steps 610-620 par 0056 discusses the SMS parser determines the security level of the command based on determining which type of backend system the command is meant to be sent.  Al-Harbi par 0016 discusses two types of backend systems:  a public system for which no authentication is needed and a secured system for which authentication is required), parsing the second instruction to obtain a second transaction and a second security level corresponding to the second instruction (The same parsing and determining method can be used for the second instruction), parsing a third instruction to obtain a third transaction and a third security level corresponding to the third instruction (The same parsing and determining method can be used for the third instruction), wherein the first security level comprises device authentication (Al-Harbi par 0056 verify telephone number of mobile device {device authentication} before sending command to secure system), calling, in response to a successful performance of the authentication, a function via an application programming interface, wherein the function is configured to directly (Al-Harbi fig 6 steps 645, 660 par 0056 discusses on successful authentication, the SMS parser sends the command request to the backend systems. Al-Harbi fig 3 par 0051 discusses the backend systems include the BI server or flight reservation system as commercial transaction systems); receiving a response from the commercial transaction system and transmitting the response to the client device in a response SMS message (Al-Harbi fig 8 par 0059 discusses the SMS parser receiving a response from the backend system and returning the response to the mobile device in an SMS message).
However, Al-Harbi does not specifically teach the second security level comprises user authentication, and the third security level comprises re-authentication that requires of the user prior to processing of the instruction even if the user has previously been authenticated, wherein a user id and password are the same for both the authentication and the re-authentication. Brown discloses wherein the first instruction (Brown par 0046, 0061 command to execute an application), second instruction (Brown par 0046, 0061 command to access a corporate network resource), and third instruction are all different instructions (Brown par 0046, 0061 command to access a highly confidential corporate network resource), wherein the first security level comprises device authentication (Brown par 0047 authentication factor for access includes data contained in SIM card or security token), the second security level (Brown par 0047 authentication factor for access includes user authentication by user name and password), and the third security level comprises re-authentication that requires re-authentication of the user prior to processing of the instruction even if a session for the user based on a previous authentication has not yet expired (Brown par 0047 authentication can be by user name and password. Brown par 0099 “during a user’s session” {a session for the user-based previous authentication has not yet expired, “allow the user to request additional access”, e.g. access to highly confidential network resource, user need to provide the security token necessary to obtain the request access during the user’s session, e.g. re-authenticate even if the current access limited session has not expired); performing authentication according to the security level associated with each of the instructions (Brown par 0053 verifying authentication data associated with different authentication factors). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi with Brown by adding to the authentication mechanism of Al-Harbi the method of authenticating by at least one of device authentication, user authentication, and re-authentication and associating the different authentication types with access levels as taught by Brown where the device authentication is the device authentication of Al-Harbi. The motivation to combine Al-Harbi and Brown is to provide flexibility in governing access to network resources as discussed by Brown.
(Singh fig 8 step 818 par 0071 re-authenticate using same username and password). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown with Singh by adding to the authentication mechanism of Al-Harbi in view of Brown the method of using the same user id and password for re-authentication that was used for authentication as taught by Singh. The motivation to combine Al-Harbi in view of Brown and Singh is to provide flexibility for user selection of user name and password and ease of authentication by the system.
However, Al-Harbi does not specifically discuss performing authentication based on the capability of the device; establishing a session with the client device and transmitting a response using the established session. Bemmel discloses performing authentication (Bemmel fig 2 step 212 and fig 4 step 410) based on the capabilities of the client device (Bemmel fig 6 steps 606-608 par 0034, par 0056-0057 discusses the mobile controller (158) transmits either a WAP push or SMS message, the message type based on the capability of the mobile device, containing a URL redirecting the user to the MIMS controller (130) for authentication (fig 6 step 626)); establishing a session with the client device using an identifier that uniquely identifies the client device (Bemmel fig 7 par 0065-0066 discusses the mobile incentive service identifies the mobile device by device identifier (step 706) and establishes a session with the mobile device by transmitting an access URL to enable the mobile device for the mobile device to retrieve mobile incentives at the URL (steps 722-730); transmitting a response using the established session (Bemmel fig 7 par 0066 discusses the mobile incentive service using the established session to transmit the mobile incentive to the mobile device (steps 738-740)). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown in view of Singh with Bemmel by adding to parser system of Al-Harbi the method of performing the authentication based on the capability of the device, and establishing a session with the client to submit and receive responses as discussed by Bemmel. The motivation to combine Al-Harbi in view of Brown in view of Singh and Bemmel is to format the message for delivery to the mobile device in accordance with the capability of the mobile device to process the message as discussed by Bemmel.  
However, Al-Harbi does not specifically disclose a plug-in. Keresman III discloses a plug-in (Keresman III fig 3 par 0034 discusses the MAPS plug-in architecture comprising a direct connector exposing the appropriate Java interfaces to be used by the merchant server; Keresman III fig 3 par 0038 discusses the specific plug-in such as the VISA or Mastercard plug-ins, each provide a specific transaction service).  At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in view of Brown in view of Singh in view of Bemmel with 

Consider claims 2, 23
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the limitations of claim 1, 22 further comprising: determining whether authentication is needed to perform the transaction based on the corresponding security level (Al-Harbi par 0056 the SMS parser determines whether authentication is needed based on whether the command is to be sent to a secure system). 

Consider claims 5, 15, 26 
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the limitations of claims 1, 11, 25, wherein the step of authenticating the user device comprises: authenticating the user device by comparing a unique property of the user device to a registered value for the unique property (Al-Harbi par 0056 comparing the telephone number of the mobile device with a registered telephone number). 

Consider claims 6, 16, 27 
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the limitations of claims 5, 15, 26, wherein the user device is a phone (Al-Harbi par 0056 mobile device is a phone), and further wherein (Al-Harbi par 0056 comparing the telephone number of the mobile device with a registered telephone number). 

Consider claims 7, 17, 28 
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the limitations of claims 2, 12, 23 further comprising: authenticating the user of the user device if authentication is needed (Brown par 0053 authenticating by user name, password to grant access rights to restricted resources. The motivation to combine with Brown is to provide flexibility in governing the access to network resources as discussed by Brown). 

Consider claims 8, 18, 29
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the limitations of claims 7, 17, 28, wherein authenticating the user of the client device comprises: sending a WAP Push message to the client device, the WAP Push message comprising a URL for a user authentication page (Bemmel par 0034, par 0057 discusses the mobile controller (158) transmits a WAP push containing a URL that would redirect the user to the MIMS controller (130) for authentication. The motivation to combine with Bemmel is to format the message for delivery to the mobile device in accordance with the capability of the mobile device to process the message as discussed by Bemmel).

Consider claims 9, 19, 30 
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the limitations of claims 7, 17, 28, wherein authenticating the user of the client device comprises: sending a URL for a user authentication page to the client device (Bemmel par 0034, par 0057 discusses the mobile controller (158) transmits a WAP push containing a URL that would redirect the user to the MIMS controller (130) for authentication. The motivation to combine with Bemmel is to format the message for delivery to the mobile device in accordance with the capability of the mobile device to process the message as discussed by Bemmel).

Consider claims 10, 20, 31 
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the limitations of claims 1, 11, 22 wherein the step of parsing the instruction comprises: locating a command in a command grammar corresponding to the instruction (Al-Harbi par 0055 discusses comparing the command in the SMS message with known commands in the command table); and generating the corresponding transaction according to the command (Al-Harbi fig 6.645-6.660, par 0056 discusses the SMS parser either execute command as an internal command or send it to the backend system).

Consider claim 12
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the limitations of claim 11, wherein the one or more processors are further configured to determine whether authentication is needed (Al-Harbi par 0056 determines that authentication is needed when the command is to be sent to a secured system) and authenticate the client device or user if authentication is needed (Al-Harbi par 0056 performs authentication using telephone number when authentication is needed). 

Consider claim 21 
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the interface of claim 11, wherein the parsing module is further configured to permit definition of new commands (Al-Harbi par 0061 discusses the SMS parser manager providing the user the capability to add, delete, and modify commands). 

Consider claim 25
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the limitations of claim 23, authenticate the client device if authentication is needed (Al-Harbi par 0056 performs authentication using telephone number when authentication is needed). 

Consider claim 32 
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the method of claim 1, wherein determining a kind of authentication comprises determining whether the client device supports a kind of message (Bemmel par 0034, par 0057 discusses the mobile controller (158) transmits either a WAP push or SMS message, the message type based on the capabilities of the mobile device. The motivation to combine with Bemmel is to format the message for delivery to the mobile device in accordance with the capability of the mobile device to process the message as discussed by Bemmel). 

Consider claim 33
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the method of claim 1, further comprising: performing a re-authentication after performing the authentication (Brown par 0100 re-authentication after previous authentication. The motivation to combine with Brown is to provide flexibility in governing the access to network resources as discussed by Brown). 

Consider claim 34
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the method of claim 1, wherein the identifier that uniquely identifies the client device comprises a phone number (Al-Harbi par 0056 using the telephone number of the mobile device as unique identifier for use in authentication). 

Consider claim 37
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the method of claim 1, wherein the second transaction does not require re-authentication (Brown par 0047 authentication can be by user name and password. Brown par 0099 during a user’s session, if the user request additional access, e.g. access to highly confidential network resource, then the user need to provide the security token necessary to obtain the request access during the user’s session, e.g. re-authenticate even if the current access limited session has not expired. If the user does not request additional access, then there is no need to re-authenticate in accordance to how re-authenticate is used as disclosed in the specification). 

Claims 35-36 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Al-Harbi (US 2007/0167178 A1) in view of Brown et al (US 2009/0165125 A1) in view of Singh et al (US 2008/0271109 A1) in view of Bemmel et al (US 2008/0097851 A1) in view of Keresman, III et al (US 2003/0233327 A1) as applied to claim 1 above further in view of Fleishman (US 2004/0148252 A1).

Consider claim 35, 36
Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III teaches the method of claim 1.
However, Al-Harbi in view of Brown in view of Singh in view of Bemmel in view of Keresman III does not specifically teach the third transaction comprises a financial transaction, wherein the financial transaction comprises an automated clearing house (ACH) transaction. Fleishman discloses the third transaction comprises a financial transaction, wherein the financial transaction comprises an automated clearing house (ACH) transaction (Fleishman par 0069 for a financial transaction involving credit an account at another institution, the user be re-authenticated). At the time of the invention, it would have been obvious for one ordinarily skilled in the art to modify the invention of Al-Harbi in .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Ferrara et al (US 2008/0301781 A1).

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yuwen Pan can be reached on (571) 272-7855.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/YUWEN PAN/Supervisory Patent Examiner, Art Unit 2649                                                                                                                                                                                                        
/HUNG K DU/Examiner, Art Unit 2647