DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Status of Claims
Claims 2-21 are allowed in this application.

Examiner’s Amendment
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Mr. Jay B. Patel on 8/24/21, followed by an email from Mr. Jay B. Patel on 8/25/21.
THE APPLICATION HAS BEEN AMENDED AS DETAILED:
1.	(Canceled).

receiving, by one or more first server computing devices executing a network application and from a computing device of a user of the network application, a facilitator engagement request comprising a user identification of the user and an identification of a commerce application;
providing, from one or more first server computing devices executing the network application and to the computing device, an engagement response that presents an option to complete a transaction utilizing the network application within a graphical user interface of the computing device;
receiving, by the one or more first server computing devices executing the network application, a client-side call from the computing device of the user of the network application to a graph application programming interface (“API”) that seeks the user identification;
mapping, by the one or more first server computing devices executing the network application, the user identification of the request to a profile of the user of the network application;
generating, by the one or more first server computing devices executing the network application, an encrypted payment token based on a payment authentication number associated with the profile of the user;
providing, from the one or more server computing devices executing the network application, the encrypted payment token to one or more second server computing devices supporting a commerce application, wherein the encrypted payment token references a full payment card number of a payment card stored in the profile of the user while providing the one or more second server computing devices with a placeholder card number label that displays a payment card number that is different from the full payment card number;
in response to providing the encrypted payment token, receiving, from the one or more second server computing devices supporting the commerce application, a charge request; 
 and
in response to receiving the charge request, sending, by the one or more first server computing devices executing the network application, the encrypted payment token to one or more third server computing devices that processes the encrypted payment token by a payment network associated with the commerce application.
3.	(Currently Amended) The method of claim 2, wherein the network application comprises a social networking system


4.	(Currently Amended) The method of  claim 2, further comprising determining to provide the engagement response to the computing device based in part on analyzing, utilizing the profile of the user, a history of activity for the user utilizing the network application. 
5.	(Currently Amended) The method of claim 2, further comprising:
receiving the client-side call to the graph API that further seeks an indication that the user permits the commerce application to access the payment information; and
identifying permissions for the user authorizing the commerce application to access the payment information.
6.	(Currently Amended) The method of claim 2, further comprising: 
receiving the client-side call to the graph API that further seeks an indication that the user permits the commerce application to access the payment information; 
identifying permissions for the user that do not authorize the commerce application to access the payment information; and
providing, for display within the computing device, a permissions user interface comprising an option to grant the commerce application access to the payment information.
7.	(Previously Presented) The method of claim 6, further comprising: 
receiving, from the computing device, an indication of a user selection of the option to grant the commerce application access to the payment information; and
providing the payment information for the user to the one or more second server computing devices supporting the commerce application to, within a display of the computing device of the user, auto-fill one or more payment fields, wherein the payment information comprises an expiration date, a name, and a billing address.
8.	(Previously Presented) The method of claim 2, further comprising: 
logging the user into the network application based on a login request from the computing device of the user; and 
providing, for display within the computing device of the user, a log of transactions for purchases by the user utilizing a plurality of commerce applications.
9.	(Currently Amended) A non-transitory computer readable storage medium comprising instructions that, when executed by at least one processor, cause a computer system to:
receive, by one or more first server computing devices executing a network application and from a computing device of a user of the network application, a facilitator engagement request comprising a user identification of the user and an identification of a commerce application;
provide, from one or more first server computing devices executing the network application and to the computing device, an engagement response that presents an option to complete a transaction utilizing the network application within a graphical user interface of the computing device;
receive, by the one or more first server computing devices executing the network application, a client-side call from the computing device of the user of the network application to a graph application programming interface (“API”) that seeks payment information for a request comprising the user identification;
map, by the one or more first server computing devices executing the network application, the user identification of the request to a profile of the user of the network application;
generate, by the one or more first server computing devices executing the network application, an encrypted payment token based on a payment authentication number associated with the profile of the user;
provide, from the one or more server computing devices executing the network application, the encrypted payment token to one or more second server computing devices supporting a commerce application, wherein the encrypted payment token references a full payment card number of a payment card stored in the profile of the user while providing the one or more second server computing devices with a placeholder card number label that displays a payment card number that is different from the full payment card number;
in response to providing the encrypted payment token, receive, from the one or more second server computing devices supporting the commerce application, a charge request; and
in response to receiving the charge request, send, by the one or more first server computing devices executing the network application, the encrypted payment token to one or more third server computing devices that processes the encrypted payment token 
10.	(Currently Amended) The non-transitory computer readable storage medium of claim 9, wherein the network application comprises a social networking system 


11.	(Currently Amended) The non-transitory computer readable storage medium of claim 9, further comprising instructions that, when executed by the at least one processor, cause the computer system to determine to provide the engagement response to the computing device based in part on analyzing, utilizing the profile of the user, a history of activity for the user utilizing the network application. 
12.	(Currently Amended) The non-transitory computer readable storage medium of claim 9, further comprising instructions that, when executed by the at least one processor, cause the computer system to: 
receive the client-side call to the graph API that further seeks an indication that the user permits the commerce application to access the payment information; and
identify permissions for the user authorizing the commerce application to access the payment information.
13.	(Currently Amended) The non-transitory computer readable storage medium of claim 9, further comprising instructions that, when executed by the at least one processor, cause the computer system to:
receive the client-side call to the graph API that further seeks an indication that the user permits the commerce application to access the payment information; 
identify permissions for the user that do not authorize the commerce application to access the payment information; and
provide, for display within the computing device, a permissions user interface comprising an option to grant the commerce application access to the payment information.
14.	(Previously Presented) The non-transitory computer readable storage medium of claim 13, further comprising instructions that, when executed by the at least one processor, cause the computer system to:
receive, from the computing device, an indication of a user selection of the option to grant the commerce application access to the payment information; and
provide the payment information for the user to the one or more second server computing devices supporting the commerce application to, within a display of the computing device of the user, auto-fill one or more payment fields, wherein the payment information comprises an expiration date, a name, and a billing address.
15.	(Currently Amended) The non-transitory computer readable storage medium of claim 14, further comprising instructions that, when executed by the at least one processor, cause the computer system to provide the encrypted payment token to the one or more second server computing devices supporting the commerce application to, within the display of the computing device of the user, auto-fill the one or more payment fields with the placeholder card number label. 
16.	(Currently Amended) A system comprising:
at least one processor; 
at least one non-transitory computer readable medium comprising instructions that, when executed by the at least one processor, cause the system to:
receive, by one or more first server computing devices executing a network application and from a computing device of a user of the network application, a facilitator engagement request comprising a user identification of the user and an identification of a commerce application;
provide, from one or more first server computing devices executing the network application and to the computing device, an engagement response that presents an option to complete a transaction utilizing the network application within a graphical user interface of the computing device;
receive, by the one or more first server computing devices executing the network application, a client-side call from the computing device of the user of the network application to a graph application programming interface (“API”) that seeks payment information for a request comprising the user identification;
map, by the one or more first server computing devices executing the network application, the user identification of the request to a profile of the user of the network application;
generate, by the one or more first server computing devices executing the network application, an encrypted payment token based on a payment authentication number associated with the profile of the user;
provide, from the one or more server computing devices executing the network application, the encrypted payment token to one or more second server computing devices supporting a commerce application, wherein the encrypted payment token references a full payment card number of a payment card stored in the profile of the user while providing the one or more second server computing devices with a placeholder card number label that displays a payment card number that is different from the full payment card number;
in response to providing the encrypted payment token, receive, from the one or more second server computing devices supporting the commerce application, a charge request; 
and
in response to receiving the charge request, send, by the one or more first server computing devices executing the network application, the encrypted payment token to one or more third server computing devices that processes the encrypted payment token 
17.	(Currently Amended) The system of claim 16, wherein the network application comprises a social networking system


18.	(Currently Amended) System of  claim 16, further comprising instructions that, when executed by the at least one processor, cause the system to determine to provide the engagement response to the computing device based in part on analyzing, utilizing the profile of the user, a history of activity for the user utilizing the network application.
19.	(Currently Amended) The system of claim 16, further comprising instructions that, when executed by the at least one processor, cause the system to:
receive the client-side call to the graph API that further seeks an indication that the user permits the commerce application to access the payment information; and
identify permissions for the user authorizing the commerce application to access the payment information.
20.	(Currently Amended) The system of claim 16, further comprising instructions that, when executed by the at least one processor, cause the system to:
receive the client-side call to the graph API that further seeks an indication that the user permits the commerce application to access the payment information; 
identify permissions for the user that do not authorize the commerce application to access the payment information; and
provide, for display within the computing device, a permissions user interface comprising an option to grant the commerce application access to the payment information.
21.	(Previously Presented) The system of claim 20, further comprising instructions that, when executed by the at least one processor, cause the system to:
receive, from the computing device, an indication of a user selection of the option to grant the commerce application access to the payment information; and
provide the payment information for the user to the one or more second server computing devices supporting the commerce application to, within a display of the computing device of the user, auto-fill one or more payment fields, wherein the payment information comprises an expiration date, a name, and a billing address.

Allowable Subject Matter
Claims 2-21 are allowed.
The following is an examiner’s statement of reasons for allowance: 
Regarding the rejection under 35 U.S.C. 101, the claims are eligible in light of the claim amendments and Applicant’s arguments.  Under Step 2A, Prong 2, the additional elements of the independent claims are doing more than just adding the words “apply it” with the abstract idea.  A computer is not merely being used as a tool to perform the abstract idea. Rather, when viewing the additional elements as a combination, the claimed invention includes a "distributed architecture" that improves network security and network integration.  In addition, the Graph Application Programming Interface ("API") element communicating and utilizing three different server groups to perform different functions of a network and commerce applications.  Thus, the combination of additional elements are not well understood, routine, and conventional.  For example, it is not well understood, routine, and conventional to have three servers where the “first server computing devices” executes the network application, the “second server computing devices” executes the “commerce application”, and the “third server computing devices” executes a payment gateway using a “graph application programming interface”.  As such, the rejection under 35 U.S.C. 101 is withdrawn.  
Regarding the rejection under 35 U.S.C. 103, the examiner has determined that the prior art of record does not teach the elements of claim 1, and the other independent claims.  
As recited in the claims, claim specific elements of:
“receiving… a facilitator engagement request comprising a user identification of the user and an identification of a commerce application;
providing… an engagement response that presents an option to complete a transaction utilizing the network application within a graphical user interface of the computing device;
receiving… a client-side call from the computing device of the user of the network application to a graph application programming interface (“API”) that seeks payment information for a request comprising the user identification;
mapping… the user identification of the request to a profile of the user of the network application;
generating… an encrypted payment token based on a payment authentication number associated with the profile of the user;
providing, from the one or more server computing devices executing the network application, the encrypted payment token to one or more second server computing devices supporting a commerce application, wherein the encrypted payment token references a full payment card number of a payment card stored in the profile of the user while providing the one or more second server computing devices with a placeholder card number label that displays a payment card number that is different from the full payment card number…
receiving… a charge request; and
sending…   the encrypted payment token to one or more third server computing devices that processes the encrypted payment token by a payment network associated with the commerce application,” limit the claims in a specific and narrow way that overcome the prior art.
The prior art of record, Beigi (20120110341) teaches a mobile transaction that uses multi-factor authentication related to cryptography and key exchange encryption techniques such as symmetric and asymmetric hashing and encryption.  However, Beigi does not teach or suggest the specific combination steps of (1) having a first sever receiving a client-side call from the user device to a graph application programming interface (seeking payment information); (2) providing the encrypted payment token (which references the full payment card number stored in the user profile) to a second sever one or more second server; and (3) providing a placeholder card number label (that is not the full card number) to the server.  Law (20120150748) teaches a financial system capable of increasing transaction security by having the verification processed and sent to the payment server to when the parties (user, card issuer, payment settlement system) are separate entities.  Yehoshua (8131594) teaches a transaction system capable of increasing the probability of a sale by analyzing users’ past purchasing history.  O’Neill, Nick (The Open Graph API: What Does It Mean? http://www.adweek.com/socialtimes/the-open-graph-api-what-does-it-mean/311627, Oct 29, 2009) teaches the use of a system to become an identity aggregator for its users.   Beigi, Law, Yehoshua, and O’Neill – alone or in combination – do not disclose utilizing a graph application programming interface to receive transaction request from the user’s device, and transmitting payment token (with specific types of data length) for security enhancement. 
Therefore the claims are deemed allowable.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MARK GAW whose telephone number is (571)270-0268.  The examiner can normally be reached on Mon-Fri 8:30AM-5:00PM EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt can be reached on 571 272-6709.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.  Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MARK GAW/
Examiner, Art Unit 3692
/ELIZABETH H ROSEN/Primary Examiner, Art Unit 3698