DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 9 July 2021 is being considered by the examiner.
Drawings
The drawings received on 9 July 2021 are acceptable.
Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 12-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Each of claims 12-19 recites the limitation "The system of claim 10" in the preamble.  There is insufficient antecedent basis for this limitation in the claim as claim 10 and claim 1, upon which claim 10 depends, recite a “method.” In the interest of compact prosecution and for purposes of examination, “system” in each of claims 12-19, is interpreted to be “method.”
Claim Rejections - 35 USC § 112(d)
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 19 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Claim 19 merely repeats the limitations of claim 10 and, thus, fails to further limit the subject matter of the claim upon which it depends.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


The claims are directed to a system, method, or non-transitory computer-readable medium and thus, fall into at least one of the statutory categories (i.e. process, machine, manufacture, or composition of matter) (Step 1).  Nonetheless, Claims 1-19 
Independent claims 1, 11, and 20 recite receiving, [...] an indication that the[...] system does not have saved payment credentials for a user who initiated a query for the saved payment credentials [...]; upon receiving the indication, identifying, [...]-saved payment credentials[...]; generating [...] a virtual payment information associated with [...] saved payment credentials, the virtual payment information being distinct from the [...] saved payment credentials; tokenizing [...] the virtual payment information, resulting in tokenized virtual payment information; and inserting [...] the tokenized virtual payment information into corresponding fields [...].
This concept, which involves using saved payment credentials, generating virtual payment information, tokenizing virtual payment information, and inserting/using tokenized virtual payment information, falls within the grouping of commercial interactions (business relations, sales activities and behaviors) which is a Certain Methods of Organizing Human Activity in Section I of 2019 Revised Patent Subject Matter Eligibility Guidance found at 84 FR 50, 52 (Jan. 7, 2019).  Thus, the claims recite an abstract idea. (Step 2A-Prong 1).  Dependent claims 2-10 and 12-19 merely narrow the abstract idea by specifying the type of data used or recite generic computing components such as APIs and database, and are directed to the same abstract idea. 
The additional elements in claims 1, 11, and 20 include: 

a merchant computer system;  navigating to a web page operated by the merchant computer system; at least one processor, browser-saved; stored in an Internet browser; inserting, via at least one processor information into corresponding fields of a [...] web page
Dependent claims 2-10 and 12-19 additionally include APIs and databases.
The Specification reveals at [36] that [t]he processor 520 can include any general purpose processor and a hardware module or software module [...]. The judicial exception identified above is not integrated into a practical application because the claim elements are recited at a high-level of generality and thus merely generally link the use of the judicial exception to a particular technological environment of computers/processors, web browsers, and APIs and do not impose any meaningful limits on practicing the abstract idea. The claimed invention does not improve the functioning of a computer or improve another technology or technical field.  Thus, the judicial exception is not integrated into a practical application.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately or in combination, they do no more than limit the above-identified abstract idea to the particular technological environment of networked computers, as discussed above. Limitations that merely confine the use of the abstract idea to a particular technological environment fail to add an inventive concept to the claims. See MPEP § 2106.05(h) discussing Affinity Labs of Texas v. DirecTV, LLC, 838 F.3d 1253, 120 USPQ2d 1201 (Fed. Cir. 2016) (particular technological environment of cellular telephones).  The claims are not patent-eligible.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-4, 6-11, 13-14 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over ROCHE (US 20200126085 A1 to Roche; Michael F. et al) in view of VENKATAKRISHNAN (US 20170316400 Al to VENKATAKRISHNAN; Poornima et al.).
Regarding claim(s) 1, 11, and 20,
ROCHE discloses:
A system, comprising: at least one processor;  and at least one non-transitory computer-readable storage medium having instructions stored which, when executed by the at least one processor, cause the at least one processor to perform operations comprising   (see, at least, ROCHE: [0005]: In accordance with yet other aspects of the present disclosure, a non-transitory computer readable media with computer-executable instructions embodied thereon is disclosed. The instructions when executed by a processor of an authentication system cause the authentication system to perform a process) (Claim 11)
 A non-transitory computer-readable storage medium having instructions stored which, when executed by at least one processor, cause the at least one processor to perform operations comprising  (see, at least, ROCHE: [0005]: In accordance with yet other aspects of the present disclosure, a non-transitory computer readable media with computer-executable instructions embodied thereon is disclosed. The instructions when executed by a processor of an authentication system cause the authentication system to perform a process) (Claim 20)
A method comprising: receiving, from a merchant computer system, an indication that the merchant computer system does not have saved payment credentials for a user who initiated a query for the saved payment credentials by navigating to a web page operated by the merchant computer system for a merchant (see, at least, ROCHE:  [73]: “The pre-transaction system 125 may classify customers into two types : new customer or returning customer.”[...] “For a new customer, the pre-transaction system 125 may not have a customer token associated with the customer. After the first transaction by the new customer, the pre-transaction system 125 may create a customer token for the customer for future transactions on the merchant website”.[173]: “After the first transaction by the new customer, the pre-transaction system 125 may create a customer token for the customer for future transactions on the merchant website”) (Claim 1);
[...]
generating, via at least one processor, a virtual payment information associated with the browser-saved payment credentials, the virtual payment information being distinct from the browser-saved payment credentials (see, at least, ROCHE:  [4]: The authentication system includes a memory to store the device data and the contextual data, and a processing unit configured to retrieve a customer token associated with the customer, such that the customer token is associated with a payment instrument of the customer; [0029]:  “. For example, in some embodiments, the data collection system 110 may be configured as a browser extension, add-on service, or other type of software application, software development kit ("SDK"), or other web toolkit, which may be downloaded and installed (e.g., from a web store of the web browser on which the merchant website 105 is accessed) for collecting data;  [74]: the customer token may be a numeric value generated by preserving certain digits ( e.g., the first and last four digits) of the card number and appending and/or interweaving other machine generated or other numbers to the certain digits of the card number);
tokenizing, via at least one processor, the virtual payment information, resulting in tokenized virtual payment information (see, at least, ROCHE:  [74]: payment instrument is a payment card having a card number, and the customer token may be a numeric value generated by preserving certain digits of the card number or a sixteen digit number based upon the form of payment instrument);
and inserting, via at least one processor, the tokenized virtual payment information into corresponding fields of a payment portion of the web page (see, at least, ROCHE:  [4]: The processing unit is also configured to [...] auto-fill payment information associated with the payment instrument in the customer token during the checkout process of the merchant website to complete the current transaction upon determining that the current transaction is not fraudulent.;  [21]: “For example, the authentication system may auto-fill payment information for the customer on a payment page for customer's convenience.”; [76]: payment information is auto-filled).  
ROCHE does not expressly disclose the following limitations, which VENKATAKRISHNAN however, teaches:
upon receiving the indication, identifying, via at least one processor, browser-saved payment credentials stored in an Internet browser used by the user (VENKATAKRISHNAN [0021] The present disclosure provides techniques for the merchant application to authenticate the user by accessing the browser cookie stored in the browser memory and without the user being prompted to enter her user credentials. [...] the payment provider server that is maintained by the payment service provider skips the request for a user login and subsequent receipt of user provided login information, and instead authenticates the user based on information stored in the browser cookie. In this way, the user may be authenticated by the payment service provider without being prompted to provide her user credentials for the current session.;  [22]: Additionally, the user may complete transactions using an account the user has with the payment service provider on different merchant applications or websites, without having to provide her user credentials to the payment provider server.);
It would have been obvious to one of ordinary skill in the art at the time of the invention to combine/modify the system/method of ROCHE, which discloses systems and methods of authenticating customers making online transactions and auto-filling payment information during the check-out process (ROCHE  [4]) with VENKATAKRISHNAN, which teaches authenticating users completing a transaction (see VENKATAKRISHNAN abstract), in order to provide an easier authentication process that encourages online and mobile payments (VENKATAKRISHNAN [4]).
Regarding claim(s) 3,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claim 1, as shown, herein.
ROCHE does not expressly disclose the following limitations, which VENKATAKRISHNAN however, teaches:
wherein the at least one processor includes a user-computer processor located within a user computer system which is operating the Internet browser, and wherein the identifying of the browser-saved payment credentials stored within the Internet browser is performed by the user-computer processor (see, at least, VENKATAKRISHNAN: [0065] User device 102, façade 620, authentication platform 311, and checkout platform 627 may each include one or more processors, memories, and other appropriate components for executing instructions such as program code and/or data stored on one or more computer readable mediums to implement the various applications, data, and steps described herein; [0021]: The present disclosure provides techniques for the merchant application to authenticate the user by accessing the browser cookie stored in the browser memory and without the user being prompted to enter her user credentials. [...] the merchant application accesses the browser cookie that was previously received from the payment provider server and stored in the browser memory, launches an instance of the browser, and passes the browser cookie to the browser instance. The browser instance may perform further actions to authenticate the user, without the user being requested to enter her user credentials).
It would have been obvious to one of ordinary skill in the art at the time of the invention to combine/modify the system/method of ROCHE, which discloses systems and methods of authenticating customers making online transactions and auto-filling payment information during the check-out process (ROCHE  [4]) with VENKATAKRISHNAN, which teaches authenticating users completing a transaction (see VENKATAKRISHNAN abstract), in order to provide an easier authentication process that encourages online and mobile payments (VENKATAKRISHNAN [4]).
Regarding claim(s) 4,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claim 1, as shown, herein.
ROCHE further discloses:
wherein the at least one processor includes a remote processor located within a third party computer system, and wherein the tokenizing and the inserting are performed by the remote processor (see, at least, ROCHE:  [4]: The system includes a data collection system associated with a merchant website. The data collection system is configured to collect device data from a computing device used by a customer during a checkout process of a current transaction on the merchant website and contextual data related to the customer. The authentication system includes [...] a processing unit configured to retrieve a customer token associated with the customer, such that the customer token is associated with a payment instrument of the customer; [0006]: In accordance with some other aspects of the present disclosure, a method is disclosed. The method includes creating, by an authentication system, a customer token during a checkout process of a current transaction on a merchant website;  [84]: The pre-transaction system 125 creates a customer token for the customer, figure 1: pre-transaction system 125).
Regarding claim(s) 6,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claim 1, as shown, herein.
ROCHE does not expressly disclose the following limitations, which VENKATAKRISHNAN however, teaches:
wherein the inserting of the tokenized virtual payment information does not occur until the user enters at least one of (1) a minimum portion of the browser-saved payment credentials, or (2) an identification with a password (see, at least, VENKATAKRISHNAN:  [38]: “[...] authentication platform 311 searches an authentication database 316 that stores user credentials (e.g., usernames and passwords) that have been registered with the payment service provider. In an example, authentication platform 311 makes a call to /v1/OAuth/login in order to effectively login the user and obtain an access token. ”).
It would have been obvious to one of ordinary skill in the art at the time of the invention to combine/modify the system/method of ROCHE, which discloses systems and methods of authenticating customers making online transactions and auto-filling payment information during the check-out process (ROCHE  [4]) with VENKATAKRISHNAN, which teaches authenticating users completing a transaction (see VENKATAKRISHNAN abstract), in order to provide an easier authentication process that encourages online and mobile payments (VENKATAKRISHNAN [4]).
Regarding claim(s) 7,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claim 1, as shown, herein.
ROCHE further discloses:
[...]
and wherein the virtual payment information is generated specifically for the merchant (see, at least, ROCHE: For a new customer, the pre-transaction system 125 may not have a customer token associated with the customer. After the first transaction by the new customer, the pre-transaction system 125 may create a customer token for the customer for future transactions on the merchant website).  
ROCHE does not expressly disclose the following limitations, which VENKATAKRISHNAN however, teaches:
wherein: the browser-saved payment credentials comprise credit card data stored by the Internet browser (see, at least, VENKATAKRISHNAN: [0065] User device 102, façade 620, authentication platform 311, and checkout platform 627 may each include one or more processors, memories, and other appropriate components for executing instructions such as program code and/or data stored on one or more computer readable mediums to implement the various applications, data, and steps described herein; [0021]: The present disclosure provides techniques for the merchant application to authenticate the user by accessing the browser cookie stored in the browser memory and without the user being prompted to enter her user credentials. [...] the merchant application accesses the browser cookie that was previously received from the payment provider server and stored in the browser memory, launches an instance of the browser, and passes the browser cookie to the browser instance. The browser instance may perform further actions to authenticate the user, without the user being requested to enter her user credentials)
It would have been obvious to one of ordinary skill in the art at the time of the invention to combine/modify the system/method of ROCHE, which discloses systems and methods of authenticating customers making online transactions and auto-filling payment information during the check-out process (ROCHE  [4]) with VENKATAKRISHNAN, which teaches authenticating users completing a transaction (see VENKATAKRISHNAN abstract), in order to provide an easier authentication process that encourages online and mobile payments (VENKATAKRISHNAN [4]).
Regarding claim(s) 8,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claim 1, as shown, herein.
ROCHE further discloses:
further comprising: detecting, via the at least one processor, user interaction with the web page via the Internet browser, wherein the user interaction initiates execution, via the at least one processor, of a payment request application programming interface (API), the payment request API having executable code distinct from the Internet browser, the payment request API generating the query for the saved payment credentials for the user from the merchant computer system (see, at least, ROCHE:   [0035] “In some embodiments, the data collection system 110 may be configured to communicate with the authentication system 120 via an application programming interface ("API"). Using the API, the data collection system 110 may send the gathered data to the authentication system 120 and receive information back from the authentication system.”;  [42]: “[...] the authentication system 120 may be accessed (e.g., by the data collection system 110 and the third party systems 135) in a variety of ways such as via an API or other mechanisms.”;  [29]: The merchant website 105 is associated with the data collection system 110. In some embodiments, the data collection system 110 may be embedded within the merchant website 105.).  
Regarding claim(s) 9,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claims 1 and 6, as shown, herein.
ROCHE further discloses:
wherein the payment request API further requests the saved payment credentials from a third party database (see, at least, ROCHE: [46]: The authentication system 120 may communicate with the third party systems 135 to receive additional information and/or to confirm the validity of data gathered by the data collection system;  [50]: The pre-transaction system 200 may connect to a plurality of trusted third party networks (e.g., the third party systems 135) to receive a variety of information, including historical information about the computing device 220, the customer 215, and the payment instrument entered during checkout.; [0042]: Further, the authentication system 120 may be accessed (e.g., by the data collection system 110 and the third party systems 135) in a variety of ways such as via an API or other mechanisms.);
 and wherein, upon inserting the tokenized virtual payment information into the corresponding fields, the payment request API stores the virtual payment information in the third party database (see, at least, ROCHE:   [73]: The customer token encrypts and stores the customer's payment information (and possibly other customer information) in an easily accessible database; [0036] The authentication system 120 is configured to receive the data from the data collection system 110 and store the data within a memory 150 associated with the authentication system. [...] the memory 150 may be a [...] magnetic storage [...] cloud storage, and other types of storage devices that are suitable for use as the memory 150. The data received from the data collection system 110 is used by the pre-transaction system 125 and the post-transaction system 130. [0042] the authentication system 120 may be installed on a server and/or may be hosted on a cloud service and accessed via the cloud. [...] Further, the authentication system 120 may be accessed (e.g., by the data collection system 110 and the third party systems 135) in a variety of ways such as via an API or other mechanisms.).  
Regarding claim(s) 10,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claim 1, as shown, herein.
ROCHE further discloses:
wherein the virtual payment information comprises a virtual credit card number (see, at least, ROCHE:  [74]: payment instrument is a payment card having a card number, and the customer token may be a numeric value generated by preserving certain digits of the card number or a sixteen digit number based upon the form of payment instrument;  [76]: payment information is auto-filled);  [13]: Example payment instruments may include credit cards, debit cards, gift cards, other types of transaction cards, bank accounts).  
Regarding claim(s) 13,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claims 1 and 10, as shown, herein.
ROCHE does not expressly disclose the following limitations, which VENKATAKRISHNAN however, teaches:
wherein the at least one processor includes a user-computer processor located within a user computer system which is operating the Internet browser, and wherein the identifying of the browser-saved payment credentials stored within the Internet browser is performed by the user-computer processor (see, at least, VENKATAKRISHNAN: [0065] User device 102, façade 620, authentication platform 311, and checkout platform 627 may each include one or more processors, memories, and other appropriate components for executing instructions such as program code and/or data stored on one or more computer readable mediums to implement the various applications, data, and steps described herein; [0021]: The present disclosure provides techniques for the merchant application to authenticate the user by accessing the browser cookie stored in the browser memory and without the user being prompted to enter her user credentials. [...] the merchant application accesses the browser cookie that was previously received from the payment provider server and stored in the browser memory, launches an instance of the browser, and passes the browser cookie to the browser instance. The browser instance may perform further actions to authenticate the user, without the user being requested to enter her user credentials)
It would have been obvious to one of ordinary skill in the art at the time of the invention to combine/modify the system/method of ROCHE, which discloses systems and methods of authenticating customers making online transactions and auto-filling payment information during the check-out process (ROCHE  [4]) with VENKATAKRISHNAN, which teaches authenticating users completing a transaction (see VENKATAKRISHNAN abstract), in order to provide an easier authentication process that encourages online and mobile payments (VENKATAKRISHNAN [4]).
Regarding claim(s) 14,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claims 1 and 10, as shown, herein.
ROCHE further discloses:
wherein the at least one processor includes a remote processor located within a third party computer system, and wherein the tokenizing and the inserting are performed by the remote processor  (see, at least, ROCHE:  [4]: The system includes a data collection system associated with a merchant website. The data collection system is configured to collect device data from a computing device used by a customer during a checkout process of a current transaction on the merchant website and contextual data related to the customer. The authentication system includes [...] a processing unit configured to retrieve a customer token associated with the customer, such that the customer token is associated with a payment instrument of the customer; [0006]: In accordance with some other aspects of the present disclosure, a method is disclosed. The method includes creating, by an authentication system, a customer token during a checkout process of a current transaction on a merchant website;  [84]: The pre-transaction system 125 creates a customer token for the customer, figure 1: pre-transaction system 125).  
Regarding claim(s) 16,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claims 1 and 10, as shown, herein.
ROCHE does not expressly disclose the following limitations, which VENKATAKRISHNAN however, teaches:
wherein the inserting of the tokenized virtual payment information does not occur until the user enters at least one of (1) a minimum portion of the browser-saved payment credentials, or (2) an identification with a password  (see, at least, VENKATAKRISHNAN:  [38]: “[...] authentication platform 311 searches an authentication database 316 that stores user credentials (e.g., usernames and passwords) that have been registered with the payment service provider. In an example, authentication platform 311 makes a call to /v1/OAuth/login in order to effectively login the user and obtain an access token. ”).
It would have been obvious to one of ordinary skill in the art at the time of the invention to combine/modify the system/method of ROCHE, which discloses systems and methods of authenticating customers making online transactions and auto-filling payment information during the check-out process (ROCHE  [4]) with VENKATAKRISHNAN, which teaches authenticating users completing a transaction (see VENKATAKRISHNAN abstract), in order to provide an easier authentication process that encourages online and mobile payments (VENKATAKRISHNAN [4]).
Regarding claim(s) 17,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claims 1 and 10, as shown, herein.
ROCHE does not expressly disclose the following limitations, which VENKATAKRISHNAN however, teaches:
wherein: the browser-saved payment credentials comprise credit card data stored by the Internet browser  (see, at least, VENKATAKRISHNAN: [0065] User device 102, façade 620, authentication platform 311, and checkout platform 627 may each include one or more processors, memories, and other appropriate components for executing instructions such as program code and/or data stored on one or more computer readable mediums to implement the various applications, data, and steps described herein; [0021]: The present disclosure provides techniques for the merchant application to authenticate the user by accessing the browser cookie stored in the browser memory and without the user being prompted to enter her user credentials. [...] the merchant application accesses the browser cookie that was previously received from the payment provider server and stored in the browser memory, launches an instance of the browser, and passes the browser cookie to the browser instance. The browser instance may perform further actions to authenticate the user, without the user being requested to enter her user credentials);
It would have been obvious to one of ordinary skill in the art at the time of the invention to combine/modify the system/method of ROCHE, which discloses systems and methods of authenticating customers making online transactions and auto-filling payment information during the check-out process (ROCHE  [4]) with VENKATAKRISHNAN, which teaches authenticating users completing a transaction (see VENKATAKRISHNAN abstract), in order to provide an easier authentication process that encourages online and mobile payments (VENKATAKRISHNAN [4]).
Regarding claim(s) 18,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claims 1 and 10, as shown, herein.
ROCHE further discloses:
the at least one non-transitory computer-readable storage medium having additional instructions stored which, when executed by the at least one processor, cause the at least one processor to perform operations comprising: detecting, via the at least one processor, user interaction with the web page via the Internet browser, wherein the user interaction initiates execution, via the at least one processor, of a payment request application programming interface (API), the payment request API having executable code distinct from the Internet browser, the payment request API generating the query for the saved payment credentials for the user from the merchant computer system (see, at least, ROCHE:   [0035] “In some embodiments, the data collection system 110 may be configured to communicate with the authentication system 120 via an application programming interface ("API"). Using the API, the data collection system 110 may send the gathered data to the authentication system 120 and receive information back from the authentication system.”;  [42]: “[...] the authentication system 120 may be accessed (e.g., by the data collection system 110 and the third party systems 135) in a variety of ways such as via an API or other mechanisms.”;  [29]: The merchant website 105 is associated with the data collection system 110. In some embodiments, the data collection system 110 may be embedded within the merchant website 105.).  
Regarding claim(s) 19,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claims 1 and 10, as shown, herein.
ROCHE further discloses:
wherein the virtual payment information comprises a virtual credit card number (see, at least, ROCHE:  [74]: payment instrument is a payment card having a card number, and the customer token may be a numeric value generated by preserving certain digits of the card number or a sixteen digit number based upon the form of payment instrument;  [76]: payment information is auto-filled);  [13]: Example payment instruments may include credit cards, debit cards, gift cards, other types of transaction cards, bank accounts).  
Claims 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over ROCHE in view of VENKATAKRISHNAN in further view of GOODMAN (US 20050257134 A1 to GOODMAN, J. T. et al.).
Regarding claim(s) 2,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claim 1, as shown, herein.
ROCHE does not expressly disclose the following limitations, which GOODMAN however, teaches:
wherein the insertion of the tokenized virtual payment information into the corresponding fields of the payment portion occurs prior to the user navigating, via the Internet browser, to the payment portion of the web page (see, at least, GOODMAN:  [002]: “[...] fill out numerous forms--some of which may or may not be similar--such as when purchasing products [...]”;  [0006]: “[...] techniques to automatically fill (autofill) one or more fields across a diverse array of web forms”; [0016] “In some instances, not all form fields may be visible to the user; yet nonetheless, they can be filled.” “[...] another aspect of the present invention provides a display on the user interface that can allow a user to see a listing of the form fields on the page and/or those that were automatically filled. This can be especially effective for autofilled radio buttons or check boxes since they may not be noticeable to the user or the user may not expect them to be autofilled”; figure 4 and  [22]: “exemplary” payment form with fields on website).
It would have been obvious to one of ordinary skill in the art at the time of effective filing to combine/modify the system/method of ROCHE and VENKATAKRISHNAN, which discloses systems and methods of authenticating customers making online transactions and “auto-filling” “payment information” “during the checkout process” (ROCHE  [4]) with the technique of GOODMAN, in order to “minimize[...] user effort” (GOODMAN [6]).
Regarding claim(s) 12,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claims 1 and 10, as shown, herein.
ROCHE does not expressly disclose the following limitations, which GOODMAN however, teaches:
wherein the insertion of the tokenized virtual payment information into the corresponding fields of the payment portion occurs prior to the user navigating, via the Internet browser, to the payment portion of the web page (see, at least, GOODMAN:  [002]: “[...] fill out numerous forms--some of which may or may not be similar--such as when purchasing products [...]”;  [0006]: “[...] techniques to automatically fill (autofill) one or more fields across a diverse array of web forms”; [0016] “In some instances, not all form fields may be visible to the user; yet nonetheless, they can be filled.” “[...] another aspect of the present invention provides a display on the user interface that can allow a user to see a listing of the form fields on the page and/or those that were automatically filled. This can be especially effective for autofilled radio buttons or check boxes since they may not be noticeable to the user or the user may not expect them to be autofilled”; figure 4 and  [22]: “exemplary” payment form with fields on website).  
It would have been obvious to one of ordinary skill in the art at the time of effective filing to combine/modify the system/method of ROCHE and VENKATAKRISHNAN, which discloses systems and methods of authenticating customers making online transactions and “auto-filling” “payment information” “during the checkout process” (ROCHE  [4]) with the technique of GOODMAN, in order to “minimize[...] user effort” (GOODMAN [6]).
Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over ROCHE in view of VENKATAKRISHNAN in further view of VAN OS  (US 20190080189 A1 to VAN OS; Marcel et al.).
Regarding claim(s) 5,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claim 1, as shown, herein.
ROCHE does not expressly disclose the following limitations, which VAN OS however, teaches:
wherein the inserting of the tokenized virtual payment information does not occur until the user enters a minimum amount of biometric information (VAN OS [1053]: In FIG. 32K, since biometric authentication was successful, electronic device 3200 autofills the one or more fillable fields [...] with credential information (e.g., log-in information such as a username and password that enables a user to successfully log-in to an account). In some examples, electronic device 3200 autofills the fillable fields with credit card information (e.g., information associated with a payment account information).; [1081] In accordance with some examples, the element associated with an authentication operation is a fillable field [...] (e.g., a user name, password, credential, or payment information entry field). In response to initiating biometric authentication and in accordance with a determination that biometric authentication criteria have been met, the electronic device [...] autofills the fillable field [...] with credential information (e.g., populating a field with data stored by the electronic device [...] or accessible to the electronic device [...], such as a user name, password, credit card information or other sensitive information). In response to initiating biometric authentication and in accordance with a determination that biometric authentication criteria have not been met, the electronic device [...] forgoes autofilling the fillable field [...] with credential information).  
It would have been obvious to one of ordinary skill in the art at the time of effective filing to combine/modify the system/method of ROCHE and VENKATAKRISHNAN, which discloses systems and methods of authenticating customers making online transactions and “auto-filling” “payment information” “during the checkout process” (ROCHE  [4]) with the technique of VAN OS, in order to provide a “convenient and efficient method of authenticating users of electronic devices” as “Biometric authentication allows a device to quickly and easily verify the identity of any number of users”. (VAN OS [0003).
Regarding claim(s) 15,
The combination of ROCHE and VENKATAKRISHNAN teaches all of the limitations of claims 1 and 10, as shown, herein.
ROCHE further discloses:
and wherein the virtual payment information is generated specifically for the merchant  (see, at least, ROCHE: For a new customer, the pre-transaction system 125 may not have a customer token associated with the customer. After the first transaction by the new customer, the pre-transaction system 125 may create a customer token for the customer for future transactions on the merchant website).  
ROCHE does not expressly disclose the following limitations, which VAN OS however, teaches:
wherein the inserting of the tokenized virtual payment information does not occur until the user enters a minimum amount of biometric information (VAN OS [1053]: In FIG. 32K, since biometric authentication was successful, electronic device 3200 autofills the one or more fillable fields [...] with credential information (e.g., log-in information such as a username and password that enables a user to successfully log-in to an account). In some examples, electronic device 3200 autofills the fillable fields with credit card information (e.g., information associated with a payment account information).; [1081] In accordance with some examples, the element associated with an authentication operation is a fillable field [...] (e.g., a user name, password, credential, or payment information entry field). In response to initiating biometric authentication and in accordance with a determination that biometric authentication criteria have been met, the electronic device [...] autofills the fillable field [...] with credential information (e.g., populating a field with data stored by the electronic device [...] or accessible to the electronic device [...], such as a user name, password, credit card information or other sensitive information). In response to initiating biometric authentication and in accordance with a determination that biometric authentication criteria have not been met, the electronic device [...] forgoes autofilling the fillable field [...] with credential information).
It would have been obvious to one of ordinary skill in the art at the time of effective filing to combine/modify the system/method of ROCHE and VENKATAKRISHNAN, which discloses systems and methods of authenticating customers making online transactions and “auto-filling” “payment information” “during the checkout process” (ROCHE  [4]) with the technique of VAN OS, in order to provide a “convenient and efficient method of authenticating users of electronic devices” as “Biometric authentication allows a device to quickly and easily verify the identity of any number of users”. (VAN OS [0003).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
ISAACSON (US 20190281030 A1 to Isaacson; Thomas M. et al.t.) teaches tokenizing the payment data that is communicated from the browser through the API 918 to the merchant site for security purposes (see, e.g., [0214]).
HARRELL (US 20170278174 A1 to Harrell; J.) teaches [...] payment provider can tokenize one or more portions of the user account information. The funding instrument selected by the user is tokenized.[...] instead of submitting the user's sensitive financial information such as a real credit card number, an electronic payment " token" is generated to serve as a proxy for the real credit card number (see, e.g., [0040]).
GOODMAN (US 20050257134 A1 to GOODMAN, J. T. et al.) teaches “[...] techniques to automatically fill (autofill) one or more fields across a diverse array of web forms”; [0016] “In some instances, not all form fields may be visible to the user; yet nonetheless, they can be filled” (see, e.g., [0006]).
SWINEHART (US 20150074588A1 B2 to Swinehart; Stacey et al.) teaches when the module has the auto-fill function, the form fields may automatically be filled with previously entered information when the user starts typing in one of the form fields (see, e.g., [52]).
SMITH (US 20210058374 A1 to SMITH; Charles Eric et al.) teaches account aggregators may maintain internet services that operate cloud-based web browsers that use stored authentication credentials for users to log into internet banking software on their behalf (See, e.g., [53]).
KIM (US 20210056541 A1 to Kim; Peter Jihoon) teaches at [0014]: [...] establishing an initial connection between a mobile client and a web client includes: generating credentials at the web client; storing the credentials in the browser storage; [...] and at [17]: Because the credentials are stored in browser storage (e.g., local storage), and not by the webpage [...], the same credentials (e.g., secret key and communication channel) can be reused by different webpages to transact with the same wallet, as long as the other webpages each embed an instance of the client.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BOLKO HAMERSKI whose telephone number is (571)270-7621. The examiner can normally be reached Monday-Friday 10:00 AM to 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, BENNETT SIGMOND can be reached on (303) 297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

BOLKO HAMERSKI
Examiner
Art Unit 3694



/BOLKO M HAMERSKI/           Examiner, Art Unit 3694

                                                                                                                                                                                             /BENNETT M SIGMOND/Supervisory Patent Examiner, Art Unit 3694