DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgment
Applicant’s application filed on November 25, 2019 is acknowledged. Accordingly claims 1-20 remain pending and have been examined.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20, are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Subject Matter Eligibility Standard
When considering subject matter eligibility under 35 U.S.C. 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter.  If the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so, it must additionally be determined whether the claim is a patent-eligible application of the exception.  If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself.    Examples of abstract ideas include fundamental economic practices; certain methods of organizing human activities; an idea itself; and mathematical relationships/formulas. (Alice Corporation Pty. Ltd. v. CLS Bank International, et al. US Supreme Court, No. 13-298, June 19, 2014). 
Analysis
Step 1: In the instant case, 
claim 1 is directed to an intermediary server, which is a statutory category of invention, 
claim 15 is directed to a server for generating data, which is a statutory category of invention and
Claim 17 is directed to an authentication server, which is a statutory category of invention.
Step 2a: 
While claims 1, 15 and 17 are directed towards a statutory category of invention, the claims are directed towards at least one judicial exception (i.e., law of nature, natural phenomenon, and abstract idea) without significantly more. In the instant case, the claims are directed to abstract idea of a “conducting a transaction using a dynamic reference data” as part of system of commerce- which is considered an abstract idea. Put simply the claims recites “generating a dynamic reference data associated with a security identifier.” See grouping of abstract ideas in prong one of step 2A (see 2019 Revised Patent Subject Matter Eligibility Guideline). Claims 1, 15 and 17 recites: receive a request for dynamic reference data…., generate dynamic reference data…, store dynamic reference data along with security identifier…, transmit dynamic reference data….These steps constitutes the abstract idea of organizing human activity which falls under fundamental economic practices.  Thus the claims are directed to an abstract idea of organizing human activity. The limitations that set forth this abstract idea include: 
receive a request for dynamic reference data…., generate dynamic reference data…, store dynamic reference data along with security identifier…, transmit dynamic reference data…..
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of the claim such as “server system”, “mobile device”, “the gateway”, “authentication server”, “a processor”, merely uses a computer as a tool to perform the abstract idea. The use of “server system”, “mobile device”, “the gateway”, “authentication server”, “a processor”, does no more than generally link the abstract idea to a particular field of use, the use of “server system”, “mobile device”, “the gateway”, “authentication server”, “a processor”, does not improve the functioning or performance of the processor/computer and the use of a processor/computer as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of “server system”, “mobile device”, “the gateway”, “authentication server”, “a processor”, do not amount to significantly more than the abstract idea. As discussed above, taking the claim elements separately, the use of “server system”, “mobile device”, “the gateway”, “authentication server”, “a processor”, does not improve the functioning or performance of the processor/computer and the use of a processor/computer does no more than use a processor/computer to implement the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recites the concept of “conducting a transaction using a dynamic reference data and security identifier” using a computer. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
Dependent claims 2-14, 16, and 18-20 further recite characteristics of data or continue to perform similar actions on data to perform the abstract idea. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Dependent claims 2-14, 16, and 18-20 merely extend the abstract idea of claims 1, 15 and 17 by describing the use of computer device or processor to receive a request for dynamic reference data…., generate dynamic reference data…, store dynamic reference data along with security identifier…, transmit dynamic reference data…. and only serve to add additional layers of abstraction to the abstract idea of claims 1, 15 and 17. Therefore, the dependent claims are also not patent eligible.

Conclusion
The claim as a whole, does not amount to significantly more than the abstract idea itself. This is because the claim does not effect an improvement to another technology or technical filed; the claim does not amount to an improvement to the functioning of a computer system itself; and the claim does not move beyond a general link of the use of an algorithm to a particular technological environment. 
Accordingly, the Examiner concludes that there are no meaningful limitations in the claim that transform the judicial exception into a patent eligible application such that the claim amounts to significantly more than the judicial exception itself. Thus Examiner concludes that the claims are not directed to a patent-eligible subject matter under 35 U.S.C. 101 because it does not amount to significantly more than the abstract idea.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-10, 15,17, and 19 -20, is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Ziegler U.S. Patent Application Publication No. 2006/0136332 A1.

As per claim 1, Ziegler discloses an intermediary server system for providing data for use in authenticating an interaction between the mobile device and a gateway, the server system comprising:
an input configured to receive, from the mobile device, interaction data comprising a plurality of interaction data items associated with the interaction and a security identifier uniquely identifying the interaction (see fig. 13 and associated text; 0134, which discloses that “the customer interacts with the merchant server to generate a purchase order at function block 1104”; 0136, which discloses that “The capture module prompts the customer for entry of biometric data at function block 1302. The user provides biometric data to a biometric collector at function block 1304. The user identity is authenticated comparing the collected biometric data to stored data at function block 1306.”);
a processor configured with instructions that when executed cause the processor to:
generate a request for reference data to be associated with the security identifier, the request comprising at least one of the plurality of interaction data items and the security identifier (0006, which discloses that “The non-secure general purpose computer provides the transaction request information and a PIN data package, the PIN data package being a digital representation of an impression of the users selection of at least one graphic image representing the user's PIN to a secure transaction manager via an Internet system.”);
(0092, which discloses that “The HSM interface 110 generates a transaction request including the PIN block in step 244 and sends the transaction request to the ATM Network 118. The ATM Network 246 or the financial institution 120 authenticates the PIN in step 246. The financial institution 120 authenticates the transaction in step 248.”); 
receive, from the remote authentication server, the dynamic reference data (0092, which discloses that “The HSM interface 110 generates a transaction request including the PIN block in step 244 and sends the transaction request to the ATM Network 118. The ATM Network 246 or the financial institution 120 authenticates the PIN in step 246. The financial institution 120 authenticates the transaction in step 248.”); and
alter the received interaction data by replacing at least one of the plurality of interaction data items with the dynamic reference data (0006, which discloses that “The transaction manager combines at least one of transaction data, dynamic data and corollary data with the PIN data package and securely provides the combination to a hardware security module (HSM).”); and 
an output configured to transmit, to the gateway, the altered interaction data (0092, which discloses that “The HSM interface 110 generates a transaction request including the PIN block in step 244 and sends the transaction request to the ATM Network 118. The ATM Network 246 or the financial institution 120 authenticates the PIN in step 246. The financial institution 120 authenticates the transaction in step 248.”).

As per claim 2, Ziegler further discloses the intermediary server system, wherein the processor is configured to transmit to the remote authentication server, an indication that dynamic validation data 

As per claim 3, Ziegler further discloses the intermediary server system, wherein the processor is configured to alter the received interaction data by replacing at least one of the plurality of interaction data items with the dynamic validation data (0006; 0092).

As per claim 4, Ziegler further discloses the intermediary server system, wherein the dynamic reference data is randomly-generated (0084).

As per claim 5, Ziegler further discloses the intermediary server system, wherein the dynamic reference data is randomly-generated (0084).

As per claim 6, Ziegler further discloses the intermediary server system, wherein the dynamic reference data is randomly-generated (0084).

As per claim 7, Ziegler further discloses the intermediary server system, wherein the interaction comprises an online payment transaction and the gateway corresponds to an online payment gateway associated with a merchant (see fig. 1; 0079; 0161). 

As per claim 8, Ziegler further discloses the intermediary server system, wherein: the processor is configured to 
transmit to the remote authentication server, an indication that dynamic validation data should be provided by the remote authentication server, and to receive the dynamic validation data from the remote authentication server (0006); and 
the interaction comprises an online payment transaction and the gateway 10 corresponds to an online payment gateway associated with a merchant (see fig. 1; 0079; 0161).

As per claim 9, Ziegler further discloses the intermediary server system, wherein: 
the processor is configured to transmit to the remote authentication server, an indication that dynamic validation data should be provided by the remote authentication server, and to receive the dynamic validation data from the remote authentication server (0006);
 the processor is configured to alter the received interaction data by replacing at least one of the plurality of interaction data items with the dynamic validation data; and the interaction comprises an online payment transaction (0006) and 
the gateway corresponds to an online payment gateway associated with a merchant (see fig. 1) 

As per claim 10, Ziegler further discloses the intermediary server system, wherein: 
the dynamic reference data is randomly-generated (0084); 
the processor is configured to transmit to the remote authentication server, an indication that dynamic validation data should be provided by the remote authentication server, and to receive the dynamic validation data from the remote authentication server (0006); 
the processor is configured to alter the received interaction data by replacing at least one of the plurality of interaction data items with the dynamic validation data; and the interaction comprises an online payment transaction and the gateway corresponds to an online payment gateway associated with a merchant (see fig. 1; 0079; 0161)

As per claim 15, Ziegler discloses a server for generating data for authentication of an interaction carried out between a mobile device and a gateway, the server comprising:
a processor configured with instructions that when executed cause the processor to: 
receive, from an intermediary server system associated with the mobile device and gateway, a request for dynamic reference data, the request comprising a plurality of interaction data items associated with the interaction, and a security identifier uniquely identifying the interaction (see fig. 13 and associated text; 0136, which discloses that “The capture module prompts the customer for entry of biometric data at function block 1302. The user provides biometric data to a biometric collector at function block 1304. The user identity is authenticated comparing the collected biometric data to stored data at function block 1306.”); 
generate, in response to the request, dynamic reference data associated with the security identifier, store, at a storage location, the generated dynamic reference data together with the received security identifier (0006, which discloses that “The non-secure general purpose computer provides the transaction request information and a PIN data package, the PIN data package being a digital representation of an impression of the users selection of at least one graphic image representing the user's PIN to a secure transaction manager via an Internet system.”); and 
transmit, to the intermediary server system, the dynamic reference data ((0092, which discloses that “The HSM interface 110 generates a transaction request including the PIN block in step 244 and sends the transaction request to the ATM Network 118. The ATM Network 246 or the financial institution 120 authenticates the PIN in step 246. The financial institution 120 authenticates the transaction in step 248.”).

As per claim 17, Ziegler discloses an authentication server for authenticating an interaction carried out between a mobile device and a gateway, the authentication server comprising”
a processor configured with instructions that when executed cause the processor to: 
receive, from the gateway, altered interaction data comprising a plurality of interaction data items associated with the interaction, and dynamic reference data associated with a security identifier uniquely identifying the interaction (0092, which discloses that “The HSM interface 110 generates a transaction request including the PIN block in step 244 and sends the transaction request to the ATM Network 118. The ATM Network 246 or the financial institution 120 authenticates the PIN in step 246. The financial institution 120 authenticates the transaction in step 248.”);
retrieve, from a storage location, the security identifier corresponding to the received dynamic reference data (0092, which discloses that “The HSM interface 110 generates a transaction request including the PIN block in step 244 and sends the transaction request to the ATM Network 118. The ATM Network 246 or the financial institution 120 authenticates the PIN in step 246. The financial institution 120 authenticates the transaction in step 248.”); and 
verify the validity of the security identifier (0092, which discloses that “The HSM interface 110 generates a transaction request including the PIN block in step 244 and sends the transaction request to the ATM Network 118. The ATM Network 246 or the financial institution 120 authenticates the PIN in step 246. The financial institution 120 authenticates the transaction in step 248.”). 

As per claim 19, Ziegler further discloses the method, wherein the received altered interaction data further comprises dynamic validation data, and wherein the processor is further configured to retrieve one or more stored data items associated with the interaction, and compare the dynamic validation data with a corresponding one of the stored data items (0092).

As per claim 20, Ziegler further discloses the method, wherein the received altered interaction data further comprises dynamic validation data, and wherein the processor is further configured to retrieve one or more stored data items associated with the interaction, and compare the dynamic validation data with a corresponding one of the stored data items (0092)


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 11-14, 16 and 18, is/are rejected under 35 U.S.C. 103 as being unpatentable over Ziegler U.S. patent Application Publication No. 2006/0136332 A1 in view of Hammad U.S. Patent Application Publication No. 2011/0225094 A1.

As per claims 11, 12, 13, and 14, Ziegler failed to explicitly disclose the intermediary server system, wherein the at least one of the plurality of interaction data items replaced with the dynamic reference data corresponds to an expiry date of a payment card used in the online payment transaction.
Hammad discloses the intermediary server system, wherein the at least one of the plurality of interaction data items replaced with the dynamic reference data corresponds to an expiry date of a payment card used in the online payment transaction (0097).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the intermediary server system of Ziegler and incorporate the intermediary server system wherein the at least one of the plurality of interaction data items replaced with the dynamic reference data corresponds to an expiry date of a payment card used in the online payment transaction in view of the teachings of Hammad in order to enhance security of the transaction.

Claims 16 and 18, is/are rejected under 35 U.S.C. 103 as being unpatentable over Ziegler U.S. patent Application Publication No. 2006/0136332 A1 in view of Guo et al (hereinafter “Guo”) U.S. Patent Application Publication No. 2008/0228655 A1.

As per claim 16, Ziegler failed to explicitly disclose the server, wherein the processor is configured to associate a maximum storage validity period with the security identifier.
Guo discloses the server, wherein the processor is configured to associate a maximum storage validity period with the security identifier (0098)
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the server system of Ziegler and incorporate the server, wherein the processor is configured to associate a maximum storage validity period with the security identifier in view of the teachings of Guo in order to enhance security of the transaction.

As per claim 18, Ziegler further discloses the authentication server, wherein the processor is further configured to determine whether a maximum storage validity period of the security identifier has been exceeded when verifying the validity of the security identifier.
Guo discloses the authentication server, wherein the processor is further configured to determine whether a maximum storage validity period of the security identifier has been exceeded when verifying the validity of the security identifier (0098).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the method of Saylor and incorporate a method further comprising: performing, by the one or more processor, a transaction based on one or more input of the second shopper, the transaction using content of the first shopper information stored in a secure computing environment and wherein method includes transmitting a first message to the first shopper in response to a security information message obtained from the second shopper, wherein the first message to the first shopper includes content of the security information message obtained from the second shopper  in view of the teachings of Geffon in order to facilitate transaction

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Charles C. Agwumezie whose number is (571) 272-6838. The examiner can normally be reached on Monday – Friday 8:00 am – 5:00 pm.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Hayes can be reached on (571) 272 – 6708.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/CHINEDU C AGWUMEZIE/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        November 23, 2021