DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-14 and 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loh, U.S. 2014/0164251 A1 in view of Gaddam et al., U.S. 2015/0010780 A1.

1. 	A system for electronically authorizing a transaction, the system comprising: a user computing device including an Authorization Token generator application, (see Loh, ¶ 7) configured to: 
authenticate access of a user to the Authorization Token generator application, (see Loh, ¶ 7, 62-63); 
receive at least one identifier to authorize for the transaction, (see Loh, ¶ 8)(identifier UID); 
receive at least one user-selected constraint for limiting use of the at least one identifier, (see Loh, ¶ 33, 49)(disclosing the terms of limit such as expiration date or number of transactions); 
combine the at least one identifier and the at least one user-selected constraint to create a unique token, (see Loh, ¶ 8, 49, 136)(disclosing that expiration (or any other user-selected constraint) may or may not be declared by the owner in the manifesto during creation); 

without requiring prior recording of any information regarding the creation of the Authorization Token external to the user computing device, (see Loh, ¶ 33).
Loh fails to disclose the following features taught by Gaddam:
provide the Authorization Token for validation to a transaction processor computer system, (see Gaddam, ¶ 53, 57, and 60); and
a validator computer system to validate the transaction, (see (see Gaddam, ¶ 53, 57, and 60).
It would have been obvious to one of ordinary skill in the art at the time of the invention to combine Loh and Gaddam.  The motivation would have been to combine prior art elements according to known methods to yield predictable results. All the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination yielded nothing more than predictable results to one of ordinary skill in the art.
This motivation is applied to all claims below by reference.

2. 	The system of claim 1, wherein the validator computer system is configured to: 
receive, from the transaction processor computer system, the Authorization Token; test a validity of the Authorization Token; and responsive to a confirmation of the validity of the Authorization Token, generate and transmit to the transaction processor computer system a message indicating the validity of the Authorization Token to permit execution of the transaction, (see Gaddam, ¶ 59-60).

3. The system of claim 2, wherein the validator computer system is configured to: 

decrypt the Authorization Token based on the identified public key, (see Gaddam, ¶ 48, 59 and 60); 
separate the at least one hashed identifier from the at least one user-selected constraints in the decrypted Authorization Token, (see Gaddam, ¶ 97); 
determine whether the at least one user-selected constraint are satisfied, (see Gaddam, ¶ 48, 59 and 60); and 
responsive to a satisfaction of the at least one user-selected constraints, generate and transmit to the transaction processor computer system a message indicating the validity of the Authorization Token to permit execution of the transaction using the at least one identifier, (see Gaddam, ¶ 48, 59 and 60).

4. 	The system of claim 1, wherein the at least one user-selected constraint include at least one of: (i) an upper threshold constraint indicative of a maximum dollar value for which authorization is permitted; 10 (ii) a duration of authorization constraint indicative of a time limit during which authorization is permitted; (ill) a number of transactions constraint indicative of a number of transactions for which authorization is permitted; (iv) a geographic area constraint indicative of a geographic area of a 15 merchant or service provider in which authorization is permitted; (v) an industry constraint indicative of an industry for which authorization is permitted; (vi) a company constraint indicative of a company or entity for which authorization is permitted; 20 (vil) a type of transaction constraint indicative of a type of transaction for which authorization is permitted; (viil) a specific transaction constraint indicative of a specific transaction for which authorization is permitted; (ix) a 

5. 	The system of claim 1, wherein the Authorization Token generator application is configured to create the unique token including at least one of (i) the at least one identifier and (ii) a derivative of the at least one identifier and (iii) the at least one user-selected constraint in a field of the unique token, (see Gaddam, ¶ 55).

6. 	The system of claim 5, wherein the Authorization Token generator application is configured to combine by applying a reversible mathematical transformation functionto at least one of (i) the at least one identifier and (ii) the derivative of the at least one identifier and (iii) the atleast one user-selected constraints, (see Gaddam, ¶ 33, 55).

7. 	The system of claim 6, wherein the reversible mathematical transformation function comprises one of a summation function or an exclusive-or function or an n-variable vectorial Boolean or a Fourier transform function, (see Gaddam, ¶ 33, 55).

8. 	The system of claim 1, wherein the Authorization Token generator application is to provide the Authorization Token by displaying one of a character string representative of the Authorization Token, a 

9.	A method for generating an Authorization Token on a user computing device for authorizing a transaction, the method comprising:
receiving, by an Authorization Token generator application, at least one identifier to authorize for the transaction, (see Loh, ¶ 8)(identifier UID); 
receiving, by the Authorization Token generator application, user-selected constraints for limiting use of the at least one identifier, (see Loh, ¶ 33, 49)(disclosing the terms of limit such as expiration date or number of transactions); 
combining, by the Authorization Token generator application, the at least one identifier and the user-selected constraints to create a unique token, (see Loh, ¶ 8, 49, 136)(disclosing that expiration (or any other user-selected constraint) may or may not be declared by the owner in the manifesto during creation); 
encrypting, by the Authorization Token generator application, the unique token using a private key to locally generate the Authorization Token, (see Loh, ¶ 136); and
providing, by the Authorization Token generator application, the Authorization Token to the user computing device without requiring prior recording of any information regarding the creation of the Authorization Token external to the user computing device, wherein the Authorization Token is configured to authorize the execution of the transaction, (see Loh, ¶ 9, 33, 36, 138).

10. 	The method of claim 9, wherein the user computing device is a mobile device 5 and the step of combining the at least one identifier and the user-selected constraints to create the unique token comprises creating the unique token including at least one of (i) the at least one identifier, and (ii) a 

11. 	The method of claim 9, wherein the combining the at least one identifier and the user-selected constraints to create the unique token comprises combining, by applying a reversible mathematical transformation function, at least one of (i) the at least one identifier and (ii) the derivative of the at least one identifier and (iii) the user-selected constraints, (see Gaddam, ¶ 33, 55).

12. 	The method of claim 11, wherein the reversible mathematical transformation function comprises one of a summation function and an exclusive-or 15 function and an n-variable vectorial Boolean and a Fourier transform function, (see Gaddam, ¶ 33, 55).

13.	The method of claim 9, further comprising authenticating and validating by a validator computer system, the at least one identifier and the Authorization Token, wherein the authenticating and validating comprises: receiving, by the validator computer system from a transaction processor  computer system, the at least one identifier and the Authorization Token transmitted to the transaction processor computer system to authorize the transaction; testing, by the validator computer system, a validity of the Authorization Token; responsive to a passing of the validity test of the Authorization Token, and generating and transmitting, by the validator computer system to the transaction processor computer system, a message indicating the validity of the Authorization Token to permit execution of the transaction, (see Gaddam, ¶ 59-60).

14. 	The method of claim 9, wherein the user-selected constraints include at least one of: (i) an upper threshold constraint indicative of a maximum dollar value for which authorization is permitted; (ii) 

17.	A validator computer system for electronically authorizing a transaction that is configured to: receive, from a transaction processor computer system, an Authorization Token that is generated by an authorization generator application without requiring prior recording of any information regarding the generation of the Authorization Token external to the Authorization Token generator application, (see Loh, ¶ 33); 
test a validity of the Authorization Token; and responsive to a confirmation of the validity of the Authorization Token, generate and transmit to the transaction processor computer system a message indicating the validity of the Authorization Token to permit execution of the transaction, (see Gaddam, ¶ 59-60). 



19. 	The system of claim 18, wherein the user-selected constraints include at least one of: (i) an upper threshold constraint indicative of a maximum dollar value for which authorization is permitted; (ii) a duration of authorization constraint indicative of a time limit during which authorization is permitted; (ill) a number of transactions constraint indicative of a number of transactions for which authorization is permitted; (iv) a geographic area constraint indicative of a geographic area of a merchant or service provider in which authorization is permitted; (v) an industry constraint indicative of an industry for which authorization is permitted; (vi) a company constraint indicative of a company or entity for which authorization is permitted; (vii) a type of transaction constraint indicative of a type of transaction for which authorization is permitted; (viii) a specific transaction constraint indicative of a specific transaction for which authorization is permitted; (ix) a physical device constraint identifying a physical device for which authorization is permitted; (x) a third-party identity constraint identifying a third-party for whom authorization is permitted; (xi) one or more pre-selected default constraints; (xii) a type of data constraint indicative of at least one type of data for which authorization is permitted; and (xiil) a 

20. 	The system of claim 18, wherein the transaction for which the Authorization Token is generated comprises one of: 20 (i) withdrawing funds from an account at a financial institution, wherein the at least one identifier comprises an account identifier for the account; (ii) providing a tax authority with authorization to use a tax identifier to process a tax return, wherein the at least one identifier comprises the tax identifier; (iii) providing a medical provider with authorization to file an insurance claim, wherein the at least one identifier comprises one of an insurance account number or a social security number; (iv) providing a stock broker with authorization to execute a trade, wherein the at least one identifier comprises an account identifier for a trading account; (v) a purchase transaction for a good or service, wherein the at least one identifier comprises one of a credit card number or a debit card number used for payment, (vi) authorizing a limited sharing of information held by an institution with a trusted third-party, wherein the at least one identifier comprises an account number for the account: (vil) debiting an account balance to permit a transaction, wherein the at least one identifier comprises a debit account number not maintained by a financial institution; and (viii) authorizing one of use and access to one of a physical asset and a virtual asset and an account, (see Loh, ¶ 9, 37 and 46). 

Claims 15 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loh, U.S. 2014/0164251 A1 in view of Gaddam et al., U.S. 2015/0269566 A1, and further in view of Kane et al., U.S. 2005/0010780.

15. 	The method of claim 9, wherein the user-selected constraints include a third- party identity constraint identifying a third-party for whom authorization is permitted; wherein the transaction 
	It would have been obvious to one of ordinary skill in the art at the time of the invention to include Kane with the combination of Loh and Gaddam.  The motivation would have been to combine prior art elements according to known methods to yield predictable results. All the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination yielded nothing more than predictable results to one of ordinary skill in the art.
This motivation is applied to all claims below by reference.
16. 	The method of claim 9, wherein the user-selected constraints include an identifier of a third-party for whom authorization is permitted; wherein the third-party identifier is transmitted as Companion Transmitted Information with the Authorization Token; wherein the transaction comprises providing access; and wherein validation of the Authorization Token provides the third-party with the access, (see Kane, claims 1, 2, 15 and 16, figures 1-3, and ¶ 28).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Sullivan et al., U.S. 2018/0114030 A1.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RUSSELL S GLASS whose telephone number is (571)272-7285. The examiner can normally be reached weekdays between 10 and 6PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RUSSELL S GLASS/Primary Examiner, Art Unit 3627