DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on October 8, 2021 has been entered.

Notice of Pre-AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Acknowledgements
This Office Action is in response to Applicant’s response filed on September 7, 2021 (“September 2021 Response”).  The September 2021 Response contained, inter alia, claim amendments (“September 2021 Claim Amendments”) and “REMARKS” (“September 2021 Remarks”).
Claims 1, 4-7, 10-17, and 19-20 are currently pending and have been examined. 

Claim Rejections - 35 USC § 112 (pre-AIA ), 1st paragraph
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.


The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 4-7, 10-17, and 19-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Independent Claims 1, 7, and 14 recite the limitation: “wherein the transaction confirmation code is generated independently of a user PIN,” which was not described in the original disclosure such that one skilled in the art can reasonably conclude that the inventor had possession of the claimed feature; consequently, the claims fail to comply with the written description requirement.  As provided in MPEP 2173.05 (i), “[a]ny negative limitation or exclusionary proviso must have basis in the original disclosure,” and “[t]he mere absence of a positive recitation is not basis for an exclusion.” Although the mention of a PIN is absent in the specification’s description of the generation of a transaction confirmation code, the specification also does not describe or mention the exclusion of a PIN in the generation of a transaction confirmation code.  Therefore, there is no evidence that the specification contemplated that “the transaction confirmation code is generated independently of a user PIN.”

Claim Rejections - 35 USC § 112 (pre-AIA ), 2nd paragraph
The following is a quotation of 35 U.S.C. 112(b):


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 4-7, 10-17, and 19-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “wherein the transaction confirmation code is generated independently of a user PIN.”  However, the claim follows a series of steps implied by the claim in order to generate the transaction confirmation code.  For example, the “generating, by the second unit, a transaction confirmation code…” step is “in response to a transaction confirmation by the user,” and the “requesting…confirmation of the transaction” is “in response to the transaction confirmation request.”  Thus, a person having ordinary skill in the art at the time invention was made would understand that the transaction confirmation code is generated according to an order of steps.  Therefore, it is unclear if the limitation in question requires that each step of the claim preceding the “generating, by the second unit, a transaction confirmation code…” step be “independently of a user PIN” or, alternatively, if it is only the “generating, by the second unit, a transaction confirmation code…” step that is “independently of a user PIN.”  In another interpretation, it is unclear if the limitation in question means that the transaction confirmation code is generated regardless of whether a user PIN exists or not.  Therefore, the claimed limitation is indefinite.  Claims 7 and 14 are similar in this regard; therefore, they are rejected for the same reasons given above.  For purposes of applying the prior art, the Examiner 

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1, 4-7, 10-12, 14-17, and 20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Smith (US 2010/0191648 A1)(“Smith”) in view of Dewe et al. (WO 2007/145540 A2)(“Dewe”) and further in view of Rover et al. (US 7,386,727 B1)(“Rover”).

As to Claim 1, Smith discloses a method carried out by a first unit (user terminal 111), a server (interchange 101) and a second unit (mobile phone 117) for providing multi-factor transaction verification (Fig.4 and [0065]-[0066]) comprising:
initiating an electronic transaction over a first channel by the first unit and the server after a first level of user authentication (authentication via PIN, [0086])([0086]);
providing to the server by the first unit, transaction information (purchase request 177) provided by a user, that comprises detail information known to the user about the transaction (Fig.7 and [0067]);
perform a second level user authentication of the user after the first level of user authentication by:
during the electronic transaction over the first channel, receiving from the server, by the second unit, a transaction confirmation request (request in “confirmation message,” [0088]) for the transaction and receiving from the server the same transaction information provided by the user that comprises the detail information about the transaction to thwart malware that can interfere with the transaction, via a second channel, different from the first channel, based on the transaction (Fig.9, [0065]-[0066], and [0088]-[0090]);
providing through a user interface, by the second unit that is registered ([0086], [0012], [0041]) to the same user as the first unit, the received transaction information, without user intervention, that comprises a replication of the detail information about the transaction previously provided by the user for evaluation by the user of the second unit (Fig.9 and [0089]-[0090]);
requesting, by the second unit, in response to the transaction confirmation request, confirmation of the transaction by the user of the second unit ([0074] and [0090]); 
generating, a transaction confirmation code (“code” [0072],  such as “a secret code representing the payment request,” [0090]; “secret code,” [0077]) ([0076]-[0077]), wherein the transaction confirmation code is generated independently of a user PIN (“code” is not generated with a PIN at [0076]-[0077]); 
sending, by the second unit, the transaction confirmation code to the server for verification ([0078] and [0091]); and
verifying whether the transaction should be allowed ([0091]).
Smith does not directly
generating, by the second unit, a transaction confirmation code using the received transaction information that is the same transaction information provided to the server by the user, in response to a transaction confirmation by the user of the second unit, wherein the second unit generates the transaction confirmation code by electronically signing the received transaction information using a cryptographic key associated with the second unit; 
sending, by the second unit, the transaction confirmation code that is generated by the second unit using the received transaction information to the server for verification; and
generating, by the server, an expected transaction confirmation code for the second unit and comparing the expected transaction confirmation code with the received transaction confirmation code from the second unit.
Dewe teaches
generating, by a second unit (mobile device 5), a transaction confirmation code (“token,” page 5, line 2) using received transaction information (“transaction information… payee account and amount,” page 8, line 21)(see page 8, lines 19-30), in response to a transaction confirmation (“activation,” page 8, line 13) by the user of the second unit (“the token is generated by mobile telephony device 5 upon activation of the cryptographic based application by a use,” page 8, lines 12-13 ); 
sending, by the second unit, the transaction confirmation code that is generated by the second unit using the received transaction information to the server (system 3) for verification (“is sent via wireless network 6 to authentication system 3” page 8, lines 13-14)
generating, by the server, an expected transaction confirmation code for the second unit and comparing the expected transaction confirmation code with the received transaction confirmation code from the second unit (“Authentication system 3 generates a token based on the same seed…” page 7, lines 13-22).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify Smith by the features of Dewe, and in particular to include in Smith the features of generating, by the second unit, a transaction confirmation code using the received transaction information (that is the same transaction information provided to the server, as in Smith) in response to a transaction confirmation by the user of the second unit; sending, by the second unit, the transaction confirmation code that is generated by the second unit using the received transaction information to the server for verification; and generating, by the server, an expected transaction confirmation code for the second unit and comparing the expected transaction confirmation code with the received transaction confirmation code from the second unit, as taught by Dewe. 
A person having ordinary skill in the art would have been motivated to combine these features because it “prevents a man in the middle modifying transaction information once a channel is validated by a valid token,” (Dewe, page 8, line 33).
Rover teaches generating a code by electronically signing the received transaction information using a cryptographic key associated with a unit (Abstract and C.4, L.29-30).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the invention of the Smith/Dewe combination by the features of Rover and in particular to include in Smith’s generating of the transaction confirmation code in the Smith/Dewe combination, Rover’s feature of generating the code (i.e. Smith’s transaction 

As to Claim 4, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses comprising displaying on the second unit a user interface that visually presents the received transaction information in clear text (Fig.9) and wherein the user interface comprises controls operable to confirm or cancel the transaction (“send,” or “cancel,” Fig.9). 

As to Claim 5, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses sending a transaction cancellation message to the server from the second unit in response to user cancellation of the transaction via a cancellation indication (“cancel,” Fig.9) entered by the user of the second unit in response to presentation of the received transaction information from the server (see Fig.9 and [0073]). 

As to Claim 6, the Smith/Dewe/Rover combination discloses as discussed above.  Rover teaches wherein the second unit generates the transaction confirmation code by electronically signing the received transaction information using at least one of: a shared secret key assigned to the second unit and to the server, or by using an asymmetric (public/private key, C.1, L.7-16) cryptographic algorithm (“algorithm,” C.1, L.12)(Abstract and C.4, L.29-30). 

As to Claim 7, Smith discloses an electronic transaction system comprising:
a server (interchange 101) operative to provide a transaction session and communicate via a second channel with a second unit (mobile phone 117)(Fig.4);
a first unit (user terminal 111) operative to initiate an electronic transaction with the server, via a first channel, after a first level of user authentication affirmation (entering phone number and clicking “accept” button, Fig.8) and provide transaction information (purchase request 177) known to the user to the server, the transaction information being provided by the user after the first level authentication affirmation comprising detail information (phone number) about the transaction (Fig.8); 
the second unit, that is registered ([0086], [0012], [0041]) to the same user as the first unit operative to perform second level authentication of the user after the first level user authentication affirmation by:
receiving during the transaction over the first channel, a transaction confirmation request for the electronic transaction and the same transaction information that comprises the detail information about the transaction via a second channel to thwart malware that can interfere with the transaction, based on the electronic transaction from the server  (Fig.9, [0065]-[0066], and [0088]-[0090]);
providing through a user interface, the received transaction information, without user intervention, that comprises a replication of the detail information previously provided by the user about the transaction from the server for evaluation by the user of the second unit (Fig.9 and [0089]-[0091]);
requesting, in response to the transaction confirmation request, confirmation of the transaction by the user ([0074] and [0090]);
generating a transaction confirmation code (“code” [0072],  such as “a secret code representing the payment request,” [0090]; “secret code,” [0077]) ([0076]-[0077]), wherein the transaction confirmation code is generated independently of a user PIN (“code” is not generated with a PIN at [0076]-[0077]); 
sending, the transaction confirmation code to the server for verification ([0078]); and
and verifying whether the transaction should be allowed ([0091]).
Smith does not directly disclose 
generating, by the second unit, a transaction confirmation code using the received transaction information that is the same transaction information provided to the server by the user in response to a transaction confirmation by the user, wherein generating the transaction confirmation code is done by electronically signing the received transaction information using a cryptographic key associated with the second unit; 
sending the transaction confirmation code that is generated by the second unit using the received transaction information to the server for verification; and
wherein the server is operative to cryptographically generate an expected transaction confirmation code for the second unit and compare the expected transaction confirmation code with the received transaction confirmation code from the second unit.
Dewe teaches
generating, by a second unit (mobile device 5), a transaction confirmation code (“token,” page 5, line 2) using received transaction information (“transaction information… payee account and amount,” page 8, line 21)(see page 8, lines 19-30),  in response to a transaction confirmation (“activation,” page 8, line 13) by the user of (“the token is generated by mobile telephony device 5 upon activation of the cryptographic based application by a use,” page 8, lines 12-13 ); 
sending the transaction confirmation code that is generated by the second unit using the received transaction information to the server (system 3) for verification (“is sent via wireless network 6 to authentication system 3” page 8, lines 13-14); and
wherein the server is operative to cryptographically generate an expected transaction confirmation code for the second unit and compare the expected transaction confirmation code with the received transaction confirmation code from the second unit (“Authentication system 3 generates a token based on the same seed…” page 7, lines 13-22).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify Smith by the features of Dewe, and in particular to include in Smith the features of generating, by the second unit, a transaction confirmation code using the received transaction information (that is the same transaction information provided to the server, as in Smith) in response to a transaction confirmation by the user of the second unit; sending, by the second unit, the transaction confirmation code that is generated by the second unit using the received transaction information to the server for verification; and wherein the server is operative to cryptographically generate an expected transaction confirmation code for the second unit and compare the expected transaction confirmation code with the received transaction confirmation code from the second unit, as taught by Dewe. 
A person having ordinary skill in the art would have been motivated to combine these features because it “prevents a man in the middle modifying transaction information once a channel is validated by a valid token,” (Dewe, page 8, line 33).
Rover teaches generating a code is done by electronically signing the received transaction information using a cryptographic key associated with a unit (Abstract and C.4, L.29-30).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the invention of the Smith/Dewe combination by the features of Rover and in particular to include in Smith’s generating of the transaction confirmation code, in the Smith/Dewe combination, Rover’s feature of generating a code (i.e. Smith’s transaction confirmation code) by electronically signing the received transaction information using a cryptographic key associated with the unit, as in Smith’s second unit, in the Smith/Dewe combination.  A person having ordinary skill in the art would have been motivated to combine these features because this would provide an added layer of security to the transaction.

As to Claim 10, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses wherein the second unit is a wireless mobile unit and is operative to provide a user interface that visually presents the received transaction information in clear text on the user interface (Fig.9) and wherein the user interface comprises controls operable to confirm or cancel the transaction (“send,” or “cancel,” Fig.9).

As to Claim 11, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses sending a transaction cancellation message to the server in response to user cancellation of the transaction via a cancellation indication (“cancel,” Fig.9) entered by the user of the second unit in response to presentation of the received transaction information from the server (Fig.9 and [0073]). 

As to Claim 12, the Smith/Dewe/Rover combination discloses as discussed above.  Rover teaches wherein the second unit generates the transaction confirmation code by electronically signing the received transaction information using at least one of: a shared secret key assigned to the second unit and to the server, or by using an asymmetric (public/private key, C.1, L.7-16) cryptographic algorithm (“algorithm,” C.1, L.12)(Abstract and C.4, L.29-30). 

As to Claim 14, Smith discloses a wireless mobile device (mobile phone 117) comprising:
a wireless transceiver ([0033] and [0109]);
one or more processors (processors 403) operatively coupled to the wireless transceiver ([0102]);
memory (memory 408) comprising executable instructions that when executed cause the one or more processors ([0102] and [0107]) to,
perform second level authentication ([0086]) of a user after a first level of user authentication occurs by:
receiving from the transceiver, a transaction confirmation request for an electronic transaction and transaction information, provided by a user (Fig.9, [0065]-[0066], and [0088]-[0090]) after the first level of user authentication (entering phone number and clicking “accept” button, Fig.8) that comprises detail information known the user (phone number) about the transaction (Fig.8) to thwart malware that can interfere with the transaction based on the electronic transaction between another device (user terminal 111) that is registered to the same user as the first unit, and a server  (interchange 101); 
providing through a user interface, the same received transaction information, without user intervention, that comprises a replication of the detail (Fig.9);
requesting, in response to the transaction confirmation request, confirmation of the transaction by the user of the mobile device ([0074] and [0090]); 
generating, a transaction confirmation code (“code” [0072],  such as “a secret code representing the payment request,” [0090]; “secret code,” [0077]) ([0076]-[0077]) wherein the transaction confirmation code is generated independently of a user PIN (“code” is not generated with a PIN at [0076]-[0077]); 
sending, via the wireless received, the transaction confirmation code to the web server for verification ([0078]).
Smith does not directly disclose 
the generating, a transaction confirmation code using the received transaction information that is the same transaction information provided to the server by the user, in response to a transaction confirmation by the user of the mobile device, wherein generating the transaction confirmation code is done by electronically signing the received transaction information using at least one of: a shared secret key assigned to the mobile device and to a server, or by using an asymmetric cryptographic algorithm; 
sending, the transaction confirmation code that is generated using the received transaction information to the web server for verification.
Dewe teaches
generating, by a mobile device (mobile device 5), a transaction confirmation code (“token,” page 5, line 2) using received transaction information (“transaction information… payee account and amount,” page 8, line 21)(see page 8, lines 19-30),  (“activation,” page 8, line 13) by the user of the mobile device (“the token is generated by mobile telephony device 5 upon activation of the cryptographic based application by a use,” page 8, lines 12-13 ); 
sending the transaction confirmation code that is generated using the received transaction information to the web server (system 3) for verification (page 8, lines 13-14).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify Smith by the features of Dewe, and in particular to include in Smith the features of generating, by the mobile device, a transaction confirmation code using the received transaction information (that is the same transaction information provided to the server, as in Smith) in response to a transaction confirmation by the user of the mobile device; sending, by the second unit, the transaction confirmation code that is generated using the received transaction information to the server for verification, as taught by Dewe. 
A person having ordinary skill in the art would have been motivated to combine these features because it “prevents a man in the middle modifying transaction information once a channel is validated by a valid token,” (Dewe, page 8, line 33).
Rover teaches generating a code by electronically signing the received transaction information using at least one of: a shared secret key assigned to the mobile device and to a server, or by using an asymmetric cryptographic algorithm (“algorithm,” C.1, L.12)(Abstract and C.4, L.29-30).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the invention of the Smith/Dewe combination by the features of Rover and in particular to include in Smith’s generating of the transaction confirmation code in the 

As to Claim 15, the Smith/Dewe/Rover combination discloses as discussed above.  Rover teaches wherein the one or more processors are operative to generate the transaction confirmation code by electronically signing the received transaction information using a cryptographic key associated with the mobile device (Abstract and C.4, L.29-30), wherein the cryptographic key is at least one of the shared secret key assigned to the mobile device and to the server, or a private signing key (“secret key,” C.1, L.10) of a public/private key pair (“secret key and public key,” C.1, L.10) used in an asymmetric cryptographic algorithm (“algorithm,” C.1, L.12)(Abstract and C.4, L.29-30).

As to Claim 16, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses wherein the one or more processors are operative to display a user interface that visually presents the received transaction information in clear text (Fig.9) and wherein the user interface comprises controls operable to confirm or cancel the transaction (see controls “send” and “cancel” depicted in Fig.9). 

As to Claim 17, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses wherein the one or more processors are operative to send a transaction cancellation message to a server in response to user cancellation of the transaction via a cancellation indication (“cancel,” Fig.9) entered by the user of the device in response to presentation of the received transaction information from the server (Fig.9). 

As to Claim 20, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses wherein providing through a user interface, by the second unit, the received transaction information comprises providing the replication of the detail information in clear text (see Fig.9).

Claim 13 and 19 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Smith in view of Dewe and further in view of Rover and Law et al. (US 2010/0145861 A1)(“Law”).

As to Claim 13, the Smith/Dewe/Rover combination discloses as discussed above.  
Smith does not directly disclose store and display on a user interface, transaction history data corresponding to a plurality of electronic transactions that were confirmed or cancelled using the second unit. 
Law teaches store and display on a user interface, transaction history data corresponding to a plurality of electronic transactions that were confirmed or cancelled using a unit (Fig.8 and [0091]).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the system of the Smith/Dewe/Rover combination by the feature of Law and 

As to Claim 19, the Smith/Dewe/Rover combination discloses as discussed above.  
Smith does not directly disclose wherein the one or more processors are operative to store and display on a user interface, transaction history data corresponding to a plurality of electronic transactions that were confirmed or cancelled using the mobile device.
Law teaches storing and displaying on a user interface, transaction history data corresponding to a plurality of electronic transactions that were confirmed or cancelled using the mobile device (Fig.8 and [0091]).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the Smith/Dewe/Rover combination by the feature of Law and in particular to include in Smith’s one or more processors in the Smith/Dewe/Rover combination, Law’s feature of storing and displaying on a user interface, transaction history data corresponding to a plurality of electronic transactions that were confirmed or cancelled using the mobile device.  A person having ordinary skill in the art would have been motivated to combine these features because this would aid in repudiation of the transactions.

Claim Interpretation
35 USC § 112, 6th paragraph

(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: 
“a first unit operative to initiate an electronic transaction with the server, via a first channel, in response to a first level of user authentication affirmation and provide transaction information known to the user to the server, the transaction information comprising detail information about the transaction” as recited in Claim 7; and
“the second unit, that is registered to the same user as the first unit, operative to perform second level authentication of the user after the first level user authentication affirmation by:
receiving during the transaction over the first channel, a transaction confirmation request for the electronic transaction and the same transaction information that comprises detail information about the transaction via the second channel to thwart malware that can interfere with the transaction, based on the electronic transaction from the server; 
providing through a user interface, the received transaction information, without user intervention, that comprises a replication of the detail information previously provided by the user about the transaction from the server for evaluation by the user of the second unit;
requesting, in response to the transaction confirmation request, confirmation of the transaction by the user; 
generating a transaction confirmation code using the received transaction information that is the same transaction information provided to the server by the user in response to a transaction confirmation by the user, wherein generating the transaction confirmation code is done by electronically signing the received transaction information using a cryptographic key associated with the second unit, 
sending the transaction confirmation code that is generated using the received transaction information to the server for verification” as recited in Claim 7.
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Response to Arguments
Applicant’s arguments filed in the September 2021 Remarks have been fully considered and addressed below.
On pages 11-12 of the September 2021 Remarks, Applicant argues that Alie is different from the claimed “the transaction confirmation code is generated independently of a user PIN” because it uses a PIN to calculate the response 210.  However, Alie is no longer relied upon in the rejection.  Therefore, the argument is moot.  It is further noted that Dewe-the newly applied 
On page 13 of the September 2021 Remarks, Applicant argues that Smith is different from the claims because it uses a random number.  However, it is unclear what particular feature Applicant is arguing here.  Smith is relied upon for the generation of the transaction conformation code as discussed in the respective rejection (see code discussed at [0072], [0073], [0074], [0076], and [0077]).  As can be gleaned from Smith at the cited paragraphs, the code can be random or not (see that code can be an “identifier that represents the transaction,” [0077]). Furthermore, Applicant argues that adding Rover’s feature is improper because it is “simply add a message signing component for messages.”  This argument is unpersuasive because it does not provide a valid reason why the addition of Rover’s signing features would be improper.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
“Using a Mobile Device to Enhance Customer Trust in the Security of Remote Transactions” which describes a user inputting transaction information on a user’s PC for a merchant (page 399), the merchant sending a purchase confirmation and purchase details to the mobile device of the customer (pages 399-400), digitally signing and sending a payment order from the mobile device, and verifying the message (page 400). 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONICA A MANDEL whose telephone number is (571)270-7046.  The examiner can normally be reached on Monday-Friday 10:00 AM-6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Abhishek Vyas can be reached on (571) 270-1836.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.A.M/Examiner, Art Unit 3621                                                                                                                                                                                                        February 5, 2022

/ABHISHEK VYAS/Supervisory Patent Examiner, Art Unit 3621