DETAILED ACTIONNotice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This is a Final Office Action in response to application  16/346,458 entitled "VERIFYING AN ASSOCIATION BETWEEN A COMMUNICATION DEVICE AND A USER" filed on April 30, 2019.
Status of Claims
Claims 1, 8, 11, 13 17, 22, and 23 have been amended and are hereby entered.
Claims 10, 15, and 24 are cancelled.
Claims 25 and 26 are new.
Claims 1-3, 5-8, 11-13, 16-23, 25 and 26 are pending and have been examined.

Response to Amendment
The amendment filed January 7, 2022  has been entered. Claims 1-3, 5-8, 11-13, 16-23, 25 and 26 remain pending in the application.  Applicant’s  amendments to the Specification, Drawings, and/or Claims have been noted in response to the Non-Final Office Action mailed October 7, 2021.
  Information Disclosure Statement
The information disclosure statement (IDS) submitted on April 30, 2019 and June 16, 2021  is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement was considered by the examiner.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.



Claims 1-3, 5-8, 13, 16-23, and 25-26 are rejected under 35 U.S.C. 102(a)(2) as being clearly anticipated by Scott ("SECURE PROCESSING OF ELECTRONIC PAYMENTS", WIPO  Publication Number: WO2017000061A1).
Regarding Claim 1, 
Scott teaches,
a computer-implemented method for verifying an association between a communication device and a user including enrolling an application executing on the communication device, the method conducted at a remote server 
(Scott [0037]  communications device such as a purchaser's or other user's mobile or desktop computer, and/or one or more applications installed thereon, including...virtual wallet and/or merchant applications, may be registered with a...'trusted platform,' such as a server)
comprising: 	receiving a token from the communication device via a secure communication channel by way of which the communication device is uniquely identifiable by the remote server, at least a portion of the token including or having been derived from a credential stored within a portable credential device of the user, the credential having previously been associated with the user in a user account;
(Scott  [0042]  transactions signal data representing such a user's identity can be received ...  at a server...a token ...representing a validated identity for storage on an ID card, on the user's smart phone, wearable device, or other mobile device, desktop device, or other request communication device. 
Scott  [0262] token ...can be tied...to a specific transaction and/or user account.)
	receiving, from the communication device, a device identifier and a user identifier for association with each other, the user identifier having previously been associated with the user account; 	using the user identifier to identify the user account associated therewith; 	validating the received token; 	and if the token is valid, verifying the association between the communication device and the user and storing the device identifier as a verified device identifier in association with one or both of the user identifier and the user account so as to enroll the application. 
(Scott [0071] unique and secure identifiers of the device 1 10, and/or one or more authorized users 190 thereof, may be used
Scott [0075] transactions based on personal, device, or other non-payment identity(ies) or identifier(s) associated with one or more accounts... tokens, comprising data representing authenticating identifier(s)
Scott [0077] a server 120 which will verify that the ID is trusted 
Scott [0037] may be provided with one or more secure electronic tokens ... to verify or otherwise identify the request communication device as, e.g., a 'trusted device' 
Scott [00297]   configured to cooperate with virtual wallet applications 112 and/or FI/FSP server(s) 120, 160 associated with plurality...The at least one persistent memory device ...comprises stored data representing at least: a plurality of secure payment token references, each secure payment token reference comprising data representing an identifier associated with one of a plurality of sources)
Regarding Claim 2, 
Scott teaches,
  wherein the method includes verifying the association between the application and the user.
(Scott [0077]   validated identity may be stored on.... general memory of a device ...in one or more virtual wallet application(s)... Identifier(s) associated with the selected identity may be forwarded.... to a server 120 which will verify that the ID is trusted for completion of the transaction.)
Regarding Claim 3, 
Scott teaches,
    wherein the user account is a user financial account against which the user may conduct financial transactions and wherein the credential includes payment credentials usable in conducting financial transactions against the user financial account.
(Scott [0077]   validated identity may be stored on.... general memory of a device ...in one or more virtual wallet application(s)... Identifier(s) associated with the selected identity may be forwarded.... to a server 120 which will verify that the ID is trusted for completion of the transaction.
Scott [0061] the virtual wallet payment option ...adapted to enable the requesting user to log in to the user's authorized bank, credit, loyalty, rewards, and/or other payment account(s).)
Regarding Claim 5, 
Scott teaches,
      including transmitting an association verification request requesting verification of an association between the communication device and the user.
(Scott  [0037]  user's mobile or desktop computer,...such device(s) and/or application(s) may be provided with one or more secure electronic tokens useable by the trusted platform ... to verify or otherwise identify the request communication device as, e.g., a 'trusted device' 
Scott [0040]   for the verification of identities of individuals 
Scott  [0042] verification can be implemented and employed through provision of a token or other representation of, or a link to, data representing a validated identity for storage on an ID card, on the user's smart phone, ...The identity may be forwarded by the POS/device to a server which will verify that the ID is trusted  )
Regarding Claim 6, 
Scott teaches,
        wherein the association verification request includes a set of data elements, wherein at least a portion of the token has been derived by performing an operation on the data elements and the credential. and wherein the operation is one of a hash of the data elements and the credential or a signing or encryption of the data elements using the credential.
(Scott  [0042]   a token ...representing a validated identity for storage on an ID card 
Scott [0051], the payment information sent to the merchant server may be encrypted so that the merchant may not be able to view or otherwise access any of the user's sensitive information. 
Scott [0067]  a 'token', as used in this disclosure, is a secure data device adapted for communication of sensitive information.... may comprise data any such sensitive information, substitute data adapted to serve as a proxy for such data, and/or pointers to resources  )
Regarding Claim 7, 
Scott teaches,
          wherein at least a portion of the token includes the credential stored within the portable credential device, and wherein validating the received token includes comparing the received credential against a credential associated with the user account.
(Scott [0052] credential sent to a merchant server may be an exact copy of a token previously stored in the mobile wallet in association with a particular payment method....configured to ...validate payment tokens generated by other systems and/or applications at the time of each transaction.)
Regarding Claim 8, 
Scott teaches,
            wherein at least a portion of the token includes the credential and wherein enrolling the application includes: using the credential to identify the user account: and if the token is valid, storing the device identifier as a verified device identifier in association with the user account.
(Scott [00126] such as certificate or token data set(s), to be stored 
Scott [00128]    token data set may be received by a trusted platform...from a trusted device ...the token comprising a certification data set which may be looked up in a database 125, along with associated user and/or account information
Scott [0071]  unique and secure identifiers of the device...and/or one or more authorized users...may be used, in a wide variety of alternatives and combinations.
Scott [0091]  associating such a prepaid token with trusted identifiers associated uniquely with each of the transferring and receiving devices 
Scott [00127]  stored in secure memory associated with the trusted platform ... in association with further identifiers associated with the device(s)... or other entities associated with the device(s) ...and/or one or more accounts associated with such entities)
Claim 13 is rejected on the same basis as Claim 1.
Regarding Claim 16, 
Scott teaches,
wherein obtaining a token includes interacting with the portable credential device via a proximity communication interface, wherein the proximity communication interface is a radio frequency proximity communication interface.
(Scott [0069] Devices... may communicate between themselves by wireless (including radio, wireless telephone, optical, RFID, and infrared)
Scott [00104]  short-range communications 614 may include one or more short-range transceivers, such as for connection to Wi-Fi (802.1 1 standard) or Bluetooth networks, as well as other modes of short-range communication, like RFID, infrared or optical. 
Scott [00111] Accordingly, in some embodiments, an NFC subsystem 616 may include any suitable proximity-based communication component(s) or combination of components that enables contactless proximity-based communication with a corresponding NFC)
Regarding Claim 17, 
Scott teaches,
receiving an association verification request requesting verification of an association between the communication device and the user; and  prompting the user to verify the association using the portable credential device.
(Scott [0071] unique and secure identifiers of the device 1 10, and/or one or more authorized users  
Scott [0075] transactions based on personal, device, or other non-payment identity(ies) or identifier(s) associated with one or more accounts... tokens, comprising data representing authenticating identifier(s)
Scott [0077] a server 120 which will verify that the ID is trusted 
Scott [0037]  identify the request communication device as, e.g., a 'trusted device' 
Scott [0059]  verifying or otherwise authenticating a transaction...following a manual confirmation prompt presented to the user on the mobile device.
Scott [0060]   may cause presentation on an output screen of the requesting communication device of a user interface soliciting authorization to proceed (a 'prompt' for confirmation of authorization).)
Claim 18 is rejected on the same basis as Claim 6.
Regarding Claim 19, 
Scott teaches,
wherein the operation is performed on the portable credential device and wherein the method includes forwarding the data elements to the portable credential device and receiving the token from the portable credential device.
(Scott [00289] the transaction processor 1750 can generate and route to the wallet app 112, 622 a transaction payment authorization verification or confirmation data set
Scott [0005]  utilize mobile or other virtual wallets, which are programs or applications on a user's device
Scott [00146]  the wallet application is able to verify the certificate, the wallet application...may respond with an indication or signal that merchant application...is authorized to access payment credential(s) stored therein.
Scott [00290]   trusted wallet application 1 12', 620 can return control of the payment process and/or of the funded dynamic card token to the wallet application 1 12 accessed by the user to complete the transaction)
Claim 20 is rejected on the same basis as Claim 18.
Regarding Claim 21, 
Scott teaches,
wherein at least a portion of the token includes the credential stored within the portable credential device, and wherein obtaining a token includes obtaining the credential from the portable credential device.
(Scott  [0042]  transactions signal data representing such a user's identity can be received ...  at a server...a token ...representing a validated identity for storage on an ID card, on the user's smart phone, wearable device, or other mobile device, desktop device, or other request communication device. 
Scott [0005]  utilize mobile or other virtual wallets, which are programs or applications on a user's device
Scott [00290]   trusted wallet application 1 12', 620 can return control of the payment process and/or of the funded dynamic card token to the wallet application 1 12 accessed by the user to complete the transaction)
Claim 22 is rejected on the same basis as Claim 1.
Claim 23 is rejected on the same basis as Claim 1.
Regarding Claim 25, 
Scott teaches,
wherein the device identifier is or includes an application identifier which is capable of uniquely identifying the application executing on the communication device.
(Scott [0049] data representing a certificate (e.g., a identication token) issued to the ... application may be transmitted to the merchant application, for storage under the control of such application on the user's request communication device and subsequent presentation by the user's request communication device to the central certification authority....for use in verifying or otherwise authenticating a transaction.
Scott [00121] merchant application...as well as wallet application...may also be in communication with remote server(s) 800 in order to obtain authorization, such as in the form of a certificate or other cryptographic data, for a pending or future transaction initiated by the user on mobile device 
Scott [00125] a certificate data set can comprise any data associated uniquely with any one or more of the device ....Such certification/identification data can include, for example, names, 'secret' personal information, serial numbers, random or pseudo-random codes, account numbers, etc.)
Regarding Claim 26, 
Scott teaches,
wherein the credential is or includes an encryption key, wherein the credential is or includes an application cryptogram (AC) card key which is unique to the portable credential device. 
(Scott [00125] a certificate data set can comprise any data associated uniquely with any one or more of the device ....Such certification/identification  
Scott [00121] such as in the form of a certificate or other cryptographic data, for a pending or future transaction initiated by the user on mobile device 
Scott [00146] wallet application... may be provisioned with a private key and/or other cryptographic data)

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 11 is  rejected under 35 U.S.C. 103 as being unpatentable over Scott  in view of Juthani (“SYSTEM AND METHOD FOR GENERATING A STRONG MULTI FACTOR PERSONALIZED SERVER KEY FROM A SIMPLE USER PASSWORD”, U.S. Publication Number: 20130124292 A1)






Regarding Claim 11, 
Scott and Juthani teach the verification metod of Claim 8 as described earlier.
Scott does not teach wherein storing the device identifier includes combining the device identifier with the token and validating that the communication device is linked to a known mobile station international subscriber directory number (MSISDN).
Juthani teaches,
wherein storing the device identifier includes combining the device identifier with the token and validating that the communication device is linked to a known mobile station international subscriber directory number (MSISDN).
(Juthani [0043] mobile devices, cell phone,...and other any PDAs including hardware tokens.
Juthani [0044] Device specific ID is unique to each end-user device, where Device Specific ID could be a function of the MSISDN number 
Juthani [0083] server then validates and authenticates the payer from the given information
Juthani [0092] The database is coupled to the server which is capable of storing the data.)
It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the secure   electronic payments of Scott to incorporate the multi-factor encryption teachings of Juthani  for “generating a multi-factor encryption key … in order to access control over information stored at a second entity from a first entity via at least one communication network.” (Juthani  [Abstract]).        The modification would have been obvious, because it is merely applying a known technique (i.e. multi-factor encryption) to a known concept (i.e. secure   electronic payments) ready for improvement to yield predictable result (i.e. “to provide a safe payment method by generating a dynamic single use password on a client device for performing a payment transaction” Juthani  [0010])

Response to Remarks
Applicant's arguments filed on January 7, 2022 have been fully considered and Examiner’s remarks to Applicant’s amendments follow.   
Response Remarks on Claim Rejections - 35 USC § 101
The Applicant states:
“the aforementioned limitations, when considered as a whole in ordered combination, reflect an improvement in security during enrollment of an application with a remote server in that a purported association (e.g. of ownership or possession) between a communication device and a user may be verified remotely over a communication network that is unlike any concept previously identified by courts as abstract ideas….. amended independent claim 1 recites a claimed solution that can improve security during enrollment of an application with a remote server in that a purported association (e.g. of ownership or possession) between a communication device and a user may be verified remotely over a communication network. "
Examiner responds:
Applicant's arguments have been fully considered and are persuasive.   The proposed invention attempts to improve security by generating within the user device a token derived from credentials/ device ID/ user ID in a manner  beyond simply reading a conventional device ID or user ID.
The rejection under 35 USC § 101 is lifted.
Response Remarks on Claim Rejections - 35 USC § 102/103
Applicant's  amendments required the application of new/additional prior art. 
New prior art includes: 
  Scott ("SECURE PROCESSING OF ELECTRONIC PAYMENTS", WIPO  Publication Number: WO2017000061A1).
 Juthani (“SYSTEM AND METHOD FOR GENERATING A STRONG MULTI FACTOR PERSONALIZED SERVER KEY FROM A SIMPLE USER PASSWORD”, U.S. Publication Number: 20130124292 A1)
Applicant’s remarks regarding the rejection is made under 35 USC § 103 is rendered moot by the introduction of additional prior art.
Therefore, the rejection under  35 USC § 102/103 remains.
 

Prior Art Cited But Not Applied

















The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Shoup (“MULTI-FACTOR MOBILE TRANSACTION AUTHENTICATION”, U.S. Publication Number: 20130282589  A1) proposes techniques that can automatically recognize, validate, and utilize different types of information including user information, device information, and network information. Each of these types of information is processed with a unique algorithm and then is encrypted for security purposes.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHINEDU EKECHUKWU whose telephone number is (571)272-4493.  The examiner can normally be reached on Mon-Fri 10am to 4pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christine Behncke, can be reached on (571) 272-8103.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/C.E./Examiner, Art Unit 3697
/HAO FU/Primary Examiner, Art Unit 3697