DETAILED ACTION Status of the Claims
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  The following is in response to a Request for Continued Examination dated December 16, 2021.  Claims 1-4, 9-12 and 15 are amended.  Claims 1-4, 6 and 9-16 are pending.  Claims 5 and 7-8 are canceled.  Claims 1-4, 6 and 9-16 are pending.  All pending claims are examined.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.11, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.

Response to Arguments
According to Applicant’s Specification
[0016] The one or more network session data parameters in the method may comprise one or more of, a unique ID associated with the client terminal, a unique ID associated with an instance of a payment software application implemented in the client terminal, a unique merchant ID associated with a merchant to whom the payment is intended to be made, a payee payment account number, a date stamp or time stamp associated with receipt of the request for initiation of electronic payment at the merchant server, and a session ID uniquely associated with the network communication session between the client terminal and the merchant server. 
0053] As illustrated in FIG. 2, merchant server 206 may be communicably coupled with authentication server 208 and with issuer network 210. Authentication server 208 may be configured for network based data communication with client terminal 202 or with a registered instance of a payment software application installed thereon. Authentication server 208 may also be communicably coupled with issuer network 210, in a manner that enables electronic data interchange therebetween. In various embodiments of the disclosure, authentication server 208 may be located within a payment network or within an issuer network 210, or may authentication server 208 may even comprise a processor implemented server or server process thread or virtual server implemented within client terminal 202

[0058] In an embodiment of the disclosure, in step 302 the identity authentication request may be received at authentication server 208 either directly from client terminal 202 or through merchant server 206 or through issuer network 210.
[0059] Step 304 comprises receiving at authentication server 208, one or more network session data parameters corresponding to a network communication session between client terminal 202 and merchant server 206, within which network communication session, the request for initiation of the electronic payment has been generated. The one or more network session data parameters may be recorded by authentication server 208 in a database configured for this purpose. In an embodiment of the disclosure, the one or more network session data parameters may be extracted or identified at merchant server 206 and may thereafter be transmitted directly, or through one or more communication intermediaries, to authentication server 208. The one or more network session data parameters corresponding to the received request for initiation of the electronic payment includes at least a unique ID associated with the requesting client terminal 202 (for example, a unique device ID or MAC ID) or with an instance of the payment software application implemented thereon (for example, a unique software application ID). Other network session data parameters corresponding to the request for initiation of the electronic payment may include one or more of (i) a unique merchant ID associated with a merchant to whom the payment is intended to be made (ii) a merchant payment account number, (iii) a date stamp and/or time stamp associated with receipt of the request for initiation of electronic payment from client terminal 202 at merchant server 206, (iv) a payment amount identified within the request for initiation of electronic payment, and (v) a session ID uniquely associated with the network communication session between the client terminal 202 and merchant server 206 during which the request for initiation of electronic payment is initiated.
[0060] At step 306, authentication server 208 generates an authentication data record that uniquely corresponds to the received identity authentication request, and stores a copy of the generated authentication data record at a memory location (preferably a secure memory location) associated with, controlled by or accessible by an instance of a payment application software that is implemented within a registered mobile device terminal that is (according to the records of the issuer or issuer network 210) associated with the payor's payment account. The generated authentication data record is generated based on the network session data parameters received at step 304 that correspond to the request for initiation of the electronic payment. In an embodiment of the disclosure, the generated authentication data record is an authentication cookie, authentication key or authentication string comprising a hashed and/or encrypted value that is generated based on hashing and/or encryption of one or more of the network session data parameters received at step 304. The hashing and/or encryption may be achieved through any number of hashing, encryption or transformative functions that would be apparent to the skilled person.
.
[0062] At step 308, the authentication server 208 requests and/or retrieves from a memory location (preferably a secure memory location) associated with, controlled by or accessible by the instance of the payment application software that is implemented within client terminal 202, one or more data records associated with payment transaction initiation requests involving client terminal 202 and/or said instance of the payment application software that is implemented within client terminal 202. In a specific embodiment, said one or more data records may be retrieved from memory associated with, controlled by or accessible by the instance of the payment application software that is implemented within client terminal 202. In a particular embodiment, the one or more data records retrieved from client terminal 202 at step 308 comprise one or more authentication data records stored by the authentication server 208 in connection with requests for initiation of electronic payment transactions that have been generated by the instance of the payment application software that is implemented within client terminal 202.

This suggests that the retrieval of the data record is from memory associated with, controlled by or accessible by an instance of the payment application software data record “is an authentication cookie, authentication key or authentication string comprising a hashed and/or encrypted value that is generated based on hashing and/or encryption of one or more of the network session data parameters received at step 304.”

Art Rejection
Applicant’s arguments are moot in light of amendments to claims and Examiner has introduced new reference, Rutherford USP Pub. No. 20190123899 which reads on the claimed invention as amended.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1-3, 9-11 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Rutherford, USP Pub. No. 20190123899 in view of Maeda, USP Pub. No. 20030051138.
As to claim 1 (Currently Amended) Rutherford discloses A computer-implemented method for providing identity authentication in connection with submission of payment account information for network based electronic payment transaction(s), the method comprising:
receiving, at an authentication server, an identity authentication request from a merchant server responsive to an initiated request for electronic payment from a payor account to a payee account, wherein said identity authentication request for electronic payment is initiated within a network communication session between a client terminal and the [[a]] merchant server, the authentication server separate from the merchant server and the client terminal (Rutherford, paras. 0029-0030; see also Fig. 1, 3;see also para 0034);
receiving, at the authentication server, from the merchant server, one or more network session data parameters corresponding to the network communication session, wherein the one or more network session data parameters includes a session ID specific to the network communication session (Rutherford, paras. 0103-0107 see also paras. 0009; 0010);
generating, by the authentication server, an authentication data record, the authentication data record including the received one or more network session data parameters (Rutherford, paras. 0009-0011);
Rutherford, paras. 0096-0097; Figs. 17A-17B);
retrieving, by the authentication server, from the client terminal, one or more data records associated with electronic payment transactions involving the client terminal, the one or more data records including the session ID specific to the network communication session(Rutherford, paras. 0100-0103; see also paras. 0106-0110);  
comparing, by the authentication server, at least the session ID from the one or more data records retrieved from the client terminal against the session ID from the generated authentication data record (Rutherford, paras. 0106-0113); and
responsive to a match between the one or more data records retrieved from the client terminal against the generated authentication data record, generating, by the authentication server, an identity confirmation decision for transmission to the merchant server from which the identity authentication request is received (Rutherford, paras. 0106-0113);.
Rutherford does not directly disclose but Maeda discloses receiving, at the authentication server, information identifying the payor account, the payee account and a payment amount corresponding to the initiated request for  (Maeda, paras. 0050, 0052-0064);
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Rutherford with Maeda because it would offer an 
As to claim 2. (Currently Amended) Rutherford discloses the method of claim 1, wherein the merchant server from which the identity authentication request is received is configured to respond to receiving the identity confirmation decision by authorizing the electronic payment of the payment amount from the payor account (Rutherford, Figs. 15-17A).
As to claim 3. (Currently Amended) Rutherford discloses the method of claim 1, wherein the one or more network session data parameters further comprise one or more of: a unique ID associated with the client terminal, a unique ID associated with an instance of the payment software application implemented in the client terminal, a unique merchant ID associated with a merchant to whom the payment is intended to be made, a payee payment account number, and/or a date stamp or time stamp associated with receipt of the request for initiation of the electronic payment at the merchant server (Rutherford, paras. 0100-0103; see also paras. 0106-0110); and
wherein comparing at least the session ID from the one or more data records retrieved from the client terminal against the session ID from the generated authentication data record includes comparing the one or more data records retrieved from the client terminal against each of the one or more network session data parameters from the generated authentication data record(Rutherford, paras. 0009-0010; see also Abstract, 0100-0103; 0106-0110).
As to claim 7, 

As to claims 9-11 recite limitations similar to claims 1-3 and are rejected in like manner.
As to claim 15 (Currently Amended) Rutherford does not directly disclose but Maeda discloses the system of claim 9, wherein the authentication server is configured, responsive to a determination that the session ID from the one or more data records retrieved from the client terminal does [[do]] not match the session ID from the generated authentication data record, to generate an identity denial decision for transmission to the server from which the identity authentication request is received (Maeda, Fig 12; see also para. 0082).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Rutherford with Maeda because it would offer an improvement in authenticating parties to a transaction thereby providing access to 
As to claim 16 (Previously Presented) Rutherford does not directly disclose but Maeda discloses the system of claim 15, wherein the server from which the identity authentication request is received is configured to respond to receiving the identity denial decision by refusing to authorize the electronic payment of the payment amount from the payor account(Maeda, Fig 12; see also para. 0082 – see rationale for combination in claim 15).

Claims 4, 6, 12 and 14 are rejected under 35 U.S.C. 103 as being unpatentable Rutherford, USP Pub. No. 20190123899 in view of Maeda, USP Pub. No. 20030051138 in further view of Makhotin, USP Pub. No. 20150086756.
As to claim 4, Rutherford and Maeda do not directly disclose but Makhotin discloses the method as claimed in claim 1, wherein generating the authentication data record includes applying a hashing function, an encryption function or a transformative function to the received one or more network session data parameters (Makhotin, paras 0010-0012; 0027, 0042, 0045-0050).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Rutherford and Maeda with the protection mechanism of Makhotin because it would be an improvement in the transmittal and processing of sensitive and or confidential personal information using a mobile terminal by providing an additional layer of protection to the data exchanged.

As to claim 6, Rutherford and Maeda, do not directly disclose but Makhotin discloses the method as claimed in claim 1, wherein the one or more data records associated with electronic payment transactions involving the client terminal are retrieved from a secure memory location associated with, controlled by or accessible by an instance of a payment application software that is implemented within the client terminal (Makhotin, paras. 0037, 0061-0062-0063, 0067 – see rationale for combination in claim 4).
Claims 12 and 14 recite limitations similar to claims 4 and 6 and are rejected in like manner.







Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHIKA OJIAKU whose telephone number is (571)270-3608. The examiner can normally be reached Monday - Friday: 8.30 AM -5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Namrata Boveja can be reached on 571 272-8105. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/CHIKAODINAKA OJIAKU/Primary Examiner, Art Unit 3696