DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.

Status of claims
Claims 5, 7-10, 19, 21-24, 33, 36 and 37 were canceled.
Claims 1-4, 6, 11-18, 20, 25-32, 34, 35 and 38-44 are pending.
Claims 1-4, 6, 11-18, 20, 25-32, 34, 35 and 38-44 were examined.

Claim Objections
Claims objected to because of the following informalities: 

The last word of claim 29 is truncated and recited as “det”. According to the last set of claims and the corresponding independent claims this word should read and was interpreted for purposes of Examination as “details”. Appropriate correction is required. 

Claims 32 and 34 were amended to now depend on claim 35. A series of singular dependent claims is permissible in which a dependent claim refers to a preceding claim which, in turn, refers to another preceding claim. Dependent claims 32 and 34 are now recited as depending on subsequent claim 35. See MPEP § 608.01(n). Appropriate correction is required.


Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.


Claims 4, 6, 18 and 20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.

Claims 4, 6, 18 and 20 were amended to recite “causing a security agent to…” The specification as filed recites, inter alia:
“[0035] The secure access transaction 300 begins with the security agent 110 interacting with the user at a log-on webpage of the institution. In one embodiment, the security agent 110 automatically activates after the security agent 110 detects the log-on webpage of the institution. For instance, the security agent may detect the institution log-on webpage by reading the source code of the webpage, such as the HTML code or by reading a trigger, such as a header or an identification number embedded in the log-on webpage. In another embodiment, the user activates the security agent 110 to perform the secure access transaction 300. For instance, the user may select a button on the webpage to activate the security agent 110. In a further embodiment, the institution activates the security agent 110 and requires the user to use the security agent 110 during the secure access transaction 300. 
[0036] In step 305, the security agent 110 prompts the user to enter his or her username and/or password in order to determine the first factor of authentication. In step 310, the username and/or password entered in step 305 is compared to the username and/or password previously stored in the user profiles database 130...
[0041] The secure payment transaction 400 begins with the security agent 110 interacting with the user at a payment webpage of the online merchant 505. In one embodiment, the security agent 110 automatically activates after the security agent 110 detects the payment webpage of the online merchant 505. For instance, the security agent may detect the online merchant 505 payment webpage by reading the source code of the webpage, such as the HTML code for credit card information e.g. card type, expiry date, CW2 code, etc. or by reading a trigger, such as a header or an identification number embedded in the payment webpage. In another embodiment, the user activates the security agent 110 to perform the secure payment transaction 400. For instance, the user may select a button on the webpage to activate the security agent 110. In a further embodiment, the online merchant 505 activates the security agent 110 and requires the user to use the security agent 110 during the secure payment transaction 400. 
[0042] In step 405, the security agent 110 prompts the user to enter his or her username and/or password in order to determine the first factor of authentication. In one embodiment, the user enters his or her username and/or password through the standard key entry method of the user machine 105. In another embodiment, referring now to Figure 6, the security agent 110 prompts the user to enter a username and/or password directly in a box 615 by using a keypad 610 on the security agent 110. ” (Emphasis added)

However, while the specification as filed recites actions performed by the “security agent”, the specification as filed fails to disclose in which manner the claimed method performed by an “authentication server” and corresponding “medium” (see Fig. causing” a security agent of an extraneous device (see Fig. 1, user machine 105, security agent 110) to perform certain steps/functions (i.e. prompt, transmit). A fair reading of the specification as filed would lead one of ordinary skill to convey that the “security agent” acts as an independent entity and the causal link to the authentication is missing from the disclosure. Therefore, the specification as filed does not provide sufficient written description for the claimed language (see MPEP 2161.01). In other words, the algorithm or steps/procedure taken to perform the function must be described with sufficient detail so that one of ordinary skill in the art would understand how the inventor intended the function to be performed.


The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-4, 6, 11-18, 20, 25-32, 34, 35 and 38-44 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.


 that was executed via a merchant webpage operated by the merchant". One of ordinary skill would not be able to reasonably convey whether the claims refer to the same "online payment transaction", whether two distinct transactions are recited or whether the claims attempt to describe different stages of the same online payment transaction (i.e. initiation and execution). In other words, the claim language attempts to refer to the preamble language "initiated with" by reciting another transaction that "was executed". This duality renders the scope of the claim language unclear. Examiner suggests clearly specifying which stage or stages of the transaction processing (initiation or execution) the term "online payment transaction" refers to. Dependent claims 2-4, 6, 7, 11-14, 16-18, 20-22, 25-28, 30-32, 34, 35 and 38-44 are also rejected since they depend on claims 1, 15 and 29, respectively.

Claims 1, 15 and 29 were amended to recite the language “the transaction details” in lines 26, 28 and 30, respectively. There is insufficient antecedent basis for this language in the claims. Dependent claims 2-4, 6, 7, 11-14, 16-18, 20-22, 25-28, 30-32, 34, 35 and 38-44 are also rejected since they depend on claims 1, 15 and 29, respectively.



Claims 15 and 29 are indefinite because it is unclear to one of ordinary skill in the art whether Applicants are claiming the subcombination of “a non-transitory computer readable medium; and a system comprising an authentication server” or the combination of “a non-transitory computer readable medium; and a system comprising an authentication server” and “an entity”. If it is Applicants’ intent to claim only the subcombination, the body of the claims must be amended to remove any positive recitation of the combination. If it is Applicants’ intent to claim the combination, the 

Claims 26-28 are indefinite because it is unclear to one of ordinary skill in the art whether Applicants are claiming the subcombination of “a non-transitory computer readable medium” or the combination of “a non-transitory computer readable medium” and “a security agent”. If it is Applicants’ intent to claim only the subcombination, the body of the claims must be amended to remove any positive recitation of the combination. If it is Applicants’ intent to claim the combination, the preamble of the claim must be amended to be consistent with the language in the body of the claim. Dependent claims 27 and 28 are also rejected since they depend on claim 26.


Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

Claims 1-4, 6, 11, 12, 15-18, 20, 25, 26, 29-32, 34, 35, 38, 39 and 44 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Flitcroft'567 (US 2003/0018567 A1), in view of Flitcroft'833 (US 6,636,833 B1) and in view of Bennett et al. (WO 01/29637 A2), hereinafter “Bennett”


With respect to claims 1, 15 and 29, Flitcroft'567 teaches one or more non-transitory computer-readable media including a set of instructions; a system for authenticating an online payment transaction initiated with a merchant, the system comprising: an authentication server that includes a user profiles database, a first processor, and a first memory (see paragraph [0301]); and a computer-implemented method for authenticating an online payment transaction initiated with a merchant (Business-to-Business commerce using financial transaction numbers) comprising:
receiving, via a network by an authentication server from a first financial institution server associated first financial institution, a first user real personal account number comprising a first Network Identification Number that identifies the first financial institution, wherein: the authentication server is operated by an entity that is separate and distinct from the first financial institution, and the authentication server receives the first user real personal account number prior to 
creating, by the authentication server, a first one-time use personal account number, wherein the first one-time use personal account number includes a second Network Identification Number (see CPN, paragraphs [0050]-[0056]; CPN system issues CPN, paragraphs [0223]-[0226]); 
sending, by the authentication server, the first one-time use personal account number to a recipient for use with the online payment transaction (see paragraphs [0052] and [0053]; Fig. 9, user requests CPN's through end-user software application 92a, CPN issued, paragraph [0098];); receiving, by the authentication server from a payment processor via the network: the first one-time use personal account number, wherein... the first set of transaction details associated with the online payment transaction that was executed via a merchant webpage operated by the merchant (see CPN as payment instrument, paragraph [0102]; Fig. 9, steps 7-14, clearing and settlement and paragraphs [0103] and [0104]; Authorisation, paragraphs [0252] and [0253]); 
after receiving the first one-time use personal account number, replacing, by the authentication server, the first one-time use personal account number with the first user real personal account number (see The CPN details are replaced with the 'real' details and the transaction is posted to the 'real' account on the issuer's account management system, paragraph [0104]; CPN details replaced with "real" 
transmitting, from the authentication server via the network to the first financial institution server, the first user real personal account number and the first set of transaction details (see Fig. 9, step 14, clearing and settlement and paragraphs [0103] and [0104]; MCC, paragraph [0261]; routing rebuilt authorisation request to issuer, paragraphs [0264] and [0265]; settlement processing follows core authorisation processing, including MCC, paragraph [0272]). 

Although Flitcroft'567 discloses that it is assumed that the issuing bank has reserved a BIN/BIN range for the CPN software platform 91 (see paragraphs [0057] and [0063]), Flitcroft'567 does not explicitly disclose a method, computer-readable media and system comprising: wherein the second network identification number identifies the authentication server; a second Network Identification Number that is different than the first Network Identification Number; wherein the payment processor transmits the first one-time use personal account number based on the second Network identification number; wherein the authentication server receives the transaction details in lieu of the first financial institution based on the first one-time use personal account number; wherein the online payment transaction is subject to approval by the first financial institution via processing the first user real personal account number and the first set of transaction details. 



a second Network Identification Number that is different than the first Network Identification Number (see col. 12, lines 24-37; entire number is varied, col. 13, lines 6-31; header sequence converted into an unused BIN number, col. 22, lines 18-30). 

Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the limited-use encryption mechanisms as disclosed by Flitcroft'833 in the method, computer-readable media and system of Flitcroft'567, the motivation being to eliminate mathematical relationships between the limited-use credit card number and the master (real) credit card number (see Flitcroft'833, col. 5, lines 50-61).

Although Flitcroft'833 discloses that the payment processor transmits the first one-time use personal account number based on the second Network identification number (see i.e. "routed to the appropriate center for processing", and one of ordinary skill in the art would reasonably convey that the routing is performed according to the assigned BIN, col. 12, line 31); and Flitcroft'567 teaches "The inventive B2B CPN software platform 91, as shown in FIG. 9, can be stand-alone or hosted by a card scheme issuer 94 and integrated with its existing authorisation and account management system"), see paragraph [0094]), the combination of Flitcroft'567 and 

However, Bennett discloses a method, computer-readable media and system (System and method for secure electronic transactions) comprising: 
wherein the second network identification number identifies the authentication server (see "The present invention contemplates the use of central servers 15 having their own unique BINs, so that the credit card association network routers forward only proxy transaction numbers to the central servers. Non-proxy transaction numbers, i.e., real credit card numbers, are forwarded directly to the issuing bank or institution.", page 7); 
wherein the payment processor transmits the first one-time use personal account number based on the second Network identification number (see "The current credit card association network routing system receives authorization requests from merchants and evaluates the BIN (specifically, the card association network 10 uses packet switched routing that is blind to individual credit card numbers, as a whole, and reads only the BIN portion of the entire card number", page 7); 

wherein the online payment transaction is subject to approval by the first financial institution via processing the first user real personal account number and the first set of transaction details (see "The issuing bank's authorization server generates an authorization response based on the customer's real credit card number and forwards the response back to the central server", page 7). 

Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the central server distinct from the financial institution server as disclosed by Bennett in the method, computer-readable media and system of Flitcroft'567 and Flitcroft'833, the motivation being to reduce central server processing requirements while processing authorization requests and settlements in a manner which is seamlessly integrated into the current credit card system infrastructure (see Bennett, page 5 explicitly discusses the motivation to modify Flitcroft et al. Note that patent '833 was also published as WO 99/49424, which is the 

With respect to claims 2, 16 and 30, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the method, computer-readable media and system as described above with respect to claims 1, 15 and 29. Furthermore, Flitcroft'567 disclose a method, computer-readable media and system wherein the first user real personal account number is associated with a user account or other financing associated with a user at the first financial institution (see Real Accounts, paragraphs [0097], [0114]-[0122] and [0161]; Registration, paragraphs [0190]-[0195]). 

With respect to claims 3, 17 and 31, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the method, computer-readable media and system as described above with respect to claims 1, 15 and 29. Furthermore, Flitcroft'567 disclose a method, computer-readable media and system further comprising obtaining payment-type information from the first financial institution server (see Fig. 98, transaction forwarded to CPN software platform 91, paragraph [0104]). 

With respect to claims 4 and 18, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the method and computer-readable media as described above with respect to claims 1 and 15. Furthermore, Bennett disclose a method and computer-readable media further comprising causing a security agent to prompt a user to select a payment type to be used for paying the merchant (see "In the 

With respect to claims 6 and 20, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the method and computer-readable media as described above with respect to claims 1 and 15. Furthermore, Bennett disclose a method and computer-readable media further comprising causing a security agent to transmit the first one-time use personal account number to the merchant through the merchant webpage (see "Depending on whether the purchase and order form submitted from the merchant computer 32 to the web browser 24 was recognized by the client user interface 26, the transaction number will either be automatically inserted into the purchase and order form by the client user interface 26", page 16). 

With respect to claims 11 and 25, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the method and computer-readable media as described above with respect to claims 1 and 15. Furthermore, Bennett disclose a method and computer-readable media further comprising allowing a user to access a user account associated with the first financial institution without providing credit card numbers, debit card numbers, checking account numbers, or other similar bank account numbers associated with the user (see "In either instance, once the client user interface 26 is active the customer will be prompted to enter authentication data such as a user identification number and password to verify that the customer operating the client computer 22 is authorized to conduct electronic transactions using the customer's credit 

With respect to claims 12 and 26, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the method and computer-readable media as described above with respect to claims 11 and 25. Furthermore, Bennett disclose a method and computer-readable media wherein a security agent detects a webpage related to the user attempting to access the first user real personal account number (see "In a preferred embodiment, the client user interface 26 will automatically recognize the order form submitted to the customer from the merchant computer 32", page 14). 

With respect to claim 35, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the system as described above with respect to claim 29. Furthermore, Bennett disclose a system further comprising: a computing device comprising: a second memory storing a security agent and a second processor coupled to the second memory and executes the security agent by prompting a user to enter a username and a password into the computing device (see client computer 22, client user interface 26, "In either instance, once the client user interface 26 is active the customer will be prompted to enter authentication data such as a user identification number and password to verify that the customer operating the client computer 22 is authorized to conduct electronic transactions using the customer's credit card account 

With respect to claim 32, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the system as described above with respect to claim 35. Furthermore, Bennett disclose a system wherein the security agent further prompts the user to select a payment type to be used for paying the merchant (see "In the purchase and order form, personal information about the customer is requested such as… payment information", pages 13 and 14). 

With respect to claim 34, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the system as described above with respect to claim 35. Furthermore, Bennett disclose a system wherein the computing device transmits the first one-time use personal account number to the merchant through the merchant webpage (see "Depending on whether the purchase and order form submitted from the merchant computer 32 to the web browser 24 was recognized by the client user interface 26, the transaction number will either be automatically inserted into the purchase and order form by the client user interface 26", page 16). 

With respect to claim 38, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the system as described above with respect to claim 35. Furthermore, Bennett disclose a system wherein the second processor further executes the security agent allowing the user to access a user account associated with 

With respect to claim 39, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the system as described above with respect to claim 38. Furthermore, Bennett disclose a system wherein the second processor further executes the security agent by detecting a webpage related to the user attempting to access the user account (see "In a preferred embodiment, the client user interface 26 will automatically recognize the order form submitted to the customer from the merchant computer 32", page 14). 

With respect to claim 44, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the system as described above with respect to claim 29. Furthermore, Flitcroft'567 disclose a system wherein the first one-time use personal account number has a format associated with a conventional credit card (see paragraph [0050]. In addition, Bennett also discloses "Transaction numbers differ from the proxy number by the inclusion of the BIN and checksum and generally contains 16 


Claims 13, 14, 27, 28 and 40-43 are rejected under 35 U.S.C. 103 as being unpatentable over Flitcroft'567 (US 2003/0018567 A1), in view of Flitcroft'833 (US 6,636,833 B1), in view of Bennett et al. (WO 01/29637 A2), hereinafter “Bennett”, in view of Sidles (US 2002/0062342 A1)

With respect to claims 13 and 27, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the method and computer-readable media as described above with respect to claims 12 and 26. The combination of Flitcroft'567, Flitcroft'833 and Bennett does not explicitly teach a method and computer-readable media wherein the security agent detects the webpage by reading a source code of the webpage or detecting a trigger included in the webpage. 
However, Sidles discloses a method and computer-readable media (Method and system for completing forms on wide area networks such as the internet) wherein the security agent detects the webpage by reading a source code of the webpage or detecting a trigger included in the webpage (see paragraphs [0037], [0040]). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the automatic method for filling out forms as the form-fill functionality (see Flitcroft'567, paragraph [0102]) as disclosed by Sidles in the method and computer-readable media of Flitcroft'567, 

With respect to claims 14 and 28, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the method and computer-readable media as described above with respect to claims 12 and 26. The combination of Flitcroft'567, Flitcroft'833 and Bennett does not explicitly teach a method and computer-readable media wherein the security agent detects the webpage by reading HTML for key words including expiration date or card verification value. 
However, Sidles discloses a method and computer-readable media (Method and system for completing forms on wide area networks such as the internet) wherein the security agent detects the webpage by reading HTML for key words including expiration date or card verification value (see field names of the form 126, paragraph [0040]; Fig. 1, vendor's website 104, information that is needed to complete a purchase, paragraph [0047]; Profile data/credit card information, paragraph [0058]). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the automatic method for filling out forms as the form-fill functionality (see Flitcroft'567, paragraph [0102]) as disclosed by Sidles in the method and computer-readable media of Flitcroft'567, Flitcroft'833 and Bennett, the motivation being to speed up purchasing transactions by completing the blanks in a form document received from Internet web sites for purposes 

With respect to claim 40, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the system as described above with respect to claim 39. The combination of Flitcroft'567, Flitcroft'833 and Bennett does not explicitly teach a system wherein the detecting comprises reading a source code of the webpage or detecting a trigger included in the webpage. 
However, Sidles discloses a system (Method and system for completing forms on wide area networks such as the internet) wherein the detecting comprises reading a source code of the webpage or detecting a trigger included in the webpage (see paragraphs [0037], [0040]). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the automatic method for filling out forms as the form-fill functionality (see Flitcroft'567, paragraph [0102]) as disclosed by Sidles in the system of Flitcroft'567, Flitcroft'833 and Bennett, the motivation being to speed up purchasing transactions by completing the blanks in a form document received from Internet web sites for purposes such as the submission of personal and billing information in conjunction with a purchase or registration made over the Internet (see Sidles, paragraphs [0003]).



However, Sidles discloses a system (Method and system for completing forms on wide area networks such as the internet) wherein the detecting comprises reading HTML for key words including expiration date or card verification value (see field names of the form 126, paragraph [0040]; Fig. 1, vendor's website 104, information that is needed to complete a purchase, paragraph [0047]; Profile data/credit card information, paragraph [0058]). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the automatic method for filling out forms as the form-fill functionality (see Flitcroft'567, paragraph [0102]) as disclosed by Sidles in the system of Flitcroft'567, Flitcroft'833 and Bennett, the motivation being to speed up purchasing transactions by completing the blanks in a form document received from Internet web sites for purposes such as the submission of personal and billing information in conjunction with a purchase or registration made over the Internet (see Sidles, paragraphs [0003] ).

With respect to claim 42, the combination of Flitcroft'567, Flitcroft'833 and Bennett teaches all the subject matter of the system as described above with respect to claim 35. The combination of Flitcroft'567, Flitcroft'833 and Bennett does not explicitly 
However, Sidles discloses a system (Method and system for completing forms on wide area networks such as the internet) wherein the second processor further executes the security agent by collecting biometric data from a user (see Fig. 11, user name and password equivalents, paragraphs [0068], [0069], [0077]). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the automatic method for filling out forms as the form-fill functionality (see Flitcroft'567, paragraph [0102]) as disclosed by Sidles in the system of Flitcroft'567, Flitcroft'833 and Bennett, the motivation being to speed up purchasing transactions by completing the blanks in a form document received from Internet web sites for purposes such as the submission of personal and billing information in conjunction with a purchase or registration made over the Internet (see Sidles, paragraphs [0003] ).

With respect to claim 43, the combination of Flitcroft'567, Flitcroft'833, Bennett and Sidles teaches all the subject matter of the system as described above with respect to claim 42. 
Sidles further discloses a system (Method and system for completing forms on wide area networks such as the internet) wherein the biometric data includes at least one of typing patterns of the user, fingerprint data, or iris pattern data (see Fig. 11, user name and password equivalents, PIN/biometrics, paragraphs [0068], [0069], [0077]). 

Response to Arguments/Amendments
Claim rejections - 35 USC § 112(a)
Applicant’s amendments and arguments (see remarks, page 10, filed on 10/26/2021), with respect to the rejection of claims 4, 6-7, 12-14, 20-21, 27-28, 36 and 38-41 under 35 USC § 112(a) have been fully considered. Examiner finds Applicant's arguments persuasive in view of the submitted amendments, therefore the rejections were withdrawn. In addition, upon further consideration, new grounds of rejection under 35 USC § 112(a) were made for claims 4, 6, 18 and 20 in view of the amended language.

Claim rejections - 35 USC § 112(b)
Applicant’s amendments and arguments (see remarks, page 11, filed on 10/26/2021), with respect to the rejection of claims 1-4, 6, 7, 11-18, 20, 21, 25-32, 34-46 and 38-44 under 35 USC § 112(b) have been fully considered and are persuasive, in part. Examiner agrees in part with Applicant's position. Therefore the claims are still rejected under 35 USC § 112(b) as further detailed above. In addition, upon further consideration, new grounds of rejection under 35 USC § 112(b) were made for claims 1-4, 6, 11-18, 20, 25-32, 34, 35 and 38-44 in view of the amended language.

Claim rejections - 35 USC § 103
Applicant’s amendments and arguments (see remarks, pages 11-13, filed on 10/26/2021), with respect to the rejection of claim 1 under 35 USC § 103 have been 


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Foreign Literature
Endres et al. (WO 2006015052 A1) disclose method to secure credit card information stored electronically, including proxy number processing.

Non-Patent Literature
Peters (NPL 2002, listed in PTO-892 as reference "U") disclose emerging ecommerce credit and debit card protocols, including surrogate card numbers.
Espacenet (NPL 2021, listed in PTO-892 as reference "V") disclose Patent family of Application EP1115095A3, including patent '833, also published as WO 99/49424.
Takahashi et al. (NPL 2005, listed in PTO-892 as reference "W") disclose a Framework for Protecting Private Information through User-Trusted-Program and Its Realizability, including a security agent on a user device.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDUARDO D CASTILHO whose telephone number is (571)270-1592. The examiner can normally be reached Mon-Fri 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is 
/E.C./Examiner, Art Unit 3685                                                                                                                                                                                                        
/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685