DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2. According to applicant’s arguments filed on 01/18/2022, claims 21-23, 36-38,41-43,46 and 49-50 have been amended, and claims 47 and 48 have been cancelled hereby acknowledged.

3. Applicants arguments with respect to independent claim 21 have been fully considered but they are not persuasive. 

4. Applicant argues that none of the prior art of record (neither Thomas nor Scott) discloses the feature of “the unique recipient identifier of the target device” and “authenticating, by the verification system, the unique recipient identifier in the token received from the user device, as part of the transaction, to verify the target device”, as recited in independent claim 21.

5. Examiner would like to point out that the primary reference Thomas (2011/0276479) teaches “the unique recipient identifier of the target device”,  see Para:0008-0009, Para:0070-0074 teaches the payee identity includes merchant name, merchant id, unique name of the entity, phone number or mobile device number, e-mail address, pair-wised name, payment account number, routing number, a universal payment identification code (UPIC), a globally unique identifier (GUID) and/or other type of identifier that uniquely identifies the merchant.

As evidence Singh US pub.no. (2012/0265684) in para:0038 teaches a mobile communication device identifier will be an identifier that uniquely identifies a mobile communication device. For example, a mobile communication device identifier can be a phone number, an IP address, a MAC address, etc.

As such the mobile device number of Thomas qualifies the unique recipient identifier of the target device [merchant device].

But Thomas does not expressly teach authenticating, by the verification system, the unique recipient identifier in the token, as part of the transaction, to verify the target device.

The secondary reference Scott (2015/0278487) teaches the above claimed limitations, see, Para: 0027 and Para: 0068 and Para: 0149 teaches verifying the identity of the seller device [merchant/target device] using the digital identity origin pattern. The digital identity origin pattern generates a digital identifier unique to the entity. The digital identity origin pattern includes a pattern token or a pointer to the pattern token. The pattern token may be a string that represents a time nonce or a session identifier, which is used to ensure the digital identity origin pattern has a limited window of validity.

Further in response to applicant's arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

6. As such both Thomas in view of Scott teaches the above claimed limitations and therefore the rejection is made as Final.


                                             Double Patenting
7. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed.Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Long! 759 F.2d 887,225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438,164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

A timely filed terminal disclaimer in compliance with 37 CFR 1.321 (c) or 1.321 (d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with his application, or claims an invention made because of activities undertaken within the scope of a joint research agreement.

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

8.    Claims 21-23,25,36-38,40-43,45-50 of this instant application are rejected on the ground of non-statutory double patenting as being unpatentable over claims 1,9,15-19,21 and 23 of the US patent nos. 10,157,269 and claims 1,8,14-15,17-18 and 20 of the US patent 

Claim Objections
9. Claims 37,40,42 and 45 objected to because of the following informalities:  
10. Claims 37 and 40 dependents upon base claim 47, which has been cancelled.
11. Claims 42 and 45 dependents upon base claim 48, which has been cancelled.
   Appropriate correction is required.

                                Claim Rejections - 35 USC § 103
12. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

13.    Claims 21, 25, 36, 40, 41 and 45-50 are rejected under 35 U.S.C. 103 as being unpatentable over Thomas (US Pub.No.2011/0276479) in view of Scott (US Pub.No.2015/0278487).

14.  Regarding claims 21, 36 and 41 Thomas teaches a method, a verification system and a non-transitory computer readable storage medium, comprising: 
 recipient  identifier of a target device recipient receiving restricted information and the set of restricted information identifier data structure identifying the restricted information to be provided to a target device (Figs.1-3, Para: 0005, Para: 0008-0013 and Para:0070-0074 teaches generating a merchant or payee code [token herein]. The token consists of payee [recipient] identifier and a product identifier and the service associated with the transaction [which are the data structures herein]. The payee identity includes merchant name, merchant id, unique name of the entity, phone number or mobile device number, e-mail address, pair-wised name, payment account number, routing number, a universal payment identification code (UPIC), a globally unique identifier (GUID) and/or other type of identifier that uniquely identifies the merchant.
 (Examiner Note: As evidence Singh US pub.no. (2012/0265684) in para:0038 teaches a mobile communication device identifier will be an identifier that uniquely identifies a mobile communication device. For example, a mobile communication device identifier can be a phone number, an IP address, a MAC address, etc.
As such the mobile device number of Thomas qualifies the unique recipient identifier of the target device [merchant device]).

Thomas: Para: 0008-0013 teaches the merchant/payee could sign-up with Private Payment System (PPS) and can register a merchant code [payee token]. A user who has signed up with PPS can use the merchant code and a product number (for example, a product number in a catalog) to facilitate a purchase of the product. To purchase the product, the customer communicates the merchant code and product number to PPS. The PPS confirms the product, its price, and fulfillment mechanism (i.e. where to send the product or service that was purchased--for example, send to user's email, home address, or work address). Then, the PPS 
The payment amount, and the user's email, home address, or work address [are the set of restricted information identifier data structure herein], the merchant device [target device herein] then receives the payment amount [restricted information herein].
In this transaction, the user's payment information was never transmitted to the merchant. The merchant never having taken possession of the buyer's payment information does not have to incur any liability surrounding its security);

 providing, by the verification system processor, the token to a third-party system associated with the target device (Para: 0005 and Para: 0008-0013 teaches the generated token is provided to the merchant device [target device herein], the merchant can include the token in an advertisement, announcement, catalog entry, webpage, receipt, invoice, bill, or any other statement about a product or service offered. The token might consist of or be derived from a merchant identifier and a product identifier. A purchaser or buyer of that merchant's product or service may then "push" a payment to that token using a Private Payment System PPS.
Para: 0063-0064 teaches the product data store associated with the merchant may be stored by a third party or off-site from the merchant 112. The token subsystem 220 can communicate with a data source either local with the merchant or operated by a third party to retrieve information about the product or service associated with the token. As such the token that was generated is provided to the third part associated with the merchant);
receiving, by a verification system processor from a user device associated with a user and as part of an electronic session and transaction, a user identifier and the token; 
The payment amount, and the user's email, home address, or work address [are the set of restricted information identifier data structure herein], the merchant device [target device] then receives the payment amount [restricted information herein]).
Thomas teaches all the above claimed limitations but does not expressly teach wherein the unique recipient identifier comprises a random or pseudo-random sequence of numbers or symbols generated by the verification system processor using a random or pseudo-random number and a seed, the seed comprising one or more of an electronic address or physical location associated with the target device, the unique recipient identifier of the target device, a session identifier of a session involving the target device, and a random number identifier; and authenticating, by the verification system, the unique recipient identifier in the token, as part of the transaction, to verify the target device.

Scott teaches the unique recipient identifier comprises a random or pseudo-random sequence of numbers or symbols generated by the verification system processor using a random or pseudo-random number and a seed, the seed comprising one or more of an electronic address or physical location associated with the target device, the unique recipient identifier of the target device, a session identifier of a session involving the target device, and a random number identifier; and authenticating, by the verification system, the unique recipient identifier in the token, as part of the transaction, to verify the target device  (Para: 0027, Para: 0068, Para: 0137  and Para:0149 teaches verifying the identity of the seller using the digital identity origin pattern. The digital identity origin patterns include a pattern token or a pointer to the pattern token. The pattern token may be a string that represents a time nonce or a session identifier, which is used to ensure the digital identity origin pattern has a limited window of validity. The digital identity origin patterns are made sufficiently difficult to copy-and-paste to fraudulent identities' websites, 

Therefore, it would have been obvious to one of ordinary skill in the art before the invention was filing to modify Thomas in view of Weiss to include a session identifier of a session involving in the target device, as taught by Scott such a setup can help protect consumers against purchasing counterfeit goods (or diverted authentic goods from unauthorized sellers) over the Internet (para: 0008).

15.   Regarding claims 25, 40 and 45 Thomas teaches the method, the verification system and the non-transitory computer readable storage medium, wherein the restricted information comprises one or more of license permission to execute or access software or media content licensed to the user or user device, a user credential, cryptosystem secret, cryptographic secret, a cryptosystem identifier, and financial-related information (Figs.1-3, Para: 0005 and Para: 0008-0014 teaches the restricted information includes the payment amount, and user credentials such as the user name, email, home address, or work address etc.), 
wherein the set of restricted information identifier data structures identifies a type, level, and/or amount of restricted information that the target device is authorized or privileged to receive from an information provider, and wherein a first target device is authorized to receive a first type, level, and/or amount of restricted information at a request of the user while a second target device is authorized to receive a second type, level, and/or amount of information at a request of the user  (Figs.1-3, Para: 0005 and Para: 0008-0014 teaches the restricted information includes the payment amount details that the target device [merchant/payee device] is authorized to receive from the payer).


wherein the token is embedded in an internet advertisement selected by the user device, wherein the verification system processor receives an identifier associated with the internet advertisement; and wherein the restricted information relates to payment for the associated product or service (Para: 0010, Para: 0092-0094 and claim 7 teaches the merchant 112 will provide the token 302 in an advertisement within a periodical, publication, or an Internet page. The token will also be associated with a service or good and may be provided to the user through other sources or methods. The user receives the token from the merchant, to begin a transaction to push payment to the merchant to receive the product or service associated with the token. The user sends the token and authentication information to the private payment system 108. Thus, the user communicates the information within the token, such as, the payee identity 304 and the product or service 306 associated with the token 302 to the private payment system. The private payment system authenticates the user; and receives the instructions to either authorization for a transaction with the token or denial of the transaction, wherein the private payment system pushes payment [restricted information] to the merchant if the transaction is authorized).

17.    Claims 22, 37 and 42 are rejected under 35 U.S.C. 103 as being unpatentable over Thomas (US Pub.No.2011/0276479) in view of Scott (US Pub.No.2015/0278487) as applied to claim 21 above and further in view of Hart (US Pub.No.2008/0243702).



Therefore, it would have been obvious to one of ordinary skill in the art before the invention was filing to modify Thomas in view of Weiss to include the seed comprises a session identifier of a session involving in the target device, as taught by Scott such a setup can help protect consumers against purchasing counterfeit goods (or diverted authentic goods from unauthorized sellers) over the Internet (para: 0008).

Thomas in view of Scott teaches all the above claimed limitations but does not expressly teach providing, by the verification system processor, an approval code to the target device, the approval code comprising the set of restricted information identifier data structures identifying restricted information and the unique identifier associated with the target device or a third party system associated with the target device or an electronic session identifier associated with the electronic session, and a transaction identifier associated with the transaction to cause an information provider to authorize provision of the restricted information to the user.



Therefore, it would have been obvious to one of ordinary skill in the art before the invention was filing to modify Thomas in view of Scott to include providing, by the verification system, an approval code to the merchant system as taught by Hart since such a setup would identify an entity is authorized to transfer the value for a transaction.

19.    Claims 23, 38 and 43 are rejected under 35 U.S.C. 103 as being unpatentable over Thomas (US Pub.No.2011/0276479) in view of Scott (US Pub.No.2015/0278487) as applied to claims 21, 36 and 41 above and further in view of Poon (US Pub.No.2012/0150742).

20.    Regarding claims 23 , 38,43 Thomas in view of Scott teaches the method, the verification system and the non-transitory computer readable storage medium, wherein the user identifier comprises information a user device identifier of the user device, the user device identifier comprising one or more of a central processing unit identifier, an IMEI number of the user device, a SIM identifier, a network identifier, an application identifier, and a synchronized  global unique identifier), contact/location information (such as address, phone numbers, e-mail addresses etc.),  
wherein the seed comprises a plurality of the electronic address or physical location associated with the target device, the unique identifier of the target device, and the unique name of an entity associated with the target device, and the random number identifier, a session identifier of a session involving the target device  (Thomas: Para:0008-0009, Para:0070-0074 teaches the payee identity includes merchant name, merchant id, unique name of the entity, phone number, e-mail address, pair-wised name, payment account number, routing number, a universal payment identification code (UPIC), a globally unique identifier (GUID) and/or other type of identifier that uniquely identifies the merchant.
Scott: Para: 0027 and Para: 0068 and Para: 0149 teaches verifying the identity of the seller device [merchant/target device] using the digital identity origin pattern. The digital identity origin pattern generates a digital identifier unique to the entity (it could be a unique name of the entity). The digital identity origin pattern includes pattern token or a pointer to the pattern token. The pattern token may be a string that represents a time nonce or a session identifier, which is used to ensure the digital identity origin pattern has a limited window of validity. The digital identity origin patterns are made sufficiently difficult to copy-and-paste to fraudulent identities' websites, merchant accounts, etc., by using a time-based variable or session-unique token in in the generation of the challenge pair, meaning that the digital identity origin pattern is valid for verification only within a certain window of time).



Poon teaches sends to an information provider, a surrogate identifier associated with the user identifier rather than the user identifier itself, the surrogate identifier being generated by a random or pseudo-random number generator or a cryptographic hash algorithm (Para:0099-0105 teaches a surrogate identifier for identifying user. The surrogated identifier can be generated with a random component using a random number generator).

Therefore, it would have been obvious to one of ordinary skill in the art before the invention was filing to modify Thomas in view of Scott to include a surrogate identifier for identifying the user as taught by Poon since such a setup would result in easily identifying the user.

21.    Claims 24, 39 and 44 are rejected under 35 U.S.C. 103 as being unpatentable over Thomas (US Pub.No.2011/0276479) in view of Scott (US Pub.No.2015/0278487) as applied to claims 21, 36 and 41 above and further in view of Eksten (US Pub.No.2018/0329693).

22. Regarding claims 24, 39 and 44 Thomas in view of Scott teaches all the above claimed limitations, but does not expressly teach method, the verification system and the non-transitory computer readable storage medium, further comprising: updating, by the verification system to the user device processor, a first distributed, encrypted ledger to comprise details of the electronic session and transaction, the details relating to one or more of each credential issued, each credential authorized by the user, each credential approved by the user, and each transfer 
Eksten teaches updating, by the verification system to the user device processor, a first distributed, encrypted ledger to comprise details of the electronic session and transaction (Para:0096-0098 teaches the distribute ledger (database) that records transactions or other types of data (e.g. computing components) in a public or private peer-to-peer network. The distributed ledger comprises of blocks. Updating the distribute leader with block having electronic transaction details. The term block will refer to electronic entries of the distributed ledger Para: 0121 teaches encrypting the information in the distribute ledger), the details relating to one or more of each credential issued, each credential authorized by the user, each credential approved by the user, and each transfer of restricted information (Para:0117 teaches blockchain manager  is operable to register and authenticate users (using a login, unique identifier, and password for example) to provide access network resources, other networks and network security devices. Para: 0236 teaches authenticate identity of authority (e.g. user computing system, see para: 0106) will generate a corresponding digital signature for one or more components on distributed ledger. The transaction and the process of using a distributed ledger become trusted because the distributed ledger adds the digital certificates of each party involved to the transaction process itself forming an immutable linkage between the agreement, the parties, and the process. Para: 0102-0105 teaches the distributed ledger will be operable to enable auditable transactions (e.g. generation or updating of a block) and provide irrefutable proof of transaction upon request. The irrefutable proof of transaction will be provided by way of a digital signature [which is the restricted information herein] associated with a block); 



Therefore, it would have been obvious to one of ordinary skill in the art before the invention was filing to modify Thomas in view of Scott to include verifying the details in the first distributed, encrypted ledger with details of a second distributed, encrypted ledger maintained by an information provider to verify the transaction as taught by Eksten such a setup would verify the components of the electronic transaction in the distributed ledger.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DEREENA T CATTUNGAL/Primary Examiner, Art Unit 2431