DETAILED ACTION
Continued Examination Under 37 CFR 1.114
1.            A request for continued examination (“RCE”) under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/13/2021 has been entered. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Acknowledgements
This communication is in response to claim amendments and applicant’s remarks filed on 12/13/2021.
Claims 1, and 14 have been amended.
Claim 12 and 15 have been canceled.
No claims have been added.
Claims 1-11, and 13-14 are pending and are presented for examination on the merits.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claims 1, 2, 5-11, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Hammad et al. (US 20120018506), in view of Shimada et al. (US 20030074560), further in view of Sorotokin (US 20130125223).
Regarding claim 1, Hammad discloses:
          a system for authenticating a user of a communication device to a service provider's server by means of authenticating an electronic device of the user to an authentication server, wherein said system is adapted to perform an authentication based on a fictive payment transaction validated by a banking server (By disclosing, “a portable consumer device associated with a user”; “Apparatuses, methods, and systems pertaining to the verification of portable consumer devices for 3-D Secure Systems are disclosed”; the 3-D secure system “enables issuers to authenticate their cardholders during online purchases”; and “if token 40 seeks a cryptogram from a cryptogram-enabled device 5, it provides device 5 with dummy transaction information” (See at least paragraph [0015], [0041], and [0113] of Hammad)) (Note: the “computer 10” in the prior art can be the “communication device” in the claim; the “verification token” and the “portable consumer device”  in the prior art can be the “electronic device”; the “validation entity 80” and the “access control server” in the prior art can be the “authentication server” in the claim; the “acquiring bank” and/or the “issuing bank” in the prior art can be the “banking server” in the claim; and the “merchant website 20” in the prior art can be the “service provider’s server” in the claim.), the system comprises: 
         said communication device which is adapted to connect to said service provider’s server to allow the user to attempt to access a service of the service provider provided by said service provider’s server (By disclosing, a cardholder ;
         said authentication server which is adapted to: 
                 receive an authentication request form the service provider (By disclosing, “The merchant’s website 20 then uses the dCVV2 value for the CVV in its authorization request for the purchase. … Through a separate channel, validation entity 80 may send the dCVV2 value to payment processing network 70 and/or issuing bank 60, along with the account information (e.g., account number), so that the merchant’s authorization request can be processed” which means that the authorization request has been sent from the merchant to the validation entity (See at least paragraph [0063] of Hammad)); 
                  on an initial authentication attempt by the user using the communication device, transmitting an authentication prompt to the communication device instructing authentication via said electronic device (By disclosing, “Referring to FIG. 4, a user 1 is provided with a verification token 40 that is communicatively coupled to the user's computer 10, such as through a USB port 16 or a Bluetooth wireless connection. The verification token 40 may have a peripheral interface 46 adapted to communicatively couple to a peripheral interface 16 of computer 10. Verification token 40 is capable of reading one of the user's portable consumer devices 5 (e.g., credit card) for the device's identification information (shown in FIG. 1), of preferably reading merchant and/or transaction information from a web page on the user's computer 10, and ;
                 execute a fictive payment transaction with a predetermined transaction amount with said electronic device and during said execution  (By disclosing, “if token 40 seeks a cryptogram from a cryptogram-enabled device 5, it provides device 5 with dummy transaction information”; “Entity 80 may then generate the cryptogram based on the dummy transaction information, the ATC, and other information used in the algorithm, and compare the generated cryptogram with the cryptogram received from token 40”; and “The dummy transaction information may include a static transaction amount” (See at least paragraph [0113], [0113], [0061] of Hammad)): 
               receive a first cryptogram from said electronic device (By disclosing, “if token 40 seeks a cryptogram from a cryptogram-enabled device 5, it provides device 5 with dummy transaction information”; “The user’s device 5 uses the transaction information to generate the cryptogram”; “validation entity 80 may forward the dummy transaction information and the cryptogram received from token 40 to the issuing bank 60…” (See at least paragraph [0113] and [0061] of Hammad)); 
               send said first cryptogram to a banking server (By disclosing, “validation entity 80 may forward the dummy transaction information and the cryptogram received from token 40 to the issuing bank 60…” (See at least paragraph [0113] of Hammad)); and 
               receive from said banking server an acknowledgment if said first cryptogram is valid (By disclosing, “validation entity 80 may forward the dummy transaction information and the cryptogram received from token 40 to the issuing bank 60 with a request that the bank determine whether the cryptogram is valid or not, and to send its determination to validation entity 80. Validation entity may then determine that the fifth validation test is passed if the bank sends an indication that the cryptogram received from token 40 is valid, and failed otherwise.”;  (See at least paragraph [0113] of Hammad)); 
           when said fictive payment transaction has been executed and confirmed as valid by said acknowledqment received from the banking server:
                    cryptographically compute an authentication identification based on unique data of the electronic device such that the authentication identification uniquely identifies the user (By disclosing, “Validation entity 80 performs one or more validation tests on read information that it has received, and if the one or more validation tests are passed, it sends a 3-D secure datum to verification token 40 via first communications network 31 and the networking facility of the user's computer 10.”; and “The value of the 3-D secure datum may depend upon one or more of the following: the identification information of the user's portable consumer device 5, the identity of the merchant 20, the transaction amount, the day of the transaction, the time of the transaction, a serial number of the Token 40, the IP address or other information about the user's computer 10” (See at least paragraph [0050] of Hammad)).
          said electronic device, which is a payment electronic device and which is adapted to execute said fictive payment transaction with said authentication server, and during said execution of the fictive payment transaction to: 
                  send said first cryptogram to said authentication server (By disclosing, “entity 80 may generate a set of acceptable cryptograms based on small incremental differences in the ATC value, and may compare the cryptogram received from device 5 with each member of the set to determine if a match exists” (See at least paragraph [0113] of Hammad));
           said service provider's server, which is adapted to: 
                      receive a connection attempt by the user from the communication device (By disclosing, a cardholder shops online at Merchant’s website by using the cardholder’s computer (communication device) (See at least paragraph [0042] of Hammad)); 
                      upon receipt of a connection attempt by the user from the communication device, transmit an authentication request for the user to the authentication server (By disclosing, “The merchant’s website 20 then uses the dCVV2 value for the CVV in its authorization request for the purchase. … Through a separate channel, validation entity 80 may send the dCVV2 value to payment processing network 70 and/or issuing bank 60, along with the account information (e.g., account number), so that the merchant’s authorization request can be processed” which means that the authorization request has been sent from the merchant to the validation entity (See at least paragraph [0063] of Hammad));
           Hammad does not disclose:
           said authentication server which is adapted to: 
                    send said authentication identification to the service provider's server;
                    upon a subsequent attempt to authenticate said user to said service provider using said electronic device, transmitting said authentication identification to the service provider's server;
          said service provider's server, which is adapted to: 
                 receive said cryptographically computed authentication identification and, 
                 in an initial authentication attempt to said service provider, record said authentication identification together with a username of the user and allowing the user access to the service of the service provider using the communication device based on receipt of an authentication identification; and
                 in a subsequent authentication attempt to said service provider, compare the received authentication identification against said recorded authentication identification thereby retrieving the username of the user and allowing the user access to the service of the service provider using the communication device by retrieving the username of the user based on the received authentication identification.
           However, Shimada teaches:   
                send said authentication identification to the service provider's server (By disclosing, “the management server 3 transmits the SP-IS to the SP server 4 of the service provider…” (See at least paragraph [0046], [0042], and [0045] of Shimada)); and
                upon a subsequent attempt to authenticate said user to said service provider using said electronic device, transmitting said authentication identification to the service provider's server (By disclosing, “even if the SP-ID [(user identification information)] stored in the above-described secondary storage device were erroneously erased, the user can acquire, by a second ;
         said service provider's server, which is adapted to: 
                 receive said cryptographically computed authentication identification (By disclosing, “the management server 3 transmits the SP-IS to the SP server 4 of the service provider…” (See at least paragraph [0046], [0042], and [0045] of Shimada)), and, 
                 in an initial authentication attempt to said service provider, record said authentication identification (By disclosing, “the management server 3 transmits the SP-IS to the SP server 4 of the service provider…”; “The SP server 4 having received the SP-ID from the management server 3 stores the SP-ID in its internal database” (See at least paragraph [0046] of Shimada)); and 
                 in a subsequent authentication attempt to said service provider, compare the received authentication identification against said recorded authentication identification (By disclosing, “The SP server 4 determines that the client terminal 2 has been certified by the manager only when the SP-ID received from the client terminal 2 coincides with one of the SP-IDs in the internal database, whereupon the SP server 4 accepts the access by the client terminal 2” (See at least paragraph [0052]-[0054] of Shimada)).
         Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the transmitting a send said authentication identification to the service provider's server; upon a subsequent attempt to authenticate to said service provider using said electronic device, transmitting said authentication identification to the service provider's server, and a service provider’s server to receive said cryptographically computed authentication identification and, in an initial authentication attempt to said service provider, record said authentication identification; and in a subsequent authentication attempt to said service provider, compare the received authentication identification against said recorded authentication identification. Doing so would results in an improved invention because the service provider can save the authentication identification for future transactions and the user don’t need to recertified to access the service provider’s service in further transactions which increase the efficiency of the future transactions, and personal sensitive information such as the device ID would never sent to the service provider so that the device ID is kept secret from any service provider, thus the security of the personal information is improved (paragraph [0028] of Shimada).          
              And Sorotokin teaches:
             record a username of the user (By disclosing, (By disclosing, “The DRM server may also store a mapping of this DRM account to the user’s identifier ([username]) for content server 110a.” ([0054] of Sorotokin)); 
             allowing the user access to the service of the service provider using the communication device based on receipt of an authentication identification (By disclosing, “DRM server 100 may be configured to perform one or more operations in response to receiving activation request” ([0045] of Sorotokin); “content consumption component 170 may generate the activation request 220 such that the request includes the digitally signed authentication token” ([0043] of Sorotokin); “the digital rights management server may also be configured to, in response to verification of the authentication token, issue to the first remote computer system one or more credentials” (Abstract of Sorotokin); and “In various embodiments, once the content consumption component 170 receives credentials 230, the content consumption component may be activated. An activated content consumption component may have the necessary credentials (e.g., credentials 230) to communicate securely with other entities in the DRM system (e.g., the DRM server or one or more content providers operating respective content servers) as well as receive encrypted content from such entities (e.g., purchased or rented content)” ([0052] of Sorotokin)); and
             allowing the user access to the service of the service provider using the communication device by retrieving the username of the user based on the received authentication identification (By disclosing, “in response to .
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Hammad in view of Sorotokin to include techniques of recording a username of the user, allowing the user access to the service of the service provider using the communication device based on receipt of an authentication identification , and allowing the user access to the service of the service provider using the communication device by retrieving the username of the user based on the received authentication identification. Doing so would result in an improved invention because this would allow the service provider use the authentication identification to authenticate the user, and ask the user to enter not only the 

Regarding claim 2, Hammad also discloses:
          said fictive payment transaction is a fictive EMV payment transaction (See at least paragraph [0033] of Hammad)).

Regarding claim 5, Hammad also discloses:
           said electronic device is a secure element or comprises a secure element (See at least paragraph [0033] of Hammad).

Regarding claim 6, Hammad also discloses:
          said secure element is a smart card, an embedded secure element, a micro-SD, or an UICC (See at least paragraph [0033] of Hammad).

Regarding claim 7, Hammad also discloses:
          said smart card is a contact smart card or a contactless smart card (See at least paragraph [0034] of Hammad).

Regarding claim 8, Hammad also discloses:
          said electronic device is adapted to cooperate with a portable electronic device (See at least paragraph [0033] of Hammad).

Regarding claim 9, Hammad also discloses:
         said portable electronic device is a mobile phone, a tablet, a smart phone, or a notebook (See at least paragraph [0033] of Hammad).

Regarding claim 10, Hammad also discloses authentication server can communicate with portable electronic device (By disclosing, “if token 40 seeks a cryptogram from a cryptogram-enabled device 5, it provides device 5 with dummy transaction information” (See at least paragraph [0113] of Hammad)); and
         authentication server is further adapted to send to said portable electronic device a short message service, an email, a phone notification, or a direct call (By disclosing, “Email alerts may be sent directly to the user's e-mail account from networking facility 84” (See at least paragraph [0120], [0033] and Fig. 6 of Hammad)).         

Regarding claim 11, Hammad also discloses 
          said electronic device is associated to a user of a service provided by a service provider (See at least paragraph [0033] of Makhotin).

Regarding claim 14, Hammad discloses:
          receiving, by the service provider’s server, an access request from the communications device requesting access for the user to the service provided by the service provider’s server, and in response thereto, transmitting an authentication request from the service provider’s server to the authentication server to authenticate the user (By disclosing, a cardholder shops online at Merchant’s website by using the cardholder’s computer (]communication device]) and provides the account holder name, card number, etc. ([access request]) to the service provider’s website (See at least paragraph [0042] of Hammad); and “The merchant’s website 20 then uses the dCVV2 value for the CVV in its authorization request for the purchase. … Through a separate channel, validation entity 80 may send the dCVV2 value to payment processing network 70 and/or issuing bank 60, along with the account information (e.g., account number), so that the merchant’s authorization request can be processed” (See at least paragraph [0063] of Hammad)) (Note: the “computer 10” in the prior art can be the “communication device” in the claim; the “verification token” and the “portable consumer device”  in the prior art can be the “electronic device”; the “validation entity 80” and the “access control server” in the prior art can be the “authentication server” in the claim; the “acquiring bank” and/or the “issuing bank” in the prior art can be the “banking server” in the claim; and the “merchant website 20” in the prior art can be the “service provider’s server” in the claim.);
           receiving, by the authentication server, the authentication request to authenticate the user from the service provider’s server (By disclosing, “The merchant’s website 20 then uses the dCVV2 value for the CVV in its authorization request for the purchase. … Through a separate channel, validation entity 80 may send the dCVV2 value to payment processing network 70 and/or issuing bank 60, along with the account information (e.g., account number), so that the merchant’s authorization request can be processed” (See at least paragraph [0063] of Hammad)); 
          transmitting, by the authentication server to the communication device, a request to authenticate the user using the electronic device (By disclosing, “Referring to FIG. 4, a user 1 is provided with a verification token 40 that is communicatively coupled to the user's computer 10, such as through a USB port 16 or a Bluetooth wireless connection. The verification token 40 may have a peripheral interface 46 adapted to communicatively couple to a peripheral interface 16 of computer 10. Verification token 40 is capable of reading one of the user's portable consumer devices 5 (e.g., credit card) for the device's identification information (shown in FIG. 1), of preferably reading merchant and/or transaction information from a web page on the user's computer 10, and of securely conveying the read information to a validation entity 80 via a first communications network 31 using a networking facility of the user's computer 10 that is coupled to network 31” (See at least paragraph [0050] of Hammad); “Validation entity 80 performs one or more validation tests on read information ;
             the execution, on an initial attempt to authenticate the user to the service provider using said electronic device, of a fictive payment transaction with a predetermined transaction amount between said electronic device being a payment electronic device, said execution comprising (By disclosing, “if token 40 seeks a cryptogram from a cryptogram-enabled device 5, it provides device 5 with dummy transaction information”; “Entity 80 may then generate the cryptogram based on the dummy transaction information, the ATC, and other information used in the algorithm, and compare the generated cryptogram with the cryptogram received from token 40”; and “The dummy transaction information may include a static transaction amount” (See at least paragraph [0113], [0061] of Hammad)): 
            sending by means of said electronic device a first cryptogram to said authentication server said first cryptogram from said electronic device (By ; 
           receiving by means of said authentication server said first cryptogram from said electronic device (By disclosing, “if token 40 seeks a cryptogram from a cryptogram-enabled device 5, it provides device 5 with dummy transaction information”; “The user’s device 5 uses the transaction information to generate the cryptogram”; “validation entity 80 may forward the dummy transaction information and the cryptogram received from token 40 to the issuing bank 60…” (See at least paragraph [0113] and [0061] of Hammad));
               sending by means of said authentication server said first cryptogram to a banking server (By disclosing, “validation entity 80 may forward the dummy transaction information and the cryptogram received from token 40 to the issuing bank 60…” (See at least paragraph [0113] of Hammad)); and 
           receiving by means of said authentication server from said banking server an acknowledgment if said first cryptogram is valid (By disclosing, “validation entity 80 may forward the dummy transaction information and the cryptogram received from token 40 to the issuing bank 60 with a request that the bank determine whether the cryptogram is valid or not, and to send its determination to ; 
           when said fictive payment transaction has been executed and confirmed as valid by said acknowledgment received from the banking server, the cryptographic computation by means of said authentication server of an authentication identification based on unique data of the electronic device such that the authentication identification uniquely identifies the user (By disclosing, “Validation entity 80 performs one or more validation tests on read information that it has received, and if the one or more validation tests are passed, it sends a 3-D secure datum to verification token 40 via first communications network 31 and the networking facility of the user's computer 10.”; and “The value of the 3-D secure datum may depend upon one or more of the following: the identification information of the user's portable consumer device 5, the identity of the merchant 20, the transaction amount, the day of the transaction, the time of the transaction, a serial number of the Token 40, the IP address or other information about the user's computer 10” (See at least paragraph [0050] of Hammad)).
           Hammad does not disclose:
           sending said authentication identification to the service provider's server;
           receiving said authentication identification by the service provider’s server and recording said authentication identification together with a username of the user and allowing the user access to the service of the service provider using the communication device;
           in a subsequent authentication attempt to said service provider, sending said authentication identification to the service provider's server; and
          comparing, by the service provider’s server, the received authentication identification against said recorded authentication identification thereby retrieving the username of the user and allowing the user access to the service of the service provider using the communication device.
           However, Shimada teaches:   
              sending said authentication identification to the service provider's server (By disclosing, “the management server 3 transmits the SP-IS to the SP server 4 of the service provider…” (See at least paragraph [0046], [0042], and [0045] of Shimada)); 
            receiving said authentication identification by the service provider’s server and recording said authentication identification (By disclosing, “the management server 3 transmits the SP-IS to the SP server 4 of the service provider…”; “The SP server 4 having received the SP-ID from the management server 3 stores the SP-ID in its internal database” (See at least paragraph [0046], [0042], and [0045] of Shimada)); and
             in a subsequent attempt to authenticate said user to said service provider, sending said authentication identification to the service provider's server (By disclosing, “even if the SP-ID [(user identification information)] stored in the ; and
           comparing, by the service provider’s server, the received authentication identification against said recorded authentication identification (By disclosing, “The SP server 4 determines that the client terminal 2 has been certified by the manager only when the SP-ID received from the client terminal 2 coincides with one of the SP-IDs in the internal database, whereupon the SP server 4 accepts the access by the client terminal 2” (See at least paragraph [0052]-[0054] of Shimada)).
         Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the transmitting a cryptogram generated by a user device to a banking server for authentication and receiving an acknowledgement from the banking server regarding whether the cryptogram is valid and compute an authentication identification based on unique data of the electronic device upon the cryptogram is confirmed valid of Hammad in view of Shimada to include sending said authentication identification to the service provider's server, receiving said authentication identification by the service provider’s server and recording said authentication identification, in a subsequent attempt to authenticate said user to said service provider, sending said authentication identification to the service provider's server, and comparing, by the service provider’s server, the received authentication identification against said recorded authentication identification. Doing so would results in an improved invention because the service provider can save the authentication identification for future transactions and the user don’t need to recertified to access the service provider’s service in further transactions which increase the efficiency of the future transactions, and personal sensitive information such as the device ID would never sent to the service provider so that the device ID is kept secret from any service provider, thus the security of the personal information is improved (paragraph [0028] of Shimada).
              And Sorotokin teaches:
             recording a username of the user and allowing the user access to the service of the service provider using the communication device (By disclosing, “The DRM server may also store a mapping of this DRM account to the user’s identifier ([username]) for content server 110a.” ([0054] of Sorotokin); “in response to authenticating the user via the authentication token, the DRM server may retrieve the user's identifier for content server 110a from the authentication token” ([0051] of Sorotokin); “the digital rights management server may also be configured to, in response to verification of the authentication token, issue to the first remote computer system one or more credentials” (Abstract of Sorotokin); and “In various embodiments, once the content consumption component 170 receives credentials 230, the content consumption component may be activated. An activated content consumption component may have the necessary ; and 
              retrieving the username of the user and allowing the user access to the service of the service provider using the communication device (By disclosing, “in response to authenticating the user via the authentication token, the DRM server may retrieve the user's identifier ([username]) for content server 110a from the authentication token” ([0051] of Sorotokin); “the digital rights management server may also be configured to, in response to verification of the authentication token, issue to the first remote computer system one or more credentials” (Abstract of Sorotokin); and “In various embodiments, once the content consumption component 170 receives credentials 230, the content consumption component may be activated. An activated content consumption component may have the necessary credentials (e.g., credentials 230) to communicate securely with other entities in the DRM system (e.g., the DRM server or one or more content providers operating respective content servers) as well as receive encrypted content from such entities (e.g., purchased or rented content)” ([0052] of Sorotokin)).
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Hammad in view of Sorotokin to include techniques of recording a username of the user and allowing the user access to the service of the service provider using the communication device, and retrieving the username of the user and allowing the user access to the service of the service provider using the communication device. Doing so would result in an improved invention because this would allow a user identifier at the service provider network and the associated user information being identified to accurately verify the identity of the user, thus improving the security of the claimed invention.


Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Hammad et al. (US 20120018506), in view of Shimada et al. (US 20030074560), further in view of Sorotokin (US 20130125223), and Dimmick (US 20150046340).
Regarding claim 3, Hammad does not disclose:
          said predetermined transaction amount is equal to zero or to a single currency unit.
          However, Dimmick discloses:
          said predetermined transaction amount is equal to zero or to a single currency unit. (See at least paragraph [0024] of Dimmick).
         Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the system of Hammad in view of Dimmick to include techniques of using a zero amount for the 

Regarding claim 13, Hammad does not expressly discloses:
          said authentication server is further adapted to receive an authentication request from a service provider's server, said authentication request triggering the execution of said fictive Preliminary Amendment dated October 20, 2017.payment transaction.
        However, Dimmick discloses:
        said authentication server is further adapted to receive an authentication request from a service provider's server, said authentication request triggering the execution of said fictive Preliminary Amendment dated October 20, 2017.payment transaction. (By disclosing, the authentication computer can receive a personal identifier authentication request from a service provider computer such as a wallet server computer or a merchant server computer. The authentication computer can then request a PIN from the consumer …” (See at least paragraph [0002] of Dimmick)).
        Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the system of Hammad in view of Dimmick to include an authentication server that is adapted to receive an authentication request from a service provider's server, said authentication request triggering the execution of said fictive Preliminary Amendment dated October 20, 2017.payment transaction.  Doing so would results in an improved invention because this would allow the authentication server request the cryptogram and compute the authentication identification only when the user wants to acquire good/services from the specific service provider, thus reducing the energy consumption of the authentication server. 


Claims 4 is rejected under 35 U.S.C. 103 as being unpatentable over Hammad et al. (US 20120018506), in view of Shimada et al. (US 20030074560), further in view of Sorotokin (US 20130125223), and Makhotin (US 20110208658). 
Regarding claim 4, Hammad does not disclose, but Makhotin, however, teaches: 
         during the execution of said fictive payment transaction: 
         said electronic device is further adapted to: receive said acknowledgement from said authentication server (See at least paragraph [0011] of Makhotin);
         upon receiving said acknowledgement, send a second cryptogram to said authentication server (By disclosing, “[t]he method can further include entering a third identifier associated with the portable consumer device. The third identifier can be received by the issuer in order to continue validation of the cardholder account” (See at least paragraph [0009] of Makhotin); and “[t]he first identifier 
         said authentication server is further adapted to: 
         send said acknowledgement to said electronic device (See at least paragraph [0011] of Makhotin); 
         receive said second cryptogram from said electronic device (See at least paragraph [0009] of Makhotin);
         send said second cryptogram to said banking server (See at least paragraph [0009] of Makhotin).
         Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the system of Hammad in view of Makhotin to include an electronic device to receive said acknowledgement from said authentication server; upon receiving said acknowledgement, send a second cryptogram to said authentication server; and an authentication server to send said acknowledgement to said electronic device; receive said second cryptogram from said electronic device; and send said second cryptogram to said banking server. Doing so would results in an improved invention because if the first cryptogram fails the verification by accident, the authentication server can ask the electronic device to provide another cryptogram to revalidate the electronic device.
                                       Response to Arguments
 Applicant’s arguments with regard to the respect to the 35 U.S.C. § 103 rejection have been considered but are moot in view of new grounds of rejection initiated by applicant’s amendment to the claims.
	

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20120159598 to Kim for disclosing issuing personal identification number for transactions.
US 20140279519 to Mattes for disclosing identifying a user based on a device ID of the user’s device for transactions.
US 8977854 to Lee for disclosing automatic identification and authentication of a user by using a unique device identifier of the user’s device.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUAN ZHANG whose telephone number is (571)272-4642.  The examiner can normally be reached on Mon - Fri 10 AM-5 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 5712701492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DUAN ZHANG/Examiner, Art Unit 3685