Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	Claims 21-37 are pending. 
Response to Arguments and Amendments
3.	Applicant argues that the arts on record Yin (US 20140019752), in view of Keith (US 8720771), fail to teach: 

Step a: receiving, by a backend system, a selected virtual identity credential from a user device; 

Step b: generating, by the backend system, a first one-time use code for authentication of the selected virtual identify credential; 

	Step c: transmitting, by the backend system, the first one-time use code to the user device;

Step d:  receiving, by the backend system, the first one-time use code from a relying party device, the relying party device having received the first one-time use code from the user device; 

Step f: verifying the first one-time use code received from the relying party device matches the first one-time use code transmitted to the user device;

Step g:  generating, by the backend system in response to the verifying, a second one-time use code; 

Step h:  transmitting, by the backend system, the second one-time use code to the user device and the relying party device; wherein the transmitting of the second one-time use code facilitates a relying party to validate the identity credential based on verifying that the second one-time use code received 

	Examiner respectfully disagrees. 

4.	On page 12, applicant argued Yin fails to disclose step a:  receiving, by backend system, a selected virtual identity credential from a user device. Examiner would point out Yin teaches after the user received login credentials 420, the user device provides login credentials 420 to partner ID STS server 230. And examiner also interprets STS server 230 is backend system. The user provide/send login credentials should teach receiving a selected virtual identify credential from a user device in step a.
5.	On pages 12-13, applicant argued Yin fails to teach generating, by the backend system, a first one-time use code for authentication of the selected virtual identify credential. Examiner would point out Yin teaches the partner ID STS server 230 may further generate first authentication response 430 based on authenticating login credentials 420 (Yin, paragraph 48).
6.	On page 13, applicant argued Yin fails to teach transmitting, by the backend system, the first one-time use code to the user device. Examine would point out Yin teaches partner ID STS server 230 may further send first authentication response 430 to user device 210 (Yin, paragraph 48
7.	On pages 13-14, applicant argued Yin fails to disclose step d & e:  that the partner FSTS server 240 cannot be the backend system of claim 21 because backend system is taught by the partner ID STS server 230 in step a. However, in para 22, Fig.2, describe server 220-260 may be implemented within a single device. Therefore, partner FSTS sever 240 and partner ID STS server 230 could be one single device and that equivalent with backend system of claim 21.
8.	On page 14, applicant argued Yin fails to disclose step f:  verifying the first one-time use code received from the relying party device matches the first one-time use code transmitted to the user device. In para 49, the platform account server (relying party device) receive first authentication response 430 (one-time use code) and forward it to the partner FSTS server (backend system) to validate using technique hash calculation and comparison technique. In step b and c, Yin teaches how the partner STS backend system) generated and transmitted the first one-time use code to the user (para 47). Then in para 49, the partner FSTS server verify the same one-time use code.
9.	On page 15, applicant argued Yin fails to disclose step g: generating, by the backend system in response to the verifying, a second one-time use code. In para 49, Yin teaches generate second authentication response 440 based on validating first authentication response.
10. 	On page 16, 17 applicant argued Yin in view of Keith fail to teach transmitting, by the backend system, the second one-time use code to (h1)the user device  and (h2) the relying party device; wherein the transmitting of the second one-time use code facilitates a relying party to validate the identity credential based on (j) verifying that the second one-time use code received from the backend system matches the second one-time use code (i) provided by the user device to the relying party device.
	In column 15, [lines 61-67]), the second one -time code is the QR code, capturing of the QR code and underlying string is performed by the retailer device 104 through the use of communication link 110. Request for record retrieval is performed by communication link 114 and then pushed back to the retailer 104 for display on the retailer device by the self-payment service provider 106 using the same link 114 as a reply captures the QR code as a means of spot checking the transaction (Keith, column 15, [lines 61-67]). The service provider web sends the unique code to the user (which is h1) and the retailer (which is h2). The retailer (reply party) scan the code to validate the user based on the unique code. For step j (verifying a second one-time code) this QR-coded digital receipt is scanned for verification by the retailer through the use of a companion verification application residing on the retailer's electronic device (Keith, column 7, [lines 40-50]).  And for step I (matches the second one-time use code) the retailer looks for a matching data record to the QR code through the use of the service provider's web API and if a match is found (Keith, column 7, [lines column 11, [lines 10-15]).
11.	On page 19, claim 27 and 33 are same arguments with claim 21.
12.  	On page 20, applicant argued claims 22, 28, 34 that Yin in view of Keith fail to teach geo-location information of the user device. Keith teaches information perform secure self-payment include geographical location of the device (column 34, [lines 36-46]). 

14.	On page 21, applicant argued that Yin in view of Keith fail to teach claims 24, 25, 26 30, 31, 32 36, 37 because they are depending on claim 21. However, the rejection of claim 21 is maintained. Therefore, the rejection of claims 24, 25, 26 30, 31, 32 36, 37 are maintained. 
For the above reasons, Examiner believed that rejection of the last Office action was proper and within their broadest reasonable interpretation in light of the specification.  See MPEP 2111 [R-1] Interpretation of Claims-Broadest Reasonable Interpretation.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

15.	Claims 21-37 are rejected under 35U.S.C 103 as being unpatentable over Fenglin YIN (US 20140019752), in view of Wendy MacKinnon Keith (US 8720771), hereinafter Keith.

Regarding claim 21:
	Yin discloses receiving, by a backend system, a selected virtual identity credential from a user device user device 210 may receive login credentials 420 (e.g., by receiving an input of the login credentials, such as a username and/or password) from a user, associated with user device 210 the partner ID STS server 230 may further generate first authentication response 430 based on authenticating login credentials 420 (Yin, paragraph 48); transmitting, by the backend system, the first one-time use code to the user device partner ID STS server 230 may further send first authentication response 430 to user device 210 (Yin, paragraph 48); receiving, by the backend system, the first one-time use code from a relying party device; the relying party device having received the first one-time use code from the user device user device 210 may send first authentication response 430 to platform accounts server 220 (e.g., as an input to a session request with platform accounts server 220). Platform accounts server 220 may receive first authentication response 430 from user device 210 (Yin, paragraph 49); and further provide first authentication response 430 to partner FSTS server 240 (e.g., to identify whether user device 210 is authenticated to access partner accounts server 250 via a session between user device 210 and platform accounts server (Yin, paragraph 49). Examiner interprets that partner FSTS server is backend system, and partner accounts server is relying party device, and first authentication response is one-time use code.
	Generating, by the backend system in response to the verifying, a second one-time use code; and transmitting partner FSTS server 240 may decrypt first authentication response 430 (e.g., using a decryption key associated with partner FSTS server 240 and/ or some other technique), validate first authentication response 430 (e.g., using a validation technique, Such as a hash calculation and comparison technique to validate the signature associated with partner ID STS server 230), and generate second authentication response 440 based on decrypting and/or validating first authentication response 430 (Yin, paragraph 49); transmitting, by the backend system, the second one-time use code to the relying party device platform accounts server 220 may receive second authentication response 440 and may initiate decryption and validation function 445. For example, platform accounts server 220 may decrypt second authentication response 440 (e.g., using a key associated with plat form accounts server 220 and/or some other technique), and validate second authentication response 440 (Yin, paragraph 51). However, Yin fails to disclose transmitting the second one-time use code to the device; wherein the transmitting of the second one-time use code facilitates a the consumer receives a unique code or identifying element to verify the purchase of goods and services (Keith, column 15, [lines 16-20]); wherein the transmitting of the second one-time use code facilitates a relying party to validate the identity credential based on verifying that the second one-time use code received from the backend system matches the second one-time use code provided by the user device to the relying party device the capturing of the QR code and underlying string is performed by the retailer device 104 through the use of communication link 110. Request for record retrieval is performed by communication link 114 and then pushed back to the retailer 104 for display on the retailer device by the self-payment service provider 106 using the same link 114 as a reply captures the QR code as a means of spot checking the transaction (Keith, column 15, [lines 61-67]), and further verify the consumers purchase of goods or services through the capture of the code provided by the service provider web API is a critical option in retailer security of the transaction and is in place to minimize theft or shrinkage (Keith, column 16, [lines 8-13]). It would have been obvious to one ordinary skill in the art before the effective filling date of the invention was made that Yin with that of Keith in order to ensure that only an authorized device can use a code to purchase items, prevent retailer loss prevention initiatives.

	Regarding claim 27:
	Claim 27 is rejected under the same reason set forth in rejection of claim 21, and further a memory main memory 315, and processor 310 (Yin, para 34).

Regarding claim 33:
	Claim 33 is rejected under the same reason set forth in rejection of claim 21, and further machine-readable , one or more processors a computer-readable medium may be defined as a non-transitory memory device (Yin, para 37)


	Yin and Keith disclose transmitting the information of the user device to the relying device to facilitate verification by the relying party device; receiving geo-location information of the user device; verification by the relying party device that the user device is near the relying party device a purpose of the retailer network in the secure self-payment system is to provide the service provider network 604 and third party network(s) 608 with the information required to perform secure self-payment system tasks. The retailer network may route traffic and allow or deny permission based on a variety of criteria. General criteria that the retailer may use within its network include accessing device type or IP account type (service provider or third party), security clearance based on third party type (payment service, item lookup service, Social network, etc.), or geographical location of the device requesting a query reply (Keith, column 34, [lines 36-46]). It would have been obvious to one ordinary skill in the art before the effective filling date of the invention was made that Yin with that of Keith in order to ensure that only an authorized device can use a code to purchase items, prevent retailer loss prevention initiatives.

Regarding claims 23, 29, and 35:
Yin and Keith disclose  wherein transmitting the geo-location of the user device to the relying party device causes the relying party device to display the geo- location information of the user device to the relying party the consumer mobile device 900 via installed software and third party services can provide the consumer device with the ability to sense a specific geographical location or area where the consumer's mobile physical device is located, the secure self-payment application uses location information mainly for purposes relating to sending and crafting geo graphically targeted offers and item suggestions (Keith, column 42, [lines 8-17]). It would have been obvious to one ordinary skill in the art before the effective filling date of the invention was made that Yin with that of Keith in order to ensure that only an authorized device can use a code to purchase items, prevent retailer loss prevention initiatives.

Regarding claims 24, 30 and 36:
 and match a code, such as a QR code, on the consumer's receipt to a sales transaction. Upon prompting the verification app to capture a QR coded receipt 1304 the retailer verification app presents the retailer with an interface to identify the QR code displayed on the consumer's device (Keith, column 45, [lines 54-58]). It would have been obvious to one ordinary skill in the art before the effective filling date of the invention was made that Yin with that of Keith in order to ensure that only an authorized device can use a code to purchase items, prevent retailer loss prevention initiatives.

Regarding claims 25, and 31:
Yin and Keith disclose wherein the backend system provides the first one-time use code for display by the user device on a visual display on the user device the app visually displays the unique code, in this instance a QR code, on the shopper's mobile device so that the shopper may exit the store with confidence that his or her transaction was successfully completed (Keith, column 15, [lines 39-44]). It would have been obvious to one ordinary skill in the art at the time of the invention was made that Yin with that of Keith in order to ensure that only an authorized device can use a code to purchase items, prevent retailer loss prevention initiatives. It would have been obvious to one ordinary skill in the art before the effective filling date of the invention was made that Yin with that of Keith in order to ensure that only an authorized device can use a code to purchase items, prevent retailer loss prevention initiatives.

Regarding claims 26, 32, and 37:
Yin and Keith disclose wherein the backend system provides the second one-time use code for display by the user device on a visual display of the user device the app visually displays the unique code, in this instance a QR code, on the shopper's mobile device so that the shopper may exit the store with confidence that his or her transaction was successfully completed (Keith, column 15, [lines 39-44]); and provides the second-one time code for display by the relying party device on visual display of the relying party device providing an internet connection to the web API; providing a visual display for a graphic user interface to interact with the consumer and to display a QR-coded receipt (Keith, column 32, [lines 45-48]). It would have been obvious to one ordinary skill in the art at the time of the invention was made that Yin with that of Keith in order to ensure that only an authorized device can use a code to purchase items, prevent retailer loss prevention initiatives. It would have been obvious to one ordinary skill in the art before the effective filling date of the invention was made that Yin with that of Keith in order to ensure that only an authorized device can use a code to purchase items, prevent retailer loss prevention initiatives.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THANH H LE whose telephone number is (571)272-8556.  The examiner can normally be reached on Monday-Friday 8:00a.m to 5p.m. EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Nickerson L Jeffery can be reached on 469-295-9235.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either obtained from either Private PAIR or Public PAIR. Status information for unpublished application is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov . Should you have question on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 

/THANH H LE/             Examiner, Art Unit 2432            


/FATOUMATA TRAORE/             Primary Examiner, Art Unit 2436