DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on October 11, 2021, has been entered.

Status of Claims
Claims 1, 5-7, 10-11, 20, and 22 are amended.
Claims 17-18 are canceled.
Claims 1-16 and 19-22 are pending.

Response to Remarks
35 U.S.C. § 103
Applicant’s arguments with respect to claim(s) 1-16 and 19-22 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-16 and 19-22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Per Claims 1-16 and 19-22: Independent claims 1, 10, and 11 recite “receiving, from the merchant, data corresponding to a second transaction including the signed token, without any authentication data”.  However, it is unclear from the claim language what “without any authentication data” is modifying.  For example, is it modifying the data corresponding to a second transaction, the second transaction, or the signed token?  For purposes of compact prosecution, Examiner will interpret it to modify the data corresponding to the second transaction.  Claims 2-9, 12-16, and 19-22 are rejected by reason of their dependency from independent claim 1.

The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 21 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Claim 21 recites “wherein the data corresponding to the second transaction does not include the authentication data.”  However, this subject matter appears to have been incorporated into claim 1, from which claim 21 depends.  Therefore, claim 21 fails to specify a further limitation on the subject matter of claim 1.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-6, 8-13, 15, and 19-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Pub. No. 2003/0061171 to Gilbert et al. in view of U.S. Patent Pub. No. 2002/0161721 to Yuan et al. and U.S. Patent Pub. No. 2005/0156026 to Ghosh et al.
Per Claim 1: Gilbert discloses:
A method of transaction authentication, the method comprising: (see Gilbert at Abstract: A system for and method of performing a transaction between a consumer (105) and a business entity (110).)
receiving, from a merchant in a first transaction, first data comprising authentication data and second data identifying the first transaction and including a characteristic of the first transaction, the characteristic of the first transaction comprising a transaction identifier or a time and date of the first transaction, and data identifying [[a specific authentication process in which the merchant authenticates a card holder]], wherein the first transaction is between the merchant and the card holder; (see Gilbert at ¶ 62: For example, the consumer may interact with a trusted payment administrator who submits the unencrypted transaction data to the electronic financial transaction system 120.  See also ¶ 42: For example, the payment administrator terminal 115 may transmit software to the consumer terminal 105 that interacts with the consumer terminal 105 to acquire the transaction data, including the 
responsive to receiving the first data and the second data, [generating] a token corresponding to the first transaction and comprising the characteristic of the first transaction comprising the transaction identifier or the time and date of the first transaction, and [[data identifying the specific authentication process]]; (see Gilbert at ¶ 57: The transaction facilitator decrypts the data, stores the data (the encrypted data and/or the decrypted data), assigns a token to the data, and returns the token and data necessary to complete the transaction to the business entity. The token may then be used for subsequent or recurring transactions.)
transmitting the signed token to the merchant, the merchant thereafter storing the signed token: (see 
receiving, from the merchant, data corresponding to a second transaction including the signed token, without any authentication data; (see Gilbert at ¶ 71: When submitting the subsequent or recurring transaction, the payment administrator transmits the token and subsequent or recurring transaction data to the electronic financial transaction system 120.)
authenticating the token, thereby determining that an authenticated association exists between the second transaction and the first transaction; and (see Gilbert at ¶ 71: The token informs the electronic financial transaction system 130 that set-up transaction data necessary to complete the transaction is stored at the transaction data storage database 370. The subsequent or recurring transaction data include details relating to the amount of the subsequent or recurring transaction, any data not stored at the transaction data storage database but is necessary for the electronic financial transaction system 120 to complete the transaction, and data for later reconciling the transaction at the payment administrator (e.g., a trace number, a transaction date, a transaction time, etc.).)
authorizing the second transaction when the authenticated association exists between the second transaction and the first transaction. (see Gilbert at ¶ 71: In general terms, the electronic financial transaction system 120 obtains the previously stored transaction data associated with the token, and implements the transaction with at least a portion of the stored transaction data.)
However, Gilbert fails to disclose, but Yuan, an analogous art of cryptographic signatures, discloses:
cryptographically signing a token (see Yuan at ¶ 50: The time stamp token includes the hash of the document, the time stamp, information identifying the time 
cryptographically validating the signed token using a public key of a public key certificate (see Yuan at ¶ 57: It verifies 482 the trustworthiness of the time stamp token by examining the digital signature and then compares 490 the recovered time stamp token with those in its own database 140.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gilbert to cryptographically sign the token and then validate the signature using the techniques disclosed in Yuan.  One of ordinary skill in the art would have been motivated to do so to verify that the information contained in the token had not been altered.
However, the combination of Gilbert and Yuan fails to disclose, but Ghosh, an analogous art of authenticating customers, discloses:
data (e.g., AC) identifying a specific authentication process (e.g., EMV online transaction) in which the merchant authenticates a card holder, (see Ghosh at ¶ 50: At step 474, the EMV-proxy module forwards the AC to the EMV card-reader terminal module, which in turn may forward the AC to the EMV issuer back office, depending on whether the transaction is an online transaction or an offline transaction. In the example shown here, the transaction is an online transaction based on the type of cryptograms generated. At step 476, the EMV card-reader terminal module forwards the AC to the EMV issuer back office.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gilbert so that the transaction data sent to the issuer also includes the authentication process used to authenticate a customer during a transaction as 

Per Claim 10: Claim 10 recites subject matter similar to that discussed above in connection with claim 1.  Claim 10 further recites, and Gilbert further discloses:
A non-transitory computer-readable storage medium comprising a set of computer-readable instructions stored thereon, which, when executed by at least one processor cause the at least one processor to perform a method (see Gilbert at ¶ 35: The system database 410 defines or configures the hardware of the financial data storage system 320.)

Per Claim 11: Claim 11 recites subject matter similar to that discussed above in connection with claim 1.  Claim 11 further recites, and Gilbert further discloses:
Apparatus comprising: at least one processor; and at least one memory including computer program instructions, executable by the at least one processor, to perform a method (see Gilbert at ¶ 29: As shown in FIG. 5, the electronic financial transaction system 120 generally includes a main processor 300.  See also ¶ 35: The system database 410 defines or configures the hardware of the financial data storage system 320.)

Per Claim 2: 
transmitting data indicative of a result of the authentication of the cryptographically signed token to a payment card issuer. (see Gilbert at ¶ 67: The currency exchange communications processor 305 then submits the request and the route to the currency exchange network 125. The request is transmitted to the issuing FI 130 as is known within the art.) 

Per Claim 3: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 1, from which claim 3 depends.  Gilbert further discloses:
transmitting data indicative of said determined authenticated association to a payment card issuer. (see Gilbert at ¶ 67: The currency exchange communications processor 305 then submits the request and the route to the currency exchange network 125. The request is transmitted to the issuing FI 130 as is known within the art.)

Per Claim 4: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 2, from which claim 4 depends.  Gilbert further discloses:
wherein the second transaction comprises a resubmission of the first transaction. (see Gilbert at ¶ 77: The consumer may then add funds to the consumer's account and have the transaction resubmitted.)

Per Claim 5: 
wherein the first transaction is an EMV transaction and the authentication data is EMV authentication data. (see Ghosh at ¶ 50: At step 474, the EMV-proxy module forwards the AC to the EMV card-reader terminal module, which in turn may forward the AC to the EMV issuer back office, depending on whether the transaction is an online transaction or an offline transaction. In the example shown here, the transaction is an online transaction based on the type of cryptograms generated. At step 476, the EMV card-reader terminal module forwards the AC to the EMV issuer back office.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed inventio to modify Gilbert so that the transaction is an EMV transaction with the associated EMV authentication as disclosed in Ghosh.  One of ordinary skill in the art would have been motivated to do so to ensure that the techniques of Gilbert are effective regardless of transaction protocol.

Per Claim 6: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 1, from which claim 6 depends.  Gilbert further discloses:
wherein the first transaction is a card-not-present transaction. (see Gilbert at ¶ 22: The business 110 entity terminal includes one or more processors 200 and one or more memory units (not shown) that together provide a platform for hosting a web site at which consumers can purchase goods or services.)

Per Claim 8: 
wherein at least the second transaction is one of a series of recurring transactions, each of the series of recurring transactions occurring in accordance with a pre-determined schedule. (see Gilbert at ¶ 45: Example transaction parameters include amount, type of transaction (e.g., immediate, set-up, subsequent, or recurring), date restrictions (if setting-up for a subsequent transaction), recurrence restrictions (if setting-up for a recurring transaction), and other agreed upon terms.)

Per Claim 9: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 1, from which claim 9 depends.  Gilbert further discloses:
wherein the first transaction comprises authorization for a subsequent transaction or transactions including at least the second transaction, and in which at least one of a number, timing, and monetary amount of said subsequent transaction or transactions was unknown when the first transaction was conducted. (see Gilbert at ¶ 45: Example transaction parameters include amount, type of transaction (e.g., immediate, set-up, subsequent, or recurring), date restrictions (if setting-up for a subsequent transaction), recurrence restrictions (if setting-up for a recurring transaction), and other agreed upon terms.)

Per Claim 12: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 1, from which claim 12 depends.  Gilbert further discloses:
wherein the characteristic of the first transaction is the transaction identifier. (see Gilbert at ¶ 42: The transaction data may include encrypted data, at least one encrypted data identifier, a consumer-supplied password, a business entity identifier (e.g., a business 

Per Claim 13: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 1, from which claim 13 depends.  Gilbert further discloses:
wherein the characteristic of the first transaction is the time and date of the first transaction. (see Gilbert at ¶ 42: The transaction data may include encrypted data, at least one encrypted data identifier, a consumer-supplied password, a business entity identifier (e.g., a business entity name), a trace number, a transaction date, a transaction time, acquiring FI data, transaction parameters, and other data as specified by the issuing FI 130.)

Per Claim 15: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 1, from which claim 15 depends.  Gilbert further discloses:
wherein the first data is received from the merchant via an acquirer bank. (see Gilbert at ¶ 38: In some embodiments of the invention, the payment administrator 115 may communicate with the acquiring FI 135. In other embodiments of the invention where the payment administrator terminal 115 acts on behalf of the business entity, the acquiring FI 135 may be the payment administrator terminal's FI.)

Per Claim 19: 
wherein the characteristic of the first transaction further comprises data identifying the merchant. (see Gilbert at ¶ 42: The transaction data may include encrypted data, at least one encrypted data identifier, a consumer-supplied password, a business entity identifier (e.g., a business entity name), a trace number, a transaction date, a transaction time, acquiring FI data, transaction parameters, and other data as specified by the issuing FI 130.)

Per Claim 20: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 1, from which claim 20 depends.  However, the combination of Gilbert and Yuan fails to disclose, but Ghosh discloses:
wherein the process comprises a chip and PIN authentication process. (see Ghosh at ¶ 47: By entering his PIN, the user unlocks his EMV signature private key. If the PIN is valid, the symmetric key stored in the personal trusted device is unlocked and used to generate cryptograms during the EMV transaction.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gilbert so that the customer uses a chip and PIN authentication process to complete the transaction as disclosed in Ghosh.  One of ordinary skill in the art would have been motivated to do so to increase the security of the transaction.

Per Claim 21: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 1, from which claim 21 depends.  Gilbert further discloses:
wherein the data corresponding to the second transaction does not include the authentication data. (see Gilbert at ¶ 71: When submitting the subsequent or recurring 

Claims 7 and 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gilbert, Yuan, and Ghosh as applied to claim 1 above, and further in view of U.S. Patent Pub. No. 2015/0254639 to Radu.
Per Claim 7: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 6, from which claim 7 depends.  However, the combination of Gilbert, Yuan, and Ghosh fails to disclose, but Radu, an analogous art of e-commerce transactions, discloses:
wherein the authentication data comprises a card security code. (see Radu at ¶ 92: It will be noted that every payment network is likely to require the PAN and the expiration date for the digitalized card image. Some payment networks may also require a Card Authentication Method (CAM). For example, a static CAM may be required, such as the CVC2 as established by MasterCard or the CVV as established by Visa. Alternatively, a dynamic CAM may be required, such as is provided in an EMV transaction. (As is known to those who are skilled in the art, EMV is a standard for inter-operation of IC cards with POS terminals and/or ATMs.) For a digitalized card for which EMV is required as a CAM/CVM, the WSP computer 208 itself may run an EMV engine. Some payment networks may require a specific CVM, such as a biometric (e.g., voice recognition in real time and/or face motion recognition), for each transaction. Other types of CAM/CVM requirements are also possible and/or contemplated, and some others will be discussed below. In some embodiments, the issuer of the payment card account may specify one or more CVMs instead of or in addition to CVM(s) required by the payment network.)


Per Claim 22: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 1, from which claim 22 depends.  However, the combination of Gilbert, Yuan, and Ghosh fails to disclose, but Radu discloses:
wherein the authentication data comprises a card security code. (see Radu at ¶ 92: It will be noted that every payment network is likely to require the PAN and the expiration date for the digitalized card image. Some payment networks may also require a Card Authentication Method (CAM). For example, a static CAM may be required, such as the CVC2 as established by MasterCard or the CVV as established by Visa. Alternatively, a dynamic CAM may be required, such as is provided in an EMV transaction. (As is known to those who are skilled in the art, EMV is a standard for inter-operation of IC cards with POS terminals and/or ATMs.) For a digitalized card for which EMV is required as a CAM/CVM, the WSP computer 208 itself may run an EMV engine. Some payment networks may require a specific CVM, such as a biometric (e.g., voice recognition in real time and/or face motion recognition), for each transaction. Other types of CAM/CVM requirements are also possible and/or contemplated, and some others will be discussed below. In some embodiments, the issuer of the payment card account may specify one or more CVMs instead of or in addition to CVM(s) required by the payment network.)
.

Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gilbert, Yuan, and Ghosh as applied to claim 1 above, and further in view of U.S. Patent Pub. No. 2013/0018793 to Wong et al.
Per Claim 14: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 1, from which claim 14 depends.  However, the combination of Gilbert, Yuan, and Ghosh fails to disclose, but Wong, an analogous art of e-commerce transactions, discloses:
wherein the characteristic of the first transaction further includes data regarding channels in which subsequent transactions can occur without further authentication. (Examiner’s Note: this claim element has been considered and determined to recite non-functional descriptive material.  Therefore, it fails to distinguish over the prior art.  See MPEP 2111.05.  It is non-functional descriptive material because the claim fails to recite a functional relationship with the specific description of the characteristic of the first transaction.  However, for compact prosecution purposes, the following citation is provided: see Wong at ¶ 59: In some embodiments, Issuer financial institutions may desire to implement a process that includes providing a pre-authorized token to registered cardholders for use in making purchase transactions. Use of such a pre-authorized token may enhance the consumers' purchase transaction experiences because it facilitates authentication of the consumer when the consumer wishes to consummate a purchase 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the subject matter of Wong in the Gilbert system.  One of ordinary skill in the art would have been motivated to include such information to enable more convenient yet secure purchases.

Claim 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gilbert, Yuan, and Ghosh as applied to claim 15 above, and further in view of U.S. Patent Pub. No. 2013/0144792 to Nillson et al.
Per Claim 16: The combination of Gilbert, Yuan, and Ghosh discloses the subject matter of claim 15, from which claim 16 depends.  However, the combination of Gilbert, Yuan, and Ghosh fails to disclose, but Nillson, an analogous art of e-commerce, discloses:
wherein the acquirer bank validates details of the first transaction. (see Nillson at ¶ 88: The approved information is then communicated to the payment server 414 (or alternatively to the payment acquirer server) for verification and processing of the transaction 416.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gilbert with Nillson.  One of ordinary skill in the art would have been motivated to modify the Gilbert system to include an acquirer that validates a transaction first to make the claimed system more efficient because it would not have to process improperly formed transactions.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Patent Pub. No. 2002/0111919 discloses a payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant 
U.S. Patent Pub. No. 2008/0082452 discloses a proxy authentication method and apparatus is described for use in user authentication, e.g. for payment transactions.  The authentication is carried out before the transaction between a electronic, e.g. digital identification device and a person terminal. Verification information is entered at the personal terminal to authenticate the user and if this is successful a verification flag is set in the digital identification device.  The status of this flag, or an encrypted version thereof can be used by a transaction terminal of evidence that the user has been authenticated without having to transmit any secret identification information to the transaction terminal.
U.S. Patent Pub. No. 2007/0257103 discloses a method for authenticating a mail order or telephone order transaction according to the present invention includes receiving authentication information from a cardholder, providing authentication information to an issuer, and determining whether the authentication information is valid. If the authentication information is valid, the issuer informs the merchant that the transaction is valid. In an embodiment, the issuer may not supply a personal assurance message and/or 
U.S. Patent Pub. No. 2008/0154770 discloses a Chip Authentication Program based on 3-D Secure protocols is provided for authenticating customers' on-line transactions. An issuer, who may be a payment card issuer, operates Access Control and Authentication Request Servers for authenticating transactions by individual customers who are identified by their personal EMV-complaint smart cards. An authentication token is generated at the point of interaction (POI) for each transaction based on information from the customer's smart card and transaction specific information sent directly by the issuer to populate a web page at the POI. Authentication tokens generated at the POI are evaluated by the Authentication Request Server to authenticate individual customer and/or card presence at the transaction POI. Authentication values are transported on-line in designated Universal Cardholder Authentication Fields consistent with 3-D Secure protocols.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NILESH B KHATRI whose telephone number is (571)270-7083. The examiner can normally be reached 8:30 AM - 5:30 PM Monday-Friday, alternating Fridays off.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/N.B.K./Examiner, Art Unit 3685        

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685